(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/auth/auth-request.c) |
| |
| 1219 | | | static bool auth_request_proxy_is_self(struct auth_request *request) |
| 1220 | | | { |
| 1221 | | | const char *const *tmp, *host = NULL, *port = NULL, *destuser = NULL; |
| 1222 | | | struct ip_addr ip; |
| 1223 | | | |
| 1224 | | | tmp = auth_stream_split(request->); |
| 1225 | | | for (; *tmp != NULL; tmp++) { |
Event 1:
The loop is executed one or more times.
hide
|
|
| 1226 | | | if (strncmp(*tmp, "host=", 5) == 0) |
| 1227 | | | host = *tmp + 5; |
| 1228 | | | else if (strncmp(*tmp, "port=", 5) == 0) |
| 1229 | | | port = *tmp + 5; |
| 1230 | | | if (strncmp(*tmp, "destuser=", 9) == 0) |
| 1231 | | | destuser = *tmp + 9; |
| 1232 | | | } |
| 1233 | | | |
| 1234 | [+] | | if (host == NULL || net_addr2ip(host, &ip) < 0) { |
Event 2:
Skipping " if". host == (void *)0 evaluates to false.
hide
|
|
 |
| 1235 | | | |
| 1236 | | | return FALSE; |
| 1237 | | | } |
| 1238 | [+] | | if (!net_ip_compare(&ip, &request->local_ip)) |
 |
| 1239 | | | return FALSE; |
| 1240 | | | |
| 1241 | | | if (port != NULL && (unsigned int)atoi(port) != request->local_port) |
Event 10:
Skipping " if". port != (void *)0 evaluates to true.
hide
Event 11:
atoi() returns a potentially dangerous value [ ?potentially dangerous: the value cannot be determined and may come from program input]. - Determines the value that is cast in the Cast Alters Value warning later.
hide
Cast Alters Value
atoi(port) is cast from int to unsigned int. - atoi(port) could be -1 or lower.
- Negative values cannot be stored as unsigned int. Casting them to unsigned int can cause data loss or sign change.
The issue can occur if the highlighted code executes. See related event 11. Show: All events | Only primary events |
|
| |