(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-gssapi.c) |
| |
| 172 | | | dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, |
| 173 | | | gboolean is_verifier) |
| 174 | | | { |
| 175 | | | proto_item *volatile item; |
| 176 | | | proto_tree *volatile subtree; |
| 177 | | | volatile int return_offset = 0; |
| 178 | | | gssapi_conv_info_t *volatile gss_info; |
| 179 | | | gssapi_oid_value *oidvalue; |
| 180 | | | dissector_handle_t handle; |
| 181 | | | conversation_t *conversation; |
| 182 | | | tvbuff_t *oid_tvb; |
| 183 | | | int len, start_offset, oid_start_offset; |
| 184 | | | volatile int offset; |
| 185 | | | gint8 class; |
| 186 | | | gboolean pc, ind_field; |
| 187 | | | gint32 tag; |
| 188 | | | guint32 len1; |
| 189 | | | const char *oid; |
| 190 | | | fragment_data *fd_head=NULL; |
| 191 | | | gssapi_frag_info_t *fi; |
| 192 | | | tvbuff_t *volatile gss_tvb=NULL; |
| 193 | | | asn1_ctx_t asn1_ctx; |
| 194 | | | |
| 195 | | | start_offset=0; |
| 196 | | | offset=0; |
| 197 | | | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); |
| 198 | | | |
| 199 | | | |
| 200 | | | |
| 201 | | | |
| 202 | | | |
| 203 | | | pinfo->gssapi_data_encrypted = FALSE; |
| 204 | | | |
| 205 | | | |
| 206 | | | |
| 207 | | | |
| 208 | | | |
| 209 | | | conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, |
| 210 | | | pinfo->ptype, pinfo->srcport, |
| 211 | | | pinfo->destport, 0); |
| 212 | | | if(!conversation){ |
| 213 | | | conversation = conversation_new(pinfo->fd->num, &pinfo->src, |
| 214 | | | &pinfo->dst, |
| 215 | | | pinfo->ptype, |
| 216 | | | pinfo->srcport, |
| 217 | | | pinfo->destport, 0); |
| 218 | | | } |
| 219 | | | gss_info = conversation_get_proto_data(conversation, proto_gssapi); |
| 220 | | | if (!gss_info) { |
| 221 | | | gss_info = se_alloc(sizeof(gssapi_conv_info_t)); |
| 222 | | | gss_info->oid=NULL; |
| 223 | | | gss_info->do_reassembly=FALSE; |
| 224 | | | gss_info->frags=se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "gssapi_frags"); |
| 225 | | | |
| 226 | | | conversation_add_proto_data(conversation, proto_gssapi, gss_info); |
| 227 | | | } |
| 228 | | | |
| 229 | | | item = proto_tree_add_item( |
| 230 | | | tree, proto_gssapi, tvb, offset, -1, FALSE); |
| 231 | | | |
| 232 | | | subtree = proto_item_add_subtree(item, ett_gssapi); |
| 233 | | | |
| 234 | | | |
| 235 | | | |
| 236 | | | |
| 237 | | | |
| 238 | | | |
| 239 | | | |
| 240 | | | |
| 241 | | | |
| 242 | | | |
| 243 | | | |
| 244 | | | |
| 245 | | | |
| 246 | | | TRY {
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
176 | #define TRY \ |
177 | {\ |
178 | except_t *exc; \ |
179 | volatile int except_state = 0; \ |
180 | static const except_id_t catch_spec[] = { \ |
181 | { XCEPT_GROUP_WIRESHARK, XCEPT_CODE_ANY } }; \ |
182 | except_try_push(catch_spec, 1, &exc); \ |
183 | \ |
184 | if(except_state & EXCEPT_CAUGHT) \ |
185 | except_state |= EXCEPT_RETHROWN; \ |
186 | except_state &= ~EXCEPT_CAUGHT; \ |
187 | \ |
188 | if (except_state == 0 && exc == 0) \ |
189 | /* user's code goes here */ |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/except.h |
| |
143 | #define except_try_push(ID, NUM, PPE) \ |
144 | { \ |
145 | struct except_stacknode except_sn; \ |
146 | struct except_catch except_ch; \ |
