[dev] New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Fri May 17 16:44:57 EDT 2019
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
5 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)
** CID 1480235: Incorrect expression (NO_EFFECT)
/vrrpd/vrrp.c: 1387 in vrrp_change_state_initialize()
________________________________________________________________________________________________________
*** CID 1480235: Incorrect expression (NO_EFFECT)
/vrrpd/vrrp.c: 1387 in vrrp_change_state_initialize()
1381 *
1382 * r
1383 * VRRP Router to operate on
1384 */
1385 static void vrrp_change_state_initialize(struct vrrp_router *r)
1386 {
>>> CID 1480235: Incorrect expression (NO_EFFECT)
>>> Assigning "r->vr->advertisement_interval" to itself has no effect.
1387 r->vr->advertisement_interval = r->vr->advertisement_interval;
1388 r->master_adver_interval = 0;
1389 vrrp_recalculate_timers(r);
1390
1391 r->advert_pending = false;
1392 r->garp_pending = false;
** CID 1480234: Integer handling issues (NEGATIVE_RETURNS)
________________________________________________________________________________________________________
*** CID 1480234: Integer handling issues (NEGATIVE_RETURNS)
/vrrpd/vrrp_arp.c: 145 in vrrp_garp_send()
139 VRRP_LOGPFX VRRP_LOGPFX_VRID VRRP_LOGPFX_FAM
140 "Sending gratuitous ARP on %s for %s",
141 r->vr->vrid, family2str(r->family), ifp->name, astr);
142 if (DEBUG_MODE_CHECK(&vrrp_dbg_arp, DEBUG_MODE_ALL))
143 zlog_hexdump(garpbuf, garpbuf_len);
144
>>> CID 1480234: Integer handling issues (NEGATIVE_RETURNS)
>>> "garpbuf_len" is passed to a parameter that cannot be negative.
145 sent_len = vrrp_send_garp(ifp, garpbuf, garpbuf_len);
146
147 if (sent_len < 0)
148 zlog_warn(VRRP_LOGPFX VRRP_LOGPFX_VRID VRRP_LOGPFX_FAM
149 "Error sending gratuitous ARP on %s for %s",
150 r->vr->vrid, family2str(r->family), ifp->name, astr);
** CID 1480233: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1480233: Memory - corruptions (OVERRUN)
/vrrpd/vrrp_ndisc.c: 142 in vrrp_ndisc_una_build()
136 struct ipv6_ph ph = {};
137
138 ph.src = ip6h->ip6_src;
139 ph.dst = ip6h->ip6_dst;
140 ph.ulpl = htonl(len);
141 ph.next_hdr = IPPROTO_ICMPV6;
>>> CID 1480233: Memory - corruptions (OVERRUN)
>>> Overrunning struct type icmp6_hdr of 8 bytes by passing it to a function which accesses it at byte offset 31 using argument "len" (which evaluates to 32).
142 icmp6h->icmp6_cksum = in_cksum_with_ph6(&ph, (void *)icmp6h, len);
143
144 return 0;
145 }
146
147 int vrrp_ndisc_una_send(struct vrrp_router *r, struct ipaddr *ip)
** CID 1480232: Uninitialized variables (UNINIT)
/vrrpd/vrrp.c: 984 in vrrp_read()
________________________________________________________________________________________________________
*** CID 1480232: Uninitialized variables (UNINIT)
/vrrpd/vrrp.c: 984 in vrrp_read()
978 m.msg_namelen = sizeof(sa);
979 m.msg_iov = &iov;
980 m.msg_iovlen = 1;
981 m.msg_control = control;
982 m.msg_controllen = sizeof(control);
983
>>> CID 1480232: Uninitialized variables (UNINIT)
>>> Using uninitialized value "m". Field "m.msg_flags" is uninitialized when calling "recvmsg".
984 nbytes = recvmsg(r->sock_rx, &m, MSG_DONTWAIT);
985
986 if ((nbytes < 0 && ERRNO_IO_RETRY(errno))) {
987 resched = true;
988 goto done;
989 } else if (nbytes <= 0) {
** CID 1480231: Error handling issues (CHECKED_RETURN)
/vrrpd/vrrp.c: 766 in vrrp_send_advertisement()
________________________________________________________________________________________________________
*** CID 1480231: Error handling issues (CHECKED_RETURN)
/vrrpd/vrrp.c: 766 in vrrp_send_advertisement()
760
761 if (DEBUG_MODE_CHECK(&vrrp_dbg_pkt, DEBUG_MODE_ALL))
762 zlog_hexdump(pkt, (size_t)pktsz);
763
764 const char *group = r->family == AF_INET ? VRRP_MCASTV4_GROUP_STR
765 : VRRP_MCASTV6_GROUP_STR;
>>> CID 1480231: Error handling issues (CHECKED_RETURN)
>>> Calling "str2sockunion" without checking return value (as is done elsewhere 26 out of 27 times).
766 str2sockunion(group, &dest);
767
768 ssize_t sent = sendto(r->sock_tx, pkt, (size_t)pktsz, 0, &dest.sa,
769 sockunion_sizeof(&dest));
770
771 XFREE(MTYPE_VRRP_PKT, pkt);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeDU1AdI-2FBBrnda9ub5tlg3U-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJlQTCsA6cZsdoXjE8XtF5r1d76jGZPs-2FVN6XnCpU2VAAuxISlWFvvxobQEOTM7IFHCXapTHfzPH5Qry5IK3LC5M2gAxwKTOxdIEqwOBRVfasM1ETULo33KNY4rOScqBNBO6k2A2Eq1Yu88SngK1lGpBb7vI5nSECxHUmoLrW4f0qQ-3D-3D
More information about the dev
mailing list