Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 4 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 4 of 4 defect(s) ** CID 1506514: Insecure data handling (TAINTED_SCALAR) /ospf6d/ospf6_gr_helper.c: 1222 in ospf6_grace_lsa_show_info() ________________________________________________________________________________________________________ *** CID 1506514: Insecure data handling (TAINTED_SCALAR) /ospf6d/ospf6_gr_helper.c: 1222 in ospf6_grace_lsa_show_info() 1216 if (!use_json) 1217 vty_out(vty, "TLV info:\n"); 1218 } else { 1219 zlog_debug(" TLV info:"); 1220 } 1221
CID 1506514: Insecure data handling (TAINTED_SCALAR) Using tainted variable "length" as a loop boundary.
1222 for (tlvh = TLV_HDR_TOP(lsah); sum < length; 1223 tlvh = TLV_HDR_NEXT(tlvh)) { 1224 switch (ntohs(tlvh->type)) { 1225 case GRACE_PERIOD_TYPE: 1226 gracePeriod = (struct grace_tlv_graceperiod *)tlvh; 1227 sum += TLV_SIZE(tlvh);
** CID 1506513: Insecure data handling (TAINTED_SCALAR) /ospf6d/ospf6_gr_helper.c: 160 in ospf6_extract_grace_lsa_fields() ________________________________________________________________________________________________________ *** CID 1506513: Insecure data handling (TAINTED_SCALAR) /ospf6d/ospf6_gr_helper.c: 160 in ospf6_extract_grace_lsa_fields() 154 int sum = 0; 155 156 lsah = (struct ospf6_lsa_header *)lsa->header; 157 158 length = ntohs(lsah->length) - OSPF6_LSA_HEADER_SIZE; 159
CID 1506513: Insecure data handling (TAINTED_SCALAR) Using tainted variable "length" as a loop boundary.
160 for (tlvh = TLV_HDR_TOP(lsah); sum < length; 161 tlvh = TLV_HDR_NEXT(tlvh)) { 162 switch (ntohs(tlvh->type)) { 163 case GRACE_PERIOD_TYPE: 164 gracePeriod = (struct grace_tlv_graceperiod *)tlvh; 165 *interval = ntohl(gracePeriod->interval);
** CID 1506512: (USE_AFTER_FREE) /ospf6d/ospf6_gr_helper.c: 232 in ospf6_check_chg_in_rxmt_list() /ospf6d/ospf6_gr_helper.c: 232 in ospf6_check_chg_in_rxmt_list() ________________________________________________________________________________________________________ *** CID 1506512: (USE_AFTER_FREE) /ospf6d/ospf6_gr_helper.c: 232 in ospf6_check_chg_in_rxmt_list() 226 for (ALL_LSDB(nbr->retrans_list, lsa, lsanext)) { 227 struct ospf6_lsa *lsa_in_db = NULL; 228 229 /* Fetching the same copy of LSA form LSDB to validate the 230 * topochange. 231 */
CID 1506512: (USE_AFTER_FREE) Dereferencing freed pointer "lsa".
232 lsa_in_db = 233 ospf6_lsdb_lookup(lsa->header->type, lsa->header->id, 234 lsa->header->adv_router, lsa->lsdb); 235 236 if (lsa_in_db && lsa_in_db->tobe_acknowledged) 237 return OSPF6_TRUE; /ospf6d/ospf6_gr_helper.c: 232 in ospf6_check_chg_in_rxmt_list() 226 for (ALL_LSDB(nbr->retrans_list, lsa, lsanext)) { 227 struct ospf6_lsa *lsa_in_db = NULL; 228 229 /* Fetching the same copy of LSA form LSDB to validate the 230 * topochange. 231 */
CID 1506512: (USE_AFTER_FREE) Dereferencing freed pointer "lsa".
232 lsa_in_db = 233 ospf6_lsdb_lookup(lsa->header->type, lsa->header->id, 234 lsa->header->adv_router, lsa->lsdb); 235 236 if (lsa_in_db && lsa_in_db->tobe_acknowledged) 237 return OSPF6_TRUE;
** CID 1506511: Null pointer dereferences (NULL_RETURNS) ________________________________________________________________________________________________________ *** CID 1506511: Null pointer dereferences (NULL_RETURNS) /ospf6d/ospf6_gr_helper.c: 1163 in show_ipv6_ospf6_gr_helper_magic() 1157 if (argv_find(argv, argc, "detail", &idx)) 1158 detail = true; 1159 1160 if (uj) 1161 json = json_object_new_object(); 1162
CID 1506511: Null pointer dereferences (NULL_RETURNS) Dereferencing a pointer that might be "NULL" "ospf6" when calling "show_ospf6_gr_helper_details".
1163 show_ospf6_gr_helper_details(vty, ospf6, json, uj, detail); 1164 1165 if (uj) { 1166 vty_out(vty, "%s\n", 1167 json_object_to_json_string_ext( 1168 json, JSON_C_TO_STRING_PRETTY));
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...