op public repos

Blob

Date:: Thu Oct 7 15:29:27 2021 UTC
Message:: plug memory leaks in got-fetch-pack and got-send-pack ok naddy
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2019 Ori Bernstein <ori@openbsd.org>
3  * Copyright (c) 2021 Stefan Sperling <stsp@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <sys/types.h>
19 #include <sys/queue.h>
20 #include <sys/uio.h>
21 #include <sys/time.h>
22 #include <sys/stat.h>
23 
24 #include <stdint.h>
25 #include <errno.h>
26 #include <imsg.h>
27 #include <limits.h>
28 #include <signal.h>
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <string.h>
32 #include <ctype.h>
33 #include <sha1.h>
34 #include <fcntl.h>
35 #include <unistd.h>
36 #include <zlib.h>
37 #include <err.h>
38 
39 #include "got_error.h"
40 #include "got_object.h"
41 #include "got_path.h"
42 #include "got_version.h"
43 #include "got_fetch.h"
44 #include "got_reference.h"
45 
46 #include "got_lib_sha1.h"
47 #include "got_lib_delta.h"
48 #include "got_lib_object.h"
49 #include "got_lib_object_parse.h"
50 #include "got_lib_privsep.h"
51 #include "got_lib_pack.h"
52 #include "got_lib_pkt.h"
53 #include "got_lib_gitproto.h"
54 
55 #ifndef nitems
56 #define nitems(_a)	(sizeof((_a)) / sizeof((_a)[0]))
57 #endif
58 
59 struct got_object *indexed;
60 static int chattygot;
61 
62 static const struct got_capability got_capabilities[] = {
63 	{ GOT_CAPA_AGENT, "got/" GOT_VERSION_STR },
64 	{ GOT_CAPA_OFS_DELTA, NULL },
65 #if 0
66 	{ GOT_CAPA_SIDE_BAND_64K, NULL },
67 #endif
68 	{ GOT_CAPA_REPORT_STATUS, NULL },
69 	{ GOT_CAPA_DELETE_REFS, NULL },
70 };
71 
72 static const struct got_error *
73 send_upload_progress(struct imsgbuf *ibuf, off_t bytes)
74 {
75 	if (imsg_compose(ibuf, GOT_IMSG_SEND_UPLOAD_PROGRESS, 0, 0, -1,
76 	    &bytes, sizeof(bytes)) == -1)
77 		return got_error_from_errno(
78 		    "imsg_compose SEND_UPLOAD_PROGRESS");
79 
80 	return got_privsep_flush_imsg(ibuf);
81 }
82 
83 static const struct got_error *
84 send_pack_request(struct imsgbuf *ibuf)
85 {
86 	if (imsg_compose(ibuf, GOT_IMSG_SEND_PACK_REQUEST, 0, 0, -1,
87 	    NULL, 0) == -1)
88 		return got_error_from_errno("imsg_compose SEND_PACK_REQUEST");
89 	return got_privsep_flush_imsg(ibuf);
90 }
91 
92 static const struct got_error *
93 send_done(struct imsgbuf *ibuf)
94 {
95 	if (imsg_compose(ibuf, GOT_IMSG_SEND_DONE, 0, 0, -1, NULL, 0) == -1)
96 		return got_error_from_errno("imsg_compose SEND_DONE");
97 	return got_privsep_flush_imsg(ibuf);
98 }
99 
100 static const struct got_error *
101 recv_packfd(int *packfd, struct imsgbuf *ibuf)
102 {
103 	const struct got_error *err;
104 	struct imsg imsg;
105 
106 	*packfd = -1;
107 
108 	err = got_privsep_recv_imsg(&imsg, ibuf, 0);
109 	if (err)
110 		return err;
111 		
112 	if (imsg.hdr.type == GOT_IMSG_STOP) {
