Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 6 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 6 of 6 defect(s) ** CID 1441571: Security best practices violations (DC.WEAK_CRYPTO) /babeld/util.c: 144 in timeval_min_sec() ________________________________________________________________________________________________________ *** CID 1441571: Security best practices violations (DC.WEAK_CRYPTO) /babeld/util.c: 144 in timeval_min_sec() 138 /* set d to min(d, x) with x in [secs, secs+1] */ 139 void 140 timeval_min_sec(struct timeval *d, time_t secs) 141 { 142 if(d->tv_sec == 0 || d->tv_sec > secs) { 143 d->tv_sec = secs;
CID 1441571: Security best practices violations (DC.WEAK_CRYPTO) "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
144 d->tv_usec = random() % 1000000; 145 } 146 } 147 148 /* parse a float value in second and return the corresponding mili-seconds. 149 For example:
** CID 1441570: Security best practices violations (DC.WEAK_CRYPTO) /babeld/babeld.c: 200 in babel_init_routing_process() ________________________________________________________________________________________________________ *** CID 1441570: Security best practices violations (DC.WEAK_CRYPTO) /babeld/babeld.c: 200 in babel_init_routing_process() 194 /* Zebra will give some information, especially about interfaces. This function 195 must be call with a litte timeout wich may give zebra the time to do his job, 196 making these inits have sense. */ 197 static int 198 babel_init_routing_process(struct thread *thread) 199 {
CID 1441570: Security best practices violations (DC.WEAK_CRYPTO) "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
200 myseqno = (random() & 0xFFFF); 201 babel_get_myid(); 202 babel_load_state_file(); 203 debugf(BABEL_DEBUG_COMMON, "My ID is : %s.", format_eui64(myid)); 204 babel_initial_noise(); 205 babel_main_loop(thread);/* this function self-add to the t_update thread */
** CID 1441569: Security best practices violations (DC.WEAK_CRYPTO) /babeld/babel_interface.c: 1423 in babel_interface_allocate() ________________________________________________________________________________________________________ *** CID 1441569: Security best practices violations (DC.WEAK_CRYPTO) /babeld/babel_interface.c: 1423 in babel_interface_allocate() 1417 1418 /* Here are set the default values for an interface. */ 1419 memset(babel_ifp, 0, sizeof(babel_interface_nfo)); 1420 /* All flags are unset */ 1421 babel_ifp->bucket_time = babel_now.tv_sec; 1422 babel_ifp->bucket = BUCKET_TOKENS_MAX;
CID 1441569: Security best practices violations (DC.WEAK_CRYPTO) "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
1423 babel_ifp->hello_seqno = (random() & 0xFFFF); 1424 babel_ifp->rtt_min = 10000; 1425 babel_ifp->rtt_max = 120000; 1426 babel_ifp->max_rtt_penalty = 150; 1427 babel_ifp->hello_interval = BABEL_DEFAULT_HELLO_INTERVAL; 1428 babel_ifp->update_interval = BABEL_DEFAULT_UPDATE_INTERVAL;
** CID 1441568: Security best practices violations (DC.WEAK_CRYPTO) /babeld/util.c: 50 in roughly() ________________________________________________________________________________________________________ *** CID 1441568: Security best practices violations (DC.WEAK_CRYPTO) /babeld/util.c: 50 in roughly() 44 { 45 if(value < 0) 46 return -roughly(-value); 47 else if(value <= 1) 48 return value; 49 else
CID 1441568: Security best practices violations (DC.WEAK_CRYPTO) "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
50 return value * 3 / 4 + random() % (value / 2); 51 } 52 53 /* d = s1 - s2 */ 54 void 55 timeval_minus(struct timeval *d,
** CID 743090: Memory - corruptions (OVERRUN) ________________________________________________________________________________________________________ *** CID 743090: Memory - corruptions (OVERRUN) /babeld/message.c: 1249 in flushupdates() 1243 channels[0] = babel_route_ifp->channel; 1244 } 1245 memcpy(channels + 1, route->channels, DIVERSITY_HOPS - 1); 1246 } 1247 1248 chlen = channels_len(channels);
CID 743090: Memory - corruptions (OVERRUN) Overrunning array "route->src->id" of 8 bytes by passing it to a function which accesses it at byte offset 15.
1249 really_send_update(ifp, route->src->id, 1250 route->src->prefix, 1251 route->src->plen, 1252 seqno, metric, 1253 channels, chlen); 1254 update_source(route->src, seqno, metric);
** CID 743089: Memory - corruptions (OVERRUN) ________________________________________________________________________________________________________ *** CID 743089: Memory - corruptions (OVERRUN) /babeld/message.c: 1207 in flushupdates() 1201 } 1202 1203 xroute = find_xroute(b[i].prefix, b[i].plen); 1204 route = find_installed_route(b[i].prefix, b[i].plen); 1205 1206 if(xroute && (!route || xroute->metric <= kernel_metric)) {
CID 743089: Memory - corruptions (OVERRUN) Overrunning array "myid" of 8 bytes by passing it to a function which accesses it at byte offset 15.
1207 really_send_update(ifp, myid, 1208 xroute->prefix, xroute->plen, 1209 myseqno, xroute->metric, 1210 NULL, 0); 1211 last_prefix = xroute->prefix; 1212 last_plen = xroute->plen;
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05... To manage Coverity Scan email notifications for "frr@lists.nox.tf", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...