The current command line parser is overly lax in places and allows a
branch whose name begins with a hyphen e.g. "-foo" to be created, but the
parseopt infrastructure in general does not like to parse anything that
begins with a dash as a short-hand refname. "git checkout -foo" won't
work, nor will "git branch -d -foo" (even though "git branch -d -- -foo"
works, it does so by mistake; we should not be taking anything but
pathspecs after double-dash).
All the codepaths that create a new branch ref, including the destination
of "branch -m src dst", use strbuf_check_branch_ref() to validate if the
given name is suitable as a branch name. Tighten it to disallow a branch
that begins with a hyphen.
You can still get rid of historical mistakes with
$ git update-ref -d refs/heads/-foo
and third-party Porcelains are free to keep using update-ref to create
refs with a path component that begins with "-".
Issue originally raised by Clemens Buchacher.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
int strbuf_check_branch_ref(struct strbuf *sb, const char *name)
{
strbuf_branchname(sb, name);
+ if (name[0] == '-')
+ return CHECK_REF_FORMAT_ERROR;
strbuf_splice(sb, 0, 0, "refs/heads/", 11);
return check_ref_format(sb->buf);
}