(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/auth/mech-otp.c) |
| |
| 97 | | | mech_otp_auth_phase1(struct auth_request *auth_request, |
| 98 | | | const unsigned char *data, size_t data_size) |
| 99 | | | { |
| 100 | | | struct otp_auth_request *request = |
| 101 | | | (struct otp_auth_request *)auth_request; |
| 102 | | | const char *authzid, *authenid, *error; |
| 103 | | | size_t i, count; |
| 104 | | | |
| 105 | | | |
| 106 | | | |
| 107 | | | authzid = (const char *) data; |
Unused Value
The value assigned to authzid is never subsequently used on any execution path. |
|
| 108 | | | authenid = NULL; |
| 109 | | | |
| 110 | | | count = 0; |
| 111 | | | for (i = 0; i < data_size; i++) { |
| 112 | | | if (data[i] == '\0') { |
| 113 | | | if (++count == 1) |
| 114 | | | authenid = (const char *) data + i + 1; |
| 115 | | | } |
| 116 | | | } |
| 117 | | | |
| 118 | | | if ((count < 1) || (count > 2)) { |
| 119 | | | auth_request_log_error(&request->auth_request, "otp", |
| 120 | | | "invalid input"); |
| 121 | | | auth_request_fail(auth_request); |
| 122 | | | return; |
| 123 | | | } |
| 124 | | | |
| 125 | | | if (!auth_request_set_username(auth_request, authenid, &error)) { |
| 126 | | | auth_request_log_info(auth_request, "otp", "%s", error); |
| 127 | | | auth_request_fail(auth_request); |
| 128 | | | return; |
| 129 | | | } |
| 130 | | | |
| 131 | | | auth_request_lookup_credentials(auth_request, "OTP", |
| 132 | | | otp_credentials_callback); |
| 133 | | | } |
| |