packagesuppliers/filesystem.d: Fix out of bounds on invalid pkg names

If a user ran `dub fetch foo-1.1.1` instead of `dub fetch [email protected]` over a filesystem package supplier, assuming that the archive exists, the code that slices the filename tries to create an invalid slice as it assumes that the filename will contain at least the package name, a one character version separator, and the archive suffix which wouldn't be the case with a package name like `foo-1.1.1` and an archive name of `foo-1.1.1.zip`. The fix is to require one more character in the glob to account for the version separator. Signed-off-by: Andrei Horodniceanu <[email protected]>
Geod24 · Sep 23, 2024 · d78df16 · d78df16
1 parent 87b5bee
commit d78df16
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/source/dub/packagesuppliers/filesystem.d b/source/dub/packagesuppliers/filesystem.d
@@ -28,7 +28,7 @@ class FileSystemPackageSupplier : PackageSupplier {
 		import std.conv : to;
 		import dub.semver : isValidVersion;
 		Version[] ret;
-        const zipFileGlob = name.main.toString() ~ "*.zip";
+        const zipFileGlob = name.main.toString() ~ "?*.zip";
 		foreach (DirEntry d; dirEntries(m_path.toNativeString(), zipFileGlob, SpanMode.shallow)) {
 			NativePath p = NativePath(d.name);
 			auto vers = p.head.name[name.main.toString().length+1..$-4];