summaryrefslogtreecommitdiff
path: root/lib/libalpm
diff options
context:
space:
mode:
authorDavid Macek <david.macek.0@gmail.com>2015-04-17 17:31:01 +0200
committerAllan McRae <allan@archlinux.org>2015-05-12 14:00:55 +1000
commitd5536d3eb382fa8a00d5d5820c3d0c947fb90e33 (patch)
treedb2875a67e00fa733a58cdb46565d0fb64b3f73a /lib/libalpm
parentd568a4335bd372e490f28acd25f8b2bd1b560730 (diff)
downloadpacman-d5536d3eb382fa8a00d5d5820c3d0c947fb90e33.tar.xz
libalpm: Do a sanity check before manipulating final DB URL
The change in commit 9d96bed9d6b57 causes download errors for the .db.sig file in case the final URL for the .db file contains query strings or other unexpected stuff. This commit isn't intended to be a total solution, but it should eliminate the problem in the most obvious cases. Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'lib/libalpm')
-rw-r--r--lib/libalpm/be_sync.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c
index 45d47004..ea979e6d 100644
--- a/lib/libalpm/be_sync.c
+++ b/lib/libalpm/be_sync.c
@@ -241,9 +241,16 @@ int SYMEXPORT alpm_db_update(int force, alpm_db_t *db)
unlink(sigpath);
free(sigpath);
- /* if we downloaded a DB, we want the .sig from the same server -
- this information is only available from the internal downloader */
- if(handle->fetchcb == NULL) {
+
+ /* check if the final URL from internal downloader looks reasonable */
+ if(final_db_url != NULL) {
+ if(strlen(final_db_url) < 3 || strcmp(final_db_url + strlen(final_db_url) - 3, ".db") != 0) {
+ final_db_url = NULL;
+ }
+ }
+
+ /* if we downloaded a DB, we want the .sig from the same server */
+ if(final_db_url != NULL) {
/* print final_db_url into a buffer (leave space for .sig) */
len = strlen(final_db_url) + 5;
} else {
@@ -254,7 +261,7 @@ int SYMEXPORT alpm_db_update(int force, alpm_db_t *db)
/* TODO fix leak syncpath and umask unset */
MALLOC(payload.fileurl, len, RET_ERR(handle, ALPM_ERR_MEMORY, -1));
- if(handle->fetchcb == NULL) {
+ if(final_db_url != NULL) {
snprintf(payload.fileurl, len, "%s.sig", final_db_url);
} else {
snprintf(payload.fileurl, len, "%s/%s.db.sig", server, db->treename);