New Defects reported by Coverity Scan for freerangerouting/frr
Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 17 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 54 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 17 of 17 defect(s) ** CID 1452506: Resource leaks (RESOURCE_LEAK) /pimd/pim_msdp_socket.c: 159 in pim_msdp_sock_listen() ________________________________________________________________________________________________________ *** CID 1452506: Resource leaks (RESOURCE_LEAK) /pimd/pim_msdp_socket.c: 159 in pim_msdp_sock_listen() 153 if (pim->vrf_id != VRF_DEFAULT) { 154 struct interface *ifp = 155 if_lookup_by_name(pim->vrf->name, pim->vrf_id); 156 if (!ifp) { 157 zlog_err("%s: Unable to lookup vrf interface: %s", 158 __PRETTY_FUNCTION__, pim->vrf->name);
CID 1452506: Resource leaks (RESOURCE_LEAK) Handle variable "sock" going out of scope leaks the handle.
159 return -1; 160 } 161 pim_socket_bind(sock, ifp); 162 } 163 164 if (pimd_privs.change(ZPRIVS_RAISE)) {
** CID 1452505: Error handling issues (CHECKED_RETURN) /pimd/pim_mroute.c: 717 in pim_mroute_socket_enable() ________________________________________________________________________________________________________ *** CID 1452505: Error handling issues (CHECKED_RETURN) /pimd/pim_mroute.c: 717 in pim_mroute_socket_enable() 711 zlog_err("pim_mroute_socket_enable: could not raise privs, %s", 712 safe_strerror(errno)); 713 714 fd = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP); 715 716 #ifdef SO_BINDTODEVICE
CID 1452505: Error handling issues (CHECKED_RETURN) Calling "setsockopt(fd, 1, 25, pim->vrf->name, strlen(pim->vrf->name))" without checking return value. This library function may fail and return an error code.
717 setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, pim->vrf->name, 718 strlen(pim->vrf->name)); 719 #endif 720 721 if (pimd_privs.change(ZPRIVS_LOWER)) 722 zlog_err("pim_mroute_socket_enable: could not lower privs, %s",
** CID 1452504: Null pointer dereferences (FORWARD_NULL) /pimd/pim_instance.c: 198 in pim_vrf_config_write() ________________________________________________________________________________________________________ *** CID 1452504: Null pointer dereferences (FORWARD_NULL) /pimd/pim_instance.c: 198 in pim_vrf_config_write() 192 struct vrf *vrf; 193 struct pim_instance *pim; 194 195 RB_FOREACH(vrf, vrf_name_head, &vrfs_by_name) 196 { 197 pim = vrf->info;
CID 1452504: Null pointer dereferences (FORWARD_NULL) Comparing "pim" to null implies that "pim" might be null.
198 if (!pim || vrf->vrf_id != VRF_DEFAULT) { 199 vty_out(vty, "vrf %s\n", vrf->name); 200 pim_global_config_write_worker(pim, vty); 201 vty_out(vty, "!\n"); 202 } 203 }
** CID 1452503: Error handling issues (CHECKED_RETURN) /zebra/zebra_vty.c: 1853 in show_ipv6_route() ________________________________________________________________________________________________________ *** CID 1452503: Error handling issues (CHECKED_RETURN) /zebra/zebra_vty.c: 1853 in show_ipv6_route() 1847 } 1848 1849 if (argv_find(argv, argc, "tag", &idx)) 1850 tag = strtoul(argv[idx + 1]->arg, NULL, 10); 1851 1852 else if (argv_find(argv, argc, "X:X::X:X/M", &idx)) {
CID 1452503: Error handling issues (CHECKED_RETURN) Calling "str2prefix" without checking return value (as is done elsewhere 66 out of 78 times).
