summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2008-01-15 15:50:17 -0800
committerJunio C Hamano <gitster@pobox.com>2008-01-16 11:53:35 -0800
commitc3b0dec509fe136c5417422f31898b5a4e2d5e02 (patch)
tree68a7def9602e2f847f133081f0b90bd43e622b23
parent9f6fe82233fff26abd1a5315ba7709ccee078ec1 (diff)
downloadgit-c3b0dec509fe136c5417422f31898b5a4e2d5e02.tar.gz
Be more careful about updating refs
This makes write_ref_sha1() more careful: it actually checks the SHA1 of the ref it is updating, and refuses to update a ref with an object that it cannot find. Perhaps more importantly, it also refuses to update a branch head with a non-commit object. I don't quite know *how* the stable series maintainers were able to corrupt their repository to have a HEAD that pointed to a tag rather than a commit object, but they did. Which results in a totally broken repository that cannot be cloned or committed on. So make it harder for people to shoot themselves in the foot like that. The test t1400-update-ref.sh is fixed at the same time, as it assumed that the commands involved in the particular test would not care about corrupted repositories whose refs point at nonexistant bogus objects. That assumption does not hold true anymore. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--refs.c19
-rwxr-xr-xt/t1400-update-ref.sh19
2 files changed, 32 insertions, 6 deletions
diff --git a/refs.c b/refs.c
index 58f6d17397..c3ffe0393b 100644
--- a/refs.c
+++ b/refs.c
@@ -1119,10 +1119,16 @@ static int log_ref_write(const char *ref_name, const unsigned char *old_sha1,
return 0;
}
+static int is_branch(const char *refname)
+{
+ return !strcmp(refname, "HEAD") || !prefixcmp(refname, "refs/heads/");
+}
+
int write_ref_sha1(struct ref_lock *lock,
const unsigned char *sha1, const char *logmsg)
{
static char term = '\n';
+ struct object *o;
if (!lock)
return -1;
@@ -1130,6 +1136,19 @@ int write_ref_sha1(struct ref_lock *lock,
unlock_ref(lock);
return 0;
}
+ o = parse_object(sha1);
+ if (!o) {
+ error("Trying to write ref %s with nonexistant object %s",
+ lock->ref_name, sha1_to_hex(sha1));
+ unlock_ref(lock);
+ return -1;
+ }
+ if (o->type != OBJ_COMMIT && is_branch(lock->ref_name)) {
+ error("Trying to write non-commit object %s to branch %s",
+ sha1_to_hex(sha1), lock->ref_name);
+ unlock_ref(lock);
+ return -1;
+ }
if (write_in_full(lock->lock_fd, sha1_to_hex(sha1), 40) != 40 ||
write_in_full(lock->lock_fd, &term, 1) != 1
|| close(lock->lock_fd) < 0) {
diff --git a/t/t1400-update-ref.sh b/t/t1400-update-ref.sh
index a90824ba8a..71ab2dd0ee 100755
--- a/t/t1400-update-ref.sh
+++ b/t/t1400-update-ref.sh
@@ -7,12 +7,19 @@ test_description='Test git update-ref and basic ref logging'
. ./test-lib.sh
Z=0000000000000000000000000000000000000000
-A=1111111111111111111111111111111111111111
-B=2222222222222222222222222222222222222222
-C=3333333333333333333333333333333333333333
-D=4444444444444444444444444444444444444444
-E=5555555555555555555555555555555555555555
-F=6666666666666666666666666666666666666666
+
+test_expect_success setup '
+
+ for name in A B C D E F
+ do
+ test_tick &&
+ T=$(git write-tree) &&
+ sha1=$(echo $name | git commit-tree $T) &&
+ eval $name=$sha1
+ done
+
+'
+
m=refs/heads/master
n_dir=refs/heads/gu
n=$n_dir/fixes