(/home/sate/Testcases/c/cve/wireshark-1.2.0/file.c) |
| |
| 3516 | | | cf_save(capture_file *cf, const char *fname, packet_range_t *range, guint save_format, gboolean compressed) |
| 3517 | | | { |
| 3518 | | | gchar *from_filename; |
| 3519 | | | int err; |
| 3520 | | | gboolean do_copy; |
| 3521 | | | wtap_dumper *pdh; |
| 3522 | | | save_callback_args_t callback_args; |
| 3523 | | | |
| 3524 | | | cf_callback_invoke(cf_cb_file_safe_started, (gpointer) fname); |
| 3525 | | | |
| 3526 | | | |
| 3527 | | | |
| 3528 | [+] | | if (file_exists(fname)) { |
Event 1:
fname is passed to file_exists().
hide
|
|
 |
| 3529 | | | simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, |
| 3530 | | | "%sCapture file: \"%s\" already exists!%s\n\n" |
| 3531 | | | "Please choose a different filename.", |
| 3532 | | | simple_dialog_primary_start(), fname, simple_dialog_primary_end()); |
| 3533 | | | goto fail; |
| 3534 | | | } |
| 3535 | | | |
| 3536 | | | packet_range_process_init(range); |
| 3537 | | | |
| 3538 | | | |
| 3539 | [+] | | if (packet_range_process_all(range) && save_format == cf->cd_t) { |
 |
| 3540 | | | |
| 3541 | | | |
| 3542 | | | |
| 3543 | | | if (cf->is_tempfile) { |
Event 10:
Taking true branch. cf->is_tempfile evaluates to true.
hide
|
|
| 3544 | | | |
| 3545 | | | |
| 3546 | | | |
| 3547 | | | #ifndef _WIN32 |
| 3548 | | | if (ws_rename(cf->filename, fname) == 0) { |
Event 11:
fname is passed to rename() as the second argument.
hide
File System Race Condition
The file named fname is accessed again. Another process may have changed the file since the access at filesystem.c:1522. For example, an attacker could replace the original file with a link to a file containing important or confidential data. The issue can occur if the highlighted code executes. See related events 4 and 11. Show: All events | Only primary events |
|
| |