(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/auth/mech-plain.c) |
| |
| 10 | | | mech_plain_auth_continue(struct auth_request *request, |
| 11 | | | const unsigned char *data, size_t data_size) |
| 12 | | | { |
| 13 | | | const char *authid, *authenid, *error; |
| 14 | | | char *pass; |
| 15 | | | size_t i, len; |
| 16 | | | int count; |
| 17 | | | |
| 18 | | | |
| 19 | | | |
| 20 | | | authid = (const char *) data; |
| 21 | | | authenid = NULL; pass = NULL; |
| 22 | | | |
| 23 | | | count = 0; |
| 24 | | | for (i = 0; i < data_size; i++) { |
Event 1:
The loop is executed one or more times.
hide
|
|
| 25 | | | if (data[i] == '\0') { |
| 26 | | | if (++count == 1) |
| 27 | | | authenid = (const char *) data + i+1; |
| 28 | | | else { |
| 29 | | | i++; |
| 30 | | | len = data_size - i; |
| 31 | | | pass = p_strndup(unsafe_data_stack_pool, |
| 32 | | | data+i, len); |
| 33 | | | break; |
| 34 | | | } |
| 35 | | | } |
| 36 | | | } |
| 37 | | | |
| 38 | | | if (authenid != NULL && strcmp(authid, authenid) == 0) { |
Event 2:
Skipping " if". - authenid != (void *)0 evaluates to true.
- strcmp(authid, authenid) == 0 evaluates to false.
hide
|
|
| 39 | | | |
| 40 | | | authid = ""; |
| 41 | | | } |
| 42 | | | |
| 43 | | | if (count != 2) { |
Event 3:
Taking false branch. count != 2 evaluates to false.
hide
|
|
| 44 | | | |
| 45 | | | auth_request_log_info(request, "plain", "invalid input"); |
| 46 | | | auth_request_fail(request); |
| 47 | [+] | | } else if (!auth_request_set_username(request, authenid, &error)) { |
Event 4:
auth_request_set_username() does not initialize error. - This may be because of a failure case or other special case for auth_request_set_username().
hide
|
|
 |
| 48 | | | |
| 49 | | | auth_request_log_info(request, "plain", "%s", error); |
| 50 | | | auth_request_fail(request); |
| 51 | | | } else if (*authid != '\0' && |
Event 10:
Skipping " if". *authid != 0 evaluates to true.
hide
|
|
| 52 | [+] | | !auth_request_set_login_username(request, authid, &error)) { |
Event 11:
auth_request_set_login_username() does not initialize error. - This may be because of a failure case or other special case for auth_request_set_login_username().
hide
|
|
 |
| 53 | | | |
| 54 | | | auth_request_log_info(request, "plain", |
| 55 | | | "login user: %s", error); |
Uninitialized Variable
error was not initialized. The issue can occur if the highlighted code executes. See related events 4, 11, and 18. Show: All events | Only primary events |
|
| |