(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-isakmp.c) |
| |
| 2645 | | | dissect_enc(tvbuff_t *tvb, int offset, int length, proto_tree *tree, |
| 2646 | | | proto_tree *p _U_, packet_info *pinfo, int isakmp_version _U_, int unused _U_, guint8 inner_payload) |
| 2647 | | | { |
| 2648 | | | #ifdef HAVE_LIBGCRYPT |
| 2649 | | | ikev2_decrypt_data_t *key_info = NULL; |
| 2650 | | | gint iv_len, encr_data_len, icd_len, encr_key_len, decr_data_len, md_len; |
| 2651 | | | guint8 pad_len; |
| 2652 | | | guchar *iv = NULL, *encr_data = NULL, *decr_data = NULL, *entire_message = NULL, *md = NULL; |
| 2653 | | | gcry_cipher_hd_t cipher_hd; |
| 2654 | | | gcry_md_hd_t md_hd; |
| 2655 | | | gcry_error_t err = 0; |
| 2656 | | | proto_item *item = NULL, *icd_item = NULL, *encr_data_item = NULL, *padlen_item = NULL; |
| 2657 | | | tvbuff_t *decr_tvb = NULL; |
| 2658 | | | gint payloads_len; |
| 2659 | | | proto_tree *decr_tree = NULL, *decr_payloads_tree = NULL; |
| 2660 | | | |
| 2661 | | | |
| 2662 | | | if (pinfo->private_data) { |
Event 1:
Taking true branch. pinfo->private_data evaluates to true.
hide
|
|
| 2663 | | | key_info = (ikev2_decrypt_data_t*)(pinfo->private_data); |
| 2664 | | | encr_key_len = key_info->encr_spec->key_len; |
| 2665 | | | iv_len = key_info->encr_spec->iv_len; |
| 2666 | | | icd_len = key_info->auth_spec->trunc_len; |
| 2667 | | | encr_data_len = length - iv_len - icd_len; |
| 2668 | | | |
| 2669 | | | |
| 2670 | | | |
| 2671 | | | |
| 2672 | | | |
| 2673 | | | if (encr_data_len <= 0) { |
Event 2:
Skipping " if". encr_data_len <= 0 evaluates to false.
hide
|
|
| 2674 | | | item = proto_tree_add_text(tree, tvb, offset, length, "Not enough data for IV, Encrypted data and ICD."); |
| 2675 | | | expert_add_info_format(pinfo, item, PI_MALFORMED, PI_WARN, "Not enough data in IKEv2 Encrypted payload"); |
| 2676 | | | PROTO_ITEM_SET_GENERATED(item);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
325 | #define PROTO_ITEM_SET_GENERATED(proto_item) \ |
326 | ((proto_item) ? FI_SET_FLAG((proto_item)->finfo, FI_GENERATED) : 0) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
246 | #define FI_SET_FLAG(fi, flag) (fi->flags = fi->flags | flag) |
| |
|
| 2677 | | | return; |
| 2678 | | | } |
| 2679 | | | |
| 2680 | | | |
| 2681 | | | |
| 2682 | | | |
| 2683 | | | |
| 2684 | | | if (iv_len) { |
Event 3:
Skipping " if". iv_len evaluates to false.
hide
|
|
| 2685 | | | proto_tree_add_text(tree, tvb, offset, iv_len, "Initialization Vector (%d bytes): 0x%s", |
| 2686 | | | iv_len, tvb_bytes_to_str(tvb, offset, iv_len)); |
| 2687 | | | iv = ep_tvb_memdup(tvb, offset, iv_len); |
| 2688 | | | |
| 2689 | | | offset += iv_len; |
| 2690 | | | } |
| 2691 | | | |
| 2692 | | | |
| 2693 | | | |
| 2694 | | | |
| 2695 | [+] | | encr_data_item = proto_tree_add_text(tree, tvb, offset, encr_data_len, "Encrypted Data (%d bytes)", encr_data_len); |
 |
| 2696 | | | encr_data = ep_tvb_memdup(tvb, offset, encr_data_len); |
| 2697 | | | offset += encr_data_len; |
| 2698 | | | |
| 2699 | | | |
| 2700 | | | |
| 2701 | | | |
| 2702 | | | |
| 2703 | | | if (icd_len) { |
Event 14:
Taking true branch. icd_len evaluates to true.
hide
|
|
| 2704 | [+] | | icd_item = proto_tree_add_text(tree, tvb, offset, icd_len, "Integrity Checksum Data (%d bytes) ", icd_len); |
 |
| 2705 | | | |
| 2706 | | | |
| 2707 | | | |
| 2708 | | | |
| 2709 | | | if (key_info->auth_spec->gcry_alg) { |
Event 16:
Taking false branch. key_info->auth_spec->gcry_alg evaluates to false.
