(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-ncp.c) |
| |
| 302 | | | dissect_ncp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, |
| 303 | | | gboolean is_tcp) |
| 304 | | | { |
| 305 | | | proto_tree *ncp_tree = NULL; |
| 306 | | | proto_item *ti; |
| 307 | | | struct ncpiph; |
| 308 | | | struct ncp_ip_rqhdr ncpiphrq; |
| 309 | | | guint16 ncp_burst_seqno, ncp_ack_seqno; |
| 310 | | | guint16 flags = 0; |
| 311 | | | proto_tree *flags_tree = NULL; |
| 312 | | | int hdr_offset = 0; |
| 313 | | | int commhdr = 0; |
| 314 | | | int offset = 0; |
| 315 | | | gint length_remaining; |
| 316 | | | tvbuff_t *next_tvb; |
| 317 | | | guint32 testvar = 0, ncp_burst_command, burst_len, burst_off, burst_file; |
| 318 | | | guint8 subfunction; |
| 319 | | | guint32 nw_connection = 0, data_offset; |
| 320 | | | guint16 data_len = 0; |
| 321 | | | guint16 missing_fraglist_count = 0; |
| 322 | | | mncp_rhash_value *request_value = NULL; |
| 323 | | | conversation_t *conversation; |
| 324 | | | proto_item *expert_item; |
| 325 | | | |
| 326 | | | if (check_col(pinfo->cinfo, COL_PROTOCOL)) |
Event 1:
Taking true branch. check_col(...) evaluates to true.
hide
|
|
| 327 | | | col_set_str(pinfo->cinfo, COL_PROTOCOL, "NCP"); |
| 328 | [+] | | if (check_col(pinfo->cinfo, COL_INFO)) |
 |
| 329 | | | col_clear(pinfo->cinfo, COL_INFO); |
| 330 | | | |
| 331 | | | hdr_offset = 0; |
| 332 | | | ncp_hdr = &; |
| 333 | | | commhdr = hdr_offset; |
| 334 | | | |
| 335 | | | ti = proto_tree_add_item(tree, proto_ncp, tvb, 0, -1, FALSE); |
| 336 | [+] | | ncp_tree = proto_item_add_subtree(ti, ett_ncp); |
 |
| 337 | | | if (is_tcp) { |
Event 8:
Taking true branch. is_tcp evaluates to true.
hide
|
|
| 338 | | | if (tvb_get_ntohl(tvb, hdr_offset) != NCPIP_RQST && tvb_get_ntohl(tvb, hdr_offset) != NCPIP_RPLY) |
| 339 | | | commhdr += 1; |
| 340 | | | |
| 341 | | | ncpiph.signature = tvb_get_ntohl(tvb, commhdr); |
| 342 | | | proto_tree_add_uint(ncp_tree, hf_ncp_ip_sig, tvb, commhdr, 4, ncpiph.signature); |
| 343 | | | ncpiph.length = (0x7fffffff & tvb_get_ntohl(tvb, commhdr+4)); |
| 344 | | | proto_tree_add_uint(ncp_tree, hf_ncp_ip_length, tvb, commhdr+4, 4, ncpiph.length); |
| 345 | | | commhdr += 8; |
| 346 | | | if (ncpiph.signature == NCPIP_RQST) { |
Event 10:
Skipping " if". ncpiph.signature == 1148019796 evaluates to false.
hide
|
|
| 347 | | | ncpiphrq.version = tvb_get_ntohl(tvb, commhdr); |
| 348 | | | proto_tree_add_uint(ncp_tree, hf_ncp_ip_ver, tvb, commhdr, 4, ncpiphrq.version); |
| 349 | | | commhdr += 4; |
| 350 | | | ncpiphrq.rplybufsize = tvb_get_ntohl(tvb, commhdr); |
| 351 | | | proto_tree_add_uint(ncp_tree, hf_ncp_ip_rplybufsize, tvb, commhdr, 4, ncpiphrq.rplybufsize); |
| 352 | | | commhdr += 4; |
| 353 | | | } |
| 354 | | | |
| 355 | | | if (match_strval(tvb_get_ntohs(tvb, commhdr), ncp_type_vals)==NULL) { |
Event 11:
Skipping " if". match_strval(...) == (void *)0 evaluates to false.
