From 38ef2cc6dff14f37050ea40ae62e4aea9863c805 Mon Sep 17 00:00:00 2001
From: Joseph Hunkeler <jhunkeler@gmail.com>
Date: Mon, 27 Jan 2020 16:31:12 -0500
Subject: Bug fixes:

* Fix buffer overflow issue with SHA256 buffer
* Add missing origin to manifest
* Fix missing manifest download
---
 include/spm.h | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'include')

diff --git a/include/spm.h b/include/spm.h
index 562a2f9..53a09c1 100644
--- a/include/spm.h
+++ b/include/spm.h
@@ -104,6 +104,8 @@
 #define SPM_MIRROR_MAX 0xff
 #define SPM_MIRROR_FILENAME "mirrorlist"
 
+#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2) + 1
+
 typedef struct {
     char **requirements;
     size_t requirements_records;
@@ -112,13 +114,14 @@ typedef struct {
     char name[PACKAGE_MEMBER_SIZE];
     char version[PACKAGE_MEMBER_SIZE];
     char revision[PACKAGE_MEMBER_SIZE];
-    char checksum_sha256[SHA256_DIGEST_LENGTH + 1];
-    char origin[PACKAGE_MEMBER_ORIGIN_SIZE + 1];
+    char checksum_sha256[SHA256_DIGEST_STRING_LENGTH];
+    char origin[PACKAGE_MEMBER_ORIGIN_SIZE];
 } ManifestPackage;
 
 typedef struct {
     size_t records;
     ManifestPackage **packages;
+    char origin[PACKAGE_MEMBER_ORIGIN_SIZE];
 } Manifest;
 
 typedef struct {
-- 
cgit