(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-settings/settings.c) |
| |
| 91 | | | settings_read_real(const char *path, const char *section, |
| 92 | | | settings_callback_t *callback, |
| 93 | | | settings_section_callback_t *sect_callback, void *context) |
| 94 | | | { |
| 95 | | | |
| 96 | | | struct input_stack root, *input, *new_input; |
| 97 | | | const char *errormsg, *next_section, *name, *last_section_path = NULL; |
| 98 | | | char *line, *key, *p, quote; |
| 99 | | | string_t *full_line; |
| 100 | | | size_t len; |
| 101 | | | int fd, last_section_line = 0, skip, sections, root_section; |
| 102 | | | |
| 103 | | | fd = open(path, O_RDONLY); |
| 104 | | | if (fd < 0) { |
Event 2:
Skipping " if". fd < 0 evaluates to false.
hide
|
|
| 105 | | | i_error("Can't open configuration file %s: %m", path); |
| 106 | | | return FALSE; |
| 107 | | | } |
| 108 | | | |
| 109 | | | if (section == NULL) { |
Event 3:
Taking false branch. section == (void *)0 evaluates to false.
hide
|
|
| 110 | | | skip = 0; |
| 111 | | | next_section = NULL; |
| 112 | | | } else { |
| 113 | | | skip = 1; |
| 114 | | | next_section = t_strcut(section, '/'); |
| 115 | | | } |
| 116 | | | |
| 117 | | | memset(&root, 0, sizeof(root)); |
| 118 | | | root.path = path; |
| 119 | | | input = &root; |
| 120 | | | |
| 121 | [+] | | full_line = t_str_new(512); |
 |
| 122 | | | sections = 0; root_section = 0; errormsg = NULL; |
| 123 | | | newfile: |
| 124 | | | input->input = i_stream_create_fd(fd, 2048, TRUE); |
Event 5:
!0 evaluates to true.
hide
|
|
| 125 | | | i_stream_set_return_partial_line(input->input, TRUE); |
Event 6:
!0 evaluates to true.
hide
|
|
| 126 | | | prevfile: |
| 127 | [+] | | while ((line = i_stream_read_next_line(input->input)) != NULL) { |
 |
| 128 | | | input->linenum++; |
| 129 | | | |
| 130 | | | |
| 131 | | | |
| 132 | | | |
| 133 | | | while (IS_WHITE(*line)) |
| 134 | | | line++; |
| 135 | | | |
| 136 | | | |
| 137 | | | if (*line == '#' || *line == '\0') |
Event 23:
Skipping " if". - *line == 35 evaluates to false.
- *line == 0 evaluates to false.
hide
|
|
| 138 | | | continue; |
| 139 | | | |
| 140 | | | |
| 141 | | | for (p = line; *p != '\0'; p++) { |
| 142 | | | if (*p == '\'' || *p == '"') { |
| 143 | | | quote = *p; |
| 144 | | | for (p++; *p != quote && *p != '\0'; p++) { |
| 145 | | | if (*p == '\\' && p[1] != '\0') |
| 146 | | | p++; |
| 147 | | | } |
| 148 | | | if (*p == '\0') |
| 149 | | | break; |
| 150 | | | } else if (*p == '#') { |
| 151 | | | *p = '\0'; |
| 152 | | | break; |
| 153 | | | } |
| 154 | | | } |
| 155 | | | |
| 156 | | | |
| 157 | | | len = strlen(line); |
| 158 | | | while (IS_WHITE(line[len-1])) |
| 159 | | | len--; |
| 160 | | | line[len] = '\0'; |
| 161 | | | |
| 162 | | | if (len > 0 && line[len-1] == '\\') { |
Event 26:
Skipping " if". - len > 0 evaluates to true.
- line[len - 1] == 92 evaluates to false.
hide
|
|
| 163 | | | |
| 164 | | | line[len-1] = '\0'; |
| 165 | | | str_append(full_line, line); |
| 166 | | | continue; |
| 167 | | | } |
| 168 | | | if (str_len(full_line) > 0) { |
Event 27:
Skipping " if". str_len(full_line) > 0 evaluates to false.
hide
|
|
| 169 | | | str_append(full_line, line); |
| 170 | | | line = str_c_modifiable(full_line); |
| 171 | | | } |
| 172 | | | |
| 173 | | | |
| 174 | | | |
| 175 | | | |
| 176 | | | key = line; |
| 177 | | | while (!IS_WHITE(*line) && *line != '\0' && *line != '=') |
| 178 | | | line++; |
| 179 | | | if (IS_WHITE(*line)) { |
Event 29:
Taking true branch. *line == 32 evaluates to true.
hide
|
|
| 180 | | | *line++ = '\0'; |
| 181 | | | while (IS_WHITE(*line)) line++; |
| 182 | | | } |
| 183 | | | |
| 184 | | | if (strcmp(key, "!include_try") == 0 || |
| 185 | | | strcmp(key, "!include") == 0) { |
| 186 | | | struct input_stack *tmp; |
| 187 | | | const char *path; |
| 188 | | | |
| 189 | [+] | | path = fix_relative_path(line, input); |
 |
| 190 | | | for (tmp = input; tmp != NULL; tmp = tmp->prev) { |
Event 41:
Entering loop body. tmp != (void *)0 evaluates to true.
hide
|
|
| 191 | | | if (strcmp(tmp->path, path) == 0) |
Event 42:
path, which evaluates to NULL, is passed to strcmp() as the second argument. See related event 40.
hide
Null Pointer Dereference
The body of strcmp() dereferences path, but it is NULL. The issue can occur if the highlighted code executes. See related event 42. Show: All events | Only primary events |
|
| |