hide
|
|
| 356 | | | |
| 357 | | | if (match_strval(tvb_get_ntohs(tvb, commhdr+8), ncp_type_vals)!=NULL) { |
| 358 | | | proto_tree_add_item(ncp_tree, hf_ncp_ip_packetsig, tvb, commhdr, 8, FALSE); |
| 359 | | | commhdr += 8; |
| 360 | | | } |
| 361 | | | } |
| 362 | | | } else { |
| 363 | | | |
| 364 | | | memset(&ncpiph, 0, sizeof(ncpiph)); |
| 365 | | | } |
| 366 | | | |
| 367 | | | .type = tvb_get_ntohs(tvb, commhdr); |
| 368 | | | .sequence = tvb_get_guint8(tvb, commhdr+2); |
| 369 | | | .conn_low = tvb_get_guint8(tvb, commhdr+3); |
| 370 | | | .task = tvb_get_guint8(tvb, commhdr+4); |
| 371 | | | .conn_high = tvb_get_guint8(tvb, commhdr+5); |
| 372 | | | proto_tree_add_uint(ncp_tree, hf_ncp_type, tvb, commhdr, 2, .type); |
| 373 | | | nw_connection = (.conn_high*256)+.conn_low; |
| 374 | | | |
| 375 | | | |
| 376 | | | |
| 377 | | | |
| 378 | | | |
| 379 | | | conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, |
| 380 | | | PT_NCP, (guint32) pinfo->srcport, (guint32) pinfo->destport, |
| 381 | | | 0); |
| 382 | | | if ((ncpiph.length & 0x80000000) || ncpiph.signature == NCPIP_RPLY) { |
| 383 | | | |
| 384 | | | |
| 385 | | | |
| 386 | | | if (!pinfo->fd->flags.visited) { |
| 387 | | | if (conversation != NULL) { |
| 388 | | | |
| 389 | | | |
| 390 | | | |
| 391 | | | |
| 392 | | | request_value = mncp_hash_lookup(conversation, nw_connection, .task); |
| 393 417 |  | | [ Lines 393 to 417 omitted. ] |
| 418 | | | } else { |
| 419 | | | |
| 420 | | | request_value = mncp_hash_lookup(conversation, nw_connection, .task); |
| 421 | | | if (request_value) { |
| 422 | | | if ((request_value->session_start_packet_num == pinfo->fd->num) && ncp_echo_conn) |
| 423 | | | { |
| 424 | | | expert_add_info_format(pinfo, NULL, PI_RESPONSE_CODE, PI_CHAT, "Detected New Server Session. Connection %d, Task %d", nw_connection, .task); |
| 425 | | | } |
| 426 | | | } |
| 427 | | | } |
| 428 | | | } else { |
| 429 | | | if (!pinfo->fd->flags.visited) { |
Event 13:
Taking true branch. pinfo->fd->flags.visited evaluates to false.
hide
|
|
| 430 | | | if (conversation != NULL) { |
Event 14:
Taking false branch. conversation != (void *)0 evaluates to false.
hide
|
|
| 431 | | | |
| 432 | | | |
| 433 | | | |
| 434 | | | |
| 435 | | | request_value = mncp_hash_lookup(conversation, nw_connection, .task); |
| 436 | | | |
| 437 | | | |
| 438 | | | |
| 439 | | | if (request_value == NULL) { |
| 440 | | | request_value = mncp_hash_insert(conversation, nw_connection, .task, pinfo); |
| 441 | | | } |
| 442 | | | } else { |
| 443 | | | |
| 444 | | | |
| 445 | | | |
| 446 | | | conversation = conversation_new(pinfo->fd->num, &pinfo->src, |
| 447 | | | &pinfo->dst, PT_NCP, (guint32) pinfo->srcport, (guint32) pinfo->destport, 0); |
| 448 | | | request_value = mncp_hash_insert(conversation, nw_connection, .task, pinfo); |
| 449 | | | } |
| 450 | | | |
| 451 | | | |
| 452 | | | |
| 453 | | | } else { |
| 454 | | | request_value = mncp_hash_lookup(conversation, nw_connection, .task); |
| 455 | | | if (request_value) { |
| 456 | | | if ((request_value->session_start_packet_num == pinfo->fd->num) && ncp_echo_conn) |
| 457 | | | { |
| 458 | | | expert_add_info_format(pinfo, NULL, PI_RESPONSE_CODE, PI_CHAT, "Detected New Server Session. Connection %d, Task %d", nw_connection, .task); |
| 459 | | | } |
| 460 | | | } |
| 461 | | | } |
| 462 | | | } |
| 463 | | | |
| 464 | | | tap_queue_packet(ncp_tap.hdr, pinfo, ncp_hdr); |
| 465 | | | |
| 466 | | | if (check_col(pinfo->cinfo, COL_INFO)) { |
Event 15:
Taking true branch. check_col(...) evaluates to true.
hide
|
|
| 467 | | | col_add_str(pinfo->cinfo, COL_INFO, |
| 468 | | | val_to_str(.type, ncp_type_vals, "Unknown type (0x%04x)")); |
| 469 | | | } |
| 470 | | | |
| 471 | | | |
| 472 | | | |
| 473 | | | |
| 474 | | | switch (.type) { |
Event 16:
.type evaluates to 8738.
