[dev] New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Tue Jun 13 10:47:20 EDT 2017


Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

6 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 1441571:  Security best practices violations  (DC.WEAK_CRYPTO)
/babeld/util.c: 144 in timeval_min_sec()


________________________________________________________________________________________________________
*** CID 1441571:  Security best practices violations  (DC.WEAK_CRYPTO)
/babeld/util.c: 144 in timeval_min_sec()
138     /* set d to min(d, x) with x in [secs, secs+1] */
139     void
140     timeval_min_sec(struct timeval *d, time_t secs)
141     {
142         if(d->tv_sec == 0 || d->tv_sec > secs) {
143             d->tv_sec = secs;
>>>     CID 1441571:  Security best practices violations  (DC.WEAK_CRYPTO)
>>>     "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
144             d->tv_usec = random() % 1000000;
145         }
146     }
147     
148     /* parse a float value in second and return the corresponding mili-seconds.
149      For example:

** CID 1441570:  Security best practices violations  (DC.WEAK_CRYPTO)
/babeld/babeld.c: 200 in babel_init_routing_process()


________________________________________________________________________________________________________
*** CID 1441570:  Security best practices violations  (DC.WEAK_CRYPTO)
/babeld/babeld.c: 200 in babel_init_routing_process()
194     /* Zebra will give some information, especially about interfaces. This function
195      must be call with a litte timeout wich may give zebra the time to do his job,
196      making these inits have sense. */
197     static int
198     babel_init_routing_process(struct thread *thread)
199     {
>>>     CID 1441570:  Security best practices violations  (DC.WEAK_CRYPTO)
>>>     "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
200         myseqno = (random() & 0xFFFF);
201         babel_get_myid();
202         babel_load_state_file();
203         debugf(BABEL_DEBUG_COMMON, "My ID is : %s.", format_eui64(myid));
204         babel_initial_noise();
205         babel_main_loop(thread);/* this function self-add to the t_update thread */

** CID 1441569:  Security best practices violations  (DC.WEAK_CRYPTO)
/babeld/babel_interface.c: 1423 in babel_interface_allocate()


________________________________________________________________________________________________________
*** CID 1441569:  Security best practices violations  (DC.WEAK_CRYPTO)
/babeld/babel_interface.c: 1423 in babel_interface_allocate()
1417     
1418         /* Here are set the default values for an interface. */
1419         memset(babel_ifp, 0, sizeof(babel_interface_nfo));
1420         /* All flags are unset */
1421         babel_ifp->bucket_time = babel_now.tv_sec;
1422         babel_ifp->bucket = BUCKET_TOKENS_MAX;
>>>     CID 1441569:  Security best practices violations  (DC.WEAK_CRYPTO)
>>>     "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
1423         babel_ifp->hello_seqno = (random() & 0xFFFF);
1424         babel_ifp->rtt_min = 10000;
1425         babel_ifp->rtt_max = 120000;
1426         babel_ifp->max_rtt_penalty = 150;
1427         babel_ifp->hello_interval = BABEL_DEFAULT_HELLO_INTERVAL;
1428         babel_ifp->update_interval = BABEL_DEFAULT_UPDATE_INTERVAL;

** CID 1441568:  Security best practices violations  (DC.WEAK_CRYPTO)
/babeld/util.c: 50 in roughly()


________________________________________________________________________________________________________
*** CID 1441568:  Security best practices violations  (DC.WEAK_CRYPTO)
/babeld/util.c: 50 in roughly()
44     {
45         if(value < 0)
46             return -roughly(-value);
47         else if(value <= 1)
48             return value;
49         else
>>>     CID 1441568:  Security best practices violations  (DC.WEAK_CRYPTO)
>>>     "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
50             return value * 3 / 4 + random() % (value / 2);
51     }
52     
53     /* d = s1 - s2 */
54     void
55     timeval_minus(struct timeval *d,

** CID 743090:  Memory - corruptions  (OVERRUN)


________________________________________________________________________________________________________
*** CID 743090:  Memory - corruptions  (OVERRUN)
/babeld/message.c: 1249 in flushupdates()
1243                             channels[0] = babel_route_ifp->channel;
1244                         }
1245                         memcpy(channels + 1, route->channels, DIVERSITY_HOPS - 1);
1246                     }
1247     
1248                     chlen = channels_len(channels);
>>>     CID 743090:  Memory - corruptions  (OVERRUN)
>>>     Overrunning array "route->src->id" of 8 bytes by passing it to a function which accesses it at byte offset 15.
1249                     really_send_update(ifp, route->src->id,
1250                                        route->src->prefix,
1251                                        route->src->plen,
1252                                        seqno, metric,
1253                                        channels, chlen);
1254                     update_source(route->src, seqno, metric);

** CID 743089:  Memory - corruptions  (OVERRUN)


________________________________________________________________________________________________________
*** CID 743089:  Memory - corruptions  (OVERRUN)
/babeld/message.c: 1207 in flushupdates()
1201                 }
1202     
1203                 xroute = find_xroute(b[i].prefix, b[i].plen);
1204                 route = find_installed_route(b[i].prefix, b[i].plen);
1205     
1206                 if(xroute && (!route || xroute->metric <= kernel_metric)) {
>>>     CID 743089:  Memory - corruptions  (OVERRUN)
>>>     Overrunning array "myid" of 8 bytes by passing it to a function which accesses it at byte offset 15.
1207                     really_send_update(ifp, myid,
1208                                        xroute->prefix, xroute->plen,
1209                                        myseqno, xroute->metric,
1210                                        NULL, 0);
1211                     last_prefix = xroute->prefix;
1212                     last_plen = xroute->plen;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeHs8691VOJpZofPkpp-2BRBqc-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJm2hW8MDCcrLHnLvc-2F2np4DLB1tH8Loh3R0xnqNz7FX0FIVTFL0DxL5GkhNwS5av7AZBj4Wnauimdls-2B1zezXbfbzhsuUNzjs4RB-2FbJBwYCM7PzOEV1m8H-2BrqcpKDxgBqqCQEu2xto9ZG1RbWEOqfkqN99uAwNTLzha32LZSo-2BwQg-3D-3D

To manage Coverity Scan email notifications for "frr at lists.nox.tf", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4lcTWm1Zma8LQDNpOYqrETKrqBiM18kcBcL8b08LzBPOYJYGySZ4Vv7d5QYcnSbGxl3QyORKgEmDxh-2BE2mj6dp1V4JSs2jbMZuLnEQJOW0Z0-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJm2hW8MDCcrLHnLvc-2F2np4D9-2FSDyJXvpYtfSE8tcBG6bDEnRAmoTbNkKtAsfS-2BSJaoui-2FRCb7s2YGBCTyDqxIW3S1d4qcVYa9AAD5Z0SGf59rj085ylXKdDpEFGP7J339TfJfREnc5EEZP-2FyRvksBAB3-2BKNZwUTktgnQhwbOtelmA-3D-3D




More information about the dev mailing list