(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-index/mail-transaction-log.c) |
| |
| 49 | | | static void mail_transaction_log_2_unlink_old(struct mail_transaction_log *log) |
| 50 | | | { |
| 51 | | | struct stat st; |
| 52 | | | const char *path; |
| 53 | | | |
| 54 | | | path = t_strconcat(log->index->filepath, |
Event 32:
path is set to t_strconcat(...), which evaluates to the value assigned to ret at data-stack.c:335. See related event 31.
hide
|
|
| 55 | [+] | | MAIL_TRANSACTION_LOG_SUFFIX".2", NULL); |
 |
| 56 | | | if (stat(path, &st) < 0) { |
Event 33:
path, which evaluates to the value assigned to ret at data-stack.c:335, is passed to stat64() as the first argument. See related event 32.
hide
Event 34:
stat64() accesses the file named path, where path is the value assigned to ret at data-stack.c:335. - The same name is used to access a file later, but it is not safe to assume that it will be the same underlying file.
See related event 33.
hide
Event 35:
Skipping " if". stat(path, &st) < 0 evaluates to false.
hide
|
|
| 57 | | | if (errno != ENOENT && errno != ESTALE) {
x /usr/include/asm-generic/errno-base.h |
| |
5 | #define ENOENT 2 /* No such file or directory */ |
| |
x /usr/include/asm-generic/errno.h |
| |
89 | #define ESTALE 116 /* Stale NFS file handle */ |
| |
|
| 58 | | | mail_index_set_error(log->index, |
| 59 | | | "stat(%s) failed: %m", path); |
| 60 | | | } |
| 61 | | | return; |
| 62 | | | } |
| 63 | | | |
| 64 | | | if (st.st_mtime + MAIL_TRANSACTION_LOG2_STALE_SECS <= ioloop_time) {
x /usr/include/bits/stat.h |
| |
95 | # define st_mtime st_mtim.tv_sec |
| |
|
Event 36:
Taking true branch. st.st_mtim.tv_sec + 60 * 30 <= ioloop_time evaluates to true.
hide
|
|
| 65 | | | if (unlink(path) < 0 && errno != ENOENT) {
x /usr/include/asm-generic/errno-base.h |
| |
5 | #define ENOENT 2 /* No such file or directory */ |
| |
|
Event 37:
path, which evaluates to the value assigned to ret at data-stack.c:335, is passed to unlink(). See related event 32.
hide
File System Race Condition
The file named path is accessed again. Another process may have changed the file since the access at mail-transaction-log.c:56. For example, an attacker could replace the original file with a link to a file containing important or confidential data. The issue can occur if the highlighted code executes. See related events 34 and 37. Show: All events | Only primary events |
|
| |