(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/auth/auth-request.c) |
| |
| 981 | | | void auth_request_set_field(struct auth_request *request, |
| 982 | | | const char *name, const char *value, |
| 983 | | | const char *default_scheme) |
| 984 | | | { |
| 985 | | | const char *p, *orig_value; |
| 986 | | | |
| 987 | | | i_assert(*name != '\0');
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
189 | #define i_assert(expr) STMT_START{ \ |
190 | if (unlikely(!(expr))) \ |
191 | i_panic("file %s: line %d (%s): assertion failed: (%s)", \ |
192 | __FILE__, \ |
193 | __LINE__, \ |
194 | __PRETTY_FUNCTION__, \ |
195 | #expr); }STMT_END |
| |
|
Event 1:
Skipping " if". *name != 0 evaluates to true.
hide
Event 2:
Skipping " if". !(*name != 0) evaluates to false.
hide
Event 3:
Skipping " if". !!(*name != 0) evaluates to true.
hide
Event 4:
Skipping " if". !!!(*name != 0) evaluates to false.
hide
Event 5:
Skipping " if". __builtin_expect(...) evaluates to false.
hide
|
|
| 988 | | | i_assert(value != NULL);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
189 | #define i_assert(expr) STMT_START{ \ |
190 | if (unlikely(!(expr))) \ |
191 | i_panic("file %s: line %d (%s): assertion failed: (%s)", \ |
192 | __FILE__, \ |
193 | __LINE__, \ |
194 | __PRETTY_FUNCTION__, \ |
195 | #expr); }STMT_END |
| |
|
Event 6:
Skipping " if". value != (void *)0 evaluates to true.
hide
Event 7:
Skipping " if". !(value != (void *)0) evaluates to false.
hide
Event 8:
Skipping " if". !!(value != (void *)0) evaluates to true.
hide
Event 9:
Skipping " if". !!!(value != (void *)0) evaluates to false.
hide
Event 10:
Skipping " if". __builtin_expect(...) evaluates to false.
hide
|
|
| 989 | | | |
| 990 | | | if (strcmp(name, "password") == 0) { |
Event 11:
Skipping " if". strcmp(name, "password") == 0 evaluates to false.
hide
|
|
| 991 | | | auth_request_set_password(request, value, |
| 992 | | | default_scheme, FALSE); |
| 993 | | | return; |
| 994 | | | } |
| 995 | | | if (strcmp(name, "password_noscheme") == 0) { |
Event 12:
Skipping " if". strcmp(...) == 0 evaluates to false.
hide
|
|
| 996 | | | auth_request_set_password(request, value, default_scheme, TRUE); |
| 997 | | | return; |
| 998 | | | } |
| 999 | | | |
| 1000 | | | if (strcmp(name, "user") == 0 || |
| 1001 | | | strcmp(name, "username") == 0 || strcmp(name, "domain") == 0) { |
| 1002 | | | |
| 1003 | | | orig_value = value; |
| 1004 | | | if (strcmp(name, "username") == 0 && |
Event 14:
Taking false branch. strcmp(name, "username") == 0 evaluates to false.
hide
|
|
| 1005 | | | strchr(value, '@') == NULL && |
| 1006 | | | (p = strchr(request->user, '@')) != NULL) { |
| 1007 | | | |
| 1008 | | | value = t_strconcat(value, p, NULL); |
| 1009 | | | } else if (strcmp(name, "domain") == 0) { |
Event 15:
Taking true branch. strcmp(name, "domain") == 0 evaluates to true.
hide
|
|
| 1010 | | | p = strchr(request->user, '@'); |
| 1011 | | | if (p == NULL) { |
Event 16:
Taking false branch. p == (void *)0 evaluates to false.
hide
|
|
| 1012 | | | |
| 1013 | | | value = t_strconcat(request->user, "@", |
| 1014 | | | value, NULL); |
| 1015 | | | } else { |
| 1016 | | | |
| 1017 | | | p = t_strdup_until(request->user, p + 1); |
| 1018 | [+] | | value = t_strconcat(p, value, NULL); |
 |
| 1019 | | | } |
| 1020 | | | } |
| 1021 | | | |
| 1022 | | | if (strcmp(request->user, value) != 0) { |
Event 23:
value, which evaluates to NULL, is passed to strcmp() as the second argument. See related event 22.
hide
Null Pointer Dereference
The body of strcmp() dereferences value, but it is NULL. The issue can occur if the highlighted code executes. See related event 23. Show: All events | Only primary events |
|
| |