113 		err = got_error(GOT_ERR_CANCELLED);
114 		goto done;
115 	}
116 
117 	if (imsg.hdr.type != GOT_IMSG_SEND_PACKFD) {
118 		err = got_error(GOT_ERR_PRIVSEP_MSG);
119 		goto done;
120 	}
121 
122 	if (imsg.hdr.len - IMSG_HEADER_SIZE != 0) {
123 		err = got_error(GOT_ERR_PRIVSEP_LEN);
124 		goto done;
125 	}
126 
127 	*packfd = imsg.fd;
128 done:
129 	imsg_free(&imsg);
130 	return err;
131 }
132 
133 static const struct got_error *
134 send_pack_file(int sendfd, int packfd, struct imsgbuf *ibuf)
135 {
136 	const struct got_error *err;
137 	unsigned char buf[8192];
138 	ssize_t r, w;
139 	off_t wtotal = 0;
140 
141 	if (lseek(packfd, 0L, SEEK_SET) == -1)
142 		return got_error_from_errno("lseek");
143 
144 	for (;;) {
145 		r = read(packfd, buf, sizeof(buf));
146 		if (r == -1)
147 			return got_error_from_errno("read");
148 		if (r == 0)
149 			break;
150 		w = write(sendfd, buf, r);
151 		if (w == -1)
152 			return got_error_from_errno("write");
153 		if (w != r)
154 			return got_error(GOT_ERR_IO);
155 		wtotal += w;
156 		err = send_upload_progress(ibuf, wtotal);
157 		if (err)
158 			return err;
159 	}
160 
161 	return NULL;
162 }
163 
164 static const struct got_error *
165 send_error(const char *buf, size_t len)
166 {
167 	static char msg[1024];
168 	size_t i;
169 
170 	for (i = 0; i < len && i < sizeof(msg) - 1; i++) {
171 		if (!isprint(buf[i]))
172 			return got_error_msg(GOT_ERR_BAD_PACKET,
173 			    "non-printable error message received from server");
174 		msg[i] = buf[i];
175 	}
176 	msg[i] = '\0';
177 	return got_error_msg(GOT_ERR_SEND_FAILED, msg);
178 }
179 
180 static const struct got_error *
181 send_their_ref(struct imsgbuf *ibuf, struct got_object_id *refid,
182     const char *refname)
183 {
184 	const struct got_error *err = NULL;
185 	struct ibuf *wbuf;
186 	size_t len, reflen = strlen(refname);
187 
188 	len = sizeof(struct got_imsg_send_remote_ref) + reflen;
189 	if (len >= MAX_IMSGSIZE - IMSG_HEADER_SIZE)
190 		return got_error(GOT_ERR_NO_SPACE);
191 
192 	wbuf = imsg_create(ibuf, GOT_IMSG_SEND_REMOTE_REF, 0, 0, len);
193 	if (wbuf == NULL)
194 		return got_error_from_errno("imsg_create SEND_REMOTE_REF");
195 
196 	/* Keep in sync with struct got_imsg_send_remote_ref definition! */
197 	if (imsg_add(wbuf, refid->sha1, SHA1_DIGEST_LENGTH) == -1) {
198 		err = got_error_from_errno("imsg_add SEND_REMOTE_REF");
199 		ibuf_free(wbuf);
200 		return err;
201 	}
202 	if (imsg_add(wbuf, &reflen, sizeof(reflen)) == -1) {
203 		err = got_error_from_errno("imsg_add SEND_REMOTE_REF");
204 		ibuf_free(wbuf);
205 		return err;
206 	}
207 	if (imsg_add(wbuf, refname, reflen) == -1) {
208 		err = got_error_from_errno("imsg_add SEND_REMOTE_REF");
209 		ibuf_free(wbuf);
210 		return err;
211 	}
212 
213 	wbuf->fd = -1;
