On 13.04.2015 21:33, David Macek wrote:
> diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c
> index 20130dc..f30698e 100644
> --- a/lib/libalpm/be_sync.c
> +++ b/lib/libalpm/be_sync.c
> @@ -241,20 +241,27 @@ int SYMEXPORT alpm_db_update(int force, alpm_db_t *db)
> unlink(sigpath);
> free(sigpath);
>
> - /* if we downloaded a DB, we want the .sig from the
> same server -
> - this information is only available from the internal
> downloader */
> - if(handle->fetchcb == NULL) {
> +
> + /* check if the final URL from internal downloader
> looks reasonable */
> + if(final_db_url != NULL) {
> + if(strlen(final_db_url) < 3 ||
> strcmp(final_db_url + strlen(final_db_url) - 3, ".db") != 0) {
> + final_db_url = NULL;
> + }
> + }
> +
> + /* if we downloaded a DB, we want the .sig from the
> same server */
> + if(final_db_url != NULL) {
> /* print final_db_url into a buffer (leave
> space for .sig) */
> len = strlen(final_db_url) + 5;
> } else {
> - /* print server + filename into a buffer (leave
> space for .sig) */
> + /* print server + filename into a buffer (leave
> space for .db.sig) */
> len = strlen(server) + strlen(db->treename) + 9;
Comment changed, but not the code? If you know where that + 9 comes from
it might be a good idea to replace it with strlen("whatever") which the
compile should optimize out later, but writing it this way makes the
whole thing a lot clearer.
I'll let someone else comment on the rest of the patch.
signature.asc
Description: OpenPGP digital signature
