(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/auth/main.c) |
| |
| 122 | | | static int create_unix_listener(const char *env, int backlog) |
| 123 | | | { |
| 124 | | | const char *path, *mode, *user, *group; |
| 125 | | | mode_t old_umask; |
| 126 | | | unsigned int mask; |
| 127 | | | uid_t uid; |
| 128 | | | gid_t gid; |
| 129 | | | int fd; |
| 130 | | | |
| 131 | | | path = getenv(env); |
| 132 | | | if (path == NULL) |
Event 3:
Skipping " if". path == (void *)0 evaluates to false.
hide
|
|
| 133 | | | return -1; |
| 134 | | | |
| 135 | | | mode = getenv(t_strdup_printf("%s_MODE", env)); |
| 136 | | | if (mode == NULL) |
Event 4:
Taking true branch. mode == (void *)0 evaluates to true.
hide
|
|
| 137 | | | mask = 0177; |
| 138 | | | else { |
| 139 | | | if (sscanf(mode, "%o", &mask) != 1) |
| 140 | | | i_fatal("%s: Invalid mode %s", env, mode); |
| 141 | | | mask = (mask ^ 0777) & 0777; |
| 142 | | | } |
| 143 | | | |
| 144 | | | old_umask = umask(mask); |
| 145 | [+] | | fd = net_listen_unix_unlink_stale(path, backlog); |
Event 5:
path, which evaluates to getenv(env) from main.c:131, is passed to net_listen_unix_unlink_stale() as the first argument. See related event 2.
hide
|
|
 |
| 146 | | | umask(old_umask); |
| 147 | | | if (fd == -1) { |
Event 13:
Skipping " if". fd == -1 evaluates to false.
hide
|
|
| 148 | | | if (errno == EADDRINUSE)
x /usr/include/asm-generic/errno.h |
| |
71 | #define EADDRINUSE 98 /* Address already in use */ |
| |
|
| 149 | | | i_fatal("Socket already exists: %s", path); |
| 150 | | | else |
| 151 | | | i_fatal("net_listen_unix(%s) failed: %m", path); |
| 152 | | | } |
| 153 | | | |
| 154 | | | user = getenv(t_strdup_printf("%s_USER", env)); |
| 155 | | | group = getenv(t_strdup_printf("%s_GROUP", env)); |
| 156 | | | |
| 157 | | | uid = get_uid(user); gid = get_gid(group); |
| 158 | | | if (chown(path, uid, gid) < 0) { |
Event 14:
path, which evaluates to getenv(env) from main.c:131, is passed to chown() as the first argument. See related event 2.
hide
File System Race Condition
The file named path is accessed again. Another process may have changed the file since the access at network.c:403. For example, an attacker could replace the original file with a link to a file containing important or confidential data. The issue can occur if the highlighted code executes. See related events 8 and 14. Show: All events | Only primary events |
|
| |