From 0c4a8ae24b8395b0dd4f8046615336e394a8e3f8 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sun, 6 Oct 2019 20:06:43 -0400 Subject: dload: never return NULL from get_filename Downloads with a Content-Disposition header will typically not include slashes. When they do, we should most certainly only take the basename, but when they don't, we should treat the header value as the filename. Crash introduced in d197d8ab82cf when we started using get_filename in order to rightfully avoid an arbitrary file overwrite vulnerability. Signed-off-by: Allan McRae --- lib/libalpm/dload.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib/libalpm') diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c index e5696bb0..506dcb8e 100644 --- a/lib/libalpm/dload.c +++ b/lib/libalpm/dload.c @@ -53,9 +53,11 @@ static const char *get_filename(const char *url) { char *filename = strrchr(url, '/'); if(filename != NULL) { - filename++; + return filename + 1; } - return filename; + + /* no slash found, it's a filename */ + return url; } static char *get_fullpath(const char *path, const char *filename, -- cgit v1.2.3-70-g09d2