(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-ssl.c) |
| |
| 1284 | | | dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, |
| 1285 | | | proto_tree *tree, guint32 offset, |
| 1286 | | | guint *conv_version, gboolean *need_desegmentation, |
| 1287 | | | SslDecryptSession* ssl, gboolean first_record_in_frame _U_) |
| 1288 | | | { |
| 1289 | | | |
| 1290 | | | |
| 1291 | | | |
| 1292 | | | |
| 1293 | | | |
| 1294 | | | |
| 1295 | | | |
| 1296 | | | |
| 1297 | | | |
| 1298 | | | |
| 1299 | | | |
| 1300 | | | |
| 1301 | | | |
| 1302 | | | |
| 1303 | | | |
| 1304 | | | |
| 1305 | | | |
| 1306 | | | |
| 1307 | | | |
| 1308 | | | guint32 record_length; |
| 1309 | | | guint16 version; |
| 1310 | | | guint8 content_type; |
| 1311 | | | guint8 next_byte; |
| 1312 | | | proto_tree *ti; |
| 1313 | | | proto_tree *ssl_record_tree; |
| 1314 | | | SslAssociation* association; |
| 1315 | | | guint32 available_bytes; |
| 1316 | | | ti = NULL; |
| 1317 | | | ssl_record_tree = NULL; |
| 1318 | | | available_bytes = 0; |
| 1319 | | | |
| 1320 | [+] | | available_bytes = tvb_length_remaining(tvb, offset); |
 |
| 1321 | | | |
| 1322 | | | |
| 1323 | | | if ((*conv_version==SSL_VER_TLS || *conv_version==SSL_VER_TLSv1DOT1 || *conv_version==SSL_VER_TLSv1DOT2) && |
Event 12:
Skipping " if". - *conv_version == 3 evaluates to false.
- *conv_version == 4 evaluates to false.
- *conv_version == 7 evaluates to true.
- available_bytes >= 1 evaluates to false.
hide
Event 13:
Considering the case where *conv_version must have been equal to 7.
hide
|
|
| 1324 | | | (available_bytes >=1 ) && !ssl_is_valid_content_type(tvb_get_guint8(tvb, offset))) { |
| 1325 | | | proto_tree_add_text(tree, tvb, offset, available_bytes, "Ignored Unknown Record"); |
| 1326 | | | if (check_col(pinfo->cinfo, COL_INFO)) |
| 1327 | | | col_append_str(pinfo->cinfo, COL_INFO, "Ignored Unknown Record"); |
| 1328 | | | if (check_col(pinfo->cinfo, COL_PROTOCOL)) |
| 1329 | | | col_set_str(pinfo->cinfo, COL_PROTOCOL, ssl_version_short_names[*conv_version]); |
| 1330 | | | return offset + available_bytes; |
| 1331 | | | } |
| 1332 | | | |
| 1333 | | | |
| 1334 | | | |
| 1335 | | | |
| 1336 | | | if (ssl_desegment && pinfo->can_desegment) { |
Event 14:
Skipping " if". ssl_desegment evaluates to false.
hide
|
|
| 1337 | | | |
| 1338 | | | |
| 1339 | | | |
| 1340 | | | if (available_bytes < 5) { |
| 1341 | | | |
| 1342 | | | |
| 1343 | | | |
| 1344 | | | |
| 1345 | | | |
| 1346 | | | pinfo->desegment_offset = offset; |
| 1347 | | | pinfo->desegment_len = 5 - available_bytes; |
| 1348 | | | *need_desegmentation = TRUE; |
| 1349 | | | return offset; |
| 1350 | | | } |
| 1351 | | | } |
| 1352 | | | |
| 1353 | | | |
| 1354 | | | |
| 1355 | | | |
| 1356 | [+] | | content_type = tvb_get_guint8(tvb, offset); |
 |
| 1357 | | | version = tvb_get_ntohs(tvb, offset + 1); |
| 1358 | | | record_length = tvb_get_ntohs(tvb, offset + 3); |
| 1359 | | | |
| 1360 | [+] | | if (ssl_is_valid_content_type(content_type)) { |
 |
| 1361 | | | |
| 1362 | | | |
| 1363 | | | |
| 1364 | | | |
| 1365 | | | if (ssl_desegment && pinfo->can_desegment) { |
Event 31:
Skipping " if". ssl_desegment evaluates to false.
