[dev] New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Thu Aug 2 09:51:58 EDT 2018
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
16 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
26 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 16 of 16 defect(s)
** CID 1472239: (RESOURCE_LEAK)
/bgpd/bgp_flowspec_vty.c: 361 in route_vty_out_flowspec()
/bgpd/bgp_flowspec_vty.c: 361 in route_vty_out_flowspec()
________________________________________________________________________________________________________
*** CID 1472239: (RESOURCE_LEAK)
/bgpd/bgp_flowspec_vty.c: 361 in route_vty_out_flowspec()
355 unit++;
356 }
357 if (unit)
358 vty_out(vty, ")");
359 vty_out(vty, "\n");
360 list_delete_all_node(list_bpm);
>>> CID 1472239: (RESOURCE_LEAK)
>>> Variable "list_bpm" going out of scope leaks the storage it points to.
361 } else
362 vty_out(vty, "\tnot installed in PBR\n");
363 }
364 }
365
366 int bgp_show_table_flowspec(struct vty *vty, struct bgp *bgp, afi_t afi,
/bgpd/bgp_flowspec_vty.c: 361 in route_vty_out_flowspec()
355 unit++;
356 }
357 if (unit)
358 vty_out(vty, ")");
359 vty_out(vty, "\n");
360 list_delete_all_node(list_bpm);
>>> CID 1472239: (RESOURCE_LEAK)
>>> Variable "list_bpm" going out of scope leaks the storage it points to.
361 } else
362 vty_out(vty, "\tnot installed in PBR\n");
363 }
364 }
365
366 int bgp_show_table_flowspec(struct vty *vty, struct bgp *bgp, afi_t afi,
** CID 1472238: Control flow issues (DEADCODE)
/bgpd/bgp_evpn_vty.c: 2831 in no_bgp_evpn_advertise_default_vni_gw()
________________________________________________________________________________________________________
*** CID 1472238: Control flow issues (DEADCODE)
/bgpd/bgp_evpn_vty.c: 2831 in no_bgp_evpn_advertise_default_vni_gw()
2825 VTY_DECLVAR_CONTEXT_SUB(bgpevpn, vpn);
2826
2827 if (!bgp)
2828 return CMD_WARNING;
2829
2830 if (!vpn)
>>> CID 1472238: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "return 1;".
2831 return CMD_WARNING;
2832
2833 evpn_unset_advertise_default_gw(bgp, vpn);
2834
2835 return CMD_SUCCESS;
2836 }
** CID 1472237: Null pointer dereferences (FORWARD_NULL)
/bgpd/bgp_table.c: 160 in bgp_table_range_lookup()
________________________________________________________________________________________________________
*** CID 1472237: Null pointer dereferences (FORWARD_NULL)
/bgpd/bgp_table.c: 160 in bgp_table_range_lookup()
154 break;
155 }
156 node = bgp_node_from_rnode(node->link[prefix_bit(
157 &p->u.prefix, node->p.prefixlen)]);
158 }
159
>>> CID 1472237: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "node".
160 if ((matched == NULL && node->p.prefixlen > maxlen) || !node->parent)
161 return;
162 else if (matched == NULL)
163 matched = node = bgp_node_from_rnode(node->parent);
164
165 if (matched->info) {
** CID 1472236: (NEGATIVE_RETURNS)
________________________________________________________________________________________________________
*** CID 1472236: (NEGATIVE_RETURNS)
/zebra/kernel_netlink.c: 1086 in kernel_init()
1080 if (fcntl(zns->netlink_cmd.sock, F_SETFL, O_NONBLOCK) < 0)
1081 zlog_err("Can't set %s socket error: %s(%d)",
1082 zns->netlink_cmd.name, safe_strerror(errno), errno);
1083
1084 /* Set receive buffer size if it's set from command line */
1085 if (nl_rcvbufsize)
>>> CID 1472236: (NEGATIVE_RETURNS)
>>> "zns->netlink.sock" is passed to a parameter that cannot be negative.
