(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-ncp2222.inc) |
| |
| 7563 | | | dissect_ncp_request(tvbuff_t *tvb, packet_info *pinfo, |
| 7564 | | | guint32 nw_connection, guint8 sequence, |
| 7565 | | | guint16 type, proto_tree *volatile ncp_tree) |
| 7566 | | | { |
| 7567 | | | volatile guint8 func=0; |
| 7568 | | | volatile guint8 subfunc = 0; |
| 7569 | | | gboolean requires_subfunc = FALSE; |
| 7570 | | | gboolean has_length = FALSE; |
| 7571 | | | ncp_req_hash_value *volatile request_value = NULL; |
| 7572 | | | const ncp_record *volatile ncp_rec = NULL; |
| 7573 | | | conversation_t *conversation; |
| 7574 | | | ptvcursor_t *volatile ptvc = NULL; |
| 7575 | | | proto_tree *temp_tree = NULL; |
| 7576 | | | volatile gboolean run_req_cond = FALSE; |
| 7577 | | | volatile gboolean run_info_str = FALSE; |
| 7578 | | | guint32 length_remaining; |
| 7579 | | | guint32 testvar; |
| 7580 | | | volatile unsigned long except_code; |
| 7581 | | | const char *volatile message; |
| 7582 | | | |
| 7583 | | | |
| 7584 | | | |
| 7585 | | | switch (type) { |
Event 1:
type evaluates to 4369.
hide
|
|
| 7586 | | | case NCP_ALLOCATE_SLOT: |
| 7587 | | | length_remaining = tvb_length_remaining(tvb, 4); |
| 7588 | | | if (length_remaining > 4) |
Event 2:
Taking true branch. length_remaining > 4 evaluates to true.
hide
|
|
| 7589 | | | { |
| 7590 | | | testvar = tvb_get_ntohl(tvb, 4); |
| 7591 | | | if( testvar == 0x4c495020) |
Event 3:
Taking true branch. testvar == 1279873056 evaluates to true.
hide
|
|
| 7592 | | | { |
| 7593 | | | ncp_rec = &ncplip_echo; |
| 7594 | | | } |
| 7595 | | | else |
| 7596 | | | { |
| 7597 | | | ncp_rec = &ncp1111_request; |
| 7598 | | | if (ncp_echo_conn) { |
| 7599 | | | expert_add_info_format(pinfo, NULL, PI_RESPONSE_CODE, PI_CHAT, "Connection Request"); |
| 7600 | | | } |
| 7601 | | | } |
| 7602 | | | } |
| 7603 | | | else |
| 7604 | | | { |
| 7605 | | | ncp_rec = &ncp1111_request; |
| 7606 | | | if (ncp_echo_conn) { |
| 7607 | | | expert_add_info_format(pinfo, NULL, PI_RESPONSE_CODE, PI_CHAT, "Connection Request"); |
| 7608 | | | } |
| 7609 | | | } |
| 7610 | | | break; |
| 7611 | | | case NCP_SERVICE_REQUEST: |
| 7612 | | | func = tvb_get_guint8(tvb, 6); |
| 7613 | | | requires_subfunc = ncp_requires_subfunc(func); |
| 7614 | | | has_length = ncp_has_length_parameter(func); |
| 7615 | | | if (requires_subfunc) { |
| 7616 | | | if (has_length) { |
| 7617 | | | subfunc = tvb_get_guint8(tvb, 9); |
| 7618 | | | } |
| 7619 | | | else { |
| 7620 | | | subfunc = tvb_get_guint8(tvb, 7); |
| 7621 7632 |  | | [ Lines 7621 to 7632 omitted. ] |
| 7633 | | | break; |
| 7634 | | | case NCP_LIP_ECHO: |
| 7635 | | | ncp_rec = &ncplip_echo; |
| 7636 | | | break; |
| 7637 | | | default: |
| 7638 | | | ncp_rec = NULL; |
| 7639 | | | break; |
