(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/auth/mech-otp.c) |
| |
| 203 | | | mech_otp_auth_phase2(struct auth_request *auth_request, |
| 204 | | | const unsigned char *data, size_t data_size) |
| 205 | | | { |
| 206 | [+] | | const char *str = t_strndup(data, data_size); |
 |
| 207 | | | |
| 208 | | | if (strncmp(str, "hex:", 4) == 0) { |
Event 10:
str, which evaluates to NULL, is passed to strncmp() as the first argument. See related event 9.
hide
Null Pointer Dereference
The body of strncmp() dereferences str, but it is NULL. The issue can occur if the highlighted code executes. See related event 10. Show: All events | Only primary events |
|
| |