(/home/sate/Testcases/c/cve/wireshark-1.2.0/tap-dcerpcstat.c) |
| |
| 180 | | | dcerpcstat_init(const char *optarg, void* userdata _U_) |
| 181 | | | { |
| 182 | | | rpcstat_t *rs; |
| 183 | | | guint32 i, max_procs; |
| 184 | | | dcerpc_sub_dissector *procs; |
| 185 | | | e_uuid_t uuid; |
| 186 | | | guint d1,d2,d3,d40,d41,d42,d43,d44,d45,d46,d47; |
| 187 | | | int major, minor;
x /usr/include/sys/sysmacros.h |
| |
65 | # define major(dev) gnu_dev_major (dev) |
| |
x /usr/include/sys/sysmacros.h |
| |
66 | # define minor(dev) gnu_dev_minor (dev) |
| |
|
| 188 | | | guint16 ver; |
| 189 | | | int pos=0; |
| 190 | | | const char *filter=NULL; |
| 191 | | | GString *error_string; |
| 192 | | | |
| 193 | | | |
| 194 | | | |
| 195 | | | |
| 196 | | | |
| 197 | | | |
| 198 | | | |
| 199 | | | |
| 200 | | | |
| 201 | | | |
| 202 | | | |
| 203 | | | |
| 204 | | | |
| 205 | | | |
| 206 | | | |
| 207 | | | |
| 208 | | | |
| 209 | | | if(sscanf(optarg,"dcerpc,rtt,%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x,%d.%d%n", &d1,&d2,&d3,&d40,&d41,&d42,&d43,&d44,&d45,&d46,&d47,&major,&minor,&pos)==13){
x /usr/include/sys/sysmacros.h |
| |
65 | # define major(dev) gnu_dev_major (dev) |
| |
x /usr/include/sys/sysmacros.h |
| |
66 | # define minor(dev) gnu_dev_minor (dev) |
| |
|
Event 1:
Taking true branch. sscanf(...) == 13 evaluates to true.
hide
|
|
| 210 | | | uuid.Data1=d1; |
| 211 | | | uuid.Data2=d2; |
| 212 | | | uuid.Data3=d3; |
| 213 | | | uuid.Data4[0]=d40; |
| 214 | | | uuid.Data4[1]=d41; |
| 215 | | | uuid.Data4[2]=d42; |
| 216 | | | uuid.Data4[3]=d43; |
| 217 | | | uuid.Data4[4]=d44; |
| 218 | | | uuid.Data4[5]=d45; |
| 219 | | | uuid.Data4[6]=d46; |
| 220 | | | uuid.Data4[7]=d47; |
| 221 | | | if(pos){ |
Event 2:
Taking false branch. pos evaluates to false.
hide
|
|
| 222 | | | filter=optarg+pos; |
| 223 | | | } else { |
| 224 | | | filter=NULL; |
| 225 | | | } |
| 226 | | | } else { |
| 227 | | | fprintf(stderr, "tshark: invalid \"-z dcerpc,rtt,<uuid>,<major version>.<minor version>[,<filter>]\" argument\n"); |
| 228 | | | exit(1); |
| 229 | | | } |
| 230 | | | if (major < 0 || major > 65535) {
x /usr/include/sys/sysmacros.h |
| |
65 | # define major(dev) gnu_dev_major (dev) |
| |
x /usr/include/sys/sysmacros.h |
| |
65 | # define major(dev) gnu_dev_major (dev) |
| |
|
Event 3:
Skipping " if". - major < 0 evaluates to false.
- major > 65535 evaluates to false.
hide
|
|
| 231 | | | fprintf(stderr,"tshark: dcerpcstat_init() Major version number %d is invalid - must be positive and <= 65535\n", major);
x /usr/include/sys/sysmacros.h |
| |
65 | # define major(dev) gnu_dev_major (dev) |
| |
|
| 232 | | | exit(1); |
| 233 | | | } |
| 234 | | | if (minor < 0 || minor > 65535) {
x /usr/include/sys/sysmacros.h |
| |
66 | # define minor(dev) gnu_dev_minor (dev) |
| |
x /usr/include/sys/sysmacros.h |
| |
66 | # define minor(dev) gnu_dev_minor (dev) |
| |
|
Event 4:
Skipping " if". - minor < 0 evaluates to false.
- minor > 65535 evaluates to false.
hide
|
|
| 235 | | | fprintf(stderr,"tshark: dcerpcstat_init() Minor version number %d is invalid - must be positive and <= 65535\n", minor);
x /usr/include/sys/sysmacros.h |
| |
66 | # define minor(dev) gnu_dev_minor (dev) |
| |
|
| 236 | | | exit(1); |
| 237 | | | } |
| 238 | | | ver = major;
x /usr/include/sys/sysmacros.h |
| |
65 | # define major(dev) gnu_dev_major (dev) |
| |
|
| 239 | | | |
| 240 | | | rs=g_malloc(sizeof(rpcstat_t)); |
| 241 | | | rs->prog=dcerpc_get_proto_name(&uuid, ver); |
| 242 | | | if(!rs->prog){ |
Event 6:
Skipping " if". rs->prog evaluates to true.
hide
|
|
| 243 | | | g_free(rs); |
| 244 | | | fprintf(stderr,"tshark: dcerpcstat_init() Protocol with uuid:%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x v%u not supported\n",uuid.Data1,uuid.Data2,uuid.Data3,uuid.Data4[0],uuid.Data4[1],uuid.Data4[2],uuid.Data4[3],uuid.Data4[4],uuid.Data4[5],uuid.Data4[6],uuid.Data4[7],ver); |
| 245 | | | exit(1); |
| 246 | | | } |
| 247 | [+] | | procs=dcerpc_get_proto_sub_dissector(&uuid, ver); |
 |
| 248 | | | rs->uuid=uuid; |
| 249 | | | rs->ver=ver; |
| 250 | | | |
| 251 | | | if(filter){ |
Event 11:
Taking false branch. filter evaluates to false.
hide
|
|
| 252 | | | rs->filter=g_strdup(filter); |
| 253 | | | } else { |
| 254 | | | rs->filter=NULL; |
| 255 | | | } |
| 256 | | | |
| 257 | | | for(i=0,max_procs=0;procs[i].name;i++){ |
Null Pointer Dereference
procs is dereferenced here, but it is NULL. The issue can occur if the highlighted code executes. See related event 10. Show: All events | Only primary events |
|
| |