(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-ncp2222.inc) |
| |
| 7563 | | | dissect_ncp_request(tvbuff_t *tvb, packet_info *pinfo, |
| 7564 | | | guint32 nw_connection, guint8 sequence, |
| 7565 | | | guint16 type, proto_tree *volatile ncp_tree) |
| 7566 | | | { |
| 7567 | | | volatile guint8 func=0; |
| 7568 | | | volatile guint8 subfunc = 0; |
| 7569 | | | gboolean requires_subfunc = FALSE; |
| 7570 | | | gboolean has_length = FALSE; |
| 7571 | | | ncp_req_hash_value *volatile request_value = NULL; |
| 7572 | | | const ncp_record *volatile ncp_rec = NULL; |
| 7573 | | | conversation_t *conversation; |
| 7574 | | | ptvcursor_t *volatile ptvc = NULL; |
| 7575 | | | proto_tree *temp_tree = NULL; |
| 7576 | | | volatile gboolean run_req_cond = FALSE; |
| 7577 | | | volatile gboolean run_info_str = FALSE; |
| 7578 | | | guint32 length_remaining; |
| 7579 | | | guint32 testvar; |
| 7580 | | | volatile unsigned long except_code; |
| 7581 | | | const char *volatile message; |
| 7582 | | | |
| 7583 | | | |
| 7584 | | | |
| 7585 | | | switch (type) { |
Event 1:
type evaluates to 4369.
hide
|
|
| 7586 | | | case NCP_ALLOCATE_SLOT: |
| 7587 | | | length_remaining = tvb_length_remaining(tvb, 4); |
| 7588 | | | if (length_remaining > 4) |
Event 2:
Taking true branch. length_remaining > 4 evaluates to true.
hide
|
|
| 7589 | | | { |
| 7590 | | | testvar = tvb_get_ntohl(tvb, 4); |
| 7591 | | | if( testvar == 0x4c495020) |
Event 3:
Taking false branch. testvar == 1279873056 evaluates to false.
hide
|
|
| 7592 | | | { |
| 7593 | | | ncp_rec = &ncplip_echo; |
| 7594 | | | } |
| 7595 | | | else |
| 7596 | | | { |
| 7597 | | | ncp_rec = &ncp1111_request; |
| 7598 | | | if (ncp_echo_conn) { |
Event 4:
Skipping " if". ncp_echo_conn evaluates to false.
hide
|
|
| 7599 | | | expert_add_info_format(pinfo, NULL, PI_RESPONSE_CODE, PI_CHAT, "Connection Request"); |
| 7600 | | | } |
| 7601 | | | } |
| 7602 | | | } |
| 7603 | | | else |
| 7604 | | | { |
| 7605 | | | ncp_rec = &ncp1111_request; |
| 7606 | | | if (ncp_echo_conn) { |
| 7607 | | | expert_add_info_format(pinfo, NULL, PI_RESPONSE_CODE, PI_CHAT, "Connection Request"); |
| 7608 | | | } |
| 7609 | | | } |
| 7610 | | | break; |
| 7611 | | | case NCP_SERVICE_REQUEST: |
| 7612 | | | func = tvb_get_guint8(tvb, 6); |
| 7613 | | | requires_subfunc = ncp_requires_subfunc(func); |
| 7614 | | | has_length = ncp_has_length_parameter(func); |
| 7615 | | | if (requires_subfunc) { |
| 7616 | | | if (has_length) { |
| 7617 | | | subfunc = tvb_get_guint8(tvb, 9); |
| 7618 | | | } |
| 7619 | | | else { |
| 7620 | | | subfunc = tvb_get_guint8(tvb, 7); |
| 7621 7632 |  | | [ Lines 7621 to 7632 omitted. ] |
| 7633 | | | break; |
| 7634 | | | case NCP_LIP_ECHO: |
| 7635 | | | ncp_rec = &ncplip_echo; |
| 7636 | | | break; |
| 7637 | | | default: |
| 7638 | | | ncp_rec = NULL; |
| 7639 | | | break; |
| 7640 | | | } |
| 7641 | | | |
| 7642 | | | |
| 7643 | [+] | | if (check_col(pinfo->cinfo, COL_INFO)) { |
 |
| 7644 | | | if (ncp_rec) { |
| 7645 | | | col_add_fstr(pinfo->cinfo, COL_INFO, "C %s", ncp_rec->name); |
| 7646 | | | if (ncp_rec->req_info_str) { |
| 7647 | | | |
| 7648 | | | |
| 7649 | | | run_info_str = TRUE; |
| 7650 | | | } |
| 7651 | | | } |
| 7652 | | | else { |
| 7653 | | | if (requires_subfunc) { |
| 7654 | | | col_add_fstr(pinfo->cinfo, COL_INFO, |
| 7655 | | | "C Unknown Function %u %u (0x%02X/0x%02x)", |
| 7656 | | | func, subfunc, func, subfunc); |
| 7657 | | | return; |
| 7658 | | | } |
| 7659 | | | else { |
| 7660 | | | col_add_fstr(pinfo->cinfo, COL_INFO, |
| 7661 | | | "C Unknown Function %u (0x%02x)", |
| 7662 | | | func, func); |
| 7663 | | | return; |
| 7664 | | | } |
| 7665 | | | } |
| 7666 | | | } |
| 7667 | | | if (!pinfo->fd->flags.visited) { |
Event 7:
Taking true branch. pinfo->fd->flags.visited evaluates to false.
