From cb0e788e98482b3cbf983bbecfb802a9cfaf2447 Mon Sep 17 00:00:00 2001
From: "Rafael G. Martins" <rafael@rafaelmartins.eng.br>
Date: Thu, 10 Feb 2022 03:45:16 +0100
Subject: git-receiver: pre-receive: validate ref prefix

---
 src/blogc-git-receiver/pre-receive-parser.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/blogc-git-receiver/pre-receive-parser.c b/src/blogc-git-receiver/pre-receive-parser.c
index 52b0b76..61a533c 100644
--- a/src/blogc-git-receiver/pre-receive-parser.c
+++ b/src/blogc-git-receiver/pre-receive-parser.c
@@ -64,7 +64,9 @@ bgr_pre_receive_parse(const char *input, size_t input_len)
                 if (c != '\n')
                     break;
                 state = START_OLD;
-                if (current - start > 11) {
+                if ((current - start > 11) &&
+                    (0 == strncmp("refs/heads/", input + start, 11)))
+                {
                     char *key = bc_strndup(input + start + 11, current - start - 11);
                     bc_trie_insert(rv, key, bc_strndup(input + start_new, start - 1 - start_new));
                     free(key);
-- 
cgit v1.2.3-18-g5258