(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.c) |
| |
| 5539 | | | construct_match_selected_string(field_info *finfo, epan_dissect_t *edt, |
| 5540 | | | char **filter) |
| 5541 | | | { |
| 5542 | | | *hfinfo; |
| 5543 | | | int abbrev_len; |
| 5544 | | | char *ptr; |
| 5545 | | | int buf_len; |
| 5546 | | | const char *format; |
| 5547 | | | int dfilter_len, i; |
| 5548 | | | gint start, length, length_remaining; |
| 5549 | | | guint8 c; |
| 5550 | | | gchar is_signed_num = FALSE; |
| 5551 | | | |
| 5552 | | | hfinfo = finfo->hfinfo; |
| 5553 | | | DISSECTOR_ASSERT(hfinfo);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
117 | #define DISSECTOR_ASSERT(expression) \ |
118 | ((void) ((expression) ? (void)0 : \ |
119 | __DISSECTOR_ASSERT (expression, __FILE__, __LINE__))) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
138 | #define __DISSECTOR_ASSERT(expression, file, lineno) \ |
139 | (REPORT_DISSECTOR_BUG( \ |
140 | ep_strdup_printf("%s:%u: failed assertion \"%s\"", \ |
141 | file, lineno, __DISSECTOR_ASSERT_STRINGIFY(expression)))) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
106 | #define REPORT_DISSECTOR_BUG(message) \ |
107 | ((getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL) ? \ |
108 | abort() : \ |
109 | THROW_MESSAGE(DissectorError, message)) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
226 | #define THROW_MESSAGE(x, y) \ |
227 | except_throw(XCEPT_GROUP_WIRESHARK, (x), (y)) |
| |
|
| 5554 | | | abbrev_len = (int) strlen(hfinfo->abbrev); |
| 5555 | | | |
| 5556 | | | if (hfinfo->strings && (hfinfo->display & BASE_STRUCTURE_RESET) == BASE_NONE) { |
| 5557 | | | const gchar *str = NULL; |
| 5558 | | | |
| 5559 | | | switch(hfinfo->type) { |
| 5560 | | | |
| 5561 | | | case FT_INT8: |
| 5562 | | | case FT_INT16: |
| 5563 | | | case FT_INT24: |
| 5564 | | | case FT_INT32: |
| 5565 | | | if (hfinfo->display & BASE_RANGE_STRING) { |
| 5566 | | | str = match_strrval(fvalue_get_sinteger(&finfo->value), hfinfo->strings); |
| 5567 | | | } else { |
| 5568 | | | str = match_strval(fvalue_get_sinteger(&finfo->value), hfinfo->strings); |
| 5569 | | | } |
| 5570 | | | break; |
| 5571 | | | |
| 5572 | | | case FT_UINT8: |
| 5573 | | | case FT_UINT16: |
| 5574 | | | case FT_UINT24: |
| 5575 | | | case FT_UINT32: |
| 5576 | | | if (hfinfo->display & BASE_RANGE_STRING) { |
| 5577 | | | str = match_strrval(fvalue_get_uinteger(&finfo->value), hfinfo->strings); |
| 5578 | | | } else { |
| 5579 | | | str = match_strval(fvalue_get_uinteger(&finfo->value), hfinfo->strings); |
| 5580 | | | } |
| 5581 | | | break; |
| 5582 | | | |
| 5583 | | | default: |
| 5584 | | | break; |
| 5585 | | | } |
| 5586 | | | |
| 5587 | | | if (str != NULL && filter != NULL) { |
| 5588 | | | *filter = ep_strdup_printf("%s == \"%s\"", hfinfo->abbrev, str); |
| 5589 | | | return TRUE; |
| 5590 | | | } |
| 5591 | | | } |
| 5592 | | | |
| 5593 | | | |
| 5594 | | | |
| 5595 | | | |
| 5596 | | | |
| 5597 | | | |
| 5598 | | | |
| 5599 | | | |
| 5600 | | | |
| 5601 | | | |
| 5602 | | | |
| 5603 | | | |
| 5604 | | | |
| 5605 | | | |
| 5606 | | | |
| 5607 | | | |
| 5608 | | | |
| 5609 | | | |
| 5610 | | | |
| 5611 | | | |
| 5612 | | | |
| 5613 | | | switch(hfinfo->type) { |
| 5614 | | | |
| 5615 | | | case FT_INT8: |
| 5616 | | | case FT_INT16: |
| 5617 | | | case FT_INT24: |
| 5618 | | | case FT_INT32: |
| 5619 | | | is_signed_num = TRUE; |
| 5620 | | | case FT_UINT8: |
| 5621 | | | case FT_UINT16: |
| 5622 | | | case FT_UINT24: |
| 5623 | | | case FT_UINT32: |
| 5624 | | | case : |
| 5625 | | | if (filter != NULL) { |
| 5626 | | | format = hfinfo_numeric_format(hfinfo); |
| 5627 | | | if(is_signed_num) { |
| 5628 | | | *filter = ep_strdup_printf(format, |
| 5629 | | | hfinfo->abbrev, |
