[dev] New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Tue Jun 13 10:47:20 EDT 2017
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
6 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 1441571: Security best practices violations (DC.WEAK_CRYPTO)
/babeld/util.c: 144 in timeval_min_sec()
________________________________________________________________________________________________________
*** CID 1441571: Security best practices violations (DC.WEAK_CRYPTO)
/babeld/util.c: 144 in timeval_min_sec()
138 /* set d to min(d, x) with x in [secs, secs+1] */
139 void
140 timeval_min_sec(struct timeval *d, time_t secs)
141 {
142 if(d->tv_sec == 0 || d->tv_sec > secs) {
143 d->tv_sec = secs;
>>> CID 1441571: Security best practices violations (DC.WEAK_CRYPTO)
>>> "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
144 d->tv_usec = random() % 1000000;
145 }
146 }
147
148 /* parse a float value in second and return the corresponding mili-seconds.
149 For example:
** CID 1441570: Security best practices violations (DC.WEAK_CRYPTO)
/babeld/babeld.c: 200 in babel_init_routing_process()
________________________________________________________________________________________________________
*** CID 1441570: Security best practices violations (DC.WEAK_CRYPTO)
/babeld/babeld.c: 200 in babel_init_routing_process()
194 /* Zebra will give some information, especially about interfaces. This function
195 must be call with a litte timeout wich may give zebra the time to do his job,
196 making these inits have sense. */
197 static int
198 babel_init_routing_process(struct thread *thread)
199 {
>>> CID 1441570: Security best practices violations (DC.WEAK_CRYPTO)
>>> "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
200 myseqno = (random() & 0xFFFF);
201 babel_get_myid();
202 babel_load_state_file();
203 debugf(BABEL_DEBUG_COMMON, "My ID is : %s.", format_eui64(myid));
204 babel_initial_noise();
205 babel_main_loop(thread);/* this function self-add to the t_update thread */
** CID 1441569: Security best practices violations (DC.WEAK_CRYPTO)
/babeld/babel_interface.c: 1423 in babel_interface_allocate()
________________________________________________________________________________________________________
*** CID 1441569: Security best practices violations (DC.WEAK_CRYPTO)
/babeld/babel_interface.c: 1423 in babel_interface_allocate()
1417
1418 /* Here are set the default values for an interface. */
1419 memset(babel_ifp, 0, sizeof(babel_interface_nfo));
1420 /* All flags are unset */
1421 babel_ifp->bucket_time = babel_now.tv_sec;
1422 babel_ifp->bucket = BUCKET_TOKENS_MAX;
>>> CID 1441569: Security best practices violations (DC.WEAK_CRYPTO)
>>> "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
1423 babel_ifp->hello_seqno = (random() & 0xFFFF);
1424 babel_ifp->rtt_min = 10000;
1425 babel_ifp->rtt_max = 120000;
1426 babel_ifp->max_rtt_penalty = 150;
1427 babel_ifp->hello_interval = BABEL_DEFAULT_HELLO_INTERVAL;
1428 babel_ifp->update_interval = BABEL_DEFAULT_UPDATE_INTERVAL;
** CID 1441568: Security best practices violations (DC.WEAK_CRYPTO)
/babeld/util.c: 50 in roughly()
________________________________________________________________________________________________________
*** CID 1441568: Security best practices violations (DC.WEAK_CRYPTO)
/babeld/util.c: 50 in roughly()
44 {
45 if(value < 0)
46 return -roughly(-value);
47 else if(value <= 1)
48 return value;
49 else
>>> CID 1441568: Security best practices violations (DC.WEAK_CRYPTO)
>>> "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
50 return value * 3 / 4 + random() % (value / 2);
51 }
52
53 /* d = s1 - s2 */
54 void
55 timeval_minus(struct timeval *d,
** CID 743090: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 743090: Memory - corruptions (OVERRUN)
/babeld/message.c: 1249 in flushupdates()
1243 channels[0] = babel_route_ifp->channel;
1244 }
1245 memcpy(channels + 1, route->channels, DIVERSITY_HOPS - 1);
1246 }
1247
1248 chlen = channels_len(channels);
>>> CID 743090: Memory - corruptions (OVERRUN)
>>> Overrunning array "route->src->id" of 8 bytes by passing it to a function which accesses it at byte offset 15.
1249 really_send_update(ifp, route->src->id,
1250 route->src->prefix,
1251 route->src->plen,
1252 seqno, metric,
1253 channels, chlen);
1254 update_source(route->src, seqno, metric);
** CID 743089: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 743089: Memory - corruptions (OVERRUN)
/babeld/message.c: 1207 in flushupdates()
1201 }
1202
1203 xroute = find_xroute(b[i].prefix, b[i].plen);
1204 route = find_installed_route(b[i].prefix, b[i].plen);
1205
1206 if(xroute && (!route || xroute->metric <= kernel_metric)) {
>>> CID 743089: Memory - corruptions (OVERRUN)
>>> Overrunning array "myid" of 8 bytes by passing it to a function which accesses it at byte offset 15.
1207 really_send_update(ifp, myid,
1208 xroute->prefix, xroute->plen,
1209 myseqno, xroute->metric,
1210 NULL, 0);
1211 last_prefix = xroute->prefix;
1212 last_plen = xroute->plen;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeHs8691VOJpZofPkpp-2BRBqc-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJm2hW8MDCcrLHnLvc-2F2np4DLB1tH8Loh3R0xnqNz7FX0FIVTFL0DxL5GkhNwS5av7AZBj4Wnauimdls-2B1zezXbfbzhsuUNzjs4RB-2FbJBwYCM7PzOEV1m8H-2BrqcpKDxgBqqCQEu2xto9ZG1RbWEOqfkqN99uAwNTLzha32LZSo-2BwQg-3D-3D
To manage Coverity Scan email notifications for "frr at lists.nox.tf", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4lcTWm1Zma8LQDNpOYqrETKrqBiM18kcBcL8b08LzBPOYJYGySZ4Vv7d5QYcnSbGxl3QyORKgEmDxh-2BE2mj6dp1V4JSs2jbMZuLnEQJOW0Z0-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJm2hW8MDCcrLHnLvc-2F2np4D9-2FSDyJXvpYtfSE8tcBG6bDEnRAmoTbNkKtAsfS-2BSJaoui-2FRCb7s2YGBCTyDqxIW3S1d4qcVYa9AAD5Z0SGf59rj085ylXKdDpEFGP7J339TfJfREnc5EEZP-2FyRvksBAB3-2BKNZwUTktgnQhwbOtelmA-3D-3D
More information about the dev
mailing list