(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-rtsp.c) |
| |
| 334 | | | rtsp_create_conversation(packet_info *pinfo, const guchar *line_begin, |
| 335 | | | size_t line_len, gint rdt_feature_level) |
| 336 | | | { |
| 337 | | | conversation_t *conv; |
| 338 | | | guchar buf[256]; |
| 339 | | | guchar *tmp; |
| 340 | | | gboolean rtp_transport = FALSE; |
| 341 | | | gboolean rdt_transport = FALSE; |
| 342 | | | guint c_data_port, c_mon_port; |
| 343 | | | guint s_data_port, s_mon_port; |
| 344 | | | gboolean is_video = FALSE; |
| 345 | | | |
| 346 | | | |
| 347 | | | if (line_len > sizeof(buf) - 1) |
Event 1:
Taking true branch. line_len > sizeof( buf ) - 1 evaluates to true.
hide
|
|
| 348 | | | { |
| 349 | | | |
| 350 | | | line_len = sizeof(buf) - 1; |
| 351 | | | } |
| 352 | | | memcpy(buf, line_begin, line_len); |
| 353 | | | buf[line_len] = '\0'; |
| 354 | | | |
| 355 | | | |
| 356 | | | tmp = buf + STRLEN_CONST(rtsp_transport); |
| 357 | | | while (*tmp && isspace(*tmp)) |
| 358 | | | tmp++; |
| 359 | | | |
| 360 | | | |
| 361 | | | if (g_ascii_strncasecmp(tmp, rtsp_rtp, strlen(rtsp_rtp)) == 0) |
Event 3:
g_ascii_strncasecmp is an Undefined Function.
hide
Event 4:
Taking true branch. g_ascii_strncasecmp(...) == 0 evaluates to true.
hide
|
|
| 362 | | | rtp_transport = TRUE; |
Event 5:
!0 evaluates to true.
hide
|
|
| 363 | | | else |
| 364 | | | if (g_ascii_strncasecmp(tmp, rtsp_real_rdt, strlen(rtsp_real_rdt)) == 0 || |
| 365 | | | g_ascii_strncasecmp(tmp, rtsp_real_tng, strlen(rtsp_real_tng)) == 0) |
| 366 | | | rdt_transport = TRUE; |
| 367 | | | else |
| 368 | | | { |
| 369 | | | |
| 370 | | | return; |
| 371 | | | } |
| 372 | | | |
| 373 | | | c_data_port = c_mon_port = 0; |
| 374 | | | s_data_port = s_mon_port = 0; |
| 375 | | | |
| 376 | | | |
| 377 | | | if ((tmp = strstr(buf, rtsp_sps))) { |
Event 6:
Skipping " if". tmp = strstr(buf, rtsp_sps) evaluates to false.
hide
|
|
| 378 | | | tmp += strlen(rtsp_sps); |
| 379 | | | if (sscanf(tmp, "%u-%u", &s_data_port, &s_mon_port) < 1) { |
| 380 | | | g_warning("Frame %u: rtsp: bad server_port",
x /usr/include/glib-2.0/glib/gmessages.h |
| |
153 | #define g_warning(...) g_log (G_LOG_DOMAIN, \ |
154 | G_LOG_LEVEL_WARNING, \ |
155 | __VA_ARGS__) |
| |
|
| 381 | | | pinfo->fd->num); |
| 382 | | | return; |
| 383 | | | } |
| 384 | | | } |
| 385 | | | |
| 386 | | | if ((tmp = strstr(buf, rtsp_cps))) { |
Event 7:
Taking true branch. tmp = strstr(buf, rtsp_cps) evaluates to true.
hide
|
|
| 387 | | | tmp += strlen(rtsp_cps); |
| 388 | | | if (sscanf(tmp, "%u-%u", &c_data_port, &c_mon_port) < 1) { |
Event 8:
&c_mon_port is passed to __isoc99_sscanf() as the fourth argument.
hide
Event 9:
"%u-%u" is passed to __isoc99_sscanf() as the second argument.
hide
Event 10:
c_mon_port is set to a potentially dangerous value [ ?potentially dangerous: the value cannot be determined and may come from program input]. - Determines the value that is cast in the Cast Alters Value warning later.
See related events 8 and 9.
hide
Event 11:
Skipping " if". sscanf(...) < 1 evaluates to false.
hide
|
|
| 389 | | | g_warning("Frame %u: rtsp: bad client_port",
x /usr/include/glib-2.0/glib/gmessages.h |
| |
153 | #define g_warning(...) g_log (G_LOG_DOMAIN, \ |
154 | G_LOG_LEVEL_WARNING, \ |
155 | __VA_ARGS__) |
| |
|
| 390 | | | pinfo->fd->num); |
| 391 | | | return; |
| 392 | | | } |
| 393 | | | } |
| 394 | | | |
| 395 | | | |
| 396 | | | |
| 397 | | | if (!c_data_port) { |
Event 12:
Skipping " if". c_data_port evaluates to true.
hide
|
|
| 398 | | | rtsp_conversation_data_t *data; |
| 399 | | | guint s_data_chan, s_mon_chan; |
| 400 | | | int i; |
| 401 | | | |
| 402 | | | |
| 403 | | | if ((tmp = strstr(buf, rtsp_inter)) == NULL) { |
| 404 | | | |
| 405 | | | |
| 406 | | | |
| 407 | | | |
| 408 462 |  | | [ Lines 408 to 462 omitted. ] |
| 463 | | | return; |
| 464 | | | } |
| 465 | | | |
| 466 | | | |
| 467 | | | |
| 468 | | | |
| 469 | | | |
| 470 | | | |
| 471 | | | |
| 472 | | | |
| 473 | | | if (rtp_transport) |
Event 13:
Taking true branch. rtp_transport evaluates to true.
hide
|
|
| 474 | | | { |
| 475 | | | |
| 476 | | | rtp_add_address(pinfo, &pinfo->dst, c_data_port, s_data_port, |
| 477 | | | "RTSP", pinfo->fd->num, is_video, NULL); |
| 478 | | | |
| 479 | | | |
| 480 | | | if (c_mon_port) |
Event 14:
Taking true branch. c_mon_port evaluates to true.
hide
|
|
| 481 | | | { |
| 482 | | | rtcp_add_address(pinfo, &pinfo->dst, c_mon_port, s_mon_port, |
Event 15:
c_mon_port, which evaluates to the value assigned to c_mon_port at packet-rtsp.c:388, is passed to rtcp_add_address() as the third argument. See related event 10.
hide
|
|
| 483 | [+] | | "RTSP", pinfo->fd->num); |
 |
| |