(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/auth/password-scheme.c) |
| |
| 294 | | | md5_verify(const char *plaintext, const char *user, |
| 295 | | | const unsigned char *raw_password, size_t size) |
| 296 | | | { |
| 297 | | | const char *password, *str; |
| 298 | | | const unsigned char *md5_password; |
| 299 | | | size_t md5_size; |
| 300 | | | |
| 301 | | | password = t_strndup(raw_password, size); |
| 302 | | | if (strncmp(password, "$1$", 3) == 0) { |
Event 1:
Taking false branch. strncmp(...) == 0 evaluates to false.
hide
|
|
| 303 | | | |
| 304 | | | str = password_generate_md5_crypt(plaintext, password); |
| 305 | | | return strcmp(str, password) == 0; |
| 306 | | | } else if (password_decode(password, "PLAIN-MD5", |
| 307 | [+] | | &md5_password, &md5_size) < 0) { |
Event 2:
password_decode() does not initialize md5_size. - This may be because of a failure case or other special case for password_decode().
hide
|
|
 |
| 308 | | | i_error("md5_verify(%s): Not a valid MD5-CRYPT or " |
| 309 | | | "PLAIN-MD5 password", user); |
| 310 | | | return FALSE; |
| 311 | | | } else { |
| 312 | | | return password_verify(plaintext, user, "PLAIN-MD5", |
| 313 | | | md5_password, md5_size) > 0; |
Uninitialized Variable
md5_size was not initialized. The issue can occur if the highlighted code executes. See related event 2. Show: All events | Only primary events |
|
| |