Gracefully handle references with null bytes

`Rugged::Reference.valid_name?` used in `Gitlab::GitRefValidator.validate` fails on strings containing null bytes because it uses `StringValueCStr()`. Per https://silverhammermba.github.io/emberb/c/: Ruby’s String kinda corresponds to C’s char*. The simplest macro is StringValueCStr() which returns a null-terminated char* for a String. The problem here is that a Ruby String might contain nulls - in which case StringValueCStr() will raise an ArgumentError! Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54466
author: Stan Hu <stanhu@gmail.com> 2018-11-26 13:42:11 -0800
committer: Stan Hu <stanhu@gmail.com> 2018-11-26 14:14:16 -0800
commit: e36c347ff9827d6d14c6a8b9e217e085a3c3a498 (patch)
tree: 4f1beb5e2498fb3a8369c3f17e27118d5146b8d6 /lib
parent: deaf3af7e5f357f3e8d91f7f2d49ad3ce001ba68 (diff)
download: gitlab-ce-e36c347ff9827d6d14c6a8b9e217e085a3c3a498.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/gitlab/git_ref_validator.rb b/lib/gitlab/git_ref_validator.rb
index a90b69ff42b..3f13ebeb9d0 100644
--- a/lib/gitlab/git_ref_validator.rb
+++ b/lib/gitlab/git_ref_validator.rb
@@ -13,7 +13,11 @@ module Gitlab
       return false if ref_name.start_with?(*not_allowed_prefixes)
       return false if ref_name == 'HEAD'
 
-      Rugged::Reference.valid_name? "refs/heads/#{ref_name}"
+      begin
+        Rugged::Reference.valid_name?("refs/heads/#{ref_name}")
+      rescue ArgumentError
+        return false
+      end
     end
   end
 end
author	Stan Hu <stanhu@gmail.com>	2018-11-26 13:42:11 -0800
committer	Stan Hu <stanhu@gmail.com>	2018-11-26 14:14:16 -0800
commit	e36c347ff9827d6d14c6a8b9e217e085a3c3a498 (patch)
tree	4f1beb5e2498fb3a8369c3f17e27118d5146b8d6 /lib
parent	deaf3af7e5f357f3e8d91f7f2d49ad3ce001ba68 (diff)
download	gitlab-ce-e36c347ff9827d6d14c6a8b9e217e085a3c3a498.tar.gz