Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 3 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 1511348: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1511348: Null pointer dereferences (FORWARD_NULL) /bgpd/bgp_attr_evpn.c: 58 in bgp_add_routermac_ecom() 52 memset(&routermac_ecom, 0, sizeof(struct ecommunity_val)); 53 routermac_ecom.val[0] = ECOMMUNITY_ENCODE_EVPN; 54 routermac_ecom.val[1] = ECOMMUNITY_EVPN_SUBTYPE_ROUTERMAC; 55 memcpy(&routermac_ecom.val[2], routermac->octet, ETH_ALEN); 56 if (!ecomm) 57 bgp_attr_set_ecommunity(attr, ecommunity_new());

...

...

CID 1511348: Null pointer dereferences (FORWARD_NULL) Passing null pointer "ecomm" to "ecommunity_add_val", which dereferences it.

58 ecommunity_add_val(ecomm, &routermac_ecom, false, false); 59 ecommunity_str(ecomm); 60 } 61 62 /* converts to an esi 63 * returns 1 on success, 0 otherwise

** CID 1511347: Null pointer dereferences (REVERSE_INULL) /bgpd/rfapi/rfapi_vty.c: 476 in rfapiPrintAttrPtrs() ________________________________________________________________________________________________________ *** CID 1511347: Null pointer dereferences (REVERSE_INULL) /bgpd/rfapi/rfapi_vty.c: 476 in rfapiPrintAttrPtrs() 470 struct ecommunity *ecomm = bgp_attr_get_ecommunity(attr); 471 472 if (rfapiStream2Vty(stream, &fp, &vty, &out, &vty_newline) == 0) 473 return; 474 475 fp(out, "Attr[%p]:%s", attr, HVTYNL);

...

...

CID 1511347: Null pointer dereferences (REVERSE_INULL) Null-checking "attr" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

476 if (!attr) 477 return; 478 479 /* IPv4 Nexthop */ 480 inet_ntop(AF_INET, &attr->nexthop, buf, BUFSIZ); 481 fp(out, " nexthop=%s%s", buf, HVTYNL);

** CID 1210465: Insecure data handling (TAINTED_SCALAR) /babeld/message.c: 375 in parse_packet() ________________________________________________________________________________________________________ *** CID 1210465: Insecure data handling (TAINTED_SCALAR) /babeld/message.c: 375 in parse_packet() 369 return; 370 } 371 372 DO_NTOHS(bodylen, packet + 2); 373 374 i = 0;

...

...

CID 1210465: Insecure data handling (TAINTED_SCALAR) Using tainted variable "bodylen" as a loop boundary.

375 while(i < bodylen) { 376 message = packet + 4 + i; 377 type = message[0]; 378 if(type == MESSAGE_PAD1) { 379 debugf(BABEL_DEBUG_COMMON,"Received pad1 from %s on %s.", 380 format_address(from), ifp->name);

________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...