moparisthebest/pacman
1
0
Fork 0
mirror of https://github.com/moparisthebest/pacman synced 2025-01-08 20:38:04 -05:00
Code Issues Releases Wiki Activity
6dc71926f9
pacman/lib/libalpm
History
Dave Reisner 6dc71926f9 lib/dload: prevent large file attacks 
This means creating a new struct which can pass more descriptive data
from the back end sync functions to the downloader. In particular, we're
interested in the download size read from the sync DB. When the remote
server reports a size larger than this (via a content-length header),
abort the transfer.

In cases where the size is unknown, we set a hard upper limit of:

* 25MiB for a sync DB
* 16KiB for a signature

For reference, 25MiB is more than twice the size of all of the current
binary repos (with files) combined, and 16KiB is a truly gargantuan
signature.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-07-05 22:58:55 -04:00
..
po po/: split into scripts/po/ and src/pacman/po/ 2011-06-23 22:50:01 -05:00
.gitignore Remove unnecessary entries from .gitignore files 2007-07-16 16:49:28 -04:00
add.c Prefix _alpm_errno_t members with ALPM 2011-07-02 02:01:39 +10:00
add.h Rename pmhandle_t to alpm_handle_t 2011-06-28 14:04:00 +10:00
alpm_list.c Simplify alpm_list_previous 2011-07-05 10:22:11 -05:00
alpm_list.h Simplify alpm_list_previous 2011-07-05 10:22:11 -05:00
alpm.c Prefix _alpm_errno_t members with ALPM 2011-07-02 02:01:39 +10:00
alpm.h Allow frontend access to signature verification information 2011-07-05 10:13:20 -05:00
backup.c Fix a few warnings pointed out via clang scan-build 2011-06-30 11:51:36 -05:00
backup.h Rename pmbackup_t to alpm_backup_t 2011-06-28 23:28:23 +10:00
base64.c Add base64 algorithms from PolarSSL to libalpm 2011-03-23 02:22:00 -05:00
base64.h Add base64 algorithms from PolarSSL to libalpm 2011-03-23 02:22:00 -05:00
be_local.c Merge remote-tracking branch 'allan/ALPM' 2011-07-03 14:44:57 -05:00
be_package.c signing: move to new signing verification and return scheme 2011-07-05 10:13:20 -05:00
be_sync.c lib/dload: prevent large file attacks 2011-07-05 22:58:55 -04:00
conflict.c Merge remote-tracking branch 'allan/ALPM' 2011-07-03 14:44:57 -05:00
conflict.h Move alpm filelists to a struct object 2011-07-03 14:29:30 -05:00
db.c signing: move to new signing verification and return scheme 2011-07-05 10:13:20 -05:00
db.h signing: move to new signing verification and return scheme 2011-07-05 10:13:20 -05:00
delta.c Prefix alpm_loglevel_t members with ALPM 2011-07-02 02:01:38 +10:00
delta.h Rename pmdelta_t to alpm_delta_t 2011-06-28 23:28:23 +10:00
deps.c Merge remote-tracking branch 'allan/ALPM' 2011-07-03 14:44:57 -05:00
deps.h Rename pmdepmissing_t to alpm_depmissing_t 2011-06-28 23:28:23 +10:00
diskspace.c Merge remote-tracking branch 'allan/ALPM' 2011-07-03 14:44:57 -05:00
diskspace.h Rename pmhandle_t to alpm_handle_t 2011-06-28 14:04:00 +10:00
dload.c lib/dload: prevent large file attacks 2011-07-05 22:58:55 -04:00
dload.h lib/dload: prevent large file attacks 2011-07-05 22:58:55 -04:00
error.c signing: move to new signing verification and return scheme 2011-07-05 10:13:20 -05:00
graph.c Rename pmgraph_t to alpm_graph_t 2011-06-28 23:28:24 +10:00
graph.h Rename pmgraph_t to alpm_graph_t 2011-06-28 23:28:24 +10:00
group.c Rename internal functions with grp in their name 2011-06-29 15:52:33 +10:00
group.h Rename internal functions with grp in their name 2011-06-29 15:52:33 +10:00
handle.c signing: move to new signing verification and return scheme 2011-07-05 10:13:20 -05:00
handle.h signing: move to new signing verification and return scheme 2011-07-05 10:13:20 -05:00
log.c Prefix _alpm_errno_t members with ALPM 2011-07-02 02:01:39 +10:00
log.h Rename pmloglevel_t to alpm_loglevel_t 2011-06-28 23:28:24 +10:00
Makefile.am lib/rawstr: borrow raw string functions from curl 2011-07-05 17:18:23 -04:00
md5.c libalpm md5: use larger and dynamic buffer 2010-09-02 10:33:21 -05:00
md5.h libalpm/md5: Fix license header 2008-06-03 21:31:31 -05:00
package.c Merge remote-tracking branch 'allan/ALPM' 2011-07-03 14:44:57 -05:00
package.h signing: move to new signing verification and return scheme 2011-07-05 10:13:20 -05:00
pkghash.c Rename pmpkghash_t to alpm_pkghash_t 2011-06-28 23:28:24 +10:00
pkghash.h Rename pmpkghash_t to alpm_pkghash_t 2011-06-28 23:28:24 +10:00
rawstr.c lib/rawstr: borrow raw string functions from curl 2011-07-05 17:18:23 -04:00
remove.c Simplify alpm_list_previous 2011-07-05 10:22:11 -05:00
remove.h Rename pmpkg_t to alpm_pkg_t 2011-06-28 23:26:39 +10:00
signing.c Allow frontend access to signature verification information 2011-07-05 10:13:20 -05:00
signing.h signing: move to new signing verification and return scheme 2011-07-05 10:13:20 -05:00
sync.c lib/dload: prevent large file attacks 2011-07-05 22:58:55 -04:00
sync.h Rename pmhandle_t to alpm_handle_t 2011-06-28 14:04:00 +10:00
trans.c Allow invalid sync DBs to be returned by the library 2011-07-05 10:13:20 -05:00
trans.h Rename pmtransstate_t to alpm_transstate_t 2011-06-28 23:28:24 +10:00
util.c Prefix _alpm_errno_t members with ALPM 2011-07-02 02:01:39 +10:00
util.h lib/rawstr: borrow raw string functions from curl 2011-07-05 17:18:23 -04:00
version.c Style change: return(x) --> return x 2011-03-20 19:49:45 -05:00