147 | except_setup_try(&except_sn, &except_ch, ID, NUM); \ |
148 | if (setjmp(except_ch.except_jmp)) \ |
149 | *(PPE) = &except_ch.except_obj; \ |
150 | else \ |
151 | *(PPE) = 0 |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
165 | #define EXCEPT_CAUGHT 1 /* exception has been caught, no need to rethrow at |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
168 | #define EXCEPT_RETHROWN 2 /* the exception was rethrown from a CATCH |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
165 | #define EXCEPT_CAUGHT 1 /* exception has been caught, no need to rethrow at |
| |
|
| 247 | | | gss_tvb=tvb; |
| 248 | | | |
| 249 | | | |
| 250 | | | |
| 251 | | | |
| 252 | | | |
| 253 | | | if( (!pinfo->fd->flags.visited) |
| 254 | | | && (gss_info->do_reassembly) |
| 255 | | | && (gssapi_reassembly) ){ |
| 256 | | | fi=se_tree_lookup32(gss_info->frags, gss_info->first_frame); |
| 257 | | | if(!fi){ |
| 258 | | | goto done; |
| 259 | | | } |
| 260 | | | se_tree_insert32(gss_info->frags, pinfo->fd->num, fi); |
| 261 | | | fd_head=fragment_add(tvb, 0, pinfo, fi->first_frame, |
| 262 | | | gssapi_fragment_table, gss_info->frag_offset, |
| 263 | | | tvb_length(tvb), TRUE); |
| 264 | | | gss_info->frag_offset+=tvb_length(tvb); |
| 265 | | | |
| 266 | | | |
| 267 | | | if(!fd_head){ |
| 268 | | | goto done; |
| 269 | | | } |
| 270 | | | |
| 271 | | | |
| 272 | | | gss_info->do_reassembly=FALSE; |
| 273 | | | fi->reassembled_in=pinfo->fd->num; |
| 274 | | | |
| 275 | | | gss_tvb=tvb_new_child_real_data(tvb, fd_head->data, fd_head->datalen, fd_head->datalen); |
| 276 | | | add_new_data_source(pinfo, gss_tvb, "Reassembled GSSAPI"); |
| 277 | | | } |
| 278 | | | |
| 279 | | | |
| 280 | | | |
| 281 | | | if( (pinfo->fd->flags.visited) |
| 282 | | | && (gssapi_reassembly) ){ |
| 283 | | | fi=se_tree_lookup32(gss_info->frags, pinfo->fd->num); |
| 284 | | | if(fi){ |
| 285 | | | fd_head=fragment_get(pinfo, fi->first_frame, gssapi_fragment_table); |
| 286 | | | if(fd_head && (fd_head->flags&FD_DEFRAGMENTED)){ |
| 287 | | | if(pinfo->fd->num==fi->reassembled_in){ |
| 288 | | | proto_item *frag_tree_item; |
| 289 | | | gss_tvb=tvb_new_child_real_data(tvb, fd_head->data, fd_head->datalen, fd_head->datalen); |
| 290 | | | add_new_data_source(pinfo, gss_tvb, "Reassembled GSSAPI"); |
| 291 | | | show_fragment_tree(fd_head, &gssapi_frag_items, tree, pinfo, tvb, &frag_tree_item); |
| 292 | | | } else { |
| 293 | | | proto_item *it; |
| 294 | | | it=proto_tree_add_uint(tree, hf_gssapi_reassembled_in, tvb, 0, 0, fi->reassembled_in); |
| 295 | | | PROTO_ITEM_SET_GENERATED(it);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
325 | #define PROTO_ITEM_SET_GENERATED(proto_item) \ |
326 | ((proto_item) ? FI_SET_FLAG((proto_item)->finfo, FI_GENERATED) : 0) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
246 | #define FI_SET_FLAG(fi, flag) (fi->flags = fi->flags | flag) |
| |
|
| 296 | | | goto done; |
| 297 | | | } |
| 298 | | | } |
| 299 | | | } |
| 300 | | | } |
| 301 | | | |
| 302 | | | |
| 303 | | | offset = get_ber_identifier(gss_tvb, offset, &class, &pc, &tag); |
| 304 | | | offset = get_ber_length(gss_tvb, offset, &len1, &ind_field); |
| 305 | | | |
| 306 | | | |
