Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 2 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 1599385: Null pointer dereferences (REVERSE_INULL) /bgpd/bgp_routemap.c: 1084 in route_match_vni() ________________________________________________________________________________________________________ *** CID 1599385: Null pointer dereferences (REVERSE_INULL) /bgpd/bgp_routemap.c: 1084 in route_match_vni() 1078 && (evp->prefix.route_type != BGP_EVPN_AD_ROUTE 1079 && evp->prefix.route_type != BGP_EVPN_MAC_IP_ROUTE 1080 && evp->prefix.route_type != BGP_EVPN_IP_PREFIX_ROUTE)) 1081 return RMAP_NOOP; 1082 1083 for (label_cnt = 0; label_cnt < BGP_MAX_LABELS &&
CID 1599385: Null pointer dereferences (REVERSE_INULL) Null-checking "path" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1084 label_cnt < BGP_PATH_INFO_NUM_LABELS(path); 1085 label_cnt++) { 1086 if (vni == label2vni(&path->extra->labels->label[label_cnt])) 1087 return RMAP_MATCH; 1088 } 1089
** CID 1599384: (USE_AFTER_FREE) /bgpd/bgp_route.c: 4883 in bgp_update() /bgpd/bgp_route.c: 4965 in bgp_update() /bgpd/bgp_route.c: 4937 in bgp_update() /bgpd/bgp_route.c: 4909 in bgp_update() /bgpd/bgp_route.c: 5389 in bgp_update() ________________________________________________________________________________________________________ *** CID 1599384: (USE_AFTER_FREE) /bgpd/bgp_route.c: 4883 in bgp_update() 4877 bgp_path_info_labels_same(pi, bgp_labels.label, 4878 bgp_labels.num_labels))) { 4879 if (get_active_bdc_from_pi(pi, afi, safi) && 4880 peer->sort == BGP_PEER_EBGP && 4881 CHECK_FLAG(pi->flags, BGP_PATH_HISTORY)) { 4882 if (bgp_debug_update(peer, p, NULL, 1)) {
CID 1599384: (USE_AFTER_FREE) Passing freed pointer "evpn" as an argument to "bgp_debug_rdpfxpath2str".
4883 bgp_debug_rdpfxpath2str( 4884 afi, safi, prd, p, label, 4885 num_labels, addpath_id ? 1 : 0, 4886 addpath_id, evpn, pfx_buf, 4887 sizeof(pfx_buf)); 4888 zlog_debug("%pBP rcvd %s", peer, /bgpd/bgp_route.c: 4965 in bgp_update() 4959 */ 4960 bgp_aggregate_decrement(bgp, p, pi, afi, safi); 4961 } 4962 4963 /* Received Logging. */ 4964 if (bgp_debug_update(peer, p, NULL, 1)) {
CID 1599384: (USE_AFTER_FREE) Passing freed pointer "evpn" as an argument to "bgp_debug_rdpfxpath2str".
4965 bgp_debug_rdpfxpath2str(afi, safi, prd, p, label, 4966 num_labels, addpath_id ? 1 : 0, 4967 addpath_id, evpn, pfx_buf, 4968 sizeof(pfx_buf)); 4969 zlog_debug("%pBP rcvd %s", peer, pfx_buf); 4970 } /bgpd/bgp_route.c: 4937 in bgp_update() 4931 return; 4932 } 4933 4934 /* Withdraw/Announce before we fully processed the withdraw */ 4935 if (CHECK_FLAG(pi->flags, BGP_PATH_REMOVED)) { 4936 if (bgp_debug_update(peer, p, NULL, 1)) {
CID 1599384: (USE_AFTER_FREE) Passing freed pointer "evpn" as an argument to "bgp_debug_rdpfxpath2str".
4937 bgp_debug_rdpfxpath2str( 4938 afi, safi, prd, p, label, num_labels, 4939 addpath_id ? 1 : 0, addpath_id, evpn, 4940 pfx_buf, sizeof(pfx_buf)); 4941 zlog_debug( 4942 "%pBP rcvd %s, flapped quicker than processing", /bgpd/bgp_route.c: 4909 in bgp_update() 4903 "%pBP rcvd UPDATE w/ attr: %s", 4904 peer, 4905 peer->rcvd_attr_str); 4906 peer->rcvd_attr_printed = 1; 4907 } 4908
CID 1599384: (USE_AFTER_FREE) Passing freed pointer "evpn" as an argument to "bgp_debug_rdpfxpath2str".
4909 bgp_debug_rdpfxpath2str( 4910 afi, safi, prd, p, label, 4911 num_labels, addpath_id ? 1 : 0, 4912 addpath_id, evpn, pfx_buf, 4913 sizeof(pfx_buf)); 4914 zlog_debug( /bgpd/bgp_route.c: 5389 in bgp_update() 5383 if (!peer->rcvd_attr_printed) { 5384 zlog_debug("%pBP rcvd UPDATE w/ attr: %s", peer, 5385 peer->rcvd_attr_str); 5386 peer->rcvd_attr_printed = 1; 5387 } 5388
CID 1599384: (USE_AFTER_FREE) Passing freed pointer "evpn" as an argument to "bgp_debug_rdpfxpath2str".
5389 bgp_debug_rdpfxpath2str(afi, safi, prd, p, label, num_labels, 5390 addpath_id ? 1 : 0, addpath_id, evpn, 5391 pfx_buf, sizeof(pfx_buf)); 5392 zlog_debug("%pBP rcvd UPDATE about %s -- DENIED due to: %s", 5393 peer, pfx_buf, reason); 5394 }
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2B...