Andrew's git / gitweb.git / diff
?
refname_is_safe(): insist that the refname already be normalized
authorMichael Haggerty <mhagger@alum.mit.edu>
Wed, 27 Apr 2016 10:40:39 +0000 (12:40 +0200)
committerMichael Haggerty <mhagger@alum.mit.edu>
Thu, 5 May 2016 14:37:30 +0000 (16:37 +0200)
The reference name is going to be compared to other reference names, so
it should be in its normalized form.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
refs.c patch | blob | history
diff --git a/refs.c b/refs.c
index ca0280f7eb6898a0fb7a5f2ccc2ec42f94860189..b18d9959afaa5b0f37e44ee612184d161d0332d1 100644 (file)
--- a/refs.c
+++ b/refs.c
@@ -125,14 +125,19 @@ int refname_is_safe(const char *refname)
        if (skip_prefix(refname, "refs/", &rest)) {
                char *buf;
                int result;
        if (skip_prefix(refname, "refs/", &rest)) {
                char *buf;
                int result;
+               size_t restlen = strlen(rest);
+
+               /* rest must not be empty, or start or end with "/" */
+               if (!restlen || *rest == '/' || rest[restlen - 1] == '/')
+                       return 0;
 
                /*
                 * Does the refname try to escape refs/?
                 * For example: refs/foo/../bar is safe but refs/foo/../../bar
                 * is not.
                 */
 
                /*
                 * Does the refname try to escape refs/?
                 * For example: refs/foo/../bar is safe but refs/foo/../../bar
                 * is not.
                 */
-               buf = xmallocz(strlen(rest));
-               result = !normalize_path_copy(buf, rest);
+               buf = xmallocz(restlen);
+               result = !normalize_path_copy(buf, rest) && !strcmp(buf, rest);
                free(buf);
                return result;
        }
                free(buf);
                return result;
        }