(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-imap/imap-bodystructure.c) |
| |
| 37 | | | static void parse_content_type(struct message_part_body_data *data, |
| 38 | | | struct *hdr) |
| 39 | | | { |
| 40 | | | struct rfc822_parser_context parser; |
| 41 | | | const char *value, *const *results; |
| 42 | | | string_t *str; |
| 43 | | | unsigned int i; |
| 44 | | | bool charset_found = FALSE; |
| 45 | | | |
| 46 | | | rfc822_parser_init(&parser, hdr->full_value, hdr->full_value_len, NULL); |
| 47 | | | (void)rfc822_skip_lwsp(&parser); |
| 48 | | | |
| 49 | | | str = t_str_new(256); |
| 50 | [+] | | if (rfc822_parse_content_type(&parser, str) < 0) |
 |
| 51 | | | return; |
| 52 | | | |
| 53 | | | |
| 54 | | | value = str_c(str); |
| 55 | | | for (i = 0; value[i] != '\0'; i++) { |
Event 7:
Leaving loop. value[i] != 0 evaluates to false.
hide
|
|
| 56 | | | if (value[i] == '/') { |
| 57 | | | data->content_subtype = |
| 58 | | | imap_quote(data->pool, str_data(str) + i + 1, |
| 59 | | | str_len(str) - (i + 1)); |
| 60 | | | break; |
| 61 | | | } |
| 62 | | | } |
| 63 | | | data->content_type = |
Event 21:
data->content_type is set to imap_quote(...), which evaluates to NULL. See related event 20.
hide
|
|
| 64 | [+] | | imap_quote(data->pool, str_data(str), i); |
 |
| 65 | | | |
| 66 | | | |
| 67 | | | str_truncate(str, 0); |
| 68 | | | (void)rfc2231_parse(&parser, &results); |
| 69 | | | for (; *results != NULL; results += 2) { |
Event 22:
Leaving loop. *results != (void *)0 evaluates to false.
hide
|
|
| 70 | | | if (strcasecmp(results[0], "charset") == 0) |
| 71 | | | charset_found = TRUE; |
| 72 | | | |
| 73 | | | str_append_c(str, ' '); |
| 74 | | | imap_quote_append_string(str, results[0], TRUE);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-imap/imap-quote.h |
| |
14 | #define imap_quote_append_string(str, value, compress_lwsp) \ |
15 | imap_quote_append(str, (const unsigned char *)(value), \ |
16 | (size_t)-1, compress_lwsp) |
| |
|
| 75 | | | str_append_c(str, ' '); |
| 76 | | | imap_quote_append_string(str, results[1], TRUE);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-imap/imap-quote.h |
| |
14 | #define imap_quote_append_string(str, value, compress_lwsp) \ |
15 | imap_quote_append(str, (const unsigned char *)(value), \ |
16 | (size_t)-1, compress_lwsp) |
| |
|
| 77 | | | } |
| 78 | | | |
| 79 | | | if (!charset_found && |
Event 23:
Skipping " if". charset_found evaluates to false.
hide
|
|
| 80 | | | strcasecmp(data->content_type, "\"text\"") == 0) { |
Event 24:
data->content_type, which evaluates to NULL, is passed to strcasecmp() as the first argument. See related event 21.
hide
Null Pointer Dereference
The body of strcasecmp() dereferences data->content_type, but it is NULL. The issue can occur if the highlighted code executes. See related event 24. Show: All events | Only primary events |
|
| |