(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-rtps2.c) |
| |
| 8151 | | | static gboolean dissect_rtps(tvbuff_t *tvb, |
| 8152 | | | packet_info *pinfo, |
| 8153 | | | proto_tree *tree) { |
| 8154 | | | proto_item *ti = NULL; |
| 8155 | | | proto_tree *rtps_tree = NULL; |
| 8156 | | | gint offset = 0; |
| 8157 | | | proto_tree *rtps_submessage_tree = NULL; |
| 8158 | | | guint8 submessageId; |
| 8159 | | | guint8 flags; |
| 8160 | | | gboolean little_endian; |
| 8161 | | | gboolean is_ping = FALSE; |
| 8162 | | | gint next_submsg, ; |
| 8163 | | | guint16 vendor_id = RTPS_VENDOR_UNKNOWN; |
| 8164 | | | char info_summary_text[MAX_SUMMARY_SIZE]; |
| 8165 | | | |
| 8166 | | | info_summary_text[0] = '\0'; |
| 8167 | | | |
| 8168 | | | |
| 8169 | | | |
| 8170 | | | |
| 8171 | | | if (!tvb_bytes_exist(tvb, offset, 16)) return FALSE; |
Event 1:
Skipping " if". tvb_bytes_exist(...) evaluates to true.
hide
|
|
| 8172 | | | |
| 8173 | | | |
| 8174 | | | if ( (tvb_get_guint8(tvb,offset) != 'R') || |
Event 2:
Skipping " if". - tvb_get_guint8(...) != 82 evaluates to false.
- tvb_get_guint8(...) != 84 evaluates to false.
- tvb_get_guint8(...) != 80 evaluates to false.
- tvb_get_guint8(...) != 83 evaluates to false.
- tvb_get_guint8(...) != 2 evaluates to false.
hide
|
|
| 8175 | | | (tvb_get_guint8(tvb,offset+1) != 'T') || |
| 8176 | | | (tvb_get_guint8(tvb,offset+2) != 'P') || |
| 8177 | | | (tvb_get_guint8(tvb,offset+3) != 'S') || |
| 8178 | | | (tvb_get_guint8(tvb,offset+4) != 2) ) { |
| 8179 | | | return FALSE; |
| 8180 | | | } |
| 8181 | | | |
| 8182 | | | |
| 8183 | | | if (check_col(pinfo->cinfo, COL_PROTOCOL)) { |
Event 3:
Skipping " if". check_col(...) evaluates to false.
hide
|
|
| 8184 | | | col_set_str(pinfo->cinfo, COL_PROTOCOL, "RTPS2"); |
| 8185 | | | } |
| 8186 | | | |
| 8187 | | | if (check_col(pinfo->cinfo, COL_INFO)) { |
Event 5:
Skipping " if". check_col(...) evaluates to false.
hide
|
|
| 8188 | | | col_clear(pinfo->cinfo, COL_INFO); |
| 8189 | | | } |
| 8190 | | | |
| 8191 | | | |
| 8192 | | | { |
| 8193 | | | guint8 nddsPing[8]; |
| 8194 | | | tvb_memcpy(tvb, nddsPing, offset+8, 8); |
| 8195 | | | is_ping = (nddsPing[0] == 'N' && |
Event 6:
nddsPing[0] == 78 evaluates to false.
hide
|
|
| 8196 | | | nddsPing[1] == 'D' && |
| 8197 | | | nddsPing[2] == 'D' && |
| 8198 | | | nddsPing[3] == 'S' && |
| 8199 | | | nddsPing[4] == 'P' && |
| 8200 | | | nddsPing[5] == 'I' && |
| 8201 | | | nddsPing[6] == 'N' && |
| 8202 | | | nddsPing[7] == 'G'); |
| 8203 | | | } |
| 8204 | | | |
| 8205 | | | if (tree) { |
Event 7:
Skipping " if". tree evaluates to false.