| 7640 | | | } |
| 7641 | | | |
| 7642 | | | |
| 7643 | [+] | | if (check_col(pinfo->cinfo, COL_INFO)) { |
 |
| 7644 | | | if (ncp_rec) { |
| 7645 | | | col_add_fstr(pinfo->cinfo, COL_INFO, "C %s", ncp_rec->name); |
| 7646 | | | if (ncp_rec->req_info_str) { |
| 7647 | | | |
| 7648 | | | |
| 7649 | | | run_info_str = TRUE; |
| 7650 | | | } |
| 7651 | | | } |
| 7652 | | | else { |
| 7653 | | | if (requires_subfunc) { |
| 7654 | | | col_add_fstr(pinfo->cinfo, COL_INFO, |
| 7655 | | | "C Unknown Function %u %u (0x%02X/0x%02x)", |
| 7656 | | | func, subfunc, func, subfunc); |
| 7657 | | | return; |
| 7658 | | | } |
| 7659 | | | else { |
| 7660 | | | col_add_fstr(pinfo->cinfo, COL_INFO, |
| 7661 | | | "C Unknown Function %u (0x%02x)", |
| 7662 | | | func, func); |
| 7663 | | | return; |
| 7664 | | | } |
| 7665 | | | } |
| 7666 | | | } |
| 7667 | | | if (!pinfo->fd->flags.visited) { |
Event 6:
Taking true branch. pinfo->fd->flags.visited evaluates to false.
hide
|
|
| 7668 | | | |
| 7669 | | | |
| 7670 | | | |
| 7671 | | | |
| 7672 | | | |
| 7673 | | | |
| 7674 | | | |
| 7675 | | | |
| 7676 | | | conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, |
| 7677 | | | PT_NCP, nw_connection, nw_connection, 0); |
| 7678 | | | |
| 7679 | | | if (conversation == NULL) { |
Event 7:
Taking true branch. conversation == (void *)0 evaluates to true.
hide
|
|
| 7680 | | | |
| 7681 | | | conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, |
| 7682 | | | PT_NCP, nw_connection, nw_connection, 0); |
| 7683 | | | } |
| 7684 | | | request_value = ncp_hash_insert(conversation, sequence, ncp_rec); |
| 7685 | | | request_value->req_frame_num = pinfo->fd->num; |
| 7686 | | | request_value->req_frame_time = pinfo->fd->abs_ts; |
| 7687 | | | |
| 7688 | | | |
| 7689 | | | |
| 7690 | | | |
| 7691 | | | |
| 7692 | | | |
| 7693 | | | if (ncp_rec) { |
Event 8:
Taking true branch. ncp_rec evaluates to true.
hide
|
|
| 7694 | | | if (ncp_rec->req_cond_indexes) { |
Event 9:
Skipping " if". ncp_rec->req_cond_indexes evaluates to false.
hide
|
|
| 7695 | | | run_req_cond = TRUE; |
| 7696 | | | } |
| 7697 | | | } |
| 7698 | | | } |
| 7699 | | | |
| 7700 | | | |
| 7701 | | | |
| 7702 | | | |
| 7703 | | | |
| 7704 | | | if ((run_info_str || run_req_cond) && !ncp_tree) { |
Event 10:
Skipping " if". - run_info_str evaluates to false.
- run_req_cond evaluates to false.
hide
|
|
| 7705 | | | proto_item *ti; |
| 7706 | | | |
| 7707 | | | temp_tree = proto_tree_create_root(); |
| 7708 | | | proto_tree_set_visible(temp_tree, FALSE); |
| 7709 | | | ti = proto_tree_add_item(temp_tree, proto_ncp, tvb, 0, -1, FALSE); |
| 7710 | | | ncp_tree = proto_item_add_subtree(ti, ett_ncp); |
| 7711 | | | } |
| 7712 | | | |
| 7713 | | | if (ncp_tree) { |
Event 11:
Taking true branch. ncp_tree evaluates to true.
