(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-v120.c) |
| |
| 90 | | | dissect_v120(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) |
| 91 | | | { |
| 92 | | | proto_tree *v120_tree, *tc, *address_tree; |
| 93 | | | proto_item *ti; |
| 94 | | | int is_response; |
| 95 | | | int addr; |
| 96 | | | char *info; |
| 97 | | | int v120len; |
| 98 | | | guint8 byte0, byte1; |
| 99 | | | guint16 control; |
| 100 | | | tvbuff_t *next_tvb; |
| 101 | | | |
| 102 | | | info=ep_alloc(80); |
| 103 | | | if (check_col(pinfo->cinfo, COL_PROTOCOL)) |
| 104 | | | col_set_str(pinfo->cinfo, COL_PROTOCOL, "V.120"); |
| 105 | | | if (check_col(pinfo->cinfo, COL_INFO)) |
| 106 | | | col_clear(pinfo->cinfo, COL_INFO); |
| 107 | | | |
| 108 | | | byte0 = tvb_get_guint8(tvb, 0); |
| 109 | | | |
| 110 | | | if(check_col(pinfo->cinfo, COL_RES_DL_SRC)) |
| 111 | | | col_add_fstr(pinfo->cinfo, COL_RES_DL_SRC, "0x%02X", byte0); |
| 112 | | | |
| 113 | | | byte1 = tvb_get_guint8(tvb, 1); |
| 114 | | | |
| 115 | | | if ( ((byte0 & 0x01) != 0x00) && ((byte1 & 0x01) != 0x01) ) |
| 116 | | | { |
| 117 | | | if (check_col(pinfo->cinfo, COL_INFO)) |
| 118 | | | col_set_str(pinfo->cinfo, COL_INFO, "Invalid V.120 frame"); |
| 119 | | | if (tree) |
| 120 | | | ti = proto_tree_add_protocol_format(tree, proto_v120, tvb, 0, -1, |
| 121 | | | "Invalid V.120 frame"); |
| 122 | | | return; |
| 123 | | | } |
| 124 | | | |
| 125 | | | if (pinfo->p2p_dir == P2P_DIR_SENT) { |
| 126 | | | is_response = (byte0 & 0x02) ? FALSE: TRUE; |
| 127 | | | if(check_col(pinfo->cinfo, COL_RES_DL_DST)) |
| 128 | | | col_set_str(pinfo->cinfo, COL_RES_DL_DST, "DCE"); |
| 129 | | | if(check_col(pinfo->cinfo, COL_RES_DL_SRC)) |
| 130 | | | col_set_str(pinfo->cinfo, COL_RES_DL_SRC, "DTE"); |
| 131 | | | } else { |
| 132 | | | |
| 133 | | | is_response = (byte0 & 0x02) ? TRUE : FALSE; |
| 134 | | | if(check_col(pinfo->cinfo, COL_RES_DL_DST)) |
| 135 | | | col_set_str(pinfo->cinfo, COL_RES_DL_DST, "DTE"); |
| 136 | | | if(check_col(pinfo->cinfo, COL_RES_DL_SRC)) |
| 137 | | | col_set_str(pinfo->cinfo, COL_RES_DL_SRC, "DCE"); |
| 138 | | | } |
| 139 | | | |
| 140 | | | if (tree) { |
| 141 | | | ti = proto_tree_add_protocol_format(tree, proto_v120, tvb, 0, -1, "V.120"); |
| 142 | | | v120_tree = proto_item_add_subtree(ti, ett_v120); |
| 143 | | | addr = byte1 << 8 | byte0; |
| 144 | | | g_snprintf(info, 80, "LLI: %d C/R: %s", |
| 145 | | | ((byte0 & 0xfc) << 5) | ((byte1 & 0xfe) >> 1), |
| 146 | | | byte0 & 0x02 ? "R" : "C"); |
| 147 | | | tc = proto_tree_add_text(v120_tree, tvb, |
| 148 | | | 0, 2, |
| 149 | | | "Address field: %s", info); |
| 150 | | | address_tree = proto_item_add_subtree(tc, ett_v120_address); |
| 151 | | | proto_tree_add_text(address_tree, tvb, 0, 2, "%s", |
| 152 | | | decode_boolean_bitfield(addr, 0x0002, 2*8, |
| 153 | | | "Response", "Command")); |
| 154 | | | g_snprintf(info, 80, "LLI: %d", ((byte0 & 0xfc) << 5) | ((byte1 & 0xfe) >> 1)); |
| 155 | | | proto_tree_add_text(address_tree, tvb, 0, 2, "%s", |
| 156 | | | decode_numeric_bitfield(addr, 0xfefc, 2*8, info)); |
Format String
decode_numeric_bitfield() is being called with a format string that is not constant. The format string (fourth argument) may not match the other arguments to decode_numeric_bitfield(); this could lead to security or stability problems. decode_numeric_bitfield() is usually called with strings that look like format strings in this project. |
|
| 157 | | | proto_tree_add_text(address_tree, tvb, 0, 2, "%s", |
| 158 | | | decode_boolean_bitfield(addr, 0x0001, 2*8, |
| 159 | | | "EA0 = 1 (Error)", "EA0 = 0")); |
| 160 | | | proto_tree_add_text(address_tree, tvb, 0, 2, "%s", |
| 161 | | | decode_boolean_bitfield(addr, 0x0100, 2*8, |
| 162 | | | "EA1 = 1", "EA1 = 0 (Error)")); |
| 163 | | | } |
| 164 | | | else { |
| 165 | | | v120_tree = NULL; |
| 166 | | | ti = NULL; |
| 167 | | | } |
| 168 | | | control = dissect_xdlc_control(tvb, 2, pinfo, v120_tree, hf_v120_control, |
| 169 | | | ett_v120_control, &v120_cf_items, &v120_cf_items_ext, |
| 170 | | | NULL, NULL, is_response, TRUE, FALSE); |
| 171 | | | if (tree) { |
| 172 | | | v120len = 2 + XDLC_CONTROL_LEN(control, TRUE);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/xdlc.h |
| |
107 | #define XDLC_CONTROL_LEN(control, is_extended) \ |
108 | ((((control) & XDLC_S_U_MASK) == XDLC_U || !(is_extended)) ? 1 : 2) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/xdlc.h |
| |
35 | #define XDLC_S_U_MASK 0x03 /* Mask to test for S or U */ |
| |
|
| 173 | | | if (tvb_bytes_exist(tvb, v120len, 1)) |
| 174 | | | v120len += (tvb, v120len, v120_tree); |
| 175 | | | proto_item_set_len(ti, v120len); |
| 176 | | | next_tvb = tvb_new_subset(tvb, v120len, -1, -1); |
| 177 | | | call_dissector(data_handle,next_tvb, pinfo, v120_tree); |
| 178 | | | } |
| 179 | | | } |
| |