Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 2 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 1584234: (TAINTED_SCALAR) ________________________________________________________________________________________________________ *** CID 1584234: (TAINTED_SCALAR) /zebra/fpm_listener.c: 594 in fpm_serve() 588 while (1) { 589 590 hdr = read_fpm_msg(buf, sizeof(buf)); 591 if (!hdr) 592 return; 593
CID 1584234: (TAINTED_SCALAR) Passing tainted expression "*hdr" to "process_fpm_msg", which uses it as a loop boundary.
594 process_fpm_msg(hdr); 595 } 596 } 597 598 int main(int argc, char **argv) 599 { /zebra/fpm_listener.c: 594 in fpm_serve() 588 while (1) { 589 590 hdr = read_fpm_msg(buf, sizeof(buf)); 591 if (!hdr) 592 return; 593
CID 1584234: (TAINTED_SCALAR) Passing tainted expression "hdr->msg_len" to "process_fpm_msg", which uses it as a loop boundary.
594 process_fpm_msg(hdr); 595 } 596 } 597 598 int main(int argc, char **argv) 599 { /zebra/fpm_listener.c: 594 in fpm_serve() 588 while (1) { 589 590 hdr = read_fpm_msg(buf, sizeof(buf)); 591 if (!hdr) 592 return; 593
CID 1584234: (TAINTED_SCALAR) Passing tainted expression "hdr->msg_len" to "process_fpm_msg", which uses it as a loop boundary.
594 process_fpm_msg(hdr); 595 } 596 } 597 598 int main(int argc, char **argv) 599 { /zebra/fpm_listener.c: 594 in fpm_serve() 588 while (1) { 589 590 hdr = read_fpm_msg(buf, sizeof(buf)); 591 if (!hdr) 592 return; 593
CID 1584234: (TAINTED_SCALAR) Passing tainted expression "hdr" to "process_fpm_msg", which uses it as a loop boundary.
594 process_fpm_msg(hdr); 595 } 596 } 597 598 int main(int argc, char **argv) 599 { /zebra/fpm_listener.c: 594 in fpm_serve() 588 while (1) { 589 590 hdr = read_fpm_msg(buf, sizeof(buf)); 591 if (!hdr) 592 return; 593
CID 1584234: (TAINTED_SCALAR) Passing tainted expression "hdr" to "process_fpm_msg", which uses it as a loop boundary.
594 process_fpm_msg(hdr); 595 } 596 } 597 598 int main(int argc, char **argv) 599 {
** CID 1584233: (TAINTED_SCALAR) ________________________________________________________________________________________________________ *** CID 1584233: (TAINTED_SCALAR) /zebra/fpm_listener.c: 577 in process_fpm_msg() 571 572 if (hdr->msg_type != FPM_MSG_TYPE_NETLINK) { 573 fprintf(stderr, "Unknown fpm message type %u\n", hdr->msg_type); 574 return; 575 } 576
CID 1584233: (TAINTED_SCALAR) Passing tainted expression "fpm_msg_data_len(hdr)" to "parse_netlink_msg", which uses it as a loop boundary.
577 parse_netlink_msg(fpm_msg_data(hdr), fpm_msg_data_len(hdr)); 578 } 579 580 /* 581 * fpm_serve 582 */ /zebra/fpm_listener.c: 577 in process_fpm_msg() 571 572 if (hdr->msg_type != FPM_MSG_TYPE_NETLINK) { 573 fprintf(stderr, "Unknown fpm message type %u\n", hdr->msg_type); 574 return; 575 } 576
CID 1584233: (TAINTED_SCALAR) Passing tainted expression "fpm_msg_data_len(hdr)" to "parse_netlink_msg", which uses it as a loop boundary.
577 parse_netlink_msg(fpm_msg_data(hdr), fpm_msg_data_len(hdr)); 578 } 579 580 /* 581 * fpm_serve 582 */
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2B...