| 307 | | | if (!(class == BER_CLASS_APP && pc && tag == 0)) { |
| 308 | | | |
| 309 | | | |
| 310 | | | if ((tvb_length_remaining(gss_tvb, start_offset)>7) && (tvb_strneql(gss_tvb, start_offset, "NTLMSSP", 7) == 0)) { |
| 311 | | | return_offset = call_dissector(ntlmssp_handle, |
| 312 | | | tvb_new_subset(gss_tvb, start_offset, -1, -1), |
| 313 | | | pinfo, subtree); |
| 314 | | | goto done; |
| 315 | | | } |
| 316 | | | |
| 317 | | | |
| 318 | | | if ((tvb_length_remaining(gss_tvb, start_offset)>2) && |
| 319 | | | ((tvb_memeql(gss_tvb, start_offset, "\04\x04", 2) == 0) || |
| 320 | | | (tvb_memeql(gss_tvb, start_offset, "\05\x04", 2) == 0))) { |
| 321 | | | return_offset = call_dissector(spnego_krb5_wrap_handle, |
| 322 | | | tvb_new_subset(gss_tvb, start_offset, -1, -1), |
| 323 | | | pinfo, subtree); |
| 324 | | | goto done; |
| 325 | | | } |
| 326 | | | |
| 327 | | | |
| 328 | | | |
| 329 | | | |
| 330 | | | |
| 331 | | | |
| 332 | | | |
| 333 | | | |
| 334 | | | |
| 335 | | | |
| 336 | | | |
| 337 | | | |
| 338 | | | |
| 339 | | | |
| 340 | | | |
| 341 | | | |
| 342 | | | |
| 343 | | | |
| 344 | | | |
| 345 | | | |
| 346 | | | oidvalue = p_get_proto_data(pinfo->fd, proto_gssapi); |
| 347 | | | if (!oidvalue && !pinfo->fd->flags.visited) |
| 348 | | | { |
| 349 | | | |
| 350 | | | |
| 351 | | | oidvalue = gss_info->oid; |
| 352 | | | if (gss_info->oid) |
| 353 | | | p_add_proto_data(pinfo->fd, proto_gssapi, gss_info->oid); |
| 354 | | | } |
| 355 | | | if (!oidvalue) |
| 356 | | | { |
| 357 | | | proto_tree_add_text(subtree, gss_tvb, start_offset, 0, |
| 358 | | | "Unknown (class=%d, pc=%d, tag=%d)", |
| 359 | | | class, pc, tag); |
| 360 | | | return_offset = tvb_length(gss_tvb); |
| 361 | | | goto done; |
| 362 | | | } else { |
| 363 | | | tvbuff_t *oid_tvb_local; |
| 364 | | | |
| 365 | | | oid_tvb_local = tvb_new_subset(gss_tvb, start_offset, -1, -1); |
| 366 | | | if (is_verifier) |
| 367 | | | handle = oidvalue->wrap_handle; |
| 368 | | | else |
| 369 | | | handle = oidvalue->handle; |
| 370 | | | len = call_dissector(handle, oid_tvb_local, pinfo, subtree); |
| 371 | | | if (len == 0) |
| 372 | | | return_offset = tvb_length(gss_tvb); |
| 373 | | | else |
| 374 | | | return_offset = start_offset + len; |
| 375 | | | goto done; |
| 376 | | | } |
| 377 | | | } |
| 378 | | | |
| 379 | | | |
| 380 | | | oid_start_offset=offset; |
| 381 | | | offset=dissect_ber_object_identifier_str(FALSE, &asn1_ctx, subtree, gss_tvb, offset, hf_gssapi_oid, &oid); |
Ignored Return Value
The return value of dissect_ber_object_identifier_str() is never checked in the highlighted execution scenario. - If the return value can indicate an error, the error will be ignored if the highlighted code executes.
- The return value of dissect_ber_object_identifier_str() is checked 99% of the time in this project. CodeSonar is configured to enforce Ignored Return Value checks for any function whose return value is checked at least 96% of the time, unless the function is used fewer than 20 times. (To modify these thresholds, use configuration file parameters RETURN_CHECKER_SAMPLE_SIZE and RETURN_CHECKER_RATIO. To exempt dissect_ber_object_identifier_str() from the Ignored Return Value check, use configuration file parameter RETURN_CHECKER_IGNORED_FUNCS).
