update: Compare computed vs expected sha256 digit string ignoring case

Sergey Popovich · Sergey Popovich · commit b0426e63c9ac · 2017-04-21T14:46:26.000Z
We produce sha256 digest string using %x snprintf() qualifier for each byte of digest which uses alphabetic characters from "a" to "f" in lower case to represent integer values from 10 to 15. Previously all of the NVD META files supply sha256 digest string for corresponding XML file in lower case. However due to some reason this changed recently to provide digest digits in upper case causing fetched data consistency checks to fail. This prevents database from being updated periodically. While commit c4f6e94 (update: Do not treat sha256 failure as fatal if requested) adds useful option to skip digest validation at all and thus provides workaround for this situation, it might be unacceptable for some deployments where we need to ensure that downloaded data is consistent before start parsing it and update SQLite database. Use strcasecmp() to compare two digest strings case insensitively and addressing this case. Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua>
diff --git a/src/update.c b/src/update.c
@@ -187,7 +187,7 @@ static bool nvdcve_data_ok(const char *meta, const char *data)
                 snprintf(&csum_data[idx], len, "%02hhx", digest[i]);
         }
 
-        ret = streq(csum_meta, csum_data);
+        ret = !strcasecmp(csum_meta, csum_data);
 
 err_unmap:
         munmap(buffer, length);

Original file line number	Diff line number	Diff line change
`@@ -187,7 +187,7 @@ static bool nvdcve_data_ok(const char meta, const char data)`
`187`	`187`	`snprintf(&csum_data[idx], len, "%02hhx", digest[i]);`
`188`	`188`	`}`
`189`	`189`
`190`		`- ret = streq(csum_meta, csum_data);`
	`190`	`+ ret = !strcasecmp(csum_meta, csum_data);`
`191`	`191`
`192`	`192`	`err_unmap:`
`193`	`193`	`munmap(buffer, length);`