hide
|
|
| 7714 | | | |
| 7715 | | | |
| 7716 | | | |
| 7717 | | | |
| 7718 | | | |
| 7719 | | | |
| 7720 | | | |
| 7721 | | | CLEANUP_PUSH(free_proto_tree, temp_tree);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/except.h |
| |
124 | #define except_cleanup_push(F, C) \ |
125 | { \ |
126 | struct except_stacknode except_sn; \ |
127 | struct except_cleanup except_cl; \ |
128 | except_setup_clean(&except_sn, &except_cl, F, C) |
| |
|
| 7722 | | | |
| 7723 | | | #ifdef FAKE_TREE_IS_VISIBLE |
| 7724 | | | PTREE_DATA(ncp_tree)->visible=1;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
346 | #define PTREE_DATA(proto_tree) ((proto_tree)->tree_data) |
| |
|
| 7725 | | | #endif |
| 7726 | | | |
| 7727 | | | |
| 7728 | | | |
| 7729 | | | |
| 7730 | | | if (run_req_cond) { |
Event 12:
Skipping " if". run_req_cond evaluates to false.
hide
|
|
| 7731 | | | const int *needed; |
| 7732 | | | dfilter_t *dfilter; |
| 7733 | | | |
| 7734 | | | needed = ncp_rec->req_cond_indexes; |
| 7735 | | | |
| 7736 | | | while (*needed != -1) { |
| 7737 | | | dfilter = req_conds[*needed].dfilter; |
| 7738 | | | |
| 7739 | | | dfilter_prime_proto_tree(dfilter, ncp_tree); |
| 7740 | | | needed++; |
| 7741 | | | } |
| 7742 | | | } |
| 7743 | | | |
| 7744 | | | |
| 7745 | | | |
| 7746 | | | if (run_info_str) { |
Event 13:
Taking true branch. run_info_str evaluates to true.
hide
|
|
| 7747 | | | proto_tree_prime_hfid(ncp_tree, *ncp_rec->req_info_str->hf_ptr); |
| 7748 | | | } |
| 7749 | | | |
| 7750 | | | switch (type) { |
Event 14:
Executing default case.
hide
|
|
| 7751 | | | case NCP_BROADCAST_SLOT: |
| 7752 | | | ; |
| 7753 | | | break; |
| 7754 | | | |
| 7755 | | | case NCP_SERVICE_REQUEST: |
| 7756 | | | proto_tree_add_uint_format(ncp_tree, hf_ncp_func, tvb, 6, 1, |
| 7757 | | | func, "Function: %u (0x%02X), %s", |
| 7758 | | | func, func, ncp_rec ? ncp_rec->name : "Unknown"); |
| 7759 | | | break; |
| 7760 | | | |
| 7761 | | | default: |
| 7762 | | | ; |
| 7763 | | | break; |
| 7764 | | | } |
| 7765 | | | if (request_value) { |
Event 15:
Taking true branch. request_value evaluates to true.
hide
|
|
| 7766 | | | request_value->length = 0; |
| 7767 | | | } |
| 7768 | | | if (requires_subfunc) { |
Event 16:
Taking false branch. requires_subfunc evaluates to false.
hide
|
|
| 7769 | | | if (has_length) { |
| 7770 | | | if (request_value && func==123) { |
| 7771 | | | request_value->length = tvb_get_ntohs(tvb, 7); |
| 7772 | | | } |
| 7773 | | | proto_tree_add_item(ncp_tree, hf_ncp_length, tvb, 7, |
| 7774 | | | 2, FALSE); |
| 7775 | | | proto_tree_add_uint_format(ncp_tree, hf_ncp_subfunc, tvb, 9, 1, |
| 7776 | | | subfunc, "SubFunction: %u (0x%02x)", |
| 7777 | | | subfunc, subfunc); |
| 7778 | | | ptvc = ptvcursor_new(ncp_tree, tvb, 10); |
| 7779 | | | } |
| 7780 | | | else { |
| 7781 | | | proto_tree_add_uint_format(ncp_tree, hf_ncp_subfunc, tvb, 7, 1, |
| 7782 | | | subfunc, "SubFunction: %u (0x%02x)", |
| 7783 | | | subfunc, subfunc); |
| 7784 | | | ptvc = ptvcursor_new(ncp_tree, tvb, 8); |
| 7785 | | | } |
| 7786 | | | } |
| 7787 | | | else { |
| 7788 | | | ptvc = ptvcursor_new(ncp_tree, tvb, 7); |
| 7789 | | | } |
| 7790 | | | |
| 7791 | | | |
| 7792 | | | |
| 7793 | | | if (ncp_rec) { |
Event 17:
Taking true branch. ncp_rec evaluates to true.
