diff mbox series

[OB] debuginfod-client.c: Avoid sscanf on mixed-case component of string

Message ID 20230330182721.2186866-1-amerey@redhat.com
State Committed
Headers
Series [OB] debuginfod-client.c: Avoid sscanf on mixed-case component of string |

Commit Message

Aaron Merey March 30, 2023, 6:27 p.m. UTC 
  Committing as obvious.

sscanf is used to get the value of x-debuginfod-size from the http
headers.  The format string used assumes that the header field name
is entirely lower case.  However mixed-case field names are possible,
resulting in the value not being read.

Fix this by removing "x-debuginfod-size" from the format string.

Signed-off-by: Aaron Merey <amerey@redhat.com>
---
 debuginfod/ChangeLog           | 5 +++++
 debuginfod/debuginfod-client.c | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/debuginfod/ChangeLog b/debuginfod/ChangeLog
index 44dc3a15..c8de6ca0 100644
--- a/debuginfod/ChangeLog
+++ b/debuginfod/ChangeLog
@@ -1,3 +1,8 @@ 
+2023-03-30  Aaron Merey  <amerey@redhat.com>
+
+	* debuginfod-client.c (debuginfod_query_server): Avoid sscanf on
+	mixed-case component of string.
+
 2023-03-29  Jan Alexander Steffens (heftig) <heftig@archlinux.org>
 
 	* debuginfod-client.c (debuginfod_query_server): s/futimes/futimens/
diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
index 4b6f93a7..5dfc8e62 100644
--- a/debuginfod/debuginfod-client.c
+++ b/debuginfod/debuginfod-client.c
@@ -1495,9 +1495,9 @@  debuginfod_query_server (debuginfod_client *c,
             {
               long xdl;
               char *hdr = strcasestr(c->winning_headers, "x-debuginfod-size");
+              size_t off = strlen("x-debuginfod-size:");
 
-              if (hdr != NULL
-                  && sscanf(hdr, "x-debuginfod-size: %ld", &xdl) == 1)
+              if (hdr != NULL && sscanf(hdr + off, "%ld", &xdl) == 1)
                 dl_size = xdl;
             }
         }