hide
|
|
| 2710 | | | err = gcry_md_open(&md_hd, key_info->auth_spec->gcry_alg, key_info->auth_spec->gcry_flag); |
| 2711 | | | if (err) { |
| 2712 | | | REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 hashing error: algorithm %d: gcry_md_open failed: %s",
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
106 | #define REPORT_DISSECTOR_BUG(message) \ |
107 | ((getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL) ? \ |
108 | abort() : \ |
109 | THROW_MESSAGE(DissectorError, message)) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
226 | #define THROW_MESSAGE(x, y) \ |
227 | except_throw(XCEPT_GROUP_WIRESHARK, (x), (y)) |
| |
|
| 2713 | | | key_info->auth_spec->gcry_alg, gcry_strerror(err))); |
| 2714 | | | } |
| 2715 | | | err = gcry_md_setkey(md_hd, key_info->auth_key, key_info->auth_spec->key_len); |
| 2716 | | | if (err) { |
| 2717 | | | REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 hashing error: algorithm %s, key length %u: gcry_md_setkey failed: %s",
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
106 | #define REPORT_DISSECTOR_BUG(message) \ |
107 | ((getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL) ? \ |
108 | abort() : \ |
109 | THROW_MESSAGE(DissectorError, message)) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
226 | #define THROW_MESSAGE(x, y) \ |
227 | except_throw(XCEPT_GROUP_WIRESHARK, (x), (y)) |
| |
|
| 2718 | | | gcry_md_algo_name(key_info->auth_spec->gcry_alg), key_info->auth_spec->key_len, gcry_strerror(err))); |
| 2719 | | | } |
| 2720 | | | |
| 2721 | | | |
| 2722 | | | entire_message = ep_tvb_memdup(tvb, 0, offset); |
| 2723 | | | gcry_md_write(md_hd, entire_message, offset); |
| 2724 | | | md = gcry_md_read(md_hd, 0); |
| 2725 | | | md_len = gcry_md_get_algo_dlen(key_info->auth_spec->gcry_alg); |
| 2726 | | | if (md_len < icd_len) { |
| 2727 | | | gcry_md_close(md_hd); |
| 2728 | | | REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 hashing error: algorithm %s: gcry_md_get_algo_dlen returned %d which is smaller than icd length %d",
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
106 | #define REPORT_DISSECTOR_BUG(message) \ |
107 | ((getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL) ? \ |
108 | abort() : \ |
109 | THROW_MESSAGE(DissectorError, message)) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
226 | #define THROW_MESSAGE(x, y) \ |
227 | except_throw(XCEPT_GROUP_WIRESHARK, (x), (y)) |
| |
|
| 2729 | | | gcry_md_algo_name(key_info->auth_spec->gcry_alg), md_len, icd_len)); |
| 2730 | | | } |
| 2731 | | | if (tvb_memeql(tvb, offset, md, icd_len) == 0) { |
| 2732 | | | proto_item_append_text(icd_item, "[correct]"); |
| 2733 | | | } else { |
| 2734 | | | proto_item_append_text(icd_item, "[incorrect, should be %s]", bytes_to_str(md, icd_len)); |
| 2735 | | | expert_add_info_format(pinfo, icd_item, PI_CHECKSUM, PI_WARN, "IKEv2 Integrity Checksum Data is incorrect"); |
| 2736 | | | } |
| 2737 | | | gcry_md_close(md_hd); |
| 2738 | | | } else { |
| 2739 | | | proto_item_append_text(icd_item, "[not validated]"); |
| 2740 | | | } |
| 2741 | | | offset += icd_len; |
| 2742 | | | } |
| 2743 | | | |
| 2744 | | | |
| 2745 | | | |
| 2746 | | | |
| 2747 | | | if (encr_data_len % key_info->encr_spec->block_len != 0) { |
Event 17:
Skipping " if". encr_data_len % key_info->encr_spec->block_len != 0 evaluates to false.
hide
|
|
| 2748 | | | proto_item_append_text(encr_data_item, "[Invalid length, should be a multiple of block size (%u)]", |
| 2749 | | | key_info->encr_spec->block_len); |
| 2750 | | | expert_add_info_format(pinfo, encr_data_item, PI_MALFORMED, PI_WARN, "Encrypted data length isn't a multiple of block size"); |
| 2751 | | | return; |
| 2752 | | | } |
| 2753 | | | |
| 2754 | | | |
| 2755 | | | |
| 2756 | | | |
| 2757 | | | decr_data = (guchar*)g_malloc(encr_data_len); |
| 2758 | | | decr_data_len = encr_data_len; |
| 2759 | | | |
| 2760 | | | |
| 2761 | | | |
| 2762 | | | |
| 2763 | | | |
| 2764 | | | if (key_info->encr_spec->number == IKEV2_ENCR_NULL) { |
Event 19:
Taking true branch. key_info->encr_spec->number == 1 evaluates to true.
