(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/auth/mech-cram-md5.c) |
| |
| 152 | | | mech_cram_md5_auth_initial(struct auth_request *auth_request, |
| 153 | | | const unsigned char *data ATTR_UNUSED, |
| 154 | | | size_t data_size ATTR_UNUSED) |
| 155 | | | { |
| 156 | | | struct cram_auth_request *request = |
| 157 | | | (struct cram_auth_request *)auth_request; |
Event 1:
request is set to auth_request.
hide
|
|
| 158 | | | |
| 159 | [+] | | request->challenge = p_strdup(request->pool, get_cram_challenge()); |
 |
| 160 | | | auth_request->callback(auth_request, AUTH_CLIENT_RESULT_CONTINUE, |
| 161 | | | request->challenge, strlen(request->challenge)); |
Event 5:
request->challenge, which evaluates to NULL, is passed to __builtin_strlen(). See related events 1 and 4.
hide
Null Pointer Dereference
The body of __builtin_strlen() dereferences request->challenge, but it is NULL. The issue can occur if the highlighted code executes. See related event 5. Show: All events | Only primary events |
|
| |