[dev] New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Fri Dec 21 21:59:08 EST 2018


Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

13 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 13 of 13 defect(s)


** CID 1475951:  Error handling issues  (CHECKED_RETURN)
/ripngd/ripng_northbound.c: 111 in ripngd_instance_default_information_originate_modify()


________________________________________________________________________________________________________
*** CID 1475951:  Error handling issues  (CHECKED_RETURN)
/ripngd/ripng_northbound.c: 111 in ripngd_instance_default_information_originate_modify()
105     	struct prefix_ipv6 p;
106     
107     	if (event != NB_EV_APPLY)
108     		return NB_OK;
109     
110     	default_information = yang_dnode_get_bool(dnode, NULL);
>>>     CID 1475951:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "str2prefix_ipv6" without checking return value (as is done elsewhere 31 out of 32 times).
111     	str2prefix_ipv6("::/0", &p);
112     	if (default_information) {
113     		ripng_redistribute_add(ZEBRA_ROUTE_RIPNG, RIPNG_ROUTE_DEFAULT,
114     				       &p, 0, NULL, 0);
115     	} else {
116     		ripng_redistribute_delete(ZEBRA_ROUTE_RIPNG,

** CID 1475950:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1475950:  Null pointer dereferences  (FORWARD_NULL)
/isisd/isis_cli_clippy.c: 1643 in isis_default_originate()
1637     	}
1638     #if 1 /* anything that can fail? */
1639     	if (_failcnt)
1640     		return CMD_WARNING;
1641     #endif
1642     #endif
>>>     CID 1475950:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "ip" to "isis_default_originate_magic", which dereferences it.
1643     	return isis_default_originate_magic(self, vty, argc, argv, no, ip, level, always, metric, metric_str, rmap);
1644     }
1645     
1646     /* isis_redistribute => "[no] redistribute <ipv4|ipv6>$ip ROTO_REDIST_ST$proto <level-1|level-2>$level [<metric (0-16777215)|route-map WORD>]" */
1647     DEFUN_CMD_FUNC_DECL(isis_redistribute)
1648     #define funcdecl_isis_redistribute static int isis_redistribute_magic(\

** CID 1475949:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1475949:  Null pointer dereferences  (FORWARD_NULL)
/isisd/isis_cli_clippy.c: 2575 in isis_circuit_type()
2569     	}
2570     #if 0 /* anything that can fail? */
2571     	if (_failcnt)
2572     		return CMD_WARNING;
2573     #endif
2574     #endif
>>>     CID 1475949:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "type" to "isis_circuit_type_magic", which dereferences it.
2575     	return isis_circuit_type_magic(self, vty, argc, argv, type);
2576     }
2577     
2578     /* no_isis_circuit_type => "no isis circuit-type [level-1|level-1-2|level-2-only]" */
2579     DEFUN_CMD_FUNC_DECL(no_isis_circuit_type)
2580     #define funcdecl_no_isis_circuit_type static int no_isis_circuit_type_magic(\

** CID 1475948:  Security best practices violations  (DC.WEAK_CRYPTO)
/watchfrr/watchfrr.c: 816 in phase_check()


________________________________________________________________________________________________________
*** CID 1475948:  Security best practices violations  (DC.WEAK_CRYPTO)
/watchfrr/watchfrr.c: 816 in phase_check()
810     				return;
811     
812     		/* startup complete, everything out of INIT */
813     		gs.phase = PHASE_NONE;
814     		for (dmn = gs.daemons; dmn; dmn = dmn->next)
815     			if (dmn->state == DAEMON_DOWN) {
>>>     CID 1475948:  Security best practices violations  (DC.WEAK_CRYPTO)
>>>     "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
816     				SET_WAKEUP_DOWN(dmn);
817     				try_restart(dmn);
818     			}
819     		break;
820     	case PHASE_STOPS_PENDING:
821     		if (gs.numpids)

** CID 1475947:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1475947:  Null pointer dereferences  (FORWARD_NULL)
/lib/northbound_cli_clippy.c: 861 in show_yang_operational_data()
855     	}
856     #if 0 /* anything that can fail? */
857     	if (_failcnt)
858     		return CMD_WARNING;
859     #endif
860     #endif
>>>     CID 1475947:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "xpath" to "show_yang_operational_data_magic", which dereferences it.
861     	return show_yang_operational_data_magic(self, vty, argc, argv, xpath, json, xml, translator_family);
862     }
863     
864     /* show_yang_module => "show yang module [module-translator WORD$translator_family]" */
865     DEFUN_CMD_FUNC_DECL(show_yang_module)
866     #define funcdecl_show_yang_module static int show_yang_module_magic(\

