(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/mail-storage.c) |
| |
| 160 | | | int mail_storage_create(struct mail_namespace *ns, const char *driver, |
| 161 | | | const char *data, enum mail_storage_flags flags, |
| 162 | | | enum file_lock_method lock_method, |
| 163 | | | const char **error_r) |
| 164 | | | { |
| 165 | | | struct mail_storage *storage_class, *storage = NULL; |
Event 1:
storage is set to NULL. - Dereferenced later, causing the null pointer dereference.
hide
|
|
| 166 | | | struct mail_storage *const *classes; |
| 167 | | | const char *home, *value; |
| 168 | | | unsigned int i, count; |
| 169 | | | |
| 170 | | | if (data == NULL) |
Event 2:
Taking false branch. data == (void *)0 evaluates to false.
hide
|
|
| 171 | | | data = ""; |
| 172 | | | else if (driver == NULL) |
Event 3:
Taking true branch. driver == (void *)0 evaluates to true.
hide
|
|
| 173 | | | mail_storage_set_autodetection(&data, &driver, &flags); |
| 174 | | | |
| 175 | | | if (*data == '\0' && driver == NULL) { |
| 176 | | | |
| 177 | [+] | | classes = array_get(&storages, &count);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
156 | #define array_get(array, count) \ |
157 | ARRAY_TYPE_CAST_CONST(array)array_get_i(&(array)->arr, count) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
43 | # define ARRAY_TYPE_CAST_CONST(array) \ |
44 | (typeof(*(array)->v)) |
| |
|
 |
| 178 | | | } else if (driver == NULL) { |
| 179 | | | storage_class = mail_storage_autodetect(data, flags); |
| 180 | | | if (storage_class == NULL) { |
| 181 | | | *error_r = t_strdup_printf( |
| 182 | | | "Ambiguous mail location setting, " |
| 183 | | | "don't know what to do with it: %s " |
| 184 | | | "(try prefixing it with mbox: or maildir:)", |
| 185 | | | data); |
| 186 | | | return -1; |
| 187 | | | } |
| 188 | | | classes = &storage_class; |
| 189 | | | count = 1; |
| 190 | | | } else { |
| 191 | | | storage_class = mail_storage_find_class(driver); |
| 192 | | | if (storage_class == NULL) { |
| 193 | | | *error_r = t_strdup_printf( |
| 194 | | | "Unknown mail storage driver %s", driver); |
| 195 | | | return -1; |
| 196 | | | } |
| 197 | | | classes = &storage_class; |
| 198 | | | count = 1; |
| 199 | | | } |
| 200 | | | |
| 201 | | | for (i = 0; i < count; i++) { |
Event 5:
Leaving loop. i < count evaluates to false.
hide
|
|
| 202 | | | storage = classes[i]->v.alloc(); |
| 203 | | | storage->flags = flags; |
| 204 | | | storage->lock_method = lock_method; |
| 205 | | | storage->ns = ns; |
| 206 | | | |
| 207 | | | storage->callbacks = |
| 208 | | | p_new(storage->pool, struct mail_storage_callbacks, 1);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/mempool.h |
| |
84 | #define p_new(pool, type, count) \ |
85 | ((type *) p_malloc(pool, sizeof(type) * (count))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/mempool.h |
| |
87 | #define p_malloc(pool, size) (pool)->v->malloc(pool, size) |
| |
|
| 209 | | | p_array_init(&storage->module_contexts, storage->pool, 5);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
35 | #define p_array_init(array, pool, init_count) \ |
36 | array_create(array, pool, sizeof(**(array)->v), init_count) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
75 | #define array_create(array, pool, element_size, init_count) \ |
76 | array_create_i(&(array)->arr, pool, element_size, init_count) |
| |
|
| 210 | | | |
| 211 | | | if (classes[i]->v.create(storage, data, error_r) == 0) |
| 212 | | | break; |
| 213 | | | |
| 214 | | | if ((flags & MAIL_STORAGE_FLAG_DEBUG) != 0 && count > 1) { |
| 215 | | | i_info("%s: Couldn't create mail storage %s: %s", |
| 216 | | | classes[i]->name, data, *error_r); |
| 217 | | | } |
| 218 | | | |
| 219 | | | |
| 220 | | | pool_unref(&storage->pool); |
| 221 | | | } |
| 222 | | | if (i == count) { |
Event 6:
Skipping " if". i == count evaluates to false.
hide
|
|
| 223 | | | if (count <= 1) { |
| 224 | | | *error_r = t_strdup_printf("%s: %s", classes[0]->name, |
| 225 | | | *error_r); |
| 226 | | | return -1; |
| 227 | | | } |
| 228 | | | |
| 229 | | | (void)mail_user_get_home(ns->user, &home); |
| 230 | | | if (home == NULL || *home == '\0') home = "(not set)"; |
| 231 | | | |
| 232 | | | *error_r = t_strdup_printf( |
| 233 | | | "Mail storage autodetection failed with home=%s", home); |
| 234 | | | return -1; |
| 235 | | | } |
| 236 | | | |
| 237 | | | value = getenv("MAIL_MAX_KEYWORD_LENGTH"); |
| 238 | | | storage->keyword_max_len = value != NULL ? |
Event 7:
value != (void *)0 evaluates to false.
hide
|
|
| 239 | | | atoi(value) : DEFAULT_MAX_KEYWORD_LENGTH; |
Null Pointer Dereference
storage is dereferenced here, but it is NULL. The issue can occur if the highlighted code executes. See related event 1. Show: All events | Only primary events |
|
| |