(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-dcom-remunkn.c) |
| |
| 137 | | | dissect_remunk_remqueryinterface_resp(tvbuff_t *tvb, int offset, |
| 138 | | | packet_info *pinfo, proto_tree *tree, guint8 *drep) |
| 139 | | | { |
| 140 | | | guint32 u32Pointer; |
| 141 | | | guint32 u32ArraySize; |
| 142 | | | guint32 u32ItemIdx; |
| 143 | | | proto_item *sub_item; |
| 144 | | | proto_tree *sub_tree; |
| 145 | | | guint32 u32HResult; |
| 146 | | | guint32 u32SubStart; |
| 147 | | | e_uuid_t iid; |
| 148 | | | e_uuid_t iid_null = DCERPC_UUID_NULL;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-dcerpc.h |
| |
38 | #define DCERPC_UUID_NULL { 0,0,0, {0,0,0,0,0,0,0,0} } |
| |
|
| 149 | | | dcerpc_info *info = (dcerpc_info *) pinfo->private_data; |
| 150 | | | remunk_remqueryinterface_call_t *call = info->call_data->private_data; |
| 151 | | | guint64 oxid; |
| 152 | | | guint64 oid; |
| 153 | | | e_uuid_t ipid; |
| 154 | | | dcom_interface_t *dcom_if; |
| 155 | | | |
| 156 | | | |
| 157 | | | offset = dissect_dcom_that(tvb, offset, pinfo, tree, drep); |
| 158 | | | |
| 159 | | | offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep, |
| 160 | | | &u32Pointer); |
| 161 | | | offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep, |
| 162 | | | &u32ArraySize); |
| 163 | | | |
| 164 | | | u32ItemIdx = 1; |
| 165 | | | while (u32ArraySize--) { |
Event 1:
Entering loop body. u32ArraySize-- evaluates to true.
hide
|
|
| 166 | | | |
| 167 | | | sub_item = proto_tree_add_item(tree, hf_remunk_qiresult, tvb, offset, 0, FALSE); |
| 168 | | | sub_tree = proto_item_add_subtree(sub_item, ett_remunk_rqi_result); |
| 169 | | | |
| 170 | | | |
| 171 | | | offset = dissect_dcom_HRESULT(tvb, offset, pinfo, sub_tree, drep, |
| 172 | | | &u32HResult); |
| 173 | | | u32SubStart = offset - 4; |
| 174 | | | offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, sub_tree, drep, |
| 175 | | | &u32Pointer); |
| 176 | | | |
| 177 | | | |
| 178 | | | if(call != NULL && u32ItemIdx <= call->iid_count) { |
| 179 | | | iid = call->iids[u32ItemIdx-1]; |
| 180 | | | } else { |
| 181 | | | iid = iid_null; |
| 182 | | | } |
| 183 | | | |
| 184 | | | |
| 185 | | | |
| 186 | | | offset = dissect_dcom_STDOBJREF(tvb, offset, pinfo, sub_tree, drep, 0 , |
| 187 | [+] | | &oxid, &oid, &ipid); |
Event 3:
dissect_dcom_STDOBJREF() does not initialize oid. - This may be because of a failure case or other special case for dissect_dcom_STDOBJREF().
hide
|
|
 |
| 188 | | | |
| 189 | | | |
| 190 | | | |
| 191 | | | if(pinfo->net_src.type == AT_IPv4) { |
Event 6:
Taking true branch. pinfo->net_src.type == AT_IPv4 evaluates to true.
hide
|
|
| 192 | | | dcom_if = dcom_interface_new(pinfo, |
| 193 | | | pinfo->net_src.data, |
| 194 | | | &iid, oxid, oid, &ipid); |
Uninitialized Variable
oid was not initialized. The issue can occur if the highlighted code executes. See related events 3 and 4. Show: All events | Only primary events |
|
| |