Fix buggy ref recording

There is a format string vulnerability introduced with the packed refs
file format.

Signed-off-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <junkio@cox.net>

diff --git a/refs.c b/refs.c
index 40f16af18562dbe3e32be2dfe7c700c295ed744e..5fdf9c4139f81d37be932c4a029fa5fa29cdc62d 100644 (file)
--- a/refs.c
+++ b/refs.c
@@ -472,7 +472,7 @@ static struct ref_lock *lock_ref_sha1_basic(const char *ref,
 
        lock->ref_name = xstrdup(ref);
        lock->log_file = xstrdup(git_path("logs/%s", ref));
-       ref_file = git_path(ref);
+       ref_file = git_path("%s", ref);
        lock->force_write = lstat(ref_file, &st) && errno == ENOENT;
 
        if (safe_create_leading_directories(ref_file))