New Defects reported by Coverity Scan for freerangerouting/frr
Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 13 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 13 of 13 defect(s) ** CID 1475951: Error handling issues (CHECKED_RETURN) /ripngd/ripng_northbound.c: 111 in ripngd_instance_default_information_originate_modify() ________________________________________________________________________________________________________ *** CID 1475951: Error handling issues (CHECKED_RETURN) /ripngd/ripng_northbound.c: 111 in ripngd_instance_default_information_originate_modify() 105 struct prefix_ipv6 p; 106 107 if (event != NB_EV_APPLY) 108 return NB_OK; 109 110 default_information = yang_dnode_get_bool(dnode, NULL);
CID 1475951: Error handling issues (CHECKED_RETURN) Calling "str2prefix_ipv6" without checking return value (as is done elsewhere 31 out of 32 times).
111 str2prefix_ipv6("::/0", &p); 112 if (default_information) { 113 ripng_redistribute_add(ZEBRA_ROUTE_RIPNG, RIPNG_ROUTE_DEFAULT, 114 &p, 0, NULL, 0); 115 } else { 116 ripng_redistribute_delete(ZEBRA_ROUTE_RIPNG,
** CID 1475950: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1475950: Null pointer dereferences (FORWARD_NULL) /isisd/isis_cli_clippy.c: 1643 in isis_default_originate() 1637 } 1638 #if 1 /* anything that can fail? */ 1639 if (_failcnt) 1640 return CMD_WARNING; 1641 #endif 1642 #endif
CID 1475950: Null pointer dereferences (FORWARD_NULL) Passing null pointer "ip" to "isis_default_originate_magic", which dereferences it.
1643 return isis_default_originate_magic(self, vty, argc, argv, no, ip, level, always, metric, metric_str, rmap); 1644 } 1645 1646 /* isis_redistribute => "[no] redistribute <ipv4|ipv6>$ip ROTO_REDIST_ST$proto <level-1|level-2>$level [<metric (0-16777215)|route-map WORD>]" */ 1647 DEFUN_CMD_FUNC_DECL(isis_redistribute) 1648 #define funcdecl_isis_redistribute static int isis_redistribute_magic(\
** CID 1475949: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1475949: Null pointer dereferences (FORWARD_NULL) /isisd/isis_cli_clippy.c: 2575 in isis_circuit_type() 2569 } 2570 #if 0 /* anything that can fail? */ 2571 if (_failcnt) 2572 return CMD_WARNING; 2573 #endif 2574 #endif
CID 1475949: Null pointer dereferences (FORWARD_NULL) Passing null pointer "type" to "isis_circuit_type_magic", which dereferences it.
2575 return isis_circuit_type_magic(self, vty, argc, argv, type); 2576 } 2577 2578 /* no_isis_circuit_type => "no isis circuit-type [level-1|level-1-2|level-2-only]" */ 2579 DEFUN_CMD_FUNC_DECL(no_isis_circuit_type) 2580 #define funcdecl_no_isis_circuit_type static int no_isis_circuit_type_magic(\
** CID 1475948: Security best practices violations (DC.WEAK_CRYPTO) /watchfrr/watchfrr.c: 816 in phase_check() ________________________________________________________________________________________________________ *** CID 1475948: Security best practices violations (DC.WEAK_CRYPTO) /watchfrr/watchfrr.c: 816 in phase_check() 810 return; 811 812 /* startup complete, everything out of INIT */ 813 gs.phase = PHASE_NONE; 814 for (dmn = gs.daemons; dmn; dmn = dmn->next) 815 if (dmn->state == DAEMON_DOWN) {
CID 1475948: Security best practices violations (DC.WEAK_CRYPTO) "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
816 SET_WAKEUP_DOWN(dmn); 817 try_restart(dmn); 818 } 819 break; 820 case PHASE_STOPS_PENDING: 821 if (gs.numpids)
** CID 1475947: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1475947: Null pointer dereferences (FORWARD_NULL) /lib/northbound_cli_clippy.c: 861 in show_yang_operational_data() 855 } 856 #if 0 /* anything that can fail? */ 857 if (_failcnt) 858 return CMD_WARNING; 859 #endif 860 #endif
CID 1475947: Null pointer dereferences (FORWARD_NULL) Passing null pointer "xpath" to "show_yang_operational_data_magic", which dereferences it.