hide
|
|
| 1366 | | | |
| 1367 | | | |
| 1368 | | | |
| 1369 | | | if (available_bytes < record_length + 5) { |
| 1370 | | | |
| 1371 | | | |
| 1372 | | | |
| 1373 | | | |
| 1374 | | | |
| 1375 | | | pinfo->desegment_offset = offset; |
| 1376 1399 |  | | [ Lines 1376 to 1399 omitted. ] |
| 1400 | | | { |
| 1401 | | | col_set_str(pinfo->cinfo, COL_PROTOCOL, |
| 1402 | | | ssl_version_short_names[*conv_version]); |
| 1403 | | | } |
| 1404 | | | return offset + 5 + record_length; |
| 1405 | | | } |
| 1406 | | | |
| 1407 | | | |
| 1408 | | | |
| 1409 | | | |
| 1410 | | | if (tree) |
Event 32:
Taking true branch. tree evaluates to true.
hide
|
|
| 1411 | | | { |
| 1412 | | | |
| 1413 | | | |
| 1414 | | | tvb_ensure_bytes_exist(tvb, offset, 5 + record_length); |
| 1415 | | | ti = proto_tree_add_item(tree, hf_ssl_record, tvb, |
| 1416 | [+] | | offset, 5 + record_length, 0); |
 |
| 1417 | | | ssl_record_tree = proto_item_add_subtree(ti, ett_ssl_record); |
| 1418 | | | |
| 1419 | | | |
| 1420 | | | proto_tree_add_item(ssl_record_tree, hf_ssl_record_content_type, |
| 1421 | | | tvb, offset, 1, 0); |
| 1422 | | | offset++; |
| 1423 | | | |
| 1424 | | | |
| 1425 | | | proto_tree_add_item(ssl_record_tree, hf_ssl_record_version, tvb, |
| 1426 | | | offset, 2, FALSE); |
| 1427 | | | offset += 2; |
| 1428 | | | |
| 1429 | | | |
| 1430 | | | proto_tree_add_uint(ssl_record_tree, hf_ssl_record_length, tvb, |
| 1431 | | | offset, 2, record_length); |
| 1432 | | | offset += 2; |
| 1433 | | | } |
| 1434 | | | else |
| 1435 | | | { |
| 1436 | | | |
| 1437 | | | offset += 5; |
| 1438 | | | } |
| 1439 | | | |
| 1440 | | | |
| 1441 | | | |
| 1442 | | | |
| 1443 | | | |
| 1444 | | | |
| 1445 | | | |
| 1446 | | | |
| 1447 | | | next_byte = tvb_get_guint8(tvb, offset); |
| 1448 | | | if (*conv_version == SSL_VER_UNKNOWN |
Event 45:
Skipping " if". *conv_version == 0 evaluates to false.
hide
|
|
| 1449 | | | && ssl_is_authoritative_version_message(content_type, next_byte)) |
| 1450 | | | { |
| 1451 | | | if (version == SSLV3_VERSION) |
| 1452 | | | { |
| 1453 | | | *conv_version = SSL_VER_SSLv3; |
| 1454 | | | if (ssl) { |
| 1455 | | | ssl->version_netorder = version; |
| 1456 | | | ssl->state |= SSL_VERSION; |
| 1457 | | | ssl_debug_printf("dissect_ssl3_record found version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state); |
| 1458 | | | } |
| 1459 1484 |  | | [ Lines 1459 to 1484 omitted. ] |
| 1485 | | | |
| 1486 | | | *conv_version = SSL_VER_TLSv1DOT2; |
| 1487 | | | if (ssl) { |
| 1488 | | | ssl->version_netorder = version; |
| 1489 | | | ssl->state |= SSL_VERSION; |
| 1490 | | | ssl_debug_printf("dissect_ssl3_record found version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state); |
| 1491 | | | } |
| 1492 | | | |
| 1493 | | | } |
| 1494 | | | } |
| 1495 | [+] | | if (check_col(pinfo->cinfo, COL_PROTOCOL)) |
 |
| 1496 | | | { |
| 1497 | | | col_set_str(pinfo->cinfo, COL_PROTOCOL, |
| 1498 | | | ssl_version_short_names[*conv_version]); |
| 1499 | | | } |
| 1500 | | | |
| 1501 | | | |
| 1502 | | | |
| 1503 | | | |
| 1504 | | | ssl_debug_printf("dissect_ssl3_record: content_type %d\n",content_type); |
| 1505 | | | |
| 1506 | | | |
| 1507 | | | |
| 1508 | | | |
| 1509 | | | switch (content_type) { |
Event 48:
content_type evaluates to 22.
