(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-srvloc.c) |
| |
| 507 | | | attr_list(proto_tree *tree, int hf, tvbuff_t *tvb, int offset, int length, |
| 508 | | | guint16 encoding) |
| 509 | | | { |
| 510 | | | char *attr_type; |
| 511 | | | int i, svc, ss, type_len, foffset=offset; |
| 512 | | | guint32 prot; |
| 513 | | | guint8 *byte_value; |
| 514 | | | proto_item *ti; |
| 515 | | | proto_tree *srvloc_tree; |
| 516 | | | char *tmp; |
| 517 | | | |
| 518 | | | static const value_string srvloc_svc[] = { |
| 519 | | | { 50, "TCP/UDP" }, |
| 520 | | | { 54, "IPX" }, |
| 521 | | | { 0, NULL } |
| 522 | | | }; |
| 523 | | | |
| 524 | | | static const value_string srvloc_ss[] = { |
| 525 | | | { 49, "Socket" }, |
| 526 | | | { 50, "Datagram" }, |
| 527 | | | { 0, NULL } |
| 528 | | | }; |
| 529 | | | |
| 530 | | | static const value_string srvloc_prot[] = { |
| 531 | | | { 54, "TCP" }, |
| 532 | | | { 17, "UDP" }, |
| 533 | | | { 1000, "IPX" }, |
| 534 | | | { 0, NULL } |
| 535 | | | }; |
| 536 | | | |
| 537 | | | switch (encoding) { |
| 538 | | | |
| 539 | | | case CHARSET_ISO_10646_UCS_2: |
| 540 | | | while (offset+2<length) { |
| 541 | | | offset += 2; |
| 542 | | | |
| 543 | | | if (tvb_length_remaining(tvb, 4)<length) { |
| 544 | | | proto_tree_add_text(tree, tvb, offset, -1, "Status: Too much data to pass inside this protocol. Resubmit request using a streaming protocol like TCP."); |
| 545 | | | proto_tree_add_text(tree, tvb, offset, -1, "Note: Protocol dissection is aborted due to packet overflow. See overflow flag."); |
| 546 | | | break; |
| 547 | | | } |
| 548 | | | |
| 549 | | | tmp = tvb_get_ephemeral_faked_unicode(tvb, offset, (length-offset)/2, FALSE); |
| 550 | | | type_len = (int)strcspn(tmp, "="); |
| 551 | | | attr_type = tvb_get_ephemeral_faked_unicode(tvb, offset, type_len, FALSE); |
| 552 | | | proto_tree_add_string(tree, hf, tvb, offset, type_len*2, attr_type); |
| 553 | | | offset += (type_len*2)+2; |
| 554 | | | |
| 555 | | | if (strcmp(attr_type, "svcname-ws")==0) { |
| 556 | | | tmp = tvb_get_ephemeral_faked_unicode(tvb, offset, (length-offset)/2, FALSE); |
| 557 | | | type_len = (int)strcspn(tmp, ")"); |
| 558 | | | add_v1_string(tree, hf_srvloc_srvrply_svcname, tvb, offset, type_len*2, encoding); |
| 559 | | | offset += (type_len*2)+4; |
| 560 | | | attr_type[0] = '\0'; |
| 561 | | | } |
| 562 | | | |
| 563 | | | if (strcmp(attr_type, "svcaddr-ws")==0) { |
| 564 | | | i=1; |
| 565 | | | for (foffset = offset; foffset<length; foffset += 2) { |
Event 2:
Continuing from loop body. Leaving loop. foffset < length evaluates to false.
