1 /*
2  * Copyright (c) 2019 Ori Bernstein <ori@openbsd.org>
3  * Copyright (c) 2021 Stefan Sperling <stsp@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <sys/types.h>
19 #include <sys/queue.h>
20 #include <sys/uio.h>
21 #include <sys/time.h>
22 #include <sys/stat.h>
23 
24 #include <stdint.h>
25 #include <errno.h>
26 #include <imsg.h>
27 #include <limits.h>
28 #include <signal.h>
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <string.h>
32 #include <ctype.h>
33 #include <sha1.h>
34 #include <fcntl.h>
35 #include <unistd.h>
36 #include <zlib.h>
37 #include <err.h>
38 
39 #include "got_error.h"
40 #include "got_object.h"
41 #include "got_path.h"
42 #include "got_version.h"
43 #include "got_fetch.h"
44 #include "got_reference.h"
45 
46 #include "got_lib_sha1.h"
47 #include "got_lib_delta.h"
48 #include "got_lib_object.h"
49 #include "got_lib_object_parse.h"
50 #include "got_lib_privsep.h"
51 #include "got_lib_pack.h"
52 #include "got_lib_pkt.h"
53 #include "got_lib_gitproto.h"
54 #include "got_lib_ratelimit.h"
55 
56 #ifndef nitems
57 #define nitems(_a)	(sizeof((_a)) / sizeof((_a)[0]))
58 #endif
59 
60 struct got_object *indexed;
61 static int chattygot;
62 
63 static const struct got_capability got_capabilities[] = {
64 	{ GOT_CAPA_AGENT, "got/" GOT_VERSION_STR },
65 	{ GOT_CAPA_OFS_DELTA, NULL },
66 #if 0
67 	{ GOT_CAPA_SIDE_BAND_64K, NULL },
68 #endif
69 	{ GOT_CAPA_REPORT_STATUS, NULL },
70 	{ GOT_CAPA_DELETE_REFS, NULL },
71 };
72 
73 static const struct got_error *
74 send_upload_progress(struct imsgbuf *ibuf, off_t bytes,
75     struct got_ratelimit *rl)
76 {
77 	const struct got_error *err = NULL;
78 	int elapsed = 0;
79 
80 	if (rl) {
81 		err = got_ratelimit_check(&elapsed, rl);
82 		if (err || !elapsed)
83 			return err;
84 	}
85 
86 	if (imsg_compose(ibuf, GOT_IMSG_SEND_UPLOAD_PROGRESS, 0, 0, -1,
87 	    &bytes, sizeof(bytes)) == -1)
88 		return got_error_from_errno(
89 		    "imsg_compose SEND_UPLOAD_PROGRESS");
90 
91 	return got_privsep_flush_imsg(ibuf);
92 }
93 
94 static const struct got_error *
95 send_pack_request(struct imsgbuf *ibuf)
96 {
97 	if (imsg_compose(ibuf, GOT_IMSG_SEND_PACK_REQUEST, 0, 0, -1,
98 	    NULL, 0) == -1)
99 		return got_error_from_errno("imsg_compose SEND_PACK_REQUEST");
100 	return got_privsep_flush_imsg(ibuf);
101 }
102 
103 static const struct got_error *
104 send_done(struct imsgbuf *ibuf)
105 {
106 	if (imsg_compose(ibuf, GOT_IMSG_SEND_DONE, 0, 0, -1, NULL, 0) == -1)
107 		return got_error_from_errno("imsg_compose SEND_DONE");
108 	return got_privsep_flush_imsg(ibuf);
109 }
110 
111 static const struct got_error *
112 recv_packfd(int *packfd, struct imsgbuf *ibuf)
113 {
114 	const struct got_error *err;
115 	struct imsg imsg;
116 
117 	*packfd = -1;
118 
119 	err = got_privsep_recv_imsg(&imsg, ibuf, 0);
120 	if (err)
121 		return err;
122 		
123 	if (imsg.hdr.type == GOT_IMSG_STOP) {
124 		err = got_error(GOT_ERR_CANCELLED);
125 		goto done;
126 	}
127 
128 	if (imsg.hdr.type != GOT_IMSG_SEND_PACKFD) {
129 		err = got_error(GOT_ERR_PRIVSEP_MSG);
130 		goto done;
131 	}
132 
133 	if (imsg.hdr.len - IMSG_HEADER_SIZE != 0) {
134 		err = got_error(GOT_ERR_PRIVSEP_LEN);
135 		goto done;
136 	}
137 
138 	*packfd = imsg.fd;
139 done:
140 	imsg_free(&imsg);
141 	return err;
142 }
143 
144 static const struct got_error *
145 send_pack_file(int sendfd, int packfd, struct imsgbuf *ibuf)