1853 str2prefix(argv[idx]->arg, &p); 1854 longer_prefixes = true; 1855 } 1856 1857 else { 1858 if (argv_find(argv, argc, "kernel", &idx))
** CID 1452502: Error handling issues (NEGATIVE_RETURNS) /pimd/pim_mroute.c: 717 in pim_mroute_socket_enable() ________________________________________________________________________________________________________ *** CID 1452502: Error handling issues (NEGATIVE_RETURNS) /pimd/pim_mroute.c: 717 in pim_mroute_socket_enable() 711 zlog_err("pim_mroute_socket_enable: could not raise privs, %s", 712 safe_strerror(errno)); 713 714 fd = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP); 715 716 #ifdef SO_BINDTODEVICE
CID 1452502: Error handling issues (NEGATIVE_RETURNS) "fd" is passed to a parameter that cannot be negative.
717 setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, pim->vrf->name, 718 strlen(pim->vrf->name)); 719 #endif 720 721 if (pimd_privs.change(ZPRIVS_LOWER)) 722 zlog_err("pim_mroute_socket_enable: could not lower privs, %s",
** CID 1452501: Null pointer dereferences (NULL_RETURNS) /pimd/pim_zebra.c: 185 in pim_zebra_if_state_up() ________________________________________________________________________________________________________ *** CID 1452501: Null pointer dereferences (NULL_RETURNS) /pimd/pim_zebra.c: 185 in pim_zebra_if_state_up() 179 if (sscanf(ifp->name, "pimreg%d", &table_id) == 1) { 180 struct vrf *vrf; 181 RB_FOREACH(vrf, vrf_name_head, &vrfs_by_name) 182 { 183 if ((table_id == vrf->data.l.table_id) 184 && (ifp->vrf_id != vrf->vrf_id)) {
CID 1452501: Null pointer dereferences (NULL_RETURNS) Assigning: "master" = null return value from "if_lookup_by_name".
185 struct interface *master = if_lookup_by_name( 186 vrf->name, vrf->vrf_id); 187 zclient_interface_set_master(zclient, master, 188 ifp); 189 } 190 }
** CID 1452500: Error handling issues (CHECKED_RETURN) ________________________________________________________________________________________________________ *** CID 1452500: Error handling issues (CHECKED_RETURN) /pimd/pim_msdp_socket.c: 239 in pim_msdp_sock_connect() 233 if_lookup_by_name(mp->pim->vrf->name, mp->pim->vrf_id); 234 if (!ifp) { 235 zlog_err("%s: Unable to lookup vrf interface: %s", 236 __PRETTY_FUNCTION__, mp->pim->vrf->name); 237 return -1; 238 }
CID 1452500: Error handling issues (CHECKED_RETURN) Calling "pim_socket_bind(mp->fd, ifp)" without checking return value. It wraps a library function that may fail and return an error code.
239 pim_socket_bind(mp->fd, ifp); 240 } 241 242 set_nonblocking(mp->fd); 243 244 /* Set socket send buffer size */
** CID 1452499: Error handling issues (CHECKED_RETURN) ________________________________________________________________________________________________________ *** CID 1452499: Error handling issues (CHECKED_RETURN) /pimd/pim_msdp_socket.c: 161 in pim_msdp_sock_listen() 155 if_lookup_by_name(pim->vrf->name, pim->vrf_id); 156 if (!ifp) { 157 zlog_err("%s: Unable to lookup vrf interface: %s", 158 __PRETTY_FUNCTION__, pim->vrf->name); 159 return -1; 160 }
CID 1452499: Error handling issues (CHECKED_RETURN) Calling "pim_socket_bind(sock, ifp)" without checking return value. It wraps a library function that may fail and return an error code.
161 pim_socket_bind(sock, ifp); 162 } 163 164 if (pimd_privs.change(ZPRIVS_RAISE)) { 165 zlog_err("pim_msdp_socket: could not raise privs, %s", 166 safe_strerror(errno));
** CID 1452498: Memory - corruptions (REVERSE_NEGATIVE) /pimd/pim_mroute.c: 725 in pim_mroute_socket_enable() ________________________________________________________________________________________________________ *** CID 1452498: Memory - corruptions (REVERSE_NEGATIVE) /pimd/pim_mroute.c: 725 in pim_mroute_socket_enable() 719 #endif 720 721 if (pimd_privs.change(ZPRIVS_LOWER)) 722 zlog_err("pim_mroute_socket_enable: could not lower privs, %s", 723 safe_strerror(errno)); 724
CID 1452498: Memory - corruptions (REVERSE_NEGATIVE) You might be using variable "fd" before verifying that it is >= 0.
