5 Jun
2016
5 Jun
'16
5:43 p.m.
On 05.06.2016 19:37, Tobias Stoeckmann wrote:
diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c index c9ed770..055fb1e 100644 --- a/lib/libalpm/be_package.c +++ b/lib/libalpm/be_package.c @@ -700,17 +700,16 @@ static int read_sigfile(const char *sigpath, unsigned char **sig) struct stat st; FILE *fp;
- if(stat(sigpath, &st) != 0) { + if((fp = fopen(sigpath, "rb")) == NULL) { return -1; }
- MALLOC(*sig, st.st_size, return -1); - - if((fp = fopen(sigpath, "rb")) == NULL) { - free(*sig); + if(fstat(fileno(fp), &st) != 0 || st.st_size > INT_MAX) { return -1;
I think you should fclose(fp); here.
}
+ MALLOC(*sig, st.st_size, return -1); + if(fread(*sig, st.st_size, 1, fp) != 1) { free(*sig); fclose(fp);