146 {
147 	const struct got_error *err;
148 	unsigned char buf[8192];
149 	ssize_t r, w;
150 	off_t wtotal = 0;
151 	struct got_ratelimit rl;
152 
153 	if (lseek(packfd, 0L, SEEK_SET) == -1)
154 		return got_error_from_errno("lseek");
155 
156 	got_ratelimit_init(&rl, 0, 500);
157 
158 	for (;;) {
159 		r = read(packfd, buf, sizeof(buf));
160 		if (r == -1)
161 			return got_error_from_errno("read");
162 		if (r == 0)
163 			break;
164 		w = write(sendfd, buf, r);
165 		if (w == -1)
166 			return got_error_from_errno("write");
167 		if (w != r)
168 			return got_error(GOT_ERR_IO);
169 		wtotal += w;
170 		err = send_upload_progress(ibuf, wtotal, &rl);
171 		if (err)
172 			return err;
173 	}
174 
175 	return send_upload_progress(ibuf, wtotal, NULL);
176 }
177 
178 static const struct got_error *
179 send_error(const char *buf, size_t len)
180 {
181 	static char msg[1024];
182 	size_t i;
183 
184 	for (i = 0; i < len && i < sizeof(msg) - 1; i++) {
185 		if (!isprint(buf[i]))
186 			return got_error_msg(GOT_ERR_BAD_PACKET,
187 			    "non-printable error message received from server");
188 		msg[i] = buf[i];
189 	}
190 	msg[i] = '\0';
191 	return got_error_msg(GOT_ERR_SEND_FAILED, msg);
192 }
193 
194 static const struct got_error *
195 send_their_ref(struct imsgbuf *ibuf, struct got_object_id *refid,
196     const char *refname)
197 {
198 	struct ibuf *wbuf;
199 	size_t len, reflen = strlen(refname);
200 
201 	len = sizeof(struct got_imsg_send_remote_ref) + reflen;
202 	if (len >= MAX_IMSGSIZE - IMSG_HEADER_SIZE)
203 		return got_error(GOT_ERR_NO_SPACE);
204 
205 	wbuf = imsg_create(ibuf, GOT_IMSG_SEND_REMOTE_REF, 0, 0, len);
206 	if (wbuf == NULL)
207 		return got_error_from_errno("imsg_create SEND_REMOTE_REF");
208 
209 	/* Keep in sync with struct got_imsg_send_remote_ref definition! */
210 	if (imsg_add(wbuf, refid->sha1, SHA1_DIGEST_LENGTH) == -1)
211 		return got_error_from_errno("imsg_add SEND_REMOTE_REF");
212 	if (imsg_add(wbuf, &reflen, sizeof(reflen)) == -1)
213 		return got_error_from_errno("imsg_add SEND_REMOTE_REF");
214 	if (imsg_add(wbuf, refname, reflen) == -1)
215 		return got_error_from_errno("imsg_add SEND_REMOTE_REF");
216 
217 	wbuf->fd = -1;
218 	imsg_close(ibuf, wbuf);
219 	return got_privsep_flush_imsg(ibuf);
220 }
221 
222 static const struct got_error *
223 send_ref_status(struct imsgbuf *ibuf, const char *refname, int success,
224     struct got_pathlist_head *refs, struct got_pathlist_head *delete_refs)
225 {
226 	struct ibuf *wbuf;
227 	size_t len, reflen = strlen(refname);
228 	struct got_pathlist_entry *pe;
229 	int ref_valid = 0;
230 	char *eol;
231 
232 	eol = strchr(refname, '\n');
233 	if (eol == NULL) {
234 		return got_error_msg(GOT_ERR_BAD_PACKET,
235 		    "unexpected message from server");
236 	}
237 	*eol = '\0';
238 
239 	TAILQ_FOREACH(pe, refs, entry) {
240 		if (strcmp(refname, pe->path) == 0) {
241 			ref_valid = 1;
242 			break;
243 		}
244 	}
245 	if (!ref_valid) {
246 		TAILQ_FOREACH(pe, delete_refs, entry) {
247 			if (strcmp(refname, pe->path) == 0) {
248 				ref_valid = 1;
249 				break;
250 			}
251 		}
252 	}
253 	if (!ref_valid) {
254 		return got_error_msg(GOT_ERR_BAD_PACKET,
255 		    "unexpected message from server");
256 	}
257 
258 	len = sizeof(struct got_imsg_send_ref_status) + reflen;
259 	if (len >= MAX_IMSGSIZE - IMSG_HEADER_SIZE)
