git: harden ref arg handling

tonistiigi · crazy-max · commit f5462c216098 · 2026-03-25T11:34:43.000+01:00
Validate user-provided refs once during identifier construction and reject
option-like refs with leading '-'. There is no known attack related to
previous core, patch is to make ref handling more robust and improve
errors.

Signed-off-by: Tonis Tiigi &lt;tonistiigi@gmail.com&gt;
(cherry picked from commit e7f8093e1b386ffe711c8468ca8cdde8cfea0c72)
(cherry picked from commit d4ea5ef18829b57ee0a52620cd11a8c3ea5db01d)
diff --git a/source/git/source.go b/source/git/source.go
@@ -136,6 +136,9 @@ func (gs *Source) Identifier(scheme, ref string, attrs map[string]string, platfo
 			id.VerifySignature.IgnoreSignedTag = v == "true"
 		}
 	}
+	if err := validateGitRef(id.Ref); err != nil {
+		return nil, err
+	}
 
 	return id, nil
 }
@@ -548,10 +551,9 @@ func (gs *gitSourceHandler) resolveMetadata(ctx context.Context, jobCtx solver.J
 			return nil, err
 		}
 	}
-
 	// TODO: should we assume that remote tag is immutable? add a timer?
 
-	buf, err := tmpGit.Run(ctx, "ls-remote", gs.src.Remote, ref, ref+"^{}")
+	buf, err := tmpGit.Run(ctx, "ls-remote", "--", gs.src.Remote, ref, ref+"^{}")
 	if err != nil {
 		return nil, errors.Wrapf(err, "failed to fetch remote %s", urlutil.RedactCredentials(remote))
 	}
@@ -862,11 +864,10 @@ func (gs *gitSourceHandler) tryRemoteFetch(ctx context.Context, g session.Group,
 		}
 		gs.src.Ref = ref
 	}
-
 	doFetch := true
 	if gitutil.IsCommitSHA(ref) {
 		// skip fetch if commit already exists
-		if _, err := git.Run(ctx, "cat-file", "-e", ref+"^{commit}"); err == nil {
+		if _, err := git.Run(ctx, "cat-file", "-e", "--", ref+"^{commit}"); err == nil {
 			doFetch = false
 		}
 	}
@@ -896,7 +897,7 @@ func (gs *gitSourceHandler) tryRemoteFetch(ctx context.Context, g session.Group,
 		if gitutil.IsCommitSHA(ref) {
 			args = append(args, ref)
 		} else {
-			args = append(args, "--force", ref+":"+targetRef)
+			args = append(args, "--force", "--", ref+":"+targetRef)
 		}
 		if _, err := git.Run(ctx, args...); err != nil {
 			err := errors.Wrapf(err, "failed to fetch remote %s", urlutil.RedactCredentials(gs.src.Remote))
@@ -1043,7 +1044,7 @@ func (gs *gitSourceHandler) checkout(ctx context.Context, repo *gitRepo, g sessi
 		} else {
 			pullref += ":" + pullref
 		}
-		_, err = checkoutGit.Run(ctx, "fetch", "-u", "--depth=1", "origin", pullref)
+		_, err = checkoutGit.Run(ctx, "fetch", "-u", "--depth=1", "--", "origin", pullref)
 		if err != nil {
 			return nil, err
 		}
@@ -1169,6 +1170,13 @@ func isUnableToUpdateLocalRef(err error) bool {
 		strings.Contains(msg, "refname conflict")
 }
 
+func validateGitRef(ref string) error {
+	if strings.HasPrefix(ref, "-") {
+		return errors.Errorf("invalid git ref %q", ref)
+	}
+	return nil
+}
+
 func (gs *gitSourceHandler) emptyGitCli(ctx context.Context, g session.Group, opts ...gitutil.Option) (*gitutil.GitCLI, func() error, error) {
 	var cleanups []func() error
 	cleanup := func() error {