hide
|
|
| 8206 | | | |
| 8207 | | | ti = proto_tree_add_item(tree, proto_rtps, tvb, 0, -1, FALSE); |
| 8208 | | | rtps_tree = proto_item_add_subtree(ti, ett_rtps); |
| 8209 | | | |
| 8210 | | | |
| 8211 | | | rtps_util_add_protocol_version(rtps_tree, tvb, offset+4); |
| 8212 | | | |
| 8213 | | | |
| 8214 | | | vendor_id = NEXT_guint16(tvb, offset+6, FALSE);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-rtps2.c |
| |
819 | #define NEXT_guint16(tvb, offset, le) \ |
820 | (le ? tvb_get_letohs(tvb, offset) : tvb_get_ntohs(tvb, offset)) |
| |
|
| 8215 | | | rtps_util_add_vendor_id(rtps_tree, tvb, offset+6, NULL, 0); |
| 8216 | | | |
| 8217 | | | |
| 8218 | | | if (!is_ping) { |
| 8219 | | | rtps_util_add_guid_prefix(rtps_tree, |
| 8220 | | | tvb, |
| 8221 | | | offset+8, |
| 8222 | | | hf_rtps_guid_prefix, |
| 8223 | | | hf_rtps_host_id, |
| 8224 | | | hf_rtps_app_id, |
| 8225 | | | hf_rtps_sm_counter, |
| 8226 | | | NULL, |
| 8227 | | | NULL, |
| 8228 | | | 0); |
| 8229 | | | } |
| 8230 | | | } |
| 8231 | | | |
| 8232 | | | if (is_ping) { |
Event 8:
Skipping " if". is_ping evaluates to false.
hide
|
|
| 8233 | | | g_strlcpy(info_summary_text, "PING", MAX_SUMMARY_SIZE); |
| 8234 | | | } |
| 8235 | | | |
| 8236 | | | |
| 8237 | | | if (tree) { |
Event 9:
Skipping " if". tree evaluates to false.
hide
|
|
| 8238 | | | int domain_id; |
| 8239 | | | int participant_idx = -1; |
| 8240 | | | int nature; |
| 8241 | | | int Doffset; |
| 8242 | | | proto_item *ti; |
| 8243 | | | proto_tree *mapping_tree; |
| 8244 | | | |
| 8245 | | | |
| 8246 | | | |
| 8247 | | | |
| 8248 | | | |
| 8249 | | | |
| 8250 8267 |  | | [ Lines 8250 to 8267 omitted. ] |
| 8268 | | | |
| 8269 | | | |
| 8270 | | | |
| 8271 | | | |
| 8272 | | | |
| 8273 | | | |
| 8274 | | | |
| 8275 | | | |
| 8276 | | | |
| 8277 | | | |
| 8278 | | | domain_id = (pinfo->destport - PORT_BASE) / 250; |
| 8279 | | | Doffset = (pinfo->destport - PORT_BASE - domain_id * 250); |
| 8280 | | | if (Doffset == 0) { |
| 8281 | | | nature = PORT_METATRAFFIC_MULTICAST; |
| 8282 | | | } else if (Doffset == 1) { |
| 8283 | | | nature = PORT_USERTRAFFIC_MULTICAST; |
| 8284 | | | } else { |
| 8285 | | | participant_idx = (Doffset - 10) / 2; |
| 8286 | | | if ( (Doffset - 10) % 2 == 0) { |
| 8287 | | | nature = PORT_METATRAFFIC_UNICAST; |
| 8288 | | | } else { |
| 8289 | | | nature = PORT_USERTRAFFIC_UNICAST; |
| 8290 | | | } |
| 8291 | | | } |
| 8292 | | | |
| 8293 | | | if (nature == PORT_METATRAFFIC_UNICAST || nature == PORT_USERTRAFFIC_UNICAST) { |
| 8294 | | | ti = proto_tree_add_text(rtps_tree, |
| 8295 | | | tvb, |
| 8296 | | | 0, |
| 8297 | | | 4, |