260 		return got_error(GOT_ERR_NO_SPACE);
261 
262 	wbuf = imsg_create(ibuf, GOT_IMSG_SEND_REF_STATUS,
263 	    0, 0, len);
264 	if (wbuf == NULL)
265 		return got_error_from_errno("imsg_create SEND_REF_STATUS");
266 
267 	/* Keep in sync with struct got_imsg_send_ref_status definition! */
268 	if (imsg_add(wbuf, &success, sizeof(success)) == -1)
269 		return got_error_from_errno("imsg_add SEND_REF_STATUS");
270 	if (imsg_add(wbuf, &reflen, sizeof(reflen)) == -1)
271 		return got_error_from_errno("imsg_add SEND_REF_STATUS");
272 	if (imsg_add(wbuf, refname, reflen) == -1)
273 		return got_error_from_errno("imsg_add SEND_REF_STATUS");
274 
275 	wbuf->fd = -1;
276 	imsg_close(ibuf, wbuf);
277 	return got_privsep_flush_imsg(ibuf);
278 }
279 
280 static const struct got_error *
281 describe_refchange(int *n, int *sent_my_capabilites,
282     const char *my_capabilities, char *buf, size_t bufsize,
283     const char *refname, const char *old_hashstr, const char *new_hashstr)
284 {
285 	*n = snprintf(buf, bufsize, "%s %s %s",
286 	    old_hashstr, new_hashstr, refname);
287 	if (*n >= bufsize)
288 		return got_error(GOT_ERR_NO_SPACE);
289 
290 	/*
291 	 * We must announce our capabilities along with the first
292 	 * reference. Unfortunately, the protocol requires an embedded
293 	 * NUL as a separator between reference name and capabilities,
294 	 * which we have to deal with here.
295 	 * It also requires a linefeed for terminating packet data.
296 	 */
297 	if (!*sent_my_capabilites && my_capabilities != NULL) {
298 		int m;
299 		if (*n >= bufsize - 1)
300 			return got_error(GOT_ERR_NO_SPACE);
301 		m = snprintf(buf + *n + 1, /* offset after '\0' */
302 		    bufsize - (*n + 1), "%s\n", my_capabilities);
303 		if (*n + m >= bufsize)
304 			return got_error(GOT_ERR_NO_SPACE);
305 		*n += m;
306 		*sent_my_capabilites = 1;
307 	} else {
308 		*n = strlcat(buf, "\n", bufsize);
309 		if (*n >= bufsize)
310 			return got_error(GOT_ERR_NO_SPACE);
311 	}
312 
313 	return NULL;
314 }
315 
316 static const struct got_error *
317 send_pack(int fd, struct got_pathlist_head *refs,
318     struct got_pathlist_head *delete_refs, struct imsgbuf *ibuf)
319 {
320 	const struct got_error *err = NULL;
321 	char buf[GOT_PKT_MAX];
322 	const unsigned char zero_id[SHA1_DIGEST_LENGTH] = { 0 };
323 	char old_hashstr[SHA1_DIGEST_STRING_LENGTH];
324 	char new_hashstr[SHA1_DIGEST_STRING_LENGTH];
325 	struct got_pathlist_head their_refs;
326 	int is_firstpkt = 1;
327 	int n, nsent = 0;
328 	int packfd = -1;
329 	char *id_str = NULL, *refname = NULL;
330 	struct got_object_id *id = NULL;
331 	char *server_capabilities = NULL, *my_capabilities = NULL;
332 	struct got_pathlist_entry *pe;
333 	int sent_my_capabilites = 0;
334 
335 	TAILQ_INIT(&their_refs);
336 
337 	if (TAILQ_EMPTY(refs) && TAILQ_EMPTY(delete_refs))
338 		return got_error(GOT_ERR_SEND_EMPTY);
339 
340 	while (1) {
341 		err = got_pkt_readpkt(&n, fd, buf, sizeof(buf), chattygot);
342 		if (err)
343 			goto done;
344 		if (n == 0)
345 			break;
346 		if (n >= 4 && strncmp(buf, "ERR ", 4) == 0) {
347 			err = send_error(&buf[4], n - 4);
348 			goto done;
349 		}
350 		free(id_str);
351 		free(refname);
352 		err = got_gitproto_parse_refline(&id_str, &refname,
353 		    &server_capabilities, buf, n);
354 		if (err)
355 			goto done;
356 		if (is_firstpkt) {