hide
|
|
| 7794 | | | proto_tree_add_uint_format(ncp_tree, hf_ncp_group, tvb, 0, 0, ncp_rec->group, "Group: %s", ncp_groups[ncp_rec->group]); |
| 7795 | | | } |
| 7796 | | | |
| 7797 | | | except_code = 0; |
| 7798 | | | message = NULL; |
| 7799 | | | if (ncp_rec && ncp_rec->request_ptvc) { |
Event 18:
Skipping " if". - ncp_rec evaluates to true.
- ncp_rec->request_ptvc evaluates to false.
hide
|
|
| 7800 | | | clear_repeat_vars(); |
| 7801 | | | |
| 7802 | | | |
| 7803 | | | |
| 7804 | | | |
| 7805 | | | |
| 7806 | | | |
| 7807 | | | |
| 7808 | | | |
| 7809 | | | |
| 7810 | | | TRY {
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
176 | #define TRY \ |
177 | {\ |
178 | except_t *exc; \ |
179 | volatile int except_state = 0; \ |
180 | static const except_id_t catch_spec[] = { \ |
181 | { XCEPT_GROUP_WIRESHARK, XCEPT_CODE_ANY } }; \ |
182 | except_try_push(catch_spec, 1, &exc); \ |
183 | \ |
184 | if(except_state & EXCEPT_CAUGHT) \ |
185 | except_state |= EXCEPT_RETHROWN; \ |
186 | except_state &= ~EXCEPT_CAUGHT; \ |
187 | \ |
188 | if (except_state == 0 && exc == 0) \ |
189 | /* user's code goes here */ |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/except.h |
| |
143 | #define except_try_push(ID, NUM, PPE) \ |
144 | { \ |
145 | struct except_stacknode except_sn; \ |
146 | struct except_catch except_ch; \ |
147 | except_setup_try(&except_sn, &except_ch, ID, NUM); \ |
148 | if (setjmp(except_ch.except_jmp)) \ |
149 | *(PPE) = &except_ch.except_obj; \ |
150 | else \ |
151 | *(PPE) = 0 |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
165 | #define EXCEPT_CAUGHT 1 /* exception has been caught, no need to rethrow at |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
168 | #define EXCEPT_RETHROWN 2 /* the exception was rethrown from a CATCH |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
165 | #define EXCEPT_CAUGHT 1 /* exception has been caught, no need to rethrow at |
| |
|
| 7811 | | | process_ptvc_record(ptvc, ncp_rec->request_ptvc, NULL, TRUE, ncp_rec); |
| 7812 | | | } CATCH_ALL {
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
213 | #define CATCH_ALL \ |
214 | if (except_state == 0 && exc != 0 && \ |
215 | (except_state|=EXCEPT_CAUGHT)) \ |
216 | /* user's code goes here */ |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
165 | #define EXCEPT_CAUGHT 1 /* exception has been caught, no need to rethrow at |
| |
|
| 7813 | | | except_code = EXCEPT_CODE; |
| 7814 | | | message = GET_MESSAGE; |
| 7815 | | | } |
| 7816 | | | ENDTRY;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
191 | #define ENDTRY \ |
192 | /* rethrow the exception if necessary */ \ |
193 | if(!(except_state&EXCEPT_CAUGHT) && exc != 0) \ |
194 | except_rethrow(exc); \ |
195 | except_try_pop();\ |
196 | } |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
165 | #define EXCEPT_CAUGHT 1 /* exception has been caught, no need to rethrow at |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/except.h |
| |
153 | #define except_try_pop() \ |
154 | except_free(except_ch.except_obj.except_dyndata); \ |
155 | except_pop(); \ |
156 | } |
| |
|
| 7817 | | | } |
| 7818 | | | ptvcursor_free(ptvc); |
| 7819 | | | |
| 7820 | | | if (func == 0x5c && ncp_tree) { |
| 7821 | | | dissect_sss_request(tvb, pinfo, ncp_tree, request_value); |
| 7822 | | | } |
| 7823 | | | |
| 7824 | | | if (func == 0x5e && ncp_tree) { |
Event 20:
Skipping " if". func == 94 evaluates to false.