861 return show_yang_operational_data_magic(self, vty, argc, argv, xpath, json, xml, translator_family); 862 } 863 864 /* show_yang_module => "show yang module [module-translator WORD$translator_family]" */ 865 DEFUN_CMD_FUNC_DECL(show_yang_module) 866 #define funcdecl_show_yang_module static int show_yang_module_magic(\
** CID 1475946: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1475946: Null pointer dereferences (FORWARD_NULL) /isisd/isis_cli_clippy.c: 309 in is_type() 303 } 304 #if 0 /* anything that can fail? */ 305 if (_failcnt) 306 return CMD_WARNING; 307 #endif 308 #endif
CID 1475946: Null pointer dereferences (FORWARD_NULL) Passing null pointer "level" to "is_type_magic", which dereferences it.
309 return is_type_magic(self, vty, argc, argv, level); 310 } 311 312 /* no_is_type => "no is-type [<level-1|level-1-2|level-2-only>]" */ 313 DEFUN_CMD_FUNC_DECL(no_is_type) 314 #define funcdecl_no_is_type static int no_is_type_magic(\
** CID 1475945: Possible Control flow issues (DEADCODE) /lib/vrf.c: 911 in vrf_set_default_name() ________________________________________________________________________________________________________ *** CID 1475945: Possible Control flow issues (DEADCODE) /lib/vrf.c: 911 in vrf_set_default_name() 905 if (def_vrf && !force && def_vrf_forced) { 906 zlog_debug("VRF: %s, avoid changing name to %s, previously forced (%u)", 907 def_vrf->name, default_name, 908 def_vrf->vrf_id); 909 return; 910 }
CID 1475945: Possible Control flow issues (DEADCODE) Execution cannot reach the expression "vrf_with_default_name != def_vrf" inside this statement: "if (vrf_with_default_name &...".
911 if (vrf_with_default_name && vrf_with_default_name != def_vrf) { 912 /* vrf name already used by an other VRF */ 913 zlog_debug("VRF: %s, avoid changing name to %s, same name exists (%u)", 914 vrf_with_default_name->name, default_name, 915 vrf_with_default_name->vrf_id); 916 return;
** CID 1475944: Security best practices violations (DC.WEAK_CRYPTO) /watchfrr/watchfrr.c: 528 in restart_done() ________________________________________________________________________________________________________ *** CID 1475944: Security best practices violations (DC.WEAK_CRYPTO) /watchfrr/watchfrr.c: 528 in restart_done() 522 zlog_warn("wtf?"); 523 return; 524 } 525 if (dmn->t_wakeup) 526 THREAD_OFF(dmn->t_wakeup); 527 if (try_connect(dmn) < 0)
CID 1475944: Security best practices violations (DC.WEAK_CRYPTO) "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
528 SET_WAKEUP_DOWN(dmn); 529 } 530 531 static void daemon_down(struct daemon *dmn, const char *why) 532 { 533 if (IS_UP(dmn) || (dmn->state == DAEMON_INIT))
** CID 1475943: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1475943: Null pointer dereferences (FORWARD_NULL) /isisd/isis_cli_clippy.c: 1769 in isis_topology() 1763 } 1764 #if 0 /* anything that can fail? */ 1765 if (_failcnt) 1766 return CMD_WARNING; 1767 #endif 1768 #endif
CID 1475943: Null pointer dereferences (FORWARD_NULL) Passing null pointer "topology" to "isis_topology_magic", which dereferences it.
1769 return isis_topology_magic(self, vty, argc, argv, no, topology, overload); 1770 } 1771 1772 /* isis_passive => "[no] isis passive" */ 1773 DEFUN_CMD_FUNC_DECL(isis_passive) 1774 #define funcdecl_isis_passive static int isis_passive_magic(\
** CID 1475942: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1475942: Null pointer dereferences (FORWARD_NULL) /isisd/isis_cli_clippy.c: 2532 in circuit_topology() 2526 } 2527 #if 0 /* anything that can fail? */ 2528 if (_failcnt) 2529 return CMD_WARNING; 2530 #endif 2531 #endif
CID 1475942: Null pointer dereferences (FORWARD_NULL) Passing null pointer "topology" to "circuit_topology_magic", which dereferences it.
