(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/auth/password-scheme.c) |
| |
| 294 | | | md5_verify(const char *plaintext, const char *user, |
| 295 | | | const unsigned char *raw_password, size_t size) |
| 296 | | | { |
| 297 | | | const char *password, *str; |
| 298 | | | const unsigned char *md5_password; |
| 299 | | | size_t md5_size; |
| 300 | | | |
| 301 | | | password = t_strndup(raw_password, size); |
| 302 | | | if (strncmp(password, "$1$", 3) == 0) { |
Event 1:
Taking false branch. strncmp(...) == 0 evaluates to false.
hide
|
|
| 303 | | | |
| 304 | | | str = password_generate_md5_crypt(plaintext, password); |
| 305 | | | return strcmp(str, password) == 0; |
| 306 | | | } else if (password_decode(password, "PLAIN-MD5", |
| 307 | [+] | | &md5_password, &md5_size) < 0) { |
Event 2:
&md5_size is passed to password_decode() as the fourth argument.
hide
Event 3:
password_decode() does not initialize md5_size. - This may be because of a failure case or other special case for password_decode().
hide
|
|
 |
| |