(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/deliver/auth-client.c) |
| |
| 127 | | | int auth_client_lookup_and_restrict(const char *auth_socket, |
| 128 | | | const char **user, uid_t euid, pool_t pool, |
| 129 | | | ARRAY_TYPE(const_string) *) |
| 130 | | | { |
| 131 | | | struct auth_master_connection *conn; |
| 132 | | | struct auth_user_reply reply; |
| 133 | | | bool debug = getenv("DEBUG") != NULL; |
Event 1:
getenv("DEBUG") != (void *)0 evaluates to false.
hide
|
|
| 134 | | | int ret = EX_TEMPFAIL;
x /usr/include/sysexits.h |
| |
107 | #define EX_TEMPFAIL 75 /* temp failure; user is invited to retry */ |
| |
|
| 135 | | | |
| 136 | | | conn = auth_master_init(auth_socket, debug); |
| 137 | [+] | | switch (auth_master_user_lookup(conn, *user, "deliver", pool, &reply)) { |
Event 2:
auth_master_user_lookup() does not initialize reply. - This may be because of a failure case or other special case for auth_master_user_lookup().
hide
|
|
 |
| 138 | | | case 0: |
| 139 | | | ret = EX_NOUSER;
x /usr/include/sysexits.h |
| |
99 | #define EX_NOUSER 67 /* addressee unknown */ |
| |
|
| 140 | | | break; |
| 141 | | | case 1: |
| 142 | | | if (set_env(&reply, *user, euid) == 0) { |
| 143 | | | *user = p_strdup(pool, reply.user); |
| 144 | | | restrict_access_by_env(TRUE); |
| 145 | | | ret = EX_OK;
x /usr/include/sysexits.h |
| |
92 | #define EX_OK 0 /* successful termination */ |
| |
|
| 146 | | | } |
| 147 | | | break; |
| 148 | | | } |
| 149 | | | |
| 150 | | | * = reply.; |
Uninitialized Variable
reply was not initialized. The issue can occur if the highlighted code executes. See related event 2. Show: All events | Only primary events |
|
| |