(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/restrict-access.c) |
| |
| 252 | | | void restrict_access_by_env(bool disallow_root) |
| 253 | | | { |
| 254 | | | const char *env; |
| 255 | | | uid_t uid; |
| 256 | | | bool is_root, have_root_group, preserve_groups = FALSE; |
| 257 | | | bool allow_root_gid; |
| 258 | | | |
| 259 | | | is_root = geteuid() == 0; |
| 260 | | | |
| 261 | | | |
| 262 | | | env = getenv("RESTRICT_SETGID"); |
| 263 | | | process_primary_gid = env == NULL || *env == '\0' ? (gid_t)-1 : |
| 264 | | | (gid_t)strtoul(env, NULL, 10); |
| 265 | | | env = getenv("RESTRICT_SETGID_PRIV"); |
| 266 | | | process_privileged_gid = env == NULL || *env == '\0' ? (gid_t)-1 : |
| 267 | | | (gid_t)strtoul(env, NULL, 10); |
| 268 | | | |
| 269 | | | have_root_group = process_primary_gid == 0; |
| 270 | | | if (process_primary_gid != (gid_t)-1 || |
| 271 | | | process_privileged_gid != (gid_t)-1) { |
| 272 | | | if (process_primary_gid == (gid_t)-1) |
| 273 | | | process_primary_gid = getegid(); |
| 274 | | | restrict_init_groups(process_primary_gid, |
| 275 | | | process_privileged_gid); |
| 276 | | | } else { |
| 277 | | | if (process_primary_gid == (gid_t)-1) |
| 278 | | | process_primary_gid = getegid(); |
| 279 | | | } |
| 280 | | | |
| 281 | | | |
| 282 | | | env = getenv("RESTRICT_USER"); |
| 283 | | | if (env != NULL && *env != '\0' && is_root) { |
| 284 | | | if (initgroups(env, process_primary_gid) < 0) { |
| 285 | | | i_fatal("initgroups(%s, %s) failed: %m", |
| 286 | | | env, get_gid_str(process_primary_gid)); |
| 287 | | | } |
| 288 | | | preserve_groups = TRUE; |
| 289 | | | } |
| 290 | | | |
| 291 | | | |
| 292 | | | |
| 293 | | | env = getenv(""); |
Ignored Return Value
The return value of getenv() is never checked in the highlighted execution scenario. - If the return value can indicate an error, the error will be ignored if the highlighted code executes.
- The return value of getenv() is checked 99% of the time in this project. CodeSonar is configured to enforce Ignored Return Value checks for any function whose return value is checked at least 96% of the time, unless the function is used fewer than 20 times. (To modify these thresholds, use configuration file parameters RETURN_CHECKER_SAMPLE_SIZE and RETURN_CHECKER_RATIO. To exempt getenv() from the Ignored Return Value check, use configuration file parameter RETURN_CHECKER_IGNORED_FUNCS).
Show: All events | Only primary events |
|
| 294 | | | if (is_root) T_BEGIN {
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/data-stack.h |
| |
49 | #define T_BEGIN \ |
50 | STMT_START { unsigned int _data_stack_cur_id = t_push(); |
| |
|
Event 2:
Skipping " if". is_root evaluates to false.
hide
|
|
| 295 | | | fix_groups_list(env, preserve_groups, &have_root_group); |
| 296 | | | } T_END; |
| 297 | | | |
| 298 | | | |
| 299 | | | env = getenv("RESTRICT_CHROOT"); |
| 300 | | | if (env != NULL && *env != '\0') { |
| 301 | | | |
| 302 | | | |
| 303 | | | const char *home = getenv("HOME"); |
| 304 | | | time_t t = 0; |
| 305 | | | (void)localtime(&t); |
| 306 | | | |
| 307 | | | if (chroot(env) != 0) |
Event 4:
Skipping " if". chroot(env) != 0 evaluates to false.
hide
|
|
| 308 | | | i_fatal("chroot(%s) failed: %m", env); |
| 309 | | | |
| 310 | | | if (home != NULL) { |
Event 5:
Skipping " if". home != (void *)0 evaluates to false.
