(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-ldap.c) |
| |
| 606 | | | dissect_ldap_AssertionValue(gboolean implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_, proto_tree *tree, int hf_index) |
| 607 | | | { |
| 608 | | | gint8 class; |
| 609 | | | gboolean pc, ind, is_ascii; |
| 610 | | | gint32 tag; |
| 611 | | | guint32 len, i; |
| 612 | | | const guchar *str; |
| 613 | | | |
| 614 | | | if(!implicit_tag){ |
Event 1:
Taking false branch. implicit_tag evaluates to true.
hide
|
|
| 615 | | | offset=get_ber_identifier(tvb, offset, &class, &pc, &tag); |
| 616 | | | offset=get_ber_length(tvb, offset, &len, &ind); |
| 617 | | | } else { |
| 618 | [+] | | len=tvb_length_remaining(tvb,offset); |
 |
| 619 | | | } |
| 620 | | | |
| 621 | | | if(len==0){ |
Event 7:
Skipping " if". len == 0 evaluates to false.
hide
|
|
| 622 | | | return offset; |
| 623 | | | } |
| 624 | | | |
| 625 | | | |
| 626 | | | |
| 627 | | | |
| 628 | | | |
| 629 | | | |
| 630 | | | |
| 631 | | | |
| 632 | | | |
| 633 | | | |
| 634 | | | if(attributedesc_string && !strncmp("DomainSid", attributedesc_string, 9)){ |
Event 8:
Taking false branch. attributedesc_string evaluates to false.
hide
|
|
| 635 | | | tvbuff_t *sid_tvb; |
| 636 | | | char *tmpstr; |
| 637 | | | |
| 638 | | | |
| 639 | | | sid_tvb=tvb_new_subset(tvb, offset, len, len); |
| 640 | | | dissect_nt_sid(sid_tvb, 0, tree, "SID", &tmpstr, hf_index); |
| 641 | | | ldapvalue_string=tmpstr; |
| 642 | | | |
| 643 | | | goto finished; |
| 644 | | | } else if ( (len==16) |
Event 9:
Taking false branch. len == 16 evaluates to false.
hide
|
|
| 645 | | | && (attributedesc_string && !strncmp("DomainGuid", attributedesc_string, 10))) { |
| 646 | | | guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; |
| 647 | | | e_uuid_t uuid; |
| 648 | | | |
| 649 | | | |
| 650 | | | dissect_dcerpc_uuid_t(tvb, offset, actx->pinfo, tree, drep, hf_ldap_guid, &uuid); |
| 651 | | | |
| 652 | | | ldapvalue_string=ep_alloc(1024); |
| 653 | | | g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", |
| 654 | | | uuid.Data1, uuid.Data2, uuid.Data3, |
| 655 | | | uuid.Data4[0], uuid.Data4[1], |
| 656 | | | uuid.Data4[2], uuid.Data4[3], |
| 657 | | | uuid.Data4[4], uuid.Data4[5], |
| 658 | | | uuid.Data4[6], uuid.Data4[7]); |
| 659 | | | |
| 660 | | | goto finished; |
| 661 | | | } else if (attributedesc_string && !strncmp("NtVer", attributedesc_string, 5)){ |
Event 10:
Skipping " if". attributedesc_string evaluates to false.
hide
|
|
| 662 | | | guint32 flags; |
| 663 | | | |
| 664 | | | len = 0; |
| 665 | | | |
| 666 | | | flags=tvb_get_letohl(tvb, offset); |
| 667 | | | |
| 668 | | | ldapvalue_string=ep_alloc(1024); |
| 669 | | | g_snprintf(ldapvalue_string, 1023, "0x%08x",flags); |
| 670 | | | |
| 671 | | | |
| 672 | | | offset = dissect_mscldap_ntver_flags(tree, tvb, offset); |
| 673 | | | |
| 674 | | | goto finished; |
| 675 | | | |
| 676 | | | |
| 677 | | | } |
| 678 | | | |
| 679 | | | |
| 680 | | | |
| 681 | | | |
| 682 | | | |
| 683 | | | |
| 684 | | | |
| 685 | | | |
| 686 | | | |
| 687 | | | |
| 688 | | | |
| 689 | | | |
| 690 | | | |
| 691 | | | str=tvb_get_ptr(tvb, offset, len); |
| 692 | | | is_ascii=TRUE; |
Event 11:
!0 evaluates to true.
hide
|
|
| 693 | | | for(i=0;i<len;i++){ |
Event 12:
Leaving loop. i < len evaluates to false.
hide
|
|
| 694 | | | if(!isascii(str[i]) || !isprint(str[i])){ |
| 695 | | | is_ascii=FALSE; |
| 696 | | | break; |
| 697 | | | } |
| 698 | | | } |
| 699 | | | |
| 700 | | | |
| 701 | | | if(is_ascii){ |
Event 13:
Taking true branch. is_ascii evaluates to true.
hide
|
|
| 702 | | | ldapvalue_string=ep_alloc(len+1); |
| 703 | | | memcpy(ldapvalue_string,str,len); |
Event 14:
len, which evaluates to -1, is passed to memcpy() as the third argument. See related event 6.
hide
Unreasonable Size Argument
The size argument to memcpy() has an unreasonable value. - The size argument is len, which evaluates to -1.
- A size argument is considered unreasonable if it is negative or very large.
The issue can occur if the highlighted code executes. See related event 14. Show: All events | Only primary events |
|
| |