diff options
author | Dave Reisner <dreisner@archlinux.org> | 2019-10-07 02:06:43 +0200 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2019-10-07 02:55:49 +0200 |
commit | 0c4a8ae24b8395b0dd4f8046615336e394a8e3f8 (patch) | |
tree | d92ee46c76bc4f32a69db6cd4bdd72388ef57543 /doc/libalpm.3.asciidoc | |
parent | 5dd2b3776dedd85c196be737ea9c177216448756 (diff) | |
download | pacman-0c4a8ae24b8395b0dd4f8046615336e394a8e3f8.tar.gz pacman-0c4a8ae24b8395b0dd4f8046615336e394a8e3f8.tar.xz |
dload: never return NULL from get_filename
Downloads with a Content-Disposition header will typically not include
slashes. When they do, we should most certainly only take the basename,
but when they don't, we should treat the header value as the filename.
Crash introduced in d197d8ab82cf when we started using get_filename
in order to rightfully avoid an arbitrary file overwrite vulnerability.
Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'doc/libalpm.3.asciidoc')
0 files changed, 0 insertions, 0 deletions