[dev] New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Fri Dec 21 21:59:08 EST 2018
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
13 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 13 of 13 defect(s)
** CID 1475951: Error handling issues (CHECKED_RETURN)
/ripngd/ripng_northbound.c: 111 in ripngd_instance_default_information_originate_modify()
________________________________________________________________________________________________________
*** CID 1475951: Error handling issues (CHECKED_RETURN)
/ripngd/ripng_northbound.c: 111 in ripngd_instance_default_information_originate_modify()
105 struct prefix_ipv6 p;
106
107 if (event != NB_EV_APPLY)
108 return NB_OK;
109
110 default_information = yang_dnode_get_bool(dnode, NULL);
>>> CID 1475951: Error handling issues (CHECKED_RETURN)
>>> Calling "str2prefix_ipv6" without checking return value (as is done elsewhere 31 out of 32 times).
111 str2prefix_ipv6("::/0", &p);
112 if (default_information) {
113 ripng_redistribute_add(ZEBRA_ROUTE_RIPNG, RIPNG_ROUTE_DEFAULT,
114 &p, 0, NULL, 0);
115 } else {
116 ripng_redistribute_delete(ZEBRA_ROUTE_RIPNG,
** CID 1475950: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1475950: Null pointer dereferences (FORWARD_NULL)
/isisd/isis_cli_clippy.c: 1643 in isis_default_originate()
1637 }
1638 #if 1 /* anything that can fail? */
1639 if (_failcnt)
1640 return CMD_WARNING;
1641 #endif
1642 #endif
>>> CID 1475950: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "ip" to "isis_default_originate_magic", which dereferences it.
1643 return isis_default_originate_magic(self, vty, argc, argv, no, ip, level, always, metric, metric_str, rmap);
1644 }
1645
1646 /* isis_redistribute => "[no] redistribute <ipv4|ipv6>$ip ROTO_REDIST_ST$proto <level-1|level-2>$level [<metric (0-16777215)|route-map WORD>]" */
1647 DEFUN_CMD_FUNC_DECL(isis_redistribute)
1648 #define funcdecl_isis_redistribute static int isis_redistribute_magic(\
** CID 1475949: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1475949: Null pointer dereferences (FORWARD_NULL)
/isisd/isis_cli_clippy.c: 2575 in isis_circuit_type()
2569 }
2570 #if 0 /* anything that can fail? */
2571 if (_failcnt)
2572 return CMD_WARNING;
2573 #endif
2574 #endif
>>> CID 1475949: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "type" to "isis_circuit_type_magic", which dereferences it.
2575 return isis_circuit_type_magic(self, vty, argc, argv, type);
2576 }
2577
2578 /* no_isis_circuit_type => "no isis circuit-type [level-1|level-1-2|level-2-only]" */
2579 DEFUN_CMD_FUNC_DECL(no_isis_circuit_type)
2580 #define funcdecl_no_isis_circuit_type static int no_isis_circuit_type_magic(\
** CID 1475948: Security best practices violations (DC.WEAK_CRYPTO)
/watchfrr/watchfrr.c: 816 in phase_check()
________________________________________________________________________________________________________
*** CID 1475948: Security best practices violations (DC.WEAK_CRYPTO)
/watchfrr/watchfrr.c: 816 in phase_check()
810 return;
811
812 /* startup complete, everything out of INIT */
813 gs.phase = PHASE_NONE;
814 for (dmn = gs.daemons; dmn; dmn = dmn->next)
815 if (dmn->state == DAEMON_DOWN) {
>>> CID 1475948: Security best practices violations (DC.WEAK_CRYPTO)
>>> "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
816 SET_WAKEUP_DOWN(dmn);
817 try_restart(dmn);
818 }
819 break;
820 case PHASE_STOPS_PENDING:
821 if (gs.numpids)
** CID 1475947: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1475947: Null pointer dereferences (FORWARD_NULL)
/lib/northbound_cli_clippy.c: 861 in show_yang_operational_data()
855 }
856 #if 0 /* anything that can fail? */
857 if (_failcnt)
858 return CMD_WARNING;
859 #endif
860 #endif
>>> CID 1475947: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "xpath" to "show_yang_operational_data_magic", which dereferences it.
