(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/auth/auth-request.c) |
| |
| 892 | | | static void auth_request_validate_networks(struct auth_request *request, |
| 893 | | | const char *networks) |
| 894 | | | { |
| 895 | | | const char *const *net; |
| 896 | | | struct ip_addr net_ip; |
| 897 | | | unsigned int bits; |
| 898 | | | bool found = FALSE; |
| 899 | | | |
| 900 | | | if (request->remote_ip.family == 0) { |
Event 1:
Skipping " if". request->remote_ip.family == 0 evaluates to false.
hide
|
|
| 901 | | | |
| 902 | | | auth_request_log_info(request, "passdb", |
| 903 | | | "allow_nets check failed: Remote IP not known"); |
| 904 | | | request->passdb_failure = TRUE; |
| 905 | | | return; |
| 906 | | | } |
| 907 | | | |
| 908 | | | for (net = t_strsplit_spaces(networks, ", "); *net != NULL; net++) { |
Event 2:
Entering loop body. *net != (void *)0 evaluates to true.
hide
|
|
| 909 | | | auth_request_log_debug(request, "auth", |
| 910 | | | "allow_nets: Matching for network %s", *net); |
| 911 | | | |
| 912 | [+] | | if (net_parse_range(*net, &net_ip, &bits) < 0) { |
Event 3:
net_parse_range() does not initialize bits. - This may be because of a failure case or other special case for net_parse_range().
hide
|
|
 |
| 913 | | | auth_request_log_info(request, "passdb", |
| 914 | | | "allow_nets: Invalid network '%s'", *net); |
| 915 | | | } |
| 916 | | | |
| 917 | | | if (net_is_in_network(&request->remote_ip, &net_ip, bits)) { |
Uninitialized Variable
bits was not initialized. The issue can occur if the highlighted code executes. See related event 3. Show: All events | Only primary events |
|
| |