hide
|
|
| 7668 | | | |
| 7669 | | | |
| 7670 | | | |
| 7671 | | | |
| 7672 | | | |
| 7673 | | | |
| 7674 | | | |
| 7675 | | | |
| 7676 | | | conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, |
| 7677 | | | PT_NCP, nw_connection, nw_connection, 0); |
| 7678 | | | |
| 7679 | | | if (conversation == NULL) { |
Event 8:
Skipping " if". conversation == (void *)0 evaluates to false.
hide
|
|
| 7680 | | | |
| 7681 | | | conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, |
| 7682 | | | PT_NCP, nw_connection, nw_connection, 0); |
| 7683 | | | } |
| 7684 | | | request_value = ncp_hash_insert(conversation, sequence, ncp_rec); |
| 7685 | | | request_value->req_frame_num = pinfo->fd->num; |
| 7686 | | | request_value->req_frame_time = pinfo->fd->abs_ts; |
| 7687 | | | |
| 7688 | | | |
| 7689 | | | |
| 7690 | | | |
| 7691 | | | |
| 7692 | | | |
| 7693 | | | if (ncp_rec) { |
Event 9:
Taking true branch. ncp_rec evaluates to true.
hide
|
|
| 7694 | | | if (ncp_rec->req_cond_indexes) { |
Event 10:
Skipping " if". ncp_rec->req_cond_indexes evaluates to false.
hide
|
|
| 7695 | | | run_req_cond = TRUE; |
| 7696 | | | } |
| 7697 | | | } |
| 7698 | | | } |
| 7699 | | | |
| 7700 | | | |
| 7701 | | | |
| 7702 | | | |
| 7703 | | | |
| 7704 | | | if ((run_info_str || run_req_cond) && !ncp_tree) { |
| 7705 | | | proto_item *ti; |
| 7706 | | | |
| 7707 | | | temp_tree = proto_tree_create_root(); |
| 7708 | | | proto_tree_set_visible(temp_tree, FALSE); |
| 7709 | | | ti = proto_tree_add_item(temp_tree, proto_ncp, tvb, 0, -1, FALSE); |
| 7710 | [+] | | ncp_tree = proto_item_add_subtree(ti, ett_ncp); |
 |
| 7711 | | | } |
| 7712 | | | |
| 7713 | | | if (ncp_tree) { |
Event 15:
Taking true branch. ncp_tree evaluates to true.
hide
|
|
| 7714 | | | |
| 7715 | | | |
| 7716 | | | |
| 7717 | | | |
| 7718 | | | |
| 7719 | | | |
| 7720 | | | |
| 7721 | | | CLEANUP_PUSH(free_proto_tree, temp_tree);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/except.h |
| |
124 | #define except_cleanup_push(F, C) \ |
125 | { \ |
126 | struct except_stacknode except_sn; \ |
127 | struct except_cleanup except_cl; \ |
128 | except_setup_clean(&except_sn, &except_cl, F, C) |
| |
|
| 7722 | | | |
| 7723 | | | #ifdef FAKE_TREE_IS_VISIBLE |
| 7724 | | | PTREE_DATA(ncp_tree)->visible=1;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
346 | #define PTREE_DATA(proto_tree) ((proto_tree)->tree_data) |
| |
|
Null Pointer Dereference
ncp_tree is dereferenced here, but it is NULL. The issue can occur if the highlighted code executes. See related event 14. Show: All events | Only primary events |
|
| |