diff options
author | Dave Reisner <dreisner@archlinux.org> | 2011-09-11 21:27:57 +0200 |
---|---|---|
committer | Dan McGee <dan@archlinux.org> | 2011-09-18 22:35:58 +0200 |
commit | 223a92ca9da2efecefb200a828618747c0f5b03e (patch) | |
tree | 2de426e570bae86ad450a72d9b7a56673f8533da /lib/libalpm/dload.c | |
parent | 7ad78c2c88ea3a7a1a33c4d09c2e6e4c772da25e (diff) | |
download | pacman-223a92ca9da2efecefb200a828618747c0f5b03e.tar.gz pacman-223a92ca9da2efecefb200a828618747c0f5b03e.tar.xz |
dload: remove user:pass@ definition from hostname
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Diffstat (limited to 'lib/libalpm/dload.c')
-rw-r--r-- | lib/libalpm/dload.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c index 5ae02fc6..e786a3c0 100644 --- a/lib/libalpm/dload.c +++ b/lib/libalpm/dload.c @@ -123,7 +123,7 @@ static int curl_progress(void *file, double dltotal, double dlnow, static int curl_gethost(const char *url, char *buffer) { size_t hostlen; - char *p; + char *p, *q; if(strncmp(url, "file://", 7) == 0) { strcpy(buffer, _("disk")); @@ -134,6 +134,14 @@ static int curl_gethost(const char *url, char *buffer) } p += 2; /* jump over the found // */ hostlen = strcspn(p, "/"); + + /* there might be a user:pass@ on the URL. hide it. */ + q = memrchr(p, '@', hostlen); + if(q) { + hostlen -= q - p + 1; + p = q + 1; + } + if(hostlen > 255) { /* buffer overflow imminent */ return 1; |