summaryrefslogtreecommitdiff
path: root/lib/libalpm/dload.c
Commit message (Collapse)AuthorAge
* Fix issues with unintialized variable value usageDan McGee2012-04-09
| | | | | | | | | | | | Detected by clang scan-build static code analyzer. * Don't attempt to free an uninitialized gpgme key variable * Initialize answer variable before asking frontend a question * Pass by reference instead of value if uninitialized fields are possible in download signal handler code * Ensure we never call strlen() on NULL payload->remote_name value Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: reset payload filename members before downloadDave Reisner2012-03-14
| | | | | | | | | To avoid conflicts on reusing a payload after a failed download, ensure that we reset the filename hints in the payload struct prior to the download operation. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* Update SIGPIPE signal handler commentDan McGee2012-02-14
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* lib/dload: give uniform naming to curl CB functionsDave Reisner2012-01-23
| | | | | Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* lib/dload: enforce usage of TCP keepalivesDave Reisner2012-01-23
| | | | | | | | | This is particularly important in the case of FTP control connections, which may be closed by rogue NAT/firewall devices detecting idle connections on larger transfers which may take 5-10+ minutes. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* Update copyright on changed files since beginning of yearDan McGee2012-01-18
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* fetch_url: look for files in cache before downloadingDave Reisner2012-01-18
| | | | | | | | | | We lost this logic somewhere between the libfetch and libcurl transition, as it existed in the internal downloader, but was pulled back only into the sync workflow. Add a helper function that will let us check for existance in the filecache prior to calling the downloader. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* Enforce signature download size limit on -U <url> operationsDan McGee2011-12-05
| | | | | | | | We had a 16 KiB limit on database signatures, we should do the same here too to have a slight sanity check, even if we can't do so for the package itself yet. Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: remove redundant conditionalDave Reisner2011-10-27
| | | | | | | Replacing the strdup when after the first NULL check assures that we get continue with payload->remote_name defined. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
* dload: chmod tempfiles to respect umaskDave Reisner2011-10-27
| | | | | | | Dan: fix mask calculation, add it to the success/fail block instead. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* Add more logging to download codeDan McGee2011-10-24
| | | | | | | | | This adds a logger to the CURLE_OK case so we can always know the return code if it was >= 400, and debug log it regardless. Also adjust another logger to use the cURL error message directly, as well as use fstat() when we have an open file handle rather than stat(). Signed-off-by: Dan McGee <dan@archlinux.org>
* curl_gethost() potential bug fixupsDan McGee2011-10-13
| | | | | | | | | | | | | | This is in the realm of "probably not going to happen", but if someone were to translate "disk" to a string longer than 256 characters, we would have a smashed/corrupted stack due to our unchecked strcpy() call. Rework the function to always length-check the value we copy into the hostname buffer, and do it with memcpy rather than the more cumbersome and unnecessary snprintf. Finally, move the magic 256 value into a constant and pass it into the function which is going to get inlined anyway. Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: unhook error buffer after transfer finishesDave Reisner2011-10-10
| | | | | | | | | | | | | | Similar to what we did in edd9ed6a, disconnect the relationship with our stack allocated error buffer from the curl handle. Just as an FTP connection might have some network chatter on teardown causing the progress callback to be triggered, we might also hit an error condition that causes curl to write to our (now out of scope) error buffer. I'm unable to reproduce FS#26327, but I have a suspicion that this should fix it. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* move prevprogress onto payload handleDave Reisner2011-09-29
| | | | | | | | | | | This is a poor place for it, and it will likely move again in the future, but it's better to have it here than as a static variable. Initialization of this variable is now no longer necessary as its zeroed on creation of the payload struct. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* Refactor download payload reset and freeDan McGee2011-09-28