1086 netlink_recvbuf(&zns->netlink, nl_rcvbufsize);
1087
1088 netlink_install_filter(zns->netlink.sock,
1089 zns->netlink_cmd.snl.nl_pid);
1090 zns->t_netlink = NULL;
1091
/zebra/kernel_netlink.c: 1088 in kernel_init()
1082 zns->netlink_cmd.name, safe_strerror(errno), errno);
1083
1084 /* Set receive buffer size if it's set from command line */
1085 if (nl_rcvbufsize)
1086 netlink_recvbuf(&zns->netlink, nl_rcvbufsize);
1087
>>> CID 1472236: (NEGATIVE_RETURNS)
>>> "zns->netlink.sock" is passed to a parameter that cannot be negative.
1088 netlink_install_filter(zns->netlink.sock,
1089 zns->netlink_cmd.snl.nl_pid);
1090 zns->t_netlink = NULL;
1091
1092 thread_add_read(zebrad.master, kernel_read, zns,
1093 zns->netlink.sock, &zns->t_netlink);
** CID 1472235: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1472235: Null pointer dereferences (FORWARD_NULL)
/bgpd/bgp_debug_clippy.c: 114 in no_debug_bgp_update_prefix_afi_safi()
108 }
109 #if 0 /* anything that can fail? */
110 if (_failcnt)
111 return CMD_WARNING;
112 #endif
113 #endif
>>> CID 1472235: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "afi" to "no_debug_bgp_update_prefix_afi_safi_magic", which dereferences it.
114 return no_debug_bgp_update_prefix_afi_safi_magic(self, vty, argc, argv, afi, safi, mac, ip);
** CID 1472234: Error handling issues (CHECKED_RETURN)
/pimd/pim_rp.c: 855 in pim_rp_g()
________________________________________________________________________________________________________
*** CID 1472234: Error handling issues (CHECKED_RETURN)
/pimd/pim_rp.c: 855 in pim_rp_g()
849 prefix2str(&g, buf1, sizeof(buf1));
850 zlog_debug(
851 "%s: Nexthop cache not found for RP %s grp %s register with Zebra",
852 __PRETTY_FUNCTION__, buf, buf1);
853 }
854 pim_rpf_set_refresh_time(pim);
>>> CID 1472234: Error handling issues (CHECKED_RETURN)
>>> Calling "pim_ecmp_nexthop_lookup" without checking return value (as is done elsewhere 6 out of 7 times).
855 pim_ecmp_nexthop_lookup(pim,
856 &rp_info->rp.source_nexthop,
857 &nht_p, &rp_info->group, 1);
858 }
859 return (&rp_info->rp);
860 }
** CID 1472233: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1472233: Null pointer dereferences (FORWARD_NULL)
/bgpd/bgp_debug_clippy.c: 56 in debug_bgp_update_prefix_afi_safi()
50 }
51 #if 0 /* anything that can fail? */
52 if (_failcnt)
53 return CMD_WARNING;
54 #endif
55 #endif
>>> CID 1472233: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "afi" to "debug_bgp_update_prefix_afi_safi_magic", which dereferences it.
56 return debug_bgp_update_prefix_afi_safi_magic(self, vty, argc, argv, afi, safi, mac, ip);
57 }
58
59 /* no_debug_bgp_update_prefix_afi_safi => "no debug bgp updates prefix <l2vpn>$afi <evpn>$safi type <macip mac WORD [ip WORD]|multicast ip WORD |prefix ip WORD>" */
60 DEFUN_CMD_FUNC_DECL(no_debug_bgp_update_prefix_afi_safi)
61 #define funcdecl_no_debug_bgp_update_prefix_afi_safi static int no_debug_bgp_update_prefix_afi_safi_magic(\
** CID 1472232: Error handling issues (CHECKED_RETURN)
/bgpd/bgp_route.c: 5204 in bgp_static_set_safi()
________________________________________________________________________________________________________
*** CID 1472232: Error handling issues (CHECKED_RETURN)
/bgpd/bgp_route.c: 5204 in bgp_static_set_safi()
5198 sizeof(struct eth_segment_id));
5199 str2esi(esi, bgp_static->eth_s_id);
5200 }
5201 if (routermac) {
5202 bgp_static->router_mac =
5203 XCALLOC(MTYPE_ATTR, ETH_ALEN + 1);
>>> CID 1472232: Error handling issues (CHECKED_RETURN)
>>> Calling "prefix_str2mac" without checking return value (as is done elsewhere 6 out of 7 times).
