diff options
author | ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp> | 2020-03-30 09:24:26 +0900 |
---|---|---|
committer | ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp> | 2020-03-30 09:24:26 +0900 |
commit | 5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (patch) | |
tree | b4bb18dcd1487dbf1ea8127e5671b7bb2eded033 /external/poky/meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch | |
parent | 706ad73eb02caf8532deaf5d38995bd258725cb8 (diff) |
agl-basesystem
Diffstat (limited to 'external/poky/meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch')
-rw-r--r-- | external/poky/meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/external/poky/meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch b/external/poky/meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch new file mode 100644 index 00000000..458c0cc8 --- /dev/null +++ b/external/poky/meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch @@ -0,0 +1,52 @@ +From b0426e63c9ac61657e029f689bcb8dd051e752c6 Mon Sep 17 00:00:00 2001 +From: Sergey Popovich <popovich_sergei@mail.ua> +Date: Fri, 21 Apr 2017 07:32:23 -0700 +Subject: [PATCH] update: Compare computed vs expected sha256 digit string + ignoring case + +We produce sha256 digest string using %x snprintf() +qualifier for each byte of digest which uses alphabetic +characters from "a" to "f" in lower case to represent +integer values from 10 to 15. + +Previously all of the NVD META files supply sha256 +digest string for corresponding XML file in lower case. + +However due to some reason this changed recently to +provide digest digits in upper case causing fetched +data consistency checks to fail. This prevents database +from being updated periodically. + +While commit c4f6e94 (update: Do not treat sha256 failure +as fatal if requested) adds useful option to skip +digest validation at all and thus provides workaround for +this situation, it might be unacceptable for some +deployments where we need to ensure that downloaded +data is consistent before start parsing it and update +SQLite database. + +Use strcasecmp() to compare two digest strings case +insensitively and addressing this case. + +Upstream-Status: Backport +Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua> +--- + src/update.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/update.c b/src/update.c +index 8588f38..3cc6b67 100644 +--- a/src/update.c ++++ b/src/update.c +@@ -187,7 +187,7 @@ static bool nvdcve_data_ok(const char *meta, const char *data) + snprintf(&csum_data[idx], len, "%02hhx", digest[i]); + } + +- ret = streq(csum_meta, csum_data); ++ ret = !strcasecmp(csum_meta, csum_data); + + err_unmap: + munmap(buffer, length); +-- +2.11.0 + |