summaryrefslogtreecommitdiff
path: root/lib/libalpm/dload.c
AgeCommit message (Collapse)Author
2011-09-06dload: use intmax_t when printing off_tDan McGee
This works for both 32-bit and 64-bit platforms. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-06dload: abstract dload_interrupted reasonsDave Reisner
This gives us some amount of room to grow in case we ever find another reason that we might return with an error from the progress callback. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-06dload: improve debug outputDave Reisner
We lost some of this output in the fetch->curl conversion, but I also noticed in FS#25852 that we just lack some of this useful information along the way. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-08-28Fix possible mismatched type with several curl argumentsDan McGee
After commit 2e7d0023150664, we use off_t rather than long variables. Use the _LARGE variants of the methods to indicate we are passing off_t sized variables, and cast using (curl_off_t) accordingly. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-25Finish large file download attack preventionDan McGee
This handles the no Content-Length header problem as stated in the comments of FS#23413. We add a quick check to the callback that will force an abort if the downloaded data exceeds the payload size, and then check for this error in the post-download cleanup code. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-25Use off_t rather than double where possibleDan McGee
Beautiful of libcurl to use floating point types for what are never fractional values. We can do better, and we usually want these values in their integer form anyway. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-22dload: prevent need to copy struct in mask_signal()Dan McGee
Since we store this directly in the download function, just rework mask_signal() to take a pointer to a location to store the original. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-22dload: extract tempfile creation to its own functionDave Reisner
Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-22dload: move (un)masking of signals to separate functionsDave Reisner
Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-22dload: move curl option setting to static functionDave Reisner
Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-22dload: add open_mode to payload structDave Reisner
This is a precursor to a following patch which will move the setting of options to a separate function. With the open mode as part of the struct, we can avoid modifying stack allocated variables. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-22dload: rename cd_filename to content_disp_nameDave Reisner
This is more in line with the menagerie of file name members that we now have on the payload struct. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-22dload: move tempfile and destfile to payload structDave Reisner
These are private to the download operation already, so glob them onto the struct. This is an ugly rename patch, with the only logical change being that destfile and tempfile are now freed by the payload_free function. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19dload: remove unused macroDave Reisner
This was a vestige leftover from the libfetch days of yore. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19dload: delete zero length downloads on curl errorDave Reisner
In the case of a non-operation (e.g. DNS resolver error), delete the leftover 0 byte .part file. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19dload: rename payload->filename to payload->remote_nameDave Reisner
This is a far more accurate description of what this is, since it's more than likely not really a filename at all, but the name after a final slash on a URL. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19dload: remove code duplicationDave Reisner
Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19lib/dload: unlink on response code >=400Dave Reisner
ftp and http both define >=400 as being "something bad happened" Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19dload: add 'unlink_on_fail' to payload structDave Reisner
Let callers of _alpm_download state whether we should delete on fail, rather than inferring it from context. We still override this decision and always unlink when a temp file is used. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19lib/dload: prevent possible NULL dereferenceDave Reisner
Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-18lib/libalpm/dload.c: Use STRDUP() instead of strdup()Lukas Fleischer
Use the STRDUP macro instead of strdup() for the sake of better error handling on memory allocation failures. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-18lib/libalpm/dload.c: Add ASSERT() to alpm_fetch_pkgurl()Lukas Fleischer
Return with ALPM_ERR_WRONG_ARGS instead of causing a potential segfault if alpm_fetch_pkgurl() is invoked with a NULL URL. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-17lib/dload: refactor deletion on failureDave Reisner
This moves all the delete-on-fail logic to under cleanup label. This also implies should_unlink when a payload is received that doesn't allow resuming. Fixes .db.sig.part files leftover in the sync dir. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-17lib/dload: avoid renaming download to 0 length destfileDave Reisner
This leverages earlier work that avoids a rename when destfile is unset. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-17Avoid stat() on NULL path in curl_download_internal()Lukas Fleischer
stat()'s behaviour is undefined if the first argument is NULL and might be prone to segfault. Add an additional check to skip the stat() invocation if no destfile is used. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-17Skip rename() on NULL destfile in curl_download_internal()Lukas Fleischer
Avoid a potential segfault that may occur if we use a temporary file and fail to build the destination file name from the effective URL. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-16dload: zero out pm_errno in curl_download_internalDave Reisner
This reverts some hacky behavior from 5fc3ec and resets the handle's pm_errno where it should be reset -- prior to each download. This prevents a transaction with a download from being aborted when a package is successfully grabbed from a secondary server. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-15lib/dload: avoid deleting .part file on too-slow xferDave Reisner
Take this opportunity to refactor the if/then/else logic into a switch/case which is likely going to be needed to fine tune more exceptions in the future. Fixes FS#25531 Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-11stop progress callbacks after curl_easy_perform returnsDave Reisner
