summaryrefslogtreecommitdiffstats
path: root/lib/libalpm/dload.c
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2011-10-14 15:16:18 +0200
committerDan McGee <dan@archlinux.org>2011-10-14 15:16:18 +0200
commita33424f87955c43652a61fcef5817df07e17bee3 (patch)
tree2688165e953384b89d472dc887c876bd88306223 /lib/libalpm/dload.c
parentdbd54c0cb95c5d9c914e5d99b23556d2528ee9b9 (diff)
parent020bdb4298cd1bc53df7ca4d911cda7aaa65329c (diff)
downloadpacman-a33424f87955c43652a61fcef5817df07e17bee3.tar.gz
pacman-a33424f87955c43652a61fcef5817df07e17bee3.tar.xz
Merge branch 'maint'
Diffstat (limited to 'lib/libalpm/dload.c')
-rw-r--r--lib/libalpm/dload.c24
1 files changed, 14 insertions, 10 deletions
diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
index 83060f97..cd2857c3 100644
--- a/lib/libalpm/dload.c
+++ b/lib/libalpm/dload.c
@@ -127,13 +127,14 @@ static int curl_progress(void *file, double dltotal, double dlnow,
return 0;
}
-static int curl_gethost(const char *url, char *buffer)
+static int curl_gethost(const char *url, char *buffer, size_t buf_len)
{
size_t hostlen;
char *p, *q;
if(strncmp(url, "file://", 7) == 0) {
- strcpy(buffer, _("disk"));
+ p = _("disk");
+ hostlen = strlen(p);
} else {
p = strstr(url, "//");
if(!p) {
@@ -154,13 +155,14 @@ static int curl_gethost(const char *url, char *buffer)
hostlen -= q - p + 1;
p = q + 1;
}
+ }
- if(hostlen > 255) {
- /* buffer overflow imminent */
- return 1;
- }
- snprintf(buffer, hostlen + 1, "%s", p);
+ if(hostlen > buf_len - 1) {
+ /* buffer overflow imminent */
+ return 1;
}
+ memcpy(buffer, p, hostlen);
+ buffer[hostlen] = '\0';
return 0;
}
@@ -310,14 +312,16 @@ static FILE *create_tempfile(struct dload_payload *payload, const char *localpat
return fp;
}
+/* RFC1123 states applications should support this length */
+#define HOSTNAME_SIZE 256
+
static int curl_download_internal(struct dload_payload *payload,
const char *localpath, char **final_file)
{
int ret = -1;
FILE *localf = NULL;
char *effective_url;
- /* RFC1123 states applications should support this length */
- char hostname[256];
+ char hostname[HOSTNAME_SIZE];
char error_buffer[CURL_ERROR_SIZE] = {0};
struct stat st;
long timecond, respcode = 0, remote_time = -1;
@@ -332,7 +336,7 @@ static int curl_download_internal(struct dload_payload *payload,
if(!payload->remote_name) {
payload->remote_name = strdup(get_filename(payload->fileurl));
}
- if(!payload->remote_name || curl_gethost(payload->fileurl, hostname) != 0) {
+ if(!payload->remote_name || curl_gethost(payload->fileurl, hostname, sizeof(hostname)) != 0) {
_alpm_log(handle, ALPM_LOG_ERROR, _("url '%s' is invalid\n"), payload->fileurl);
RET_ERR(handle, ALPM_ERR_SERVER_BAD_URL, -1);
}