(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-msproxy.c) |
| |
| 184 | | | static void msproxy_sub_dissector( tvbuff_t *tvb, packet_info *pinfo, |
| 185 | | | proto_tree *tree) { |
| 186 | | | |
| 187 | | | |
| 188 | | | |
| 189 | | | |
| 190 | | | |
| 191 | | | guint32 *ptr; |
| 192 | | | redirect_entry_t *redirect_info; |
| 193 | | | conversation_t *conversation; |
| 194 | | | proto_tree *msp_tree; |
| 195 | | | proto_item *ti; |
| 196 | | | |
| 197 | | | conversation = find_conversation( pinfo->fd->num, &pinfo->src, &pinfo->dst, |
| 198 | [+] | | pinfo->ptype, pinfo->srcport, pinfo->destport, 0); |
 |
| 199 | | | |
| 200 | | | DISSECTOR_ASSERT( conversation);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
117 | #define DISSECTOR_ASSERT(expression) \ |
118 | ((void) ((expression) ? (void)0 : \ |
119 | __DISSECTOR_ASSERT (expression, __FILE__, __LINE__))) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
138 | #define __DISSECTOR_ASSERT(expression, file, lineno) \ |
139 | (REPORT_DISSECTOR_BUG( \ |
140 | ep_strdup_printf("%s:%u: failed assertion \"%s\"", \ |
141 | file, lineno, __DISSECTOR_ASSERT_STRINGIFY(expression)))) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
106 | #define REPORT_DISSECTOR_BUG(message) \ |
107 | ((getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL) ? \ |
108 | abort() : \ |
109 | THROW_MESSAGE(DissectorError, message)) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
226 | #define THROW_MESSAGE(x, y) \ |
227 | except_throw(XCEPT_GROUP_WIRESHARK, (x), (y)) |
| |
|
Event 8:
conversation evaluates to true.
hide
|
|
| 201 | | | |
| 202 | | | redirect_info = conversation_get_proto_data(conversation, |
Event 12:
redirect_info is set to conversation_get_proto_data(...), which evaluates to NULL. See related event 11.
hide
|
|
| 203 | [+] | | proto_msproxy); |
 |
| 204 | | | |
| 205 | [+] | | if (check_col(pinfo->cinfo, COL_PROTOCOL)) |
 |
| 206 | | | col_set_str(pinfo->cinfo, COL_PROTOCOL, "MS Proxy"); |
| 207 | | | |
| 208 | [+] | | if (check_col(pinfo->cinfo, COL_INFO)) |
 |
| 209 | | | col_set_str(pinfo->cinfo, COL_INFO, |
| 210 | | | (( redirect_info->proto == PT_TCP) ? "TCP stream" : |
| 211 | | | "UDP packets")); |
| 212 | | | |
| 213 | | | if ( tree) { |
Event 17:
Taking true branch. tree evaluates to true.
hide
|
|
| 214 | | | ti = proto_tree_add_item( tree, proto_msproxy, tvb, 0, 0, |
| 215 | | | FALSE ); |
| 216 | | | |
| 217 | | | msp_tree = proto_item_add_subtree(ti, ett_msproxy); |
| 218 | | | |
| 219 | | | proto_tree_add_uint( msp_tree, hf_msproxy_dstport, tvb, 0, 0, |
| 220 | | | redirect_info->remote_port); |
Null Pointer Dereference
redirect_info is dereferenced here, but it is NULL. The issue can occur if the highlighted code executes. See related event 12. Show: All events | Only primary events |
|
| |