diff options
author | Junio C Hamano <junkio@cox.net> | 2005-11-18 14:59:34 -0800 |
---|---|---|
committer | Junio C Hamano <junkio@cox.net> | 2005-11-19 20:50:38 -0800 |
commit | 0870ca7fabe6f25095431280e480859f7c66e8ab (patch) | |
tree | bd8c24b3a1b2fe52baa3c9474ea6cefec209bedf /refs.c | |
parent | 54f4b87454824fedc629219620ce9b7cdcab3d27 (diff) | |
download | git-0870ca7fabe6f25095431280e480859f7c66e8ab.tar.gz |
Do not DWIM in userpath library under strict mode.
This should force git-daemon administrator's job a bit harder
because the exact paths need to be given in the whitelist, but
at the same time makes the auditing easier.
This moves validate_symref() from refs.c to path.c, because we
need to link path.c with git-daemon for its "enter_repo()", but
we do not want to link the daemon with the rest of git libraries
and its requirements.
Signed-off-by: Junio C Hamano <junkio@cox.net>
Diffstat (limited to 'refs.c')
-rw-r--r-- | refs.c | 40 |
1 files changed, 0 insertions, 40 deletions
@@ -10,46 +10,6 @@ #define USE_SYMLINK_HEAD 1 #endif -int validate_symref(const char *path) -{ - struct stat st; - char *buf, buffer[256]; - int len, fd; - - if (lstat(path, &st) < 0) - return -1; - - /* Make sure it is a "refs/.." symlink */ - if (S_ISLNK(st.st_mode)) { - len = readlink(path, buffer, sizeof(buffer)-1); - if (len >= 5 && !memcmp("refs/", buffer, 5)) - return 0; - return -1; - } - - /* - * Anything else, just open it and try to see if it is a symbolic ref. - */ - fd = open(path, O_RDONLY); - if (fd < 0) - return -1; - len = read(fd, buffer, sizeof(buffer)-1); - close(fd); - - /* - * Is it a symbolic ref? - */ - if (len < 4 || memcmp("ref:", buffer, 4)) - return -1; - buf = buffer + 4; - len -= 4; - while (len && isspace(*buf)) - buf++, len--; - if (len >= 5 && !memcmp("refs/", buf, 5)) - return 0; - return -1; -} - const char *resolve_ref(const char *path, unsigned char *sha1, int reading) { int depth = MAXDEPTH, len; |