(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/index/cydir/cydir-storage.c) |
| |
| 308 | | | cydir_list_delete_mailbox(struct mailbox_list *list, const char *name) |
| 309 | | | { |
| 310 | | | struct cydir_storage *storage = CYDIR_LIST_CONTEXT(list);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/module-context.h |
| |
46 | #define MODULE_CONTEXT(obj, id_ctx) \ |
47 | (*((void **)array_idx_modifiable(&(obj)->module_contexts, \ |
48 | (id_ctx).id.module_id) + \ |
49 | OBJ_REGISTER_COMPATIBLE(obj, id_ctx))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
179 | #define array_idx_modifiable(array, idx) \ |
180 | ARRAY_TYPE_CAST_MODIFIABLE(array) \ |
181 | array_idx_modifiable_i(&(array)->arr, idx) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
45 | # define ARRAY_TYPE_CAST_MODIFIABLE(array) \ |
46 | (typeof(*(array)->v_modifiable)) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/module-context.h |
| |
43 | #define OBJ_REGISTER_COMPATIBLE(obj, id_ctx) \ |
44 | COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(OBJ_REGISTER(obj), (id_ctx).reg) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
158 | # define COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(_a, _b) \ |
159 | COMPILE_ERROR_IF_TRUE( \ |
160 | !__builtin_types_compatible_p(typeof(_a), typeof(_b))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
156 | # define COMPILE_ERROR_IF_TRUE(condition) \ |
157 | (sizeof(char[1 - 2 * !!(condition)]) - 1) |
| |
|
| 311 | | | struct stat st; |
| 312 | | | const char *src; |
| 313 | | | |
| 314 | | | |
| 315 | | | |
| 316 | | | |
| 317 | | | |
| 318 | | | index_storage_destroy_unrefed(); |
| 319 | | | |
| 320 | | | |
| 321 | | | if (storage->list_module_ctx.super.delete_mailbox(list, name) < 0) |
Event 1:
Skipping " if". storage->list_module_ctx.super.delete_mailbox(...) < 0 evaluates to false.
hide
|
|
| 322 | | | return -1; |
| 323 | | | |
| 324 | | | |
| 325 | [+] | | src = mailbox_list_get_path(list, name, MAILBOX_LIST_PATH_TYPE_MAILBOX); |
 |
| 326 | | | if (stat(src, &st) != 0 && errno == ENOENT) {
x /usr/include/asm-generic/errno-base.h |
| |
5 | #define ENOENT 2 /* No such file or directory */ |
| |
|
Event 4:
src, which evaluates to list->v.get_path(...) from mailbox-list.c:446, is passed to stat64() as the first argument. See related event 3.
hide
Event 5:
stat64() accesses the file named src, where src is list->v.get_path(...) from mailbox-list.c:446. - The same name is used to access a file later, but it is not safe to assume that it will be the same underlying file.
See related event 4.
hide
Event 6:
Skipping " if". stat(src, &st) != 0 evaluates to false.
hide
|
|
| 327 | | | mailbox_list_set_error(list, MAIL_ERROR_NOTFOUND, |
| 328 | | | T_MAIL_ERR_MAILBOX_NOT_FOUND(name));
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/mail-error.h |
| |
19 | #define T_MAIL_ERR_MAILBOX_NOT_FOUND(name) \ |
20 | t_strdup_printf(MAIL_ERRSTR_MAILBOX_NOT_FOUND, name) |
| |
|
| 329 | | | return -1; |
| 330 | | | } |
| 331 | | | |
| 332 | [+] | | return cydir_delete_nonrecursive(list, src, name); |
Event 7:
src, which evaluates to list->v.get_path(...) from mailbox-list.c:446, is passed to cydir_delete_nonrecursive() as the second argument. See related events 3 and 4.
hide
|
|
 |
| |