(/home/sate/Testcases/c/cve/wireshark-1.2.0/gtk/follow_tcp.c) |
| |
| 329 | | | follow_read_tcp_stream(follow_info_t *follow_info, |
| 330 | | | gboolean (*print_line)(char *, size_t, gboolean, void *), |
| 331 | | | void *arg) |
| 332 | | | { |
| 333 | | | tcp_stream_chunk sc; |
| 334 | | | int bcount, iplen; |
| 335 | | | guint8 client_addr[MAX_IPADDR_LEN]; |
| 336 | | | guint16 client_port = 0; |
| 337 | | | gboolean is_server; |
| 338 | | | guint32 global_client_pos = 0, global_server_pos = 0; |
| 339 | | | guint32 server_packet_count = 0; |
| 340 | | | guint32 client_packet_count = 0; |
| 341 | | | guint32 *global_pos; |
| 342 | | | gboolean skip; |
| 343 | | | char buffer[FLT_BUF_SIZE+1]; |
| 344 | | | size_t nchars; |
| 345 | | | frs_return_t frs_return; |
| 346 | | | |
| 347 | | | iplen = (follow_info->is_ipv6) ? 16 : 4; |
Event 1:
follow_info->is_ipv6 evaluates to true.
hide
|
|
| 348 | | | |
| 349 | | | data_out_file = ws_fopen(follow_info->data_out_filename, "rb"); |
| 350 | | | if (data_out_file == NULL) { |
Event 2:
Skipping " if". data_out_file == (void *)0 evaluates to false.
hide
|
|
| 351 | | | simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, |
| 352 | | | "Could not open temporary file %s: %s", follow_info->data_out_filename, |
| 353 | | | strerror(errno)); |
| 354 | | | return FRS_OPEN_ERROR; |
| 355 | | | } |
| 356 | | | |
| 357 | | | while ((nchars=fread(&sc, 1, sizeof(sc), data_out_file))) { |
Event 3:
Entering loop body. nchars = fread(...) evaluates to true.
hide
|
|
| 358 | | | if (nchars != sizeof(sc)) { |
Event 4:
Skipping " if". nchars != sizeof( sc ) evaluates to false.
hide
|
|
| 359 | | | simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, |
| 360 | | | "Short read from temporary file %s: expected %lu, got %lu", |
| 361 | | | follow_info->data_out_filename, |
| 362 | | | (unsigned long)sizeof(sc), |
| 363 | | | (unsigned long)nchars); |
| 364 | | | fclose(data_out_file); |
| 365 | | | data_out_file = NULL; |
| 366 | | | return FRS_READ_ERROR; |
| 367 | | | } |
| 368 | | | if (client_port == 0) { |
Event 5:
Taking true branch. client_port == 0 evaluates to true.
hide
|
|
| 369 | | | memcpy(client_addr, sc.src_addr, iplen); |
| 370 | | | client_port = sc.src_port; |
| 371 | | | } |
| 372 | | | skip = FALSE; |
| 373 | | | if (memcmp(client_addr, sc.src_addr, iplen) == 0 && |
| 374 | | | client_port == sc.src_port) { |
| 375 | | | is_server = FALSE; |
| 376 | | | global_pos = &global_client_pos; |
| 377 | | | if (follow_info->show_stream == FROM_SERVER) { |
Event 7:
Skipping " if". follow_info->show_stream == FROM_SERVER evaluates to false.
hide
|
|
| 378 | | | skip = TRUE; |
| 379 | | | } |
| 380 | | | } |
| 381 | | | else { |
| 382 | | | is_server = TRUE; |
| 383 | | | global_pos = &global_server_pos; |
| 384 | | | if (follow_info->show_stream == FROM_CLIENT) { |
| 385 | | | skip = TRUE; |
| 386 | | | } |
| 387 | | | } |
| 388 | | | |
| 389 | | | while (sc.dlen > 0) { |
Event 9:
Continuing from loop body. Entering loop body. sc.dlen > 0 evaluates to true.
hide
|
|
| 390 | | | bcount = (sc.dlen < FLT_BUF_SIZE) ? sc.dlen : FLT_BUF_SIZE; |
Event 10:
sc.dlen < 1024 evaluates to false.
hide
|
|
| 391 | | | nchars = fread(buffer, 1, bcount, data_out_file); |
Event 11:
buffer is passed to fread() as the first argument.
hide
Event 12:
Inside fread(), *buffer is set to a potentially dangerous value [ ?potentially dangerous: the value cannot be determined and may come from program input]. - Determines the value that is cast in the Cast Alters Value warning later.
See related event 11.
hide
|
|
| 392 | | | if (nchars == 0) |
Event 13:
Skipping " if". nchars == 0 evaluates to false.
hide
|
|
| 393 | | | break; |
| 394 | | | |
| 395 | | | sc.dlen -= (guint32) nchars; |
| 396 | | | |
| 397 | | | if (!skip) { |
Event 14:
Taking true branch. skip evaluates to false.
hide
|
|
| 398 | | | frs_return = follow_show(follow_info, print_line, buffer, |
Event 15:
buffer is passed to follow_show() as the third argument.
hide
|
|
| 399 | | | nchars, is_server, arg, global_pos, |
| 400 | | | &server_packet_count, |
| 401 | [+] | | &client_packet_count); |
 |
| 402 | | | if(frs_return == FRS_PRINT_ERROR) { |
| |