(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/eacces-error.c) |
| |
| 83 | | | static const char * |
| 84 | | | eacces_error_get_full(const char *func, const char *path, bool creating) |
| 85 | | | { |
| 86 | | | const char *prev_path = path, *dir = "/", *p; |
| 87 | | | const struct passwd *pw; |
| 88 | | | const struct group *group; |
| 89 | | | string_t *errmsg; |
| 90 | | | struct stat st, dir_st; |
| 91 | | | int orig_errno, ret = -1; |
| 92 | | | |
| 93 | | | orig_errno = errno; |
| 94 | | | errmsg = t_str_new(256); |
| 95 | | | str_printfa(errmsg, "%s(%s) failed: Permission denied (euid=%s", |
| 96 | | | func, path, dec2str(geteuid())); |
| 97 | | | |
| 98 | | | pw = getpwuid(geteuid()); |
| 99 | | | if (pw != NULL) |
Event 1:
Taking true branch. pw != (void *)0 evaluates to true.
hide
|
|
| 100 | | | str_printfa(errmsg, "(%s)", pw->pw_name); |
| 101 | | | |
| 102 | | | str_printfa(errmsg, " egid=%s", dec2str(getegid())); |
| 103 | | | group = getgrgid(getegid()); |
| 104 | | | if (group != NULL) |
Event 2:
Skipping " if". group != (void *)0 evaluates to false.
hide
|
|
| 105 | | | str_printfa(errmsg, "(%s)", group->gr_name); |
| 106 | | | |
| 107 | | | while ((p = strrchr(prev_path, '/')) != NULL) { |
Event 3:
Entering loop body. (p = strrchr(...)) != (void *)0 evaluates to true.
hide
|
|
| 108 | [+] | | dir = t_strdup_until(prev_path, p); |
 |
| 109 | | | ret = stat(dir, &st); |
Event 14:
dir, which evaluates to the value assigned to mem at strfuncs.c:65, is passed to stat64() as the first argument. See related event 13.
hide
Event 15:
stat64() accesses the file named dir, where dir is the value assigned to mem at strfuncs.c:65. - The same name is used to access a file later, but it is not safe to assume that it will be the same underlying file.
See related event 14.
hide
|
|
| 110 | | | if (ret == 0) |
Event 16:
Taking true branch. ret == 0 evaluates to true.
hide
|
|
| 111 | | | break; |
| 112 | | | if (errno == EACCES) {
x /usr/include/asm-generic/errno-base.h |
| |
16 | #define EACCES 13 /* Permission denied */ |
| |
|
| 113 | | | |
| 114 | | | } else if (errno == ENOENT && creating) {
x /usr/include/asm-generic/errno-base.h |
| |
5 | #define ENOENT 2 /* No such file or directory */ |
| |
|
| 115 | | | |
| 116 | | | |
| 117 | | | } else { |
| 118 | | | |
| 119 | | | str_printfa(errmsg, " stat(%s) failed: %m", dir); |
| 120 | | | break; |
| 121 | | | } |
| 122 | | | prev_path = dir; |
| 123 | | | dir = "/"; |
| 124 | | | dir_st = st; |
| 125 | | | } |
| 126 | | | |
| 127 | | | if (ret == 0) { |
Event 17:
Taking true branch. ret == 0 evaluates to true.
hide
|
|
| 128 | | | |
| 129 | [+] | | if (test_access(dir, X_OK, errmsg) < 0) {
x /usr/include/unistd.h |
| |
284 | #define X_OK 1 /* Test for execute permission. */ |
| |
|
Event 18:
dir, which evaluates to the value assigned to mem at strfuncs.c:65, is passed to test_access() as the first argument. See related events 13 and 14.
hide
|
|
 |
| |