From: Mark Wielaard <mark@klomp.org>
Date: Tue, 16 Jun 2020 22:03:37 +0000 (+0200)
Subject: debuginfod: Fix build_id hexadecimal length check.
X-Git-Tag: elfutils-0.181~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=90808ed559792a70b79c39183b88df09234866cf;p=thirdparty%2Felfutils.git

debuginfod: Fix build_id hexadecimal length check.

When is debuginfod_query_server is given an hexadecimal string as
build-id build_id_len will be zero. We were checking the size of
the build_id_bytes destination string instead of the string length
of build_id input string. Make sure the input string is not too
big or strcpy might overwrite then end of the build_id_bytes array.

Signed-off-by: Mark Wielaard <mark@klomp.org>
---

diff --git a/debuginfod/ChangeLog b/debuginfod/ChangeLog
index 9ff2e1117..d6bbfac8b 100644
--- a/debuginfod/ChangeLog
+++ b/debuginfod/ChangeLog
@@ -1,3 +1,8 @@
+2020-06-16  Mark Wielaard  <mark@klomp.org>
+
+	* debuginfod-client.c (debuginfod_query_server): Replace sizeof
+	build_id_bytes check with strlen build_id check.
+
 2020-06-16  Mark Wielaard  <mark@klomp.org>
 
 	* debuginfod-client.c (debuginfod_query_server): Increase suffix
diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
index e9c2ca839..7b53cb31f 100644
--- a/debuginfod/debuginfod-client.c
+++ b/debuginfod/debuginfod-client.c
@@ -496,7 +496,7 @@ debuginfod_query_server (debuginfod_client *c,
   /* Copy lowercase hex representation of build_id into buf.  */
   if ((build_id_len >= MAX_BUILD_ID_BYTES) ||
       (build_id_len == 0 &&
-       sizeof(build_id_bytes) > MAX_BUILD_ID_BYTES*2 + 1))
+       strlen ((const char *) build_id) > MAX_BUILD_ID_BYTES*2))
     return -EINVAL;
   if (build_id_len == 0) /* expect clean hexadecimal */
     strcpy (build_id_bytes, (const char *) build_id);