357 			if (chattygot && server_capabilities[0] != '\0')
358 				fprintf(stderr, "%s: server capabilities: %s\n",
359 				    getprogname(), server_capabilities);
360 			err = got_gitproto_match_capabilities(&my_capabilities,
361 			    NULL, server_capabilities, got_capabilities,
362 			    nitems(got_capabilities));
363 			if (err)
364 				goto done;
365 			if (chattygot)
366 				fprintf(stderr, "%s: my capabilities:%s\n",
367 				    getprogname(), my_capabilities);
368 			is_firstpkt = 0;
369 		}
370 		if (strstr(refname, "^{}")) {
371 			if (chattygot) {
372 				fprintf(stderr, "%s: ignoring %s\n",
373 				    getprogname(), refname);
374 			}
375 			continue;
376 		}
377 
378 		id = malloc(sizeof(*id));
379 		if (id == NULL) {
380 			err = got_error_from_errno("malloc");
381 			goto done;
382 		}
383 		if (!got_parse_sha1_digest(id->sha1, id_str)) {
384 			err = got_error(GOT_ERR_BAD_OBJ_ID_STR);
385 			goto done;
386 		}
387 		err = send_their_ref(ibuf, id, refname);
388 		if (err)
389 			goto done;
390 
391 		err = got_pathlist_append(&their_refs, refname, id);
392 		if (chattygot)
393 			fprintf(stderr, "%s: remote has %s %s\n",
394 			    getprogname(), refname, id_str);
395 		free(id_str);
396 		id_str = NULL;
397 		refname = NULL; /* do not free; owned by their_refs */
398 		id = NULL; /* do not free; owned by their_refs */
399 	}
400 
401 	if (!TAILQ_EMPTY(delete_refs)) {
402 		if (my_capabilities == NULL ||
403 		    strstr(my_capabilities, GOT_CAPA_DELETE_REFS) == NULL) {
404 			err = got_error(GOT_ERR_CAPA_DELETE_REFS);
405 			goto done;
406 		}
407 	}
408 
409 	TAILQ_FOREACH(pe, delete_refs, entry) {
410 		const char *refname = pe->path;
411 		struct got_pathlist_entry *their_pe;
412 		struct got_object_id *their_id = NULL;
413 
414 		TAILQ_FOREACH(their_pe, &their_refs, entry) {
415 			const char *their_refname = their_pe->path;
416 			if (got_path_cmp(refname, their_refname,
417 			    strlen(refname), strlen(their_refname)) == 0) {
418 				their_id = their_pe->data;
419 				break;
420 			}
421 		}
422 		if (their_id == NULL) {
423 			err = got_error_fmt(GOT_ERR_NOT_REF,
424 			    "%s does not exist in remote repository",
425 			    refname);
426 			goto done;
427 		}
428 
429 		got_sha1_digest_to_str(their_id->sha1, old_hashstr,
430 		    sizeof(old_hashstr));
431 		got_sha1_digest_to_str(zero_id, new_hashstr,
432 		    sizeof(new_hashstr));
433 		err = describe_refchange(&n, &sent_my_capabilites,
434 		    my_capabilities, buf, sizeof(buf), refname,
435 		    old_hashstr, new_hashstr);
436 		if (err)
437 			goto done;
438 		err = got_pkt_writepkt(fd, buf, n, chattygot);
439 		if (err)
440 			goto done;
441 		if (chattygot) {
442 			fprintf(stderr, "%s: deleting %s %s\n",
443 			    getprogname(), refname, old_hashstr);
444 		}
445 		nsent++;
446 	}
447 
448 	TAILQ_FOREACH(pe, refs, entry) {
449 		const char *refname = pe->path;
450 		struct got_object_id *id = pe->data;
451 		struct got_object_id *their_id = NULL;
452 		struct got_pathlist_entry *their_pe;
453 
454 		TAILQ_FOREACH(their_pe, &their_refs, entry) {
455 			const char *their_refname = their_pe->path;
456 			if (got_path_cmp(refname, their_refname,
457 			    strlen(refname), strlen(their_refname)) == 0) {
458 				their_id = their_pe->data;
459 				break;
460 			}
461 		}
462 		if (their_id) {
463 			if (got_object_id_cmp(id, their_id) == 0) {
464 				if (chattygot) {