214 	imsg_close(ibuf, wbuf);
215 	return got_privsep_flush_imsg(ibuf);
216 }
217 
218 static const struct got_error *
219 send_ref_status(struct imsgbuf *ibuf, const char *refname, int success,
220     struct got_pathlist_head *refs, struct got_pathlist_head *delete_refs)
221 {
222 	const struct got_error *err = NULL;
223 	struct ibuf *wbuf;
224 	size_t len, reflen = strlen(refname);
225 	struct got_pathlist_entry *pe;
226 	int ref_valid = 0;
227 	char *eol;
228 
229 	eol = strchr(refname, '\n');
230 	if (eol == NULL) {
231 		return got_error_msg(GOT_ERR_BAD_PACKET,
232 		    "unexpected message from server");
233 	}
234 	*eol = '\0';
235 
236 	TAILQ_FOREACH(pe, refs, entry) {
237 		if (strcmp(refname, pe->path) == 0) {
238 			ref_valid = 1;
239 			break;
240 		}
241 	}
242 	if (!ref_valid) {
243 		TAILQ_FOREACH(pe, delete_refs, entry) {
244 			if (strcmp(refname, pe->path) == 0) {
245 				ref_valid = 1;
246 				break;
247 			}
248 		}
249 	}
250 	if (!ref_valid) {
251 		return got_error_msg(GOT_ERR_BAD_PACKET,
252 		    "unexpected message from server");
253 	}
254 
255 	len = sizeof(struct got_imsg_send_ref_status) + reflen;
256 	if (len >= MAX_IMSGSIZE - IMSG_HEADER_SIZE)
257 		return got_error(GOT_ERR_NO_SPACE);
258 
259 	wbuf = imsg_create(ibuf, GOT_IMSG_SEND_REF_STATUS,
260 	    0, 0, len);
261 	if (wbuf == NULL)
262 		return got_error_from_errno("imsg_create SEND_REF_STATUS");
263 
264 	/* Keep in sync with struct got_imsg_send_ref_status definition! */
265 	if (imsg_add(wbuf, &success, sizeof(success)) == -1) {
266 		err = got_error_from_errno("imsg_add SEND_REF_STATUS");
267 		ibuf_free(wbuf);
268 		return err;
269 	}
270 	if (imsg_add(wbuf, &reflen, sizeof(reflen)) == -1) {
271 		err = got_error_from_errno("imsg_add SEND_REF_STATUS");
272 		ibuf_free(wbuf);
273 		return err;
274 	}
275 	if (imsg_add(wbuf, refname, reflen) == -1) {
276 		err = got_error_from_errno("imsg_add SEND_REF_STATUS");
277 		ibuf_free(wbuf);
278 		return err;
279 	}
280 
281 	wbuf->fd = -1;
282 	imsg_close(ibuf, wbuf);
283 	return got_privsep_flush_imsg(ibuf);
284 }
285 
286 static const struct got_error *
287 describe_refchange(int *n, int *sent_my_capabilites,
288     const char *my_capabilities, char *buf, size_t bufsize,
289     const char *refname, const char *old_hashstr, const char *new_hashstr)
290 {
291 	*n = snprintf(buf, bufsize, "%s %s %s",
292 	    old_hashstr, new_hashstr, refname);
293 	if (*n >= bufsize)
294 		return got_error(GOT_ERR_NO_SPACE);
295 
296 	/*
297 	 * We must announce our capabilities along with the first
298 	 * reference. Unfortunately, the protocol requires an embedded
299 	 * NUL as a separator between reference name and capabilities,
300 	 * which we have to deal with here.
301 	 * It also requires a linefeed for terminating packet data.
