(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/auth/password-scheme.c) |
| |
| 277 | | | crypt_generate(const char *plaintext, const char *user ATTR_UNUSED, |
| 278 | | | const unsigned char **raw_password_r, size_t *size_r) |
| 279 | | | { |
| 280 | | | char salt[3]; |
| 281 | | | const char *password; |
| 282 | | | |
| 283 | | | random_fill(salt, sizeof(salt)-1); |
| 284 | | | salt[0] = salt_chars[salt[0] % (sizeof(salt_chars)-1)]; |
| 285 | | | salt[1] = salt_chars[salt[1] % (sizeof(salt_chars)-1)]; |
| 286 | | | salt[2] = '\0'; |
| 287 | | | |
| 288 | [+] | | password = t_strdup(mycrypt(plaintext, salt)); |
 |
| 289 | | | *raw_password_r = (const unsigned char *)password; |
| 290 | | | *size_r = strlen(password); |
Event 5:
password, which evaluates to NULL, is passed to __builtin_strlen(). See related event 4.
hide
Null Pointer Dereference
The body of __builtin_strlen() dereferences password, but it is NULL. The issue can occur if the highlighted code executes. See related event 5. Show: All events | Only primary events |
|
| |