(/home/sate/Testcases/c/cve/wireshark-1.2.0/disabled_protos.c) |
| |
| 331 | | | save_disabled_protos_list(char **pref_path_return, int *errno_return) |
| 332 | | | { |
| 333 | | | gchar *ff_path, *ff_path_new; |
| 334 | | | FILE *ff; |
| 335 | | | gint i; |
| 336 | | | protocol_t *protocol; |
| 337 | | | void *cookie; |
| 338 | | | |
| 339 | | | *pref_path_return = NULL; |
| 340 | | | |
| 341 | | | ff_path = get_persconffile_path(PROTOCOLS_FILE_NAME, TRUE, TRUE); |
Event 1:
!0 evaluates to true.
hide
Event 2:
!0 evaluates to true.
hide
|
|
| 342 | | | |
| 343 | | | |
| 344 | | | |
| 345 | | | |
| 346 | | | ff_path_new = g_strdup_printf("%s.new", ff_path); |
| 347 | | | |
| 348 | | | if ((ff = ws_fopen(ff_path_new, "w")) == NULL) { |
Event 5:
ff_path_new, which evaluates to g_strdup_printf(...) from disabled_protos.c:346, is passed to fopen() as the first argument. See related event 4.
hide
Event 6:
fopen() accesses the file named ff_path_new, where ff_path_new is g_strdup_printf(...) from disabled_protos.c:346. - The same name is used to access a file later, but it is not safe to assume that it will be the same underlying file.
See related event 5.
hide
Event 7:
Skipping " if". (ff = fopen(...)) == (void *)0 evaluates to false.
hide
|
|
| 349 | | | *pref_path_return = ff_path; |
| 350 | | | *errno_return = errno; |
| 351 | | | g_free(ff_path_new); |
| 352 | | | return; |
| 353 | | | } |
| 354 | | | |
| 355 | | | |
| 356 | | | |
| 357 | [+] | | for (i = proto_get_first_protocol(&cookie); i != -1; |
 |
| 358 | | | i = proto_get_next_protocol(&cookie)) { |
| 359 | | | |
| 360 | | | if (!proto_can_toggle_protocol(i)) { |
| 361 | | | continue; |
| 362 | | | } |
| 363 | | | |
| 364 | | | protocol = find_protocol_by_id(i); |
| 365 | | | if (proto_is_protocol_enabled(protocol)) { |
| 366 | | | continue; |
| 367 | | | } |
| 368 | | | |
| 369 | | | |
| 370 | | | fprintf(ff, "%s\n", proto_get_protocol_filter_name(i)); |
| 371 | | | } |
| 372 | | | |
| 373 | | | if (fclose(ff) == EOF) { |
Event 10:
Skipping " if". fclose(ff) == -1 evaluates to false.
hide
|
|
| 374 | | | *pref_path_return = ff_path; |
| 375 | | | *errno_return = errno; |
| 376 | | | ws_unlink(ff_path_new); |
| 377 | | | g_free(ff_path_new); |
| 378 | | | return; |
| 379 | | | } |
| 380 | | | |
| 381 | | | #ifdef _WIN32 |
| 382 | | | |
| 383 | | | |
| 384 | | | |
| 385 | | | |
| 386 | | | if (ws_remove(ff_path) < 0 && errno != ENOENT) { |
| 387 | | | |
| 388 | | | |
| 389 | | | |
| 390 | | | *pref_path_return = ff_path; |
| 391 | | | *errno_return = errno; |
| 392 | | | ws_unlink(ff_path_new); |
| 393 | | | g_free(ff_path_new); |
| 394 | | | return; |
| 395 | | | } |
| 396 | | | #endif |
| 397 | | | |
| 398 | | | if (ws_rename(ff_path_new, ff_path) < 0) { |
Event 11:
ff_path_new, which evaluates to g_strdup_printf(...) from disabled_protos.c:346, is passed to rename() as the first argument. See related events 4 and 5.
hide
File System Race Condition
The file named ff_path_new is accessed again. Another process may have changed the file since the access at disabled_protos.c:348. For example, an attacker could replace the original file with a link to a file containing important or confidential data. The issue can occur if the highlighted code executes. See related events 6 and 11. Show: All events | Only primary events |
|
| |