5204 prefix_str2mac(routermac,
5205 bgp_static->router_mac);
5206 }
5207 if (gwip)
5208 prefix_copy(&bgp_static->gatewayIp, &gw_ip);
5209 }
** CID 1472231: Control flow issues (DEADCODE)
/bgpd/bgp_evpn_vty.c: 2811 in bgp_evpn_advertise_default_gw_vni()
________________________________________________________________________________________________________
*** CID 1472231: Control flow issues (DEADCODE)
/bgpd/bgp_evpn_vty.c: 2811 in bgp_evpn_advertise_default_gw_vni()
2805 VTY_DECLVAR_CONTEXT_SUB(bgpevpn, vpn);
2806
2807 if (!bgp)
2808 return CMD_WARNING;
2809
2810 if (!vpn)
>>> CID 1472231: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "return 1;".
2811 return CMD_WARNING;
2812
2813 evpn_set_advertise_default_gw(bgp, vpn);
2814
2815 return CMD_SUCCESS;
2816 }
** CID 1472230: Control flow issues (DEADCODE)
/bgpd/bgp_evpn_vty.c: 2976 in bgp_evpn_advertise_vni_subnet()
________________________________________________________________________________________________________
*** CID 1472230: Control flow issues (DEADCODE)
/bgpd/bgp_evpn_vty.c: 2976 in bgp_evpn_advertise_vni_subnet()
2970 VTY_DECLVAR_CONTEXT_SUB(bgpevpn, vpn);
2971
2972 if (!bgp)
2973 return CMD_WARNING;
2974
2975 if (!vpn)
>>> CID 1472230: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "return 1;".
2976 return CMD_WARNING;
2977
2978 bgp_vrf = bgp_lookup_by_vrf_id(vpn->tenant_vrf_id);
2979 if (!bgp_vrf)
2980 return CMD_WARNING;
2981
** CID 1472229: (RETURN_LOCAL)
/bgpd/bgp_updgrp_adv.c: 766 in subgroup_default_originate()
/bgpd/bgp_updgrp_adv.c: 771 in subgroup_default_originate()
/bgpd/bgp_updgrp_adv.c: 792 in subgroup_default_originate()
________________________________________________________________________________________________________
*** CID 1472229: (RETURN_LOCAL)
/bgpd/bgp_updgrp_adv.c: 766 in subgroup_default_originate()
760 UNSET_FLAG(subgrp->sflags, SUBGRP_STATUS_DEFAULT_ORIGINATE);
761 } else {
762 if (!CHECK_FLAG(subgrp->sflags,
763 SUBGRP_STATUS_DEFAULT_ORIGINATE)) {
764
765 if (bgp_flag_check(bgp, BGP_FLAG_GRACEFUL_SHUTDOWN)) {
>>> CID 1472229: (RETURN_LOCAL)
>>> Using "info", which points to an out-of-scope variable "tmp_info".
766 bgp_attr_add_gshut_community(info->attr);
767 }
768
769 SET_FLAG(subgrp->sflags,
770 SUBGRP_STATUS_DEFAULT_ORIGINATE);
771 subgroup_default_update_packet(subgrp, info->attr,
/bgpd/bgp_updgrp_adv.c: 771 in subgroup_default_originate()
765 if (bgp_flag_check(bgp, BGP_FLAG_GRACEFUL_SHUTDOWN)) {
766 bgp_attr_add_gshut_community(info->attr);
767 }
768
769 SET_FLAG(subgrp->sflags,
770 SUBGRP_STATUS_DEFAULT_ORIGINATE);
>>> CID 1472229: (RETURN_LOCAL)
>>> Using "info", which points to an out-of-scope variable "tmp_info".
