diff options
author | Jeff King <peff@peff.net> | 2017-09-27 02:17:36 -0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2017-09-27 16:07:22 +0900 |
commit | 0bca165fdb57b032e505161a9450fd5e3edfd19a (patch) | |
tree | 634f0bb7386e45237dd9a7417a98d6a3e11b0c82 | |
parent | 7eb4b9d025e1ac2ed5a49530c614b7e69054625a (diff) | |
download | git-0bca165fdb57b032e505161a9450fd5e3edfd19a.tar.gz |
validate_headref: use get_oid_hex for detached HEADsjk/validate-headref-fix
If a candidate HEAD isn't a symref, we check that it
contains a viable sha1. But in a post-sha1 world, we should
be checking whether it has any plausible object-id.
We can do that by switching to get_oid_hex().
Note that both before and after this patch, we only check
for a plausible object id at the start of the file, and then
call that good enough. We ignore any content _after_ the
hex, so a string like:
0123456789012345678901234567890123456789 foo
is accepted. Though we do put extra bytes like this into
some pseudorefs (e.g., FETCH_HEAD), we don't typically do so
with HEAD. We could tighten this up by using parse_oid_hex(),
like:
if (!parse_oid_hex(buffer, &oid, &end) &&
*end++ == '\n' && *end == '\0')
return 0;
But we're probably better to remain on the loose side. We're
just checking here for a plausible-looking repository
directory, so heuristics are acceptable (if we really want
to be meticulous, we should use the actual ref code to parse
HEAD).
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r-- | path.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -638,7 +638,7 @@ int validate_headref(const char *path) struct stat st; char buffer[256]; const char *refname; - unsigned char sha1[20]; + struct object_id oid; int fd; ssize_t len; @@ -679,7 +679,7 @@ int validate_headref(const char *path) /* * Is this a detached HEAD? */ - if (!get_sha1_hex(buffer, sha1)) + if (!get_oid_hex(buffer, &oid)) return 0; return -1; |