From: Mark Wielaard <mark@klomp.org>
Date: Sat, 22 Jun 2024 23:22:54 +0000 (+0200)
Subject: debuginfod-client: Don't leak id/version with duplicate os-release entries
X-Git-Tag: elfutils-0.192~77
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fe14f12fa4c1515725d42495dc6226650b778ac4;p=thirdparty%2Felfutils.git

debuginfod-client: Don't leak id/version with duplicate os-release entries

Found by GCC14 -Wanalyzer-double-free.

If the os-release file would contain multiple ID or VERSION_ID entries
we would leak the originally parsed one. Fix by seeing whether id or
version is already set and ignore any future entries.

	* debuginfod/debuginfod-client.c (add_default_headers): Check
	whether id or version is already set before resetting them.

Signed-off-by: Mark Wielaard <mark@klomp.org>
---

diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
index 95f2a92b..24ede19a 100644
--- a/debuginfod/debuginfod-client.c
+++ b/debuginfod/debuginfod-client.c
@@ -673,9 +673,9 @@ add_default_headers(debuginfod_client *client)
               v++;
               s[len - 1] = '\0';
             }
-          if (strcmp (s, "ID") == 0)
+          if (id == NULL && strcmp (s, "ID") == 0)
             id = strdup (v);
-          if (strcmp (s, "VERSION_ID") == 0)
+          if (version == NULL && strcmp (s, "VERSION_ID") == 0)
             version = strdup (v);
         }
       fclose (f);