Show: All events | Only primary events |
|
| 382 | | | oidvalue = gssapi_lookup_oid_str(oid); |
| 383 | | | |
| 384 | | | |
| 385 | | | |
| 386 | | | |
| 387 | | | |
| 388 | | | |
| 389 | | | |
| 390 | | | |
| 391 | | | |
| 392 | | | |
| 393 | | | |
| 394 | | | |
| 395 | | | |
| 396 | | | if( (!pinfo->fd->flags.visited) |
Event 2:
Skipping " if". - pinfo->fd->flags.visited evaluates to false.
- oidvalue evaluates to true.
- tvb_length(...) == tvb_reported_length(...) evaluates to true.
- len1 > (guint32)tvb_length_remaining(...) evaluates to false.
hide
|
|
| 397 | | | && (oidvalue) |
| 398 | | | && (tvb_length(gss_tvb)==tvb_reported_length(gss_tvb)) |
| 399 | | | && (len1>(guint32)tvb_length_remaining(gss_tvb, oid_start_offset)) |
| 400 | | | && (gssapi_reassembly) ){ |
| 401 | | | fi=se_alloc(sizeof(gssapi_frag_info_t)); |
| 402 | | | fi->first_frame=pinfo->fd->num; |
| 403 | | | fi->reassembled_in=0; |
| 404 | | | se_tree_insert32(gss_info->frags, pinfo->fd->num, fi); |
| 405 | | | |
| 406 | | | fragment_add(gss_tvb, 0, pinfo, pinfo->fd->num, |
| 407 | | | gssapi_fragment_table, 0, |
| 408 | | | tvb_length(gss_tvb), TRUE); |
| 409 | | | fragment_set_tot_len(pinfo, pinfo->fd->num, gssapi_fragment_table, len1+oid_start_offset); |
| 410 | | | |
| 411 | | | gss_info->do_reassembly=TRUE; |
| 412 | | | gss_info->first_frame=pinfo->fd->num; |
| 413 | | | gss_info->frag_offset=tvb_length(gss_tvb); |
| 414 | | | goto done; |
| 415 | | | } |
| 416 | | | |
| 417 | | | |
| 418 | | | |
| 419 | | | |
| 420 | | | |
| 421 | | | |
| 422 | | | if ((oidvalue == NULL) || |
| 423 | | | !proto_is_protocol_enabled(oidvalue->proto)) { |
| 424 | | | |
| 425 | | | proto_tree_add_text(subtree, gss_tvb, oid_start_offset, -1, |
| 426 | | | "Token object"); |
| 427 | | | |
| 428 | | | return_offset = tvb_length(gss_tvb); |
| 429 | | | goto done; |
| 430 | | | } |
| 431 | | | |
| 432 | | | |
| 433 | | | |
| 434 | | | |
| 435 | | | |
| 436 | | | |
| 437 | | | |
| 438 | | | |
| 439 | | | |
| 440 | | | if(!gss_info->oid){ |
| 441 | | | gss_info->oid=oidvalue; |
| 442 | | | } |
| 443 | | | |
| 444 | | | if (is_verifier) { |
| 445 | | | handle = oidvalue->wrap_handle; |
| 446 | | | if (handle != NULL) { |
| 447 | | | oid_tvb = tvb_new_subset(gss_tvb, offset, -1, -1); |
| 448 | | | len = call_dissector(handle, oid_tvb, pinfo, |
| 449 | | | subtree); |
| 450 | | | if (len == 0) |
| 451 | | | return_offset = tvb_length(gss_tvb); |
| 452 | | | else |
| 453 | | | return_offset = offset + len; |
| 454 | | | } else { |
| 455 | | | proto_tree_add_text(subtree, gss_tvb, offset, -1, |
| 456 | | | "Authentication verifier"); |
| 457 | | | return_offset = tvb_length(gss_tvb); |
| 458 | | | } |
| 459 | | | } else { |
| 460 | | | handle = oidvalue->handle; |
| 461 | | | if (handle != NULL) { |
| 462 | | | oid_tvb = tvb_new_subset(gss_tvb, offset, -1, -1); |
| 463 | | | len = call_dissector(handle, oid_tvb, pinfo, |
| 464 | | | subtree); |
| 465 | | | if (len == 0) |
| 466 | | | return_offset = tvb_length(gss_tvb); |
| 467 | | | else |
| 468 | | | return_offset = offset + len; |
| 469 | | | } else { |
| 470 | | | proto_tree_add_text(subtree, gss_tvb, offset, -1, |
| 471 | | | "Authentication credentials"); |
| 472 | | | return_offset = tvb_length(gss_tvb); |
| 473 | | | } |
| 474 | | | } |
| 475 | | | |
| 476 | | | done: |
| 477 | | | ; |
| 478 | | | } CATCH(BoundsError) {
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
202 | #define CATCH(x) \ |
203 | if (except_state == 0 && exc != 0 && exc->except_id.except_code == (x) && \ |
204 | (except_state |= EXCEPT_CAUGHT)) \ |
205 | /* user's code goes here */ |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
165 | #define EXCEPT_CAUGHT 1 /* exception has been caught, no need to rethrow at |
| |
|
Event 4:
Skipping " if". - except_state == 0 evaluates to true.
