(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-snmp.c) |
| |
| 1222 | | | static gboolean snmp_usm_auth_md5(snmp_usm_params_t* p, guint8** calc_auth_p, guint* calc_auth_len_p, gchar const** error) { |
| 1223 | | | guint msg_len; |
| 1224 | | | guint8* msg; |
| 1225 | | | guint auth_len; |
| 1226 | | | guint8* auth; |
| 1227 | | | guint8* key; |
| 1228 | | | guint key_len; |
| 1229 | | | guint8 *calc_auth; |
| 1230 | | | guint start; |
| 1231 | | | guint end; |
| 1232 | | | guint i; |
| 1233 | | | |
| 1234 | | | if (!p->auth_tvb) { |
Event 1:
Skipping " if". p->auth_tvb evaluates to true.
hide
|
|
| 1235 | | | *error = "No Authenticator"; |
| 1236 | | | return FALSE; |
| 1237 | | | } |
| 1238 | | | |
| 1239 | | | key = p->user_assoc->user.authKey.data; |
| 1240 | | | key_len = p->user_assoc->user.authKey.len; |
| 1241 | | | |
| 1242 | | | if (! key ) { |
Event 2:
Skipping " if". key evaluates to true.
hide
|
|
| 1243 | | | *error = "User has no authKey"; |
| 1244 | | | return FALSE; |
| 1245 | | | } |
| 1246 | | | |
| 1247 | | | |
| 1248 | [+] | | auth_len = tvb_length_remaining(p->auth_tvb,0); |
 |
| 1249 | | | |
| 1250 | | | if (auth_len != 12) { |
Event 14:
Skipping " if". auth_len != 12 evaluates to false.
hide
|
|
| 1251 | | | *error = "Authenticator length wrong"; |
| 1252 | | | return FALSE; |
| 1253 | | | } |
| 1254 | | | |
| 1255 | [+] | | msg_len = tvb_length_remaining(p->msg_tvb,0); |
 |
| 1256 | | | msg = ep_tvb_memdup(p->msg_tvb,0,msg_len); |
| 1257 | | | |
| 1258 | | | |
| 1259 | | | auth = ep_tvb_memdup(p->auth_tvb,0,auth_len); |
| 1260 | | | |
| 1261 | | | start = p->auth_offset - p->start_offset; |
| 1262 | | | end = start + auth_len; |
| 1263 | | | |
| 1264 | | | |
| 1265 | | | for ( i = start ; i < end ; i++ ) { |
| 1266 | | | msg[i] = '\0'; |
| 1267 | | | } |
| 1268 | | | |
| 1269 | | | calc_auth = ep_alloc(16); |
| 1270 | | | |
| 1271 | [+] | | md5_hmac(msg, msg_len, key, key_len, calc_auth); |
Event 21:
msg_len, which evaluates to -1, is passed to md5_hmac() as the second argument. See related event 19.
hide
|
|
 |
| |