(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/login-common/main.c) |
| |
| 83 | | | static void login_accept(void *context) |
| 84 | | | { |
| 85 | | | int listen_fd = POINTER_CAST_TO(context, int);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
49 | #define POINTER_CAST_TO(p, type) \ |
50 | ((type) ((const char *) (p) - (const char *) NULL)) |
| |
|
| 86 | | | struct ip_addr remote_ip, local_ip; |
| 87 | | | unsigned int remote_port, local_port; |
| 88 | | | struct client *client; |
| 89 | | | int fd; |
| 90 | | | |
| 91 | [+] | | fd = net_accept(listen_fd, &remote_ip, &remote_port); |
 |
| 92 | | | if (fd < 0) { |
Event 9:
Skipping " if". fd < 0 evaluates to false.
hide
|
|
| 93 | | | if (fd < -1) |
| 94 | | | i_error("accept() failed: %m"); |
| 95 | | | return; |
| 96 | | | } |
| 97 | | | i_set_failure_ip(&remote_ip); |
| 98 | | | |
| 99 | [+] | | if (net_getsockname(fd, &local_ip, &local_port) < 0) { |
 |
| 100 | | | memset(&local_ip, 0, sizeof(local_ip)); |
| 101 | | | local_port = 0; |
| 102 | | | } |
| 103 | | | |
| 104 | [+] | | client = client_create(fd, FALSE, &local_ip, &remote_ip); |
Event 19:
&local_ip.family is passed to client_create() as the third argument. - This points to the buffer that will be overrun later.
hide
|
|
 |
| |