hide
|
|
| 7825 | | | dissect_nmas_request(tvb, pinfo, ncp_tree, request_value); |
| 7826 | | | } |
| 7827 | | | |
| 7828 | | | |
| 7829 | | | |
| 7830 | | | |
| 7831 | | | if (run_req_cond) { |
Event 21:
Skipping " if". run_req_cond evaluates to false.
hide
|
|
| 7832 | | | const int *needed; |
| 7833 | | | gboolean *results; |
| 7834 | | | dfilter_t *dfilter; |
| 7835 | | | |
| 7836 | | | results = g_new0(gboolean, NUM_REQ_CONDS);
x /usr/include/glib-2.0/glib/gmem.h |
| |
175 | #define g_new0(struct_type, n_structs) _G_NEW (struct_type, n_structs, malloc0) |
| |
x /usr/include/glib-2.0/glib/gmem.h |
| |
102 | # define _G_NEW(struct_type, n_structs, func) \ |
103 | (struct_type *) (__extension__ ({ \ |
104 | gsize __n = (gsize) (n_structs); \ |
105 | gsize __s = sizeof (struct_type); \ |
106 | gpointer __p; \ |
107 | if (__s == 1) \ |
108 | __p = g_##func (__n); \ |
109 | else if (__builtin_constant_p (__n) && \ |
110 | (__s == 0 || __n <= G_MAXSIZE / __s)) \ |
111 | __p = g_##func (__n * __s); \ |
112 | else \ |
113 | __p = g_##func##_n (__n, __s); \ |
114 | __p; \ |
115 | })) |
| |
|
| 7837 | | | needed = ncp_rec->req_cond_indexes; |
| 7838 | | | |
| 7839 | | | while (*needed != -1) { |
| 7840 | | | |
| 7841 | | | |
| 7842 | | | dfilter = req_conds[*needed].dfilter; |
| 7843 | | | results[*needed] = dfilter_apply(dfilter, ncp_tree); |
| 7844 | | | needed++; |
| 7845 | | | } |
| 7846 | | | |
| 7847 | | | |
| 7848 | | | |
| 7849 | | | request_value->req_cond_results = results; |
| 7850 | | | } |
| 7851 | | | |
| 7852 | | | if (run_info_str) { |
Event 22:
Taking true branch. run_info_str evaluates to true.
hide
|
|
| 7853 | | | GPtrArray *parray; |
| 7854 | | | char* byte_string; |
| 7855 | | | char non_uni_string[1024]; |
| 7856 | | | int i, len; |
| 7857 | | | field_info *finfo; |
| 7858 | | | int info_type; |
| 7859 | | | |
| 7860 | | | if (!request_value) |
Event 23:
Taking true branch. request_value evaluates to false.
hide
|
|
| 7861 | | | { |
| 7862 | | | conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, |
| 7863 | | | PT_NCP, nw_connection, nw_connection, 0); |
| 7864 | | | if (conversation != NULL) { |
Event 24:
Taking true branch. conversation != (void *)0 evaluates to true.
hide
|
|
| 7865 | | | |
| 7866 | | | |
| 7867 | | | request_value = ncp_hash_lookup(conversation, sequence); |
| 7868 | | | } |
| 7869 | | | if (!conversation || !request_value) |
Event 25:
Skipping " if". - conversation evaluates to true.
