(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-dcerpc.c) |
| |
| 581 | | | static void dissect_auth_verf(tvbuff_t *auth_tvb, packet_info *pinfo, |
| 582 | | | proto_tree *tree, |
| 583 | | | dcerpc_auth_subdissector_fns *auth_fns, |
| 584 | | | e_dce_cn_common_hdr_t *hdr, |
| 585 | | | dcerpc_auth_info *auth_info) |
| 586 | | | { |
| 587 | | | dcerpc_dissect_fnct_t *volatile fn = NULL; |
Event 1:
fn is set to NULL. - Dereferenced later, causing the null pointer dereference.
hide
|
|
| 588 | | | |
| 589 | | | switch (hdr->ptype) { |
Event 2:
Executing default case.
hide
|
|
| 590 | | | case PDU_BIND: |
| 591 | | | case PDU_ALTER: |
| 592 | | | fn = auth_fns->bind_fn; |
| 593 | | | break; |
| 594 | | | case PDU_BIND_ACK: |
| 595 | | | case PDU_ALTER_ACK: |
| 596 | | | fn = auth_fns->bind_ack_fn; |
| 597 | | | break; |
| 598 | | | case PDU_AUTH3: |
| 599 | | | fn = auth_fns->auth3_fn; |
| 600 | | | break; |
| 601 | | | case PDU_REQ: |
| 602 | | | fn = auth_fns->req_verf_fn; |
| 603 | | | break; |
| 604 | | | case PDU_RESP: |
| 605 | | | fn = auth_fns->resp_verf_fn; |
| 606 | | | break; |
| 607 | | | |
| 608 | | | |
| 609 | | | |
| 610 | | | |
| 611 | | | default: |
| 612 | | | g_warning("attempt to dissect %s pdu authentication data",
x /usr/include/glib-2.0/glib/gmessages.h |
| |
153 | #define g_warning(...) g_log (G_LOG_DOMAIN, \ |
154 | G_LOG_LEVEL_WARNING, \ |
155 | __VA_ARGS__) |
| |
|
| 613 | | | val_to_str(hdr->ptype, pckt_vals, "Unknown (%u)")); |
| 614 | | | break; |
| 615 | | | } |
| 616 | | | |
| 617 | | | if (fn) |
Event 4:
Taking true branch. fn evaluates to true.
hide
|
|
| 618 | | | fn(auth_tvb, 0, pinfo, tree, hdr->drep); |
Null Pointer Dereference
fn is dereferenced here, but it is NULL. The issue can occur if the highlighted code executes. See related event 1. Show: All events | Only primary events |
|
| |