(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-gssapi.c) |
| |
| 172 | | | dissect_gssapi_work(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, |
| 173 | | | gboolean is_verifier) |
| 174 | | | { |
| 175 | | | proto_item *volatile item; |
| 176 | | | proto_tree *volatile subtree; |
| 177 | | | volatile int return_offset = 0; |
| 178 | | | gssapi_conv_info_t *volatile gss_info; |
| 179 | | | gssapi_oid_value *oidvalue; |
| 180 | | | dissector_handle_t handle; |
| 181 | | | conversation_t *conversation; |
| 182 | | | tvbuff_t *oid_tvb; |
| 183 | | | int len, start_offset, oid_start_offset; |
| 184 | | | volatile int offset; |
| 185 | | | gint8 class; |
| 186 | | | gboolean pc, ind_field; |
| 187 | | | gint32 tag; |
| 188 | | | guint32 len1; |
| 189 | | | const char *oid; |
| 190 | | | fragment_data *fd_head=NULL; |
| 191 | | | gssapi_frag_info_t *fi; |
| 192 | | | tvbuff_t *volatile gss_tvb=NULL; |
| 193 | | | asn1_ctx_t asn1_ctx; |
| 194 | | | |
| 195 | | | start_offset=0; |
| 196 | | | offset=0; |
| 197 | | | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); |
Event 1:
!0 evaluates to true.
hide
|
|
| 198 | | | |
| 199 | | | |
| 200 | | | |
| 201 | | | |
| 202 | | | |
| 203 | | | pinfo->gssapi_data_encrypted = FALSE; |
| 204 | | | |
| 205 | | | |
| 206 | | | |
| 207 | | | |
| 208 | | | |
| 209 | | | conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, |
| 210 | | | pinfo->ptype, pinfo->srcport, |
| 211 | | | pinfo->destport, 0); |
| 212 | | | if(!conversation){ |
Event 2:
Taking true branch. conversation evaluates to false.
hide
|
|
| 213 | | | conversation = conversation_new(pinfo->fd->num, &pinfo->src, |
| 214 | | | &pinfo->dst, |
| 215 | | | pinfo->ptype, |
| 216 | | | pinfo->srcport, |
| 217 | | | pinfo->destport, 0); |
| 218 | | | } |
| 219 | [+] | | gss_info = conversation_get_proto_data(conversation, proto_gssapi); |
 |
| 220 | | | if (!gss_info) { |
Event 7:
Skipping " if". gss_info evaluates to true.
hide
|
|
| 221 | | | gss_info = se_alloc(sizeof(gssapi_conv_info_t)); |
| 222 | | | gss_info->oid=NULL; |
| 223 | | | gss_info->do_reassembly=FALSE; |
| 224 | | | gss_info->frags=se_tree_create_non_persistent(EMEM_TREE_TYPE_RED_BLACK, "gssapi_frags"); |
| 225 | | | |
| 226 | | | conversation_add_proto_data(conversation, proto_gssapi, gss_info); |
| 227 | | | } |
| 228 | | | |
| 229 | | | item = proto_tree_add_item( |
| 230 | | | tree, proto_gssapi, tvb, offset, -1, FALSE); |
| 231 | | | |
| 232 | | | subtree = proto_item_add_subtree(item, ett_gssapi); |
| 233 | | | |
| 234 | | | |
| 235 | | | |
| 236 | | | |
| 237 | | | |
| 238 | | | |
| 239 | | | |
| 240 | | | |
| 241 | | | |
| 242 | | | |
| 243 | | | |
| 244 | | | |
| 245 | | | |
| 246 | | | TRY {
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
176 | #define TRY \ |
177 | {\ |
178 | except_t *exc; \ |
179 | volatile int except_state = 0; \ |
180 | static const except_id_t catch_spec[] = { \ |
181 | { XCEPT_GROUP_WIRESHARK, XCEPT_CODE_ANY } }; \ |
182 | except_try_push(catch_spec, 1, &exc); \ |
183 | \ |
184 | if(except_state & EXCEPT_CAUGHT) \ |
185 | except_state |= EXCEPT_RETHROWN; \ |
186 | except_state &= ~EXCEPT_CAUGHT; \ |
187 | \ |
188 | if (except_state == 0 && exc == 0) \ |
189 | /* user's code goes here */ |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/except.h |
| |
143 | #define except_try_push(ID, NUM, PPE) \ |
144 | { \ |
145 | struct except_stacknode except_sn; \ |
146 | struct except_catch except_ch; \ |
147 | except_setup_try(&except_sn, &except_ch, ID, NUM); \ |
148 | if (setjmp(except_ch.except_jmp)) \ |
149 | *(PPE) = &except_ch.except_obj; \ |
150 | else \ |
151 | *(PPE) = 0 |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
165 | #define EXCEPT_CAUGHT 1 /* exception has been caught, no need to rethrow at |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
168 | #define EXCEPT_RETHROWN 2 /* the exception was rethrown from a CATCH |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
165 | #define EXCEPT_CAUGHT 1 /* exception has been caught, no need to rethrow at |
| |
|
Event 8:
Taking false branch. setjmp(except_ch.except_jmp) evaluates to false.
hide
Event 9:
Skipping " if". except_state & 1 evaluates to false.
hide
|
|
| 247 | | | gss_tvb=tvb; |
| 248 | | | |
| 249 | | | |
| 250 | | | |
| 251 | | | |
| 252 | | | |
| 253 | | | if( (!pinfo->fd->flags.visited) |
Event 11:
pinfo->fd->flags.visited evaluates to false.
hide
|
|
| 254 | | | && (gss_info->do_reassembly) |
Null Pointer Dereference
gss_info is dereferenced here, but it is NULL. The issue can occur if the highlighted code executes. See related event 6. Show: All events | Only primary events |
|
| |