(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/plugins/virtual/virtual-storage.c) |
| |
| 457 | | | virtual_list_delete_mailbox(struct mailbox_list *list, const char *name) |
| 458 | | | { |
| 459 | | | struct virtual_storage *storage = VIRTUAL_LIST_CONTEXT(list);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/plugins/virtual/virtual-storage.c |
| |
22 | #define VIRTUAL_LIST_CONTEXT(obj) \ |
23 | MODULE_CONTEXT(obj, virtual_mailbox_list_module) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/module-context.h |
| |
46 | #define MODULE_CONTEXT(obj, id_ctx) \ |
47 | (*((void **)array_idx_modifiable(&(obj)->module_contexts, \ |
48 | (id_ctx).id.module_id) + \ |
49 | OBJ_REGISTER_COMPATIBLE(obj, id_ctx))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
179 | #define array_idx_modifiable(array, idx) \ |
180 | ARRAY_TYPE_CAST_MODIFIABLE(array) \ |
181 | array_idx_modifiable_i(&(array)->arr, idx) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
45 | # define ARRAY_TYPE_CAST_MODIFIABLE(array) \ |
46 | (typeof(*(array)->v_modifiable)) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/module-context.h |
| |
43 | #define OBJ_REGISTER_COMPATIBLE(obj, id_ctx) \ |
44 | COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(OBJ_REGISTER(obj), (id_ctx).reg) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
158 | # define COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(_a, _b) \ |
159 | COMPILE_ERROR_IF_TRUE( \ |
160 | !__builtin_types_compatible_p(typeof(_a), typeof(_b))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
156 | # define COMPILE_ERROR_IF_TRUE(condition) \ |
157 | (sizeof(char[1 - 2 * !!(condition)]) - 1) |
| |
|
| 460 | | | struct stat st; |
| 461 | | | const char *src; |
| 462 | | | |
| 463 | | | |
| 464 | | | |
| 465 | | | |
| 466 | | | |
| 467 | | | index_storage_destroy_unrefed(); |
| 468 | | | |
| 469 | | | |
| 470 | | | if (storage->list_module_ctx.super.delete_mailbox(list, name) < 0) |
Event 1:
Skipping " if". storage->list_module_ctx.super.delete_mailbox(...) < 0 evaluates to false.
hide
|
|
| 471 | | | return -1; |
| 472 | | | |
| 473 | | | |
| 474 | [+] | | src = mailbox_list_get_path(list, name, MAILBOX_LIST_PATH_TYPE_MAILBOX); |
 |
| 475 | | | if (stat(src, &st) != 0 && errno == ENOENT) {
x /usr/include/asm-generic/errno-base.h |
| |
5 | #define ENOENT 2 /* No such file or directory */ |
| |
|
Event 4:
src, which evaluates to list->v.get_path(...) from mailbox-list.c:446, is passed to stat64() as the first argument. See related event 3.
hide
Event 5:
stat64() accesses the file named src, where src is list->v.get_path(...) from mailbox-list.c:446. - The same name is used to access a file later, but it is not safe to assume that it will be the same underlying file.
See related event 4.
hide
Event 6:
Skipping " if". stat(src, &st) != 0 evaluates to false.
hide
|
|
| 476 | | | mailbox_list_set_error(list, MAIL_ERROR_NOTFOUND, |
| 477 | | | T_MAIL_ERR_MAILBOX_NOT_FOUND(name));
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/mail-error.h |
| |
19 | #define T_MAIL_ERR_MAILBOX_NOT_FOUND(name) \ |
20 | t_strdup_printf(MAIL_ERRSTR_MAILBOX_NOT_FOUND, name) |
| |
|
| 478 | | | return -1; |
| 479 | | | } |
| 480 | | | |
| 481 | [+] | | return virtual_delete_nonrecursive(list, src, name); |
Event 7:
src, which evaluates to list->v.get_path(...) from mailbox-list.c:446, is passed to virtual_delete_nonrecursive() as the second argument. See related events 3 and 4.
hide
|
|
 |
| |