On Fri, Feb 14, 2014 at 04:35:14PM +0100, David Kastrup wrote:
> Josef Wolf <jw@xxxxxxxxxxxxx> writes:
> > The only command in this script that uses "heads" is
> >
> > git symbolic-ref HEAD "refs/heads/$new_branch"
> >
> You probably should check how $new_branch comes about.
This is the line of code where $new_branch is comes to live:
my (undef, $new_branch, @new_path) = split ("/", $new_item);
So it is impossible that it might contain any slashes.
In any other situation, this script cares only about branches which start with
the string "scan-file-XXXX":
sub local_branches { grep {m+^scan-file-+} &all_branches; }
sub remote_branches { grep {m+^remotes/origin/scan-file-+} &all_branches; }
This is hard-coded, so I can't see any way for the user to inject "refs/heads"
> Also, once a
> directory refs/heads/refs/heads exists, "refs/heads/$new_branch" may
> possibly be resolved as a branch with the name refs/heads/$new_branch.
Can you elobarte on this? I don't get what you are trying to say.
As I already said, this happens on opensuse with git-1.8.1.4.
I have not yet seen this problem on ubuntu with git-1.7.9.5.
--
Josef Wolf
jw@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html