| From b0426e63c9ac61657e029f689bcb8dd051e752c6 Mon Sep 17 00:00:00 2001 |
| From: Sergey Popovich <popovich_sergei@mail.ua> |
| Date: Fri, 21 Apr 2017 07:32:23 -0700 |
| Subject: [PATCH] update: Compare computed vs expected sha256 digit string |
| ignoring case |
| |
| We produce sha256 digest string using %x snprintf() |
| qualifier for each byte of digest which uses alphabetic |
| characters from "a" to "f" in lower case to represent |
| integer values from 10 to 15. |
| |
| Previously all of the NVD META files supply sha256 |
| digest string for corresponding XML file in lower case. |
| |
| However due to some reason this changed recently to |
| provide digest digits in upper case causing fetched |
| data consistency checks to fail. This prevents database |
| from being updated periodically. |
| |
| While commit c4f6e94 (update: Do not treat sha256 failure |
| as fatal if requested) adds useful option to skip |
| digest validation at all and thus provides workaround for |
| this situation, it might be unacceptable for some |
| deployments where we need to ensure that downloaded |
| data is consistent before start parsing it and update |
| SQLite database. |
| |
| Use strcasecmp() to compare two digest strings case |
| insensitively and addressing this case. |
| |
| Upstream-Status: Backport |
| Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua> |
| --- |
| src/update.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/src/update.c b/src/update.c |
| index 8588f38..3cc6b67 100644 |
| --- a/src/update.c |
| +++ b/src/update.c |
| @@ -187,7 +187,7 @@ static bool nvdcve_data_ok(const char *meta, const char *data) |
| snprintf(&csum_data[idx], len, "%02hhx", digest[i]); |
| } |
| |
| - ret = streq(csum_meta, csum_data); |
| + ret = !strcasecmp(csum_meta, csum_data); |
| |
| err_unmap: |
| munmap(buffer, length); |
| -- |
| 2.11.0 |
| |