hide
|
|
| 475 | | | |
| 476 | | | case NCP_BROADCAST_SLOT: |
| 477 | | | proto_tree_add_uint(ncp_tree, hf_ncp_seq, tvb, commhdr + 2, 1, .sequence); |
| 478 | | | proto_tree_add_uint(ncp_tree, hf_ncp_connection,tvb, commhdr + 3, 3, nw_connection); |
| 479 | | | proto_tree_add_item(ncp_tree, hf_ncp_task, tvb, commhdr + 4, 1, FALSE); |
| 480 | | | proto_tree_add_item(ncp_tree, hf_ncp_oplock_flag, tvb, commhdr + 9, 1, tvb_get_guint8(tvb, commhdr+9)); |
| 481 | | | proto_tree_add_item(ncp_tree, hf_ncp_oplock_handle, tvb, commhdr + 10, 4, FALSE); |
| 482 | | | if ((tvb_get_guint8(tvb, commhdr+9)==0x24) && ncp_echo_file) |
| 483 | | | { |
| 484 | | | expert_add_info_format(pinfo, NULL, PI_RESPONSE_CODE, PI_CHAT, "Server requesting station to clear oplock on handle - %08x", tvb_get_ntohl(tvb, commhdr+10)); |
| 485 668 |  | | [ Lines 485 to 668 omitted. ] |
| 669 | | | if (length_remaining > 4) { |
| 670 | | | testvar = tvb_get_ntohl(tvb, commhdr+4); |
| 671 | | | if (testvar == 0x4c495020) { |
| 672 | | | proto_tree_add_item(ncp_tree, hf_lip_echo, tvb, commhdr+4, 13, FALSE); |
| 673 | | | break; |
| 674 | | | } |
| 675 | | | } |
| 676 | | | |
| 677 | | | |
| 678 | | | case NCP_POSITIVE_ACK: |
| 679 | | | case NCP_SERVICE_REQUEST: |
| 680 | | | case NCP_SERVICE_REPLY: |
| 681 | | | case NCP_WATCHDOG: |
| 682 | | | case NCP_DEALLOCATE_SLOT: |
| 683 | | | default: |
| 684 | | | proto_tree_add_uint(ncp_tree, hf_ncp_seq, tvb, commhdr + 2, 1, .sequence); |
| 685 | | | proto_tree_add_uint(ncp_tree, hf_ncp_connection,tvb, commhdr + 3, 3, nw_connection); |
| 686 | | | proto_tree_add_item(ncp_tree, hf_ncp_task, tvb, commhdr + 4, 1, FALSE); |
| 687 | | | break; |
| 688 | | | } |
| 689 | | | |
| 690 | | | |
| 691 | | | |
| 692 | | | |
| 693 | | | switch (.type) { |
Event 17:
.type evaluates to 8738.
hide
|
|
| 694 | | | |
| 695 | | | case NCP_ALLOCATE_SLOT: |
| 696 | | | length_remaining = tvb_length_remaining(tvb, commhdr + 4); |
| 697 | | | if (length_remaining > 4) { |
| 698 | | | testvar = tvb_get_ntohl(tvb, commhdr+4); |
| 699 | | | if (testvar == 0x4c495020) { |
| 700 | | | proto_tree_add_text(ncp_tree, tvb, commhdr, -1, |
| 701 | | | "Lip Echo Packet"); |
| 702 | | | |
| 703 | | | } |
| 704 | | | } |
| 705 | | | next_tvb = tvb_new_subset(tvb, commhdr, -1, -1); |
| 706 | | | dissect_ncp_request(next_tvb, pinfo, nw_connection, |
| 707 | | | .sequence, .type, ncp_tree); |
| 708 | | | break; |
| 709 | | | |
| 710 | | | case NCP_DEALLOCATE_SLOT: |
| 711 | | | next_tvb = tvb_new_subset(tvb, commhdr, -1, -1); |
| 712 | | | dissect_ncp_request(next_tvb, pinfo, nw_connection, |
| 713 | | | .sequence, .type, ncp_tree); |
| 714 | | | break; |
| 715 | | | |
| 716 | | | case NCP_SERVICE_REQUEST: |
| 717 | | | case NCP_BROADCAST_SLOT: |
| 718 | | | next_tvb = tvb_new_subset(tvb, commhdr, -1, -1); |
| 719 | [+] | | if (tvb_get_guint8(tvb, commhdr+6) == 0x68) { |
 |
| 720 | | | subfunction = tvb_get_guint8(tvb, commhdr+7); |
| 721 | | | switch (subfunction) { |
| 722 | | | |
| 723 | | | case 0x02: |
| 724 | | | dissect_nds_request(next_tvb, pinfo, |
| 725 | | | nw_connection, .sequence, |
| 726 | | | .type, ncp_tree); |
| 727 | | | break; |
| 728 | | | |
| 729 | | | case 0x01: |
| 730 | | | dissect_ping_req(next_tvb, pinfo, |
| 731 | | | nw_connection, .sequence, |
| 732 | | | .type, ncp_tree); |
| 733 | | | break; |
| 734 | | | |
| 735 | | | default: |
| 736 | | | dissect_ncp_request(next_tvb, pinfo, |
| 737 | | | nw_connection, .sequence, |
| 738 | | | .type, ncp_tree); |
| 739 | | | break; |
| 740 | | | } |
| 741 | | | } else { |
| 742 | | | dissect_ncp_request(next_tvb, pinfo, nw_connection, |
| 743 | [+] | | .sequence, .type, ncp_tree); |
Event 23:
ncp_tree, which evaluates to NULL, is passed to dissect_ncp_request() as the sixth argument. See related event 7.
hide
|
|
 |
| |