(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/auth/mech-external.c) |
| |
| 9 | | | mech_external_auth_continue(struct auth_request *request, |
| 10 | | | const unsigned char *data, size_t data_size) |
| 11 | | | { |
| 12 | | | const char *authzid, *error; |
| 13 | | | |
| 14 | [+] | | authzid = t_strndup(data, data_size); |
 |
| 15 | | | if (request->user == NULL) { |
Event 10:
Taking false branch. request->user == (void *)0 evaluates to false.
hide
|
|
| 16 | | | auth_request_log_info(request, "external", |
| 17 | | | "username not known"); |
| 18 | | | auth_request_fail(request); |
| 19 | | | } else if (*authzid != '\0' && |
Null Pointer Dereference
authzid is dereferenced here, but it is NULL. The issue can occur if the highlighted code executes. See related event 9. Show: All events | Only primary events |
|
| |