ref_transaction_update(): check refname_is_safe() at a minimum

If the user has asked that a new value be set for a reference, we use check_refname_format() to verify that the reference name satisfies all of the rules. But in other cases, at least check that refname_is_safe(). Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
2016-04-27 15:54:45 +02:00 · 2016-04-27 15:54:45 +02:00 · 8a679de6f1
commit 8a679de6f1
parent 8415d24746
3 changed files with 5 additions and 4 deletions
--- a/refs.c
+++ b/refs.c
@ -805,8 +805,9 @@ int ref_transaction_update(struct ref_transaction *transaction,
 {
 	assert(err);

-	if (new_sha1 && !is_null_sha1(new_sha1) &&
-	    check_refname_format(refname, REFNAME_ALLOW_ONELEVEL)) {
+	if ((new_sha1 && !is_null_sha1(new_sha1)) ?
+	    check_refname_format(refname, REFNAME_ALLOW_ONELEVEL) :
+	    !refname_is_safe(refname)) {
 		strbuf_addf(err, "refusing to update ref with bad name '%s'",
 			    refname);
 		return -1;
--- a/t/t1400-update-ref.sh
+++ b/t/t1400-update-ref.sh
@ -23,7 +23,7 @@ test_expect_success setup '
 m=refs/heads/master
 n_dir=refs/heads/gu
 n=$n_dir/fixes
-outside=foo
+outside=refs/foo

 test_expect_success \
 	"create $m" \
--- a/t/t1430-bad-ref-name.sh
+++ b/t/t1430-bad-ref-name.sh
@ -285,7 +285,7 @@ test_expect_success 'update-ref -d cannot delete non-ref in .git dir' '
 	echo precious >expect &&
 	test_must_fail git update-ref -d my-private-file >output 2>error &&
 	test_must_be_empty output &&
-	test_i18ngrep -e "cannot lock .*: unable to resolve reference" error &&
+	test_i18ngrep -e "refusing to update ref with bad name" error &&
 	test_cmp expect .git/my-private-file
 '