Original file line number	Diff line number	Diff line change
`@@ -136,6 +136,9 @@ func (gs *Source) Identifier(scheme, ref string, attrs map[string]string, platfo`
`136`	`136`	`id.VerifySignature.IgnoreSignedTag = v == "true"`
`137`	`137`	`}`
`138`	`138`	`}`
	`139`	`+ if err := validateGitRef(id.Ref); err != nil {`
	`140`	`+ return nil, err`
	`141`	`+ }`
`139`	`142`
`140`	`143`	`return id, nil`
`141`	`144`	`}`
`@@ -548,10 +551,9 @@ func (gs *gitSourceHandler) resolveMetadata(ctx context.Context, jobCtx solver.J`
`548`	`551`	`return nil, err`
`549`	`552`	`}`
`550`	`553`	`}`
`551`		`-`
`552`	`554`	`// TODO: should we assume that remote tag is immutable? add a timer?`
`553`	`555`
`554`		`- buf, err := tmpGit.Run(ctx, "ls-remote", gs.src.Remote, ref, ref+"^{}")`
	`556`	`+ buf, err := tmpGit.Run(ctx, "ls-remote", "--", gs.src.Remote, ref, ref+"^{}")`
`555`	`557`	`if err != nil {`
`556`	`558`	`return nil, errors.Wrapf(err, "failed to fetch remote %s", urlutil.RedactCredentials(remote))`
`557`	`559`	`}`
`@@ -862,11 +864,10 @@ func (gs *gitSourceHandler) tryRemoteFetch(ctx context.Context, g session.Group,`
`862`	`864`	`}`
`863`	`865`	`gs.src.Ref = ref`
`864`	`866`	`}`
`865`		`-`
`866`	`867`	`doFetch := true`
`867`	`868`	`if gitutil.IsCommitSHA(ref) {`
`868`	`869`	`// skip fetch if commit already exists`
`869`		`- if _, err := git.Run(ctx, "cat-file", "-e", ref+"^{commit}"); err == nil {`
	`870`	`+ if _, err := git.Run(ctx, "cat-file", "-e", "--", ref+"^{commit}"); err == nil {`
`870`	`871`	`doFetch = false`
`871`	`872`	`}`
`872`	`873`	`}`
`@@ -896,7 +897,7 @@ func (gs *gitSourceHandler) tryRemoteFetch(ctx context.Context, g session.Group,`
`896`	`897`	`if gitutil.IsCommitSHA(ref) {`
`897`	`898`	`args = append(args, ref)`
`898`	`899`	`} else {`
`899`		`- args = append(args, "--force", ref+":"+targetRef)`
	`900`	`+ args = append(args, "--force", "--", ref+":"+targetRef)`
`900`	`901`	`}`
`901`	`902`	`if _, err := git.Run(ctx, args...); err != nil {`
`902`	`903`	`err := errors.Wrapf(err, "failed to fetch remote %s", urlutil.RedactCredentials(gs.src.Remote))`
`@@ -1043,7 +1044,7 @@ func (gs gitSourceHandler) checkout(ctx context.Context, repo gitRepo, g sessi`
`1043`	`1044`	`} else {`
`1044`	`1045`	`pullref += ":" + pullref`
`1045`	`1046`	`}`
`1046`		`- _, err = checkoutGit.Run(ctx, "fetch", "-u", "--depth=1", "origin", pullref)`
	`1047`	`+ _, err = checkoutGit.Run(ctx, "fetch", "-u", "--depth=1", "--", "origin", pullref)`
`1047`	`1048`	`if err != nil {`
`1048`	`1049`	`return nil, err`
`1049`	`1050`	`}`
`@@ -1169,6 +1170,13 @@ func isUnableToUpdateLocalRef(err error) bool {`
`1169`	`1170`	`strings.Contains(msg, "refname conflict")`
`1170`	`1171`	`}`
`1171`	`1172`
	`1173`	`+func validateGitRef(ref string) error {`
	`1174`	`+ if strings.HasPrefix(ref, "-") {`
	`1175`	`+ return errors.Errorf("invalid git ref %q", ref)`
	`1176`	`+ }`
	`1177`	`+ return nil`
	`1178`	`+}`
	`1179`	`+`
`1172`	`1180`	`func (gs gitSourceHandler) emptyGitCli(ctx context.Context, g session.Group, opts ...gitutil.Option) (gitutil.GitCLI, func() error, error) {`
`1173`	`1181`	`var cleanups []func() error`
`1174`	`1182`	`cleanup := func() error {`