(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/auth/auth-request.c) |
| |
| 1105 | | | auth_request_change_userdb_user(struct auth_request *request, const char *user) |
| 1106 | | | { |
| 1107 | | | const char *str; |
| 1108 | | | |
| 1109 | | | |
| 1110 | | | if (strcmp(user, request->user) == 0) |
Event 1:
Skipping " if". strcmp(...) == 0 evaluates to false.
hide
|
|
| 1111 | | | return; |
| 1112 | | | |
| 1113 | [+] | | str = t_strdup(auth_stream_reply_export(request->userdb_reply)); |
 |
| 1114 | | | |
| 1115 | | | |
| 1116 | | | auth_request_set_field(request, "user", user, NULL); |
| 1117 | | | auth_stream_reply_reset(request->userdb_reply); |
| 1118 | | | auth_stream_reply_add(request->userdb_reply, |
| 1119 | | | NULL, request->user); |
| 1120 | | | |
| 1121 | | | |
| 1122 | | | str = strchr(str, '\t'); |
Event 6:
str, which evaluates to NULL, is passed to strchr() as the first argument. See related event 5.
hide
Null Pointer Dereference
The body of strchr() dereferences str, but it is NULL. The issue can occur if the highlighted code executes. See related event 6. Show: All events | Only primary events |
|
| |