(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-socks.c) |
| |
| 374 | | | socks_udp_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { |
| 375 | | | |
| 376 | | | |
| 377 | | | |
| 378 | | | |
| 379 | | | |
| 380 | | | int offset = 0; |
| 381 | | | guint32 *ptr; |
| 382 | | | socks_hash_entry_t *hash_info; |
| 383 | | | conversation_t *conversation; |
| 384 | | | proto_tree *socks_tree; |
| 385 | | | proto_item *ti; |
| 386 | | | |
| 387 | | | conversation = find_conversation( pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, |
| 388 | [+] | | pinfo->srcport, pinfo->destport, 0); |
 |
| 389 | | | |
| 390 | | | DISSECTOR_ASSERT( conversation);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
117 | #define DISSECTOR_ASSERT(expression) \ |
118 | ((void) ((expression) ? (void)0 : \ |
119 | __DISSECTOR_ASSERT (expression, __FILE__, __LINE__))) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
138 | #define __DISSECTOR_ASSERT(expression, file, lineno) \ |
139 | (REPORT_DISSECTOR_BUG( \ |
140 | ep_strdup_printf("%s:%u: failed assertion \"%s\"", \ |
141 | file, lineno, __DISSECTOR_ASSERT_STRINGIFY(expression)))) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
106 | #define REPORT_DISSECTOR_BUG(message) \ |
107 | ((getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL) ? \ |
108 | abort() : \ |
109 | THROW_MESSAGE(DissectorError, message)) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
226 | #define THROW_MESSAGE(x, y) \ |
227 | except_throw(XCEPT_GROUP_WIRESHARK, (x), (y)) |
| |
|
Event 8:
conversation evaluates to true.
hide
|
|
| 391 | | | |
| 392 | [+] | | hash_info = conversation_get_proto_data(conversation, proto_socks); |
 |
| 393 | | | |
| 394 | [+] | | if (check_col(pinfo->cinfo, COL_PROTOCOL)) |
 |
| 395 | | | col_set_str(pinfo->cinfo, COL_PROTOCOL, "Socks"); |
| 396 | | | |
| 397 | [+] | | if (check_col(pinfo->cinfo, COL_INFO)) |
 |
| 398 | | | col_add_fstr(pinfo->cinfo, COL_INFO, "Version: 5, UDP Associated packet"); |
| 399 | | | |
| 400 | | | if ( tree) { |
Event 17:
Taking false branch. tree evaluates to false.
hide
|
|
| 401 | | | ti = proto_tree_add_protocol_format( tree, proto_socks, tvb, |
| 402 | | | offset, -1, "Socks" ); |
| 403 | | | |
| 404 | | | socks_tree = proto_item_add_subtree(ti, ett_socks); |
| 405 | | | |
| 406 | | | proto_tree_add_text( socks_tree, tvb, offset, 2, "Reserved"); |
| 407 | | | offset += 2; |
| 408 | | | |
| 409 | | | proto_tree_add_text( socks_tree, tvb, offset, 1, "Fragment Number: %u", tvb_get_guint8(tvb, offset)); |
| 410 | | | ++offset; |
| 411 | | | |
| 412 | | | |
| 413 | | | offset = display_address( tvb, offset, socks_tree); |
| 414 | | | hash_info->udp_remote_port = tvb_get_ntohs(tvb, offset); |
| 415 | | | |
| 416 | | | proto_tree_add_uint( socks_tree, hf_socks_dstport, tvb, |
| 417 | | | offset, 2, hash_info->udp_remote_port); |
| 418 | | | |
| 419 | | | offset += 2; |
| 420 | | | } |
| 421 | | | else { |
| 422 | | | offset += 3; |
| 423 | | | offset = get_address_v5( tvb, offset, 0) + 2; |
| 424 | | | } |
| 425 | | | |
| 426 | | | |
| 427 | | | |
| 428 | | | |
| 429 | | | if ( pinfo->srcport == hash_info->port) |
Null Pointer Dereference
hash_info is dereferenced here, but it is NULL. The issue can occur if the highlighted code executes. See related event 12. Show: All events | Only primary events |
|
| |