Currently, it's possible to update HEAD with a nonsense reference since
no strict validation is performed. Example:
$ git symbolic-ref HEAD 'refs/heads/master
>
>
> '
Fix this by checking the given reference with check_refname_format().
Signed-off-by: Michael Schubert <mschub@xxxxxxxxxxxxx>
---
This was discussed earlier this year:
http://thread.gmane.org/gmane.comp.version-control.git/189715
What about pointing at non-existing references? Should this
still be allowed?
Additionally, I had to reindent two lines to make git-am happy
(indent with spaces).
builtin/symbolic-ref.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/builtin/symbolic-ref.c b/builtin/symbolic-ref.c
index 801d62e..22362e0 100644
--- a/builtin/symbolic-ref.c
+++ b/builtin/symbolic-ref.c
@@ -43,16 +43,18 @@ int cmd_symbolic_ref(int argc, const char **argv, const char *prefix)
git_config(git_default_config, NULL);
argc = parse_options(argc, argv, prefix, options,
- git_symbolic_ref_usage, 0);
- if (msg &&!*msg)
+ git_symbolic_ref_usage, 0);
+ if (msg && !*msg)
die("Refusing to perform update with empty message");
switch (argc) {
case 1:
check_symref(argv[0], quiet);
break;
case 2:
+ if (check_refname_format(argv[1], 0))
+ die("No valid reference format: '%s'", argv[1]);
if (!strcmp(argv[0], "HEAD") &&
- prefixcmp(argv[1], "refs/"))
+ prefixcmp(argv[1], "refs/"))
die("Refusing to point HEAD outside of refs/");
create_symref(argv[0], argv[1], msg);
break;
--
1.7.11.rc3.11.g7dba3f7.dirty
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html