From b0426e63c9ac61657e029f689bcb8dd051e752c6 Mon Sep 17 00:00:00 2001 From: Sergey Popovich Date: Fri, 21 Apr 2017 07:32:23 -0700 Subject: [PATCH] update: Compare computed vs expected sha256 digit string ignoring case We produce sha256 digest string using %x snprintf() qualifier for each byte of digest which uses alphabetic characters from "a" to "f" in lower case to represent integer values from 10 to 15. Previously all of the NVD META files supply sha256 digest string for corresponding XML file in lower case. However due to some reason this changed recently to provide digest digits in upper case causing fetched data consistency checks to fail. This prevents database from being updated periodically. While commit c4f6e94 (update: Do not treat sha256 failure as fatal if requested) adds useful option to skip digest validation at all and thus provides workaround for this situation, it might be unacceptable for some deployments where we need to ensure that downloaded data is consistent before start parsing it and update SQLite database. Use strcasecmp() to compare two digest strings case insensitively and addressing this case. Upstream-Status: Backport Signed-off-by: Sergey Popovich --- src/update.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/update.c b/src/update.c index 8588f38..3cc6b67 100644 --- a/src/update.c +++ b/src/update.c @@ -187,7 +187,7 @@ static bool nvdcve_data_ok(const char *meta, const char *data) snprintf(&csum_data[idx], len, "%02hhx", digest[i]); } - ret = streq(csum_meta, csum_data); + ret = !strcasecmp(csum_meta, csum_data); err_unmap: munmap(buffer, length); -- 2.11.0