(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/plugins/imap-acl/imap-acl-plugin.c) |
| |
| 332 | | | static bool cmd_listrights(struct client_command_context *cmd) |
| 333 | | | { |
| 334 | | | struct mailbox *box; |
| 335 | | | const char *mailbox, *identifier; |
| 336 | | | string_t *str; |
| 337 | | | |
| 338 | | | if (!client_read_string_args(cmd, 2, &mailbox, &identifier)) |
| 339 | | | return FALSE; |
| 340 | | | |
| 341 | | | box = acl_mailbox_open_as_admin(cmd, mailbox); |
| 342 | | | if (box == NULL) |
| 343 | | | return TRUE; |
| 344 | | | |
| 345 | | | str = t_str_new(128); |
| 346 | | | str_append(str, "* LISTRIGHTS "); |
| 347 | | | imap_quote_append_string(str, mailbox, FALSE);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-imap/imap-quote.h |
| |
14 | #define imap_quote_append_string(str, value, compress_lwsp) \ |
15 | imap_quote_append(str, (const unsigned char *)(value), \ |
16 | (size_t)-1, compress_lwsp) |
| |
|
| 348 | | | str_append_c(str, ' '); |
| 349 | | | imap_quote_append_string(str, identifier, FALSE);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-imap/imap-quote.h |
| |
14 | #define imap_quote_append_string(str, value, compress_lwsp) \ |
15 | imap_quote_append(str, (const unsigned char *)(value), \ |
16 | (size_t)-1, compress_lwsp) |
| |
|
| 350 | | | str_append_c(str, ' '); |
| 351 | | | str_append(str, "\"\" l r w s t p i e k x a c d"); |
| 352 | | | |
| 353 | | | client_send_line(cmd->client, str_c(str)); |
Format String
client_send_line() is being called with a format string that is not constant. The format string (second argument) may not match the other arguments to client_send_line(); this could lead to security or stability problems. client_send_line() passes its second argument to another function that takes a format string. |
|
| 354 | | | client_send_tagline(cmd, "OK Listrights completed."); |
| 355 | | | mailbox_close(&box); |
| 356 | | | return TRUE; |
| 357 | | | } |
| |