(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-isakmp.c) |
| |
| 508 | | | static tvbuff_t * |
| 509 | | | decrypt_payload(tvbuff_t *tvb, packet_info *pinfo, const guint8 *buf, guint buf_len, isakmp_hdr_t *hdr) { |
| 510 | | | decrypt_data_t *decr = (decrypt_data_t *) pinfo->private_data; |
| 511 | | | gchar *decrypted_data = NULL; |
| 512 | | | gint gcry_md_algo, gcry_cipher_algo; |
| 513 | | | gcry_md_hd_t md_ctx; |
| 514 | | | gcry_cipher_hd_t decr_ctx; |
| 515 | | | tvbuff_t *encr_tvb; |
| 516 | | | iv_data_t *ivd = NULL; |
| 517 | | | GList *ivl; |
| 518 | | | guchar iv[MAX_DIGEST_SIZE]; |
| 519 | | | guint iv_len = 0; |
| 520 | | | guint32 message_id, cbc_block_size, digest_size; |
| 521 | | | |
| 522 | | | if (!decr || |
| 523 | | | decr->is_psk == FALSE || |
| 524 | | | decr->gi_len == 0 || |
| 525 | | | decr->gr_len == 0) |
| 526 | | | return NULL; |
| 527 | | | |
| 528 | | | switch(decr->encr_alg) { |
| 529 | | | case ENC_3DES_CBC: |
| 530 | | | gcry_cipher_algo = GCRY_CIPHER_3DES; |
| 531 | | | break; |
| 532 | | | case ENC_DES_CBC: |
| 533 | | | gcry_cipher_algo = GCRY_CIPHER_DES; |
| 534 | | | break; |
| 535 | | | default: |
| 536 | | | return NULL; |
| 537 | | | break; |
Unreachable Control Flow
The highlighted code will not execute under any circumstances. This may be because of: |
|
| 538 | | | } |
| 539 | | | if (decr->secret_len < gcry_cipher_get_algo_keylen(gcry_cipher_algo)) |
| 540 | | | return NULL; |
| 541 | | | cbc_block_size = gcry_cipher_get_algo_blklen(gcry_cipher_algo); |
| 542 | | | |
| 543 | | | switch(decr->hash_alg) { |
| 544 | | | case HMAC_MD5: |
| 545 | | | gcry_md_algo = GCRY_MD_MD5; |
| 546 | | | break; |
| 547 | | | case HMAC_SHA: |
| 548 | | | gcry_md_algo = GCRY_MD_SHA1; |
| 549 | | | break; |
| 550 | | | default: |
| 551 | | | return NULL; |
| 552 | | | break; |
| 553 | | | } |
| 554 | | | digest_size = gcry_md_get_algo_dlen(gcry_md_algo); |
| 555 | | | |
| 556 | | | for (ivl = g_list_first(decr->iv_list); ivl != NULL; ivl = g_list_next(ivl)) {
x /usr/include/glib-2.0/glib/glist.h |
| |
113 | #define g_list_next(list) ((list) ? (((GList *)(list))->next) : NULL) |
| |
|
| 557 | | | ivd = (iv_data_t *) ivl->data; |
| 558 | | | if (ivd->frame_num == pinfo->fd->num) { |
| 559 | | | iv_len = ivd->iv_len; |
| 560 | | | memcpy(iv, ivd->iv, iv_len); |
| 561 | | | } |
| 562 | | | } |
| 563 | | | |
| 564 | | | |
| 565 | | | |
| 566 | | | |
| 567 | | | |
| 568 | | | |
| 569 | | | |
| 570 | | | |
| 571 | | | |
| 572 | | | if (iv_len == 0) { |
| 573 | | | if (gcry_md_open(&md_ctx, gcry_md_algo, 0) != GPG_ERR_NO_ERROR) |
| 574 | | | return NULL; |
| 575 | | | if (decr->iv_list == NULL) { |
| 576 | | | |
| 577 | | | ivd = g_malloc(sizeof(iv_data_t)); |
| 578 | | | ivd->frame_num = pinfo->fd->num; |
| 579 | | | ivd->iv_len = digest_size; |
| 580 | | | decr->last_message_id = hdr->message_id; |
| 581 | | | gcry_md_reset(md_ctx); |
| 582 | | | gcry_md_write(md_ctx, decr->gi, decr->gi_len); |
| 583 | | | gcry_md_write(md_ctx, decr->gr, decr->gr_len); |
| 584 | | | gcry_md_final(md_ctx);
x /usr/include/gcrypt.h |
| |
1206 | #define gcry_md_final(a) \ |
1207 | gcry_md_ctl ((a), GCRYCTL_FINALIZE, NULL, 0) |
| |
|
| 585 | | | memcpy(ivd->iv, gcry_md_read(md_ctx, gcry_md_algo), digest_size); |
| 586 | | | decr->iv_list = g_list_append(decr->iv_list, ivd); |
| 587 | | | iv_len = ivd->iv_len; |
| 588 | | | memcpy(iv, ivd->iv, iv_len); |
| 589 | | | } else if (decr->last_cbc_len >= cbc_block_size) { |
| 590 | | | ivd = g_malloc(sizeof(iv_data_t)); |
