Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 5 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 5 of 5 defect(s) ** CID 1503597: Insecure data handling (TAINTED_SCALAR) /ospfd/ospf_te.c: 2464 in ospf_te_parse_ri() ________________________________________________________________________________________________________ *** CID 1503597: Insecure data handling (TAINTED_SCALAR) /ospfd/ospf_te.c: 2464 in ospf_te_parse_ri() 2458 2459 ote_debug(" |- Process Router Information LSA %pI4 for Vertex %pI4", 2460 &lsa->data->id, &node->router_id); 2461 2462 /* Initialize TLV browsing */ 2463 len = ntohs(lsah->length) - OSPF_LSA_HEADER_SIZE;
CID 1503597: Insecure data handling (TAINTED_SCALAR) Using tainted variable "len" as a loop boundary.
2464 for (tlvh = TLV_HDR_TOP(lsah); sum < len; tlvh = TLV_HDR_NEXT(tlvh)) { 2465 struct ri_sr_tlv_sr_algorithm *algo; 2466 struct ri_sr_tlv_sid_label_range *range; 2467 struct ri_sr_tlv_node_msd *msd; 2468 uint32_t size, lower; 2469
** CID 1503596: Error handling issues (CHECKED_RETURN) /bgpd/bgp_routemap_nb_config.c: 2580 in lib_route_map_entry_set_action_rmap_set_action_extcommunity_lb_finish() ________________________________________________________________________________________________________ *** CID 1503596: Error handling issues (CHECKED_RETURN) /bgpd/bgp_routemap_nb_config.c: 2580 in lib_route_map_entry_set_action_rmap_set_action_extcommunity_lb_finish() 2574 snprintf(str, sizeof(str), "%s", "num-multipaths"); 2575 } 2576 2577 if (yang_dnode_get_bool(args->dnode, "./two-octet-as-specific")) 2578 strlcat(str, " non-transitive", sizeof(str)); 2579
CID 1503596: Error handling issues (CHECKED_RETURN) Calling "generic_set_add" without checking return value (as is done elsewhere 27 out of 29 times).
2580 generic_set_add(rhc->rhc_rmi, 2581 "extcommunity bandwidth", str, 2582 args->errmsg, args->errmsg_len); 2583 } 2584 2585 /*
** CID 1503595: Error handling issues (CHECKED_RETURN) /bgpd/bgp_routemap_nb_config.c: 2401 in lib_route_map_entry_set_action_rmap_set_action_aggregator_finish() ________________________________________________________________________________________________________ *** CID 1503595: Error handling issues (CHECKED_RETURN) /bgpd/bgp_routemap_nb_config.c: 2401 in lib_route_map_entry_set_action_rmap_set_action_aggregator_finish() 2395 2396 /* Set destroy information. */ 2397 rhc->rhc_shook = generic_set_delete; 2398 rhc->rhc_rule = "aggregator as"; 2399 rhc->rhc_event = RMAP_EVENT_SET_DELETED; 2400
CID 1503595: Error handling issues (CHECKED_RETURN) Calling "generic_set_add" without checking return value (as is done elsewhere 27 out of 29 times).
2401 generic_set_add(rhc->rhc_rmi, rhc->rhc_rule, argstr, 2402 args->errmsg, args->errmsg_len); 2403 XFREE(MTYPE_ROUTE_MAP_COMPILED, argstr); 2404 } 2405 /* 2406 * XPath:
** CID 1503594: Error handling issues (CHECKED_RETURN) /bgpd/bgp_routemap_nb_config.c: 1017 in lib_route_map_entry_match_condition_rmap_match_condition_comm_list_finish() ________________________________________________________________________________________________________ *** CID 1503594: Error handling issues (CHECKED_RETURN) /bgpd/bgp_routemap_nb_config.c: 1017 in lib_route_map_entry_match_condition_rmap_match_condition_comm_list_finish() 1011 } else { 1012 rhc->rhc_rule = "extcommunity"; 1013 event = RMAP_EVENT_ECLIST_ADDED; 1014 rhc->rhc_event = RMAP_EVENT_ECLIST_DELETED; 1015 } 1016
CID 1503594: Error handling issues (CHECKED_RETURN) Calling "bgp_route_match_add" without checking return value (as is done elsewhere 20 out of 21 times).
1017 bgp_route_match_add(rhc->rhc_rmi, rhc->rhc_rule, argstr, event, 1018 args->errmsg, args->errmsg_len); 1019 1020 if (argstr != value) 1021 XFREE(MTYPE_ROUTE_MAP_COMPILED, argstr); 1022 }
** CID 1496618: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1496618: Null pointer dereferences (FORWARD_NULL) /bgpd/bgp_evpn_mh.c: 949 in bgp_evpn_type1_route_update() 943 attr_new = pi->attr; 944 945 /* Perform route selection; 946 * this is just to set the flags correctly as local route in 947 * the ES always wins. 948 */
CID 1496618: Null pointer dereferences (FORWARD_NULL) Passing null pointer "vpn" to "evpn_route_select_install", which dereferences it.
949 evpn_route_select_install(bgp, vpn, dest); 950 bgp_dest_unlock_node(dest); 951 952 /* If this is a new route or some attribute has changed, export the 953 * route to the global table. The route will be advertised to peers 954 * from there. Note that this table is a 2-level tree (RD-level +
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...