We had a 16 KiB limit on database signatures, we should do the same here too to have a slight sanity check, even if we can't do so for the package itself yet. Signed-off-by: Dan McGee <dan@archlinux.org> --- lib/libalpm/dload.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c index efd469d..2928590 100644 --- a/lib/libalpm/dload.c +++ b/lib/libalpm/dload.c @@ -604,6 +604,9 @@ char SYMEXPORT *alpm_fetch_pkgurl(alpm_handle_t *handle, const char *url) payload.force = 1; payload.errors_ok = (handle->siglevel & ALPM_SIG_PACKAGE_OPTIONAL); + /* set hard upper limit of 16KiB */ + payload.max_size = 16 * 1024; + ret = _alpm_download(&payload, cachedir, &sig_final_file); if(ret == -1 && !payload.errors_ok) { _alpm_log(handle, ALPM_LOG_WARNING, -- 1.7.8