diff options
author | Aaron Merey <amerey@redhat.com> | 2023-03-30 14:11:23 -0400 |
---|---|---|
committer | Aaron Merey <amerey@redhat.com> | 2023-03-30 14:11:23 -0400 |
commit | 75800e911b73804cb3354edcc1ba9de3adaefa4e (patch) | |
tree | 9da1fd95f014a0434b71e8feb81765c63598db27 | |
parent | 7b97c73bbd30ba9b51fb48e4e9b93ab064c9a7dd (diff) | |
download | elfutils-75800e911b73804cb3354edcc1ba9de3adaefa4e.tar.gz |
debuginfod-client.c: Avoid sscanf on mixed-case component of string
sscanf is used to get the value of x-debuginfod-size from the http
headers. The format string used assumes that the header field name
is entirely lower case. However mixed-case field names are possible,
resulting in the value not being read.
Fix this by removing "x-debuginfod-size" from the format string.
Signed-off-by: Aaron Merey <amerey@redhat.com>
-rw-r--r-- | debuginfod/ChangeLog | 5 | ||||
-rw-r--r-- | debuginfod/debuginfod-client.c | 4 |
2 files changed, 7 insertions, 2 deletions
diff --git a/debuginfod/ChangeLog b/debuginfod/ChangeLog index 44dc3a15..c8de6ca0 100644 --- a/debuginfod/ChangeLog +++ b/debuginfod/ChangeLog @@ -1,3 +1,8 @@ +2023-03-30 Aaron Merey <amerey@redhat.com> + + * debuginfod-client.c (debuginfod_query_server): Avoid sscanf on + mixed-case component of string. + 2023-03-29 Jan Alexander Steffens (heftig) <heftig@archlinux.org> * debuginfod-client.c (debuginfod_query_server): s/futimes/futimens/ diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c index 4b6f93a7..5dfc8e62 100644 --- a/debuginfod/debuginfod-client.c +++ b/debuginfod/debuginfod-client.c @@ -1495,9 +1495,9 @@ debuginfod_query_server (debuginfod_client *c, { long xdl; char *hdr = strcasestr(c->winning_headers, "x-debuginfod-size"); + size_t off = strlen("x-debuginfod-size:"); - if (hdr != NULL - && sscanf(hdr, "x-debuginfod-size: %ld", &xdl) == 1) + if (hdr != NULL && sscanf(hdr + off, "%ld", &xdl) == 1) dl_size = xdl; } } |