[dev] New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Thu Aug 10 16:32:17 EDT 2017 

Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

9 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 9 of 9 defect(s)


** CID 1453456:  Error handling issues  (CHECKED_RETURN)
/lib/libfrr.c: 774 in frr_daemon_ctl()


________________________________________________________________________________________________________
*** CID 1453456:  Error handling issues  (CHECKED_RETURN)
/lib/libfrr.c: 774 in frr_daemon_ctl()
768     	if (nr <= 0)
769     		return 0;
770     
771     	switch (buf[0]) {
772     	case 'S':	/* SIGTSTP */
773     		vty_stdio_suspend();
>>>     CID 1453456:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "send(daemon_ctl_sock, "s", 1UL, 0)" without checking return value. This library function may fail and return an error code.
774     		send(daemon_ctl_sock, "s", 1, 0);
775     		break;
776     	case 'R':	/* SIGTCNT [implicit] */
777     		vty_stdio_resume();
778     		break;
779     	case 'I':	/* SIGINT */

** CID 1453455:  Null pointer dereferences  (NULL_RETURNS)
/bgpd/bgpd.c: 2585 in peer_group_bind()


________________________________________________________________________________________________________
*** CID 1453455:  Null pointer dereferences  (NULL_RETURNS)
/bgpd/bgpd.c: 2585 in peer_group_bind()
2579     			}
2580     
2581     		if (peer->group) {
2582     			assert(group && peer->group == group);
2583     		} else {
2584     			struct listnode *pn;
>>>     CID 1453455:  Null pointer dereferences  (NULL_RETURNS)
>>>     Assigning: "pn" = null return value from "listnode_lookup".
2585     			pn = listnode_lookup(bgp->peer, peer);
2586     			list_delete_node(bgp->peer, pn);
2587     			peer->group = group;
2588     			listnode_add_sort(bgp->peer, peer);
2589     
2590     			peer = peer_lock(peer); /* group->peer list reference */

** CID 1453454:    (RESOURCE_LEAK)
/zebra/zebra_vxlan.c: 1397 in zvni_gw_macip_del()
/zebra/zebra_vxlan.c: 1407 in zvni_gw_macip_del()


________________________________________________________________________________________________________
*** CID 1453454:    (RESOURCE_LEAK)
/zebra/zebra_vxlan.c: 1397 in zvni_gw_macip_del()
1391     	if (!n)
1392     		return 0;
1393     
1394     	/* mac entry should be present */
1395     	mac = zvni_mac_lookup(zvni, &n->emac);
1396     	if (!mac)
>>>     CID 1453454:    (RESOURCE_LEAK)
>>>     Failing to save or free storage allocated by "prefix_mac2str(&n->emac, NULL, 18)" leaks it.
1397     		zlog_err("%u: MAC %s doesnt exsists for neigh %s on VNI %u",
1398     			 ifp->vrf_id,
1399     			 prefix_mac2str(&n->emac, NULL, ETHER_ADDR_STRLEN),
1400     			 ipaddr2str(ip, buf2, sizeof(buf2)), zvni->vni);
1401     
1402     	/* If the entry is not local nothing to do*/
/zebra/zebra_vxlan.c: 1407 in zvni_gw_macip_del()
1401     
1402     	/* If the entry is not local nothing to do*/
1403     	if (!CHECK_FLAG(n->flags, ZEBRA_NEIGH_LOCAL))
1404     		return -1;
1405     
1406     	if (IS_ZEBRA_DEBUG_VXLAN)
>>>     CID 1453454:    (RESOURCE_LEAK)
>>>     Failing to save or free storage allocated by "prefix_mac2str(&n->emac, NULL, 18)" leaks it.
1407     		zlog_debug(
1408     			"%u:SVI %s(%u) VNI %u, sending GW MAC %s IP %s del to BGP",
1409     			ifp->vrf_id, ifp->name, ifp->ifindex, zvni->vni,
1410     			prefix_mac2str(&(n->emac), NULL, ETHER_ADDR_STRLEN),
1411     			ipaddr2str(ip, buf2, sizeof(buf2)));
1412     

** CID 1453453:  Null pointer dereferences  (FORWARD_NULL)
/zebra/zebra_vxlan.c: 1396 in zvni_gw_macip_del()


________________________________________________________________________________________________________
*** CID 1453453:  Null pointer dereferences  (FORWARD_NULL)
/zebra/zebra_vxlan.c: 1396 in zvni_gw_macip_del()
1390     	n = zvni_neigh_lookup(zvni, ip);
1391     	if (!n)
1392     		return 0;
1393     
1394     	/* mac entry should be present */
1395     	mac = zvni_mac_lookup(zvni, &n->emac);
>>>     CID 1453453:  Null pointer dereferences  (FORWARD_NULL)
>>>     Comparing "mac" to null implies that "mac" might be null.
1396     	if (!mac)
1397     		zlog_err("%u: MAC %s doesnt exsists for neigh %s on VNI %u",
1398     			 ifp->vrf_id,
1399     			 prefix_mac2str(&n->emac, NULL, ETHER_ADDR_STRLEN),
1400     			 ipaddr2str(ip, buf2, sizeof(buf2)), zvni->vni);
1401     

** CID 1453452:  Control flow issues  (DEADCODE)
/bgpd/bgp_route.c: 10267 in bgp_show_neighbor_route()


________________________________________________________________________________________________________
*** CID 1453452:  Control flow issues  (DEADCODE)
/bgpd/bgp_route.c: 10267 in bgp_show_neighbor_route()
10261     			vty_out(vty, "%% No such neighbor or address family\n");
10262     		return CMD_WARNING;
10263     	}
10264     
10265     	/* labeled-unicast routes live in the unicast table */
10266     	if (safi == SAFI_LABELED_UNICAST)
>>>     CID 1453452:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "safi = SAFI_UNICAST;".
10267     		safi = SAFI_UNICAST;
10268     
10269     	return bgp_show(vty, peer->bgp, afi, safi, type, &peer->su, use_json);
10270     }
10271     
10272     DEFUN (show_ip_bgp_neighbor_routes,

