New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Fri Nov 22 17:59:10 EST 2019 

Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

3 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 1487027:  Uninitialized variables  (UNINIT)
/zebra/zebra_mlag_private.c: 192 in zebra_mlag_connect()


________________________________________________________________________________________________________
*** CID 1487027:  Uninitialized variables  (UNINIT)
/zebra/zebra_mlag_private.c: 192 in zebra_mlag_connect()
186     		return 0;
187     	}
188     	len = sizeof(struct ucred);
189     	ucred.pid = getpid();
190     
191     	set_nonblocking(mlag_socket);
>>>     CID 1487027:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "ucred". Field "ucred.uid" is uninitialized when calling "setsockopt".
192     	setsockopt(mlag_socket, SOL_SOCKET, SO_PEERCRED, &ucred, len);
193     
194     	if (IS_ZEBRA_DEBUG_MLAG)
195     		zlog_debug("%s: Connection with MLAG is established ",
196     			   __func__);
197     

** CID 1487026:    (TAINTED_SCALAR)
/zebra/zebra_mlag_private.c: 124 in zebra_mlag_read()
/zebra/zebra_mlag_private.c: 124 in zebra_mlag_read()


________________________________________________________________________________________________________
*** CID 1487026:    (TAINTED_SCALAR)
/zebra/zebra_mlag_private.c: 145 in zebra_mlag_read()
139     		}
140     	}
141     
142     	if (IS_ZEBRA_DEBUG_MLAG) {
143     		zlog_debug("Received a MLAG Message from socket: %d, len:%u ",
144     			   mlag_socket, tot_len);
>>>     CID 1487026:    (TAINTED_SCALAR)
>>>     Passing tainted variable "tot_len" to a tainted sink.
145     		zlog_hexdump(mlag_rd_buffer, tot_len);
146     	}
147     
148     	tot_len -= ZEBRA_MLAG_LEN_SIZE;
149     
150     	/* Process the packet */
/zebra/zebra_mlag_private.c: 124 in zebra_mlag_read()
118     	/* This will be the actual length of the packet */
119     	tot_len = h_msglen + ZEBRA_MLAG_LEN_SIZE;
120     
121     	if (curr_len < tot_len) {
122     		ssize_t data_len;
123     
>>>     CID 1487026:    (TAINTED_SCALAR)
>>>     Passing tainted variable "tot_len - curr_len" to a tainted sink.
124     		data_len = read(mlag_socket, mlag_rd_buffer + curr_len,
125     				tot_len - curr_len);
126     		if (data_len == 0 || data_len == -1) {
127     			if (IS_ZEBRA_DEBUG_MLAG)
128     				zlog_debug("MLAG connection closed socket : %d",
129     					   mlag_socket);
/zebra/zebra_mlag_private.c: 145 in zebra_mlag_read()
139     		}
140     	}
141     
142     	if (IS_ZEBRA_DEBUG_MLAG) {
143     		zlog_debug("Received a MLAG Message from socket: %d, len:%u ",
144     			   mlag_socket, tot_len);
>>>     CID 1487026:    (TAINTED_SCALAR)
>>>     Passing tainted variable "tot_len" to a tainted sink.
145     		zlog_hexdump(mlag_rd_buffer, tot_len);
146     	}
147     
148     	tot_len -= ZEBRA_MLAG_LEN_SIZE;
149     
150     	/* Process the packet */
/zebra/zebra_mlag_private.c: 124 in zebra_mlag_read()
118     	/* This will be the actual length of the packet */
119     	tot_len = h_msglen + ZEBRA_MLAG_LEN_SIZE;
120     
121     	if (curr_len < tot_len) {
122     		ssize_t data_len;
123     
>>>     CID 1487026:    (TAINTED_SCALAR)
>>>     Passing tainted variable "tot_len - curr_len" to a tainted sink.
124     		data_len = read(mlag_socket, mlag_rd_buffer + curr_len,
125     				tot_len - curr_len);
126     		if (data_len == 0 || data_len == -1) {
127     			if (IS_ZEBRA_DEBUG_MLAG)
128     				zlog_debug("MLAG connection closed socket : %d",
129     					   mlag_socket);

** CID 1487023:  Error handling issues  (CHECKED_RETURN)
/zebra/zebra_mlag_private.c: 192 in zebra_mlag_connect()


________________________________________________________________________________________________________
*** CID 1487023:  Error handling issues  (CHECKED_RETURN)
/zebra/zebra_mlag_private.c: 192 in zebra_mlag_connect()
186     		return 0;
187     	}
188     	len = sizeof(struct ucred);
189     	ucred.pid = getpid();
190     
191     	set_nonblocking(mlag_socket);
>>>     CID 1487023:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "setsockopt(mlag_socket, 1, 17, &ucred, len)" without checking return value. This library function may fail and return an error code.
192     	setsockopt(mlag_socket, SOL_SOCKET, SO_PEERCRED, &ucred, len);
193     
194     	if (IS_ZEBRA_DEBUG_MLAG)
195     		zlog_debug("%s: Connection with MLAG is established ",
196     			   __func__);
197     


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRa7dJ8klHLUFWVd2fqpS-2B-2FHaN43B-2FQ11ntcKmbKat2WeDU1AdI-2FBBrnda9ub5tlg3U-3D_d-2Fi2nRutHp-2FDWtw8JRg-2Bc1m9CS4-2B5uVbodfDyLsp-2FJlVu4AZpSvz-2FBj9QLh25bycp2TEgjQckbxVFDNL1tEBQG-2F1st4keeYJ9yBzdqOIkJhV4-2Fx9oNFmY2vQUghaujUItXCMMNW0-2BaTHK6RQl5h-2B0GkPaU-2B-2FD1w-2Fp-2FpTzw-2Fi3dGtCiJpqvt5bnmceAhDypeIUXkpdROeOnFlbbzM-2Fuee5Q-3D-3D

More information about the dev mailing list