New Defects reported by Coverity Scan for freerangerouting/frr
Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 2 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 1461328: Security best practices violations (TOCTOU) /lib/command.c: 1668 in file_write_config() ________________________________________________________________________________________________________ *** CID 1461328: Security best practices violations (TOCTOU) /lib/command.c: 1668 in file_write_config() 1662 if (errno != ENOENT) { 1663 vty_out(vty, 1664 "Can't unlink backup configuration file %s.\n", 1665 config_file_sav); 1666 goto finished; 1667 }
CID 1461328: Security best practices violations (TOCTOU) Calling function "link" that uses "config_file" after a check function. This can cause a time-of-check, time-of-use race condition.
1668 if (link(config_file, config_file_sav) != 0) { 1669 vty_out(vty, 1670 "Can't backup old configuration file %s.\n", 1671 config_file_sav); 1672 goto finished; 1673 }
** CID 1461327: Security best practices violations (SECURE_TEMP) /lib/command.c: 1636 in file_write_config() ________________________________________________________________________________________________________ *** CID 1461327: Security best practices violations (SECURE_TEMP) /lib/command.c: 1636 in file_write_config() 1630 1631 1632 config_file_tmp = XMALLOC(MTYPE_TMP, strlen(config_file) + 8); 1633 sprintf(config_file_tmp, "%s.XXXXXX", config_file); 1634 1635 /* Open file to configuration write. */
CID 1461327: Security best practices violations (SECURE_TEMP) Calling "mkstemp" without securely setting umask first.
1636 fd = mkstemp(config_file_tmp); 1637 if (fd < 0) { 1638 vty_out(vty, "Can't open configuration file %s.\n", 1639 config_file_tmp); 1640 goto finished; 1641 }
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05... To manage Coverity Scan email notifications for "frr@lists.nox.tf", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...
participants (1)
-
scan-admin@coverity.com