dload: never return NULL from get_filename

Downloads with a Content-Disposition header will typically not include slashes. When they do, we should most certainly only take the basename, but when they don't, we should treat the header value as the filename. Crash introduced in d197d8ab82 when we started using get_filename in order to rightfully avoid an arbitrary file overwrite vulnerability. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-06 20:06:43 -04:00 · 2019-10-06 20:06:43 -04:00 · 0c4a8ae24b
commit 0c4a8ae24b
parent 5dd2b3776d
1 changed files with 4 additions and 2 deletions
--- a/lib/libalpm/dload.c
+++ b/lib/libalpm/dload.c
@ -53,9 +53,11 @@ static const char *get_filename(const char *url)
 {
 	char *filename = strrchr(url, '/');
 	if(filename != NULL) {
-		filename++;
+		return filename + 1;
 	}
-	return filename;
+
+	/* no slash found, it's a filename */
+	return url;
 }

 static char *get_fullpath(const char *path, const char *filename,