725 if (fd < 0) { 726 zlog_warn("Could not create mroute socket: errno=%d: %s", errno, 727 safe_strerror(errno)); 728 return -2; 729 } 730
** CID 1452497: Control flow issues (MISSING_BREAK) /zebra/zserv.c: 2435 in zebra_client_read() ________________________________________________________________________________________________________ *** CID 1452497: Control flow issues (MISSING_BREAK) /zebra/zserv.c: 2435 in zebra_client_read() 2429 break; 2430 case ZEBRA_REMOTE_MACIP_ADD: 2431 zebra_vxlan_remote_macip_add(client, sock, length, zvrf); 2432 break; 2433 case ZEBRA_REMOTE_MACIP_DEL: 2434 zebra_vxlan_remote_macip_del(client, sock, length, zvrf);
CID 1452497: Control flow issues (MISSING_BREAK) The above case falls through to this one.
2435 case ZEBRA_INTERFACE_SET_MASTER: 2436 zread_interface_set_master(client, sock, length); 2437 break; 2438 default: 2439 zlog_info("Zebra received unknown command %d", command); 2440 break;
** CID 1452496: Null pointer dereferences (NULL_RETURNS) /pimd/pim_cmd.c: 4898 in show_ip_mroute_count() ________________________________________________________________________________________________________ *** CID 1452496: Null pointer dereferences (NULL_RETURNS) /pimd/pim_cmd.c: 4898 in show_ip_mroute_count() 4892 VRF_CMD_HELP_STR 4893 "Route and packet count data\n") 4894 { 4895 int idx = 2; 4896 struct vrf *vrf = pim_cmd_lookup_vrf(vty, argv, argc, &idx); 4897
CID 1452496: Null pointer dereferences (NULL_RETURNS) Dereferencing a null pointer "vrf".
4898 show_mroute_count(vrf->info, vty); 4899 return CMD_SUCCESS; 4900 } 4901 4902 DEFUN (show_ip_mroute_count_vrf_all, 4903 show_ip_mroute_count_vrf_all_cmd,
** CID 1452495: Error handling issues (CHECKED_RETURN) /zebra/zebra_vty.c: 1198 in show_ip_route() ________________________________________________________________________________________________________ *** CID 1452495: Error handling issues (CHECKED_RETURN) /zebra/zebra_vty.c: 1198 in show_ip_route() 1192 } 1193 1194 if (argv_find(argv, argc, "tag", &idx)) 1195 tag = strtoul(argv[idx + 1]->arg, NULL, 10); 1196 1197 else if (argv_find(argv, argc, "A.B.C.D/M", &idx)) {
CID 1452495: Error handling issues (CHECKED_RETURN) Calling "str2prefix" without checking return value (as is done elsewhere 66 out of 78 times).
1198 str2prefix(argv[idx]->arg, &p); 1199 longer_prefixes = true; 1200 } 1201 1202 else if (argv_find(argv, argc, "supernets_only", &idx)) 1203 supernets_only = true;
** CID 1423945: Error handling issues (CHECKED_RETURN) /pimd/pim_ssm.c: 74 in pim_is_grp_standard_ssm() ________________________________________________________________________________________________________ *** CID 1423945: Error handling issues (CHECKED_RETURN) /pimd/pim_ssm.c: 74 in pim_is_grp_standard_ssm() 68 static int pim_is_grp_standard_ssm(struct prefix *group) 69 { 70 static int first = 1; 71 static struct prefix group_ssm; 72 73 if (first) {
CID 1423945: Error handling issues (CHECKED_RETURN) Calling "str2prefix" without checking return value (as is done elsewhere 66 out of 78 times).