| 8298 | | | "Default port mapping: %s, domainId=%d, " |
| 8299 | | | "participantIdx=%d", |
| 8300 | | | val_to_str(nature, nature_type_vals, "%02x"), |
| 8301 | | | domain_id, |
| 8302 | | | participant_idx); |
| 8303 | | | } else { |
| 8304 | | | |
| 8305 | | | ti = proto_tree_add_text(rtps_tree, |
| 8306 | | | tvb, |
| 8307 | | | 0, |
| 8308 | | | 4, |
| 8309 | | | "Default port mapping: %s, domainId=%d", |
| 8310 | | | val_to_str(nature, nature_type_vals, "%02x"), |
| 8311 | | | domain_id); |
| 8312 | | | } |
| 8313 | | | |
| 8314 | | | |
| 8315 | | | mapping_tree = proto_item_add_subtree(ti, ett_rtps_default_mapping); |
| 8316 | | | proto_tree_add_uint(mapping_tree, |
| 8317 | | | hf_rtps_domain_id, |
| 8318 | | | tvb, |
| 8319 | | | 0, |
| 8320 | | | 4, |
| 8321 | | | domain_id); |
| 8322 | | | if (nature == PORT_METATRAFFIC_UNICAST || nature == PORT_USERTRAFFIC_UNICAST) { |
| 8323 | | | proto_tree_add_uint(mapping_tree, |
| 8324 | | | hf_rtps_participant_idx, |
| 8325 | | | tvb, |
| 8326 | | | 0, |
| 8327 | | | 4, |
| 8328 | | | participant_idx); |
| 8329 | | | } |
| 8330 | | | proto_tree_add_uint(mapping_tree, |
| 8331 | | | hf_rtps_nature_type, |
| 8332 | | | tvb, |
| 8333 | | | 0, |
| 8334 | | | 4, |
| 8335 | | | nature); |
| 8336 | | | } |
| 8337 | | | |
| 8338 | | | |
| 8339 | | | offset=20; |
| 8340 | | | |
| 8341 | | | while (tvb_reported_length_remaining(tvb, offset) > 0) { |
| 8342 | | | submessageId = tvb_get_guint8(tvb, offset); |
| 8343 | | | |
| 8344 | | | |
| 8345 | | | if (rtps_tree) { |
| 8346 | | | if (submessageId & 0x80) { |
| 8347 | | | ti = proto_tree_add_text(rtps_tree, |
| 8348 | | | tvb, |
| 8349 | | | offset, |
| 8350 | | | -1, |
| 8351 | | | "Submessage: %s", |
| 8352 | | | val_to_str(submessageId, submessage_id_vals, |
| 8353 | | | "Vendor-specific (0x%02x)")); |
| 8354 | | | } else { |
| 8355 | | | ti = proto_tree_add_text(rtps_tree, |
| 8356 | | | tvb, |
| 8357 | | | offset, |
| 8358 | | | -1, |
| 8359 | | | "Submessage: %s", |
| 8360 | | | val_to_str(submessageId, submessage_id_vals, |
| 8361 | | | "Unknown (0x%02x)")); |
| 8362 | | | } |
| 8363 | | | rtps_submessage_tree = proto_item_add_subtree(ti, ett_rtps_submessage); |
| 8364 | | | |
| 8365 | | | |
| 8366 | | | if (submessageId & 0x80) { |
| 8367 | | | proto_tree_add_uint_format(rtps_submessage_tree, |
| 8368 | | | hf_rtps_sm_id, |
| 8369 | | | tvb, |
| 8370 | | | offset, |
| 8371 | | | 1, |
| 8372 | | | submessageId, |
| 8373 | | | "submessageId: Vendor-specific (0x%02x)", |
| 8374 | | | submessageId); |
| 8375 | | | } else { |
| 8376 | | | proto_tree_add_uint(rtps_submessage_tree, hf_rtps_sm_id, |
| 8377 | | | tvb, offset, 1, submessageId); |
