(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/file-dotlock.c) |
| |
| 820 | | | int file_dotlock_replace(struct dotlock **dotlock_p, |
| 821 | | | enum dotlock_replace_flags flags) |
| 822 | | | { |
| 823 | | | struct dotlock *dotlock; |
| 824 | | | const char *lock_path; |
| 825 | | | |
| 826 | | | dotlock = *dotlock_p; |
Event 1:
dotlock is set to *dotlock_p.
hide
|
|
| 827 | | | *dotlock_p = NULL; |
| 828 | | | |
| 829 | | | if ((flags & DOTLOCK_REPLACE_FLAG_DONT_CLOSE_FD) != 0) |
Event 2:
Skipping " if". (flags & DOTLOCK_REPLACE_FLAG_DONT_CLOSE_FD) != 0 evaluates to false.
hide
|
|
| 830 | | | dotlock->fd = -1; |
| 831 | | | |
| 832 | [+] | | lock_path = file_dotlock_get_lock_path(dotlock); |
Event 3:
dotlock, which evaluates to *dotlock_p, is passed to file_dotlock_get_lock_path(). See related event 1.
hide
|
|
 |
| 833 | | | if ((flags & DOTLOCK_REPLACE_FLAG_VERIFY_OWNER) != 0 && |
Event 12:
Skipping " if". (flags & DOTLOCK_REPLACE_FLAG_VERIFY_OWNER) != 0 evaluates to false.
hide
|
|
| 834 | | | !file_dotlock_is_locked(dotlock)) { |
| 835 | | | dotlock_replaced_warning(dotlock, FALSE); |
| 836 | | | errno = EEXIST; |
| 837 | | | file_dotlock_free(&dotlock); |
| 838 | | | return 0; |
| 839 | | | } |
| 840 | | | |
| 841 | | | if (rename(lock_path, dotlock->path) < 0) { |
Event 13:
lock_path, which evaluates to NULL, is passed to rename() as the first argument. See related event 11.
hide
Null Pointer Dereference
The body of rename() dereferences lock_path, but it is NULL. The issue can occur if the highlighted code executes. See related event 13. Show: All events | Only primary events |
|
| |