(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/index/maildir/maildir-storage.c) |
| |
| 769 | | | maildir_list_delete_mailbox(struct mailbox_list *list, const char *name) |
| 770 | | | { |
| 771 | | | struct maildir_storage *storage = MAILDIR_LIST_CONTEXT(list);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/module-context.h |
| |
46 | #define MODULE_CONTEXT(obj, id_ctx) \ |
47 | (*((void **)array_idx_modifiable(&(obj)->module_contexts, \ |
48 | (id_ctx).id.module_id) + \ |
49 | OBJ_REGISTER_COMPATIBLE(obj, id_ctx))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
179 | #define array_idx_modifiable(array, idx) \ |
180 | ARRAY_TYPE_CAST_MODIFIABLE(array) \ |
181 | array_idx_modifiable_i(&(array)->arr, idx) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
45 | # define ARRAY_TYPE_CAST_MODIFIABLE(array) \ |
46 | (typeof(*(array)->v_modifiable)) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/module-context.h |
| |
43 | #define OBJ_REGISTER_COMPATIBLE(obj, id_ctx) \ |
44 | COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(OBJ_REGISTER(obj), (id_ctx).reg) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
158 | # define COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(_a, _b) \ |
159 | COMPILE_ERROR_IF_TRUE( \ |
160 | !__builtin_types_compatible_p(typeof(_a), typeof(_b))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
156 | # define COMPILE_ERROR_IF_TRUE(condition) \ |
157 | (sizeof(char[1 - 2 * !!(condition)]) - 1) |
| |
|
| 772 | | | struct stat st; |
| 773 | | | const char *src, *dest, *base; |
| 774 | | | int count; |
| 775 | | | |
| 776 | | | |
| 777 | | | |
| 778 | | | |
| 779 | | | |
| 780 | | | index_storage_destroy_unrefed(); |
| 781 | | | |
| 782 | | | |
| 783 | | | if (storage->list_module_ctx.super.delete_mailbox(list, name) < 0) |
Event 1:
Skipping " if". storage->list_module_ctx.super.delete_mailbox(...) < 0 evaluates to false.
hide
|
|
| 784 | | | return -1; |
| 785 | | | |
| 786 | | | |
| 787 | [+] | | src = mailbox_list_get_path(list, name, MAILBOX_LIST_PATH_TYPE_MAILBOX); |
 |
| 788 | | | if (lstat(src, &st) != 0 && errno == ENOENT) {
x /usr/include/asm-generic/errno-base.h |
| |
5 | #define ENOENT 2 /* No such file or directory */ |
| |
|
Event 4:
src, which evaluates to list->v.get_path(...) from mailbox-list.c:446, is passed to lstat64() as the first argument. See related event 3.
hide
Event 5:
lstat64() accesses the file named src, where src is list->v.get_path(...) from mailbox-list.c:446. - The same name is used to access a file later, but it is not safe to assume that it will be the same underlying file.
See related event 4.
hide
Event 6:
Skipping " if". lstat(src, &st) != 0 evaluates to false.
hide
|
|
| 789 | | | mailbox_list_set_error(list, MAIL_ERROR_NOTFOUND, |
| 790 | | | T_MAIL_ERR_MAILBOX_NOT_FOUND(name));
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/mail-error.h |
| |
19 | #define T_MAIL_ERR_MAILBOX_NOT_FOUND(name) \ |
20 | t_strdup_printf(MAIL_ERRSTR_MAILBOX_NOT_FOUND, name) |
| |
|
| 791 | | | return -1; |
| 792 | | | } |
| 793 | | | |
| 794 | | | if (!S_ISDIR(st.st_mode)) {
x /usr/include/sys/stat.h |
| |
131 | #define S_ISDIR(mode) __S_ISTYPE((mode), __S_IFDIR) |
| |
x /usr/include/sys/stat.h |
| |
129 | #define __S_ISTYPE(mode, mask) (((mode) & __S_IFMT) == (mask)) |
| |
x /usr/include/bits/stat.h |
| |
182 | #define __S_IFMT 0170000 /* These bits determine file type. */ |
| |
x /usr/include/bits/stat.h |
| |
185 | #define __S_IFDIR 0040000 /* Directory. */ |
| |
|
Event 7:
Skipping " if". (st.st_mode & 61440) == 16384 evaluates to true.
hide
|
|
| 795 | | | |
| 796 | | | if (unlink(src) < 0 && errno != ENOENT) {
x /usr/include/asm-generic/errno-base.h |
| |
5 | #define ENOENT 2 /* No such file or directory */ |
| |
|
| 797 | | | mailbox_list_set_critical(list, |
| 798 | | | "unlink(%s) failed: %m", src); |
| 799 | | | return -1; |
| 800 | | | } |
| 801 | | | return 0; |
| 802 | | | } |
| 803 | | | |
| 804 | | | if (strcmp(name, "INBOX") == 0) { |
Event 8:
Skipping " if". strcmp(name, "INBOX") == 0 evaluates to false.
hide
|
|
| 805 | | | |
| 806 | | | |
| 807 | | | |
| 808 | | | |
| 809 | | | base = mailbox_list_get_path(list, NULL, |
| 810 | | | MAILBOX_LIST_PATH_TYPE_MAILBOX); |
| 811 | | | if (strcmp(base, src) == 0) { |
| 812 | | | mailbox_list_set_error(list, MAIL_ERROR_NOTPOSSIBLE, |
| 813 | | | "INBOX can't be deleted."); |
| 814 | | | return -1; |
| 815 | | | } |
| 816 | | | } |
| 817 | | | |
| 818 | [+] | | dest = maildir_get_unlink_dest(list, name); |
 |
| 819 | | | if (dest == NULL) { |
Event 10:
Taking true branch. dest == (void *)0 evaluates to true.
hide
|
|
| 820 | | | |
| 821 | [+] | | return maildir_delete_nonrecursive(list, src, name); |
Event 11:
src, which evaluates to list->v.get_path(...) from mailbox-list.c:446, is passed to maildir_delete_nonrecursive() as the second argument. See related events 3 and 4.
hide
|
|
 |
| |