| 8378 | | | } |
| 8379 | | | } |
| 8380 | | | |
| 8381 | | | |
| 8382 | | | flags = tvb_get_guint8(tvb, offset + 1); |
| 8383 | | | |
| 8384 | | | |
| 8385 | | | little_endian = ((flags & FLAG_E) != 0); |
| 8386 | | | |
| 8387 | | | |
| 8388 | | | = NEXT_guint16(tvb, offset + 2, little_endian);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-rtps2.c |
| |
819 | #define NEXT_guint16(tvb, offset, le) \ |
820 | (le ? tvb_get_letohs(tvb, offset) : tvb_get_ntohs(tvb, offset)) |
| |
|
| 8389 | | | next_submsg = offset + + 4; |
| 8390 | | | |
| 8391 | | | |
| 8392 | | | if (ti != NULL) { |
| 8393 | | | proto_item_set_len(ti, + 4); |
| 8394 | | | } |
| 8395 | | | |
| 8396 | | | |
| 8397 | | | |
| 8398 | | | |
| 8399 | | | |
| 8400 | | | |
| 8401 | | | |
| 8402 | | | |
| 8403 | | | |
| 8404 | | | switch (submessageId) { |
| 8405 | | | case SUBMESSAGE_PAD: |
| 8406 | | | dissect_PAD(tvb, |
| 8407 | | | offset, |
| 8408 | | | flags, |
| 8409 | | | little_endian, |
| 8410 | | | , |
| 8411 | | | rtps_submessage_tree, |
| 8412 | | | info_summary_text, |
| 8413 | | | vendor_id); |
| 8414 | | | break; |
| 8415 | | | |
| 8416 | | | case SUBMESSAGE_DATA: |
| 8417 | | | dissect_DATA(tvb, |
| 8418 | | | offset, |
| 8419 | | | flags, |
| 8420 | | | little_endian, |
| 8421 | | | , |
| 8422 | | | rtps_submessage_tree, |
| 8423 | | | info_summary_text, |
| 8424 | | | vendor_id); |
| 8425 | | | break; |
| 8426 | | | |
| 8427 | | | case SUBMESSAGE_DATA_FRAG: |
| 8428 | | | dissect_DATA_FRAG(tvb, |
| 8429 | | | offset, |
| 8430 | | | flags, |
| 8431 | | | little_endian, |
| 8432 | | | , |
| 8433 | | | rtps_submessage_tree, |
| 8434 | | | info_summary_text, |
| 8435 | | | vendor_id); |
| 8436 | | | break; |
| 8437 | | | |
| 8438 | | | case SUBMESSAGE_NOKEY_DATA: |
| 8439 | | | dissect_NOKEY_DATA(tvb, |
| 8440 | | | offset, |
| 8441 | | | flags, |
| 8442 | | | little_endian, |
| 8443 | | | , |
| 8444 | | | rtps_submessage_tree, |
| 8445 | | | info_summary_text, |
| 8446 | | | vendor_id); |
| 8447 | | | break; |
| 8448 | | | |
| 8449 | | | case SUBMESSAGE_NOKEY_DATA_FRAG: |
| 8450 | | | dissect_NOKEY_DATA_FRAG(tvb, |
| 8451 | | | offset, |
| 8452 | | | flags, |
| 8453 | | | little_endian, |
| 8454 | | | , |
| 8455 | | | rtps_submessage_tree, |
| 8456 | | | info_summary_text, |
| 8457 | | | vendor_id); |
| 8458 | | | break; |
| 8459 | | | |
| 8460 | | | case SUBMESSAGE_NACK_FRAG: |
| 8461 | | | dissect_NACK_FRAG(tvb, |
| 8462 | | | offset, |
| 8463 | | | flags, |
| 8464 | | | little_endian, |
| 8465 | | | , |
| 8466 | | | rtps_submessage_tree, |
| 8467 | | | info_summary_text, |
| 8468 | | | vendor_id); |
| 8469 | | | break; |