2532 return circuit_topology_magic(self, vty, argc, argv, no, topology); 2533 } 2534 2535 /* isis_circuit_type => "isis circuit-type <level-1|level-1-2|level-2-only>$type" */ 2536 DEFUN_CMD_FUNC_DECL(isis_circuit_type) 2537 #define funcdecl_isis_circuit_type static int isis_circuit_type_magic(\
** CID 1475941: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1475941: Null pointer dereferences (FORWARD_NULL) /isisd/isis_cli_clippy.c: 218 in no_ip_router_isis() 212 } 213 #if 0 /* anything that can fail? */ 214 if (_failcnt) 215 return CMD_WARNING; 216 #endif 217 #endif
CID 1475941: Null pointer dereferences (FORWARD_NULL) Passing null pointer "ip" to "no_ip_router_isis_magic", which dereferences it.
218 return no_ip_router_isis_magic(self, vty, argc, argv, ip, tag); 219 } 220 221 /* net => "[no] net WORD" */ 222 DEFUN_CMD_FUNC_DECL(net) 223 #define funcdecl_net static int net_magic(\
** CID 1475940: (REVERSE_INULL) /lib/northbound_cli.c: 111 in nb_cli_apply_changes() /lib/northbound_cli.c: 114 in nb_cli_apply_changes() ________________________________________________________________________________________________________ *** CID 1475940: (REVERSE_INULL) /lib/northbound_cli.c: 111 in nb_cli_apply_changes() 105 char xpath[XPATH_MAXLEN]; 106 struct yang_data *data; 107 108 /* Handle relative XPaths. */ 109 memset(xpath, 0, sizeof(xpath)); 110 if (vty->xpath_index > 0
CID 1475940: (REVERSE_INULL) Null-checking "xpath_base_fmt" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
111 && ((xpath_base_fmt && xpath_base[0] == '.') 112 || change->xpath[0] == '.')) 113 strlcpy(xpath, VTY_CURR_XPATH, sizeof(xpath)); 114 if (xpath_base_fmt) { 115 if (xpath_base[0] == '.') 116 strlcat(xpath, xpath_base + 1, sizeof(xpath)); /lib/northbound_cli.c: 114 in nb_cli_apply_changes() 108 /* Handle relative XPaths. */ 109 memset(xpath, 0, sizeof(xpath)); 110 if (vty->xpath_index > 0 111 && ((xpath_base_fmt && xpath_base[0] == '.') 112 || change->xpath[0] == '.')) 113 strlcpy(xpath, VTY_CURR_XPATH, sizeof(xpath));
CID 1475940: (REVERSE_INULL) Null-checking "xpath_base_fmt" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
114 if (xpath_base_fmt) { 115 if (xpath_base[0] == '.') 116 strlcat(xpath, xpath_base + 1, sizeof(xpath)); 117 else 118 strlcat(xpath, xpath_base, sizeof(xpath)); 119 }
** CID 1475939: Memory - illegal accesses (BUFFER_SIZE_WARNING) /isisd/isis_northbound.c: 2097 in lib_interface_isis_password_password_modify() ________________________________________________________________________________________________________ *** CID 1475939: Memory - illegal accesses (BUFFER_SIZE_WARNING) /isisd/isis_northbound.c: 2097 in lib_interface_isis_password_password_modify() 2091 if (event != NB_EV_APPLY) 2092 return NB_OK; 2093 2094 password = yang_dnode_get_string(dnode, NULL); 2095 circuit = yang_dnode_get_entry(dnode, true); 2096 circuit->passwd.len = strlen(password);
CID 1475939: Memory - illegal accesses (BUFFER_SIZE_WARNING) Calling strncpy with a maximum size argument of 255 bytes on destination array "circuit->passwd.passwd" of size 255 bytes might leave the destination string unterminated.
2097 strncpy((char *)circuit->passwd.passwd, password, 255); 2098 2099 return NB_OK; 2100 } 2101 2102 /*
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...
participants (1)
-
scan-admin@coverity.com