From 75800e911b73804cb3354edcc1ba9de3adaefa4e Mon Sep 17 00:00:00 2001
From: Aaron Merey <amerey@redhat.com>
Date: Thu, 30 Mar 2023 14:11:23 -0400
Subject: debuginfod-client.c: Avoid sscanf on mixed-case component of string

sscanf is used to get the value of x-debuginfod-size from the http
headers.  The format string used assumes that the header field name
is entirely lower case.  However mixed-case field names are possible,
resulting in the value not being read.

Fix this by removing "x-debuginfod-size" from the format string.

Signed-off-by: Aaron Merey <amerey@redhat.com>
---
 debuginfod/ChangeLog           | 5 +++++
 debuginfod/debuginfod-client.c | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/debuginfod/ChangeLog b/debuginfod/ChangeLog
index 44dc3a15..c8de6ca0 100644
--- a/debuginfod/ChangeLog
+++ b/debuginfod/ChangeLog
@@ -1,3 +1,8 @@
+2023-03-30  Aaron Merey  <amerey@redhat.com>
+
+	* debuginfod-client.c (debuginfod_query_server): Avoid sscanf on
+	mixed-case component of string.
+
 2023-03-29  Jan Alexander Steffens (heftig) <heftig@archlinux.org>
 
 	* debuginfod-client.c (debuginfod_query_server): s/futimes/futimens/
diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
index 4b6f93a7..5dfc8e62 100644
--- a/debuginfod/debuginfod-client.c
+++ b/debuginfod/debuginfod-client.c
@@ -1495,9 +1495,9 @@ debuginfod_query_server (debuginfod_client *c,
             {
               long xdl;
               char *hdr = strcasestr(c->winning_headers, "x-debuginfod-size");
+              size_t off = strlen("x-debuginfod-size:");
 
-              if (hdr != NULL
-                  && sscanf(hdr, "x-debuginfod-size: %ld", &xdl) == 1)
+              if (hdr != NULL && sscanf(hdr + off, "%ld", &xdl) == 1)
                 dl_size = xdl;
             }
         }
-- 
cgit v1.2.1