Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 5 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 5 of 5 defect(s) ** CID 1594016: Possible Control flow issues (DEADCODE) /zebra/zebra_srv6.c: 1871 in release_srv6_sid_func_explicit() ________________________________________________________________________________________________________ *** CID 1594016: Possible Control flow issues (DEADCODE) /zebra/zebra_srv6.c: 1871 in release_srv6_sid_func_explicit() 1865 zlog_warn("%s: failed to release wide SID function %u, function is not allocated", 1866 __func__, sid_wide_func); 1867 return -1; 1868 } 1869 1870 /* Release the SID function from the EWLIB range */
CID 1594016: Possible Control flow issues (DEADCODE) Execution cannot reach this statement: "listnode_delete(block->u.us...".
1871 listnode_delete(block->u.usid.wide_lib[sid_func] 1872 .func_allocated, 1873 sid_wide_func_ptr); 1874 zebra_srv6_sid_func_free(sid_wide_func_ptr); 1875 } else { 1876 zlog_warn("%s: function %u is outside ELIB [%u/%u] and EWLIB alloc ranges [%u/%u]",
** CID 1594015: (DEADCODE) /zebra/zebra_srv6.c: 1782 in get_srv6_sid() /zebra/zebra_srv6.c: 1781 in get_srv6_sid() ________________________________________________________________________________________________________ *** CID 1594015: (DEADCODE) /zebra/zebra_srv6.c: 1782 in get_srv6_sid() 1776 } 1777 1778 ret = get_srv6_sid_dynamic(sid, ctx, locator); 1779 1780 break; 1781 case SRV6_SID_ALLOC_MODE_MAX:
CID 1594015: (DEADCODE) Execution cannot reach this statement: "case SRV6_SID_ALLOC_MODE_UN...".
1782 case SRV6_SID_ALLOC_MODE_UNSPEC: 1783 default: 1784 flog_err(EC_ZEBRA_SM_CANNOT_ASSIGN_SID, 1785 "%s: SRv6 Manager: Unrecognized alloc mode %u", 1786 __func__, alloc_mode); 1787 /* We should never arrive here */ /zebra/zebra_srv6.c: 1781 in get_srv6_sid() 1775 return -1; 1776 } 1777 1778 ret = get_srv6_sid_dynamic(sid, ctx, locator); 1779 1780 break;
CID 1594015: (DEADCODE) Execution cannot reach this statement: "case SRV6_SID_ALLOC_MODE_MAX:".
1781 case SRV6_SID_ALLOC_MODE_MAX: 1782 case SRV6_SID_ALLOC_MODE_UNSPEC: 1783 default: 1784 flog_err(EC_ZEBRA_SM_CANNOT_ASSIGN_SID, 1785 "%s: SRv6 Manager: Unrecognized alloc mode %u", 1786 __func__, alloc_mode);
** CID 1594014: Null pointer dereferences (FORWARD_NULL) /zebra/zebra_srv6.c: 1860 in release_srv6_sid_func_explicit() ________________________________________________________________________________________________________ *** CID 1594014: Null pointer dereferences (FORWARD_NULL) /zebra/zebra_srv6.c: 1860 in release_srv6_sid_func_explicit() 1854 1855 /* Lookup SID function in the functions allocated list of EWLIB range */ 1856 for (ALL_LIST_ELEMENTS_RO(block->u.usid 1857 .wide_lib[sid_func] 1858 .func_allocated, 1859 node, sid_func_ptr))
CID 1594014: Null pointer dereferences (FORWARD_NULL) Dereferencing null pointer "sid_wide_func_ptr".
1860 if (*sid_wide_func_ptr == sid_wide_func) 1861 break; 1862 1863 /* Ensure that the SID function is allocated */ 1864 if (!sid_wide_func_ptr) { 1865 zlog_warn("%s: failed to release wide SID function %u, function is not allocated",
** CID 1594013: Null pointer dereferences (REVERSE_INULL) /zebra/zebra_srv6.c: 961 in zebra_srv6_sid_compose() ________________________________________________________________________________________________________ *** CID 1594013: Null pointer dereferences (REVERSE_INULL) /zebra/zebra_srv6.c: 961 in zebra_srv6_sid_compose() 955 struct srv6_locator *locator, 956 uint32_t sid_func) 957 { 958 uint8_t offset, func_len; 959 struct srv6_sid_format *format = locator->sid_format; 960
CID 1594013: Null pointer dereferences (REVERSE_INULL) Null-checking "locator" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
961 if (!sid_value || !locator) 962 return false; 963 964 if (format) { 965 offset = format->block_len + format->node_len; 966 func_len = format->function_len;
** CID 1594012: (TAINTED_SCALAR) ________________________________________________________________________________________________________ *** CID 1594012: (TAINTED_SCALAR) /nhrpd/nhrp_peer.c: 1139 in nhrp_packet_send_error() 1133 /* Don`t add extension according to RFC */ 1134 zbuf_put(zb, pp->hdr, sizeof(*pp->hdr)); 1135 zbuf_put(zb, sockunion_get_addr(&pp->src_nbma), 1136 hdr->src_nbma_address_len); 1137 zbuf_put(zb, sockunion_get_addr(&pp->src_proto), 1138 hdr->src_protocol_address_len);
CID 1594012: (TAINTED_SCALAR) Passing tainted expression "hdr->dst_protocol_address_len" to "zbuf_put", which uses it as an offset.
1139 zbuf_put(zb, sockunion_get_addr(&pp->dst_proto), 1140 hdr->dst_protocol_address_len); 1141 nhrp_packet_complete_auth(zb, hdr, pp->ifp, false); 1142 1143 nhrp_peer_send(pp->peer, zb); 1144 zbuf_free(zb); /nhrpd/nhrp_peer.c: 1135 in nhrp_packet_send_error() 1129 hdr->flags = pp->hdr->flags; 1130 hdr->hop_count = 0; /* XXX: cisco returns 255 */ 1131 1132 /* Payload is the packet causing error */ 1133 /* Don`t add extension according to RFC */ 1134 zbuf_put(zb, pp->hdr, sizeof(*pp->hdr));
CID 1594012: (TAINTED_SCALAR) Passing tainted expression "hdr->src_nbma_address_len" to "zbuf_put", which uses it as an offset.
1135 zbuf_put(zb, sockunion_get_addr(&pp->src_nbma), 1136 hdr->src_nbma_address_len); 1137 zbuf_put(zb, sockunion_get_addr(&pp->src_proto), 1138 hdr->src_protocol_address_len); 1139 zbuf_put(zb, sockunion_get_addr(&pp->dst_proto), 1140 hdr->dst_protocol_address_len); /nhrpd/nhrp_peer.c: 1137 in nhrp_packet_send_error() 1131 1132 /* Payload is the packet causing error */ 1133 /* Don`t add extension according to RFC */ 1134 zbuf_put(zb, pp->hdr, sizeof(*pp->hdr)); 1135 zbuf_put(zb, sockunion_get_addr(&pp->src_nbma), 1136 hdr->src_nbma_address_len);
CID 1594012: (TAINTED_SCALAR) Passing tainted expression "hdr->src_protocol_address_len" to "zbuf_put", which uses it as an offset.
1137 zbuf_put(zb, sockunion_get_addr(&pp->src_proto), 1138 hdr->src_protocol_address_len); 1139 zbuf_put(zb, sockunion_get_addr(&pp->dst_proto), 1140 hdr->dst_protocol_address_len); 1141 nhrp_packet_complete_auth(zb, hdr, pp->ifp, false); 1142
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2B...