Enforce signature download size limit on -U <url> operations

We had a 16 KiB limit on database signatures, we should do the same here too to have a slight sanity check, even if we can't do so for the package itself yet. Signed-off-by: Dan McGee <dan@archlinux.org>
author: Dan McGee <dan@archlinux.org> 2011-12-05 17:06:12 +0100
committer: Dan McGee <dan@archlinux.org> 2011-12-05 17:07:05 +0100
commit: d85d0ddcfeab6212a588e50529744277f0ca48bb (patch)
tree: ed49ac876dbb08ddd55a43c244460b8f4158aa3b /lib/libalpm/dload.c
parent: 61ce2ca1bbf4f8042c77e50a37297003bdebd01d (diff)
download: pacman-d85d0ddcfeab6212a588e50529744277f0ca48bb.tar.gz
pacman-d85d0ddcfeab6212a588e50529744277f0ca48bb.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
index efd469d5..29285903 100644
--- a/lib/libalpm/dload.c
+++ b/lib/libalpm/dload.c
@@ -604,6 +604,9 @@ char SYMEXPORT *alpm_fetch_pkgurl(alpm_handle_t *handle, const char *url)
 		payload.force = 1;
 		payload.errors_ok = (handle->siglevel & ALPM_SIG_PACKAGE_OPTIONAL);
 
+		/* set hard upper limit of 16KiB */
+		payload.max_size = 16 * 1024;
+
 		ret = _alpm_download(&payload, cachedir, &sig_final_file);
 		if(ret == -1 && !payload.errors_ok) {
 			_alpm_log(handle, ALPM_LOG_WARNING,
author	Dan McGee <dan@archlinux.org>	2011-12-05 17:06:12 +0100
committer	Dan McGee <dan@archlinux.org>	2011-12-05 17:07:05 +0100
commit	d85d0ddcfeab6212a588e50529744277f0ca48bb (patch)
tree	ed49ac876dbb08ddd55a43c244460b8f4158aa3b /lib/libalpm/dload.c
parent	61ce2ca1bbf4f8042c77e50a37297003bdebd01d (diff)
download	pacman-d85d0ddcfeab6212a588e50529744277f0ca48bb.tar.gz pacman-d85d0ddcfeab6212a588e50529744277f0ca48bb.tar.xz