(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/auth/mech-login.c) |
| |
| 17 | | | mech_login_auth_continue(struct auth_request *request, |
| 18 | | | const unsigned char *data, size_t data_size) |
| 19 | | | { |
| 20 | | | static const char prompt2[] = "Password:"; |
| 21 | | | const char *username, *error; |
| 22 | | | |
| 23 | | | if (request->user == NULL) { |
Event 1:
Taking false branch. request->user == (void *)0 evaluates to false.
hide
|
|
| 24 | | | username = t_strndup(data, data_size); |
| 25 | | | |
| 26 | | | if (!auth_request_set_username(request, username, &error)) { |
| 27 | | | auth_request_log_info(request, "login", "%s", error); |
| 28 | | | auth_request_fail(request); |
| 29 | | | return; |
| 30 | | | } |
| 31 | | | |
| 32 | | | request->callback(request, AUTH_CLIENT_RESULT_CONTINUE, |
| 33 | | | prompt2, strlen(prompt2)); |
| 34 | | | } else { |
| 35 | [+] | | char *pass = p_strndup(unsafe_data_stack_pool, data, data_size); |
 |
| 36 | [+] | | auth_request_verify_plain(request, pass, plain_verify_callback); |
Event 10:
pass, which evaluates to NULL, is passed to auth_request_verify_plain() as the second argument. See related event 9.
hide
|
|
 |
| |