(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/plugins/imap-acl/imap-acl-plugin.c) |
| |
| 280 | | | static bool cmd_myrights(struct client_command_context *cmd) |
| 281 | | | { |
| 282 | | | struct mail_storage *storage; |
| 283 | | | struct mailbox *box; |
| 284 | | | const char *mailbox, *real_mailbox; |
| 285 | | | const char *const *rights; |
| 286 | | | string_t *str; |
| 287 | | | |
| 288 | | | if (!client_read_string_args(cmd, 1, &mailbox)) |
| 289 | | | return FALSE; |
| 290 | | | |
| 291 | | | real_mailbox = mailbox; |
| 292 | | | storage = client_find_storage(cmd, &real_mailbox); |
| 293 | | | if (storage == NULL) |
| 294 | | | return TRUE; |
| 295 | | | |
| 296 | | | box = mailbox_open(&storage, real_mailbox, NULL, |
| 297 | | | ACL_MAILBOX_OPEN_FLAGS | MAILBOX_OPEN_IGNORE_ACLS);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/plugins/imap-acl/imap-acl-plugin.c |
| |
19 | #define ACL_MAILBOX_OPEN_FLAGS \ |
20 | (MAILBOX_OPEN_READONLY | MAILBOX_OPEN_FAST | MAILBOX_OPEN_KEEP_RECENT) |
| |
|
| 298 | | | if (box == NULL) { |
| 299 | | | client_send_storage_error(cmd, storage); |
| 300 | | | return TRUE; |
| 301 | | | } |
| 302 | | | |
| 303 | | | if (acl_object_get_my_rights(acl_mailbox_get_aclobj(box), |
| 304 | | | pool_datastack_create(), &rights) < 0) { |
| 305 | | | client_send_tagline(cmd, "NO "MAIL_ERRSTR_CRITICAL_MSG);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/mail-error.h |
| |
14 | #define MAIL_ERRSTR_CRITICAL_MSG \ |
15 | "Internal error occurred. Refer to server log for more information." |
| |
|
| 306 | | | mailbox_close(&box); |
| 307 | | | return TRUE; |
| 308 | | | } |
| 309 | | | |
| 310 | | | |
| 311 | | | if (*rights == NULL || |
| 312 | | | (strcmp(*rights, MAIL_ACL_POST) == 0 && rights[1] == NULL)) { |
| 313 | | | client_send_tagline(cmd, t_strdup_printf( |
| 314 | | | "NO ["IMAP_RESP_CODE_NONEXISTENT"] " |
| 315 | | | MAIL_ERRSTR_MAILBOX_NOT_FOUND, real_mailbox)); |
| 316 | | | mailbox_close(&box); |
| 317 | | | return TRUE; |
| 318 | | | } |
| 319 | | | |
| 320 | | | str = t_str_new(128); |
| 321 | | | str_append(str, "* MYRIGHTS "); |
| 322 | | | imap_quote_append_string(str, mailbox, FALSE);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-imap/imap-quote.h |
| |
14 | #define imap_quote_append_string(str, value, compress_lwsp) \ |
15 | imap_quote_append(str, (const unsigned char *)(value), \ |
16 | (size_t)-1, compress_lwsp) |
| |
|
| 323 | | | str_append_c(str,' '); |
| 324 | | | imap_acl_write_rights_list(str, rights); |
| 325 | | | |
| 326 | | | client_send_line(cmd->client, str_c(str)); |
Format String
client_send_line() is being called with a format string that is not constant. The format string (second argument) may not match the other arguments to client_send_line(); this could lead to security or stability problems. client_send_line() passes its second argument to another function that takes a format string. |
|
| 327 | | | client_send_tagline(cmd, "OK Myrights completed."); |
| 328 | | | mailbox_close(&box); |
| 329 | | | return TRUE; |
| 330 | | | } |
| |