hide
|
|
| 311 | | | if (chdir(home) < 0) { |
| 312 | | | i_error("chdir(%s) failed: %m", home); |
| 313 | | | home = NULL; |
| 314 | | | } |
| 315 | | | } |
| 316 | | | if (home == NULL) { |
Event 6:
Taking true branch. home == (void *)0 evaluates to true.
hide
|
|
| 317 | | | if (chdir("/") != 0) |
Event 7:
Skipping " if". chdir("/") != 0 evaluates to false.
hide
|
|
| 318 | | | i_fatal("chdir(/) failed: %m"); |
| 319 | | | } |
| 320 | | | } |
| 321 | | | |
| 322 | | | |
| 323 | | | env = getenv("RESTRICT_SETUID"); |
| 324 | | | uid = env == NULL || *env == '\0' ? 0 : (uid_t)strtoul(env, NULL, 10); |
Event 8:
env == (void *)0 evaluates to false.
hide
Event 9:
*env == 0 evaluates to false.
hide
|
|
| 325 | | | if (uid != 0) { |
Event 10:
Taking true branch. uid != 0 evaluates to true.
hide
|
|
| 326 | | | if (setuid(uid) != 0) { |
Event 11:
Skipping " if". setuid(uid) != 0 evaluates to false.
hide
|
|
| 327 | | | i_fatal("setuid(%s) failed with euid=%s: %m", |
| 328 | | | get_uid_str(uid), get_uid_str(geteuid())); |
| 329 | | | } |
| 330 | | | } |
| 331 | | | |
| 332 | | | |
| 333 | | | if (uid != 0 || disallow_root) { |
Event 12:
Taking true branch. uid != 0 evaluates to true.
hide
|
|
| 334 | | | if (setuid(0) == 0) { |
Event 13:
Skipping " if". setuid(0) == 0 evaluates to false.
hide
|
|
| 335 | | | if (uid == 0) |
| 336 | | | i_fatal("Running as root isn't permitted"); |
| 337 | | | i_fatal("We couldn't drop root privileges"); |
| 338 | | | } |
| 339 | | | } |
| 340 | | | |
| 341 | | | env = getenv("RESTRICT_GID_FIRST"); |
| 342 | | | if (env != NULL && atoi(env) != 0) |
| 343 | | | allow_root_gid = FALSE; |
| 344 | | | else if (process_primary_gid == 0 || process_privileged_gid == 0) |
| 345 | | | allow_root_gid = TRUE; |
Event 16:
!0 evaluates to true.
hide
|
|
| 346 | | | else |
| 347 | | | allow_root_gid = FALSE; |
| 348 | | | |
| 349 | | | if (!allow_root_gid && uid != 0) { |
Event 17:
Skipping " if". allow_root_gid evaluates to true.
hide
|
|
| 350 | | | if (getgid() == 0 || getegid() == 0 || setgid(0) == 0) { |
| 351 | | | if (process_primary_gid == 0) |
| 352 | | | i_fatal("GID 0 isn't permitted"); |
| 353 | | | i_fatal("We couldn't drop root group privileges " |
| 354 | | | "(wanted=%s, gid=%s, egid=%s)", |
| 355 | | | get_gid_str(process_primary_gid), |
| 356 | | | get_gid_str(getgid()), get_gid_str(getegid())); |
| 357 | | | } |
| 358 | | | } |
| 359 | | | |
| 360 | | | |
| 361 | | | env_put("RESTRICT_USER="); |
| 362 | | | env_put("RESTRICT_CHROOT="); |
| 363 | | | env_put("RESTRICT_SETUID="); |
| 364 | | | if (process_privileged_gid == (gid_t)-1) { |
Event 18:
Skipping " if". process_privileged_gid == (gid_t)-1 evaluates to false.
hide
|
|
| 365 | | | |
| 366 | | | |
| 367 | | | |
| 368 | | | env_put("RESTRICT_SETGID="); |
| 369 | | | env_put("RESTRICT_SETGID_PRIV="); |
| 370 | | | } |
| 371 | | | env_put("="); |
| 372 | | | env_put("RESTRICT_GID_FIRST="); |
| 373 | | | env_put("RESTRICT_GID_LAST="); |
| 374 | | | } |
| |