New Defects reported by Coverity Scan for freerangerouting/frr

Thu Apr 2 21:28:29 EDT 2020

Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

3 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 1492482:  Memory - corruptions  (OVERRUN)

________________________________________________________________________________________________________
*** CID 1492482:  Memory - corruptions  (OVERRUN)
/zebra/zebra_rnh.c: 1048 in send_client()
1042     		stream_putl(s, re->metric);
1043     		num = 0;
1044     		nump = stream_get_endp(s);
1045     		stream_putc(s, 0);
1046     		for (ALL_NEXTHOPS(re->nhe->nhg, nh))
1047     			if (rnh_nexthop_valid(re, nh)) {
>>>     CID 1492482:  Memory - corruptions  (OVERRUN)
>>>     Overrunning struct type zapi_nexthop of 112 bytes by passing it to a function which accesses it at byte offset 115.
1048     				zapi_nexthop_from_nexthop(&znh, nh);
1049     				zapi_nexthop_encode(s, &znh, 0 /* flags */);
1050     				num++;
1051     			}
1052     		stream_putc_at(s, nump, num);
1053     	} else {

** CID 1492481:  Null pointer dereferences  (NULL_RETURNS)
/zebra/zebra_vxlan.c: 10262 in zebra_evpn_pim_cfg_clean_up()

________________________________________________________________________________________________________
*** CID 1492481:  Null pointer dereferences  (NULL_RETURNS)
/zebra/zebra_vxlan.c: 10262 in zebra_evpn_pim_cfg_clean_up()
10256     }
10257     
10258     static int zebra_evpn_pim_cfg_clean_up(struct zserv *client)
10259     {
10260     	struct zebra_vrf *zvrf = zebra_vrf_get_evpn();
10261     
>>>     CID 1492481:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing "zvrf", which is known to be "NULL".
10262     	if (CHECK_FLAG(zvrf->flags, ZEBRA_PIM_SEND_VXLAN_SG)) {
10263     		if (IS_ZEBRA_DEBUG_VXLAN)
10264     			zlog_debug("VxLAN SG updates to PIM, stop");
10265     		UNSET_FLAG(zvrf->flags, ZEBRA_PIM_SEND_VXLAN_SG);
10266     	}
10267     

** CID 1492480:  Memory - corruptions  (OVERRUN)

________________________________________________________________________________________________________
*** CID 1492480:  Memory - corruptions  (OVERRUN)
/pimd/pim_nht.c: 737 in pim_parse_nexthop_update()
731     	struct zapi_route nhr;
732     
733     	if (!vrf)
734     		return 0;
735     	pim = vrf->info;
736     
>>>     CID 1492480:  Memory - corruptions  (OVERRUN)
>>>     Overrunning struct type zapi_route of 14456 bytes by passing it to a function which accesses it at byte offset 29815.
737     	if (!zapi_nexthop_update_decode(zclient->ibuf, &nhr)) {
738     		if (PIM_DEBUG_PIM_NHT)
739     			zlog_debug(
740     				"%s: Decode of nexthop update from zebra failed",
741     				__func__);
742     		return 0;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teEwtXAn74UdOrNjckt5W0LJ0CDxXoQFnSJSV51LhpQIExOPuUyDQ-2BIaYqt88E1d5-2F-2Fc-3Dp4jF_O0IDF7c8sUs2B6kWTeWwAJZqriD5fgsfL8PAN30oQTwp1QcaYx-2BQ-2BPJCwP-2BbHBS7-2F9jaU-2F00qoMNu1mP-2BhJZbYgXju3Y7SqGaXYLlPMgq-2F7LV7C69K4corGdFRlPC7EpdbSi9gpvQahQbwIwNL17-2FkXH8NbgWBSHG2G1GQWdFD3rMIQLZJD4xy-2Fyp04mqf0eir-2F66FHjNTECVEBb-2FLdqMV3O7gqNvIiEXs5df7VMDZc-3D