861 return show_yang_operational_data_magic(self, vty, argc, argv, xpath, json, xml, translator_family);
862 }
863
864 /* show_yang_module => "show yang module [module-translator WORD$translator_family]" */
865 DEFUN_CMD_FUNC_DECL(show_yang_module)
866 #define funcdecl_show_yang_module static int show_yang_module_magic(\
** CID 1475946: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1475946: Null pointer dereferences (FORWARD_NULL)
/isisd/isis_cli_clippy.c: 309 in is_type()
303 }
304 #if 0 /* anything that can fail? */
305 if (_failcnt)
306 return CMD_WARNING;
307 #endif
308 #endif
>>> CID 1475946: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "level" to "is_type_magic", which dereferences it.
309 return is_type_magic(self, vty, argc, argv, level);
310 }
311
312 /* no_is_type => "no is-type [<level-1|level-1-2|level-2-only>]" */
313 DEFUN_CMD_FUNC_DECL(no_is_type)
314 #define funcdecl_no_is_type static int no_is_type_magic(\
** CID 1475945: Possible Control flow issues (DEADCODE)
/lib/vrf.c: 911 in vrf_set_default_name()
________________________________________________________________________________________________________
*** CID 1475945: Possible Control flow issues (DEADCODE)
/lib/vrf.c: 911 in vrf_set_default_name()
905 if (def_vrf && !force && def_vrf_forced) {
906 zlog_debug("VRF: %s, avoid changing name to %s, previously forced (%u)",
907 def_vrf->name, default_name,
908 def_vrf->vrf_id);
909 return;
910 }
>>> CID 1475945: Possible Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "vrf_with_default_name != def_vrf" inside this statement: "if (vrf_with_default_name &...".
911 if (vrf_with_default_name && vrf_with_default_name != def_vrf) {
912 /* vrf name already used by an other VRF */
913 zlog_debug("VRF: %s, avoid changing name to %s, same name exists (%u)",
914 vrf_with_default_name->name, default_name,
915 vrf_with_default_name->vrf_id);
916 return;
** CID 1475944: Security best practices violations (DC.WEAK_CRYPTO)
/watchfrr/watchfrr.c: 528 in restart_done()
________________________________________________________________________________________________________
*** CID 1475944: Security best practices violations (DC.WEAK_CRYPTO)
/watchfrr/watchfrr.c: 528 in restart_done()
522 zlog_warn("wtf?");
523 return;
524 }
525 if (dmn->t_wakeup)
526 THREAD_OFF(dmn->t_wakeup);
527 if (try_connect(dmn) < 0)
>>> CID 1475944: Security best practices violations (DC.WEAK_CRYPTO)
>>> "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
528 SET_WAKEUP_DOWN(dmn);
529 }
530
531 static void daemon_down(struct daemon *dmn, const char *why)
532 {
533 if (IS_UP(dmn) || (dmn->state == DAEMON_INIT))
** CID 1475943: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1475943: Null pointer dereferences (FORWARD_NULL)
/isisd/isis_cli_clippy.c: 1769 in isis_topology()
1763 }
1764 #if 0 /* anything that can fail? */
1765 if (_failcnt)
1766 return CMD_WARNING;
1767 #endif
1768 #endif
>>> CID 1475943: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "topology" to "isis_topology_magic", which dereferences it.
1769 return isis_topology_magic(self, vty, argc, argv, no, topology, overload);
1770 }
1771
1772 /* isis_passive => "[no] isis passive" */
1773 DEFUN_CMD_FUNC_DECL(isis_passive)
1774 #define funcdecl_isis_passive static int isis_passive_magic(\
** CID 1475942: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1475942: Null pointer dereferences (FORWARD_NULL)
/isisd/isis_cli_clippy.c: 2532 in circuit_topology()
2526 }
2527 #if 0 /* anything that can fail? */
2528 if (_failcnt)
2529 return CMD_WARNING;
2530 #endif
2531 #endif
>>> CID 1475942: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "topology" to "circuit_topology_magic", which dereferences it.
