From afe5d3d516114f08d3c4289682a704f5a7889909 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Thu, 29 Jan 2009 03:33:02 -0500 Subject: [PATCH] symbolic ref: refuse non-ref targets in HEAD When calling "git symbolic-ref" it is easy to forget that the target must be a fully qualified ref. E.g., you might accidentally do: $ git symbolic-ref HEAD master Unfortunately, this is very difficult to recover from, because the bogus contents of HEAD make git believe we are no longer in a git repository (as is_git_dir explicitly checks for "^refs/heads/" in the HEAD target). So immediately trying to fix the situation doesn't work: $ git symbolic-ref HEAD refs/heads/master fatal: Not a git repository and one is left editing the .git/HEAD file manually. Furthermore, one might be tempted to use symbolic-ref to set up a detached HEAD: $ git symbolic-ref HEAD `git rev-parse HEAD` which sets up an even more bogus HEAD: $ cat .git/HEAD ref: 1a9ace4f2ad4176148e61b5a85cd63d5604aac6d This patch introduces a small safety valve to prevent the specific case of anything not starting with refs/heads/ to go into HEAD. The scope of the safety valve is intentionally very limited, to make sure that we are not preventing any behavior that would otherwise be valid (like pointing a different symref than HEAD outside of refs/heads/). Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- builtin-symbolic-ref.c | 3 +++ t/t1401-symbolic-ref.sh | 41 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100755 t/t1401-symbolic-ref.sh diff --git a/builtin-symbolic-ref.c b/builtin-symbolic-ref.c index bfc78bb3f..cafc4eba7 100644 --- a/builtin-symbolic-ref.c +++ b/builtin-symbolic-ref.c @@ -44,6 +44,9 @@ int cmd_symbolic_ref(int argc, const char **argv, const char *prefix) check_symref(argv[0], quiet); break; case 2: + if (!strcmp(argv[0], "HEAD") && + prefixcmp(argv[1], "refs/heads/")) + die("Refusing to point HEAD outside of refs/heads/"); create_symref(argv[0], argv[1], msg); break; default: diff --git a/t/t1401-symbolic-ref.sh b/t/t1401-symbolic-ref.sh new file mode 100755 index 000000000..569f34177 --- /dev/null +++ b/t/t1401-symbolic-ref.sh @@ -0,0 +1,41 @@ +#!/bin/sh + +test_description='basic symbolic-ref tests' +. ./test-lib.sh + +# If the tests munging HEAD fail, they can break detection of +# the git repo, meaning that further tests will operate on +# the surrounding git repo instead of the trash directory. +reset_to_sane() { + echo ref: refs/heads/foo >.git/HEAD +} + +test_expect_success 'symbolic-ref writes HEAD' ' + git symbolic-ref HEAD refs/heads/foo && + echo ref: refs/heads/foo >expect && + test_cmp expect .git/HEAD +' + +test_expect_success 'symbolic-ref reads HEAD' ' + echo refs/heads/foo >expect && + git symbolic-ref HEAD >actual && + test_cmp expect actual +' + +test_expect_success 'symbolic-ref refuses non-ref for HEAD' ' + test_must_fail git symbolic-ref HEAD foo +' +reset_to_sane + +test_expect_success 'symbolic-ref refuses non-branch for HEAD' ' + test_must_fail git symbolic-ref HEAD refs/foo +' +reset_to_sane + +test_expect_success 'symbolic-ref refuses bare sha1' ' + echo content >file && git add file && git commit -m one + test_must_fail git symbolic-ref HEAD `git rev-parse HEAD` +' +reset_to_sane + +test_done -- 2.30.2