771 subgroup_default_update_packet(subgrp, info->attr,
772 from);
773
774 /* The 'neighbor x.x.x.x default-originate' default will
775 * act as an
776 * implicit withdraw for any previous UPDATEs sent for
/bgpd/bgp_updgrp_adv.c: 792 in subgroup_default_originate()
786 &p, NULL);
787 bgp_adj_out_unset_subgroup(
788 rn, subgrp, 0,
789 BGP_ADDPATH_TX_ID_FOR_DEFAULT_ORIGINATE);
790 }
791 }
>>> CID 1472229: (RETURN_LOCAL)
>>> Using "info", which points to an out-of-scope variable "tmp_info".
792 aspath_unintern(&info->attr->aspath);
793 }
794
795 /*
796 * Announce the BGP table to a subgroup.
797 *
** CID 1472228: (RESOURCE_LEAK)
/bgpd/bgp_debug.c: 1504 in no_debug_bgp_update_prefix_afi_safi_magic()
/bgpd/bgp_debug.c: 1533 in no_debug_bgp_update_prefix_afi_safi_magic()
/bgpd/bgp_debug.c: 1533 in no_debug_bgp_update_prefix_afi_safi_magic()
________________________________________________________________________________________________________
*** CID 1472228: (RESOURCE_LEAK)
/bgpd/bgp_debug.c: 1504 in no_debug_bgp_update_prefix_afi_safi_magic()
1498 safiz = safi ? bgp_vty_safi_from_str(safi) : SAFI_UNICAST;
1499
1500 /* check for evpn route type */
1501 if (afiz == AFI_L2VPN && safiz == SAFI_EVPN) {
1502 ret = bgp_debug_parse_evpn_prefix(vty, argv, argc, &argv_p);
1503 if (ret != CMD_SUCCESS)
>>> CID 1472228: (RESOURCE_LEAK)
>>> Variable "argv_p" going out of scope leaks the storage it points to.
1504 return ret;
1505 } else {
1506 (void)str2prefix(argv[idx_ipv4_ipv6_prefixlen]->arg, argv_p);
1507 apply_mask(argv_p);
1508 }
1509
/bgpd/bgp_debug.c: 1533 in no_debug_bgp_update_prefix_afi_safi_magic()
1527 vty_out(vty, "BGP updates debugging is off for %s\n",
1528 argv[idx_ipv4_ipv6_prefixlen]->arg);
1529 else
1530 vty_out(vty, "BGP updates debugging was not enabled for %s\n",
1531 argv[idx_ipv4_ipv6_prefixlen]->arg);
1532
>>> CID 1472228: (RESOURCE_LEAK)
>>> Variable "argv_p" going out of scope leaks the storage it points to.
1533 return CMD_SUCCESS;
1534 }
1535
1536
1537 DEFUN (debug_bgp_update_prefix,
1538 debug_bgp_update_prefix_cmd,
/bgpd/bgp_debug.c: 1533 in no_debug_bgp_update_prefix_afi_safi_magic()
1527 vty_out(vty, "BGP updates debugging is off for %s\n",
1528 argv[idx_ipv4_ipv6_prefixlen]->arg);
1529 else
1530 vty_out(vty, "BGP updates debugging was not enabled for %s\n",
1531 argv[idx_ipv4_ipv6_prefixlen]->arg);
1532
>>> CID 1472228: (RESOURCE_LEAK)
>>> Variable "argv_p" going out of scope leaks the storage it points to.