302 	 */
303 	if (!*sent_my_capabilites && my_capabilities != NULL) {
304 		int m;
305 		if (*n >= bufsize - 1)
306 			return got_error(GOT_ERR_NO_SPACE);
307 		m = snprintf(buf + *n + 1, /* offset after '\0' */
308 		    bufsize - (*n + 1), "%s\n", my_capabilities);
309 		if (*n + m >= bufsize)
310 			return got_error(GOT_ERR_NO_SPACE);
311 		*n += m;
312 		*sent_my_capabilites = 1;
313 	} else {
314 		*n = strlcat(buf, "\n", bufsize);
315 		if (*n >= bufsize)
316 			return got_error(GOT_ERR_NO_SPACE);
317 	}
318 
319 	return NULL;
320 }
321 
322 static const struct got_error *
323 send_pack(int fd, struct got_pathlist_head *refs,
324     struct got_pathlist_head *delete_refs, struct imsgbuf *ibuf)
325 {
326 	const struct got_error *err = NULL;
327 	char buf[GOT_PKT_MAX];
328 	unsigned char zero_id[SHA1_DIGEST_LENGTH] = { 0 };
329 	char old_hashstr[SHA1_DIGEST_STRING_LENGTH];
330 	char new_hashstr[SHA1_DIGEST_STRING_LENGTH];
331 	struct got_pathlist_head their_refs;
332 	int is_firstpkt = 1;
333 	int n, nsent = 0;
334 	int packfd = -1;
335 	char *id_str = NULL, *refname = NULL;
336 	struct got_object_id *id = NULL;
337 	char *server_capabilities = NULL, *my_capabilities = NULL;
338 	struct got_pathlist_entry *pe;
339 	int sent_my_capabilites = 0;
340 
341 	TAILQ_INIT(&their_refs);
342 
343 	if (TAILQ_EMPTY(refs) && TAILQ_EMPTY(delete_refs))
344 		return got_error(GOT_ERR_SEND_EMPTY);
345 
346 	while (1) {
347 		err = got_pkt_readpkt(&n, fd, buf, sizeof(buf), chattygot);
348 		if (err)
349 			goto done;
350 		if (n == 0)
351 			break;
352 		if (n >= 4 && strncmp(buf, "ERR ", 4) == 0) {
353 			err = send_error(&buf[4], n - 4);
354 			goto done;
355 		}
356 		free(id_str);
357 		free(refname);
358 		err = got_gitproto_parse_refline(&id_str, &refname,
359 		    &server_capabilities, buf, n);
360 		if (err)
361 			goto done;
362 		if (is_firstpkt) {
363 			if (chattygot && server_capabilities[0] != '\0')
364 				fprintf(stderr, "%s: server capabilities: %s\n",
365 				    getprogname(), server_capabilities);
366 			err = got_gitproto_match_capabilities(&my_capabilities,
367 			    NULL, server_capabilities, got_capabilities,
368 			    nitems(got_capabilities));
369 			if (err)
370 				goto done;
371 			if (chattygot)
372 				fprintf(stderr, "%s: my capabilities:%s\n",
373 				    getprogname(), my_capabilities);
374 			is_firstpkt = 0;
375 		}
376 		if (strstr(refname, "^{}")) {
377 			if (chattygot) {
378 				fprintf(stderr, "%s: ignoring %s\n",
379 				    getprogname(), refname);
380 			}
381 			continue;
382 		}
383 
384 		id = malloc(sizeof(*id));
385 		if (id == NULL) {
386 			err = got_error_from_errno("malloc");
387 			goto done;
388 		}
389 		if (!got_parse_sha1_digest(id->sha1, id_str)) {
390 			err = got_error(GOT_ERR_BAD_OBJ_ID_STR);
391 			goto done;
392 		}
393 		err = send_their_ref(ibuf, id, refname);
394 		if (err)
395 			goto done;
396 
397 		err = got_pathlist_append(&their_refs, refname, id);
398 		if (chattygot)