hide
|
|
| 566 | | | |
| 567 | | | ti = proto_tree_add_text(tree, tvb, foffset, -1, "Item %d", i); |
| 568 | | | srvloc_tree = proto_item_add_subtree(ti, ett_srvloc_attr); |
| 569 | | | |
| 570 | | | svc = tvb_get_guint8(tvb, foffset+1); |
| 571 | | | proto_tree_add_text(srvloc_tree, tvb, foffset+1, 1, |
| 572 | | | "Service Type: %s", val_to_str(svc, srvloc_svc, "Unknown")); |
| 573 | | | ss = tvb_get_guint8(tvb, foffset+5); |
| 574 | | | proto_tree_add_text(srvloc_tree, tvb, foffset+5, 1, |
| 575 | | | "Communication Type: %s", val_to_str(ss, srvloc_ss, "Unknown")); |
| 576 | | | foffset += 9; |
| 577 | | | if (svc == 50) { |
| 578 | | | if (tvb_get_guint8(tvb, foffset)==54) { |
| 579 | | | prot = tvb_get_guint8(tvb, foffset); |
| 580 | | | proto_tree_add_text(srvloc_tree, tvb, foffset, 1, |
| 581 | | | "Protocol: %s", val_to_str(prot, srvloc_prot, "Unknown")); |
| 582 | | | foffset += 2; |
| 583 | | | } |
| 584 | | | else |
| 585 | | | { |
| 586 | | | byte_value = unicode_to_bytes(tvb, foffset, 4, FALSE); |
| 587 | | | prot = atol(byte_value); |
| 588 | | | proto_tree_add_text(srvloc_tree, tvb, foffset, 4, |
| 589 | | | "Protocol: %s", val_to_str(prot, srvloc_prot, "Unknown")); |
| 590 | | | foffset += 4; |
| 591 | | | } |
| 592 | | | } |
| 593 | | | else |
| 594 | | | { |
| 595 | | | byte_value = unicode_to_bytes(tvb, foffset, 8, FALSE); |
| 596 | | | prot = atol(byte_value); |
| 597 | | | proto_tree_add_text(srvloc_tree, tvb, foffset, 8, |
| 598 | | | "Protocol: %s", val_to_str(prot, srvloc_prot, "Unknown")); |
| 599 | | | foffset += 8; |
| 600 | | | } |
| 601 | | | if (svc == 50) { |
| 602 | | | byte_value = unicode_to_bytes(tvb, foffset, 16, TRUE); |
| 603 | | | sscanf(byte_value,"%x",&prot); |
| 604 | | | proto_tree_add_ipv4(srvloc_tree, hf_srvloc_add_ref_ip, tvb, foffset+2, 16, prot); |
| 605 | | | byte_value = unicode_to_bytes(tvb, foffset+18, 8, FALSE); |
| 606 | | | sscanf(byte_value,"%x",&prot); |
Ignored Return Value
The return value of __isoc99_sscanf() is never checked in the highlighted execution scenario. - If the return value can indicate an error, the error will be ignored if the highlighted code executes.
- CodeSonar is configured to enforce Ignored Return Value checks for __isoc99_sscanf(). (To change the set of enforced Ignored Return Value checks, use configuration file parameters RETURN_CHECKER_CHECKED_FUNCS and RETURN_CHECKER_IGNORED_FUNCS).
Show: All events | Only primary events |
|
| 607 | | | proto_tree_add_text(srvloc_tree, tvb, foffset+18, 8, "Port: %d", prot); |
| 608 | | | } |
| 609 | | | else |
| 610 | | | { |
| 611 | | | byte_value = unicode_to_bytes(tvb, foffset+2, 16, FALSE); |
| 612 | | | sscanf(byte_value,"%x",&prot); |
| 613 | | | proto_tree_add_text(srvloc_tree, tvb, foffset+2, 16, "Network: %s", byte_value); |
| 614 | | | byte_value = unicode_to_bytes(tvb, foffset+18, 24, FALSE); |
| 615 | | | sscanf(byte_value,"%x",&prot); |
| 616 | | | proto_tree_add_text(srvloc_tree, tvb, foffset+18, 24, "Node: %s", byte_value); |
| 617 | | | byte_value = unicode_to_bytes(tvb, foffset+42, 8, FALSE); |
| 618 | | | sscanf(byte_value,"%x",&prot); |
| 619 | | | proto_tree_add_text(srvloc_tree, tvb, foffset+42, 8, "Socket: %s", byte_value); |
| 620 | | | } |
| 621 | | | i++; |
| 622 | | | foffset += 57; |
| 623 | | | } |
| 624 | | | offset = foffset; |
| 625 | | | attr_type[0] = '\0'; |
| 626 | | | } |
| 627 | | | |
| 628 | | | if (strcmp(attr_type, "svcaddr-ws")!=0 && strcmp(attr_type, "svcname-ws")!=0 && strcmp(attr_type, "\0")!=0) { |
