Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 2 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 8 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 1479155: Uninitialized variables (UNINIT) ________________________________________________________________________________________________________ *** CID 1479155: Uninitialized variables (UNINIT) /pimd/pim_cmd.c: 6441 in pim_test_sg_keepalive_magic() 6435 6436 if (!pim) { 6437 vty_out(vty, "%% Unable to find pim instance\n"); 6438 return CMD_WARNING; 6439 } 6440
CID 1479155: Uninitialized variables (UNINIT) Using uninitialized value "sg". Field "sg.family" is uninitialized when calling "pim_upstream_find".
6441 up = pim_upstream_find(pim, &sg); 6442 if (!up) { 6443 vty_out(vty, "%% Unable to find %s specified\n", 6444 pim_str_sg_dump(&sg)); 6445 return CMD_WARNING; 6446 }
** CID 1479154: (DC.WEAK_CRYPTO) /bfdd/bfd.c: 228 in ptm_bfd_gen_ID() /bfdd/bfd.c: 229 in ptm_bfd_gen_ID() ________________________________________________________________________________________________________ *** CID 1479154: (DC.WEAK_CRYPTO) /bfdd/bfd.c: 228 in ptm_bfd_gen_ID() 222 223 /* 224 * RFC 5880, Section 6.8.1. recommends that we should generate 225 * random session identification numbers. 226 */ 227 do {
CID 1479154: (DC.WEAK_CRYPTO) "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
228 session_id = ((random() << 16) & 0xFFFF0000) 229 | (random() & 0x0000FFFF); 230 } while (session_id == 0 || bfd_id_lookup(session_id) != NULL); 231 232 return session_id; 233 } /bfdd/bfd.c: 229 in ptm_bfd_gen_ID() 223 /* 224 * RFC 5880, Section 6.8.1. recommends that we should generate 225 * random session identification numbers. 226 */ 227 do { 228 session_id = ((random() << 16) & 0xFFFF0000)
CID 1479154: (DC.WEAK_CRYPTO) "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
229 | (random() & 0x0000FFFF); 230 } while (session_id == 0 || bfd_id_lookup(session_id) != NULL); 231 232 return session_id; 233 } 234
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...