| 591 | | | ivd->frame_num = pinfo->fd->num; |
| 592 | | | if (hdr->message_id != decr->last_message_id) { |
| 593 | | | if (decr->last_p1_cbc_len == 0) { |
| 594 | | | memcpy(decr->last_p1_cbc, decr->last_cbc, cbc_block_size); |
| 595 | | | decr->last_p1_cbc_len = cbc_block_size; |
| 596 | | | } |
| 597 | | | ivd->iv_len = digest_size; |
| 598 | | | decr->last_message_id = hdr->message_id; |
| 599 | | | message_id = g_htonl(decr->last_message_id);
x /usr/include/glib-2.0/glib/gtypes.h |
| |
349 | #define g_htonl(val) (GUINT32_TO_BE (val)) |
| |
x /usr/lib/i386-linux-gnu/glib-2.0/include/glibconfig.h |
| |
196 | #define GUINT32_TO_BE(val) (GUINT32_SWAP_LE_BE (val)) |
| |
x /usr/include/glib-2.0/glib/gtypes.h |
| |
229 | # define GUINT32_SWAP_LE_BE(val) (GUINT32_SWAP_LE_BE_IA32 (val)) |
| |
x /usr/include/glib-2.0/glib/gtypes.h |
| |
203 | # define GUINT32_SWAP_LE_BE_IA32(val) \ |
204 | (__extension__ \ |
205 | ({ register guint32 __v, __x = ((guint32) (val)); \ |
206 | if (__builtin_constant_p (__x)) \ |
207 | __v = GUINT32_SWAP_LE_BE_CONSTANT (__x); \ |
208 | else \ |
209 | __asm__ ("bswap %0" \ |
210 | : "=r" (__v) \ |
211 | : "0" (__x)); \ |
212 | __v; })) |
| |
x /usr/include/glib-2.0/glib/gtypes.h |
| |
147 | #define GUINT32_SWAP_LE_BE_CONSTANT(val) ((guint32) ( \ |
148 | (((guint32) (val) & (guint32) 0x000000ffU) << 24) | \ |
149 | (((guint32) (val) & (guint32) 0x0000ff00U) << 8) | \ |
150 | (((guint32) (val) & (guint32) 0x00ff0000U) >> 8) | \ |
151 | (((guint32) (val) & (guint32) 0xff000000U) >> 24))) |
| |
|
| 600 | | | gcry_md_reset(md_ctx); |
| 601 | | | gcry_md_write(md_ctx, decr->last_p1_cbc, cbc_block_size); |
| 602 | | | gcry_md_write(md_ctx, &message_id, sizeof(message_id)); |
| 603 | | | memcpy(ivd->iv, gcry_md_read(md_ctx, gcry_md_algo), digest_size); |
| 604 | | | } else { |
| 605 | | | ivd->iv_len = cbc_block_size; |
| 606 | | | memcpy(ivd->iv, decr->last_cbc, ivd->iv_len); |
| 607 | | | } |
| 608 | | | decr->iv_list = g_list_append(decr->iv_list, ivd); |
| 609 | | | iv_len = ivd->iv_len; |
| 610 | | | memcpy(iv, ivd->iv, iv_len); |
| 611 | | | } |
| 612 | | | gcry_md_close(md_ctx); |
| 613 | | | } |
| 614 | | | |
| 615 | | | if (ivd == NULL) return NULL; |
| 616 | | | |
| 617 | | | if (gcry_cipher_open(&decr_ctx, gcry_cipher_algo, GCRY_CIPHER_MODE_CBC, 0) != GPG_ERR_NO_ERROR) |
| 618 | | | return NULL; |
| 619 | | | if (iv_len > cbc_block_size) |
| 620 | | | iv_len = cbc_block_size; |
| 621 | | | if (gcry_cipher_setiv(decr_ctx, iv, iv_len)) |
| 622 | | | return NULL; |
| 623 | | | if (gcry_cipher_setkey(decr_ctx, decr->secret, decr->secret_len)) |
| 624 | | | return NULL; |
| 625 | | | |
| 626 | | | decrypted_data = g_malloc(buf_len); |
| 627 | | | |
| 628 | | | if (gcry_cipher_decrypt(decr_ctx, decrypted_data, buf_len, buf, buf_len) != GPG_ERR_NO_ERROR) { |
| 629 | | | g_free(decrypted_data); |
| 630 | | | return NULL; |
| 631 | | | } |
| 632 | | | gcry_cipher_close(decr_ctx); |
| 633 | | | |
| 634 | | | encr_tvb = tvb_new_child_real_data(tvb, decrypted_data, buf_len, buf_len); |
| 635 | | | |
| 636 | | | |
| 637 | | | add_new_data_source(pinfo, encr_tvb, "Decrypted IKE"); |
| 638 | | | |
| 639 | | | |
| 640 | | | if (tvb_length(tvb) > cbc_block_size) { |
| 641 | | | decr->last_cbc_len = cbc_block_size; |
| 642 | | | memcpy(decr->last_cbc, buf + buf_len - cbc_block_size, cbc_block_size); |
| 643 | | | } else { |
| 644 | | | decr->last_cbc_len = 0; |
| 645 | | | } |
| 646 | | | |
| 647 | | | return encr_tvb; |
| 648 | | | } |
| |