+2020-03-29 Mark Wielaard <mark@klomp.org>
+
+ * debuginfod-client.c (debuginfod_add_http_header): Check header
+ contains precisely one colon that isn't the first or last char.
+
2020-03-29 Frank Ch. Eigler <fche@redhat.com>
* debuginfod-client.c (struct debuginfod_client): Add a flag field
/* Add an outgoing HTTP header. */
int debuginfod_add_http_header (debuginfod_client *client, const char* header)
{
+ /* Sanity check header value is of the form Header: Value.
+ It should contain exactly one colon that isn't the first or
+ last character. */
+ char *colon = strchr (header, ':');
+ if (colon == NULL
+ || colon == header
+ || *(colon + 1) == '\0'
+ || strchr (colon + 1, ':') != NULL)
+ return -EINVAL;
+
struct curl_slist *temp = curl_slist_append (client->headers, header);
if (temp == NULL)
return -ENOMEM;
+2020-03-29 Mark Wielaard <mark@klomp.org>
+
+ * debuginfod_find_debuginfo.3 (HTTP HEADER): Document the expected
+ header format and purpose.
+
2020-03-28 Frank Ch. Eigler <fche@redhat.com>
* debuginfod.8: Document valid --port=NUM range, excludes 0.
.BR \%"Header:\~value" .
These strings are copied by the library. A zero return value
indicates success, but out-of-memory conditions may result in
-a non-zero \fI-ENOMEM\fP.
+a non-zero \fI-ENOMEM\fP. If the string is in the wrong form
+\fI-EINVAL\fP will be returned.
+
+Note that the current debuginfod-client library implementation uses
+libcurl, but you shouldn't rely on that fact. Don't use this function
+for replacing any standard headers, except for the User-Agent mentioned
+below. The only supported usage of this function is for adding an
+optional header which might or might not be passed through to the
+server for logging purposes only.
By default, the library adds a descriptive \fIUser-Agent:\fP
header to outgoing requests. If the client application adds