(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/util/dovecotpw.c) |
| |
| 36 | | | int main(int argc, char *argv[]) |
| 37 | | | { |
| 38 | | | const char *hash = NULL; |
Event 1:
hash is set to NULL. - Dereferenced later, causing the null pointer dereference.
hide
|
|
| 39 | | | const char *user = NULL; |
| 40 | | | char *scheme = NULL; |
| 41 | | | char *plaintext = NULL; |
| 42 | | | int ch, lflag = 0, Vflag = 0; |
| 43 | | | |
| 44 | | | lib_init(); |
| 45 | | | random_init(); |
| 46 | | | password_schemes_init(); |
| 47 | | | |
| 48 | | | while ((ch = getopt(argc, argv, "lp:s:u:V")) != -1) { |
| 49 | | | switch (ch) { |
| 50 | | | case 'l': |
| 51 | | | lflag = 1; |
| 52 | | | break; |
| 53 | | | case 'p': |
| 54 | | | plaintext = i_strdup(optarg); |
| 55 | | | safe_memset(optarg, 0, strlen(optarg)); |
| 56 | | | break; |
| 57 | | | case 's': |
| 58 | | | scheme = i_strdup(optarg); |
| 59 | | | break; |
| 60 | | | case 'u': |
| 61 | | | user = i_strdup(optarg); |
| 62 | | | break; |
| 63 | | | case 'V': |
| 64 | | | Vflag = 1; |
| 65 | | | break; |
| 66 | | | case '?': |
| 67 | | | default: |
| 68 | | | usage(basename(*argv));
x /usr/include/libgen.h |
| |
36 | #define basename __xpg_basename |
| |
|
| 69 | | | } |
| 70 | | | } |
| 71 | | | |
| 72 | | | if (lflag) { |
Event 3:
Skipping " if". lflag evaluates to false.
hide
|
|
| 73 | | | const struct password_scheme *const *schemes; |
| 74 | | | unsigned int i, count; |
| 75 | | | |
| 76 | | | schemes = array_get(&password_schemes, &count);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
156 | #define array_get(array, count) \ |
157 | ARRAY_TYPE_CAST_CONST(array)array_get_i(&(array)->arr, count) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
43 | # define ARRAY_TYPE_CAST_CONST(array) \ |
44 | (typeof(*(array)->v)) |
| |
|
| 77 | | | for (i = 0; i < count; i++) |
| 78 | | | printf("%s ", schemes[i]->name); |
| 79 | | | printf("\n"); |
| 80 | | | exit(0); |
| 81 | | | } |
| 82 | | | |
| 83 | | | if (argc != optind) |
Event 4:
Skipping " if". argc != optind evaluates to false.
hide
|
|
| 84 | | | usage(basename(*argv));
x /usr/include/libgen.h |
| |
36 | #define basename __xpg_basename |
| |
|
| 85 | | | |
| 86 | | | if (scheme == NULL) |
Event 5:
Taking false branch. scheme == (void *)0 evaluates to false.
hide
|
|
| 87 | | | scheme = i_strdup(DEFAULT_SCHEME); |
| 88 | | | else { |
| 89 | | | char *c; |
| 90 | | | for (c = scheme; *c != '\0'; c++) |
| 91 | | | *c = i_toupper(*c);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/compat.h |
| |
212 | #define i_toupper(x) ((char) toupper((int) (unsigned char) (x))) |
| |
|
| 92 | | | } |
| 93 | | | |
| 94 | | | |
| 95 | | | while (plaintext == NULL) { |
Event 7:
Leaving loop. plaintext == (void *)0 evaluates to false.
hide
|
|
| 96 | | | char *check; |
| 97 | | | static int lives = 3; |
| 98 | | | |
| 99 | | | plaintext = i_strdup(getpass("Enter new password: ")); |
| 100 | | | check = i_strdup(getpass("Retype new password: ")); |
| 101 | | | if (strcmp(plaintext, check) != 0) { |
| 102 | | | fprintf(stderr, "Passwords don't match!\n"); |
| 103 | | | if (--lives == 0) |
| 104 | | | exit(1); |
| 105 | | | safe_memset(plaintext, 0, strlen(plaintext)); |
| 106 | | | safe_memset(check, 0, strlen(check)); |
| 107 | | | i_free(plaintext);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/imem.h |
| |
14 | #define i_free(mem) \ |
15 | STMT_START { \ |
16 | free(mem); \ |
17 | (mem) = NULL; \ |
18 | } STMT_END |
| |
|
| 108 | | | i_free(check);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/imem.h |
| |
14 | #define i_free(mem) \ |
15 | STMT_START { \ |
16 | free(mem); \ |
17 | (mem) = NULL; \ |
18 | } STMT_END |
| |
|
| 109 | | | plaintext = NULL; |
| 110 | | | } |
| 111 | | | } |
| 112 | | | |
| 113 | [+] | | if (!password_generate_encoded(plaintext, user, scheme, &hash)) { |
 |
| 114 | | | fprintf(stderr, "Unknown scheme: %s\n", scheme); |
| 115 | | | exit(1); |
| 116 | | | } |
| 117 | | | if (Vflag == 1) { |
Event 12:
Taking true branch. Vflag == 1 evaluates to true.
hide
|
|
| 118 | | | const unsigned char *raw_password; |
| 119 | | | size_t size; |
| 120 | | | |
| 121 | [+] | | if (password_decode(hash, scheme, &raw_password, &size) <= 0) { |
Event 13:
hash, which evaluates to NULL, is passed to password_decode() as the first argument. See related event 1.
hide
|
|
 |
| |