[dev] New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Wed Mar 20 14:01:15 EDT 2019
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
2 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
8 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1479155: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1479155: Uninitialized variables (UNINIT)
/pimd/pim_cmd.c: 6441 in pim_test_sg_keepalive_magic()
6435
6436 if (!pim) {
6437 vty_out(vty, "%% Unable to find pim instance\n");
6438 return CMD_WARNING;
6439 }
6440
>>> CID 1479155: Uninitialized variables (UNINIT)
>>> Using uninitialized value "sg". Field "sg.family" is uninitialized when calling "pim_upstream_find".
6441 up = pim_upstream_find(pim, &sg);
6442 if (!up) {
6443 vty_out(vty, "%% Unable to find %s specified\n",
6444 pim_str_sg_dump(&sg));
6445 return CMD_WARNING;
6446 }
** CID 1479154: (DC.WEAK_CRYPTO)
/bfdd/bfd.c: 228 in ptm_bfd_gen_ID()
/bfdd/bfd.c: 229 in ptm_bfd_gen_ID()
________________________________________________________________________________________________________
*** CID 1479154: (DC.WEAK_CRYPTO)
/bfdd/bfd.c: 228 in ptm_bfd_gen_ID()
222
223 /*
224 * RFC 5880, Section 6.8.1. recommends that we should generate
225 * random session identification numbers.
226 */
227 do {
>>> CID 1479154: (DC.WEAK_CRYPTO)
>>> "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
228 session_id = ((random() << 16) & 0xFFFF0000)
229 | (random() & 0x0000FFFF);
230 } while (session_id == 0 || bfd_id_lookup(session_id) != NULL);
231
232 return session_id;
233 }
/bfdd/bfd.c: 229 in ptm_bfd_gen_ID()
223 /*
224 * RFC 5880, Section 6.8.1. recommends that we should generate
225 * random session identification numbers.
226 */
227 do {
228 session_id = ((random() << 16) & 0xFFFF0000)
>>> CID 1479154: (DC.WEAK_CRYPTO)
>>> "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
229 | (random() & 0x0000FFFF);
230 } while (session_id == 0 || bfd_id_lookup(session_id) != NULL);
231
232 return session_id;
233 }
234
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeDU1AdI-2FBBrnda9ub5tlg3U-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJmlsSNFVX9VyrjgRhz4Doka3vlFdV0bvieapU1GRD31KOTzC1kp7At-2BOHvmDo5j4AIgPIilXm0fm1NhoS9OdV6D-2F2QiYqT5SsaPTa4YAfohE8cUNXSdjt6XqrUbDtbqyMfQJdB1h44NFByeBeZ42vjVsmhOkqrlhCs2F0gttADUIw-3D-3D
More information about the dev
mailing list