(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/file-dotlock.c) |
| |
| 458 | | | dotlock_create(struct dotlock *dotlock, enum dotlock_create_flags flags, |
| 459 | | | bool write_pid, const char **lock_path_r) |
| 460 | | | { |
| 461 | | | const struct dotlock_settings *set = &dotlock->settings; |
| 462 | | | const char *lock_path; |
| 463 | | | struct lock_info lock_info; |
| 464 | | | struct stat st; |
| 465 | | | unsigned int stale_notify_threshold; |
| 466 | | | unsigned int change_secs, wait_left; |
| 467 | | | time_t now, max_wait_time, last_notify; |
| 468 | | | time_t prev_last_change = 0, prev_wait_update = 0; |
| 469 | | | string_t *tmp_path; |
| 470 | | | int ret; |
| 471 | | | bool do_wait; |
| 472 | | | |
| 473 | | | now = time(NULL); |
| 474 | | | |
| 475 | | | lock_path = *lock_path_r = |
| 476 | | | t_strconcat(dotlock->path, set->lock_suffix, NULL); |
| 477 | | | stale_notify_threshold = set->stale_timeout / 2; |
| 478 | | | max_wait_time = (flags & DOTLOCK_CREATE_FLAG_NONBLOCK) != 0 ? 0 : |
Event 1:
(flags & DOTLOCK_CREATE_FLAG_NONBLOCK) != 0 evaluates to true.
hide
|
|
| 479 | | | now + set->timeout; |
| 480 | | | tmp_path = t_str_new(256); |
| 481 | | | |
| 482 | | | memset(&lock_info, 0, sizeof(lock_info)); |
| 483 | | | lock_info.path = dotlock->path; |
| 484 | | | lock_info.set = set; |
| 485 | | | lock_info.lock_path = lock_path; |
| 486 | | | lock_info.fd = -1; |
Event 2:
lock_info.fd is set to -1. - Determines the file descriptor in the Negative File Descriptor warning later.
hide
|
|
| 487 | | | lock_info.use_io_notify = set->use_io_notify; |
| 488 | | | |
| 489 | | | last_notify = 0; do_wait = FALSE; |
| 490 | | | |
| 491 | | | do { |
| 492 | | | if (do_wait) { |
| 493 | | | if (prev_last_change != lock_info.last_change) { |
| 494 | | | |
| 495 | | | |
| 496 | | | lock_info.wait_usecs = LOCK_RANDOM_USLEEP_TIME;
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/file-dotlock.c |
| |
25 | #define LOCK_RANDOM_USLEEP_TIME (100000 + (unsigned int)rand() % 100000) |
| |
|
| 497 | | | prev_last_change = lock_info.last_change; |
| 498 | | | prev_wait_update = now; |
| 499 | | | } else if (prev_wait_update != now && |
| 500 | | | lock_info.wait_usecs < LOCK_MAX_WAIT_USECS) { |
| 501 | | | |
| 502 | | | |
| 503 | | | prev_wait_update = now; |
| 504 | | | lock_info.wait_usecs += lock_info.wait_usecs/2; |
| 505 | | | } |
| 506 | | | dotlock_wait(&lock_info); |
| 507 | | | do_wait = FALSE; |
| 508 | | | } |
| 509 | | | |
| 510 | [+] | | ret = check_lock(now, &lock_info); |
 |
| 511 | | | if (ret < 0) |
| 512 | | | break; |
| 513 | | | |
| 514 | | | if (ret == 1) { |
| 515 | | | if ((flags & DOTLOCK_CREATE_FLAG_CHECKONLY) != 0) |
| 516 | | | break; |
| 517 | | | |
| 518 | | | ret = set->use_excl_lock ? |
| 519 | | | try_create_lock_excl(&lock_info, write_pid) : |
| 520 | | | try_create_lock_hardlink(&lock_info, write_pid, |
| 521 | | | tmp_path); |
| 522 | | | if (ret != 0) |
| 523 | | | break; |
| 524 | | | } |
| 525 | | | |
| 526 | | | do_wait = TRUE; |
| 527 | | | if (last_notify != now && set->callback != NULL) { |
| 528 | | | last_notify = now; |
| 529 | | | change_secs = now - lock_info.last_change; |
| 530 | | | wait_left = max_wait_time - now; |
| 531 | | | |
| 532 | | | if (change_secs >= stale_notify_threshold && |
| 533 | | | change_secs <= wait_left) { |
| 534 | | | unsigned int secs_left = |
| 535 | | | set->stale_timeout < change_secs ? |
| 536 | | | 0 : set->stale_timeout - change_secs; |
| 537 | | | if (!set->callback(secs_left, TRUE, |
| 538 | | | set->context)) { |
| 539 | | | |
| 540 | | | lock_info.last_change = now; |
| 541 | | | } |
| 542 | | | } else if (wait_left > 0) { |
| 543 | | | (void)set->callback(wait_left, FALSE, |
| 544 | | | set->context); |
| 545 | | | } |
| 546 | | | } |
| 547 | | | |
| 548 | | | now = time(NULL); |
| 549 | | | } while (now < max_wait_time); |
| 550 | | | |
| 551 | | | if (ret > 0) { |
Event 9:
Taking true branch. ret > 0 evaluates to true.
hide
|
|
| 552 | | | if (fstat(lock_info.fd, &st) < 0) { |
Event 10:
lock_info.fd, which evaluates to -1, is passed to fstat64() as the first argument. See related event 2.
hide
Negative file descriptor
File descriptor argument lock_info.fd has value -1. - fstat64() will fail when called with a negative file descriptor.
The issue can occur if the highlighted code executes. See related event 10. Show: All events | Only primary events |
|
| |