gitweb: Secure against commit-ish/tree-ish with the same name as path

[git.git] / git-fetch.sh

diff --git a/git-fetch.sh b/git-fetch.sh
index 7dc1f33687279812605c7b6f9ddc13478e143058..539dff6ee05f7cfde20ea34a80a1e6bbdc1fbca2 100755 (executable)
--- a/git-fetch.sh
+++ b/git-fetch.sh
@@ -147,15 +147,15 @@ update_local_ref () {
        [ "$verbose" ] && echo >&2 "  $label_: $newshort_"
        return 0
     fi
-    oldshort_=$(git-rev-parse --short "$1" 2>/dev/null)
-    mkdir -p "$(dirname "$GIT_DIR/$1")"
+    oldshort_=$(git show-ref --hash --abbrev "$1" 2>/dev/null)
+
     case "$1" in
     refs/tags/*)
        # Tags need not be pointing at commits so there
        # is no way to guarantee "fast-forward" anyway.
-       if test -f "$GIT_DIR/$1"
+       if test -n "$oldshort_"
        then
-               if now_=$(cat "$GIT_DIR/$1") && test "$now_" = "$2"
+               if now_=$(git show-ref --hash "$1") && test "$now_" = "$2"
                then
                        [ "$verbose" ] && echo >&2 "* $1: same as $3"
                        [ "$verbose" ] && echo >&2 "  $label_: $newshort_" ||:
@@ -427,7 +427,7 @@ case "$no_tags$tags" in
                sed -ne 's|^\([0-9a-f]*\)[      ]\(refs/tags/.*\)^{}$|\1 \2|p' |
                while read sha1 name
                do
-                       test -f "$GIT_DIR/$name" && continue
+                       git-show-ref --verify --quiet -- $name && continue
                        git-check-ref-format "$name" || {
                                echo >&2 "warning: tag ${name} ignored"
                                continue