bryson/pacman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
pacman/lib/libalpm/dload.h
Dave Reisner 6dc71926f9 lib/dload: prevent large file attacks 
This means creating a new struct which can pass more descriptive data
from the back end sync functions to the downloader. In particular, we're
interested in the download size read from the sync DB. When the remote
server reports a size larger than this (via a content-length header),
abort the transfer.

In cases where the size is unknown, we set a hard upper limit of:

* 25MiB for a sync DB
* 16KiB for a signature

For reference, 25MiB is more than twice the size of all of the current
binary repos (with files) combined, and 16KiB is a truly gargantuan
signature.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-07-05 22:58:55 -04:00

50 lines
1.4 KiB
C
Raw Blame History

/*
* dload.h
*
* Copyright (c) 2006-2011 Pacman Development Team <pacman-dev@archlinux.org>
* Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _ALPM_DLOAD_H
#define _ALPM_DLOAD_H
#include "alpm_list.h"
#include "alpm.h"
#include <time.h>
/* internal structure for communicating with curl progress callback */
struct fileinfo {
alpm_handle_t *handle;
const char *filename;
char *cd_filename;
double initial_size;
};
struct dload_payload {
char *filename;
char *fileurl;
long max_size;
};
void _alpm_dload_payload_free(struct dload_payload *payload);
int _alpm_download(alpm_handle_t *handle, struct dload_payload *payload,
const char *localpath, char **final_file, int force, int allow_resume,
int errors_ok);
#endif /* _ALPM_DLOAD_H */
/* vim: set ts=2 sw=2 noet: */
Reference in a new issue View git blame Copy permalink