| 629 | | | break; |
| 630 | | | } |
| 631 | | | } |
| 632 | | | break; |
| 633 | | | |
| 634 | | | case CHARSET_UTF_8: |
| 635 | | | type_len = (int)strcspn(tvb_get_ptr(tvb, offset, length), "="); |
| 636 | | | attr_type = unicode_to_bytes(tvb, offset+1, type_len-1, FALSE); |
| 637 | | | proto_tree_add_string(tree, hf, tvb, offset+1, type_len-1, attr_type); |
| 638 | | | i=1; |
| 639 | | | for (foffset = offset + (type_len); foffset<length; foffset++) { |
| 640 | | | |
| 641 | | | ti = proto_tree_add_text(tree, tvb, foffset, -1, "Item %d", i); |
| 642 | | | srvloc_tree = proto_item_add_subtree(ti, ett_srvloc_attr); |
| 643 | | | |
| 644 | | | svc = tvb_get_guint8(tvb, foffset+1); |
| 645 | | | proto_tree_add_text(srvloc_tree, tvb, foffset+1, 1, |
| 646 | | | "Service Type: %s", val_to_str(svc, srvloc_svc, "Unknown")); |
| 647 | | | ss = tvb_get_guint8(tvb, foffset+3); |
| 648 | | | proto_tree_add_text(srvloc_tree, tvb, foffset+3, 1, |
| 649 | | | "Communication Type: %s", val_to_str(ss, srvloc_ss, "Unknown")); |
| 650 | | | foffset += 5; |
| 651 | | | if (svc == 50) { |
| 652 | | | if (tvb_get_guint8(tvb, foffset)==54) { |
| 653 | | | prot = tvb_get_guint8(tvb, foffset); |
| 654 | | | proto_tree_add_text(srvloc_tree, tvb, foffset, 1, |
| 655 | | | "Protocol: %s", val_to_str(prot, srvloc_prot, "Unknown")); |
| 656 | | | foffset += 1; |
| 657 | | | } |
| 658 | | | else |
| 659 | | | { |
| 660 | | | |
| 661 | | | byte_value = unicode_to_bytes(tvb, foffset, 2, FALSE); |
| 662 | | | prot = atol(byte_value); |
| 663 | | | proto_tree_add_text(srvloc_tree, tvb, foffset, 2, |
| 664 | | | "Protocol: %s", val_to_str(prot, srvloc_prot, "Unknown")); |
| 665 | | | foffset += 2; |
| 666 | | | } |
| 667 | | | } |
| 668 | | | else |
| 669 | | | { |
| 670 | | | byte_value = unicode_to_bytes(tvb, foffset, 4, FALSE); |
| 671 | | | prot = atol(byte_value); |
| 672 | | | proto_tree_add_text(srvloc_tree, tvb, foffset, 4, |
| 673 | | | "Protocol: %s", val_to_str(prot, srvloc_prot, "Unknown")); |
| 674 | | | foffset += 4; |
| 675 | | | } |
| 676 | | | if (svc == 50) { |
| 677 | | | byte_value = unicode_to_bytes(tvb, foffset, 8, TRUE); |
| 678 | | | sscanf(byte_value,"%x",&prot); |
| 679 | | | proto_tree_add_ipv4(srvloc_tree, hf_srvloc_add_ref_ip, tvb, foffset+1, 8, prot); |
| 680 | | | byte_value = unicode_to_bytes(tvb, foffset+9, 4, FALSE); |
| 681 | | | sscanf(byte_value,"%x",&prot); |
| 682 | | | proto_tree_add_text(srvloc_tree, tvb, foffset+9, 4, "Port: %d", prot); |
| 683 | | | } |
| 684 | | | else |
| 685 | | | { |
| 686 | | | byte_value = unicode_to_bytes(tvb, foffset+1, 8, FALSE); |
| 687 | | | sscanf(byte_value,"%x",&prot); |
| 688 | | | proto_tree_add_text(srvloc_tree, tvb, foffset+1, 8, "Network: %s", byte_value); |
| 689 | | | byte_value = unicode_to_bytes(tvb, foffset+9, 12, FALSE); |
| 690 | | | sscanf(byte_value,"%x",&prot); |
| 691 | | | proto_tree_add_text(srvloc_tree, tvb, foffset+9, 12, "Node: %s", byte_value); |
| 692 | | | byte_value = unicode_to_bytes(tvb, foffset+21, 4, FALSE); |
| 693 | | | sscanf(byte_value,"%x",&prot); |
| 694 | | | proto_tree_add_text(srvloc_tree, tvb, foffset+21, 4, "Socket: %s", byte_value); |
| 695 | | | } |
| 696 | | | i++; |
| 697 | | | foffset += 28; |
| 698 | | | } |
| 699 | | | break; |
| 700 | | | |
| 701 | | | |
| 702 | | | default: |
| 703 | | | proto_tree_add_item(tree, hf, tvb, offset, length, TRUE); |
| 704 | | | break; |
| 705 | | | } |
| 706 | | | } |
| |