399 			fprintf(stderr, "%s: remote has %s %s\n",
400 			    getprogname(), refname, id_str);
401 		free(id_str);
402 		id_str = NULL;
403 		refname = NULL; /* do not free; owned by their_refs */
404 		id = NULL; /* do not free; owned by their_refs */
405 	}
406 
407 	if (!TAILQ_EMPTY(delete_refs)) {
408 		if (my_capabilities == NULL ||
409 		    strstr(my_capabilities, GOT_CAPA_DELETE_REFS) == NULL) {
410 			err = got_error(GOT_ERR_CAPA_DELETE_REFS);
411 			goto done;
412 		}
413 	}
414 
415 	TAILQ_FOREACH(pe, delete_refs, entry) {
416 		const char *refname = pe->path;
417 		struct got_pathlist_entry *their_pe;
418 		struct got_object_id *their_id = NULL;
419 
420 		TAILQ_FOREACH(their_pe, &their_refs, entry) {
421 			const char *their_refname = their_pe->path;
422 			if (got_path_cmp(refname, their_refname,
423 			    strlen(refname), strlen(their_refname)) == 0) {
424 				their_id = their_pe->data;
425 				break;
426 			}
427 		}
428 		if (their_id == NULL) {
429 			err = got_error_fmt(GOT_ERR_NOT_REF,
430 			    "%s does not exist in remote repository",
431 			    refname);
432 			goto done;
433 		}
434 
435 		got_sha1_digest_to_str(their_id->sha1, old_hashstr,
436 		    sizeof(old_hashstr));
437 		got_sha1_digest_to_str(zero_id, new_hashstr,
438 		    sizeof(new_hashstr));
439 		err = describe_refchange(&n, &sent_my_capabilites,
440 		    my_capabilities, buf, sizeof(buf), refname,
441 		    old_hashstr, new_hashstr);
442 		if (err)
443 			goto done;
444 		err = got_pkt_writepkt(fd, buf, n, chattygot);
445 		if (err)
446 			goto done;
447 		if (chattygot) {
448 			fprintf(stderr, "%s: deleting %s %s\n",
449 			    getprogname(), refname, old_hashstr);
450 		}
451 		nsent++;
452 	}
453 
454 	TAILQ_FOREACH(pe, refs, entry) {
455 		const char *refname = pe->path;
456 		struct got_object_id *id = pe->data;
457 		struct got_object_id *their_id = NULL;
458 		struct got_pathlist_entry *their_pe;
459 
460 		TAILQ_FOREACH(their_pe, &their_refs, entry) {
461 			const char *their_refname = their_pe->path;
462 			if (got_path_cmp(refname, their_refname,
463 			    strlen(refname), strlen(their_refname)) == 0) {
464 				their_id = their_pe->data;
465 				break;
466 			}
467 		}
468 		if (their_id) {
469 			if (got_object_id_cmp(id, their_id) == 0) {
470 				if (chattygot) {
471 					fprintf(stderr,
472 					    "%s: no change for %s\n",
473 					    getprogname(), refname);
474 				}
475 				continue;
476 			}
477 			got_sha1_digest_to_str(their_id->sha1, old_hashstr,
478 			    sizeof(old_hashstr));
479 		} else {
480 			got_sha1_digest_to_str(zero_id, old_hashstr,
481 			    sizeof(old_hashstr));
482 		}
483 		got_sha1_digest_to_str(id->sha1, new_hashstr,
484 		    sizeof(new_hashstr));
485 		err = describe_refchange(&n, &sent_my_capabilites,
486 		    my_capabilities, buf, sizeof(buf), refname,
487 		    old_hashstr, new_hashstr);
488 		if (err)
489 			goto done;
490 		err = got_pkt_writepkt(fd, buf, n, chattygot);
491 		if (err)
492 			goto done;
493 		if (chattygot) {
494 			if (their_id) {
