Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 3 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 1518830: (RESOURCE_LEAK) /bfdd/bfd_packet.c: 1582 in bp_echo_socket() /bfdd/bfd_packet.c: 1572 in bp_echo_socket() ________________________________________________________________________________________________________ *** CID 1518830: (RESOURCE_LEAK) /bfdd/bfd_packet.c: 1582 in bp_echo_socket() 1576 sll.sll_family = AF_PACKET; 1577 sll.sll_protocol = htons(ETH_P_IP); 1578 sll.sll_ifindex = 0; 1579 if (bind(s, (struct sockaddr *)&sll, sizeof(sll)) < 0) { 1580 zlog_warn("Failed to bind echo socket: %s", 1581 safe_strerror(errno));

...

...

CID 1518830: (RESOURCE_LEAK) Handle variable "s" going out of scope leaks the handle.

1582 return -1; 1583 } 1584 1585 return s; 1586 } 1587 #else /bfdd/bfd_packet.c: 1572 in bp_echo_socket() 1566 pf.filter = my_filterudp; 1567 pf.len = MY_FILTER_LENGTH; 1568 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, &pf, sizeof(pf)) == 1569 -1) { 1570 zlog_warn("%s: setsockopt(SO_ATTACH_FILTER): %s", __func__, 1571 strerror(errno));

...

CID 1518830: (RESOURCE_LEAK) Handle variable "s" going out of scope leaks the handle.

1572 return -1; 1573 } 1574 1575 1576 sll.sll_family = AF_PACKET; 1577 sll.sll_protocol = htons(ETH_P_IP);

** CID 1518829: Memory - corruptions (BUFFER_SIZE) /bfdd/bfd_packet.c: 222 in ptm_bfd_echo_fp_snd() ________________________________________________________________________________________________________ *** CID 1518829: Memory - corruptions (BUFFER_SIZE) /bfdd/bfd_packet.c: 222 in ptm_bfd_echo_fp_snd() 216 SET_FLAG(bfd->flags, BFD_SESS_FLAG_ECHO_ACTIVE); 217 218 memset(sendbuff, 0, sizeof(sendbuff)); 219 220 /* add eth hdr */ 221 eth = (struct ethhdr *)(sendbuff);

...

...

CID 1518829: Memory - corruptions (BUFFER_SIZE) You might overrun the 6 byte destination string "eth->h_source" by writing the maximum 20 bytes from "bfd->ifp->hw_addr".

222 memcpy(eth->h_source, bfd->ifp->hw_addr, sizeof(bfd->ifp->hw_addr)); 223 memcpy(eth->h_dest, bfd->peer_hw_addr, sizeof(bfd->peer_hw_addr)); 224 225 total_len += sizeof(struct ethhdr); 226 227 sd = bvrf->bg_echo;

** CID 1518828: Memory - corruptions (OVERRUN) /bfdd/bfd_packet.c: 222 in ptm_bfd_echo_fp_snd() ________________________________________________________________________________________________________ *** CID 1518828: Memory - corruptions (OVERRUN) /bfdd/bfd_packet.c: 222 in ptm_bfd_echo_fp_snd() 216 SET_FLAG(bfd->flags, BFD_SESS_FLAG_ECHO_ACTIVE); 217 218 memset(sendbuff, 0, sizeof(sendbuff)); 219 220 /* add eth hdr */ 221 eth = (struct ethhdr *)(sendbuff);

...

...

CID 1518828: Memory - corruptions (OVERRUN) Overrunning array "eth->h_source" of 6 bytes by passing it to a function which accesses it at byte offset 19 using argument "20UL".

222 memcpy(eth->h_source, bfd->ifp->hw_addr, sizeof(bfd->ifp->hw_addr)); 223 memcpy(eth->h_dest, bfd->peer_hw_addr, sizeof(bfd->peer_hw_addr)); 224 225 total_len += sizeof(struct ethhdr); 226 227 sd = bvrf->bg_echo;

________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...