New Defects reported by Coverity Scan for freerangerouting/frr
Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 1 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1473939: Security best practices violations (DC.WEAK_CRYPTO) /watchfrr/watchfrr.c: 983 in watchfrr_init() ________________________________________________________________________________________________________ *** CID 1473939: Security best practices violations (DC.WEAK_CRYPTO) /watchfrr/watchfrr.c: 983 in watchfrr_init() 977 dmn->name = dmn->restart.name = argv[i]; 978 dmn->state = DAEMON_INIT; 979 gs.numdaemons++; 980 gs.numdown++; 981 dmn->fd = -1; 982 dmn->t_wakeup = NULL;
CID 1473939: Security best practices violations (DC.WEAK_CRYPTO) "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
983 thread_add_timer_msec(master, wakeup_init, dmn, 984 100 + (random() % 900), 985 &dmn->t_wakeup); 986 dmn->restart.interval = gs.min_restart_interval; 987 *add = dmn; 988 add = &dmn->next;
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...
participants (1)
-
scan-admin@coverity.com