| 8470 | | | |
| 8471 | | | |
| 8472 | | | case SUBMESSAGE_ACKNACK_BATCH: |
| 8473 | | | case SUBMESSAGE_ACKNACK: |
| 8474 | | | dissect_ACKNACK(tvb, |
| 8475 | | | offset, |
| 8476 | | | flags, |
| 8477 | | | little_endian, |
| 8478 | | | , |
| 8479 | | | rtps_submessage_tree, |
| 8480 | | | info_summary_text, |
| 8481 | | | vendor_id); |
| 8482 | | | break; |
| 8483 | | | |
| 8484 | | | case SUBMESSAGE_HEARTBEAT: |
| 8485 | | | dissect_HEARTBEAT(tvb, |
| 8486 | | | offset, |
| 8487 | | | flags, |
| 8488 | | | little_endian, |
| 8489 | | | , |
| 8490 | | | rtps_submessage_tree, |
| 8491 | | | info_summary_text, |
| 8492 | | | vendor_id); |
| 8493 | | | break; |
| 8494 | | | |
| 8495 | | | case SUBMESSAGE_HEARTBEAT_BATCH: |
| 8496 | | | dissect_HEARTBEAT_BATCH(tvb, |
| 8497 | | | offset, |
| 8498 | | | flags, |
| 8499 | | | little_endian, |
| 8500 | | | , |
| 8501 | | | rtps_submessage_tree, |
| 8502 | | | info_summary_text, |
| 8503 | | | vendor_id); |
| 8504 | | | break; |
| 8505 | | | |
| 8506 | | | case SUBMESSAGE_HEARTBEAT_FRAG: |
| 8507 | | | dissect_HEARTBEAT_FRAG(tvb, |
| 8508 | | | offset, |
| 8509 | | | flags, |
| 8510 | | | little_endian, |
| 8511 | | | , |
| 8512 | | | rtps_submessage_tree, |
| 8513 | | | info_summary_text, |
| 8514 | | | vendor_id); |
| 8515 | | | break; |
| 8516 | | | |
| 8517 | | | case SUBMESSAGE_GAP: |
| 8518 | | | dissect_GAP(tvb, |
| 8519 | | | offset, |
| 8520 | | | flags, |
| 8521 | | | little_endian, |
| 8522 | | | , |
| 8523 | | | rtps_submessage_tree, |
| 8524 | | | info_summary_text, |
| 8525 | | | vendor_id); |
| 8526 | | | break; |
| 8527 | | | |
| 8528 | | | case SUBMESSAGE_INFO_TS: |
| 8529 | | | dissect_INFO_TS(tvb, |
| 8530 | | | offset, |
| 8531 | | | flags, |
| 8532 | | | little_endian, |
| 8533 | | | , |
| 8534 | | | rtps_submessage_tree, |
| 8535 | | | info_summary_text, |
| 8536 | | | vendor_id); |
| 8537 | | | break; |
| 8538 | | | |
| 8539 | | | case SUBMESSAGE_INFO_SRC: |
| 8540 | | | dissect_INFO_SRC(tvb, |
| 8541 | | | offset, |
| 8542 | | | flags, |
| 8543 | | | little_endian, |
| 8544 | | | , |
| 8545 | | | rtps_submessage_tree, |
| 8546 | | | info_summary_text, |
| 8547 | | | vendor_id); |
| 8548 | | | break; |
| 8549 | | | |
| 8550 | | | case SUBMESSAGE_INFO_REPLY_IP4: |
| 8551 | | | dissect_INFO_REPLY_IP4(tvb, |
| 8552 | | | offset, |
| 8553 | | | flags, |
| 8554 | | | little_endian, |
| 8555 | | | , |
| 8556 | | | rtps_submessage_tree, |
| 8557 | | | info_summary_text, |
| 8558 | | | vendor_id); |
| 8559 | | | break; |
| 8560 | | | |
| 8561 | | | case SUBMESSAGE_INFO_DST: |
| 8562 | | | dissect_INFO_DST(tvb, |
| 8563 | | | offset, |
