(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-nfs.c) |
| |
| 7652 | | | dissect_nfs_clientaddr4(tvbuff_t *tvb, int offset, proto_tree *tree) |
| 7653 | | | { |
| 7654 | | | char *universal_ip_address = NULL; |
| 7655 | | | char *protocol = NULL; |
| 7656 | | | char *end; |
| 7657 | | | #define MAX_ADDR_WORDS 6 |
| 7658 | | | guint16 words[MAX_ADDR_WORDS]; |
| 7659 | | | guint16 port; |
| 7660 | | | int addr_offset; |
| 7661 | | | int cnt; |
| 7662 | | | |
| 7663 | [+] | | offset = dissect_rpc_string(tvb, tree, hf_nfs_r_netid, offset, &protocol); |
 |
| 7664 | | | addr_offset = offset; |
| 7665 | | | offset = dissect_rpc_string(tvb, tree, hf_nfs_r_addr, offset, &universal_ip_address); |
| 7666 | | | |
| 7667 | | | if(strlen(protocol) == 3 && strncmp(protocol,"tcp",3) == 0) { |
| 7668 | | | cnt = 0; |
| 7669 | | | end = universal_ip_address; |
| 7670 | | | |
| 7671 | | | while(1){ |
Event 21:
Entering loop body. 1 evaluates to true.
hide
|
|
| 7672 | | | char *old_end; |
| 7673 | | | if(cnt>=MAX_ADDR_WORDS){ |
Event 22:
Skipping " if". cnt >= 6 evaluates to false.
hide
|
|
| 7674 | | | break; |
| 7675 | | | } |
| 7676 | | | old_end = end; |
| 7677 | | | words[cnt]=(guint16)strtol(end, &end, 10); |
Event 23:
strtol() returns a potentially dangerous value [ ?potentially dangerous: the value cannot be determined and may come from program input]. - Determines the value that is cast in the Cast Alters Value warning later.
hide
Cast Alters Value
strtol(end, &end, 10) is cast from long to unsigned short. - strtol(end, &end, 10) could be -1 or lower.
- Negative values cannot be stored as unsigned short. Casting them to unsigned short can cause data loss or sign change.
The issue can occur if the highlighted code executes. See related event 23. Show: All events | Only primary events |
|
| |