(/home/sate/Testcases/c/cve/wireshark-1.2.0/gtk/recent.c) |
| |
| 802 | | | recent_read_profile_static(char **rf_path_return, int *rf_errno_return) |
| 803 | | | { |
| 804 | | | char *rf_path, *rf_common_path; |
| 805 | | | FILE *rf; |
| 806 | | | |
| 807 | | | |
| 808 | | | recent.main_toolbar_show = TRUE; |
Event 1:
!0 evaluates to true.
hide
|
|
| 809 | | | recent.filter_toolbar_show = TRUE; |
Event 2:
!0 evaluates to true.
hide
|
|
| 810 | | | recent.airpcap_toolbar_show = FALSE; |
| 811 | | | recent.airpcap_driver_check_show = TRUE; |
Event 3:
!0 evaluates to true.
hide
|
|
| 812 | | | recent.packet_list_show = TRUE; |
Event 4:
!0 evaluates to true.
hide
|
|
| 813 | | | recent.tree_view_show = TRUE; |
Event 5:
!0 evaluates to true.
hide
|
|
| 814 | | | recent.byte_view_show = TRUE; |
Event 6:
!0 evaluates to true.
hide
|
|
| 815 | | | recent.statusbar_show = TRUE; |
Event 7:
!0 evaluates to true.
hide
|
|
| 816 | | | recent.packet_list_colorize = TRUE; |
Event 8:
!0 evaluates to true.
hide
|
|
| 817 | | | recent.gui_time_format = TS_RELATIVE; |
| 818 | | | recent.gui_time_precision = TS_PREC_AUTO; |
| 819 | | | recent.gui_zoom_level = 0; |
| 820 | | | |
| 821 | | | |
| 822 | | | recent.gui_geometry_main_upper_pane = 0; |
| 823 | | | recent.gui_geometry_main_lower_pane = 0; |
| 824 | | | |
| 825 | | | recent.has_gui_geometry_main_upper_pane = TRUE; |
Event 9:
!0 evaluates to true.
hide
|
|
| 826 | | | recent.has_gui_geometry_main_lower_pane = TRUE; |
Event 10:
!0 evaluates to true.
hide
|
|
| 827 | | | recent.has_gui_geometry_status_pane = TRUE; |
Event 11:
!0 evaluates to true.
hide
|
|
| 828 | | | |
| 829 | | | if (recent.col_width_list) { |
Event 12:
Skipping " if". recent.col_width_list evaluates to false.
hide
|
|
| 830 | | | free_col_width_info(&recent); |
| 831 | | | } |
| 832 | | | |
| 833 | | | |
| 834 | [+] | | rf_path = get_persconffile_path(RECENT_FILE_NAME, TRUE, FALSE); |
Event 13:
!0 evaluates to true.
hide
|
|
 |
| 835 | | | |
| 836 | | | |
| 837 | | | *rf_path_return = NULL; |
| 838 | | | if ((rf = ws_fopen(rf_path, "r")) != NULL) { |
Event 19:
rf_path, which evaluates to g_strdup_printf(...) from filesystem.c:1294, is passed to fopen() as the first argument. See related event 18.
hide
Event 20:
fopen() accesses the file named rf_path, where rf_path is g_strdup_printf(...) from filesystem.c:1294. - The same name is used to access a file later, but it is not safe to assume that it will be the same underlying file.
See related event 19.
hide
Event 21:
Taking true branch. (rf = fopen(...)) != (void *)0 evaluates to true.
hide
|
|
| 839 | | | |
| 840 | | | read_prefs_file(rf_path, rf, read_set_recent_pair_static, NULL); |
| 841 | | | fclose(rf); |
| 842 | | | rf_common_path = get_persconffile_path(RECENT_COMMON_FILE_NAME, FALSE, FALSE); |
| 843 | [+] | | if (!file_exists(rf_common_path)) { |
 |
| 844 | | | |
| 845 | | | rf = ws_fopen(rf_path, "r"); |
Event 24:
rf_path, which evaluates to g_strdup_printf(...) from filesystem.c:1294, is passed to fopen() as the first argument. See related events 18 and 19.
hide
File System Race Condition
The file named rf_path is accessed again. Another process may have changed the file since the access at recent.c:838. For example, an attacker could replace the original file with a link to a file containing important or confidential data. The issue can occur if the highlighted code executes. See related events 20 and 24. Show: All events | Only primary events |
|
| |