(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/plugins/convert/convert-storage.c) |
| |
| 134 | | | static int mailbox_convert_maildir_to_dbox(struct mail_storage *src_storage, |
| 135 | | | struct mail_storage *dest_storage, |
| 136 | | | const char *src_name, |
| 137 | | | const char *dest_name) |
| 138 | | | { |
| 139 | | | static const char *maildir_files[] = { |
| 140 | | | "dovecot-uidlist", |
| 141 | | | "dovecot-keywords", |
| 142 | | | "dovecot.index", |
| 143 | | | "dovecot.index.log", |
| 144 | | | "dovecot.index.cache" |
| 145 | | | }; |
| 146 | | | string_t *src, *dest; |
| 147 | | | DIR *dir; |
| 148 | | | struct dirent *dp; |
| 149 | | | const char *src_path, *dest_path, *new_path, *cur_path; |
| 150 | | | unsigned int i, src_dir_len, dest_dir_len; |
| 151 | | | bool t; |
| 152 | | | int ret; |
| 153 | | | |
| 154 | | | |
| 155 | | | |
| 156 | [+] | | if (mail_storage_mailbox_create(dest_storage, dest_name, TRUE) < 0) { |
Event 1:
Skipping " if". !0 evaluates to true.
hide
|
|
 |
| 157 | | | i_error("Mailbox conversion: " |
| 158 | | | "Couldn't create mailbox %s: %s", |
| 159 | | | dest_name, storage_error(dest_storage)); |
| 160 | | | return -1; |
| 161 | | | } |
| 162 | | | |
| 163 | | | src_path = mail_storage_get_mailbox_path(src_storage, src_name, &t); |
| 164 | | | dest_path = mail_storage_get_mailbox_path(dest_storage, dest_name, &t); |
| 165 | | | |
| 166 | | | |
| 167 | [+] | | cur_path = t_strconcat(src_path, "/cur", NULL); |
 |
| 168 | | | |
| 169 | | | if (rename(cur_path, dest_path) < 0) { |
Event 10:
cur_path, which evaluates to NULL, is passed to rename() as the first argument. See related event 9.
hide
Null Pointer Dereference
The body of rename() dereferences cur_path, but it is NULL. The issue can occur if the highlighted code executes. See related event 10. Show: All events | Only primary events |
|
| |