(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/auth/password-scheme.c) |
| |
| 294 | | | md5_verify(const char *plaintext, const char *user, |
| 295 | | | const unsigned char *raw_password, size_t size) |
| 296 | | | { |
| 297 | | | const char *password, *str; |
| 298 | | | const unsigned char *md5_password; |
| 299 | | | size_t md5_size; |
| 300 | | | |
| 301 | [+] | | password = t_strndup(raw_password, size); |
 |
| 302 | | | if (strncmp(password, "$1$", 3) == 0) { |
Event 10:
password, which evaluates to NULL, is passed to strncmp() as the first argument. See related event 9.
hide
Null Pointer Dereference
The body of strncmp() dereferences password, but it is NULL. The issue can occur if the highlighted code executes. See related event 10. Show: All events | Only primary events |
|
| |