(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-isakmp.c) |
| |
| 423 | | | scan_pluto_log(void) { |
| 424 | | | #define MAX_PLUTO_LINE 500 |
| 425 | | | decrypt_data_t *decr; |
| 426 | | | gchar line[MAX_PLUTO_LINE]; |
| 427 | | | guint8 i_cookie[COOKIE_SIZE], *ic_key; |
| 428 | | | gboolean got_cookie = FALSE; |
| 429 | | | guchar secret[MAX_KEY_SIZE]; |
| 430 | | | guint secret_len = 0; |
| 431 | | | gchar *icookie_pfx = "| ICOOKIE: "; |
| 432 | | | gchar *enc_key_pfx = "| enc key: "; |
| 433 | | | gchar *pos, *endpos; |
| 434 | | | gint icpfx_len = strlen(icookie_pfx); |
| 435 | | | gint ec_len = strlen(enc_key_pfx); |
| 436 | | | gint i; |
| 437 | | | address null_addr; |
| 438 | | | unsigned long hexval; |
| 439 | | | |
| 440 | | | SET_ADDRESS(&null_addr, AT_NONE, 0, NULL);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/address.h |
| |
66 | #define SET_ADDRESS(addr, addr_type, addr_len, addr_data) { \ |
67 | (addr)->type = (addr_type); \ |
68 | (addr)->len = (addr_len); \ |
69 | (addr)->data = (addr_data); \ |
70 | } |
| |
|
| 441 | | | |
| 442 | | | if (logf) { |
Event 1:
Taking true branch. logf evaluates to true.
hide
|
|
| 443 | | | while (fgets(line, MAX_PLUTO_LINE, logf)) { |
Event 2:
Entering loop body. fgets(line, 500, logf) evaluates to true.
hide
|
|
| 444 | | | if (strncmp(line, icookie_pfx, icpfx_len) == 0) { |
Event 3:
Taking true branch. strncmp(...) == 0 evaluates to true.
hide
|
|
| 445 | | | secret_len = 0; |
| 446 | | | pos = line + icpfx_len; |
| 447 | | | for (i = 0; i < COOKIE_SIZE; i++) { |
Event 5:
Continuing from loop body. Entering loop body. i < 8 evaluates to true.
hide
|
|
| 448 | | | hexval = strtoul(pos, &endpos, 16); |
Event 6:
strtoul() returns a potentially dangerous value [ ?potentially dangerous: the value cannot be determined and may come from program input]. - Determines the value that is cast in the Cast Alters Value warning later.
hide
Event 7:
hexval is set to strtoul(pos, &endpos, 16). See related event 6.
hide
|
|
| 449 | | | if (endpos == pos) |
Event 8:
Skipping " if". endpos == pos evaluates to false.
hide
|
|
| 450 | | | break; |
| 451 | | | i_cookie[i] = (guint8) hexval; |
Cast Alters Value
hexval is cast from unsigned long to unsigned char. - hexval could be 256 or higher.
- Values 256 or higher cannot be stored as unsigned char. Casting them to unsigned char can cause data loss or sign change.
The issue can occur if the highlighted code executes. See related event 7. Show: All events | Only primary events |
|
| 452 | | | pos = endpos; |
| |