From d85d0ddcfeab6212a588e50529744277f0ca48bb Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Mon, 5 Dec 2011 10:06:12 -0600 Subject: Enforce signature download size limit on -U operations We had a 16 KiB limit on database signatures, we should do the same here too to have a slight sanity check, even if we can't do so for the package itself yet. Signed-off-by: Dan McGee --- lib/libalpm/dload.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib/libalpm') diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c index efd469d5..29285903 100644 --- a/lib/libalpm/dload.c +++ b/lib/libalpm/dload.c @@ -604,6 +604,9 @@ char SYMEXPORT *alpm_fetch_pkgurl(alpm_handle_t *handle, const char *url) payload.force = 1; payload.errors_ok = (handle->siglevel & ALPM_SIG_PACKAGE_OPTIONAL); + /* set hard upper limit of 16KiB */ + payload.max_size = 16 * 1024; + ret = _alpm_download(&payload, cachedir, &sig_final_file); if(ret == -1 && !payload.errors_ok) { _alpm_log(handle, ALPM_LOG_WARNING, -- cgit v1.2.3-70-g09d2 From 6a1d3948a670184f01a697efe55b91b4ccdcb51d Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Mon, 5 Dec 2011 23:20:08 -0600 Subject: Use correct size in memset We were using the size of a pointer, not the size of the whole archive_read_buffer struct. Thanks to Clang/LLVM 3.0 and Allan/Dave in IRC for finding this one. Signed-off-by: Dan McGee --- lib/libalpm/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/libalpm') diff --git a/lib/libalpm/util.c b/lib/libalpm/util.c index c89f3c9c..ad15d937 100644 --- a/lib/libalpm/util.c +++ b/lib/libalpm/util.c @@ -1000,7 +1000,7 @@ cleanup: { int ret = b->ret; FREE(b->line); - memset(b, 0, sizeof(b)); + memset(b, 0, sizeof(struct archive_read_buffer)); return ret; } } -- cgit v1.2.3-70-g09d2