(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/master/ssl-init.c) |
| |
| 83 | | | static bool check_parameters_file_set(struct settings *set) |
| 84 | | | { |
| 85 | | | const char *path; |
| 86 | | | struct stat st, st2; |
| 87 | | | time_t regen_time; |
| 88 | | | |
| 89 | | | if (strcmp(set->ssl, "no") == 0) |
Event 1:
Skipping " if". strcmp(set->ssl, "no") == 0 evaluates to false.
hide
|
|
| 90 | | | return TRUE; |
| 91 | | | |
| 92 | [+] | | path = t_strconcat(set->login_dir, "/"SSL_PARAMETERS_FILENAME, NULL); |
 |
| 93 | | | if (stat(path, &st) < 0) { |
Event 34:
Taking true branch. stat(path, &st) < 0 evaluates to true.
hide
|
|
| 94 | | | if (errno != ENOENT) {
x /usr/include/asm-generic/errno-base.h |
| |
5 | #define ENOENT 2 /* No such file or directory */ |
| |
|
Event 35:
Skipping " if". errno != 2 evaluates to false.
hide
|
|
| 95 | | | i_error("stat() failed for SSL parameters file %s: %m", |
| 96 | | | path); |
| 97 | | | return TRUE; |
| 98 | | | } |
| 99 | | | |
| 100 | | | st.st_mtime = 0;
x /usr/include/bits/stat.h |
| |
95 | # define st_mtime st_mtim.tv_sec |
| |
|
| 101 | | | } else if (st.st_size == 0) { |
| 102 | | | |
| 103 | | | st.st_mtime = 0;
x /usr/include/bits/stat.h |
| |
95 | # define st_mtime st_mtim.tv_sec |
| |
|
| 104 | | | (void)unlink(path); |
| 105 | | | } |
| 106 | | | |
| 107 | | | if (stat(SSL_PARAMETERS_PERM_PATH, &st2) == 0 &&
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/master/ssl-init.c |
| |
26 | #define SSL_PARAMETERS_PERM_PATH PKG_STATEDIR"/"SSL_PARAMETERS_FILENAME |
| |
|
| 108 | | | st.st_mtime < st2.st_mtime) {
x /usr/include/bits/stat.h |
| |
95 | # define st_mtime st_mtim.tv_sec |
| |
x /usr/include/bits/stat.h |
| |
95 | # define st_mtime st_mtim.tv_sec |
| |
|
| 109 | | | |
| 110 | [+] | | if (file_copy(SSL_PARAMETERS_PERM_PATH, path, TRUE) > 0) {
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/master/ssl-init.c |
| |
26 | #define SSL_PARAMETERS_PERM_PATH PKG_STATEDIR"/"SSL_PARAMETERS_FILENAME |
| |
|
Event 37:
Skipping " if". !0 evaluates to true.
hide
|
|
 |
| 111 | | | if (st.st_ino != st2.st_ino) { |
Event 44:
Taking true branch. st.st_ino != st2.st_ino evaluates to true.
hide
|
|
| 112 | | | |
| 113 | | | struct utimbuf ut; |
| 114 | | | |
| 115 | | | ut.actime = ut.modtime = st2.st_mtime;
x /usr/include/bits/stat.h |
| |
95 | # define st_mtime st_mtim.tv_sec |
| |
|
| 116 | | | if (utime(path, &ut) < 0) |
Event 45:
path, which evaluates to the value assigned to ret at data-stack.c:335, is passed to utime() as the first argument. See related event 33.
hide
Event 46:
utime() accesses the file named path, where path is the value assigned to ret at data-stack.c:335. - The same name is used to access a file later, but it is not safe to assume that it will be the same underlying file.
See related event 45.
hide
Event 47:
Skipping " if". utime(path, &ut) < 0 evaluates to false.
hide
|
|
| 117 | | | i_error("utime(%s) failed: %m", path); |
| 118 | | | } |
| 119 | | | if (stat(path, &st) < 0) |
Event 48:
path, which evaluates to the value assigned to ret at data-stack.c:335, is passed to stat64() as the first argument. See related event 33.
hide
File System Race Condition
The file named path is accessed again. Another process may have changed the file since the access at ssl-init.c:116. For example, an attacker could replace the original file with a link to a file containing important or confidential data. The issue can occur if the highlighted code executes. See related events 46 and 48. Show: All events | Only primary events |
|
| |