(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-ssl.c) |
| |
| 308 | | | ssl_parse(void) |
| 309 | | | { |
| 310 | | | ep_stack_t tmp_stack; |
| 311 | | | SslAssociation *tmp_assoc; |
| 312 | | | FILE *ssl_keys_file; |
| 313 | | | struct stat statb; |
| 314 | | | size_t size; |
| 315 | | | gchar *tmp_buf; |
| 316 | | | size_t nbytes; |
| 317 | | | gboolean read_failed; |
| 318 | | | |
| 319 | | | ssl_set_debug(ssl_debug_file_name); |
| 320 | | | |
| 321 | | | if (ssl_key_hash) |
Event 1:
Skipping " if". ssl_key_hash evaluates to false.
hide
|
|
| 322 | | | { |
| 323 | | | g_hash_table_foreach(ssl_key_hash, ssl_private_key_free, NULL); |
| 324 | | | g_hash_table_destroy(ssl_key_hash); |
| 325 | | | } |
| 326 | | | |
| 327 | | | |
| 328 | | | tmp_stack = ep_stack_new(); |
| 329 | | | g_tree_foreach(ssl_associations, ssl_assoc_from_key_list, tmp_stack); |
| 330 | | | while ((tmp_assoc = ep_stack_pop(tmp_stack)) != NULL) { |
Event 3:
Leaving loop. (tmp_assoc = ep_stack_pop(...)) != (void *)0 evaluates to false.
hide
|
|
| 331 | | | ssl_association_remove(ssl_associations, tmp_assoc); |
| 332 | | | } |
| 333 | | | |
| 334 | | | |
| 335 | | | ssl_key_hash = g_hash_table_new(ssl_private_key_hash,ssl_private_key_equal); |
| 336 | | | |
| 337 | | | if (ssl_keys_list && (ssl_keys_list[0] != 0)) |
| 338 | | | { |
| 339 | [+] | | if (file_exists(ssl_keys_list)) { |
Event 6:
ssl_keys_list is passed to file_exists().
hide
|
|
 |
| 340 | | | if ((ssl_keys_file = ws_fopen(ssl_keys_list, "r"))) { |
Event 13:
ssl_keys_list is passed to fopen() as the first argument.
hide
File System Race Condition
The file named ssl_keys_list is accessed again. Another process may have changed the file since the access at filesystem.c:1522. For example, an attacker could replace the original file with a link to a file containing important or confidential data. The issue can occur if the highlighted code executes. See related events 9 and 13. Show: All events | Only primary events |
|
| |