This prevents possible null dereferences in FTP transfers when the progress callback is touched during connection teardown. http://curl.haxx.se/mail/lib-2011-08/0128.html Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-11dload: remove unnecessary cast in alpm_load_payload_freeDave Reisner
Dan: make it compile, s/load/payload/. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-09Fix compile error when curl is not usedDan McGee
Noticed in my PowerPC Linux VM: cc1: warnings being treated as errors dload.c:45: error: 'get_filename' defined but not used make[3]: *** [dload.lo] Error 1 Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-08Check return value of rename() callsDan McGee
We did a good job checking this in add.c, but not necessarily anywhere else. Fix this up by adding checks into dload.c, remove.c, and conf.c in the frontend. Also add loggers where appropriate and make the message syntax more consistent. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-05absorb fileinfo struct into dload_payloadDave Reisner
This transitional struct becomes delicious noms for dload_payload. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-07-05absorb some _alpm_download params into payload structDave Reisner
Restore some sanity to the number of arguments passed to _alpm_download and curl_download_internal. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-07-05lib/dload: prevent large file attacksDave Reisner
This means creating a new struct which can pass more descriptive data from the back end sync functions to the downloader. In particular, we're interested in the download size read from the sync DB. When the remote server reports a size larger than this (via a content-length header), abort the transfer. In cases where the size is unknown, we set a hard upper limit of: * 25MiB for a sync DB * 16KiB for a signature For reference, 25MiB is more than twice the size of all of the current binary repos (with files) combined, and 16KiB is a truly gargantuan signature. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-07-05dload: handle irregular URLsDave Reisner
URLs might end with a slash and follow redirects, or could be a generated by a script such as /getpkg.php?id=12345. In both cases, we may have a better filename that we can write to, taken from either content-disposition header, or the effective URL. Specific to the first case, we write to a temporary file of the format 'alpmtmp.XXXXXX', where XXXXXX is randomized by mkstemp(3). Since this is a randomly generated file, we cannot support resuming and the file is unlinked in the event of an interrupt. We also run into the possibility of changing out the filename from under alpm on a -U operation, so callers of _alpm_download can optionally pass a pointer to a *char to be filled in by curl_download_internal with the actual filename we wrote to. Any sync operation will pass a NULL pointer here, as we rely on specific names for packages from a mirror. Fixes FS#22645. Signed-off-by: Dave Reisner <d@falconindy.com>
2011-07-05dload: rearrange code to avoid extra cpp blockDave Reisner
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-07-05signing: move to new signing verification and return schemeDan McGee
This gives us more granularity than the former Never/Optional/Always trifecta. The frontend still uses these values temporarily but that will be changed in a future patch. * Use 'siglevel' consistenly in method names, 'level' as variable name * The level becomes an enum bitmask value for flexibility * Signature check methods now return a array of status codes rather than a simple integer success/failure value. This allows callers to determine whether things such as an unknown signature are valid. * Specific signature error codes mostly disappear in favor of the above returned status code; pm_errno is now set only to PKG_INVALID_SIG or DB_INVALID_SIG as appropriate. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-03Merge remote-tracking branch 'allan/ALPM'Dan McGee
Conflicts: lib/libalpm/be_local.c lib/libalpm/be_package.c lib/libalpm/conflict.c lib/libalpm/diskspace.c lib/libalpm/dload.c lib/libalpm/remove.c
2011-07-03Fix debug logger without a newlineDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-02Prefix _alpm_errno_t members with ALPMAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-02Prefix alpm_loglevel_t members with ALPMAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-30Fix a few warnings pointed out via clang scan-buildDan McGee
Some of these are legit (the backup hash NULL checks), while others are either extemely unlikely or just impossible for the static code analysis to prove, but are worth adding anyway because they have little overhead. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-28Rename pmhandle_t to alpm_handle_tAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-27Fix several -Wshadow warningsDan McGee
Only one of these looked like a real red flag, in find_requiredby(), but it doesn't hurt to fix several of them up anyway. Unfortunately, we can't turn this on universally due to things like the sync(), remove(), etc. builtins which we often use as variable names. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-20Documented _alpm_download()Kerrick Staley
Documented the _alpm_download() function in dload.c Signed-off-by: Kerrick Staley <mail@kerrickstaley.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-14Ensure handle is valid and pm_errno is reset when calling into APIDan McGee
We didn't do due diligence before and ensure prior pm_errno values weren't influencing what happened in further ALPM calls. I observed one case of early setup code setting pm_errno to PM_ERR_WRONG_ARGS and that flag persisting the entire time we were calling library code. Add a new CHECK_HANDLE() macro that does two things: 1) ensures the handle variable passed to it is non-NULL and 2) clears any existing pm_errno flag set on the handle. This macro can replace many places we used the ASSERT(handle != NULL, ...) pattern before. Several other other places only need a simple 'set to zero' of the pm_errno field. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-13Switch all logging to use handle directlyDan McGee
This is the last user of our global handle object. Once again the diff is large but the functional changes are not. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-13Move pm_errno onto the handleDan McGee
This involves some serious changes and a very messy diff, unfortunately. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-09Require handle argument to all alpm_option_(get|set)_*() methodsDan McGee
This requires a lot of line changes, but not many functional changes as more often than not our handle variable is already available in some fashion. Signed-off-by: Dan McGee <dan@archlinux.org>