Committing as obvious.
sscanf is used to get the value of x-debuginfod-size from the http
headers. The format string used assumes that the header field name
is entirely lower case. However mixed-case field names are possible,
resulting in the value not being read.
Fix this by removing "x-debuginfod-size" from the format string.
Signed-off-by: Aaron Merey <ame...@redhat.com>
---
debuginfod/ChangeLog | 5 +++++
debuginfod/debuginfod-client.c | 4 ++--
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/debuginfod/ChangeLog b/debuginfod/ChangeLog
index 44dc3a15..c8de6ca0 100644
--- a/debuginfod/ChangeLog
+++ b/debuginfod/ChangeLog
@@ -1,3 +1,8 @@
+2023-03-30 Aaron Merey <ame...@redhat.com>
+
+ * debuginfod-client.c (debuginfod_query_server): Avoid sscanf on
+ mixed-case component of string.
+
2023-03-29 Jan Alexander Steffens (heftig) <hef...@archlinux.org>
* debuginfod-client.c (debuginfod_query_server): s/futimes/futimens/
diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
index 4b6f93a7..5dfc8e62 100644
--- a/debuginfod/debuginfod-client.c
+++ b/debuginfod/debuginfod-client.c
@@ -1495,9 +1495,9 @@ debuginfod_query_server (debuginfod_client *c,
{
long xdl;
char *hdr = strcasestr(c->winning_headers, "x-debuginfod-size");
+ size_t off = strlen("x-debuginfod-size:");
- if (hdr != NULL
- && sscanf(hdr, "x-debuginfod-size: %ld", &xdl) == 1)
+ if (hdr != NULL && sscanf(hdr + off, "%ld", &xdl) == 1)
dl_size = xdl;
}
}
--
2.39.2
