(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/tests/test-mail.c) |
| |
| 57 | | | static void test_message_address(void) |
| 58 | | | { |
| 59 | | | static const char *input[] = { |
| 60 | | | "user@domain", |
| 61 | | | "<user@domain>", |
| 62 | | | "foo bar <user@domain>", |
| 63 | | | "\"foo bar\" <user@domain>", |
| 64 | | | "<@route:user@domain>", |
| 65 | | | "<@route@route2:user@domain>", |
| 66 | | | "hello <@route ,@route2:user@domain>", |
| 67 | | | "user (hello)", |
| 68 83 |  | | [ Lines 68 to 83 omitted. ] |
| 84 | | | { NULL, "hello", "@route,@route2", "user", "domain", FALSE }, |
| 85 | | | { NULL, "hello", NULL, "user", "", TRUE }, |
| 86 | | | { NULL, "hello", NULL, "user", "", TRUE }, |
| 87 | | | { NULL, NULL, NULL, "", "domain", TRUE } |
| 88 | | | }; |
| 89 | | | struct message_address *addr; |
| 90 | | | string_t *group; |
| 91 | | | unsigned int i; |
| 92 | | | bool success; |
| 93 | | | |
| 94 | | | group = t_str_new(256); |
| 95 | | | str_append(group, "group: "); |
| 96 | | | |
| 97 | | | for (i = 0; i < N_ELEMENTS(input); i++) {
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
18 | #define N_ELEMENTS(arr) \ |
19 | (sizeof(arr) / sizeof((arr)[0])) |
| |
|
Event 1:
The loop is executed one or more times.
hide
|
|
| 98 | | | addr = message_address_parse(pool_datastack_create(), |
| 99 | | | (const unsigned char *)input[i], |
| 100 | | | strlen(input[i]), -1U, FALSE); |
| 101 | | | success = addr != NULL && addr->next == NULL && |
| 102 | | | cmp_addr(addr, &output[i]); |
| 103 | | | test_out(t_strdup_printf("message_address_parse(%d)", i), |
| 104 | | | success); |
| 105 | | | |
| 106 | | | if (!output[i].invalid_syntax) { |
| 107 | | | if (i != 0) { |
| 108 | | | if ((i % 2) == 0) |
| 109 | | | str_append(group, ","); |
| 110 | | | else |
| 111 | | | str_append(group, " , \n "); |
| 112 | | | } |
| 113 | | | str_append(group, input[i]); |
| 114 | | | } |
| 115 | | | } |
| 116 | | | str_append_c(group, ';'); |
| 117 | | | |
| 118 | | | addr = message_address_parse(pool_datastack_create(), str_data(group), |
Event 6:
addr is set to message_address_parse(...), which evaluates to NULL. See related event 5.
hide
|
|
| 119 | [+] | | str_len(group), -1U, FALSE); |
 |
| 120 | | | success = addr != NULL && cmp_addr(addr, &group_prefix); |
Event 7:
addr != (void *)0 evaluates to false.
hide
|
|
| 121 | | | addr = addr->next; |
Null Pointer Dereference
addr is dereferenced here, but it is NULL. The issue can occur if the highlighted code executes. See related event 6. Show: All events | Only primary events |
|
| |