New Defects reported by Coverity Scan for freerangerouting/frr

24 Sep 2024

      Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

6 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)

** CID 1599962:  Null pointer dereferences  (REVERSE_INULL)
/ospf6d/ospf6_intra.c: 775 in ospf6_intra_prefix_lsa_get_prefix_str()

________________________________________________________________________________________________________
*** CID 1599962:  Null pointer dereferences  (REVERSE_INULL)
/ospf6d/ospf6_intra.c: 775 in ospf6_intra_prefix_lsa_get_prefix_str()
769     {
770     	struct ospf6_prefix *prefix = nth_prefix(lsa->header, pos);
771     	struct in6_addr in6 = { 0 };
772     	char tbuf[16];
773     
774     	/* ensure buflen >= INET6_ADDRSTRLEN + '/128\0' */
...
...
...
CID 1599962:  Null pointer dereferences  (REVERSE_INULL)
    Null-checking "lsa" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
775     	if (!lsa || !prefix || !buf || buflen < (5 + INET6_ADDRSTRLEN))
776     		return NULL;
777     
778     	memcpy(&in6, OSPF6_PREFIX_BODY(prefix),
779     	       OSPF6_PREFIX_SPACE(prefix->prefix_length));
780     	inet_ntop(AF_INET6, &in6, buf, buflen);
** CID 1599961:  Null pointer dereferences  (FORWARD_NULL)
/pimd/pim_nb_config.c: 3770 in lib_interface_gmp_address_family_proxy_modify()

________________________________________________________________________________________________________
*** CID 1599961:  Null pointer dereferences  (FORWARD_NULL)
/pimd/pim_nb_config.c: 3770 in lib_interface_gmp_address_family_proxy_modify()
3764     		ifp = nb_running_get_entry(args->dnode, NULL, true);
3765     		pim_ifp = ifp->info;
3766     		if (pim_ifp)
3767     			pim_ifp->gm_proxy = yang_dnode_get_bool(args->dnode,
3768     								NULL);
3769
...
...
...
CID 1599961:  Null pointer dereferences  (FORWARD_NULL)
    Dereferencing null pointer "pim_ifp".
3770     		if (pim_ifp->gm_proxy)
3771     			pim_if_gm_proxy_init(pim_ifp->pim, ifp);
3772     		else
3773     			pim_if_gm_proxy_finis(pim_ifp->pim, ifp);
3774     	}
3775     	return NB_OK;
** CID 1599960:  Error handling issues  (CHECKED_RETURN)
/pimd/pim_autorp.c: 560 in autorp_send_announcement()

________________________________________________________________________________________________________
*** CID 1599960:  Error handling issues  (CHECKED_RETURN)
/pimd/pim_autorp.c: 560 in autorp_send_announcement()
554     			    !pim_ifp->pim_passive_enable &&
555     			    !pim_addr_is_any(pim_ifp->primary_address)) {
556     				setsockopt(autorp->sock, IPPROTO_IP,
557     					   IP_MULTICAST_IF,
558     					   &(pim_ifp->primary_address),
559     					   sizeof(pim_ifp->primary_address));
...
...
...
CID 1599960:  Error handling issues  (CHECKED_RETURN)
    Calling "sendto(autorp->sock, autorp->annouce_pkt, autorp->annouce_pkt_sz, 0, __CONST_SOCKADDR_ARG({.__sockaddr__ = (struct sockaddr *)&announceGrp}), 16U)" without checking return value. This library function may fail and return an error code.
560     				sendto(autorp->sock, autorp->annouce_pkt,
561     				       autorp->annouce_pkt_sz, 0,
562     				       (struct sockaddr *)&announceGrp,
563     				       sizeof(announceGrp));
564     			}
565     		}
** CID 1599959:  Control flow issues  (DEADCODE)
/bgpd/bgp_vty.c: 10614 in bgp_imexport_vrf_magic()