hide
|
|
| 2765 | | | memcpy(decr_data, encr_data, decr_data_len); |
| 2766 | | | } else { |
| 2767 | | | err = gcry_cipher_open(&cipher_hd, key_info->encr_spec->gcry_alg, key_info->encr_spec->gcry_mode, 0); |
| 2768 | | | if (err) { |
| 2769 | | | g_free(decr_data); |
| 2770 | | | REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 decryption error: algorithm %d, mode %d: gcry_cipher_open failed: %s",
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
106 | #define REPORT_DISSECTOR_BUG(message) \ |
107 | ((getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL) ? \ |
108 | abort() : \ |
109 | THROW_MESSAGE(DissectorError, message)) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
226 | #define THROW_MESSAGE(x, y) \ |
227 | except_throw(XCEPT_GROUP_WIRESHARK, (x), (y)) |
| |
|
| 2771 | | | key_info->encr_spec->gcry_alg, key_info->encr_spec->gcry_mode, gcry_strerror(err))); |
| 2772 | | | } |
| 2773 | | | err = gcry_cipher_setkey(cipher_hd, key_info->encr_key, key_info->encr_spec->key_len); |
| 2774 | | | if (err) { |
| 2775 | | | g_free(decr_data); |
| 2776 | | | REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 decryption error: algorithm %d, key length %d: gcry_cipher_setkey failed: %s",
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
106 | #define REPORT_DISSECTOR_BUG(message) \ |
107 | ((getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL) ? \ |
108 | abort() : \ |
109 | THROW_MESSAGE(DissectorError, message)) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
226 | #define THROW_MESSAGE(x, y) \ |
227 | except_throw(XCEPT_GROUP_WIRESHARK, (x), (y)) |
| |
|
| 2777 | | | key_info->encr_spec->gcry_alg, key_info->encr_spec->key_len, gcry_strerror(err))); |
| 2778 | | | } |
| 2779 | | | err = gcry_cipher_setiv(cipher_hd, iv, iv_len); |
| 2780 | | | if (err) { |
| 2781 | | | g_free(decr_data); |
| 2782 | | | REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 decryption error: algorithm %d, iv length %d: gcry_cipher_setiv failed: %s",
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
106 | #define REPORT_DISSECTOR_BUG(message) \ |
107 | ((getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL) ? \ |
108 | abort() : \ |
109 | THROW_MESSAGE(DissectorError, message)) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
226 | #define THROW_MESSAGE(x, y) \ |
227 | except_throw(XCEPT_GROUP_WIRESHARK, (x), (y)) |
| |
|
| 2783 | | | key_info->encr_spec->gcry_alg, iv_len, gcry_strerror(err))); |
| 2784 | | | } |
| 2785 | | | err = gcry_cipher_decrypt(cipher_hd, decr_data, decr_data_len, encr_data, encr_data_len); |
| 2786 | | | if (err) { |
| 2787 | | | g_free(decr_data); |
| 2788 | | | REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 decryption error: algorithm %d: gcry_cipher_decrypt failed: %s",
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
106 | #define REPORT_DISSECTOR_BUG(message) \ |
107 | ((getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL) ? \ |
108 | abort() : \ |
109 | THROW_MESSAGE(DissectorError, message)) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
226 | #define THROW_MESSAGE(x, y) \ |
227 | except_throw(XCEPT_GROUP_WIRESHARK, (x), (y)) |
| |
|
| 2789 | | | key_info->encr_spec->gcry_alg, gcry_strerror(err))); |
| 2790 | | | } |
| 2791 | | | gcry_cipher_close(cipher_hd); |
| 2792 | | | } |
| 2793 | | | |
| 2794 | | | |
| 2795 | | | decr_tvb = tvb_new_real_data(decr_data, decr_data_len, decr_data_len); |
| 2796 | | | tvb_set_free_cb(decr_tvb, g_free); |
| 2797 | | | tvb_set_child_real_data_tvbuff(tvb, decr_tvb); |
| 2798 | | | add_new_data_source(pinfo, decr_tvb, "Decrypted Data"); |
| 2799 | [+] | | item = proto_tree_add_text(tree, decr_tvb, 0, decr_data_len, "Decrypted Data (%d bytes)", decr_data_len); |
 |
| 2800 | | | |
| 2801 | | | if (icd_item) { |
Event 23:
Taking true branch. icd_item evaluates to true.
hide
|
|
| 2802 | [+] | | proto_tree_move_item(tree, item, icd_item); |
Event 24:
item, which evaluates to NULL, is passed to proto_tree_move_item() as the second argument. See related event 22.
hide
|
|
 |
| |