465 					fprintf(stderr,
466 					    "%s: no change for %s\n",
467 					    getprogname(), refname);
468 				}
469 				continue;
470 			}
471 			got_sha1_digest_to_str(their_id->sha1, old_hashstr,
472 			    sizeof(old_hashstr));
473 		} else {
474 			got_sha1_digest_to_str(zero_id, old_hashstr,
475 			    sizeof(old_hashstr));
476 		}
477 		got_sha1_digest_to_str(id->sha1, new_hashstr,
478 		    sizeof(new_hashstr));
479 		err = describe_refchange(&n, &sent_my_capabilites,
480 		    my_capabilities, buf, sizeof(buf), refname,
481 		    old_hashstr, new_hashstr);
482 		if (err)
483 			goto done;
484 		err = got_pkt_writepkt(fd, buf, n, chattygot);
485 		if (err)
486 			goto done;
487 		if (chattygot) {
488 			if (their_id) {
489 				fprintf(stderr, "%s: updating %s %s -> %s\n",
490 				    getprogname(), refname, old_hashstr,
491 				    new_hashstr);
492 			} else {
493 				fprintf(stderr, "%s: creating %s %s\n",
494 				    getprogname(), refname, new_hashstr);
495 			}
496 		}
497 		nsent++;
498 	}
499 	err = got_pkt_flushpkt(fd, chattygot);
500 	if (err)
501 		goto done;
502 
503 	err = send_pack_request(ibuf);
504 	if (err)
505 		goto done;
506 
507 	err = recv_packfd(&packfd, ibuf);
508 	if (err)
509 		goto done;
510 
511 	if (packfd != -1) {
512 		err = send_pack_file(fd, packfd, ibuf);
513 		if (err)
514 			goto done;
515 	}
516 
517 	err = got_pkt_readpkt(&n, fd, buf, sizeof(buf), chattygot);
518 	if (err)
519 		goto done;
520 	if (n >= 4 && strncmp(buf, "ERR ", 4) == 0) {
521 		err = send_error(&buf[4], n - 4);
522 		goto done;
523 	} else if (n < 10 || strncmp(buf, "unpack ok\n", 10) != 0) {
524 		err = got_error_msg(GOT_ERR_BAD_PACKET,
525 		    "unexpected message from server");
526 		goto done;
527 	}
528 
529 	while (nsent > 0) {
530 		err = got_pkt_readpkt(&n, fd, buf, sizeof(buf), chattygot);
531 		if (err)
532 			goto done;
533 		if (n < 3) {
534 			err = got_error_msg(GOT_ERR_BAD_PACKET,
535 			    "unexpected message from server");
536 			goto done;
537 		} else if (strncmp(buf, "ok ", 3) == 0) {
538 			err = send_ref_status(ibuf, buf + 3, 1,
539 			    refs, delete_refs);
540 			if (err)
541 				goto done;
542 		} else if (strncmp(buf, "ng ", 3) == 0) {
543 			err = send_ref_status(ibuf, buf + 3, 0,
544 			    refs, delete_refs);
545 			if (err)
546 				goto done;
547 		} else {
548 			err = got_error_msg(GOT_ERR_BAD_PACKET,
549 			    "unexpected message from server");
550 			goto done;
551 		}
552 		nsent--;
553 	}
554 
555 	err = send_done(ibuf);
556 done:
557 	TAILQ_FOREACH(pe, &their_refs, entry) {
558 		free((void *)pe->path);
559 		free(pe->data);
560 	}
561 	got_pathlist_free(&their_refs);
562 	free(id_str);
563 	free(id);
564 	free(refname);
565 	free(server_capabilities);
566 	return err;
567 }
568 
569 int
570 main(int argc, char **argv)
571 {
572 	const struct got_error *err = NULL;
573 	int sendfd;
574 	struct imsgbuf ibuf;
575 	struct imsg imsg;
576 	struct got_pathlist_head refs;
577 	struct got_pathlist_head delete_refs;
578 	struct got_pathlist_entry *pe;
579 	struct got_imsg_send_request send_req;
580 	struct got_imsg_send_ref href;
581 	size_t datalen, i;
582 #if 0
583 	static int attached;
584 	while (!attached)
585 		sleep (1);
586 #endif
587 
588 	TAILQ_INIT(&refs);
589 	TAILQ_INIT(&delete_refs);
590 
591 	imsg_init(&ibuf, GOT_IMSG_FD_CHILD);
592 #ifndef PROFILE
