(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/imap/main.c) |
| |
| 168 | | | static void main_init(void) |
| 169 | | | { |
| 170 | | | struct client *client; |
| 171 | | | struct ostream *output; |
| 172 | | | struct mail_user *user; |
| 173 | | | const char *username, *home, *str, *tag; |
| 174 | | | |
| 175 | | | lib_signals_init(); |
| 176 | | | lib_signals_set_handler(SIGINT, TRUE, sig_die, NULL);
x /usr/include/bits/signum.h |
| |
34 | #define SIGINT 2 /* Interrupt (ANSI). */ |
| |
|
Event 1:
!0 evaluates to true.
hide
|
|
| 177 | | | lib_signals_set_handler(SIGTERM, TRUE, sig_die, NULL);
x /usr/include/bits/signum.h |
| |
48 | #define SIGTERM 15 /* Termination (ANSI). */ |
| |
|
Event 2:
!0 evaluates to true.
hide
|
|
| 178 | | | lib_signals_ignore(SIGPIPE, TRUE);
x /usr/include/bits/signum.h |
| |
46 | #define SIGPIPE 13 /* Broken pipe (POSIX). */ |
| |
|
Event 3:
!0 evaluates to true.
hide
|
|
| 179 | | | lib_signals_ignore(SIGALRM, FALSE);
x /usr/include/bits/signum.h |
| |
47 | #define SIGALRM 14 /* Alarm clock (POSIX). */ |
| |
|
| 180 | | | |
| 181 | | | username = getenv("USER"); |
| 182 | | | if (username == NULL) { |
Event 4:
Taking true branch. username == (void *)0 evaluates to true.
hide
|
|
| 183 | | | if (IS_STANDALONE())
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/imap/main.c |
| |
26 | #define IS_STANDALONE() \ |
27 | (getenv("IMAPLOGINTAG") == NULL) |
| |
|
Event 5:
Taking true branch. getenv(...) == (void *)0 evaluates to true.
hide
|
|
| 184 | | | username = getlogin(); |
| 185 | | | if (username == NULL) |
Event 6:
Skipping " if". username == (void *)0 evaluates to false.
hide
|
|
| 186 | | | i_fatal("USER environment missing"); |
| 187 | | | } |
| 188 | | | |
| 189 | | | home = getenv("HOME"); |
| 190 | | | if (getenv("DEBUG") != NULL) { |
Event 7:
Skipping " if". getenv("DEBUG") != (void *)0 evaluates to false.
hide
|
|
| 191 | | | i_info("Effective uid=%s, gid=%s, home=%s", |
| 192 | | | dec2str(geteuid()), dec2str(getegid()), |
| 193 | | | home != NULL ? home : "(none)"); |
| 194 | | | } |
| 195 | | | |
| 196 | | | if (getenv("STDERR_CLOSE_SHUTDOWN") != NULL) { |
Event 8:
Taking true branch. getenv(...) != (void *)0 evaluates to true.
hide
|
|
| 197 | | | |
| 198 | | | log_io = io_add(STDERR_FILENO, IO_ERROR,
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/ioloop.h |
| |
50 | #define io_add(fd, condition, callback, context) \ |
51 | CONTEXT_CALLBACK(io_add, io_callback_t, \ |
52 | callback, context, fd, condition) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
146 | # define CONTEXT_CALLBACK(name, callback_type, callback, context, ...) \ |
147 | ({(void)(1 ? 0 : callback(context)); \ |
148 | name(__VA_ARGS__, (callback_type *)callback, context); }) |
| |
x /usr/include/unistd.h |
| |
213 | #define STDERR_FILENO 2 /* Standard error output. */ |
| |
|
| 199 | | | log_error_callback, NULL); |
Event 9:
1 evaluates to true.
hide
|
|
| 200 | | | } |
| 201 | | | |
| 202 | | | capability_string = str_new(default_pool, sizeof(CAPABILITY_STRING)+32);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/config.h |
| |
29 | #define CAPABILITY_STRING "IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH" |
| |
|
| 203 | | | str_append(capability_string, CAPABILITY_STRING);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/config.h |
| |
29 | #define CAPABILITY_STRING "IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH" |
| |
|
| 204 | | | |
| 205 | | | dict_drivers_register_builtin(); |
| 206 | | | mail_users_init(getenv("AUTH_SOCKET_PATH"), getenv("DEBUG") != NULL); |
Event 10:
getenv("DEBUG") != (void *)0 evaluates to true.
