refs: reject ref updates while GIT_QUARANTINE_PATH is setjk/quarantine-received-objects

As documented in git-receive-pack(1), updating a ref from within the pre-receive hook is dangerous and can corrupt your repo. This patch forbids ref updates entirely during the hook to make it harder for adventurous hook writers to shoot themselves in the foot. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Jeff King <peff@peff.net> 2017-04-10 18:14:12 -0400
committer: Junio C Hamano <gitster@pobox.com> 2017-04-16 18:19:18 -0700
commit: d8f4481c4f03132174b514f428cd67d2cc0dc997 (patch)
tree: 70b6f8f9291109936af14988d23ebed5ced643bd /refs.c
parent: eaeed077a69ad1e26b0c329ac0f6cbd397f5be9e (diff)
download: git-d8f4481c4f03132174b514f428cd67d2cc0dc997.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/refs.c b/refs.c
index 5ffdd778d9..916b0d5fa5 100644
--- a/refs.c
+++ b/refs.c
@@ -1465,6 +1465,12 @@ int ref_transaction_commit(struct ref_transaction *transaction,
 {
 	struct ref_store *refs = get_ref_store(NULL);
 
+	if (getenv(GIT_QUARANTINE_ENVIRONMENT)) {
+		strbuf_addstr(err,
+			      _("ref updates forbidden inside quarantine environment"));
+		return -1;
+	}
+
 	return refs->be->transaction_commit(refs, transaction, err);
 }
author	Jeff King <peff@peff.net>	2017-04-10 18:14:12 -0400
committer	Junio C Hamano <gitster@pobox.com>	2017-04-16 18:19:18 -0700
commit	d8f4481c4f03132174b514f428cd67d2cc0dc997 (patch)
tree	70b6f8f9291109936af14988d23ebed5ced643bd /refs.c
parent	eaeed077a69ad1e26b0c329ac0f6cbd397f5be9e (diff)
download	git-d8f4481c4f03132174b514f428cd67d2cc0dc997.tar.gz