From 33aed43e9db41a9e482beb5e47800de8d6efbe31 Mon Sep 17 00:00:00 2001
From: Bob Van Landuyt <bob@gitlab.com>
Date: Tue, 30 May 2017 15:05:52 +0000
Subject: Avoid crash when trying to parse string with invalid UTF-8 sequence

---
 app/validators/dynamic_path_validator.rb       |  5 +++++
 spec/lib/gitlab/git/encoding_helper_spec.rb    |  2 +-
 spec/validators/dynamic_path_validator_spec.rb | 22 ++++++++++++++++++++++
 3 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/app/validators/dynamic_path_validator.rb b/app/validators/dynamic_path_validator.rb
index 6819886ebf4..a9b76c7c960 100644
--- a/app/validators/dynamic_path_validator.rb
+++ b/app/validators/dynamic_path_validator.rb
@@ -6,16 +6,21 @@
 # Values are checked for formatting and exclusion from a list of illegal path
 # names.
 class DynamicPathValidator < ActiveModel::EachValidator
+  extend Gitlab::Git::EncodingHelper
+
   class << self
     def valid_user_path?(path)
+      encode!(path)
       "#{path}/" =~ Gitlab::PathRegex.root_namespace_path_regex
     end
 
     def valid_group_path?(path)
+      encode!(path)
       "#{path}/" =~ Gitlab::PathRegex.full_namespace_path_regex
     end
 
     def valid_project_path?(path)
+      encode!(path)
       "#{path}/" =~ Gitlab::PathRegex.full_project_path_regex
     end
   end
diff --git a/spec/lib/gitlab/git/encoding_helper_spec.rb b/spec/lib/gitlab/git/encoding_helper_spec.rb
index 1a3bf802a07..48fc817d857 100644
--- a/spec/lib/gitlab/git/encoding_helper_spec.rb
+++ b/spec/lib/gitlab/git/encoding_helper_spec.rb
@@ -2,7 +2,7 @@ require "spec_helper"
 
 describe Gitlab::Git::EncodingHelper do
   let(:ext_class) { Class.new { extend Gitlab::Git::EncodingHelper } }
-  let(:binary_string) { File.join(SEED_STORAGE_PATH, 'gitlab_logo.png') }
+  let(:binary_string) { File.read(Rails.root + "spec/fixtures/dk.png") }
 
   describe '#encode!' do
     [
diff --git a/spec/validators/dynamic_path_validator_spec.rb b/spec/validators/dynamic_path_validator_spec.rb
index 5f998e78f07..8dbf3eecd23 100644
--- a/spec/validators/dynamic_path_validator_spec.rb
+++ b/spec/validators/dynamic_path_validator_spec.rb
@@ -3,6 +3,28 @@ require 'spec_helper'
 describe DynamicPathValidator do
   let(:validator) { described_class.new(attributes: [:path]) }
 
+  def expect_handles_invalid_utf8
+    expect { yield('\255invalid') }.to be_falsey
+  end
+
+  describe '.valid_user_path' do
+    it 'handles invalid utf8' do
+      expect(described_class.valid_user_path?("a\0weird\255path")).to be_falsey
+    end
+  end
+
+  describe '.valid_group_path' do
+    it 'handles invalid utf8' do
+      expect(described_class.valid_group_path?("a\0weird\255path")).to be_falsey
+    end
+  end
+
+  describe '.valid_project_path' do
+    it 'handles invalid utf8' do
+      expect(described_class.valid_project_path?("a\0weird\255path")).to be_falsey
+    end
+  end
+
   describe '#path_valid_for_record?' do
     context 'for project' do
       it 'calls valid_project_path?' do
-- 
cgit v1.2.3