(/home/sate/Testcases/c/cve/wireshark-1.2.0/tap-iousers.c) |
| |
| 584 | | | iousers_init(const char *optarg, void* userdata _U_) |
| 585 | | | { |
| 586 | | | const char *filter=NULL; |
| 587 | | | const char *tap_type, *tap_type_name; |
| 588 | | | tap_packet_cb packet_func; |
| 589 | | | io_users_t *iu=NULL; |
| 590 | | | GString *error_string; |
| 591 | | | |
| 592 | | | if(!strncmp(optarg,"conv,eth",8)){ |
Event 1:
Taking true branch. strncmp(optarg, "conv,eth", 8) evaluates to false.
hide
|
|
| 593 | | | if(optarg[8]==','){ |
Event 2:
Taking true branch. optarg[8] == 44 evaluates to true.
hide
|
|
| 594 | | | filter=optarg+9; |
| 595 | | | } else { |
| 596 | | | filter=NULL; |
| 597 | | | } |
| 598 | | | tap_type="eth"; |
| 599 | | | tap_type_name="Ethernet"; |
| 600 | | | packet_func=iousers_eth_packet; |
| 601 | | | } else if(!strncmp(optarg,"conv,fc",7)){ |
| 602 | | | if(optarg[7]==','){ |
| 603 | | | filter=optarg+8; |
| 604 | | | } else { |
| 605 | | | filter=NULL; |
| 606 | | | } |
| 607 | | | tap_type="fc"; |
| 608 | | | tap_type_name="Fibre Channel"; |
| 609 | | | packet_func=iousers_fc_packet; |
| 610 | | | } else if(!strncmp(optarg,"conv,fddi",9)){ |
| 611 | | | if(optarg[9]==','){ |
| 612 | | | filter=optarg+10; |
| 613 | | | } else { |
| 614 | | | filter=NULL; |
| 615 | | | } |
| 616 | | | tap_type="fddi"; |
| 617 | | | tap_type_name="FDDI"; |
| 618 | | | packet_func=iousers_fddi_packet; |
| 619 | | | } else if(!strncmp(optarg,"conv,tcp",8)){ |
| 620 | | | if(optarg[8]==','){ |
| 621 | | | filter=optarg+9; |
| 622 | | | } else { |
| 623 | | | filter=NULL; |
| 624 | | | } |
| 625 | | | tap_type="tcp"; |
| 626 | | | tap_type_name="TCP"; |
| 627 | | | packet_func=iousers_tcpip_packet; |
| 628 | | | } else if(!strncmp(optarg,"conv,udp",8)){ |
| 629 | | | if(optarg[8]==','){ |
| 630 | | | filter=optarg+9; |
| 631 | | | } else { |
| 632 | | | filter=NULL; |
| 633 | | | } |
| 634 | | | tap_type="udp"; |
| 635 | | | tap_type_name="UDP"; |
| 636 | | | packet_func=iousers_udpip_packet; |
| 637 | | | } else if(!strncmp(optarg,"conv,tr",7)){ |
| 638 | | | if(optarg[7]==','){ |
| 639 | | | filter=optarg+8; |
| 640 | | | } else { |
| 641 | | | filter=NULL; |
| 642 | | | } |
| 643 | | | tap_type="tr"; |
| 644 | | | tap_type_name="Token Ring"; |
| 645 | | | packet_func=iousers_tr_packet; |
| 646 | | | } else if(!strncmp(optarg,"conv,ipx",8)){ |
| 647 | | | if(optarg[8]==','){ |
| 648 | | | filter=optarg+9; |
| 649 | | | } else { |
| 650 | | | filter=NULL; |
| 651 | | | } |
| 652 | | | tap_type="ipx"; |
| 653 | | | tap_type_name="IPX"; |
| 654 | | | packet_func=iousers_ipx_packet; |
| 655 | | | } else if(!strncmp(optarg,"conv,ip",7)){ |
| 656 | | | if(optarg[7]==','){ |
| 657 | | | filter=optarg+8; |
| 658 | | | } else { |
| 659 | | | filter=NULL; |
| 660 | | | } |
| 661 | | | tap_type="ip"; |
| 662 | | | tap_type_name="IPv4"; |
| 663 | | | packet_func=iousers_ip_packet; |
| 664 | | | } else if(!strncmp(optarg,"conv,sctp",9)) { |
| 665 | | | if(optarg[9]==','){ |
| 666 | | | filter=optarg+10; |
| 667 | | | } else { |
| 668 | | | filter=NULL; |
| 669 | | | } |
| 670 | | | tap_type="sctp"; |
| 671 | | | tap_type_name="SCTP"; |
| 672 | | | packet_func=iousers_sctp_packet; |
| 673 | | | } else { |
| 674 | | | fprintf(stderr, "tshark: invalid \"-z conv,<type>[,<filter>]\" argument\n"); |
| 675 | | | fprintf(stderr," <type> must be one of\n"); |
| 676 | | | fprintf(stderr," \"eth\"\n"); |
| 677 | | | fprintf(stderr," \"fc\"\n"); |
| 678 | | | fprintf(stderr," \"fddi\"\n"); |
| 679 | | | fprintf(stderr," \"ip\"\n"); |
| 680 | | | fprintf(stderr," \"ipx\"\n"); |
| 681 | | | fprintf(stderr," \"sctp\"\n"); |
| 682 | | | fprintf(stderr," \"tcp\"\n"); |
| 683 | | | fprintf(stderr," \"tr\"\n"); |
| 684 | | | fprintf(stderr," \"udp\"\n"); |
| 685 | | | exit(1); |
| 686 | | | } |
| 687 | | | |
| 688 | | | |
| 689 | | | iu=g_malloc(sizeof(io_users_t)); |
| 690 | | | iu->items=NULL; |
| 691 | | | iu->type=tap_type_name; |
| 692 | | | if(filter){ |
Null Test After Dereference
This code tests the nullness of filter, which has already been dereferenced. - If filter were null, there would have been a prior null pointer dereference at tap-iousers.c:593, and potentially at other locations as well.
- Either this test is redundant, or the earlier dereference(s) should be guarded by a similar test.
The issue can occur if the highlighted code executes. See related event 4. Show: All events | Only primary events |
|
| 693 | | | iu->filter=g_strdup(filter); |
| 694 | | | } else { |
| 695 | | | iu->filter=NULL; |
| 696 | | | } |
| 697 | | | |
| 698 | | | error_string=register_tap_listener(tap_type, iu, filter, NULL, packet_func, iousers_draw); |
| 699 | | | if(error_string){ |
| 700 | | | if(iu->items){ |
| 701 | | | g_free(iu->items); |
| 702 | | | } |
| 703 | | | g_free(iu); |
| 704 | | | fprintf(stderr, "tshark: Couldn't register conversations tap: %s\n", |
| 705 | | | error_string->str); |
| 706 | | | g_string_free(error_string, TRUE); |
| 707 | | | exit(1); |
| 708 | | | } |
| 709 | | | |
| 710 | | | } |
| |