| 8564 | | | flags, |
| 8565 | | | little_endian, |
| 8566 | | | , |
| 8567 | | | rtps_submessage_tree, |
| 8568 | | | info_summary_text, |
| 8569 | | | vendor_id); |
| 8570 | | | break; |
| 8571 | | | |
| 8572 | | | case SUBMESSAGE_INFO_REPLY: |
| 8573 | | | dissect_INFO_REPLY(tvb, |
| 8574 | | | offset, |
| 8575 | | | flags, |
| 8576 | | | little_endian, |
| 8577 | | | , |
| 8578 | | | rtps_submessage_tree, |
| 8579 | | | info_summary_text, |
| 8580 | | | vendor_id); |
| 8581 | | | break; |
| 8582 | | | |
| 8583 | | | case SUBMESSAGE_RTPS_DATA: |
| 8584 | | | dissect_RTPS_DATA(tvb, |
| 8585 | | | offset, |
| 8586 | | | flags, |
| 8587 | | | little_endian, |
| 8588 | | | , |
| 8589 | | | rtps_submessage_tree, |
| 8590 | | | info_summary_text, |
| 8591 | | | vendor_id); |
| 8592 | | | break; |
| 8593 | | | |
| 8594 | | | case SUBMESSAGE_RTPS_DATA_FRAG: |
| 8595 | | | dissect_RTPS_DATA_FRAG(tvb, |
| 8596 | | | offset, |
| 8597 | | | flags, |
| 8598 | | | little_endian, |
| 8599 | | | , |
| 8600 | | | rtps_submessage_tree, |
| 8601 | | | info_summary_text, |
| 8602 | | | vendor_id); |
| 8603 | | | break; |
| 8604 | | | |
| 8605 | | | case SUBMESSAGE_RTPS_DATA_BATCH: |
| 8606 | | | dissect_RTPS_DATA_BATCH(tvb, |
| 8607 | | | offset, |
| 8608 | | | flags, |
| 8609 | | | little_endian, |
| 8610 | | | , |
| 8611 | | | rtps_submessage_tree, |
| 8612 | | | info_summary_text, |
| 8613 | | | vendor_id); |
| 8614 | | | break; |
| 8615 | | | |
| 8616 | | | |
| 8617 | | | default: |
| 8618 | | | if (rtps_submessage_tree != NULL) { |
| 8619 | | | proto_tree_add_uint(rtps_submessage_tree, hf_rtps_sm_flags, |
| 8620 | | | tvb, offset + 1, 1, flags); |
| 8621 | | | proto_tree_add_uint(rtps_submessage_tree, |
| 8622 | | | , |
| 8623 | | | tvb, offset + 2, 2, next_submsg); |
| 8624 | | | } |
| 8625 | | | } |
| 8626 | | | |
| 8627 | | | |
| 8628 | | | offset = next_submsg; |
| 8629 | | | } |
| 8630 | | | |
| 8631 | | | |
| 8632 | | | if ((pinfo != NULL) && (pinfo->cinfo != NULL) && (check_col(pinfo->cinfo, COL_INFO))) { |
Null Test After Dereference
This code tests the nullness of pinfo, which has already been dereferenced. - If pinfo were null, there would have been a prior null pointer dereference at packet-rtps2.c:8187, and potentially at other locations as well.
- Either this test is redundant, or the earlier dereference(s) should be guarded by a similar test.
The issue can occur if the highlighted code executes. See related event 4. Show: All events | Only primary events |
|
| 8633 | | | col_add_str(pinfo->cinfo, COL_INFO, info_summary_text); |
| 8634 | | | } |
| 8635 | | | return TRUE; |
| 8636 | | | |
| 8637 | | | } |
| |