495 				fprintf(stderr, "%s: updating %s %s -> %s\n",
496 				    getprogname(), refname, old_hashstr,
497 				    new_hashstr);
498 			} else {
499 				fprintf(stderr, "%s: creating %s %s\n",
500 				    getprogname(), refname, new_hashstr);
501 			}
502 		}
503 		nsent++;
504 	}
505 	err = got_pkt_flushpkt(fd, chattygot);
506 	if (err)
507 		goto done;
508 
509 	err = send_pack_request(ibuf);
510 	if (err)
511 		goto done;
512 
513 	err = recv_packfd(&packfd, ibuf);
514 	if (err)
515 		goto done;
516 
517 	if (packfd != -1) {
518 		err = send_pack_file(fd, packfd, ibuf);
519 		if (err)
520 			goto done;
521 	}
522 
523 	err = got_pkt_readpkt(&n, fd, buf, sizeof(buf), chattygot);
524 	if (err)
525 		goto done;
526 	if (n >= 4 && strncmp(buf, "ERR ", 4) == 0) {
527 		err = send_error(&buf[4], n - 4);
528 		goto done;
529 	} else if (n < 10 || strncmp(buf, "unpack ok\n", 10) != 0) {
530 		err = got_error_msg(GOT_ERR_BAD_PACKET,
531 		    "unexpected message from server");
532 		goto done;
533 	}
534 
535 	while (nsent > 0) {
536 		err = got_pkt_readpkt(&n, fd, buf, sizeof(buf), chattygot);
537 		if (err)
538 			goto done;
539 		if (n < 3) {
540 			err = got_error_msg(GOT_ERR_BAD_PACKET,
541 			    "unexpected message from server");
542 			goto done;
543 		} else if (strncmp(buf, "ok ", 3) == 0) {
544 			err = send_ref_status(ibuf, buf + 3, 1,
545 			    refs, delete_refs);
546 			if (err)
547 				goto done;
548 		} else if (strncmp(buf, "ng ", 3) == 0) {
549 			err = send_ref_status(ibuf, buf + 3, 0,
550 			    refs, delete_refs);
551 			if (err)
552 				goto done;
553 		} else {
554 			err = got_error_msg(GOT_ERR_BAD_PACKET,
555 			    "unexpected message from server");
556 			goto done;
557 		}
558 		nsent--;
559 	}
560 
561 	err = send_done(ibuf);
562 done:
563 	TAILQ_FOREACH(pe, &their_refs, entry) {
564 		free((void *)pe->path);
565 		free(pe->data);
566 	}
567 	got_pathlist_free(&their_refs);
568 	free(id_str);
569 	free(id);
570 	free(refname);
571 	free(server_capabilities);
572 	return err;
573 }
574 
575 int
576 main(int argc, char **argv)
577 {
578 	const struct got_error *err = NULL;
579 	int sendfd;
580 	struct imsgbuf ibuf;
581 	struct imsg imsg;
582 	struct got_pathlist_head refs;
583 	struct got_pathlist_head delete_refs;
584 	struct got_pathlist_entry *pe;
585 	struct got_imsg_send_request send_req;
586 	struct got_imsg_send_ref href;
587 	size_t datalen, i;
588 #if 0
589 	static int attached;
590 	while (!attached)
591 		sleep (1);
592 #endif
593 
594 	TAILQ_INIT(&refs);
595 	TAILQ_INIT(&delete_refs);
596 
597 	imsg_init(&ibuf, GOT_IMSG_FD_CHILD);
598 #ifndef PROFILE
599 	/* revoke access to most system calls */
600 	if (pledge("stdio recvfd", NULL) == -1) {
601 		err = got_error_from_errno("pledge");
602 		got_privsep_send_error(&ibuf, err);
603 		return 1;
604 	}
605 #endif
606 	if ((err = got_privsep_recv_imsg(&imsg, &ibuf, 0)) != 0) {
607 		if (err->code == GOT_ERR_PRIVSEP_PIPE)
608 			err = NULL;
609 		goto done;
610 	}
