(/home/sate/Testcases/c/cve/wireshark-1.2.0/capture.c) |
| |
| 664 | | | GList * |
| 665 | | | capture_interface_list(int *err, char **err_str) |
| 666 | | | { |
| 667 | | | GList *if_list = NULL; |
| 668 | | | int i, j; |
| 669 | | | gchar *msg; |
| 670 | | | gchar **raw_list, **if_parts, **addr_parts; |
| 671 | | | gchar *name; |
| 672 | | | if_info_t *if_info; |
| 673 | | | if_addr_t *if_addr; |
| 674 | | | |
| 675 | | | g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface List ..."); |
| 676 | | | |
| 677 | | | |
| 678 | | | *err = sync_interface_list_open(&msg); |
| 679 | | | if (*err != 0) { |
Event 2:
Skipping " if". *err != 0 evaluates to false.
hide
|
|
| 680 | | | g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface List failed!"); |
| 681 | | | if (err_str) { |
| 682 | | | *err_str = msg; |
| 683 | | | } else { |
| 684 | | | g_free(msg); |
| 685 | | | } |
| 686 | | | return NULL; |
| 687 | | | } |
| 688 | | | |
| 689 | | | |
| 690 | | | #ifdef _WIN32 |
| 691 | | | raw_list = g_strsplit(msg, "\r\n", 0); |
| 692 | | | #else |
| 693 | | | raw_list = g_strsplit(msg, "\n", 0); |
| 694 | | | #endif |
| 695 | | | g_free(msg); |
| 696 | | | |
| 697 | | | for (i = 0; raw_list[i] != NULL; i++) { |
Event 5:
Entering loop body. raw_list[i] != (void *)0 evaluates to true.
hide
|
|
| 698 | | | if_parts = g_strsplit(raw_list[i], "\t", 4); |
| 699 | | | if (if_parts[0] == NULL || if_parts[1] == NULL || if_parts[2] == NULL || |
Event 7:
Skipping " if". - if_parts[0] == (void *)0 evaluates to false.
- if_parts[1] == (void *)0 evaluates to false.
- if_parts[2] == (void *)0 evaluates to false.
- if_parts[3] == (void *)0 evaluates to false.
hide
|
|
| 700 | | | if_parts[3] == NULL) { |
| 701 | | | g_strfreev(if_parts); |
| 702 | | | continue; |
| 703 | | | } |
| 704 | | | |
| 705 | | | |
| 706 | | | name = strchr(if_parts[0], ' '); |
| 707 | | | if (name) { |
Event 8:
Taking true branch. name evaluates to true.
hide
|
|
| 708 | | | name++; |
| 709 | | | } else { |
| 710 | | | g_strfreev(if_parts); |
| 711 | | | continue; |
| 712 | | | } |
| 713 | | | |
| 714 | | | if_info = g_malloc0(sizeof(if_info_t)); |
| 715 | | | if_info->name = g_strdup(name); |
| 716 | | | if (strlen(if_parts[1]) > 0) |
Event 11:
Skipping " if". strlen(if_parts[1]) > 0 evaluates to false.
hide
|
|
| 717 | | | if_info->description = g_strdup(if_parts[1]); |
| 718 | | | addr_parts = g_strsplit(if_parts[2], ",", 0); |
| 719 | | | for (j = 0; addr_parts[j] != NULL; j++) { |
Event 13:
Entering loop body. addr_parts[j] != (void *)0 evaluates to true.
hide
|
|
| 720 | | | if_addr = g_malloc0(sizeof(if_addr_t)); |
| 721 | | | if (inet_pton(AF_INET, addr_parts[j], &if_addr->ip_addr.ip4_addr)) {
x /usr/include/bits/socket.h |
| |
78 | #define PF_INET 2 /* IP protocol family. */ |
| |
|
Event 15:
Taking true branch. inet_pton(...) evaluates to true.
hide
|
|
| 722 | | | if_addr->type = AT_IPv4; |
| 723 | | | } else if (inet_pton(AF_INET6, addr_parts[j],
x /usr/include/bits/socket.h |
| |
86 | #define PF_INET6 10 /* IP version 6. */ |
| |
|
| 724 | | | &if_addr->ip_addr.ip6_addr)) { |
| 725 | | | if_addr->type = AT_IPv6; |
| 726 | | | } else { |
| 727 | | | g_free(if_addr); |
| 728 | | | if_addr = NULL; |
| 729 | | | } |
| 730 | | | if (if_addr) { |
Null Test After Dereference
This code tests the nullness of if_addr, which has already been dereferenced. - If if_addr were null, there would have been a prior null pointer dereference at capture.c:722, and potentially at other locations as well.
- Either this test is redundant, or the earlier dereference(s) should be guarded by a similar test.
The issue can occur if the highlighted code executes. See related event 16. Show: All events | Only primary events |
|
| 731 | | | if_info->ip_addr = g_slist_append(if_info->ip_addr, if_addr); |
| 732 | | | } |
| 733 | | | } |
| 734 | | | if (strcmp(if_parts[3], "loopback") == 0) |
| 735 | | | if_info->loopback = TRUE; |
| 736 | | | g_strfreev(if_parts); |
| 737 | | | g_strfreev(addr_parts); |
| 738 | | | if_list = g_list_append(if_list, if_info); |
| 739 | | | } |
| 740 | | | g_strfreev(raw_list); |
| 741 | | | |
| 742 | | | |
| 743 | | | if (if_list == NULL) { |
| 744 | | | *err = NO_INTERFACES_FOUND; |
| 745 | | | if (err_str) |
| 746 | | | *err_str = g_strdup("No interfaces found"); |
| 747 | | | } |
| 748 | | | return if_list; |
| 749 | | | } |
| |