1533 return CMD_SUCCESS;
1534 }
1535
1536
1537 DEFUN (debug_bgp_update_prefix,
1538 debug_bgp_update_prefix_cmd,
** CID 1472227: (DEADCODE)
/ospfd/ospf_lsa.c: 1899 in ospf_translated_nssa_refresh()
/ospfd/ospf_lsa.c: 1912 in ospf_translated_nssa_refresh()
/ospfd/ospf_lsa.c: 1921 in ospf_translated_nssa_refresh()
________________________________________________________________________________________________________
*** CID 1472227: (DEADCODE)
/ospfd/ospf_lsa.c: 1899 in ospf_translated_nssa_refresh()
1893 return NULL;
1894 }
1895
1896 /* do we have valid translated type5? */
1897 if (type5 == NULL || !CHECK_FLAG(type5->flags, OSPF_LSA_LOCAL_XLT)) {
1898 if (IS_DEBUG_OSPF_NSSA)
>>> CID 1472227: (DEADCODE)
>>> Execution cannot reach the expression ""(null)"" inside this statement: "zlog_debug("ospf_translated...".
1899 zlog_debug(
1900 "ospf_translated_nssa_refresh(): No translated Type-5 "
1901 "found for Type-7 with Id %s",
1902 type7 ? inet_ntoa(type7->data->id) : "(null)");
1903 return NULL;
1904 }
/ospfd/ospf_lsa.c: 1912 in ospf_translated_nssa_refresh()
1906 /* Delete LSA from neighbor retransmit-list. */
1907 ospf_ls_retransmit_delete_nbr_as(ospf, type5);
1908
1909 /* create new translated LSA */
1910 if ((new = ospf_lsa_translated_nssa_new(ospf, type7)) == NULL) {
1911 if (IS_DEBUG_OSPF_NSSA)
>>> CID 1472227: (DEADCODE)
>>> Execution cannot reach the expression ""(null)"" inside this statement: "zlog_debug("ospf_translated...".
1912 zlog_debug(
1913 "ospf_translated_nssa_refresh(): Could not translate "
1914 "Type-7 for %s to Type-5",
1915 type7 ? inet_ntoa(type7->data->id) : "(null)");
1916 return NULL;
1917 }
/ospfd/ospf_lsa.c: 1921 in ospf_translated_nssa_refresh()
1915 type7 ? inet_ntoa(type7->data->id) : "(null)");
1916 return NULL;
1917 }
1918
1919 if (!(new = ospf_lsa_install(ospf, NULL, new))) {
1920 if (IS_DEBUG_OSPF_NSSA)
>>> CID 1472227: (DEADCODE)
>>> Execution cannot reach the expression ""(null)"" inside this statement: "zlog_debug("ospf_translated...".
1921 zlog_debug(
1922 "ospf_translated_nssa_refresh(): Could not install "
1923 "translated LSA, Id %s",
1924 type7 ? inet_ntoa(type7->data->id) : "(null)");
1925 return NULL;
1926 }
** CID 1472226: (RESOURCE_LEAK)
/bgpd/bgp_debug.c: 1436 in debug_bgp_update_prefix_afi_safi_magic()
/bgpd/bgp_debug.c: 1449 in debug_bgp_update_prefix_afi_safi_magic()
/bgpd/bgp_debug.c: 1462 in debug_bgp_update_prefix_afi_safi_magic()
________________________________________________________________________________________________________
*** CID 1472226: (RESOURCE_LEAK)
/bgpd/bgp_debug.c: 1436 in debug_bgp_update_prefix_afi_safi_magic()
1430 safiz = safi ? bgp_vty_safi_from_str(safi) : SAFI_UNICAST;
1431
1432 /* check for evpn route type */
1433 if (afiz == AFI_L2VPN && safiz == SAFI_EVPN) {
1434 ret = bgp_debug_parse_evpn_prefix(vty, argv, argc, &argv_p);
1435 if (ret != CMD_SUCCESS)
>>> CID 1472226: (RESOURCE_LEAK)
>>> Variable "argv_p" going out of scope leaks the storage it points to.
