[dev] New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Wed Oct 31 20:29:46 EDT 2018


Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

4 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)


** CID 1475322:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1475322:  Null pointer dereferences  (FORWARD_NULL)
/ripd/rip_cli_clippy.c: 1531 in ip_rip_authentication_mode()
1525     	}
1526     #if 0 /* anything that can fail? */
1527     	if (_failcnt)
1528     		return CMD_WARNING;
1529     #endif
1530     #endif
>>>     CID 1475322:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "mode" to "ip_rip_authentication_mode_magic", which dereferences it.
1531     	return ip_rip_authentication_mode_magic(self, vty, argc, argv, mode, auth_length);
1532     }
1533     
1534     /* no_ip_rip_authentication_mode => "no ip rip authentication mode [<md5 [auth-length <rfc|old-ripd>]|text>]" */
1535     DEFUN_CMD_FUNC_DECL(no_ip_rip_authentication_mode)
1536     #define funcdecl_no_ip_rip_authentication_mode static int no_ip_rip_authentication_mode_magic(\

** CID 1475321:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1475321:  Null pointer dereferences  (FORWARD_NULL)
/lib/northbound_cli_clippy.c: 672 in yang_module_translator_unload_family()
666     	}
667     #if 0 /* anything that can fail? */
668     	if (_failcnt)
669     		return CMD_WARNING;
670     #endif
671     #endif
>>>     CID 1475321:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "translator_family" to "yang_module_translator_unload_family_magic", which dereferences it.
672     	return yang_module_translator_unload_family_magic(self, vty, argc, argv, translator_family);
673     }
674     
675     /* show_config_transaction => "show configuration transaction          [	    (1-4294967296)$transaction_id	    [<json$json|xml$xml> [translate WORD$translator_family]]            [<	      with-defaults$with_defaults	      |changes$changes	     >]	  ]" */
676     DEFUN_CMD_FUNC_DECL(show_config_transaction)
677     #define funcdecl_show_config_transaction static int show_config_transaction_magic(\

** CID 1475320:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1475320:  Null pointer dereferences  (FORWARD_NULL)
/ripd/rip_cli_clippy.c: 1612 in ip_rip_authentication_string()
1606     	}
1607     #if 0 /* anything that can fail? */
1608     	if (_failcnt)
1609     		return CMD_WARNING;
1610     #endif
1611     #endif
>>>     CID 1475320:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "password" to "ip_rip_authentication_string_magic", which dereferences it.
1612     	return ip_rip_authentication_string_magic(self, vty, argc, argv, password);
1613     }
1614     
1615     /* no_ip_rip_authentication_string => "no ip rip authentication string [LINE]" */
1616     DEFUN_CMD_FUNC_DECL(no_ip_rip_authentication_string)
1617     #define funcdecl_no_ip_rip_authentication_string static int no_ip_rip_authentication_string_magic(\

** CID 1475319:  Security best practices violations  (SECURE_TEMP)
/lib/northbound_cli.c: 419 in nb_write_config()


________________________________________________________________________________________________________
*** CID 1475319:  Security best practices violations  (SECURE_TEMP)
/lib/northbound_cli.c: 419 in nb_write_config()
413     {
414     	int fd;
415     	struct vty *file_vty;
416     	int ret = 0;
417     
418     	snprintf(path, pathlen, "/tmp/frr.tmp.XXXXXXXX");
>>>     CID 1475319:  Security best practices violations  (SECURE_TEMP)
>>>     Calling "mkstemp" without securely setting umask first.
419     	fd = mkstemp(path);
420     	if (fd < 0) {
421     		flog_warn(EC_LIB_SYSTEM_CALL, "%s: mkstemp() failed: %s",
422     			  __func__, safe_strerror(errno));
423     		return -1;
424     	}


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeHs8691VOJpZofPkpp-2BRBqc-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJkfXLmVqswCNMlUpaS6y-2Fjl3lI8z-2FooUImmpK6X3BcStaUQdfrgYHRpCGEi6YZpirSWVJzQD7zG0iwsCnEhfPV8zYMngn-2F4lWaoBHZUa9f9dAyQT8gUMmrISLP4vZxHP0y5MS8Korvgj2wiX-2BZzXnzEHu-2BC10EdQwnuQh4Qy1Ti8g-3D-3D




More information about the dev mailing list