(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/master/mail-process.c) |
| |
| 445 | | | void mail_process_exec(const char *protocol, const char **args) |
| 446 | | | { |
| 447 | | | struct server_settings *server = settings_root; |
| 448 | | | const struct var_expand_table *var_expand_table; |
| 449 | | | struct settings *set; |
| 450 | | | const char *executable; |
| 451 | | | |
| 452 | | | if (strcmp(protocol, "ext") == 0) { |
Event 1:
Taking true branch. strcmp(protocol, "ext") == 0 evaluates to true.
hide
|
|
| 453 | | | |
| 454 | | | if (*args == NULL) |
Event 2:
Skipping " if". *args == (void *)0 evaluates to false.
hide
|
|
| 455 | | | i_fatal("External binary parameter not given"); |
| 456 | | | set = server->defaults; |
| 457 | | | executable = *args; |
| 458 | | | } else { |
| 459 | | | const char *section = *args; |
| 460 | | | |
| 461 | | | if (section != NULL) { |
| 462 | | | for (; server != NULL; server = server->next) { |
| 463 | | | if (strcmp(server->name, section) == 0) |
| 464 | | | break; |
| 465 | | | } |
| 466 | | | if (server == NULL) |
| 467 | | | i_fatal("Section not found: '%s'", section); |
| 468 | | | } |
| 469 | | | |
| 470 | | | if (strcmp(protocol, "imap") == 0) |
| 471 | | | set = server->imap; |
| 472 | | | else if (strcmp(protocol, "pop3") == 0) |
| 473 | | | set = server->pop3; |
| 474 | | | else |
| 475 | | | i_fatal("Unknown protocol: '%s'", protocol); |
| 476 | | | executable = set->mail_executable; |
| 477 | | | args = NULL; |
| 478 | | | } |
| 479 | | | |
| 480 | | | var_expand_table = |
| 481 | | | get_var_expand_table(protocol, getenv("USER"), getenv("HOME"), |
| 482 | | | getenv("TCPLOCALIP"), |
| 483 | | | getenv("TCPREMOTEIP"), |
| 484 | | | getpid(), geteuid()); |
| 485 | | | |
| 486 | | | |
| 487 | | | env_put(t_strconcat("LOG_TIMESTAMP=", set->log_timestamp, NULL)); |
| 488 | | | if (*set->log_path == '\0') |
Event 3:
Taking false branch. *set->log_path == 0 evaluates to false.
hide
|
|
| 489 | | | env_put("USE_SYSLOG=1"); |
| 490 | | | else |
| 491 | | | env_put(t_strconcat("LOGFILE=", set->log_path, NULL)); |
| 492 | | | if (*set->info_log_path != '\0') |
Event 4:
Skipping " if". *set->info_log_path != 0 evaluates to false.
hide
|
|
| 493 | | | env_put(t_strconcat("INFOLOGFILE=", set->info_log_path, NULL)); |
| 494 | | | if (*set->mail_log_prefix != '\0') { |
Event 5:
Taking true branch. *set->mail_log_prefix != 0 evaluates to true.
hide
|
|
| 495 | | | string_t *str = t_str_new(256); |
| 496 | | | |
| 497 | | | str_append(str, "LOG_PREFIX="); |
| 498 | | | var_expand(str, set->mail_log_prefix, var_expand_table); |
| 499 | | | env_put(str_c(str)); |
| 500 | | | } |
| 501 | | | |
| 502 | | | mail_process_set_environment(set, getenv("MAIL"), var_expand_table, |
Event 8:
Inside getenv(), the capacity of the buffer pointed to by getenv("MAIL") is set to a potentially dangerous value [ ?potentially dangerous: the value cannot be determined and may come from program input]. - This determines the capacity of the buffer that will be overrun later.
hide
Event 9:
Inside getenv(), the length of the string pointed to by getenv("MAIL") is set to a potentially dangerous value [ ?potentially dangerous: the value cannot be determined and may come from program input].
hide
Event 10:
getenv("MAIL") is passed to mail_process_set_environment() as the second argument. See related event 7.
hide
|
|
| 503 | [+] | | TRUE); |
Event 6:
!0 evaluates to true.
hide
|
|
 |
| |