| | | | | | | | | | | | | | | This was done to squash a memory leak in the sync database download code. When we downloaded a database and then reused the payload struct, we could find ourselves calling get_fullpath() for the signatures and overwriting non-freed values we had left over from the database download. Refactor the payload_free function into a payload_reset function that we can call that does NOT free the payload itself, so we can reuse payload structs. This also allows us to move the payload to the stack in some call paths, relieving us of the need to alloc space. Signed-off-by: Dan McGee <dan@archlinux.org>
* Initialize cURL library on first useDan McGee2011-09-28
| | | | | | | | | Rather than always initializing it on any handle creation. There are several frontend operations (search, info, etc.) that never need the download code, so spending time initializing this every single time is a bit silly. This makes it a bit more like the GPGME code init path. Signed-off-by: Dan McGee <dan@archlinux.org>
* Fix memory leak in download payload->remote_nameDan McGee2011-09-28
| | | | | | | | | | | | | In the sync code, we explicitly allocated a string for this field, while in the dload code itself it was filled in with a pointer to another string. This led to a memory leak in the sync download case. Make remote_name non-const and always explicitly allocate it. This patch ensures this as well as uses malloc + snprintf (rather than calloc) in several codepaths, and eliminates the only use of PATH_MAX in the download code. Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: avoid using memrchrDave Reisner2011-09-18
| | | | | | | | This function doesn't exist on OSX. Since there aren't any other candidates in alpm for which this function would make sense to use, simply replace the function call with a loop that does the equivalent. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
* dload: remove user:pass@ definition from hostnameDave Reisner2011-09-18
| | | | Signed-off-by: Dave Reisner <dreisner@archlinux.org>
* dload: provide optional netrc supportDave Reisner2011-09-11
| | | | | | | | | if ~/.netrc exists and has credentials for the hostname requested in a download, they will be provided in an http auth request. This can still be overridden by explcitly declaring user:pass in the URL. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: use intmax_t when printing off_tDan McGee2011-09-06
| | | | | | This works for both 32-bit and 64-bit platforms. Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: abstract dload_interrupted reasonsDave Reisner2011-09-06
| | | | | | | This gives us some amount of room to grow in case we ever find another reason that we might return with an error from the progress callback. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
* dload: improve debug outputDave Reisner2011-09-06
| | | | | | | | We lost some of this output in the fetch->curl conversion, but I also noticed in FS#25852 that we just lack some of this useful information along the way. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
* Fix possible mismatched type with several curl argumentsDan McGee2011-08-28
| | | | | | | | After commit 2e7d0023150664, we use off_t rather than long variables. Use the _LARGE variants of the methods to indicate we are passing off_t sized variables, and cast using (curl_off_t) accordingly. Signed-off-by: Dan McGee <dan@archlinux.org>
* Finish large file download attack preventionDan McGee2011-08-25
| | | | | | | | | This handles the no Content-Length header problem as stated in the comments of FS#23413. We add a quick check to the callback that will force an abort if the downloaded data exceeds the payload size, and then check for this error in the post-download cleanup code. Signed-off-by: Dan McGee <dan@archlinux.org>
* Use off_t rather than double where possibleDan McGee2011-08-25
| | | | | | | | Beautiful of libcurl to use floating point types for what are never fractional values. We can do better, and we usually want these values in their integer form anyway. Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: prevent need to copy struct in mask_signal()Dan McGee2011-08-22
| | | | | | | Since we store this directly in the download function, just rework mask_signal() to take a pointer to a location to store the original. Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: extract tempfile creation to its own functionDave Reisner2011-08-22
| | | | | Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: move (un)masking of signals to separate functionsDave Reisner2011-08-22
| | | | | Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: move curl option setting to static functionDave Reisner2011-08-22
| | | | | Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: add open_mode to payload structDave Reisner2011-08-22
| | | | | | | | | This is a precursor to a following patch which will move the setting of options to a separate function. With the open mode as part of the struct, we can avoid modifying stack allocated variables. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: rename cd_filename to content_disp_nameDave Reisner2011-08-22
