(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-ber.c) |
| |
| 950 | | | dissect_ber_octet_string(gboolean implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, tvbuff_t **out_tvb) { |
| 951 | | | gint8 class; |
| 952 | | | gboolean pc, ind; |
| 953 | | | gint32 tag; |
| 954 | | | guint32 len; |
| 955 | | | int hoffset; |
| 956 | | | int end_offset; |
| 957 | | | proto_item *it, *cause; |
| 958 | | | guint32 i; |
| 959 | | | |
| 960 | | | #ifdef DEBUG_BER |
| 961 | | | { |
| 962 | | | const char *name; |
| 963 | | | *hfinfo; |
| 964 | | | if(hf_id>=0){ |
| 965 | | | hfinfo = proto_registrar_get_nth(hf_id); |
| 966 | | | name=hfinfo->name; |
| 967 | | | } else { |
| 968 | | | name="unnamed"; |
| 969 | | | } |
| 970 | | | if(tvb_length_remaining(tvb,offset)>3){ |
| 971 | | | printf("OCTET STRING dissect_ber_octet string(%s) entered implicit_tag:%d offset:%d len:%d %02x:%02x:%02x\n",name,implicit_tag,offset,tvb_length_remaining(tvb,offset),tvb_get_guint8(tvb,offset),tvb_get_guint8(tvb,offset+1),tvb_get_guint8(tvb,offset+2)); |
| 972 | | | }else{ |
| 973 | | | printf("OCTET STRING dissect_ber_octet_string(%s) entered\n",name); |
| 974 | | | } |
| 975 | | | } |
| 976 | | | #endif |
| 977 | | | |
| 978 | | | if (!implicit_tag) { |
Event 1:
Taking false branch. implicit_tag evaluates to true.
hide
|
|
| 979 | | | hoffset = offset; |
| 980 | | | |
| 981 | | | offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &class, &pc, &tag); |
| 982 | | | offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, &ind); |
| 983 | | | end_offset=offset+len; |
| 984 | | | |
| 985 | | | |
| 986 | | | if ((class!=BER_CLASS_APP)&&(class!=BER_CLASS_PRI)) |
| 987 | | | |
| 988 | | | if( (class!=BER_CLASS_UNI) |
| 989 | | | ||((tag<BER_UNI_TAG_NumericString)&&(tag!=BER_UNI_TAG_OCTETSTRING)&&(tag!=BER_UNI_TAG_UTF8String)) ){ |
| 990 | | | tvb_ensure_bytes_exist(tvb, hoffset, 2); |
| 991 | | | cause = proto_tree_add_text(tree, tvb, offset, len, "BER Error: OctetString expected but class:%s(%d) %s tag:%d was unexpected", val_to_str(class,ber_class_codes,"Unknown"), class, pc ? ber_pc_codes_short.true_string : ber_pc_codes_short.false_string, tag); |
| 992 | | | proto_item_set_expert_flags(cause, PI_MALFORMED, PI_WARN); |
| 993 | | | expert_add_info_format(actx->pinfo, cause, PI_MALFORMED, PI_WARN, "BER Error: OctetString expected"); |
| 994 | | | if (decode_unexpected) { |
| 995 | | | proto_tree *unknown_tree = proto_item_add_subtree(cause, ett_ber_unknown); |
| 996 | | | dissect_unknown_ber(actx->pinfo, tvb, hoffset, unknown_tree); |
| 997 | | | } |
| 998 | | | if(out_tvb) |
| 999 | | | *out_tvb=NULL; |
| 1000 | | | return end_offset; |
| 1001 | | | } |
| 1002 | | | } else { |
| 1003 | | | |
| 1004 | | | pc=FALSE; |
| 1005 | | | len=tvb_length_remaining(tvb,offset); |
| 1006 | | | end_offset=offset+len; |
| 1007 | | | } |
| 1008 | | | |
| 1009 | | | actx->created_item = NULL; |
| 1010 | | | |
| 1011 | | | if (pc) { |
Event 2:
Taking false branch. pc evaluates to false.
hide
|
|
| 1012 | | | |
| 1013 | | | end_offset = reassemble_octet_string(actx, tree, tvb, offset, len, ind, out_tvb); |
| 1014 | | | } else { |
| 1015 | | | |
| 1016 | | | gint length_remaining; |
| 1017 | | | |
| 1018 | [+] | | length_remaining = tvb_length_remaining(tvb, offset); |
 |
| 1019 | | | #if 0 |
| 1020 | | | if(length_remaining<1){ |
| 1021 | | | if(out_tvb) |
| 1022 | | | *out_tvb=NULL; |
| 1023 | | | return end_offset; |
| 1024 | | | } |
| 1025 | | | #endif |
| 1026 | | | |
| 1027 | | | if(len<=(guint32)length_remaining){ |
Cast Alters Value
length_remaining is cast from int to unsigned int. - length_remaining evaluates to -1.
- Negative values cannot be stored as unsigned int. Casting them to unsigned int can cause data loss or sign change.
The issue can occur if the highlighted code executes. See related event 7. Show: All events | Only primary events |
|
| |