593 	/* revoke access to most system calls */
594 	if (pledge("stdio recvfd", NULL) == -1) {
595 		err = got_error_from_errno("pledge");
596 		got_privsep_send_error(&ibuf, err);
597 		return 1;
598 	}
599 #endif
600 	if ((err = got_privsep_recv_imsg(&imsg, &ibuf, 0)) != 0) {
601 		if (err->code == GOT_ERR_PRIVSEP_PIPE)
602 			err = NULL;
603 		goto done;
604 	}
605 	if (imsg.hdr.type == GOT_IMSG_STOP)
606 		goto done;
607 	if (imsg.hdr.type != GOT_IMSG_SEND_REQUEST) {
608 		err = got_error(GOT_ERR_PRIVSEP_MSG);
609 		goto done;
610 	}
611 	datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
612 	if (datalen < sizeof(send_req)) {
613 		err = got_error(GOT_ERR_PRIVSEP_LEN);
614 		goto done;
615 	}
616 	memcpy(&send_req, imsg.data, sizeof(send_req));
617 	sendfd = imsg.fd;
618 	imsg_free(&imsg);
619 
620 	if (send_req.verbosity > 0)
621 		chattygot += send_req.verbosity;
622 
623 	for (i = 0; i < send_req.nrefs; i++) {
624 		struct got_object_id *id;
625 		char *refname;
626 
627 		if ((err = got_privsep_recv_imsg(&imsg, &ibuf, 0)) != 0) {
628 			if (err->code == GOT_ERR_PRIVSEP_PIPE)
629 				err = NULL;
630 			goto done;
631 		}
632 		if (imsg.hdr.type == GOT_IMSG_STOP)
633 			goto done;
634 		if (imsg.hdr.type != GOT_IMSG_SEND_REF) {
635 			err = got_error(GOT_ERR_PRIVSEP_MSG);
636 			goto done;
637 		}
638 		datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
639 		if (datalen < sizeof(href)) {
640 			err = got_error(GOT_ERR_PRIVSEP_LEN);
641 			goto done;
642 		}
643 		memcpy(&href, imsg.data, sizeof(href));
644 		if (datalen - sizeof(href) < href.name_len) {
645 			err = got_error(GOT_ERR_PRIVSEP_LEN);
646 			goto done;
647 		}
648 		refname = malloc(href.name_len + 1);
649 		if (refname == NULL) {
650 			err = got_error_from_errno("malloc");
651 			goto done;
652 		}
653 		memcpy(refname, imsg.data + sizeof(href), href.name_len);
654 		refname[href.name_len] = '\0';
655 
656 		/*
657 		 * Prevent sending of references that won't make any
658 		 * sense outside the local repository's context.
659 		 */
660 		if (strncmp(refname, "refs/got/", 9) == 0 ||
661 		    strncmp(refname, "refs/remotes/", 13) == 0) {
662 			err = got_error_fmt(GOT_ERR_SEND_BAD_REF,
663 			    "%s", refname);
664 			goto done;
665 		}
666 
667 		id = malloc(sizeof(*id));
668 		if (id == NULL) {
669 			free(refname);
670 			err = got_error_from_errno("malloc");
671 			goto done;
672 		}
673 		memcpy(id->sha1, href.id, SHA1_DIGEST_LENGTH);
674 		if (href.delete)
675 			err = got_pathlist_append(&delete_refs, refname, id);
676 		else
677 			err = got_pathlist_append(&refs, refname, id);
678 		if (err) {
679 			free(refname);
680 			free(id);
681 			goto done;
682 		}
683 
684 		imsg_free(&imsg);
685 	}
686 
687 	err = send_pack(sendfd, &refs, &delete_refs, &ibuf);
688 done:
689 	TAILQ_FOREACH(pe, &refs, entry) {
690 		free((char *)pe->path);
691 		free(pe->data);
692 	}
693 	got_pathlist_free(&refs);
694 	TAILQ_FOREACH(pe, &delete_refs, entry) {
695 		free((char *)pe->path);
696 		free(pe->data);
697 	}
698 	got_pathlist_free(&delete_refs);
699 	if (sendfd != -1 && close(sendfd) == -1 && err == NULL)
700 		err = got_error_from_errno("close");
701 	if (err != NULL && err->code != GOT_ERR_CANCELLED)  {
702 		fprintf(stderr, "%s: %s\n", getprogname(), err->msg);
703 		got_privsep_send_error(&ibuf, err);
704 	}
705 
706 	exit(0);
707 }