[pacman-dev] [PATCH 1/2] Enforce signature download size limit on -U <url> operations
Dan McGee
dan at archlinux.org
Mon Dec 5 11:09:44 EST 2011
We had a 16 KiB limit on database signatures, we should do the same here
too to have a slight sanity check, even if we can't do so for the
package itself yet.
Signed-off-by: Dan McGee <dan at archlinux.org>
---
lib/libalpm/dload.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
index efd469d..2928590 100644
--- a/lib/libalpm/dload.c
+++ b/lib/libalpm/dload.c
@@ -604,6 +604,9 @@ char SYMEXPORT *alpm_fetch_pkgurl(alpm_handle_t *handle, const char *url)
payload.force = 1;
payload.errors_ok = (handle->siglevel & ALPM_SIG_PACKAGE_OPTIONAL);
+ /* set hard upper limit of 16KiB */
+ payload.max_size = 16 * 1024;
+
ret = _alpm_download(&payload, cachedir, &sig_final_file);
if(ret == -1 && !payload.errors_ok) {
_alpm_log(handle, ALPM_LOG_WARNING,
--
1.7.8
More information about the pacman-dev
mailing list