(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/index/maildir/maildir-sync.c) |
| |
| 358 | | | static int maildir_scan_dir(struct maildir_sync_context *ctx, bool new_dir) |
| 359 | | | { |
| 360 | | | struct mail_storage *storage = &ctx->mbox->storage->storage; |
| 361 | | | const char *path; |
| 362 | | | DIR *dirp; |
| 363 | | | string_t *src, *dest; |
| 364 | | | struct dirent *dp; |
| 365 | | | struct stat st; |
| 366 | | | enum maildir_uidlist_rec_flag flags; |
| 367 | | | unsigned int i = 0, move_count = 0; |
| 368 | | | time_t now; |
| 369 | | | int ret = 1; |
| 370 | | | bool move_new, check_touch, dir_changed = FALSE; |
| 371 | | | |
| 372 | | | path = new_dir ? ctx->new_dir : ctx->cur_dir; |
Event 1:
new_dir evaluates to true.
hide
|
|
| 373 | | | for (i = 0;; i++) { |
| 374 | | | dirp = opendir(path); |
| 375 | | | if (dirp != NULL) |
Event 2:
Taking true branch. dirp != (void *)0 evaluates to true.
hide
|
|
| 376 | | | break; |
| 377 | | | |
| 378 | | | if (errno != ENOENT || i == MAILDIR_DELETE_RETRY_COUNT) {
x /usr/include/asm-generic/errno-base.h |
| |
5 | #define ENOENT 2 /* No such file or directory */ |
| |
|
| 379 | | | if (errno == EACCES) {
x /usr/include/asm-generic/errno-base.h |
| |
16 | #define EACCES 13 /* Permission denied */ |
| |
|
| 380 | | | mail_storage_set_critical(storage, "%s", |
| 381 | | | eacces_error_get("opendir", path)); |
| 382 | | | } else { |
| 383 | | | mail_storage_set_critical(storage, |
| 384 | | | "opendir(%s) failed: %m", path); |
| 385 | | | } |
| 386 | | | return -1; |
| 387 | | | } |
| 388 | | | |
| 389 | | | if (!maildir_set_deleted(ctx->mbox)) |
| 390 | | | return -1; |
| 391 | | | |
| 392 | | | } |
| 393 | | | |
| 394 | | | #ifdef HAVE_DIRFD |
| 395 | | | if (fstat(dirfd(dirp), &st) < 0) { |
Event 3:
dirfd() returns -1. - Determines the file descriptor in the Negative File Descriptor warning later.
hide
Event 4:
dirfd(dirp), which evaluates to -1, is passed to fstat64() as the first argument. See related event 3.
hide
Negative file descriptor
File descriptor argument dirfd(dirp) has value -1. - fstat64() will fail when called with a negative file descriptor.
The issue can occur if the highlighted code executes. See related event 4. Show: All events | Only primary events |
|
| |