________________________________________________________________________________________________________
*** CID 1599959:  Control flow issues  (DEADCODE)
/bgpd/bgp_vty.c: 10614 in bgp_imexport_vrf_magic()
10608     			 * restart where VRF instance has default VRF's ASN.
10609     			 */
10610     			SET_FLAG(vrf_bgp->vrf_flags, BGP_VRF_AUTO);
10611     		}
10612     
10613     		if (ret) {
...
...
...
CID 1599959:  Control flow issues  (DEADCODE)
    Execution cannot reach this statement: "vty_out(vty, "VRF %s is not...".
10614     			vty_out(vty,
10615     				"VRF %s is not configured as a bgp instance\n",
10616     				import_name);
10617     			return CMD_WARNING;
10618     		}
10619     	}
** CID 1599958:    (CHECKED_RETURN)
/pimd/pim_autorp.c: 556 in autorp_send_announcement()
/pimd/pim_autorp.c: 543 in autorp_send_announcement()

________________________________________________________________________________________________________
*** CID 1599958:    (CHECKED_RETURN)
/pimd/pim_autorp.c: 556 in autorp_send_announcement()
550     			 * and have a primary address set.
551     			 */
552     			if (CHECK_FLAG(ifp->status, ZEBRA_INTERFACE_ACTIVE) &&
553     			    pim_ifp && pim_ifp->pim_enable &&
554     			    !pim_ifp->pim_passive_enable &&
555     			    !pim_addr_is_any(pim_ifp->primary_address)) {
...
...
...
CID 1599958:    (CHECKED_RETURN)
    Calling "setsockopt(autorp->sock, IPPROTO_IP, 32, &pim_ifp->primary_address, 4U)" without checking return value. This library function may fail and return an error code.
556     				setsockopt(autorp->sock, IPPROTO_IP,
557     					   IP_MULTICAST_IF,
558     					   &(pim_ifp->primary_address),
559     					   sizeof(pim_ifp->primary_address));
560     				sendto(autorp->sock, autorp->annouce_pkt,
561     				       autorp->annouce_pkt_sz, 0,
/pimd/pim_autorp.c: 543 in autorp_send_announcement()
537     
538     	announceGrp.sin_family = AF_INET;
539     	announceGrp.sin_port = htons(PIM_AUTORP_PORT);
540     	inet_pton(PIM_AF, PIM_AUTORP_ANNOUNCEMENT_GRP, &announceGrp.sin_addr);
541     
542     	if (autorp->annouce_pkt_sz >= MIN_AUTORP_PKT_SZ) {
...
CID 1599958:    (CHECKED_RETURN)
    Calling "setsockopt(autorp->sock, IPPROTO_IP, 33, &autorp->announce_scope, 1U)" without checking return value. This library function may fail and return an error code.
543     		setsockopt(autorp->sock, IPPROTO_IP, IP_MULTICAST_TTL,
544     			   &(autorp->announce_scope),
545     			   sizeof(autorp->announce_scope));
546     
547     		FOR_ALL_INTERFACES (autorp->pim->vrf, ifp) {
548     			pim_ifp = ifp->info;
** CID 1599957:  Null pointer dereferences  (REVERSE_INULL)
/ospf6d/ospf6_intra.c: 581 in ospf6_link_lsa_get_prefix_str()

________________________________________________________________________________________________________
*** CID 1599957:  Null pointer dereferences  (REVERSE_INULL)
/ospf6d/ospf6_intra.c: 581 in ospf6_link_lsa_get_prefix_str()
575     					   int buflen, int pos)
576     {
577     	struct ospf6_link_lsa *link_lsa = lsa_after_header(lsa->header);
578     	struct ospf6_prefix *prefix = nth_prefix(lsa->header, pos);
579     	struct in6_addr in6 = { 0 };
580
...
...
...
CID 1599957:  Null pointer dereferences  (REVERSE_INULL)
    Null-checking "lsa" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
581     	if (!lsa || !prefix || !buf || buflen < (1 + INET6_ADDRSTRLEN))
582     		return NULL;
583     
584     	/* position zero is used for the lladdr in the body of the LSA */
585     	if (pos == 0) {
586     		inet_ntop(AF_INET6, &link_lsa->linklocal_addr, buf, buflen);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2B...

scan-admin＠coverity.com

tags

participants (1)