builtin-update-ref.con commit gitweb: No error messages with unescaped/unprotected user input (e2860ea)
   1#include "cache.h"
   2#include "refs.h"
   3#include "builtin.h"
   4
   5static const char git_update_ref_usage[] =
   6"git-update-ref <refname> <value> [<oldval>] [-m <reason>]";
   7
   8int cmd_update_ref(int argc, const char **argv, const char *prefix)
   9{
  10        const char *refname=NULL, *value=NULL, *oldval=NULL, *msg=NULL;
  11        struct ref_lock *lock;
  12        unsigned char sha1[20], oldsha1[20];
  13        int i;
  14
  15        setup_ident();
  16        git_config(git_default_config);
  17
  18        for (i = 1; i < argc; i++) {
  19                if (!strcmp("-m", argv[i])) {
  20                        if (i+1 >= argc)
  21                                usage(git_update_ref_usage);
  22                        msg = argv[++i];
  23                        if (!*msg)
  24                                die("Refusing to perform update with empty message.");
  25                        if (strchr(msg, '\n'))
  26                                die("Refusing to perform update with \\n in message.");
  27                        continue;
  28                }
  29                if (!refname) {
  30                        refname = argv[i];
  31                        continue;
  32                }
  33                if (!value) {
  34                        value = argv[i];
  35                        continue;
  36                }
  37                if (!oldval) {
  38                        oldval = argv[i];
  39                        continue;
  40                }
  41        }
  42        if (!refname || !value)
  43                usage(git_update_ref_usage);
  44
  45        if (get_sha1(value, sha1))
  46                die("%s: not a valid SHA1", value);
  47        memset(oldsha1, 0, 20);
  48        if (oldval && get_sha1(oldval, oldsha1))
  49                die("%s: not a valid old SHA1", oldval);
  50
  51        lock = lock_any_ref_for_update(refname, oldval ? oldsha1 : NULL, 0);
  52        if (!lock)
  53                return 1;
  54        if (write_ref_sha1(lock, sha1, msg) < 0)
  55                return 1;
  56
  57        /* write_ref_sha1 always unlocks the ref, no need to do it explicitly */
  58        return 0;
  59}