| | | | | | | | This is more in line with the menagerie of file name members that we now have on the payload struct. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: move tempfile and destfile to payload structDave Reisner2011-08-22
| | | | | | | | | | These are private to the download operation already, so glob them onto the struct. This is an ugly rename patch, with the only logical change being that destfile and tempfile are now freed by the payload_free function. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: remove unused macroDave Reisner2011-08-19
| | | | | | | This was a vestige leftover from the libfetch days of yore. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: delete zero length downloads on curl errorDave Reisner2011-08-19
| | | | | | | | In the case of a non-operation (e.g. DNS resolver error), delete the leftover 0 byte .part file. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: rename payload->filename to payload->remote_nameDave Reisner2011-08-19
| | | | | | | | | This is a far more accurate description of what this is, since it's more than likely not really a filename at all, but the name after a final slash on a URL. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: remove code duplicationDave Reisner2011-08-19
| | | | | Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* lib/dload: unlink on response code >=400Dave Reisner2011-08-19
| | | | | | | ftp and http both define >=400 as being "something bad happened" Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: add 'unlink_on_fail' to payload structDave Reisner2011-08-19
| | | | | | | | | Let callers of _alpm_download state whether we should delete on fail, rather than inferring it from context. We still override this decision and always unlink when a temp file is used. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* lib/dload: prevent possible NULL dereferenceDave Reisner2011-08-19
| | | | | Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* lib/libalpm/dload.c: Use STRDUP() instead of strdup()Lukas Fleischer2011-08-18
| | | | | | | | Use the STRDUP macro instead of strdup() for the sake of better error handling on memory allocation failures. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: Dan McGee <dan@archlinux.org>
* lib/libalpm/dload.c: Add ASSERT() to alpm_fetch_pkgurl()Lukas Fleischer2011-08-18
| | | | | | | | Return with ALPM_ERR_WRONG_ARGS instead of causing a potential segfault if alpm_fetch_pkgurl() is invoked with a NULL URL. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: Dan McGee <dan@archlinux.org>
* lib/dload: refactor deletion on failureDave Reisner2011-08-17
| | | | | | | | | | | This moves all the delete-on-fail logic to under cleanup label. This also implies should_unlink when a payload is received that doesn't allow resuming. Fixes .db.sig.part files leftover in the sync dir. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* lib/dload: avoid renaming download to 0 length destfileDave Reisner2011-08-17
| | | | | | | This leverages earlier work that avoids a rename when destfile is unset. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* Avoid stat() on NULL path in curl_download_internal()Lukas Fleischer2011-08-17
| | | | | | | | | stat()'s behaviour is undefined if the first argument is NULL and might be prone to segfault. Add an additional check to skip the stat() invocation if no destfile is used. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: Dan McGee <dan@archlinux.org>
* Skip rename() on NULL destfile in curl_download_internal()Lukas Fleischer2011-08-17
| | | | | | | | Avoid a potential segfault that may occur if we use a temporary file and fail to build the destination file name from the effective URL. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: zero out pm_errno in curl_download_internalDave Reisner2011-08-16
| | | | | | | | | | This reverts some hacky behavior from 5fc3ec and resets the handle's pm_errno where it should be reset -- prior to each download. This prevents a transaction with a download from being aborted when a package is successfully grabbed from a secondary server. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* lib/dload: avoid deleting .part file on too-slow xferDave Reisner2011-08-15
| | | | | | | | | | | Take this opportunity to refactor the if/then/else logic into a switch/case which is likely going to be needed to fine tune more exceptions in the future. Fixes FS#25531 Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* stop progress callbacks after curl_easy_perform returnsDave Reisner2011-08-11
| | | | | | | | | | This prevents possible null dereferences in FTP transfers when the progress callback is touched during connection teardown. http://curl.haxx.se/mail/lib-2011-08/0128.html Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: remove unnecessary cast in alpm_load_payload_freeDave Reisner2011-08-11
| | | | | | | Dan: make it compile, s/load/payload/. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>