git-receiver: pre-receive: validate ref prefix

2 files changed, 7 insertions, 1 deletions

diff --git a/src/blogc-git-receiver/pre-receive-parser.c b/src/blogc-git-receiver/pre-receive-parser.c
index 52b0b76..61a533c 100644
--- a/src/blogc-git-receiver/pre-receive-parser.c
+++ b/src/blogc-git-receiver/pre-receive-parser.c
@@ -64,7 +64,9 @@ bgr_pre_receive_parse(const char *input, size_t input_len)
                 if (c != '\n')
                     break;
                 state = START_OLD;
-                if (current - start > 11) {
+                if ((current - start > 11) &&
+                    (0 == strncmp("refs/heads/", input + start, 11)))
+                {
                     char *key = bc_strndup(input + start + 11, current - start - 11);
                     bc_trie_insert(rv, key, bc_strndup(input + start_new, start - 1 - start_new));
                     free(key);
diff --git a/tests/blogc-git-receiver/check_pre_receive_parser.c b/tests/blogc-git-receiver/check_pre_receive_parser.c
index c431821..cad1421 100644
--- a/tests/blogc-git-receiver/check_pre_receive_parser.c
+++ b/tests/blogc-git-receiver/check_pre_receive_parser.c
@@ -43,6 +43,10 @@ test_pre_receive_parse(void **state)
         "4f1f932f6ef6d6c9770266775c2db072964d7a62 "
         "3fff4bb3172f77b292b0c913749e81bedd3545f3 "
         "refs/heads/master"));
+    assert_null(_bgr_pre_receive_parse(
+        "4f1f932f6ef6d6c9770266775c2db072964d7a62 "
+        "3fff4bb3172f77b292b0c913749e81bedd3545f3 "
+        "adgfdgdfgfdgdfgdfgdfgdfgdfg\n"));
 
     bc_trie_t *t;
     t = _bgr_pre_receive_parse(