debuginfod-client: Don't leak id/version with duplicate os-release entries

Found by GCC14 -Wanalyzer-double-free.

If the os-release file would contain multiple ID or VERSION_ID entries
we would leak the originally parsed one. Fix by seeing whether id or
version is already set and ignore any future entries.

	* debuginfod/debuginfod-client.c (add_default_headers): Check
	whether id or version is already set before resetting them.

Signed-off-by: Mark Wielaard <mark@klomp.org>

diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
index 95f2a92b701c95c760fbb6cd72b7461e2524455a..24ede19af3853d3a39b9d53f328240a937d8b8a1 100644 (file)
--- a/debuginfod/debuginfod-client.c
+++ b/debuginfod/debuginfod-client.c
@@ -673,9 +673,9 @@ add_default_headers(debuginfod_client *client)
               v++;
               s[len - 1] = '\0';
             }
-          if (strcmp (s, "ID") == 0)
+          if (id == NULL && strcmp (s, "ID") == 0)
             id = strdup (v);
-          if (strcmp (s, "VERSION_ID") == 0)
+          if (version == NULL && strcmp (s, "VERSION_ID") == 0)
             version = strdup (v);
         }
       fclose (f);