(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/master/main.c) |
| |
| 80 | | | static void fatal_log_check(void) |
| 81 | | | { |
| 82 | | | const struct settings *set = settings_root->defaults; |
| 83 | | | const char *path; |
| 84 | | | char buf[1024]; |
| 85 | | | ssize_t ret; |
| 86 | | | int fd; |
| 87 | | | |
| 88 | | | path = t_strconcat(set->base_dir, "/"FATAL_FILENAME, NULL); |
| 89 | | | fd = open(path, O_RDONLY); |
| 90 | | | if (fd == -1) |
Event 2:
Skipping " if". fd == -1 evaluates to false.
hide
|
|
| 91 | | | return; |
| 92 | | | |
| 93 | | | ret = read(fd, buf, sizeof(buf)); |
Event 3:
1024 is passed to read() as the third argument.
hide
Event 4:
read() returns a potentially dangerous value [ ?potentially dangerous: the value cannot be determined and may come from program input]. - This determines the position accessed in the buffer during the buffer overrun later.
hide
Event 5:
Considering the case where read(fd, buf, sizeof( buf )) is at least 1.
hide
Event 6:
Considering the case where read(fd, buf, sizeof( buf )) is no more than 1024. See related event 3.
hide
Event 7:
ret is set to read(fd, buf, sizeof( buf )). See related event 4.
hide
|
|
| 94 | | | if (ret < 0) |
Event 8:
Taking false branch. ret < 0 evaluates to false.
hide
|
|
| 95 | | | i_error("read(%s) failed: %m", path); |
| 96 | | | else { |
| 97 | | | buf[ret] = '\0'; |
Buffer Overrun
This code could write past the end of buf. - The code writes 1 byte starting at offset ret from the beginning of buf, whose capacity is 1024 bytes.
- The number of bytes written could exceed the number of allocated bytes beyond that offset.
- ret evaluates to read(fd, buf, sizeof( buf )) from main.c:93, which is bounded above by 1024 and the length of the string pointed to by buf and below by 1. See related event 7.
- If ret is higher than 1023, an overrun will occur. The analysis cannot rule out this possibility, so has issued this warning.
- The overrun occurs in stack memory.
The issue can occur if the highlighted code executes. See related events 5, 6, and 7. Show: All events | Only primary events |
|
| |