(/home/sate/Testcases/c/cve/wireshark-1.2.0/wiretap/file_access.c) |
| |
| 216 | | | wtap* wtap_open_offline(const char *filename, int *err, char **err_info, |
| 217 | | | gboolean do_random) |
| 218 | | | { |
| 219 | | | struct stat statb; |
| 220 | | | wtap *wth; |
| 221 | | | unsigned int i; |
| 222 | | | gboolean use_stdin = FALSE; |
| 223 | | | |
| 224 | | | |
| 225 | | | if (strcmp(filename, "-") == 0) |
Event 1:
Skipping " if". strcmp(filename, "-") == 0 evaluates to false.
hide
|
|
| 226 | | | use_stdin = TRUE; |
| 227 | | | |
| 228 | | | |
| 229 | | | if (use_stdin) { |
Event 2:
Taking false branch. use_stdin evaluates to false.
hide
|
|
| 230 | | | if (fstat(0, &statb) < 0) { |
| 231 | | | *err = errno; |
| 232 | | | return NULL; |
| 233 | | | } |
| 234 | | | } else { |
| 235 | | | if (ws_stat(filename, &statb) < 0) { |
Event 3:
filename is passed to stat() as the first argument.
hide
Event 4:
stat() accesses the file named filename. - The same name is used to access a file later, but it is not safe to assume that it will be the same underlying file.
See related event 3.
hide
Event 5:
Skipping " if". stat(filename, &statb) < 0 evaluates to false.
hide
|
|
| 236 | | | *err = errno; |
| 237 | | | return NULL; |
| 238 | | | } |
| 239 | | | } |
| 240 | | | if (S_ISFIFO(statb.st_mode)) {
x /usr/include/sys/stat.h |
| |
136 | # define S_ISFIFO(mode) __S_ISTYPE((mode), __S_IFIFO) |
| |
x /usr/include/sys/stat.h |
| |
129 | #define __S_ISTYPE(mode, mask) (((mode) & __S_IFMT) == (mask)) |
| |
x /usr/include/bits/stat.h |
| |
182 | #define __S_IFMT 0170000 /* These bits determine file type. */ |
| |
x /usr/include/bits/stat.h |
| |
189 | #define __S_IFIFO 0010000 /* FIFO. */ |
| |
|
Event 6:
Taking true branch. (statb.st_mode & 61440) == 4096 evaluates to true.
hide
|
|
| 241 | | | |
| 242 | | | |
| 243 | | | |
| 244 | | | |
| 245 | | | |
| 246 | | | |
| 247 | | | |
| 248 | | | |
| 249 | | | |
| 250 | | | |
| 251 | | | |
| 252 | | | |
| 253 | | | if (do_random) { |
Event 7:
Skipping " if". do_random evaluates to false.
hide
|
|
| 254 | | | *err = WTAP_ERR_RANDOM_OPEN_PIPE; |
| 255 | | | return NULL; |
| 256 | | | } |
| 257 | | | } else if (S_ISDIR(statb.st_mode)) {
x /usr/include/sys/stat.h |
| |
131 | #define S_ISDIR(mode) __S_ISTYPE((mode), __S_IFDIR) |
| |
x /usr/include/sys/stat.h |
| |
129 | #define __S_ISTYPE(mode, mask) (((mode) & __S_IFMT) == (mask)) |
| |
x /usr/include/bits/stat.h |
| |
182 | #define __S_IFMT 0170000 /* These bits determine file type. */ |
| |
x /usr/include/bits/stat.h |
| |
185 | #define __S_IFDIR 0040000 /* Directory. */ |
| |
|
| 258 | | | |
| 259 | | | |
| 260 | | | |
| 261 | | | |
| 262 | | | |
| 263 | | | *err = EISDIR;
x /usr/include/asm-generic/errno-base.h |
| |
24 | #define EISDIR 21 /* Is a directory */ |
| |
|
| 264 | | | return NULL; |
| 265 | | | } else if (! S_ISREG(statb.st_mode)) {
x /usr/include/sys/stat.h |
| |
134 | #define S_ISREG(mode) __S_ISTYPE((mode), __S_IFREG) |
| |
x /usr/include/sys/stat.h |
| |
129 | #define __S_ISTYPE(mode, mask) (((mode) & __S_IFMT) == (mask)) |
| |
x /usr/include/bits/stat.h |
| |
182 | #define __S_IFMT 0170000 /* These bits determine file type. */ |
| |
x /usr/include/bits/stat.h |
| |
188 | #define __S_IFREG 0100000 /* Regular file. */ |
| |
|
| 266 | | | *err = WTAP_ERR_NOT_REGULAR_FILE; |
| 267 | | | return NULL; |
| 268 | | | } |
| 269 | | | |
| 270 | | | |
| 271 | | | |
| 272 | | | |
| 273 | | | |
| 274 | | | |
| 275 | | | |
| 276 | | | |
| 277 | | | if (use_stdin && do_random) { |
Event 8:
Skipping " if". use_stdin evaluates to false.
hide
|
|
| 278 | | | *err = WTAP_ERR_RANDOM_OPEN_STDIN; |
| 279 | | | return NULL; |
| 280 | | | } |
| 281 | | | |
| 282 | | | errno = ENOMEM;
x /usr/include/asm-generic/errno-base.h |
| |
15 | #define ENOMEM 12 /* Out of memory */ |
| |
|
| 283 | | | wth = g_malloc(sizeof(wtap)); |
| 284 | | | if (wth == NULL) { |
Event 10:
Skipping " if". wth == (void *)0 evaluates to false.
hide
|
|
| 285 | | | *err = errno; |
| 286 | | | return NULL; |
| 287 | | | } |
| 288 | | | |
| 289 | | | |
| 290 | | | errno = WTAP_ERR_CANT_OPEN; |
| 291 | | | if (use_stdin) { |
Event 11:
Taking false branch. use_stdin evaluates to false.
hide
|
|
| 292 | | | |
| 293 | | | |
| 294 | | | |
| 295 | | | |
| 296 | | | |
| 297 | | | wth->fd = ws_dup(0); |
| 298 | | | #ifdef _WIN32 |
| 299 | | | _setmode(wth->fd, O_BINARY); |
| 300 | | | #endif |
| 301 | | | } else |
| 302 | | | wth->fd = ws_open(filename, O_RDONLY|O_BINARY, 0000 );
x /home/sate/Testcases/c/cve/wireshark-1.2.0/wsutil/file_util.h |
| |
105 | #define O_BINARY 0 /* Win32 needs the O_BINARY flag for open() */ |
| |
|
Event 12:
filename is passed to open() as the first argument.
hide
File System Race Condition
The file named filename is accessed again. Another process may have changed the file since the access at file_access.c:235. For example, an attacker could replace the original file with a link to a file containing important or confidential data. The issue can occur if the highlighted code executes. See related events 4 and 12. Show: All events | Only primary events |
|
| |