(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-snmp.c) |
| |
| 1280 | | | static gboolean snmp_usm_auth_sha1(snmp_usm_params_t* p _U_, guint8** calc_auth_p, guint* calc_auth_len_p, gchar const** error _U_) { |
| 1281 | | | guint msg_len; |
| 1282 | | | guint8* msg; |
| 1283 | | | guint auth_len; |
| 1284 | | | guint8* auth; |
| 1285 | | | guint8* key; |
| 1286 | | | guint key_len; |
| 1287 | | | guint8 *calc_auth; |
| 1288 | | | guint start; |
| 1289 | | | guint end; |
| 1290 | | | guint i; |
| 1291 | | | |
| 1292 | | | if (!p->auth_tvb) { |
Event 1:
Skipping " if". p->auth_tvb evaluates to true.
hide
|
|
| 1293 | | | *error = "No Authenticator"; |
| 1294 | | | return FALSE; |
| 1295 | | | } |
| 1296 | | | |
| 1297 | | | key = p->user_assoc->user.authKey.data; |
| 1298 | | | key_len = p->user_assoc->user.authKey.len; |
| 1299 | | | |
| 1300 | | | if (! key ) { |
Event 2:
Skipping " if". key evaluates to true.
hide
|
|
| 1301 | | | *error = "User has no authKey"; |
| 1302 | | | return FALSE; |
| 1303 | | | } |
| 1304 | | | |
| 1305 | | | |
| 1306 | [+] | | auth_len = tvb_length_remaining(p->auth_tvb,0); |
 |
| 1307 | | | |
| 1308 | | | |
| 1309 | | | if (auth_len != 12) { |
Event 14:
Skipping " if". auth_len != 12 evaluates to false.
hide
|
|
| 1310 | | | *error = "Authenticator length wrong"; |
| 1311 | | | return FALSE; |
| 1312 | | | } |
| 1313 | | | |
| 1314 | [+] | | msg_len = tvb_length_remaining(p->msg_tvb,0); |
 |
| 1315 | | | msg = ep_tvb_memdup(p->msg_tvb,0,msg_len); |
| 1316 | | | |
| 1317 | | | auth = ep_tvb_memdup(p->auth_tvb,0,auth_len); |
| 1318 | | | |
| 1319 | | | start = p->auth_offset - p->start_offset; |
| 1320 | | | end = start + auth_len; |
| 1321 | | | |
| 1322 | | | |
| 1323 | | | for ( i = start ; i < end ; i++ ) { |
| 1324 | | | msg[i] = '\0'; |
| 1325 | | | } |
| 1326 | | | |
| 1327 | | | calc_auth = ep_alloc(20); |
| 1328 | | | |
| 1329 | [+] | | sha1_hmac(key, key_len, msg, msg_len, calc_auth); |
Event 21:
msg_len, which evaluates to -1, is passed to sha1_hmac() as the fourth argument. See related event 19.
hide
|
|
 |
| |