(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/util/rawlog.c) |
| |
| 96 | | | static void proxy_write_out(struct rawlog_proxy *proxy, |
| 97 | | | const void *data, size_t size) |
| 98 | | | { |
| 99 | | | struct tm *tm; |
| 100 | | | char buf[256]; |
| 101 | | | |
| 102 | | | if (proxy->fd_out == -1 || size == 0) |
Event 1:
Skipping " if". - proxy->fd_out == -1 evaluates to false.
- size == 0 evaluates to false.
hide
|
|
| 103 | | | return; |
| 104 | | | |
| 105 | | | if (proxy->last_out_lf && |
| 106 | | | (proxy->flags & RAWLOG_FLAG_LOG_TIMESTAMPS) != 0 && |
| 107 | | | ioloop_time - proxy->last_write >= TIMESTAMP_WAIT_TIME) { |
| 108 | | | tm = localtime(&ioloop_time); |
Event 3:
localtime() returns NULL. - Dereferenced later, causing the null pointer dereference.
hide
Event 4:
tm is set to localtime(&ioloop_time), which evaluates to NULL. See related event 3.
hide
|
|
| 109 | | | |
| 110 | | | if (strftime(buf, sizeof(buf), TIMESTAMP_FORMAT, tm) <= 0)
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/util/rawlog.c |
| |
23 | #define TIMESTAMP_FORMAT "* OK [RAWLOG TIMESTAMP] %Y-%m-%d %H:%M:%S\n" |
| |
|
Event 5:
tm, which evaluates to NULL, is passed to strftime() as the fourth argument. See related event 4.
hide
Null Pointer Dereference
The body of strftime() dereferences tm, but it is NULL. The issue can occur if the highlighted code executes. See related event 5. Show: All events | Only primary events |
|
| |