New Defects reported by Coverity Scan for freerangerouting/frr
Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 3 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 1487027: Uninitialized variables (UNINIT) /zebra/zebra_mlag_private.c: 192 in zebra_mlag_connect() ________________________________________________________________________________________________________ *** CID 1487027: Uninitialized variables (UNINIT) /zebra/zebra_mlag_private.c: 192 in zebra_mlag_connect() 186 return 0; 187 } 188 len = sizeof(struct ucred); 189 ucred.pid = getpid(); 190 191 set_nonblocking(mlag_socket);
CID 1487027: Uninitialized variables (UNINIT) Using uninitialized value "ucred". Field "ucred.uid" is uninitialized when calling "setsockopt".
192 setsockopt(mlag_socket, SOL_SOCKET, SO_PEERCRED, &ucred, len); 193 194 if (IS_ZEBRA_DEBUG_MLAG) 195 zlog_debug("%s: Connection with MLAG is established ", 196 __func__); 197
** CID 1487026: (TAINTED_SCALAR) /zebra/zebra_mlag_private.c: 124 in zebra_mlag_read() /zebra/zebra_mlag_private.c: 124 in zebra_mlag_read() ________________________________________________________________________________________________________ *** CID 1487026: (TAINTED_SCALAR) /zebra/zebra_mlag_private.c: 145 in zebra_mlag_read() 139 } 140 } 141 142 if (IS_ZEBRA_DEBUG_MLAG) { 143 zlog_debug("Received a MLAG Message from socket: %d, len:%u ", 144 mlag_socket, tot_len);
CID 1487026: (TAINTED_SCALAR) Passing tainted variable "tot_len" to a tainted sink.
145 zlog_hexdump(mlag_rd_buffer, tot_len); 146 } 147 148 tot_len -= ZEBRA_MLAG_LEN_SIZE; 149 150 /* Process the packet */ /zebra/zebra_mlag_private.c: 124 in zebra_mlag_read() 118 /* This will be the actual length of the packet */ 119 tot_len = h_msglen + ZEBRA_MLAG_LEN_SIZE; 120 121 if (curr_len < tot_len) { 122 ssize_t data_len; 123
CID 1487026: (TAINTED_SCALAR) Passing tainted variable "tot_len - curr_len" to a tainted sink.
124 data_len = read(mlag_socket, mlag_rd_buffer + curr_len, 125 tot_len - curr_len); 126 if (data_len == 0 || data_len == -1) { 127 if (IS_ZEBRA_DEBUG_MLAG) 128 zlog_debug("MLAG connection closed socket : %d", 129 mlag_socket); /zebra/zebra_mlag_private.c: 145 in zebra_mlag_read() 139 } 140 } 141 142 if (IS_ZEBRA_DEBUG_MLAG) { 143 zlog_debug("Received a MLAG Message from socket: %d, len:%u ", 144 mlag_socket, tot_len);
CID 1487026: (TAINTED_SCALAR) Passing tainted variable "tot_len" to a tainted sink.
145 zlog_hexdump(mlag_rd_buffer, tot_len); 146 } 147 148 tot_len -= ZEBRA_MLAG_LEN_SIZE; 149 150 /* Process the packet */ /zebra/zebra_mlag_private.c: 124 in zebra_mlag_read() 118 /* This will be the actual length of the packet */ 119 tot_len = h_msglen + ZEBRA_MLAG_LEN_SIZE; 120 121 if (curr_len < tot_len) { 122 ssize_t data_len; 123
CID 1487026: (TAINTED_SCALAR) Passing tainted variable "tot_len - curr_len" to a tainted sink.
124 data_len = read(mlag_socket, mlag_rd_buffer + curr_len, 125 tot_len - curr_len); 126 if (data_len == 0 || data_len == -1) { 127 if (IS_ZEBRA_DEBUG_MLAG) 128 zlog_debug("MLAG connection closed socket : %d", 129 mlag_socket);
** CID 1487023: Error handling issues (CHECKED_RETURN) /zebra/zebra_mlag_private.c: 192 in zebra_mlag_connect() ________________________________________________________________________________________________________ *** CID 1487023: Error handling issues (CHECKED_RETURN) /zebra/zebra_mlag_private.c: 192 in zebra_mlag_connect() 186 return 0; 187 } 188 len = sizeof(struct ucred); 189 ucred.pid = getpid(); 190 191 set_nonblocking(mlag_socket);
CID 1487023: Error handling issues (CHECKED_RETURN) Calling "setsockopt(mlag_socket, 1, 17, &ucred, len)" without checking return value. This library function may fail and return an error code.
192 setsockopt(mlag_socket, SOL_SOCKET, SO_PEERCRED, &ucred, len); 193 194 if (IS_ZEBRA_DEBUG_MLAG) 195 zlog_debug("%s: Connection with MLAG is established ", 196 __func__); 197
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...
participants (1)
-
scan-admin@coverity.com