Hi, Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 2 new defect(s) introduced to freerangerouting/frr found with Coverity Scan. 28 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 1504898: Insecure data handling (TAINTED_SCALAR) ________________________________________________________________________________________________________ *** CID 1504898: Insecure data handling (TAINTED_SCALAR) /ospfd/ospf_dump.c: 585 in ospf_packet_dump() 579 ospf_packet_hello_dump(s, ntohs(ospfh->length)); 580 break; 581 case OSPF_MSG_DB_DESC: 582 ospf_packet_db_desc_dump(s, ntohs(ospfh->length)); 583 break; 584 case OSPF_MSG_LS_REQ:

...

...

CID 1504898: Insecure data handling (TAINTED_SCALAR) Passing tainted variable "ntohs(ospfh->length)" to a tainted sink.

585 ospf_packet_ls_req_dump(s, ntohs(ospfh->length)); 586 break; 587 case OSPF_MSG_LS_UPD: 588 ospf_packet_ls_upd_dump(s, ntohs(ospfh->length)); 589 break; 590 case OSPF_MSG_LS_ACK:

** CID 1504897: Memory - corruptions (OVERRUN) /ospfd/ospf_apiserver.c: 1175 in ospf_apiserver_handle_register_event() ________________________________________________________________________________________________________ *** CID 1504897: Memory - corruptions (OVERRUN) /ospfd/ospf_apiserver.c: 1175 in ospf_apiserver_handle_register_event() 1169 size = ntohs(msg->hdr.msglen); 1170 if (size < OSPF_MAX_LSA_SIZE) { 1171 1172 apiserv->filter = XMALLOC(MTYPE_OSPF_APISERVER_MSGFILTER, size); 1173 1174 /* copy it over. */

...

...

CID 1504897: Memory - corruptions (OVERRUN) Overrunning struct type lsa_filter_type of 4 bytes by passing it to a function which accesses it at byte offset 1498 using argument "size" (which evaluates to 1499).

1175 memcpy(apiserv->filter, &rmsg->filter, size); 1176 rc = OSPF_API_OK; 1177 } else 1178 rc = OSPF_API_NOMEMORY; 1179 1180 /* Send a reply back to client with return code */

________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...