| 5630 | | | fvalue_get_sinteger(&finfo->value)); |
| 5631 | | | } else { |
| 5632 | | | *filter = ep_strdup_printf(format, |
| 5633 | | | hfinfo->abbrev, |
| 5634 | | | fvalue_get_uinteger(&finfo->value)); |
Format String
ep_strdup_printf() is being called with a format string that is not constant. The format string (first argument) may not match the other arguments to ep_strdup_printf(); this could lead to security or stability problems. ep_strdup_printf() is usually called with strings that look like format strings in this project. |
|
| 5635 | | | } |
| 5636 | | | } |
| 5637 | | | break; |
| 5638 | | | |
| 5639 | | | case FT_INT64: |
| 5640 | | | case FT_UINT64: |
| 5641 | | | if (filter != NULL) { |
| 5642 | | | format = hfinfo_numeric_format(hfinfo); |
| 5643 | | | *filter = ep_strdup_printf(format, |
| 5644 | | | hfinfo->abbrev, |
| 5645 | | | fvalue_get_integer64(&finfo->value)); |
| 5646 | | | } |
| 5647 | | | break; |
| 5648 | | | |
| 5649 | | | case FT_PROTOCOL: |
| 5650 | | | if (filter != NULL) |
| 5651 | | | *filter = ep_strdup(finfo->hfinfo->abbrev); |
| 5652 | | | break; |
| 5653 | | | |
| 5654 | | | case FT_NONE: |
| 5655 | | | case FT_PCRE: |
| 5656 | | | |
| 5657 | | | |
| 5658 | | | |
| 5659 | | | |
| 5660 | | | |
| 5661 | | | |
| 5662 | | | |
| 5663 | | | length = finfo->length; |
| 5664 | | | if (length == 0) { |
| 5665 | | | if (filter != NULL) |
| 5666 | | | *filter = ep_strdup(finfo->hfinfo->abbrev); |
| 5667 | | | break; |
| 5668 | | | } |
| 5669 | | | if (length < 0) |
| 5670 | | | return FALSE; |
| 5671 | | | |
| 5672 | | | |
| 5673 | | | |
| 5674 | | | |
| 5675 | | | |
| 5676 | | | |
| 5677 | | | |
| 5678 | | | |
| 5679 | | | if (edt == NULL) |
| 5680 | | | return FALSE; |
| 5681 | | | |
| 5682 | | | |
| 5683 | | | |
| 5684 | | | |
| 5685 | | | |
| 5686 | | | |
| 5687 | | | |
| 5688 | | | |
| 5689 | | | |
| 5690 | | | |
| 5691 | | | |
| 5692 | | | |
| 5693 | | | if (finfo->ds_tvb != edt->tvb) |
| 5694 | | | return FALSE; |
| 5695 | | | |
| 5696 | | | |
| 5697 | | | |
| 5698 | | | |
| 5699 | | | length_remaining = tvb_length_remaining(finfo->ds_tvb, finfo->start); |
| 5700 | | | if (length > length_remaining) |
| 5701 | | | length = length_remaining; |
| 5702 | | | if (length <= 0) |
| 5703 | | | return FALSE; |
| 5704 | | | |
| 5705 | | | if (filter != NULL) { |
| 5706 | | | start = finfo->start; |
| 5707 | | | buf_len = 32 + length * 3; |
| 5708 | | | *filter = ep_alloc0(buf_len); |
| 5709 | | | ptr = *filter; |
| 5710 | | | |
| 5711 | | | ptr += g_snprintf(ptr, (gulong) (buf_len-(ptr-*filter)), |
| 5712 | | | "frame[%d:%d] == ", finfo->start, length); |
| 5713 | | | for (i=0;i<length; i++) { |
| 5714 | | | c = tvb_get_guint8(finfo->ds_tvb, start); |
| 5715 | | | start++; |
| 5716 | | | if (i == 0 ) { |
| 5717 | | | ptr += g_snprintf(ptr, (gulong) (buf_len-(ptr-*filter)), "%02x", c); |
| 5718 | | | } |
| 5719 | | | else { |
| 5720 | | | ptr += g_snprintf(ptr, (gulong) (buf_len-(ptr-*filter)), ":%02x", c); |
| 5721 | | | } |
| 5722 | | | } |
| 5723 | | | } |
| 5724 | | | break; |
| 5725 | | | |
| 5726 | | | |
| 5727 | | | default: |
| 5728 | | | |
| 5729 | | | |
| 5730 | | | |
| 5731 | | | |
| 5732 | | | |
| 5733 | | | if (filter != NULL) { |
| 5734 | | | dfilter_len = fvalue_string_repr_len(&finfo->value, |
| 5735 | | | FTREPR_DFILTER); |
| 5736 | | | dfilter_len += abbrev_len + 4 + 1; |
| 5737 | | | *filter = ep_alloc0(dfilter_len); |
| 5738 | | | |
| 5739 | | | |
| 5740 | | | g_snprintf(*filter, dfilter_len, "%s == ", |
| 5741 | | | hfinfo->abbrev); |
| 5742 | | | fvalue_to_string_repr(&finfo->value, |
| 5743 | | | FTREPR_DFILTER, |
| 5744 | | | &(*filter)[abbrev_len + 4]); |
| 5745 | | | } |
| 5746 | | | break; |
| 5747 | | | } |
| 5748 | | | |
| 5749 | | | return TRUE; |
| 5750 | | | } |
| |