diff --git a/refs.c b/refs.c
index 3ad862a0a52cb1..2129ac7920775c 100644
--- a/refs.c
+++ b/refs.c
@@ -167,6 +167,9 @@ static int check_or_sanitize_refname(const char *refname, int flags,
 {
 	int component_len, component_count = 0;
 
+	if (!is_valid_path(refname))
+		return -1;
+
 	if (!strcmp(refname, "@")) {
 		/* Refname is a single character '@'. */
 		if (sanitized)