From: Junio C Hamano <gitster@pobox.com>
To: Han Young <hanyang.tony@bytedance.com>
Cc: git@vger.kernel.org, karthik.188@gmail.com,
Han Young <hanyoung@protonmail.com>, Sigma <git@sigma-star.io>
Subject: Re: [PATCH 1/1] files-backend: check symref name before update
Date: Wed, 01 Oct 2025 12:22:27 -0700 [thread overview]
Message-ID: <xmqqv7ky1l70.fsf@gitster.g> (raw)
In-Reply-To: <20251001150805.9652-2-hanyang.tony@bytedance.com> (Han Young's message of "Wed, 1 Oct 2025 23:08:05 +0800")
Han Young <hanyang.tony@bytedance.com> writes:
> From: Han Young <hanyoung@protonmail.com>
>
> In the ref files backend, the symbolic reference name is not checked
> before an update. This could cause reference and lock files to be created
> outside the refs/ directory. Validate the reference before adding it to
> the ref update transaction.
>
> Reported-by: Sigma <git@sigma-star.io>
> Signed-off-by: Han Young <hanyoung@protonmail.com>
> ---
> refs/files-backend.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/refs/files-backend.c b/refs/files-backend.c
> index bc3347d18..d47a8c392 100644
> --- a/refs/files-backend.c
> +++ b/refs/files-backend.c
> @@ -2516,6 +2516,16 @@ static enum ref_transaction_error split_symref_update(struct ref_update *update,
> struct ref_update *new_update;
> unsigned int new_flags;
>
> + /*
> + * Check the referent is valid before adding it to the transaction.
> + */
> + if (!refname_is_safe(referent)) {
Shouldn't this new condition share the logic with what is done by
fsck? IOW, after doing this
$ echo ref: refs/../HEAD > .git/HEAD
"git fsck" or "git refs verify" should barf (if not, we should make
them barf), and this code should use the same logic to notice that
the target of the symbolic ref is bogus.
> + strbuf_addf(err,
> + "reference '%s' appears to be broken",
> + update->refname);
> + return -1;
> + }
> +
> /*
> * First make sure that referent is not already in the
> * transaction. This check is O(lg N) in the transaction
Can we also have some tests?
Thanks.
next prev parent reply other threads:[~2025-10-01 19:22 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-01 15:08 [PATCH 0/1] files-backend: check symref name before update Han Young
2025-10-01 15:08 ` [PATCH 1/1] " Han Young
2025-10-01 19:22 ` Junio C Hamano [this message]
2025-10-02 9:54 ` Karthik Nayak
2025-10-02 11:47 ` Patrick Steinhardt
2025-10-02 13:36 ` Junio C Hamano
2025-10-02 15:30 ` Patrick Steinhardt
2025-10-02 17:34 ` Junio C Hamano
2025-10-05 8:19 ` shejialuo
2025-10-02 9:34 ` [PATCH 0/1] " Karthik Nayak
2025-10-02 14:45 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqv7ky1l70.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=git@sigma-star.io \
--cc=git@vger.kernel.org \
--cc=hanyang.tony@bytedance.com \
--cc=hanyoung@protonmail.com \
--cc=karthik.188@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).