hide
|
|
| 207 | | | mail_storage_init(); |
| 208 | | | mail_storage_register_all(); |
| 209 | | | mailbox_list_register_all(); |
| 210 | | | clients_init(); |
| 211 | | | commands_init(); |
| 212 | | | imap_fetch_handlers_init(); |
| 213 | | | |
| 214 | | | module_dir_init(modules); |
| 215 | | | |
| 216 | | | if (getenv("DUMP_CAPABILITY") != NULL) { |
Event 11:
Skipping " if". getenv(...) != (void *)0 evaluates to false.
hide
|
|
| 217 | | | printf("%s\n", str_c(capability_string)); |
| 218 | | | exit(0); |
| 219 | | | } |
| 220 | | | |
| 221 | | | str = getenv("IMAP_CAPABILITY"); |
| 222 | | | if (str != NULL && *str != '\0') { |
Event 12:
Skipping " if". str != (void *)0 evaluates to false.
hide
|
|
| 223 | | | |
| 224 | | | str_truncate(capability_string, 0); |
| 225 | | | str_append(capability_string, str); |
| 226 | | | } |
| 227 | | | |
| 228 | | | str = getenv("IMAP_MAX_LINE_LENGTH"); |
| 229 | | | imap_max_line_length = str != NULL ? |
Event 13:
str != (void *)0 evaluates to true.
hide
|
|
| 230 | | | (unsigned int)strtoul(str, NULL, 10) : |
| 231 | | | DEFAULT_IMAP_MAX_LINE_LENGTH; |
| 232 | | | |
| 233 | | | logout_format = getenv("IMAP_LOGOUT_FORMAT"); |
| 234 | | | if (logout_format == NULL) |
Event 14:
Skipping " if". logout_format == (void *)0 evaluates to false.
hide
|
|
| 235 | | | logout_format = "bytes=%i/%o"; |
| 236 | | | |
| 237 | | | imap_id_send = getenv("IMAP_ID_SEND"); |
| 238 | | | imap_id_log = getenv("IMAP_ID_LOG"); |
| 239 | | | |
| 240 | | | parse_workarounds(); |
| 241 | | | |
| 242 | | | user = mail_user_init(username); |
| 243 | | | mail_user_set_home(user, home); |
| 244 | [+] | | if (mail_namespaces_init(user) < 0) |
 |
| 245 | | | i_fatal("Namespace initialization failed"); |
| 246 | | | client = client_create(0, 1, user); |
| 247 | | | |
| 248 | | | output = client->output; |
| 249 | | | o_stream_ref(output); |
| 250 | | | o_stream_cork(output); |
| 251 | | | |
| 252 | | | |
| 253 | | | tag = getenv("IMAPLOGINTAG"); |
| 254 | | | if (tag == NULL) { |
Event 21:
Taking true branch. tag == (void *)0 evaluates to true.
hide
|
|
| 255 | | | client_send_line(client, t_strconcat( |
| 256 | | | "* PREAUTH [CAPABILITY ", |
| 257 | | | str_c(capability_string), "] " |
| 258 | | | "Logged in as ", user->username, NULL)); |
| 259 | | | } else { |
| 260 | | | client_send_line(client, t_strconcat( |
| 261 | | | tag, " OK [CAPABILITY ", |
| 262 | | | str_c(capability_string), "] Logged in", NULL)); |
| 263 | | | } |
| 264 | | | str = getenv("CLIENT_INPUT"); |
Event 23:
Inside getenv(), *getenv("CLIENT_INPUT") is set to a potentially dangerous value [ ?potentially dangerous: the value cannot be determined and may come from program input]. - This determines the position accessed in the buffer during the buffer overrun later.
hide
Event 24:
str is set to getenv("CLIENT_INPUT"). See related event 22.
hide
|
|
| 265 | | | if (str != NULL) T_BEGIN {
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/data-stack.h |
| |
49 | #define T_BEGIN \ |
50 | STMT_START { unsigned int _data_stack_cur_id = t_push(); |
| |
|
Event 25:
Taking true branch. str != (void *)0 evaluates to true.
hide
|
|
| 266 | [+] | | buffer_t *buf = t_base64_decode_str(str); |
Event 26:
str, which evaluates to getenv("CLIENT_INPUT") from main.c:264, is passed to t_base64_decode_str(). See related event 24.
hide
|
|
 |
| |