From d1eda1195e6453a196327b46d54c974e6d1ddc5d Mon Sep 17 00:00:00 2001
From: Paul Cristian Sarbu <paul.cristian.sarbu@huawei.com>
Date: Fri, 13 Jan 2023 11:28:39 +0100
Subject: CurlEasyHandle: Fix empty fetches due to unfollowed URLs

For libcurl we need to set the CURL_FOLLOWLOCATION flag (disbaled by
default) to enable 3xx redirects. Libcurl has sane defaults for
related settings in order to handle redirects when enabled, though
for fetches there should be limited risks, as content (and SHA hashes,
if provided) is checked to ensure the intended archives are fetched.
---
 src/utils/cpp/curl_easy_handle.cpp | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'src/utils/cpp/curl_easy_handle.cpp')

diff --git a/src/utils/cpp/curl_easy_handle.cpp b/src/utils/cpp/curl_easy_handle.cpp
index c823890d..7fac31fc 100644
--- a/src/utils/cpp/curl_easy_handle.cpp
+++ b/src/utils/cpp/curl_easy_handle.cpp
@@ -75,8 +75,9 @@ auto CurlEasyHandle::EasyWriteToString(gsl::owner<char*> data,
 #ifdef BOOTSTRAP_BUILD_TOOL
     return 0;
 #else
-    (static_cast<std::string*>(userptr))->append(data, size * nmemb);
-    return static_cast<std::streamsize>(size * nmemb);
+    size_t actual_size = size * nmemb;
+    (static_cast<std::string*>(userptr))->append(data, actual_size);
+    return static_cast<std::streamsize>(actual_size);
 #endif  // BOOTSTRAP_BUILD_TOOL
 }
 
@@ -91,6 +92,10 @@ auto CurlEasyHandle::DownloadToFile(
         // NOLINTNEXTLINE(cppcoreguidelines-pro-type-vararg, hicpp-vararg)
         curl_easy_setopt(handle_.get(), CURLOPT_URL, url.c_str());
 
+        // ensure redirects are allowed, otherwise it might simply read empty
+        // NOLINTNEXTLINE(cppcoreguidelines-pro-type-vararg, hicpp-vararg)
+        curl_easy_setopt(handle_.get(), CURLOPT_FOLLOWLOCATION, 1);
+
         // set callback for writing to file
         std::ofstream file(file_path.c_str(), std::ios::binary);
 
@@ -135,6 +140,10 @@ auto CurlEasyHandle::DownloadToString(std::string const& url) noexcept
         // NOLINTNEXTLINE(cppcoreguidelines-pro-type-vararg, hicpp-vararg)
         curl_easy_setopt(handle_.get(), CURLOPT_URL, url.c_str());
 
+        // ensure redirects are allowed, otherwise it might simply read empty
+        // NOLINTNEXTLINE(cppcoreguidelines-pro-type-vararg, hicpp-vararg)
+        curl_easy_setopt(handle_.get(), CURLOPT_FOLLOWLOCATION, 1);
+
         // set callback for writing to string
         std::string content{};
 
-- 
cgit v1.2.3