- exc != 0 evaluates to false.
hide
|
|
| 479 | | | RETHROW;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
231 | #define RETHROW \ |
232 | { \ |
233 | /* check we're in a catch block */ \ |
234 | g_assert(except_state == EXCEPT_CAUGHT); \ |
235 | /* we can't use except_rethrow here, as that pops a catch block \ |
236 | * off the stack, and we don't want to do that, because we want to \ |
237 | * excecute the FINALLY {} block first. \ |
238 | * except_throw doesn't provide an interface to rethrow an existing \ |
239 | * exception; however, longjmping back to except_try_push() has the \ |
240 | * desired effect. \ |
241 | * \ |
242 | * Note also that THROW and RETHROW should provide much the same \ |
243 | * functionality in terms of which blocks to enter, so any messing \ |
| |
x /usr/include/glib-2.0/glib/gtestutils.h |
| |
74 | #define g_assert(expr) do { if G_LIKELY (expr) ; else \ |
75 | g_assertion_message_expr (G_LOG_DOMAIN, __FILE__, __LINE__, G_STRFUNC, \ |
76 | #expr); } while (0) |
| |
x /usr/include/glib-2.0/glib/gmacros.h |
| |
277 | #define G_LIKELY(expr) (__builtin_expect (_G_BOOLEAN_EXPR(expr), 1)) |
| |
x /usr/include/glib-2.0/glib/gmacros.h |
| |
268 | #define _G_BOOLEAN_EXPR(expr) \ |
269 | __extension__ ({ \ |
270 | int _g_boolean_var_; \ |
271 | if (expr) \ |
272 | _g_boolean_var_ = 1; \ |
273 | else \ |
274 | _g_boolean_var_ = 0; \ |
275 | _g_boolean_var_; \ |
276 | }) |
| |
x /usr/include/glib-2.0/glib/gmacros.h |
| |
160 | # define G_STRFUNC ((const char*) (__PRETTY_FUNCTION__)) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
165 | #define EXCEPT_CAUGHT 1 /* exception has been caught, no need to rethrow at |
| |
|
| 480 | | | } CATCH(ReportedBoundsError) {
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
202 | #define CATCH(x) \ |
203 | if (except_state == 0 && exc != 0 && exc->except_id.except_code == (x) && \ |
204 | (except_state |= EXCEPT_CAUGHT)) \ |
205 | /* user's code goes here */ |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
165 | #define EXCEPT_CAUGHT 1 /* exception has been caught, no need to rethrow at |
| |
|
Event 5:
Skipping " if". except_state == 0 evaluates to false.
hide
|
|
| 481 | | | show_reported_bounds_error(gss_tvb, pinfo, tree); |
| 482 | | | } ENDTRY;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
191 | #define ENDTRY \ |
192 | /* rethrow the exception if necessary */ \ |
193 | if(!(except_state&EXCEPT_CAUGHT) && exc != 0) \ |
194 | except_rethrow(exc); \ |
195 | except_try_pop();\ |
196 | } |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
165 | #define EXCEPT_CAUGHT 1 /* exception has been caught, no need to rethrow at |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/except.h |
| |
153 | #define except_try_pop() \ |
154 | except_free(except_ch.except_obj.except_dyndata); \ |
155 | except_pop(); \ |
156 | } |
| |
|
Event 6:
Skipping " if". - except_state & 1 evaluates to false.
- exc != 0 evaluates to false.
hide
|
|
| 483 | | | |
| 484 | | | proto_item_set_len(item, return_offset); |
| 485 | | | return return_offset; |
| 486 | | | } |
| |