** CID 1475946:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1475946:  Null pointer dereferences  (FORWARD_NULL)
/isisd/isis_cli_clippy.c: 309 in is_type()
303     	}
304     #if 0 /* anything that can fail? */
305     	if (_failcnt)
306     		return CMD_WARNING;
307     #endif
308     #endif
>>>     CID 1475946:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "level" to "is_type_magic", which dereferences it.
309     	return is_type_magic(self, vty, argc, argv, level);
310     }
311     
312     /* no_is_type => "no is-type [<level-1|level-1-2|level-2-only>]" */
313     DEFUN_CMD_FUNC_DECL(no_is_type)
314     #define funcdecl_no_is_type static int no_is_type_magic(\

** CID 1475945:  Possible Control flow issues  (DEADCODE)
/lib/vrf.c: 911 in vrf_set_default_name()


________________________________________________________________________________________________________
*** CID 1475945:  Possible Control flow issues  (DEADCODE)
/lib/vrf.c: 911 in vrf_set_default_name()
905     	if (def_vrf && !force && def_vrf_forced) {
906     		zlog_debug("VRF: %s, avoid changing name to %s, previously forced (%u)",
907     			   def_vrf->name, default_name,
908     			   def_vrf->vrf_id);
909     		return;
910     	}
>>>     CID 1475945:  Possible Control flow issues  (DEADCODE)
>>>     Execution cannot reach the expression "vrf_with_default_name != def_vrf" inside this statement: "if (vrf_with_default_name &...".
911     	if (vrf_with_default_name && vrf_with_default_name != def_vrf) {
912     		/* vrf name already used by an other VRF */
913     		zlog_debug("VRF: %s, avoid changing name to %s, same name exists (%u)",
914     			   vrf_with_default_name->name, default_name,
915     			   vrf_with_default_name->vrf_id);
916     		return;

** CID 1475944:  Security best practices violations  (DC.WEAK_CRYPTO)
/watchfrr/watchfrr.c: 528 in restart_done()


________________________________________________________________________________________________________
*** CID 1475944:  Security best practices violations  (DC.WEAK_CRYPTO)
/watchfrr/watchfrr.c: 528 in restart_done()
522     		zlog_warn("wtf?");
523     		return;
524     	}
525     	if (dmn->t_wakeup)
526     		THREAD_OFF(dmn->t_wakeup);
527     	if (try_connect(dmn) < 0)
>>>     CID 1475944:  Security best practices violations  (DC.WEAK_CRYPTO)
>>>     "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
528     		SET_WAKEUP_DOWN(dmn);
529     }
530     
531     static void daemon_down(struct daemon *dmn, const char *why)
532     {
533     	if (IS_UP(dmn) || (dmn->state == DAEMON_INIT))

** CID 1475943:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1475943:  Null pointer dereferences  (FORWARD_NULL)
/isisd/isis_cli_clippy.c: 1769 in isis_topology()
1763     	}
1764     #if 0 /* anything that can fail? */
1765     	if (_failcnt)
1766     		return CMD_WARNING;
1767     #endif
1768     #endif
>>>     CID 1475943:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "topology" to "isis_topology_magic", which dereferences it.
1769     	return isis_topology_magic(self, vty, argc, argv, no, topology, overload);
1770     }
1771     
1772     /* isis_passive => "[no] isis passive" */
1773     DEFUN_CMD_FUNC_DECL(isis_passive)
1774     #define funcdecl_isis_passive static int isis_passive_magic(\

** CID 1475942:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1475942:  Null pointer dereferences  (FORWARD_NULL)
/isisd/isis_cli_clippy.c: 2532 in circuit_topology()
2526     	}
2527     #if 0 /* anything that can fail? */
2528     	if (_failcnt)
2529     		return CMD_WARNING;
2530     #endif
2531     #endif
>>>     CID 1475942:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "topology" to "circuit_topology_magic", which dereferences it.
2532     	return circuit_topology_magic(self, vty, argc, argv, no, topology);
2533     }
2534     
2535     /* isis_circuit_type => "isis circuit-type <level-1|level-1-2|level-2-only>$type" */
2536     DEFUN_CMD_FUNC_DECL(isis_circuit_type)
2537     #define funcdecl_isis_circuit_type static int isis_circuit_type_magic(\