74 str2prefix(PIM_SSM_STANDARD_RANGE, &group_ssm); 75 first = 0; 76 } 77 78 return prefix_match(&group_ssm, group); 79 }
** CID 1399208: Error handling issues (CHECKED_RETURN) /pimd/pim_rp.c: 545 in pim_rp_del() ________________________________________________________________________________________________________ *** CID 1399208: Error handling issues (CHECKED_RETURN) /pimd/pim_rp.c: 545 in pim_rp_del() 539 prefix2str(&nht_p, buf, sizeof(buf)); 540 zlog_debug("%s: Deregister RP addr %s with Zebra ", 541 __PRETTY_FUNCTION__, buf); 542 } 543 pim_delete_tracked_nexthop(pim, &nht_p, NULL, rp_info); 544
CID 1399208: Error handling issues (CHECKED_RETURN) Calling "str2prefix" without checking return value (as is done elsewhere 66 out of 78 times).
545 str2prefix("224.0.0.0/4", &g_all); 546 rp_all = pim_rp_find_match_group(pim, &g_all); 547 548 if (rp_all == rp_info) { 549 rp_all->rp.rpf_addr.family = AF_INET; 550 rp_all->rp.rpf_addr.u.prefix4.s_addr = INADDR_NONE;
** CID 1399199: (CHECKED_RETURN) /bgpd/bgp_updgrp_adv.c: 697 in subgroup_default_originate() /bgpd/bgp_updgrp_adv.c: 699 in subgroup_default_originate() /bgpd/bgp_updgrp_adv.c: 764 in subgroup_default_originate() /bgpd/bgp_updgrp_adv.c: 766 in subgroup_default_originate() ________________________________________________________________________________________________________ *** CID 1399199: (CHECKED_RETURN) /bgpd/bgp_updgrp_adv.c: 697 in subgroup_default_originate() 691 692 bgp_attr_default_set(&attr, BGP_ORIGIN_IGP); 693 aspath = attr.aspath; 694 attr.local_pref = bgp->default_local_pref; 695 696 if (afi == AFI_IP)
CID 1399199: (CHECKED_RETURN) Calling "str2prefix" without checking return value (as is done elsewhere 66 out of 78 times).
697 str2prefix("0.0.0.0/0", &p); 698 else if (afi == AFI_IP6) { 699 str2prefix("::/0", &p); 700 701 /* IPv6 global nexthop must be included. */ 702 attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV6_GLOBAL; /bgpd/bgp_updgrp_adv.c: 699 in subgroup_default_originate() 693 aspath = attr.aspath; 694 attr.local_pref = bgp->default_local_pref; 695 696 if (afi == AFI_IP) 697 str2prefix("0.0.0.0/0", &p); 698 else if (afi == AFI_IP6) {
CID 1399199: (CHECKED_RETURN) Calling "str2prefix" without checking return value (as is done elsewhere 66 out of 78 times).
699 str2prefix("::/0", &p); 700 701 /* IPv6 global nexthop must be included. */ 702 attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV6_GLOBAL; 703 704 /* If the peer is on shared nextwork and we have link-local /bgpd/bgp_updgrp_adv.c: 764 in subgroup_default_originate() 758 * implicit withdraw for any previous UPDATEs sent for 759 * 0.0.0.0/0 so 760 * clear adj_out for the 0.0.0.0/0 prefix in the BGP 761 * table. 762 */ 763 if (afi == AFI_IP)
CID 1399199: (CHECKED_RETURN) Calling "str2prefix" without checking return value (as is done elsewhere 66 out of 78 times).
764 str2prefix("0.0.0.0/0", &p); 765 else 766 str2prefix("::/0", &p); 767 768 rn = bgp_afi_node_get(bgp->rib[afi][safi], afi, safi, 769 &p, NULL); /bgpd/bgp_updgrp_adv.c: 766 in subgroup_default_originate() 760 * clear adj_out for the 0.0.0.0/0 prefix in the BGP 761 * table. 762 */ 763 if (afi == AFI_IP) 764 str2prefix("0.0.0.0/0", &p); 765 else
CID 1399199: (CHECKED_RETURN) Calling "str2prefix" without checking return value (as is done elsewhere 66 out of 78 times).
