(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/master/master-settings.c) |
| |
| 659 | | | static const char * |
| 660 | | | get_process_capability(enum process_type ptype, struct settings *set) |
| 661 | | | { |
| 662 | | | |
| 663 | | | |
| 664 | | | static const char *args[] = { |
| 665 | | | "uid=65534", |
| 666 | | | "gid=65534", |
| 667 | | | "home=/tmp", |
| 668 | | | NULL |
| 669 | | | }; |
| 670 | | | const char *pname = process_names[ptype]; |
| 671 | | | enum master_login_status login_status; |
| 672 | | | struct mail_login_request request; |
| 673 | | | char buf[4096]; |
| 674 | | | int fd[2], status; |
| 675 | | | ssize_t ret; |
| 676 | | | unsigned int pos; |
| 677 | | | uid_t uid; |
| 678 | | | pid_t pid; |
| 679 | | | |
| 680 | | | uid = geteuid(); |
| 681 | | | if (uid != 0) { |
Event 1:
Taking false branch. uid != 0 evaluates to false.
hide
|
|
| 682 | | | |
| 683 | | | args[0] = t_strdup_printf("uid=%s", dec2str(uid)); |
| 684 | | | args[1] = t_strdup_printf("gid=%s", dec2str(getegid())); |
| 685 | | | } else { |
| 686 | | | |
| 687 | | | |
| 688 | | | struct passwd *pw; |
| 689 | | | |
| 690 | | | pw = getpwnam("nobody"); |
| 691 | | | if (pw != NULL && pw->pw_uid != (uid_t)-1 && |
Event 2:
Skipping " if". - pw != (void *)0 evaluates to true.
- pw->pw_uid != (uid_t)-1 evaluates to false.
hide
|
|
| 692 | | | pw->pw_gid != (gid_t)-1) { |
| 693 | | | args[0] = t_strdup_printf("uid=%s", dec2str(pw->pw_uid)); |
| 694 | | | args[1] = t_strdup_printf("gid=%s", dec2str(pw->pw_gid)); |
| 695 | | | } |
| 696 | | | } |
| 697 | | | |
| 698 | | | if (pipe(fd) < 0) { |
Event 3:
Skipping " if". pipe(fd) < 0 evaluates to false.
hide
|
|
| 699 | | | i_error("pipe() failed: %m"); |
| 700 | | | return NULL; |
| 701 | | | } |
| 702 | | | fd_close_on_exec(fd[0], TRUE); |
Event 4:
!0 evaluates to true.
hide
|
|
| 703 | | | fd_close_on_exec(fd[1], TRUE); |
Event 5:
!0 evaluates to true.
hide
|
|
| 704 | | | |
| 705 | | | memset(&request, 0, sizeof(request)); |
| 706 | | | request.fd = fd[1]; |
| 707 | | | login_status = create_mail_process(ptype, set, &request, |
| 708 | | | "dump-capability", args, NULL, TRUE, |
Event 6:
!0 evaluates to true.
hide
|
|
| 709 | [+] | | &pid); |
 |
| 710 | | | if (login_status != MASTER_LOGIN_STATUS_OK) { |
Event 36:
Skipping " if". login_status != MASTER_LOGIN_STATUS_OK evaluates to false.
hide
|
|
| 711 | | | (void)close(fd[0]); |
| 712 | | | (void)close(fd[1]); |
| 713 | | | return NULL; |
| 714 | | | } |
| 715 | | | (void)close(fd[1]); |
| 716 | | | |
| 717 | | | alarm(5); |
| 718 | | | if (wait(&status) == -1) { |
Event 37:
Skipping " if". wait(...) == -1 evaluates to false.
hide
|
|
| 719 | | | i_fatal("%s dump-capability process %d got stuck", |
| 720 | | | pname, (int)pid); |
| 721 | | | } |
| 722 | | | alarm(0); |
| 723 | | | |
| 724 | | | if (status != 0) { |
| |