** CID 1475941:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1475941:  Null pointer dereferences  (FORWARD_NULL)
/isisd/isis_cli_clippy.c: 218 in no_ip_router_isis()
212     	}
213     #if 0 /* anything that can fail? */
214     	if (_failcnt)
215     		return CMD_WARNING;
216     #endif
217     #endif
>>>     CID 1475941:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "ip" to "no_ip_router_isis_magic", which dereferences it.
218     	return no_ip_router_isis_magic(self, vty, argc, argv, ip, tag);
219     }
220     
221     /* net => "[no] net WORD" */
222     DEFUN_CMD_FUNC_DECL(net)
223     #define funcdecl_net static int net_magic(\

** CID 1475940:    (REVERSE_INULL)
/lib/northbound_cli.c: 111 in nb_cli_apply_changes()
/lib/northbound_cli.c: 114 in nb_cli_apply_changes()


________________________________________________________________________________________________________
*** CID 1475940:    (REVERSE_INULL)
/lib/northbound_cli.c: 111 in nb_cli_apply_changes()
105     		char xpath[XPATH_MAXLEN];
106     		struct yang_data *data;
107     
108     		/* Handle relative XPaths. */
109     		memset(xpath, 0, sizeof(xpath));
110     		if (vty->xpath_index > 0
>>>     CID 1475940:    (REVERSE_INULL)
>>>     Null-checking "xpath_base_fmt" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
111     		    && ((xpath_base_fmt && xpath_base[0] == '.')
112     			|| change->xpath[0] == '.'))
113     			strlcpy(xpath, VTY_CURR_XPATH, sizeof(xpath));
114     		if (xpath_base_fmt) {
115     			if (xpath_base[0] == '.')
116     				strlcat(xpath, xpath_base + 1, sizeof(xpath));
/lib/northbound_cli.c: 114 in nb_cli_apply_changes()
108     		/* Handle relative XPaths. */
109     		memset(xpath, 0, sizeof(xpath));
110     		if (vty->xpath_index > 0
111     		    && ((xpath_base_fmt && xpath_base[0] == '.')
112     			|| change->xpath[0] == '.'))
113     			strlcpy(xpath, VTY_CURR_XPATH, sizeof(xpath));
>>>     CID 1475940:    (REVERSE_INULL)
>>>     Null-checking "xpath_base_fmt" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
114     		if (xpath_base_fmt) {
115     			if (xpath_base[0] == '.')
116     				strlcat(xpath, xpath_base + 1, sizeof(xpath));
117     			else
118     				strlcat(xpath, xpath_base, sizeof(xpath));
119     		}

** CID 1475939:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
/isisd/isis_northbound.c: 2097 in lib_interface_isis_password_password_modify()


________________________________________________________________________________________________________
*** CID 1475939:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
/isisd/isis_northbound.c: 2097 in lib_interface_isis_password_password_modify()
2091     	if (event != NB_EV_APPLY)
2092     		return NB_OK;
2093     
2094     	password = yang_dnode_get_string(dnode, NULL);
2095     	circuit = yang_dnode_get_entry(dnode, true);
2096     	circuit->passwd.len = strlen(password);
>>>     CID 1475939:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
>>>     Calling strncpy with a maximum size argument of 255 bytes on destination array "circuit->passwd.passwd" of size 255 bytes might leave the destination string unterminated.
2097     	strncpy((char *)circuit->passwd.passwd, password, 255);
2098     
2099     	return NB_OK;
2100     }
2101     
2102     /*


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeHs8691VOJpZofPkpp-2BRBqc-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJkHinZ6TvcFlJ9SoqXLMp3MfUqvcBsUFcyM8iyT-2BtMh-2F7-2FLm4BVyAodmSxh-2F12nvJqhVWgYTFSkzvcXvXi-2FKFkPocPmJvQtgsmnCceEwdgrJTw7n6VdiW-2Bk99BHoH1C0v2nYjhpkn0rl4R4kJDHrXYw0yp2wICeltuu5BPWGcOgvA-3D-3D




More information about the dev mailing list