| commit | f7a3c4c8df95ad99e05dfd29c61d6877b13b09da | |
| author | Dan McGee <dan@archlinux.org> | |
| Thu, 25 Aug 2011 00:58:14 +0000 (24 19:58 -0500) | ||
| committer | Dan McGee <dan@archlinux.org> | |
| Thu, 25 Aug 2011 21:09:52 +0000 (25 16:09 -0500) | ||
| tree | 383d401a7ee8bd9d27f2a1d6a72c69c997986af6 | treesnapshot (tar.gz zip) |
| parent | 2e7d002315066400ccb1e62dacb3500fa3aa6015 | commitdiff |
Finish large file download attack prevention
This handles the no Content-Length header problem as stated in the
comments of FS#23413. We add a quick check to the callback that will
force an abort if the downloaded data exceeds the payload size, and then
check for this error in the post-download cleanup code.
Signed-off-by: Dan McGee <dan@archlinux.org>
This handles the no Content-Length header problem as stated in the
comments of FS#23413. We add a quick check to the callback that will
force an abort if the downloaded data exceeds the payload size, and then
check for this error in the post-download cleanup code.
Signed-off-by: Dan McGee <dan@archlinux.org>
| lib/libalpm/dload.c | diffblobblamehistory |