(/home/sate/Testcases/c/cve/wireshark-1.2.0/gtk/firewall_dlg.c) |
| |
| 746 | | | firewall_save_as_ok_cb(GtkWidget * w _U_, gpointer fs) |
| 747 | | | { |
| 748 | | | gchar *to_name, *rule; |
| 749 | | | rule_info_t *rule_info; |
| 750 | | | FILE *fh; |
| 751 | | | gchar *dirname; |
| 752 | | | |
| 753 | | | GtkTextIter start, end; |
| 754 | | | GtkTextBuffer *buf; |
| 755 | | | |
| 756 | | | to_name = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(fs));
x /usr/include/gtk-2.0/gtk/gtkfilechooser.h |
| |
34 | #define GTK_FILE_CHOOSER(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GTK_TYPE_FILE_CHOOSER, GtkFileChooser)) |
| |
x /usr/include/glib-2.0/gobject/gtype.h |
| |
482 | #define G_TYPE_CHECK_INSTANCE_CAST(instance, g_type, c_type) (_G_TYPE_CIC ((instance), (g_type), c_type)) |
| |
x /usr/include/glib-2.0/gobject/gtype.h |
| |
1678 | # define _G_TYPE_CIC(ip, gt, ct) \ |
1679 | ((ct*) g_type_check_instance_cast ((GTypeInstance*) ip, gt)) |
| |
x /usr/include/gtk-2.0/gtk/gtkfilechooser.h |
| |
33 | #define GTK_TYPE_FILE_CHOOSER (gtk_file_chooser_get_type ()) |
| |
|
| 757 | | | |
| 758 | | | |
| 759 | | | |
| 760 | [+] | | if (test_for_directory(to_name) == EISDIR) {
x /usr/include/asm-generic/errno-base.h |
| |
24 | #define EISDIR 21 /* Is a directory */ |
| |
|
Event 5:
to_name, which evaluates to gtk_file_chooser_get_filename(...) from firewall_dlg.c:756, is passed to test_for_directory(). See related event 4.
hide
|
|
 |
| 761 | | | |
| 762 | | | |
| 763 | | | set_last_open_dir(to_name); |
| 764 | | | g_free(to_name); |
| 765 | | | file_selection_set_current_folder(fs, get_last_open_dir()); |
| 766 | | | gtk_file_chooser_set_current_name(fs, ""); |
| 767 | | | return FALSE; |
| 768 | | | } |
| 769 | | | |
| 770 | | | rule_info = g_object_get_data(G_OBJECT(fs), WS_RULE_INFO_KEY);
x /usr/include/glib-2.0/gobject/gobject.h |
| |
52 | #define G_OBJECT(object) (G_TYPE_CHECK_INSTANCE_CAST ((object), G_TYPE_OBJECT, GObject)) |
| |
x /usr/include/glib-2.0/gobject/gtype.h |
| |
482 | #define G_TYPE_CHECK_INSTANCE_CAST(instance, g_type, c_type) (_G_TYPE_CIC ((instance), (g_type), c_type)) |
| |
x /usr/include/glib-2.0/gobject/gtype.h |
| |
1678 | # define _G_TYPE_CIC(ip, gt, ct) \ |
1679 | ((ct*) g_type_check_instance_cast ((GTypeInstance*) ip, gt)) |
| |
x /usr/include/glib-2.0/gobject/gtype.h |
| |
181 | #define G_TYPE_OBJECT G_TYPE_MAKE_FUNDAMENTAL (20) |
| |
x /usr/include/glib-2.0/gobject/gtype.h |
| |
222 | #define G_TYPE_MAKE_FUNDAMENTAL(x) ((GType) ((x) << G_TYPE_FUNDAMENTAL_SHIFT)) |
| |
|
| 771 | | | fh = ws_fopen(to_name, "w"); |
Event 13:
to_name, which evaluates to gtk_file_chooser_get_filename(...) from firewall_dlg.c:756, is passed to fopen() as the first argument. See related events 4 and 7.
hide
File System Race Condition
The file named to_name is accessed again. Another process may have changed the file since the access at filesystem.c:215. For example, an attacker could replace the original file with a link to a file containing important or confidential data. The issue can occur if the highlighted code executes. See related events 8 and 13. Show: All events | Only primary events |
|
| |