[dev] New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Wed Mar 20 14:01:15 EDT 2019


Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

2 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
8 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 1479155:  Uninitialized variables  (UNINIT)


________________________________________________________________________________________________________
*** CID 1479155:  Uninitialized variables  (UNINIT)
/pimd/pim_cmd.c: 6441 in pim_test_sg_keepalive_magic()
6435     
6436     	if (!pim) {
6437     		vty_out(vty, "%% Unable to find pim instance\n");
6438     		return CMD_WARNING;
6439     	}
6440     
>>>     CID 1479155:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "sg". Field "sg.family" is uninitialized when calling "pim_upstream_find".
6441     	up = pim_upstream_find(pim, &sg);
6442     	if (!up) {
6443     		vty_out(vty, "%% Unable to find %s specified\n",
6444     			pim_str_sg_dump(&sg));
6445     		return CMD_WARNING;
6446     	}

** CID 1479154:    (DC.WEAK_CRYPTO)
/bfdd/bfd.c: 228 in ptm_bfd_gen_ID()
/bfdd/bfd.c: 229 in ptm_bfd_gen_ID()


________________________________________________________________________________________________________
*** CID 1479154:    (DC.WEAK_CRYPTO)
/bfdd/bfd.c: 228 in ptm_bfd_gen_ID()
222     
223     	/*
224     	 * RFC 5880, Section 6.8.1. recommends that we should generate
225     	 * random session identification numbers.
226     	 */
227     	do {
>>>     CID 1479154:    (DC.WEAK_CRYPTO)
>>>     "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
228     		session_id = ((random() << 16) & 0xFFFF0000)
229     			     | (random() & 0x0000FFFF);
230     	} while (session_id == 0 || bfd_id_lookup(session_id) != NULL);
231     
232     	return session_id;
233     }
/bfdd/bfd.c: 229 in ptm_bfd_gen_ID()
223     	/*
224     	 * RFC 5880, Section 6.8.1. recommends that we should generate
225     	 * random session identification numbers.
226     	 */
227     	do {
228     		session_id = ((random() << 16) & 0xFFFF0000)
>>>     CID 1479154:    (DC.WEAK_CRYPTO)
>>>     "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
229     			     | (random() & 0x0000FFFF);
230     	} while (session_id == 0 || bfd_id_lookup(session_id) != NULL);
231     
232     	return session_id;
233     }
234     


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeDU1AdI-2FBBrnda9ub5tlg3U-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJmlsSNFVX9VyrjgRhz4Doka3vlFdV0bvieapU1GRD31KOTzC1kp7At-2BOHvmDo5j4AIgPIilXm0fm1NhoS9OdV6D-2F2QiYqT5SsaPTa4YAfohE8cUNXSdjt6XqrUbDtbqyMfQJdB1h44NFByeBeZ42vjVsmhOkqrlhCs2F0gttADUIw-3D-3D




More information about the dev mailing list