hide
|
|
| 1510 | | | case SSL_ID_CHG_CIPHER_SPEC: |
| 1511 | | | ssl_debug_printf("dissect_ssl3_change_cipher_spec\n"); |
| 1512 | | | if (check_col(pinfo->cinfo, COL_INFO)) |
| 1513 | | | col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec"); |
| 1514 | | | dissect_ssl3_change_cipher_spec(tvb, ssl_record_tree, |
| 1515 | | | offset, conv_version, content_type); |
| 1516 | | | if (ssl) ssl_change_cipher(ssl, ssl_packet_from_server(ssl_associations, pinfo->srcport, pinfo->ptype == PT_TCP)); |
| 1517 | | | break; |
| 1518 | | | case SSL_ID_ALERT: |
| 1519 | | | { |
| 1520 | | | tvbuff_t* decrypted; |
| 1521 | | | |
| 1522 | | | if (ssl&&decrypt_ssl3_record(tvb, pinfo, offset, |
| 1523 | | | record_length, content_type, ssl, FALSE)) |
| 1524 | | | ssl_add_record_info(proto_ssl, pinfo, ssl_decrypted_data.data, |
| 1525 | | | ssl_decrypted_data_avail, offset); |
| 1526 | | | |
| 1527 | | | |
| 1528 | | | decrypted = ssl_get_record_info(proto_ssl, pinfo, offset); |
| 1529 | | | if (decrypted) |
| 1530 | | | dissect_ssl3_alert(decrypted, pinfo, ssl_record_tree, 0, conv_version); |
| 1531 | | | else |
| 1532 | | | dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset, conv_version); |
| 1533 | | | break; |
| 1534 | | | } |
| 1535 | | | case SSL_ID_HANDSHAKE: |
| 1536 | | | { |
| 1537 | | | tvbuff_t* decrypted; |
| 1538 | | | |
| 1539 | | | |
| 1540 | | | |
| 1541 | | | |
| 1542 | | | |
| 1543 | | | if (ssl && decrypt_ssl3_record(tvb, pinfo, offset, |
Event 49:
Skipping " if". ssl evaluates to false.
hide
|
|
| 1544 | | | record_length, content_type, ssl, FALSE)) |
| 1545 | | | ssl_add_record_info(proto_ssl, pinfo, ssl_decrypted_data.data, |
| 1546 | | | ssl_decrypted_data_avail, offset); |
| 1547 | | | |
| 1548 | | | |
| 1549 | [+] | | decrypted = ssl_get_record_info(proto_ssl, pinfo, offset); |
 |
| 1550 | | | if (decrypted) { |
Event 51:
Taking false branch. decrypted evaluates to false.
hide
|
|
| 1551 | | | |
| 1552 | | | add_new_data_source(pinfo, decrypted, "Decrypted SSL record"); |
| 1553 | | | dissect_ssl3_handshake(decrypted, pinfo, ssl_record_tree, 0, |
| 1554 | | | decrypted->length, conv_version, ssl, content_type); |
| 1555 | | | } else { |
| 1556 | | | dissect_ssl3_handshake(tvb, pinfo, ssl_record_tree, offset, |
| 1557 | [+] | | record_length, conv_version, ssl, content_type); |
Event 52:
conv_version is passed to dissect_ssl3_handshake() as the sixth argument. - This determines the position accessed in the buffer during the buffer overrun later.
hide
|
|
 |
| |