(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/master/master-settings.c) |
| |
| 783 | | | static bool settings_verify(struct settings *set) |
| 784 | | | { |
| 785 | | | const char *dir; |
| 786 | | | int facility; |
| 787 | | | |
| 788 | [+] | | if (!get_login_uid(set)) |
 |
| 789 | | | return FALSE; |
| 790 | | | |
| 791 | | | set->mail_uid_t = (uid_t)-1; |
| 792 | | | set->mail_gid_t = (gid_t)-1; |
| 793 | | | set->mail_priv_gid_t = (gid_t)-1; |
| 794 | | | |
| 795 | | | if (*set->mail_uid != '\0') { |
Event 5:
Skipping " if". *set->mail_uid != 0 evaluates to false.
hide
|
|
| 796 | | | if (!parse_uid(set->mail_uid, &set->mail_uid_t)) { |
| 797 | | | i_error("Non-existing mail_uid: %s", set->mail_uid); |
| 798 | | | return FALSE; |
| 799 | | | } |
| 800 | | | } |
| 801 | | | if (*set->mail_gid != '\0') { |
Event 6:
Skipping " if". *set->mail_gid != 0 evaluates to false.
hide
|
|
| 802 | | | if (!parse_gid(set->mail_gid, &set->mail_gid_t)) { |
| 803 | | | i_error("Non-existing mail_gid: %s", set->mail_uid); |
| 804 | | | return FALSE; |
| 805 | | | } |
| 806 | | | } |
| 807 | | | if (*set->mail_privileged_group != '\0') { |
Event 7:
Skipping " if". *set->mail_privileged_group != 0 evaluates to false.
hide
|
|
| 808 | | | if (!parse_gid(set->mail_privileged_group, |
| 809 | | | &set->mail_priv_gid_t)) { |
| 810 | | | i_error("Non-existing mail_privileged_group: %s", |
| 811 | | | set->mail_privileged_group); |
| 812 | | | return FALSE; |
| 813 | | | } |
| 814 | | | } |
| 815 | | | |
| 816 | | | if (set->protocol != MAIL_PROTOCOL_ANY && |
Event 8:
Skipping " if". - set->protocol != MAIL_PROTOCOL_ANY evaluates to true.
- access(...) < 0 evaluates to false.
hide
|
|
| 817 | | | access(t_strcut(set->mail_executable, ' '), X_OK) < 0) {
x /usr/include/unistd.h |
| |
284 | #define X_OK 1 /* Test for execute permission. */ |
| |
|
| 818 | | | i_error("mail_executable: Can't use %s: %m", |
| 819 | | | t_strcut(set->mail_executable, ' ')); |
| 820 | | | return FALSE; |
| 821 | | | } |
| 822 | | | |
| 823 | | | if (*set->log_path != '\0' && access(set->log_path, W_OK) < 0) {
x /usr/include/unistd.h |
| |
283 | #define W_OK 2 /* Test for write permission. */ |
| |
|
| 824 | [+] | | dir = get_directory(set->log_path); |
 |
| 825 | | | if (access(dir, W_OK) < 0) {
x /usr/include/unistd.h |
| |
283 | #define W_OK 2 /* Test for write permission. */ |
| |
|
Event 13:
dir, which evaluates to ".", is passed to access() as the first argument. See related event 12.
hide
Event 14:
Skipping " if". access(dir, 2) < 0 evaluates to false.
hide
|
|
| 826 | | | i_error("log_path: Can't write to directory %s: %m", |
| 827 | | | dir); |
| 828 | | | return FALSE; |
| 829 | | | } |
| 830 | | | } |
| 831 | | | |
| 832 | | | if (*set->info_log_path != '\0' && |
| 833 | | | access(set->info_log_path, W_OK) < 0) {
x /usr/include/unistd.h |
| |
283 | #define W_OK 2 /* Test for write permission. */ |
| |
|
| 834 | [+] | | dir = get_directory(set->info_log_path); |
 |
| 835 | | | if (access(dir, W_OK) < 0) {
x /usr/include/unistd.h |
| |
283 | #define W_OK 2 /* Test for write permission. */ |
| |
|
Event 19:
dir, which evaluates to ".", is passed to access() as the first argument. See related event 18.
hide
File System Race Condition
The file named dir is accessed again. Another process may have changed the file since the access at master-settings.c:825. For example, an attacker could replace the original file with a link to a file containing important or confidential data. The issue can occur if the highlighted code executes. See related events 13 and 19. Show: All events | Only primary events |
|
| |