From 54e905450e53ed9b21a4737a41a4550958570067 Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Thu, 5 Sep 2019 13:36:41 +0200
Subject: [PATCH] Fix: Verification of checksum from file attr

Related to https://bugzilla.redhat.com/show_bug.cgi?id=1700341

File copy could result in change in file attributes where
null-terminators are stripped out. The new code does not relly on it.
---
 librepo/checksum.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/librepo/checksum.c b/librepo/checksum.c
index 006a7fc..5d164eb 100644
--- a/librepo/checksum.c
+++ b/librepo/checksum.c
@@ -221,18 +221,20 @@ lr_checksum_fd_compare(LrChecksumType type,
         // Load cached checksum if enabled and used
         struct stat st;
         if (fstat(fd, &st) == 0) {
-            ssize_t attr_ret;
             _cleanup_free_ gchar *key = NULL;
             char buf[256];
 
             key = g_strdup_printf("user.Zif.MdChecksum[%llu]",
                                   (unsigned long long) st.st_mtime);
-            attr_ret = fgetxattr(fd, key, &buf, 256);
-            if (attr_ret != -1) {
+            ssize_t attr_size = fgetxattr(fd, key, &buf, sizeof(buf));
+            if (attr_size != -1) {
                 // Cached checksum found
                 g_debug("%s: Using checksum cached in xattr: [%s] %s",
                         __func__, key, buf);
-                *matches = strcmp(expected, buf) ? FALSE : TRUE;
+                size_t expected_len = strlen(expected);
+                // xattr may contain null terminator (+1 byte)
+                *matches = (attr_size == expected_len || attr_size == expected_len + 1) &&
+                           memcmp(expected, buf, attr_size) == 0;
                 return TRUE;
             }
         }
-- 
2.21.0