[dev] New Defects reported by Coverity Scan for freerangerouting/frr

Fri Apr 6 14:51:21 EDT 2018

Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

2 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 1467487:    (RESOURCE_LEAK)
/ospf6d/ospf6_intra.c: 1720 in ospf6_intra_prefix_lsa_remove()
/ospf6d/ospf6_intra.c: 1914 in ospf6_intra_prefix_lsa_remove()

________________________________________________________________________________________________________
*** CID 1467487:    (RESOURCE_LEAK)
/ospf6d/ospf6_intra.c: 1720 in ospf6_intra_prefix_lsa_remove()
1714     		if (prefix_num == 0)
1715     			break;
1716     		if (end < current + OSPF6_PREFIX_SIZE(op))
1717     			break;
1718     		prefix_num--;
1719     
>>>     CID 1467487:    (RESOURCE_LEAK)
>>>     Overwriting "route_to_del" in "route_to_del = ospf6_route_create()" leaks the storage that "route_to_del" points to.
1720     		route_to_del = ospf6_route_create();
1721     
1722     		memset(&route_to_del->prefix, 0, sizeof(struct prefix));
1723     		route_to_del->prefix.family = AF_INET6;
1724     		route_to_del->prefix.prefixlen = op->prefix_length;
1725     		ospf6_prefix_in6_addr(&route_to_del->prefix.u.prefix6, op);
/ospf6d/ospf6_intra.c: 1914 in ospf6_intra_prefix_lsa_remove()
1908     
1909     		ospf6_route_delete(route_to_del);
1910     	}
1911     
1912     	if (current != end && IS_OSPF6_DEBUG_EXAMIN(INTRA_PREFIX))
1913     		zlog_debug("Trailing garbage ignored");
>>>     CID 1467487:    (RESOURCE_LEAK)
>>>     Variable "route_to_del" going out of scope leaks the storage it points to.
1914     }
1915     
1916     void ospf6_intra_route_calculation(struct ospf6_area *oa)
1917     {
1918     	struct ospf6_route *route, *nroute;
1919     	uint16_t type;

** CID 1467486:  Null pointer dereferences  (REVERSE_INULL)
/bgpd/bgp_mplsvpn.c: 475 in leak_update()

________________________________________________________________________________________________________
*** CID 1467486:  Null pointer dereferences  (REVERSE_INULL)
/bgpd/bgp_mplsvpn.c: 475 in leak_update()
469     	/*
470     	 * nexthop tracking for unicast routes
471     	 */
472     	struct bgp *bgp_nexthop = bgp;
473     	int nh_valid;
474     
>>>     CID 1467486:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "new->extra" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
475     	if (new->extra && new->extra->bgp_orig)
476     		bgp_nexthop = new->extra->bgp_orig;
477     
478     	/*
479     	 * No nexthop tracking for redistributed routes because
480     	 * their originating protocols will do the tracking and

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeHs8691VOJpZofPkpp-2BRBqc-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJknwudaqFnEB73p-2FH6WpSGZHR2f0vNhQC-2FjJLpXjCLmHfEsNlIsLkPrP7Hq-2FL0O0Wf-2BUAIu99mr8QFcWGKIfutuh4XHxSHDLx4lQ3i1-2BMaUuFP6LVv-2FOqtjsATXw3u-2BCQAgOSLTvxHsixmUnWm0DBdPKKtVJ066JdamZ18ZnlOxTA-3D-3D