git-receiver: pre-receive: validate ref prefix

author: Rafael G. Martins <rafael@rafaelmartins.eng.br> 2022-02-10 03:45:16 +0100
committer: Rafael G. Martins <rafael@rafaelmartins.eng.br> 2022-02-10 03:45:16 +0100
commit: cb0e788e98482b3cbf983bbecfb802a9cfaf2447 (patch)
tree: 9b3f151f49c07eacba8992282c97f2ae2b731413 /src/blogc-git-receiver
parent: 8e74dace4b878027405c267670f559ff761f8ea6 (diff)
download: blogc-cb0e788e98482b3cbf983bbecfb802a9cfaf2447.tar.gz
blogc-cb0e788e98482b3cbf983bbecfb802a9cfaf2447.tar.bz2
blogc-cb0e788e98482b3cbf983bbecfb802a9cfaf2447.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/blogc-git-receiver/pre-receive-parser.c b/src/blogc-git-receiver/pre-receive-parser.c
index 52b0b76..61a533c 100644
--- a/src/blogc-git-receiver/pre-receive-parser.c
+++ b/src/blogc-git-receiver/pre-receive-parser.c
@@ -64,7 +64,9 @@ bgr_pre_receive_parse(const char *input, size_t input_len)
                 if (c != '\n')
                     break;
                 state = START_OLD;
-                if (current - start > 11) {
+                if ((current - start > 11) &&
+                    (0 == strncmp("refs/heads/", input + start, 11)))
+                {
                     char *key = bc_strndup(input + start + 11, current - start - 11);
                     bc_trie_insert(rv, key, bc_strndup(input + start_new, start - 1 - start_new));
                     free(key);
author	Rafael G. Martins <rafael@rafaelmartins.eng.br>	2022-02-10 03:45:16 +0100
committer	Rafael G. Martins <rafael@rafaelmartins.eng.br>	2022-02-10 03:45:16 +0100
commit	cb0e788e98482b3cbf983bbecfb802a9cfaf2447 (patch)
tree	9b3f151f49c07eacba8992282c97f2ae2b731413 /src/blogc-git-receiver
parent	8e74dace4b878027405c267670f559ff761f8ea6 (diff)
download	blogc-cb0e788e98482b3cbf983bbecfb802a9cfaf2447.tar.gz blogc-cb0e788e98482b3cbf983bbecfb802a9cfaf2447.tar.bz2 blogc-cb0e788e98482b3cbf983bbecfb802a9cfaf2447.zip