(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/auth/auth-worker-server.c) |
| |
| 303 | | | void auth_worker_call(struct auth_request *auth_request, |
| 304 | | | struct auth_stream_reply *data, |
| 305 | | | auth_worker_callback_t *callback) |
| 306 | | | { |
| 307 | | | struct auth_worker_connection *conn; |
| 308 | | | struct auth_worker_request *request; |
| 309 | | | |
| 310 | | | request = p_new(auth_request->pool, struct auth_worker_request, 1);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/mempool.h |
| |
84 | #define p_new(pool, type, count) \ |
85 | ((type *) p_malloc(pool, sizeof(type) * (count))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/mempool.h |
| |
87 | #define p_malloc(pool, size) (pool)->v->malloc(pool, size) |
| |
|
Event 1:
request is set to an unknown [ ?unknown: the analysis lost precision when tracking this value, so this warning may be a false positive] value .
hide
|
|
| 311 | | | request->created = ioloop_time; |
| 312 | | | request->data_str = p_strdup(auth_request->pool, |
Event 4:
request->data_str is set to p_strdup(...), which evaluates to NULL, where request is the value assigned to request at auth-worker-server.c:310. See related events 1 and 3.
hide
|
|
| 313 | [+] | | auth_stream_reply_export(data)); |
 |
| 314 | | | request->auth_request = auth_request; |
| 315 | | | request->callback = callback; |
| 316 | | | auth_request_ref(auth_request); |
| 317 | | | |
| 318 | | | if (aqueue_count(worker_request_queue) > 0) { |
Event 5:
Taking false branch. aqueue_count(...) > 0 evaluates to false.
hide
|
|
| 319 | | | |
| 320 | | | |
| 321 | | | conn = NULL; |
| 322 | | | } else { |
| 323 | [+] | | conn = auth_worker_find_free(); |
 |
| 324 | | | if (conn == NULL) { |
Event 9:
Skipping " if". conn == (void *)0 evaluates to false.
hide
|
|
| 325 | | | |
| 326 | | | conn = auth_worker_create(); |
| 327 | | | } |
| 328 | | | } |
| 329 | | | if (conn != NULL) |
Event 10:
Taking true branch. conn != (void *)0 evaluates to true.
hide
|
|
| 330 | [+] | | auth_worker_request_send(conn, request); |
Event 11:
request, which evaluates to the value assigned to request at auth-worker-server.c:310, is passed to auth_worker_request_send() as the second argument. See related event 1.
hide
|
|
 |
| |