From fe14f12fa4c1515725d42495dc6226650b778ac4 Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mark@klomp.org>
Date: Sun, 23 Jun 2024 01:22:54 +0200
Subject: [PATCH] debuginfod-client: Don't leak id/version with duplicate
 os-release entries

Found by GCC14 -Wanalyzer-double-free.

If the os-release file would contain multiple ID or VERSION_ID entries
we would leak the originally parsed one. Fix by seeing whether id or
version is already set and ignore any future entries.

	* debuginfod/debuginfod-client.c (add_default_headers): Check
	whether id or version is already set before resetting them.

Signed-off-by: Mark Wielaard <mark@klomp.org>
---
 debuginfod/debuginfod-client.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
index 95f2a92b..24ede19a 100644
--- a/debuginfod/debuginfod-client.c
+++ b/debuginfod/debuginfod-client.c
@@ -673,9 +673,9 @@ add_default_headers(debuginfod_client *client)
               v++;
               s[len - 1] = '\0';
             }
-          if (strcmp (s, "ID") == 0)
+          if (id == NULL && strcmp (s, "ID") == 0)
             id = strdup (v);
-          if (strcmp (s, "VERSION_ID") == 0)
+          if (version == NULL && strcmp (s, "VERSION_ID") == 0)
             version = strdup (v);
         }
       fclose (f);
-- 
2.47.3