cgit/cache.c, branch v1.2.2

cache: close race window when unlocking slots

2018-06-27T16:13:03Z

We use POSIX advisory record locks to control access to cache slots, but these have an unhelpful behaviour in that they are released when any file descriptor referencing the file is closed by this process. Mostly this is okay, since we know we won't be opening the lock file anywhere else, but there is one place that it does matter: when we restore stdout we dup2() over a file descriptor referring to the file, thus closing that descriptor. Since we restore stdout before unlocking the slot, this creates a window during which the slot content can be overwritten. The fix is reasonably straightforward: simply restore stdout after unlocking the slot, but the diff is a bit bigger because this requires us to move the temporary stdout FD into struct cache_slot. Signed-off-by: John Keeping Reviewed-by: Christian Hesse

global: spelling fixes

2017-10-15T16:44:55Z

Signed-off-by: Ville Skyttä

cache: flush stdio before restoring FDs

2017-10-03T18:19:34Z

As described in commit 2efb59e (ui-patch: Flush stdout after outputting data, 2014-06-11), we need to ensure that stdout is flushed before restoring the file descriptor when writing to the cache. It turns out that it's not just ui-patch that is affected by this but also raw diff which writes to stdout internally. Let's avoid risking more places doing this by ensuring that stdout is flushed after writing in fill_slot(). Signed-off-by: John Keeping

cache: don't check for match with no key

2016-01-17T16:05:39Z

We call open_slot() from cache_ls() without a key since we simply want to read the path out of the header. Should the file happen to contain an empty key then we end up calling memcmp() with NULL and a non-zero length. Fix this by assigning slot->match only if a key is set, which is always will be in the code paths where we use slot->match. Coverity-id: 13807 Signed-off-by: John Keeping

cache: use size_t for string lengths

2016-01-17T16:05:19Z

Avoid integer truncation on 64-bit systems. Coverity-id: 13864 Signed-off-by: John Keeping

cache: fix resource leak: close file handle before return

2015-10-10T19:41:04Z

Coverity-id: 13910 Signed-off-by: Christian Hesse

cache.c: fix header order

2015-08-13T13:37:42Z

git-compat-util.h may define values that affect how system headers are interpreted, so move sys/sendfile.h after cgit.h (which includes git-compat-util.h). Signed-off-by: John Keeping

cache: don't use an integer as a NULL pointer

2015-03-09T16:40:44Z

Signed-off-by: John Keeping

cache: use F_SETLK to avoid stale lock files

2015-03-03T22:55:27Z

If CGit is killed while it holds a lock on a cache slot (for example because it is taking too long to generate a page), the lock file will be left in place. This prevents any future attempt to use the same slot since it will fail to exclusively create the lock file. Since CGit is the only program that should be manipulating lock files, we can use advisory locking to detect whether another process is actually using the lock file or if it is now stale. I have confirmed that this works on Linux by setting a short TTL in a custom cgitrc and running the following with CGit patched to print a message to stderr if the fcntl(2) fails: $ export CGIT_CONFIG=$PWD/cgitrc $ export QUERY_STRING=url=cgit/tree/ui-shared.c $ ./cgit | grep -v -e '^

Skip cache slot when time-to-live is zero

2014-02-21T00:19:45Z

If time-to-live is set to zero, we don't need to regenerate the cache slots on every request. Instead, just skip the caching process and immediately provide the dynamically generated version of the page. Setting time-to-live to zero is useful when you want to disable caching for certain pages. Signed-off-by: Lukas Fleischer