don't use hardcoded checksum buffer sizes

src/apk_blob.h

@@ -36,12 +36,15 @@ extern apk_blob_t apk_null_blob;
 #define APK_CHECKSUM_MD5	16
 #define APK_CHECKSUM_SHA1	20
 #define APK_CHECKSUM_DEFAULT	APK_CHECKSUM_SHA1
+#define APK_CHECKSUM_MAX	APK_CHECKSUM_SHA1
 
-#define APK_BLOB_CHECKSUM_BUF	34
+/* Enough space for a hexdump of the longest checksum possible plus
+ * a two-character type prefix */
+#define APK_BLOB_CHECKSUM_BUF	(2 + (2 * APK_CHECKSUM_MAX))
 
-/* Internal cointainer for MD5 or SHA1 */
+/* Internal container for checksums */
 struct apk_checksum {
-	unsigned char data[20];
+	unsigned char data[APK_CHECKSUM_MAX];
 	unsigned char type;
 };
 

src/manifest.c

@@ -36,7 +36,7 @@ static void process_package(struct apk_database *db, struct apk_package *pkg)
 	struct apk_db_dir_instance *diri;
 	struct apk_db_file *file;
 	struct hlist_node *dc, *dn, *fc, *fn;
-	char csum_buf[(APK_CHECKSUM_SHA1 * 2) + 1];
+	char csum_buf[APK_BLOB_CHECKSUM_BUF];
 
 	if (ipkg == NULL)
 		return;
@@ -62,7 +62,7 @@ static int read_file_entry(void *ctx, const struct apk_file_info *ae,
                            struct apk_istream *is)
 {
 	struct manifest_file_ctx *mctx = ctx;
-	char csum_buf[(APK_CHECKSUM_SHA1 * 2) + 1];
+	char csum_buf[APK_BLOB_CHECKSUM_BUF];
 	apk_blob_t csum_blob = APK_BLOB_BUF(csum_buf);
 	int r;