** CID 1453451:  Error handling issues  (NEGATIVE_RETURNS)
/lib/libfrr.c: 752 in frr_terminal_close()


________________________________________________________________________________________________________
*** CID 1453451:  Error handling issues  (NEGATIVE_RETURNS)
/lib/libfrr.c: 752 in frr_terminal_close()
746     	} else {
747     		printf("\n%s daemonizing\n", di->name);
748     		fflush(stdout);
749     	}
750     
751     	int nullfd = open("/dev/null", O_RDONLY | O_NOCTTY);
>>>     CID 1453451:  Error handling issues  (NEGATIVE_RETURNS)
>>>     "nullfd" is passed to a parameter that cannot be negative.
752     	dup2(nullfd, 0);
753     	dup2(nullfd, 1);
754     	dup2(nullfd, 2);
755     	close(nullfd);
756     }
757     

** CID 1453450:  Resource leaks  (RESOURCE_LEAK)
/bgpd/bgp_routemap.c: 662 in route_match_vni_compile()


________________________________________________________________________________________________________
*** CID 1453450:  Resource leaks  (RESOURCE_LEAK)
/bgpd/bgp_routemap.c: 662 in route_match_vni_compile()
656     	vni = XMALLOC(MTYPE_ROUTE_MAP_COMPILED, sizeof(vni_t));
657     	if (!vni)
658     		return NULL;
659     
660     	*vni = strtoul(arg, &end, 10);
661     	if (*end != '\0')
>>>     CID 1453450:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "vni" going out of scope leaks the storage it points to.
662     		return NULL;
663     
664     	return vni;
665     }
666     
667     /* Free route map's compiled `vni' value. */

** CID 1453449:  Error handling issues  (NEGATIVE_RETURNS)
/lib/libfrr.c: 817 in frr_run()


________________________________________________________________________________________________________
*** CID 1453449:  Error handling issues  (NEGATIVE_RETURNS)
/lib/libfrr.c: 817 in frr_run()
811     			set_nonblocking(daemon_ctl_sock);
812     			thread_add_read(master, frr_daemon_ctl, NULL,
813     					daemon_ctl_sock, &daemon_ctl_thread);
814     		}
815     	} else {
816     		int nullfd = open("/dev/null", O_RDONLY | O_NOCTTY);
>>>     CID 1453449:  Error handling issues  (NEGATIVE_RETURNS)
>>>     "nullfd" is passed to a parameter that cannot be negative.
817     		dup2(nullfd, 0);
818     		dup2(nullfd, 1);
819     		dup2(nullfd, 2);
820     		close(nullfd);
821     
822     		if (daemon_ctl_sock != -1)

** CID 1453448:  Resource leaks  (RESOURCE_LEAK)
/zebra/zebra_vxlan.c: 1362 in zvni_gw_macip_add()


________________________________________________________________________________________________________
*** CID 1453448:  Resource leaks  (RESOURCE_LEAK)
/zebra/zebra_vxlan.c: 1362 in zvni_gw_macip_add()
1356     	n->ifindex = ifp->ifindex;
1357     
1358     	/* We have a neigh associated to mac increment the refcnt*/
1359     	mac->neigh_refcnt++;
1360     
1361     	if (IS_ZEBRA_DEBUG_VXLAN)
>>>     CID 1453448:  Resource leaks  (RESOURCE_LEAK)
>>>     Failing to save or free storage allocated by "prefix_mac2str(macaddr, NULL, 18)" leaks it.
1362     		zlog_debug(
1363     			"%u:SVI %s(%u) VNI %u, sending GW MAC %s IP %s add to BGP",
1364     			ifp->vrf_id, ifp->name, ifp->ifindex, zvni->vni,
1365     			prefix_mac2str(macaddr, NULL, ETHER_ADDR_STRLEN),
1366     			ipaddr2str(ip, buf2, sizeof(buf2)));
1367     


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeHs8691VOJpZofPkpp-2BRBqc-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJlUx2f-2B-2FTOX7mZLxij3uOe95M-2F4ROO-2BTzB14nbf52weyQ-2FpjiLY7Ls2RINIiFDXF5-2FJA70y2fbudUKaOL-2BUy5nNCmZj9hKrtllzQStpR81hiF-2BBsCML-2FFwnwvefbj06gMJmr2GDfeVdBiq-2FO5YeLrPEitrWlHFRVRJ7asMsudE44g-3D-3D

To manage Coverity Scan email notifications for "frr at lists.nox.tf", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4lcTWm1Zma8LQDNpOYqrETKrqBiM18kcBcL8b08LzBPOYJYGySZ4Vv7d5QYcnSbGxl3QyORKgEmDxh-2BE2mj6dp1V4JSs2jbMZuLnEQJOW0Z0-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJlUx2f-2B-2FTOX7mZLxij3uOe9ELLEZrvVyQKY9oPwXyvXEmwy0DDHrJUAtbqOo-2Bwl1CEPaDBf7llKo0SHvZ1ZkeOJWb3t3QC9WjuyhdBVsn9wz62iHnAn7g1yfua-2FMbTzkzQT5vTHIctRWHSb25iFDUhVULGzWIzOx3eI3LKjpOtWYw-3D-3D

More information about the dev mailing list