(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/plugins/imap-acl/imap-acl-plugin.c) |
| |
| 243 | | | static bool cmd_getacl(struct client_command_context *cmd) |
| 244 | | | { |
| 245 | | | struct acl_backend *backend; |
| 246 | | | struct mail_namespace *ns; |
| 247 | | | struct mail_storage *storage; |
| 248 | | | struct mailbox *box; |
| 249 | | | const char *mailbox; |
| 250 | | | string_t *str; |
| 251 | | | int ret; |
| 252 | | | |
| 253 | | | if (!client_read_string_args(cmd, 1, &mailbox)) |
| 254 | | | return FALSE; |
| 255 | | | |
| 256 | | | box = acl_mailbox_open_as_admin(cmd, mailbox); |
| 257 | | | if (box == NULL) |
| 258 | | | return TRUE; |
| 259 | | | |
| 260 | | | str = t_str_new(128); |
| 261 | | | str_append(str, "* ACL "); |
| 262 | | | imap_quote_append_string(str, mailbox, FALSE);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-imap/imap-quote.h |
| |
14 | #define imap_quote_append_string(str, value, compress_lwsp) \ |
15 | imap_quote_append(str, (const unsigned char *)(value), \ |
16 | (size_t)-1, compress_lwsp) |
| |
|
| 263 | | | |
| 264 | | | storage = mailbox_get_storage(box); |
| 265 | | | backend = acl_storage_get_backend(storage); |
| 266 | | | ns = mail_storage_get_namespace(storage); |
| 267 | | | ret = imap_acl_write_aclobj(str, backend, |
| 268 | | | acl_mailbox_get_aclobj(box), TRUE, |
| 269 | | | ns->type == NAMESPACE_PRIVATE); |
| 270 | | | if (ret == 0) { |
| 271 | | | client_send_line(cmd->client, str_c(str)); |
Format String
client_send_line() is being called with a format string that is not constant. The format string (second argument) may not match the other arguments to client_send_line(); this could lead to security or stability problems. client_send_line() passes its second argument to another function that takes a format string. |
|
| 272 | | | client_send_tagline(cmd, "OK Getacl completed."); |
| 273 | | | } else { |
| 274 | | | client_send_tagline(cmd, "NO "MAIL_ERRSTR_CRITICAL_MSG);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/mail-error.h |
| |
14 | #define MAIL_ERRSTR_CRITICAL_MSG \ |
15 | "Internal error occurred. Refer to server log for more information." |
| |
|
| 275 | | | } |
| 276 | | | mailbox_close(&box); |
| 277 | | | return TRUE; |
| 278 | | | } |
| |