summaryrefslogtreecommitdiff
path: root/refs.c
diff options
context:
space:
mode:
authorJeff King <peff@peff.net>2017-04-10 22:14:12 (GMT)
committerJunio C Hamano <gitster@pobox.com>2017-04-17 01:19:18 (GMT)
commitd8f4481c4f03132174b514f428cd67d2cc0dc997 (patch)
tree70b6f8f9291109936af14988d23ebed5ced643bd /refs.c
parenteaeed077a69ad1e26b0c329ac0f6cbd397f5be9e (diff)
downloadgit-d8f4481c4f03132174b514f428cd67d2cc0dc997.zip
git-d8f4481c4f03132174b514f428cd67d2cc0dc997.tar.gz
git-d8f4481c4f03132174b514f428cd67d2cc0dc997.tar.bz2
refs: reject ref updates while GIT_QUARANTINE_PATH is set
As documented in git-receive-pack(1), updating a ref from within the pre-receive hook is dangerous and can corrupt your repo. This patch forbids ref updates entirely during the hook to make it harder for adventurous hook writers to shoot themselves in the foot. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'refs.c')
-rw-r--r--refs.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/refs.c b/refs.c
index 5ffdd77..916b0d5 100644
--- a/refs.c
+++ b/refs.c
@@ -1465,6 +1465,12 @@ int ref_transaction_commit(struct ref_transaction *transaction,
{
struct ref_store *refs = get_ref_store(NULL);
+ if (getenv(GIT_QUARANTINE_ENVIRONMENT)) {
+ strbuf_addstr(err,
+ _("ref updates forbidden inside quarantine environment"));
+ return -1;
+ }
+
return refs->be->transaction_commit(refs, transaction, err);
}