(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/login-common/main.c) |
| |
| 397 | | | int main(int argc ATTR_UNUSED, char *argv[], char *envp[]) |
| 398 | | | { |
| 399 | | | const char *group_name; |
| 400 | | | struct ip_addr remote_ip, local_ip; |
| 401 | | | unsigned int remote_port, local_port, max_fds; |
| 402 | | | struct ssl_proxy *proxy = NULL; |
| 403 | | | struct client *client; |
| 404 | | | int i, fd = -1, master_fd = -1; |
| 405 | | | bool ssl = FALSE; |
| 406 | | | |
| 407 | | | is_inetd = getenv("DOVECOT_MASTER") == NULL; |
Event 1:
getenv(...) == (void *)0 evaluates to true.
hide
|
|
| 408 | | | |
| 409 | | | #ifdef DEBUG |
| 410 | | | if (!is_inetd && getenv("GDB") == NULL) { |
| 411 | | | const char *env; |
| 412 | | | |
| 413 | | | i = LOGIN_MASTER_SOCKET_FD + 1; |
| 414 | | | env = getenv("LISTEN_FDS"); |
| 415 | | | if (env != NULL) i += atoi(env); |
| 416 | | | env = getenv("SSL_LISTEN_FDS"); |
| 417 | | | if (env != NULL) i += atoi(env); |
| 418 | | | |
| 419 | | | fd_debug_verify_leaks(i, 1024); |
| 420 | | | } |
| 421 | | | #endif |
| 422 | | | |
| 423 | | | |
| 424 | | | lib_init(); |
| 425 | | | |
| 426 | | | if (is_inetd) { |
Event 2:
Taking true branch. is_inetd evaluates to true.
hide
|
|
| 427 | | | |
| 428 | | | |
| 429 | | | process_name = strrchr(argv[0], '/'); |
| 430 | | | process_name = process_name == NULL ? argv[0] : process_name+1; |
Event 3:
process_name == (void *)0 evaluates to true.
hide
|
|
| 431 | | | group_name = t_strcut(process_name, '-'); |
| 432 | | | |
| 433 | | | for (i = 1; i < argc; i++) { |
| 434 | | | if (strncmp(argv[i], "--group=", 8) == 0) { |
| 435 | | | group_name = argv[1]+8; |
| 436 | | | break; |
| 437 | | | } |
| 438 | | | } |
| 439 | | | |
| 440 | | | master_fd = master_connect(group_name); |
| 441 | | | } |
| 442 | | | |
| 443 | | | drop_privileges(&max_fds); |
| 444 | | | |
| 445 | | | if (argv[1] != NULL && strcmp(argv[1], "-D") == 0) |
Event 5:
Skipping " if". argv[1] != (void *)0 evaluates to false.
hide
Event 6:
Considering the case where argv[1] must have been equal to 0.
hide
|
|
| 446 | | | restrict_access_allow_coredumps(TRUE); |
| 447 | | | |
| 448 | | | process_title_init(argv, envp); |
| 449 | | | ioloop = io_loop_create(); |
| 450 | | | io_loop_set_max_fd_count(ioloop, max_fds); |
| 451 | | | main_init(); |
| 452 | | | |
| 453 | | | if (is_inetd) { |
Event 7:
Taking true branch. is_inetd evaluates to true.
hide
|
|
| 454 | [+] | | if (net_getpeername(1, &remote_ip, &remote_port) < 0) { |
 |
| 455 | | | i_fatal("%s can be started only through dovecot " |
| 456 | | | "master process, inetd or equivalent", argv[0]); |
| 457 | | | } |
| 458 | [+] | | if (net_getsockname(1, &local_ip, &local_port) < 0) { |
 |
| 459 | | | memset(&local_ip, 0, sizeof(local_ip)); |
| 460 | | | local_port = 0; |
| 461 | | | } |
| 462 | | | |
| 463 | | | fd = 1; |
| 464 | | | for (i = 1; i < argc; i++) { |
Event 26:
i is set to 1.
hide
Event 27:
Entering loop body. i < argc evaluates to true.
hide
|
|
| 465 | | | if (strcmp(argv[i], "--ssl") == 0) |
Event 28:
argv[1] is passed to strcmp() as the first argument. - Dereferenced later, causing the null pointer dereference.
See related event 26.
hide
Null Pointer Dereference
The body of strcmp() dereferences argv[i], but it is NULL. - argv[i] evaluates to argv[1], which must be equal to 0.
The issue can occur if the highlighted code executes. See related events 6 and 28. Show: All events | Only primary events |
|
| |