1436 return ret;
1437 } else {
1438 (void)str2prefix(argv[idx_ipv4_ipv6_prefixlen]->arg, argv_p);
1439 apply_mask(argv_p);
1440 }
1441
/bgpd/bgp_debug.c: 1449 in debug_bgp_update_prefix_afi_safi_magic()
1443 bgp_debug_update_prefixes = list_new();
1444
1445 if (bgp_debug_list_has_entry(bgp_debug_update_prefixes, NULL, argv_p)) {
1446 vty_out(vty,
1447 "BGP updates debugging is already enabled for %s\n",
1448 argv[idx_ipv4_ipv6_prefixlen]->arg);
>>> CID 1472226: (RESOURCE_LEAK)
>>> Variable "argv_p" going out of scope leaks the storage it points to.
1449 return CMD_SUCCESS;
1450 }
1451
1452 bgp_debug_list_add_entry(bgp_debug_update_prefixes, NULL, argv_p);
1453
1454 if (vty->node == CONFIG_NODE) {
/bgpd/bgp_debug.c: 1462 in debug_bgp_update_prefix_afi_safi_magic()
1456 } else {
1457 TERM_DEBUG_ON(update, UPDATE_PREFIX);
1458 vty_out(vty, "BGP updates debugging is on for %s\n",
1459 argv[idx_ipv4_ipv6_prefixlen]->arg);
1460 }
1461
>>> CID 1472226: (RESOURCE_LEAK)
>>> Variable "argv_p" going out of scope leaks the storage it points to.
1462 return CMD_SUCCESS;
1463 }
1464
1465 DEFPY (no_debug_bgp_update_prefix_afi_safi,
1466 no_debug_bgp_update_prefix_afi_safi_cmd,
1467 "no debug bgp updates prefix <l2vpn>$afi <evpn>$safi type <macip mac WORD [ip WORD]|multicast ip WORD |prefix ip WORD>",
** CID 1472225: Control flow issues (DEADCODE)
/bgpd/bgp_evpn_vty.c: 2999 in no_bgp_evpn_advertise_vni_subnet()
________________________________________________________________________________________________________
*** CID 1472225: Control flow issues (DEADCODE)
/bgpd/bgp_evpn_vty.c: 2999 in no_bgp_evpn_advertise_vni_subnet()
2993 VTY_DECLVAR_CONTEXT_SUB(bgpevpn, vpn);
2994
2995 if (!bgp)
2996 return CMD_WARNING;
2997
2998 if (!vpn)
>>> CID 1472225: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "return 1;".
2999 return CMD_WARNING;
3000
3001 evpn_unset_advertise_subnet(bgp, vpn);
3002 return CMD_SUCCESS;
3003 }
3004
** CID 1302499: Control flow issues (DEADCODE)
/ospfd/ospf_lsa.c: 1889 in ospf_translated_nssa_refresh()
________________________________________________________________________________________________________
*** CID 1302499: Control flow issues (DEADCODE)
/ospfd/ospf_lsa.c: 1889 in ospf_translated_nssa_refresh()
1883 }
1884 }
1885
1886 /* do we have type7? */
1887 if (!type7) {
1888 if (IS_DEBUG_OSPF_NSSA)
>>> CID 1302499: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression ""(null)"" inside this statement: "zlog_debug("ospf_translated...".
1889 zlog_debug(
1890 "ospf_translated_nssa_refresh(): no Type-7 found for "
1891 "Type-5 LSA Id %s",
1892 type5 ? inet_ntoa(type5->data->id) : "(null)");
1893 return NULL;
1894 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeHs8691VOJpZofPkpp-2BRBqc-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJmp7jFy19T-2BEZ-2B7fm4UOYNt36XdWtNw5B9DF9gjXu8f0ndES1cU-2BquFDFGXrBMEs7AmBIjzXXGJ8ENIdthRgkslcuasbWhw7U4I43MSZbhAicvRgB3eTrEcoULOPSDFm70kK-2B58xwmGVMssf2Ra4f-2BUXcz6s5aNaOeBWuq-2FtndWOA-3D-3D
More information about the dev
mailing list