(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/plugins/imap-quota/imap-quota-plugin.c) |
| |
| 32 | | | quota_send(struct client_command_context *cmd, struct mail_user *owner, |
| 33 | | | struct quota_root *root) |
| 34 | | | { |
| 35 | | | const char *name, *const *list; |
| 36 | | | string_t *str; |
| 37 | | | unsigned int i; |
| 38 | | | uint64_t value, limit; |
| 39 | | | int ret; |
| 40 | | | |
| 41 | | | str = t_str_new(128); |
| 42 | | | str_append(str, "* QUOTA "); |
| 43 | | | name = imap_quota_root_get_name(cmd->client->user, owner, root); |
| 44 | | | imap_quote_append_string(str, name, FALSE);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-imap/imap-quote.h |
| |
14 | #define imap_quote_append_string(str, value, compress_lwsp) \ |
15 | imap_quote_append(str, (const unsigned char *)(value), \ |
16 | (size_t)-1, compress_lwsp) |
| |
|
| 45 | | | |
| 46 | | | str_append(str, " ("); |
| 47 | | | list = quota_root_get_resources(root); |
| 48 | | | for (i = 0; *list != NULL; list++) { |
| 49 | | | ret = quota_get_resource(root, "", *list, &value, &limit); |
| 50 | | | if (ret > 0) { |
| 51 | | | if (i > 0) |
| 52 | | | str_append_c(str, ' '); |
| 53 | | | str_printfa(str, "%s %llu %llu", *list, |
| 54 | | | (unsigned long long)value, |
| 55 | | | (unsigned long long)limit); |
| 56 | | | i++; |
| 57 | | | } else if (ret < 0) { |
| 58 | | | client_send_line(cmd->client, |
| 59 | | | "* BAD Internal quota calculation error"); |
| 60 | | | } |
| 61 | | | } |
| 62 | | | str_append_c(str, ')'); |
| 63 | | | client_send_line(cmd->client, str_c(str)); |
Format String
client_send_line() is being called with a format string that is not constant. The format string (second argument) may not match the other arguments to client_send_line(); this could lead to security or stability problems. client_send_line() passes its second argument to another function that takes a format string. |
|
| 64 | | | } |
| |