(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/auth/auth-master-listener.c) |
| |
| 90 | | | static void auth_master_listener_accept(struct auth_master_listener_socket *s) |
| 91 | | | { |
| 92 | | | struct auth_master_connection *master; |
| 93 | | | int fd; |
| 94 | | | |
| 95 | [+] | | fd = net_accept(s->fd, NULL, NULL); |
Event 1:
The resource of interest is allocated inside net_accept().
hide
|
|
 |
| 96 | | | if (fd < 0) { |
Event 15:
Taking false branch. fd < 0 evaluates to false.
hide
|
|
| 97 | | | if (fd < -1) |
| 98 | | | i_error("accept(type %d) failed: %m", s->type); |
| 99 | | | } else { |
| 100 | [+] | | net_set_nonblock(fd, TRUE); |
Event 16:
!0 evaluates to true.
hide
Event 17:
The resource of interest is passed to net_set_nonblock() as the first argument. - net_set_nonblock() does not free it or save any references that are freed later.
- fd, which evaluates to accept(fd, &so.sa, &addrlen) from network.c:434, is passed to net_set_nonblock() as the first argument.
See related event 14.
hide
|
|
 |
| 101 | | | |
| 102 | | | switch (s->type) { |
Event 29:
s->type evaluates to implicit-default.
hide
|
|
| 103 | | | case LISTENER_CLIENT: |
| 104 | | | (void)auth_client_connection_create(s->listener, fd); |
| 105 | | | break; |
| 106 | | | case LISTENER_MASTER: |
| 107 | | | |
| 108 | | | master = auth_master_connection_create(s->listener, fd); |
| 109 | | | auth_master_connection_send_handshake(master); |
| 110 | | | break; |
| 111 | | | } |
| 112 | | | } |
| 113 | | | } |
Leak
There are no remaining references to the resource accept(fd, &so.sa, &addrlen) from network.c:434. The issue can occur if the highlighted code executes. See related events 1, 7, 8, 12, 13, 14, 17, 18, 19, 20, 21, 24, 26, 28, and 30. Show: All events | Only primary events |
|
| |