(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/auth/password-scheme.c) |
| |
| 599 | | | static bool otp_verify(const char *plaintext, const char *user ATTR_UNUSED, |
| 600 | | | const unsigned char *raw_password, size_t size) |
| 601 | | | { |
| 602 | | | const char *password; |
| 603 | | | |
| 604 | [+] | | password = t_strndup(raw_password, size); |
 |
| 605 | | | return strcasecmp(password, |
Event 10:
password, which evaluates to NULL, is passed to strcasecmp() as the first argument. See related event 9.
hide
Null Pointer Dereference
The body of strcasecmp() dereferences password, but it is NULL. The issue can occur if the highlighted code executes. See related event 10. Show: All events | Only primary events |
|
| 606 | | | password_generate_otp(plaintext, password, -1)) == 0; |
| |