611 	if (imsg.hdr.type == GOT_IMSG_STOP)
612 		goto done;
613 	if (imsg.hdr.type != GOT_IMSG_SEND_REQUEST) {
614 		err = got_error(GOT_ERR_PRIVSEP_MSG);
615 		goto done;
616 	}
617 	datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
618 	if (datalen < sizeof(send_req)) {
619 		err = got_error(GOT_ERR_PRIVSEP_LEN);
620 		goto done;
621 	}
622 	memcpy(&send_req, imsg.data, sizeof(send_req));
623 	sendfd = imsg.fd;
624 	imsg_free(&imsg);
625 
626 	if (send_req.verbosity > 0)
627 		chattygot += send_req.verbosity;
628 
629 	for (i = 0; i < send_req.nrefs; i++) {
630 		struct got_object_id *id;
631 		char *refname;
632 
633 		if ((err = got_privsep_recv_imsg(&imsg, &ibuf, 0)) != 0) {
634 			if (err->code == GOT_ERR_PRIVSEP_PIPE)
635 				err = NULL;
636 			goto done;
637 		}
638 		if (imsg.hdr.type == GOT_IMSG_STOP)
639 			goto done;
640 		if (imsg.hdr.type != GOT_IMSG_SEND_REF) {
641 			err = got_error(GOT_ERR_PRIVSEP_MSG);
642 			goto done;
643 		}
644 		datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
645 		if (datalen < sizeof(href)) {
646 			err = got_error(GOT_ERR_PRIVSEP_LEN);
647 			goto done;
648 		}
649 		memcpy(&href, imsg.data, sizeof(href));
650 		if (datalen - sizeof(href) < href.name_len) {
651 			err = got_error(GOT_ERR_PRIVSEP_LEN);
652 			goto done;
653 		}
654 		refname = malloc(href.name_len + 1);
655 		if (refname == NULL) {
656 			err = got_error_from_errno("malloc");
657 			goto done;
658 		}
659 		memcpy(refname, imsg.data + sizeof(href), href.name_len);
660 		refname[href.name_len] = '\0';
661 
662 		/*
663 		 * Prevent sending of references that won't make any
664 		 * sense outside the local repository's context.
665 		 */
666 		if (strncmp(refname, "refs/got/", 9) == 0 ||
667 		    strncmp(refname, "refs/remotes/", 13) == 0) {
668 			err = got_error_fmt(GOT_ERR_SEND_BAD_REF,
669 			    "%s", refname);
670 			goto done;
671 		}
672 
673 		id = malloc(sizeof(*id));
674 		if (id == NULL) {
675 			free(refname);
676 			err = got_error_from_errno("malloc");
677 			goto done;
678 		}
679 		memcpy(id->sha1, href.id, SHA1_DIGEST_LENGTH);
680 		if (href.delete)
681 			err = got_pathlist_append(&delete_refs, refname, id);
682 		else
683 			err = got_pathlist_append(&refs, refname, id);
684 		if (err) {
685 			free(refname);
686 			free(id);
687 			goto done;
688 		}
689 
690 		imsg_free(&imsg);
691 	}
692 
693 	err = send_pack(sendfd, &refs, &delete_refs, &ibuf);
694 done:
695 	TAILQ_FOREACH(pe, &refs, entry) {
696 		free((char *)pe->path);
697 		free(pe->data);
698 	}
699 	got_pathlist_free(&refs);
700 	TAILQ_FOREACH(pe, &delete_refs, entry) {
701 		free((char *)pe->path);
702 		free(pe->data);
703 	}
704 	got_pathlist_free(&delete_refs);
705 	if (sendfd != -1 && close(sendfd) == -1 && err == NULL)
706 		err = got_error_from_errno("close");
707 	if (err != NULL && err->code != GOT_ERR_CANCELLED)  {
708 		fprintf(stderr, "%s: %s\n", getprogname(), err->msg);
709 		got_privsep_send_error(&ibuf, err);
710 	}
711 
712 	exit(0);
713 }