revlog: verify censored flag when hashing added revision fulltext
authorMike Edgar <adgar@google.com>
Mon, 12 Jan 2015 14:41:25 -0500
changeset 23857 8a3c132f93d2
parent 23856 062c3ad86651
child 23858 22a979d1ae56
revlog: verify censored flag when hashing added revision fulltext When receiving a delta via exchange, three possible storage outcomes emerge: 1. The delta is added directly to the revlog. ("fast-path") 2. A freshly-computed delta with a different base is stored. 3. The new revision's fulltext is computed and stored outright. Both (2) and (3) require materializing the full text of the new revision by applying the delta to its base. This is typically followed by a hash check. The new flags argument allows callers to _addrevision to signal that they expect that hash check to fail. We can use this opportunity to verify that expectation. If the hash fails, require the flag be set; if the hash passes, require the flag be unset. Rather than simply eliding the hash check, this approach provides some assurance that the censored flag is not applied to valid revisions. Read more at: http://mercurial.selenic.com/wiki/CensorPlan
mercurial/revlog.py
--- a/mercurial/revlog.py	Mon Jan 12 14:30:24 2015 -0500
+++ b/mercurial/revlog.py	Mon Jan 12 14:41:25 2015 -0500
@@ -1235,8 +1235,12 @@
             btext[0] = mdiff.patch(basetext, cachedelta[1])
             try:
                 self.checkhash(btext[0], p1, p2, node)
+                if flags & REVIDX_ISCENSORED:
+                    raise RevlogError(_('node %s is not censored') % node)
             except CensoredNodeError:
-                pass # always import a censor tombstone.
+                # must pass the censored index flag to add censored revisions
+                if not flags & REVIDX_ISCENSORED:
+                    raise
             return btext[0]
 
         def builddelta(rev):