(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-dcerpc.c) |
| |
| 2113 | | | show_stub_data (tvbuff_t *tvb, gint offset, proto_tree *dcerpc_tree, |
| 2114 | | | dcerpc_auth_info *auth_info, gboolean is_encrypted) |
| 2115 | | | { |
| 2116 | | | int length, plain_length, auth_pad_len; |
| 2117 | | | guint auth_pad_offset; |
| 2118 | | | |
| 2119 | | | |
| 2120 | | | |
| 2121 | | | |
| 2122 | | | |
| 2123 | | | |
| 2124 | | | |
| 2125 | | | if (tvb_length_remaining (tvb, offset) > 0) { |
Event 1:
Taking true branch. tvb_length_remaining(...) > 0 evaluates to true.
hide
|
|
| 2126 | | | auth_pad_len = auth_info?auth_info->auth_pad_len:0; |
Event 2:
auth_info evaluates to true.
hide
|
|
| 2127 | | | length = tvb_reported_length_remaining (tvb, offset); |
| 2128 | | | |
| 2129 | | | |
| 2130 | | | plain_length = length - auth_pad_len; |
| 2131 | | | if (plain_length < 1) { |
Event 4:
Skipping " if". plain_length < 1 evaluates to false.
hide
|
|
| 2132 | | | plain_length = length; |
| 2133 | | | auth_pad_len = 0; |
| 2134 | | | } |
| 2135 | | | auth_pad_offset = offset + plain_length; |
| 2136 | | | |
| 2137 | | | if (auth_info != NULL && |
Null Test After Dereference
This code tests the nullness of auth_info, which has already been dereferenced. - If auth_info were null, there would have been a prior null pointer dereference at packet-dcerpc.c:2126, and potentially at other locations as well.
- Either this test is redundant, or the earlier dereference(s) should be guarded by a similar test.
The issue can occur if the highlighted code executes. See related event 3. Show: All events | Only primary events |
|
| 2138 | | | auth_info->auth_level == DCE_C_AUTHN_LEVEL_PKT_PRIVACY) { |
| 2139 | | | if (is_encrypted) { |
| 2140 | | | tvb_ensure_bytes_exist(tvb, offset, length); |
| 2141 | | | proto_tree_add_text(dcerpc_tree, tvb, offset, length, |
| 2142 | | | "Encrypted stub data (%d byte%s)", |
| 2143 | | | length, plurality(length, "", "s")); |
| 2144 | | | |
| 2145 | | | auth_pad_len = 0; |
| 2146 | | | } else { |
| 2147 | | | tvb_ensure_bytes_exist(tvb, offset, plain_length); |
| 2148 | | | proto_tree_add_text(dcerpc_tree, tvb, offset, plain_length, |
| 2149 | | | "Decrypted stub data (%d byte%s)", |
| 2150 | | | plain_length, plurality(plain_length, "", "s")); |
| 2151 | | | } |
| 2152 | | | } else { |
| 2153 | | | tvb_ensure_bytes_exist(tvb, offset, plain_length); |
| 2154 | | | proto_tree_add_text (dcerpc_tree, tvb, offset, plain_length, |
| 2155 | | | "Stub data (%d byte%s)", plain_length, |
| 2156 | | | plurality(plain_length, "", "s")); |
| 2157 | | | } |
| 2158 | | | |
| 2159 | | | if (auth_pad_len != 0) { |
| 2160 | | | tvb_ensure_bytes_exist(tvb, auth_pad_offset, auth_pad_len); |
| 2161 | | | proto_tree_add_text (dcerpc_tree, tvb, auth_pad_offset, |
| 2162 | | | auth_pad_len, |
| 2163 | | | "Auth Padding (%u byte%s)", |
| 2164 | | | auth_pad_len, |
| 2165 | | | plurality(auth_pad_len, "", "s")); |
| 2166 | | | } |
| 2167 | | | } |
| 2168 | | | } |
| |