766 str2prefix("::/0", &p); 767 768 rn = bgp_afi_node_get(bgp->rib[afi][safi], afi, safi, 769 &p, NULL); 770 bgp_adj_out_unset_subgroup( 771 rn, subgrp, 0,
** CID 1399197: (CHECKED_RETURN) /bgpd/bgp_updgrp_packet.c: 1095 in subgroup_default_update_packet() /bgpd/bgp_updgrp_packet.c: 1097 in subgroup_default_update_packet() ________________________________________________________________________________________________________ *** CID 1399197: (CHECKED_RETURN) /bgpd/bgp_updgrp_packet.c: 1095 in subgroup_default_update_packet() 1089 afi = SUBGRP_AFI(subgrp); 1090 safi = SUBGRP_SAFI(subgrp); 1091 bpacket_attr_vec_arr_reset(&vecarr); 1092 addpath_encode = bgp_addpath_encode_tx(peer, afi, safi); 1093 1094 if (afi == AFI_IP)
CID 1399197: (CHECKED_RETURN) Calling "str2prefix" without checking return value (as is done elsewhere 66 out of 78 times).
1095 str2prefix("0.0.0.0/0", &p); 1096 else 1097 str2prefix("::/0", &p); 1098 1099 /* Logging the attribute. */ 1100 if (bgp_debug_update(NULL, &p, subgrp->update_group, 0)) { /bgpd/bgp_updgrp_packet.c: 1097 in subgroup_default_update_packet() 1091 bpacket_attr_vec_arr_reset(&vecarr); 1092 addpath_encode = bgp_addpath_encode_tx(peer, afi, safi); 1093 1094 if (afi == AFI_IP) 1095 str2prefix("0.0.0.0/0", &p); 1096 else
CID 1399197: (CHECKED_RETURN) Calling "str2prefix" without checking return value (as is done elsewhere 66 out of 78 times).
1097 str2prefix("::/0", &p); 1098 1099 /* Logging the attribute. */ 1100 if (bgp_debug_update(NULL, &p, subgrp->update_group, 0)) { 1101 char attrstr[BUFSIZ]; 1102 char buf[PREFIX_STRLEN];
** CID 1399194: (CHECKED_RETURN) /bgpd/bgp_updgrp_packet.c: 1181 in subgroup_default_withdraw_packet() /bgpd/bgp_updgrp_packet.c: 1183 in subgroup_default_withdraw_packet() ________________________________________________________________________________________________________ *** CID 1399194: (CHECKED_RETURN) /bgpd/bgp_updgrp_packet.c: 1181 in subgroup_default_withdraw_packet() 1175 peer = SUBGRP_PEER(subgrp); 1176 afi = SUBGRP_AFI(subgrp); 1177 safi = SUBGRP_SAFI(subgrp); 1178 addpath_encode = bgp_addpath_encode_tx(peer, afi, safi); 1179 1180 if (afi == AFI_IP)
CID 1399194: (CHECKED_RETURN) Calling "str2prefix" without checking return value (as is done elsewhere 66 out of 78 times).
1181 str2prefix("0.0.0.0/0", &p); 1182 else 1183 str2prefix("::/0", &p); 1184 1185 if (bgp_debug_update(NULL, &p, subgrp->update_group, 0)) { 1186 char buf[PREFIX_STRLEN]; /bgpd/bgp_updgrp_packet.c: 1183 in subgroup_default_withdraw_packet() 1177 safi = SUBGRP_SAFI(subgrp); 1178 addpath_encode = bgp_addpath_encode_tx(peer, afi, safi); 1179 1180 if (afi == AFI_IP) 1181 str2prefix("0.0.0.0/0", &p); 1182 else
CID 1399194: (CHECKED_RETURN) Calling "str2prefix" without checking return value (as is done elsewhere 66 out of 78 times).
1183 str2prefix("::/0", &p); 1184 1185 if (bgp_debug_update(NULL, &p, subgrp->update_group, 0)) { 1186 char buf[PREFIX_STRLEN]; 1187 /* ' with addpath ID ' 17 1188 * max strlen of uint32 + 10
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05... To manage Coverity Scan email notifications for "frr@lists.nox.tf", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...
participants (1)
-
scan-admin@coverity.com