[dev] New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Sun Nov 12 14:29:28 EST 2017
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
2 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1461328: Security best practices violations (TOCTOU)
/lib/command.c: 1668 in file_write_config()
________________________________________________________________________________________________________
*** CID 1461328: Security best practices violations (TOCTOU)
/lib/command.c: 1668 in file_write_config()
1662 if (errno != ENOENT) {
1663 vty_out(vty,
1664 "Can't unlink backup configuration file %s.\n",
1665 config_file_sav);
1666 goto finished;
1667 }
>>> CID 1461328: Security best practices violations (TOCTOU)
>>> Calling function "link" that uses "config_file" after a check function. This can cause a time-of-check, time-of-use race condition.
1668 if (link(config_file, config_file_sav) != 0) {
1669 vty_out(vty,
1670 "Can't backup old configuration file %s.\n",
1671 config_file_sav);
1672 goto finished;
1673 }
** CID 1461327: Security best practices violations (SECURE_TEMP)
/lib/command.c: 1636 in file_write_config()
________________________________________________________________________________________________________
*** CID 1461327: Security best practices violations (SECURE_TEMP)
/lib/command.c: 1636 in file_write_config()
1630
1631
1632 config_file_tmp = XMALLOC(MTYPE_TMP, strlen(config_file) + 8);
1633 sprintf(config_file_tmp, "%s.XXXXXX", config_file);
1634
1635 /* Open file to configuration write. */
>>> CID 1461327: Security best practices violations (SECURE_TEMP)
>>> Calling "mkstemp" without securely setting umask first.
1636 fd = mkstemp(config_file_tmp);
1637 if (fd < 0) {
1638 vty_out(vty, "Can't open configuration file %s.\n",
1639 config_file_tmp);
1640 goto finished;
1641 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeHs8691VOJpZofPkpp-2BRBqc-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJl7s4Wc-2BVrrowtE0MQxARimu2QGssK3k6KIB0jgXSPZADXQjyhQeGNphWGdfL5WEY6pgUA60AUKuoySfvAQ1bc3ooXFMThdov-2ByZkAOJ3gQ4c2xY3uaUBTXjud4Fv024nAjgSew401s9WjpgbAbhHJkgC-2B6jwxk7-2FujQ4kvpF6cMA-3D-3D
To manage Coverity Scan email notifications for "frr at lists.nox.tf", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4lcTWm1Zma8LQDNpOYqrETKrqBiM18kcBcL8b08LzBPOYJYGySZ4Vv7d5QYcnSbGxl3QyORKgEmDxh-2BE2mj6dp1V4JSs2jbMZuLnEQJOW0Z0-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJl7s4Wc-2BVrrowtE0MQxARim83eklNu5Zz6Mkeq6-2BKGKRVSXYTzkDDlVtxVSEmrkvqTgJhmyCGxXioIwc49iR8Lff1xXT1kt-2F-2BD8rfsAivnH1aiSkXMgio5Jr2cs5pyg-2BjuwHEZ3OisqRgi82SR0w79Wqd-2FgNpgwVIS1C40dzDGeoQ-3D-3D
More information about the dev
mailing list