blob: 458c0cc84e5f7ff0a7e9f1c0d97d4b8dc9a2564d [file] [log] [blame]
Brad Bishop6e60e8b2018-02-01 10:27:11 -05001From b0426e63c9ac61657e029f689bcb8dd051e752c6 Mon Sep 17 00:00:00 2001
2From: Sergey Popovich <popovich_sergei@mail.ua>
3Date: Fri, 21 Apr 2017 07:32:23 -0700
4Subject: [PATCH] update: Compare computed vs expected sha256 digit string
5 ignoring case
6
7We produce sha256 digest string using %x snprintf()
8qualifier for each byte of digest which uses alphabetic
9characters from "a" to "f" in lower case to represent
10integer values from 10 to 15.
11
12Previously all of the NVD META files supply sha256
13digest string for corresponding XML file in lower case.
14
15However due to some reason this changed recently to
16provide digest digits in upper case causing fetched
17data consistency checks to fail. This prevents database
18from being updated periodically.
19
20While commit c4f6e94 (update: Do not treat sha256 failure
21as fatal if requested) adds useful option to skip
22digest validation at all and thus provides workaround for
23this situation, it might be unacceptable for some
24deployments where we need to ensure that downloaded
25data is consistent before start parsing it and update
26SQLite database.
27
28Use strcasecmp() to compare two digest strings case
29insensitively and addressing this case.
30
31Upstream-Status: Backport
32Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua>
33---
34 src/update.c | 2 +-
35 1 file changed, 1 insertion(+), 1 deletion(-)
36
37diff --git a/src/update.c b/src/update.c
38index 8588f38..3cc6b67 100644
39--- a/src/update.c
40+++ b/src/update.c
41@@ -187,7 +187,7 @@ static bool nvdcve_data_ok(const char *meta, const char *data)
42 snprintf(&csum_data[idx], len, "%02hhx", digest[i]);
43 }
44
45- ret = streq(csum_meta, csum_data);
46+ ret = !strcasecmp(csum_meta, csum_data);
47
48 err_unmap:
49 munmap(buffer, length);
50--
512.11.0
52