(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-ctdb.c) |
| |
| 702 | | | dissect_ctdb_req_control(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, guint32 reqid, guint32 src, guint32 dst, int endianess) |
| 703 | | | { |
| 704 | | | guint32 datalen; |
| 705 | | | guint32 opcode; |
| 706 | | | ctdb_control_t *ctdb_control; |
| 707 | | | control_dissector cd; |
| 708 | | | int data_offset; |
| 709 | | | |
| 710 | | | |
| 711 | | | proto_tree_add_item(tree, hf_ctdb_ctrl_opcode, tvb, offset, 4, endianess); |
| 712 | | | if(endianess){ |
Event 1:
Taking true branch. endianess evaluates to true.
hide
|
|
| 713 | | | opcode=tvb_get_letohl(tvb, offset); |
| 714 | | | } else { |
| 715 | | | opcode=tvb_get_ntohl(tvb, offset); |
| 716 | | | } |
| 717 | | | offset+=4; |
| 718 | | | |
| 719 | [+] | | if(check_col(pinfo->cinfo, COL_INFO)){ |
 |
| 720 | | | col_add_fstr(pinfo->cinfo, COL_INFO, "%s Request %d->%d", |
| 721 | | | val_to_str(opcode, ctrl_opcode_vals, "Unknown:%d"), |
| 722 | | | src, dst); |
| 723 | | | } |
| 724 | | | |
| 725 | | | |
| 726 | | | offset=(offset+7)&0xfffff8; |
| 727 | | | proto_tree_add_item(tree, hf_ctdb_srvid, tvb, offset, 8, endianess); |
| 728 | | | offset+=8; |
| 729 | | | |
| 730 | | | |
| 731 | | | proto_tree_add_item(tree, hf_ctdb_clientid, tvb, offset, 4, endianess); |
| 732 | | | offset+=4; |
| 733 | | | |
| 734 | | | |
| 735 | | | proto_tree_add_item(tree, hf_ctdb_ctrl_flags, tvb, offset, 4, endianess); |
| 736 | | | offset+=4; |
| 737 | | | |
| 738 | | | |
| 739 | | | proto_tree_add_item(tree, hf_ctdb_datalen, tvb, offset, 4, endianess); |
| 740 | | | if(endianess){ |
Event 4:
Taking true branch. endianess evaluates to true.
hide
|
|
| 741 | [+] | | datalen=tvb_get_letohl(tvb, offset); |
 |
| 742 | | | } else { |
| 743 | | | datalen=tvb_get_ntohl(tvb, offset); |
| 744 | | | } |
| 745 | | | offset+=4; |
| 746 | | | |
| 747 | | | |
| 748 | | | data_offset=offset; |
| 749 | | | if (datalen) { |
Event 5:
Skipping " if". datalen evaluates to false.
hide
|
|
| 750 | | | proto_tree_add_item(tree, hf_ctdb_data, tvb, offset, datalen, endianess); |
| 751 | | | offset+=datalen; |
| 752 | | | } |
| 753 | | | |
| 754 | | | |
| 755 | | | if(!pinfo->fd->flags.visited){ |
Event 6:
Taking false branch. pinfo->fd->flags.visited evaluates to true.
hide
|
|
| 756 | | | emem_tree_key_t tkey[4]; |
| 757 | | | |
| 758 | | | ctdb_control=se_alloc(sizeof(ctdb_control_t)); |
| 759 | | | ctdb_control->opcode=opcode; |
| 760 | | | ctdb_control->request_in=pinfo->fd->num; |
| 761 | | | ctdb_control->response_in=0; |
| 762 | | | ctdb_control->req_time=pinfo->fd->abs_ts; |
| 763 | | | tkey[0].length=1; |
| 764 | | | tkey[0].key=&reqid; |
| 765 | | | tkey[1].length=1; |
| 766 | | | tkey[1].key=&src; |
| 767 | | | tkey[2].length=1; |
| 768 | | | tkey[2].key=&dst; |
| 769 | | | tkey[3].length=0; |
| 770 | | | |
| 771 | | | se_tree_insert32_array(ctdb_controls, &tkey[0], ctdb_control);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/emem.h |
| |
246 | #define se_tree_insert32_array emem_tree_insert32_array |
| |
|
| 772 | | | } else { |
| 773 | | | emem_tree_key_t tkey[4]; |
| 774 | | | |
| 775 | | | tkey[0].length=1; |
| 776 | | | tkey[0].key=&reqid; |
| 777 | | | tkey[1].length=1; |
| 778 | | | tkey[1].key=&src; |
| 779 | | | tkey[2].length=1; |
| 780 | | | tkey[2].key=&dst; |
| 781 | | | tkey[3].length=0; |
| 782 | [+] | | ctdb_control=se_tree_lookup32_array(ctdb_controls, &tkey[0]);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/emem.h |
| |
251 | #define se_tree_lookup32_array emem_tree_lookup32_array |
| |
|
 |
| 783 | | | } |
| 784 | | | |
| 785 | | | |
| 786 | | | cd=find_control_dissector(ctdb_control->opcode, TRUE); |
Event 12:
!0 evaluates to true.
hide
Null Pointer Dereference
ctdb_control is dereferenced here, but it is NULL. The issue can occur if the highlighted code executes. See related event 11. Show: All events | Only primary events |
|
| |