(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-edonkey.c) |
| |
| 2987 | | | static void dissect_edonkey_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) |
| 2988 | | | { |
| 2989 | | | proto_item *ti; |
| 2990 | | | proto_tree *edonkey_tree = NULL, *edonkey_msg_tree = NULL, *emule_zlib_tree = NULL; |
| 2991 | | | int offset, bytes, messages; |
| 2992 | | | guint8 protocol, msg_type; |
| 2993 | | | guint32 msg_len; |
| 2994 | | | const gchar *protocol_name, *message_name; |
| 2995 | | | void (*dissector)(guint8, tvbuff_t*, packet_info*, int, int, proto_tree*); |
| 2996 | | | tvbuff_t *tvbraw = NULL; |
| 2997 | | | |
| 2998 | | | if (check_col(pinfo->cinfo, COL_PROTOCOL)) |
| 2999 | | | col_set_str(pinfo->cinfo, COL_PROTOCOL, "eDonkey"); |
| 3000 | | | |
| 3001 | | | if (tree) { |
| 3002 | | | ti = proto_tree_add_item(tree, proto_edonkey, tvb, 0, -1, FALSE); |
| 3003 | | | edonkey_tree = proto_item_add_subtree(ti, ett_edonkey); |
| 3004 | | | } |
| 3005 | | | |
| 3006 | | | offset = 0; |
| 3007 | | | messages = 0; |
| 3008 | | | protocol = tvb_get_guint8(tvb, offset); |
| 3009 | | | msg_len = tvb_get_letohl(tvb, offset+1); |
| 3010 | | | |
| 3011 | | | protocol_name = match_strval(protocol, edonkey_protocols); |
| 3012 | | | if (protocol_name == NULL) { |
| 3013 | | | |
| 3014 | | | if (check_col(pinfo->cinfo, COL_INFO)) |
| 3015 | | | col_set_str(pinfo->cinfo, COL_INFO, "eDonkey Continuation"); |
| 3016 | | | if (edonkey_tree) { |
| 3017 | | | bytes = tvb_length_remaining(tvb, offset); |
| 3018 | | | proto_tree_add_text(edonkey_tree, tvb, 0, -1, "Continuation data (%d bytes)", bytes); |
| 3019 | | | } |
| 3020 | | | return; |
| 3021 | | | } |
| 3022 | | | |
| 3023 | | | |
| 3024 | | | if (edonkey_tree) { |
| 3025 | | | ti = proto_tree_add_item(edonkey_tree, hf_edonkey_message, tvb, |
| 3026 | | | offset, + msg_len, FALSE); |
| 3027 | | | edonkey_msg_tree = proto_item_add_subtree(ti, ett_edonkey_message); |
| 3028 | | | |
| 3029 | | | proto_tree_add_uint_format(edonkey_msg_tree, hf_edonkey_protocol, tvb, offset, 1, protocol, |
| 3030 | | | "Protocol: %s (0x%02x)", protocol_name, protocol); |
| 3031 | | | proto_tree_add_uint(edonkey_msg_tree, hf_edonkey_message_length, tvb, offset+1, 4, msg_len); |
| 3032 | | | } |
| 3033 | | | |
| 3034 | | | |
| 3035 | | | |
| 3036 | | | offset += ; |
| 3037 | | | |
| 3038 | | | if(tvb_reported_length_remaining(tvb, offset) <= 0) { |
| 3039 | | | |
| 3040 | | | if (check_col(pinfo->cinfo, COL_INFO)) { |
| 3041 | | | col_append_fstr(pinfo->cinfo, COL_INFO, "%s TCP Message Fragment", protocol_name); |
| 3042 | | | } |
| 3043 | | | return; |
| 3044 | | | } |
| 3045 | | | |
| 3046 | | | if (check_col(pinfo->cinfo, COL_INFO)) { |
| 3047 | | | col_append_sep_fstr(pinfo->cinfo, COL_INFO, ", ", "%s TCP", protocol_name); |
| 3048 | | | } |
| 3049 | | | |
| 3050 | | | msg_type = tvb_get_guint8(tvb, offset); |
| 3051 | | | switch (protocol) { |
| 3052 | | | case EDONKEY_PROTO_EDONKEY: |
| 3053 | | | message_name = val_to_str(msg_type, edonkey_tcp_msgs, "Unknown"); |
| 3054 | | | dissector = dissect_edonkey_tcp_message; |
| 3055 | | | break; |
| 3056 | | | |
| 3057 | | | case EDONKEY_PROTO_EMULE_EXT: |
| 3058 | | | message_name = val_to_str(msg_type, emule_tcp_msgs, |
| 3059 | | | val_to_str(msg_type, edonkey_tcp_msgs, "Unknown")); |
Format String
val_to_str() is being called with a format string that is not constant. The format string (third argument) may not match the other arguments to val_to_str(); this could lead to security or stability problems. val_to_str() is usually called with strings that look like format strings in this project. |
|
| 3060 | | | dissector = dissect_emule_tcp_message; |
| 3061 | | | break; |
| 3062 | | | |
| 3063 | | | case EDONKEY_PROTO_EMULE_COMP:
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-edonkey.h |
| |
44 | #define EDONKEY_PROTO_EMULE_COMP 0xd4 /* eMule compressed (data is zlib compressed) */ |
| |
|
| 3064 | | | |
| 3065 | | | |
| 3066 | | | |
| 3067 | | | |
| 3068 | | | |
| 3069 | | | message_name = val_to_str(msg_type, edonkey_tcp_msgs, "Unknown"); |
| 3070 | | | tvbraw = tvb_child_uncompress(tvb, tvb, offset+1, msg_len-1); |
| 3071 | | | if (tvbraw) { |
| 3072 | | | dissector = dissect_edonkey_tcp_message; |
| 3073 | | | break; |
| 3074 | | | } |
| 3075 | | | |
| 3076 | | | default: |
| 3077 | | | message_name = "Unknown"; |
| 3078 | | | dissector = NULL; |
| 3079 | | | break; |
| 3080 | | | } |
| 3081 | | | |
| 3082 | | | if (check_col(pinfo->cinfo, COL_INFO)) { |
| 3083 | | | col_append_fstr(pinfo->cinfo, COL_INFO, ": %s", message_name); |
| 3084 | | | } |
| 3085 | | | |
| 3086 | | | |
| 3087 | | | if (edonkey_msg_tree) { |
| 3088 | | | proto_tree_add_uint_format(edonkey_msg_tree, hf_edonkey_message_type, tvb, offset, 1, msg_type, |
| 3089 | | | "Message Type: %s (0x%02x)", message_name, msg_type); |
| 3090 | | | if (dissector && (msg_len > 1)) { |
| 3091 | | | if (!tvbraw) { |
| 3092 | | | (*dissector)(msg_type, tvb, pinfo, offset+1, msg_len-1, edonkey_msg_tree); |
| 3093 | | | } else { |
| 3094 | | | ti = proto_tree_add_item(edonkey_msg_tree, hf_emule_zlib, tvb, |
| 3095 | | | offset+1, msg_len-1, FALSE); |
| 3096 | | | emule_zlib_tree = proto_item_add_subtree(ti, ett_emule_zlib); |
| 3097 | | | add_new_data_source(pinfo, tvbraw, "Decompressed Data"); |
| 3098 | | | (*dissector)(msg_type, tvbraw, pinfo, 0, tvb_length(tvbraw), emule_zlib_tree); |
| 3099 | | | } |
| 3100 | | | } |
| 3101 | | | } |
| 3102 | | | } |
| |