From: Aaron Merey <amerey@redhat.com>
Date: Thu, 30 Mar 2023 18:11:23 +0000 (-0400)
Subject: debuginfod-client.c: Avoid sscanf on mixed-case component of string
X-Git-Tag: elfutils-0.190~74
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=75800e911b73804cb3354edcc1ba9de3adaefa4e;p=thirdparty%2Felfutils.git

debuginfod-client.c: Avoid sscanf on mixed-case component of string

sscanf is used to get the value of x-debuginfod-size from the http
headers.  The format string used assumes that the header field name
is entirely lower case.  However mixed-case field names are possible,
resulting in the value not being read.

Fix this by removing "x-debuginfod-size" from the format string.

Signed-off-by: Aaron Merey <amerey@redhat.com>
---

diff --git a/debuginfod/ChangeLog b/debuginfod/ChangeLog
index 44dc3a150..c8de6ca0d 100644
--- a/debuginfod/ChangeLog
+++ b/debuginfod/ChangeLog
@@ -1,3 +1,8 @@
+2023-03-30  Aaron Merey  <amerey@redhat.com>
+
+	* debuginfod-client.c (debuginfod_query_server): Avoid sscanf on
+	mixed-case component of string.
+
 2023-03-29  Jan Alexander Steffens (heftig) <heftig@archlinux.org>
 
 	* debuginfod-client.c (debuginfod_query_server): s/futimes/futimens/
diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
index 4b6f93a79..5dfc8e628 100644
--- a/debuginfod/debuginfod-client.c
+++ b/debuginfod/debuginfod-client.c
@@ -1495,9 +1495,9 @@ debuginfod_query_server (debuginfod_client *c,
             {
               long xdl;
               char *hdr = strcasestr(c->winning_headers, "x-debuginfod-size");
+              size_t off = strlen("x-debuginfod-size:");
 
-              if (hdr != NULL
-                  && sscanf(hdr, "x-debuginfod-size: %ld", &xdl) == 1)
+              if (hdr != NULL && sscanf(hdr + off, "%ld", &xdl) == 1)
                 dl_size = xdl;
             }
         }