(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/plugins/imap-quota/imap-quota-plugin.c) |
| |
| 66 | | | static bool cmd_getquotaroot(struct client_command_context *cmd) |
| 67 | | | { |
| 68 | | | struct client *client = cmd->client; |
| 69 | | | struct mail_storage *storage; |
| 70 | | | struct mail_namespace *ns; |
| 71 | | | struct mailbox *box; |
| 72 | | | struct quota_root_iter *iter; |
| 73 | | | struct quota_root *root; |
| 74 | | | const char *orig_mailbox, *mailbox, *name; |
| 75 | | | string_t *str; |
| 76 | | | |
| 77 | | | |
| 78 | | | if (!client_read_string_args(cmd, 1, &mailbox)) |
| 79 | | | return FALSE; |
| 80 | | | |
| 81 | | | orig_mailbox = mailbox; |
| 82 | | | storage = client_find_storage(cmd, &mailbox); |
| 83 | | | if (storage == NULL) |
| 84 | | | return TRUE; |
| 85 | | | |
| 86 | | | box = mailbox_open(&storage, mailbox, NULL, (MAILBOX_OPEN_READONLY | |
| 87 | | | MAILBOX_OPEN_FAST | |
| 88 | | | MAILBOX_OPEN_KEEP_RECENT)); |
| 89 | | | if (box == NULL) { |
| 90 | | | client_send_storage_error(cmd, storage); |
| 91 | | | return TRUE; |
| 92 | | | } |
| 93 | | | |
| 94 | | | ns = mail_storage_get_namespace(storage); |
| 95 | | | if (quota_set == NULL) { |
| 96 | | | mailbox_close(&box); |
| 97 | | | client_send_tagline(cmd, "OK No quota."); |
| 98 | | | return TRUE; |
| 99 | | | } |
| 100 | | | if (ns->owner != NULL && ns->owner != client->user && |
| 101 | | | !client->user->admin) { |
| 102 | | | mailbox_close(&box); |
| 103 | | | client_send_tagline(cmd, "NO Not showing other users' quota."); |
| 104 | | | return TRUE; |
| 105 | | | } |
| 106 | | | |
| 107 | | | |
| 108 | | | str = t_str_new(128); |
| 109 | | | str_append(str, "* QUOTAROOT "); |
| 110 | | | imap_quote_append_string(str, orig_mailbox, FALSE);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-imap/imap-quote.h |
| |
14 | #define imap_quote_append_string(str, value, compress_lwsp) \ |
15 | imap_quote_append(str, (const unsigned char *)(value), \ |
16 | (size_t)-1, compress_lwsp) |
| |
|
| 111 | | | |
| 112 | | | iter = quota_root_iter_init(box); |
| 113 | | | while ((root = quota_root_iter_next(iter)) != NULL) { |
| 114 | | | str_append_c(str, ' '); |
| 115 | | | name = imap_quota_root_get_name(client->user, ns->owner, root); |
| 116 | | | imap_quote_append_string(str, name, FALSE);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-imap/imap-quote.h |
| |
14 | #define imap_quote_append_string(str, value, compress_lwsp) \ |
15 | imap_quote_append(str, (const unsigned char *)(value), \ |
16 | (size_t)-1, compress_lwsp) |
| |
|
| 117 | | | } |
| 118 | | | quota_root_iter_deinit(&iter); |
| 119 | | | client_send_line(client, str_c(str)); |
Format String
client_send_line() is being called with a format string that is not constant. The format string (second argument) may not match the other arguments to client_send_line(); this could lead to security or stability problems. client_send_line() passes its second argument to another function that takes a format string. |
|
| 120 | | | |
| 121 | | | |
| 122 | | | iter = quota_root_iter_init(box); |
| 123 | | | while ((root = quota_root_iter_next(iter)) != NULL) |
| 124 | | | quota_send(cmd, ns->owner, root); |
| 125 | | | quota_root_iter_deinit(&iter); |
| 126 | | | mailbox_close(&box); |
| 127 | | | |
| 128 | | | client_send_tagline(cmd, "OK Getquotaroot completed."); |
| 129 | | | return TRUE; |
| 130 | | | } |
| |