debuginfod-client.c: Avoid sscanf on mixed-case component of string

sscanf is used to get the value of x-debuginfod-size from the http
headers.  The format string used assumes that the header field name
is entirely lower case.  However mixed-case field names are possible,
resulting in the value not being read.

Fix this by removing "x-debuginfod-size" from the format string.

Signed-off-by: Aaron Merey <amerey@redhat.com>

diff --git a/debuginfod/ChangeLog b/debuginfod/ChangeLog
index 44dc3a1503f01c8b557a83ea9e3a1e235d617f7e..c8de6ca0d3ff592fc85b32afc99ff67dc7315eb8 100644 (file)
--- a/debuginfod/ChangeLog
+++ b/debuginfod/ChangeLog
@@ -1,3 +1,8 @@
+2023-03-30  Aaron Merey  <amerey@redhat.com>
+
+       * debuginfod-client.c (debuginfod_query_server): Avoid sscanf on
+       mixed-case component of string.
+
 2023-03-29  Jan Alexander Steffens (heftig) <heftig@archlinux.org>
 
        * debuginfod-client.c (debuginfod_query_server): s/futimes/futimens/

diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
index 4b6f93a79ff711dd63292f0d2580d7e37d21d283..5dfc8e628917f46a475a3ec2c8c1f552fd9c4b34 100644 (file)
--- a/debuginfod/debuginfod-client.c
+++ b/debuginfod/debuginfod-client.c
@@ -1495,9 +1495,9 @@ debuginfod_query_server (debuginfod_client *c,
             {
               long xdl;
               char *hdr = strcasestr(c->winning_headers, "x-debuginfod-size");
+              size_t off = strlen("x-debuginfod-size:");
 
-              if (hdr != NULL
-                  && sscanf(hdr, "x-debuginfod-size: %ld", &xdl) == 1)
+              if (hdr != NULL && sscanf(hdr + off, "%ld", &xdl) == 1)
                 dl_size = xdl;
             }
         }