2532 return circuit_topology_magic(self, vty, argc, argv, no, topology);
2533 }
2534
2535 /* isis_circuit_type => "isis circuit-type <level-1|level-1-2|level-2-only>$type" */
2536 DEFUN_CMD_FUNC_DECL(isis_circuit_type)
2537 #define funcdecl_isis_circuit_type static int isis_circuit_type_magic(\
** CID 1475941: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1475941: Null pointer dereferences (FORWARD_NULL)
/isisd/isis_cli_clippy.c: 218 in no_ip_router_isis()
212 }
213 #if 0 /* anything that can fail? */
214 if (_failcnt)
215 return CMD_WARNING;
216 #endif
217 #endif
>>> CID 1475941: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "ip" to "no_ip_router_isis_magic", which dereferences it.
218 return no_ip_router_isis_magic(self, vty, argc, argv, ip, tag);
219 }
220
221 /* net => "[no] net WORD" */
222 DEFUN_CMD_FUNC_DECL(net)
223 #define funcdecl_net static int net_magic(\
** CID 1475940: (REVERSE_INULL)
/lib/northbound_cli.c: 111 in nb_cli_apply_changes()
/lib/northbound_cli.c: 114 in nb_cli_apply_changes()
________________________________________________________________________________________________________
*** CID 1475940: (REVERSE_INULL)
/lib/northbound_cli.c: 111 in nb_cli_apply_changes()
105 char xpath[XPATH_MAXLEN];
106 struct yang_data *data;
107
108 /* Handle relative XPaths. */
109 memset(xpath, 0, sizeof(xpath));
110 if (vty->xpath_index > 0
>>> CID 1475940: (REVERSE_INULL)
>>> Null-checking "xpath_base_fmt" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
111 && ((xpath_base_fmt && xpath_base[0] == '.')
112 || change->xpath[0] == '.'))
113 strlcpy(xpath, VTY_CURR_XPATH, sizeof(xpath));
114 if (xpath_base_fmt) {
115 if (xpath_base[0] == '.')
116 strlcat(xpath, xpath_base + 1, sizeof(xpath));
/lib/northbound_cli.c: 114 in nb_cli_apply_changes()
108 /* Handle relative XPaths. */
109 memset(xpath, 0, sizeof(xpath));
110 if (vty->xpath_index > 0
111 && ((xpath_base_fmt && xpath_base[0] == '.')
112 || change->xpath[0] == '.'))
113 strlcpy(xpath, VTY_CURR_XPATH, sizeof(xpath));
>>> CID 1475940: (REVERSE_INULL)
>>> Null-checking "xpath_base_fmt" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
114 if (xpath_base_fmt) {
115 if (xpath_base[0] == '.')
116 strlcat(xpath, xpath_base + 1, sizeof(xpath));
117 else
118 strlcat(xpath, xpath_base, sizeof(xpath));
119 }
** CID 1475939: Memory - illegal accesses (BUFFER_SIZE_WARNING)
/isisd/isis_northbound.c: 2097 in lib_interface_isis_password_password_modify()
________________________________________________________________________________________________________
*** CID 1475939: Memory - illegal accesses (BUFFER_SIZE_WARNING)
/isisd/isis_northbound.c: 2097 in lib_interface_isis_password_password_modify()
2091 if (event != NB_EV_APPLY)
2092 return NB_OK;
2093
2094 password = yang_dnode_get_string(dnode, NULL);
2095 circuit = yang_dnode_get_entry(dnode, true);
2096 circuit->passwd.len = strlen(password);
>>> CID 1475939: Memory - illegal accesses (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 255 bytes on destination array "circuit->passwd.passwd" of size 255 bytes might leave the destination string unterminated.
2097 strncpy((char *)circuit->passwd.passwd, password, 255);
2098
2099 return NB_OK;
2100 }
2101
2102 /*
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeHs8691VOJpZofPkpp-2BRBqc-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJkHinZ6TvcFlJ9SoqXLMp3MfUqvcBsUFcyM8iyT-2BtMh-2F7-2FLm4BVyAodmSxh-2F12nvJqhVWgYTFSkzvcXvXi-2FKFkPocPmJvQtgsmnCceEwdgrJTw7n6VdiW-2Bk99BHoH1C0v2nYjhpkn0rl4R4kJDHrXYw0yp2wICeltuu5BPWGcOgvA-3D-3D
More information about the dev
mailing list