- request_value evaluates to true.
hide
|
|
| 7870 | | | { |
| 7871 | | | return; |
| 7872 | | | } |
| 7873 | | | } |
| 7874 | | | |
| 7875 | | | parray = proto_get_finfo_ptr_array(ncp_tree, |
| 7876 | [+] | | *ncp_rec->req_info_str->hf_ptr); |
 |
| 7877 | | | len = g_ptr_array_len(parray); |
| 7878 | | | |
| 7879 | | | if (len > 0) { |
Event 27:
Skipping " if". len > 0 evaluates to false.
hide
|
|
| 7880 | | | |
| 7881 | | | col_set_str(pinfo->cinfo, COL_INFO, "C "); |
| 7882 | | | |
| 7883 | | | finfo = g_ptr_array_index(parray, 0);
x /usr/include/glib-2.0/glib/garray.h |
| |
111 | #define g_ptr_array_index(array,index_) ((array)->pdata)[index_] |
| |
|
| 7884 | | | |
| 7885 | | | info_type = get_info_type((const gchar*) ncp_rec->req_info_str->first_string); |
| 7886 | | | |
| 7887 | | | if (info_type != 0) { |
| 7888 | | | |
| 7889 | | | if (info_type == 1) { |
| 7890 7907 |  | | [ Lines 7890 to 7907 omitted. ] |
| 7908 | | | } |
| 7909 | | | } |
| 7910 | | | } |
| 7911 | | | else |
| 7912 | | | { |
| 7913 | | | col_append_fstr(pinfo->cinfo, COL_INFO, |
| 7914 | | | (const gchar*) ncp_rec->req_info_str->first_string, |
| 7915 | | | get_finfo_value_integer(finfo)); |
| 7916 | | | } |
| 7917 | | | } |
| 7918 | | | if (len > 1) { |
Event 28:
Skipping " if". len > 1 evaluates to false.
hide
|
|
| 7919 | | | for (i = 1; i < len; i++) { |
| 7920 | | | non_uni_string[0]='\0'; |
| 7921 | | | finfo = g_ptr_array_index(parray, i);
x /usr/include/glib-2.0/glib/garray.h |
| |
111 | #define g_ptr_array_index(array,index_) ((array)->pdata)[index_] |
| |
|
| 7922 | | | info_type = get_info_type((const gchar*) ncp_rec->req_info_str->repeat_string); |
| 7923 | | | |
| 7924 | | | if (info_type != 0) { |
| 7925 | | | if (info_type == 1) |
| 7926 | | | { |
| 7927 | | | byte_string = bytes_to_str(get_finfo_value_string(finfo), get_finfo_length(finfo)); |
| 7928 | | | col_append_fstr(pinfo->cinfo, COL_INFO, |
| 7929 7947 |  | | [ Lines 7929 to 7947 omitted. ] |
| 7948 | | | else |
| 7949 | | | { |
| 7950 | | | col_append_fstr(pinfo->cinfo, COL_INFO, |
| 7951 | | | (const gchar*) ncp_rec->req_info_str->repeat_string, |
| 7952 | | | get_finfo_value_integer(finfo)); |
| 7953 | | | } |
| 7954 | | | } |
| 7955 | | | } |
| 7956 | | | } |
| 7957 | | | |
| 7958 | | | if ((func == 0x57 || func == 0x59) && subfunc == 0x14 && ncp_tree && request_value) { |
| 7959 | | | char ret_info_string[16]; |
| 7960 | | | char ret_info_string_ext[16]; |
| 7961 | | | |
| 7962 | | | build_expert_data(ncp_tree, "ncp.ret_info_mask", |
| 7963 | [+] | | ret_info_string, sizeof ret_info_string, 0, FALSE); |
Event 30:
ret_info_string is passed to build_expert_data() as the third argument.
hide
Event 31:
build_expert_data() does not initialize ret_info_string. - This may be because of a failure case or other special case for build_expert_data().
hide
|
|
 |
| |