On Mon, Oct 06, 2014 at 01:00:38PM +0200, Christian Hesse wrote: > From: Christian Hesse <[email protected]> > > If download server is dynamic mirror chances are that db file download > and db file signature download are redirected to different mirrors, > resulting in invalid signature. > This uses effective URL for db file signature download and makes the > files always match. > > Signed-off-by: Christian Hesse <[email protected]> > --- > lib/libalpm/be_sync.c | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) > > diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c > index b03d273..6572a8a 100644 > --- a/lib/libalpm/be_sync.c > +++ b/lib/libalpm/be_sync.c > @@ -209,6 +209,7 @@ int SYMEXPORT alpm_db_update(int force, alpm_db_t *db) > } > > for(i = db->servers; i; i = i->next) { > + char *final_db_url = NULL; > const char *server = i->data; > struct dload_payload payload; > size_t len; > @@ -228,7 +229,7 @@ int SYMEXPORT alpm_db_update(int force, alpm_db_t *db) > payload.force = force; > payload.unlink_on_fail = 1; > > - ret = _alpm_download(&payload, syncpath, NULL, NULL); > + ret = _alpm_download(&payload, syncpath, NULL, &final_db_url); > _alpm_dload_payload_reset(&payload); > > if(ret == 0 && (level & ALPM_SIG_DATABASE)) { > @@ -242,11 +243,11 @@ int SYMEXPORT alpm_db_update(int force, alpm_db_t *db) > free(sigpath); > > /* if we downloaded a DB, we want the .sig from the > same server */ > - /* print server + filename into a buffer (leave space > for .sig) */ > - len = strlen(server) + strlen(db->treename) + 9; > + /* print final_db_url into a buffer (leave space for > .sig) */ > + len = strlen(final_db_url) + 5; > /* TODO fix leak syncpath and umask unset */ > MALLOC(payload.fileurl, len, RET_ERR(handle, > ALPM_ERR_MEMORY, -1)); > - snprintf(payload.fileurl, len, "%s/%s.db.sig", server, > db->treename); > + snprintf(payload.fileurl, len, "%s.sig", final_db_url);
final_db_url leaks here. You need to free it. Patch looks fine, otherwise. > payload.handle = handle; > payload.force = 1; > payload.errors_ok = (level & > ALPM_SIG_DATABASE_OPTIONAL); > -- > 2.1.2
