New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Thu Aug 6 20:15:42 UTC 2020
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
6 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 1496619: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1496619: Null pointer dereferences (FORWARD_NULL)
/zebra/zebra_evpn_mh.c: 360 in zebra_evpn_es_evi_show_vni()
354 vty_out(vty, "%-8s %-30s %-4s\n", "VNI", "ESI", "Type");
355 }
356 } else {
357 if (!uj)
358 vty_out(vty, "VNI %d doesn't exist\n", vni);
359 }
>>> CID 1496619: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "zvni" to "zebra_evpn_es_evi_show_one_vni", which dereferences it.
360 zebra_evpn_es_evi_show_one_vni(zvni, vty, json, detail);
361 }
362
363 /* Initialize the ES tables maintained per-L2_VNI */
364 void zebra_evpn_vni_es_init(zebra_vni_t *zvni)
365 {
** CID 1496618: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1496618: Null pointer dereferences (FORWARD_NULL)
/bgpd/bgp_evpn_mh.c: 909 in bgp_evpn_type1_route_update()
903 attr_new = pi->attr;
904
905 /* Perform route selection;
906 * this is just to set the flags correctly as local route in
907 * the ES always wins.
908 */
>>> CID 1496618: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "vpn" to "evpn_route_select_install", which dereferences it.
909 evpn_route_select_install(bgp, vpn, rn);
910 bgp_dest_unlock_node(rn);
911
912 /* If this is a new route or some attribute has changed, export the
913 * route to the global table. The route will be advertised to peers
914 * from there. Note that this table is a 2-level tree (RD-level +
** CID 1496617: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1496617: Memory - illegal accesses (USE_AFTER_FREE)
/zebra/zebra_evpn_mh.c: 1688 in zebra_evpn_es_cleanup()
1682 struct zebra_evpn_es *es;
1683 struct zebra_evpn_es *es_next;
1684
1685 RB_FOREACH_SAFE(es, zebra_es_rb_head,
1686 &zmh_info->es_rb_tree, es_next) {
1687 zebra_evpn_local_es_del(es);
>>> CID 1496617: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "zebra_evpn_remote_es_flush" dereferences freed pointer "es".
1688 zebra_evpn_remote_es_flush(es);
1689 }
1690 }
1691
1692 /* Only certain types of access ports can be setup as an Ethernet Segment */
1693 bool zebra_evpn_is_if_es_capable(struct zebra_if *zif)
** CID 1496616: Null pointer dereferences (REVERSE_INULL)
/zebra/zebra_vxlan.c: 6885 in zebra_vxlan_proc_sync_neigh_update()
________________________________________________________________________________________________________
*** CID 1496616: Null pointer dereferences (REVERSE_INULL)
/zebra/zebra_vxlan.c: 6885 in zebra_vxlan_proc_sync_neigh_update()
6879 if (old_bgp_ready) {
6880 zvni_neigh_send_del_to_client(zvni->vni, &n->ip,
6881 &n->emac, n->flags, n->state,
6882 false /*force*/);
6883 old_bgp_ready = false;
6884 }
>>> CID 1496616: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "n->mac" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
6885 if (n->mac)
6886 zebra_vxlan_local_neigh_deref_mac(n,
6887 false /*send_mac_update*/);
6888 }
6889 /* clear old fwd info */
6890 n->rem_seq = 0;
** CID 1496615: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/zebra/rt_netlink.c: 3206 in netlink_macfdb_update_ctx()
________________________________________________________________________________________________________
*** CID 1496615: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/zebra/rt_netlink.c: 3206 in netlink_macfdb_update_ctx()
3200 vid = dplane_ctx_mac_get_vlan(ctx);
3201 if (vid > 0)
3202 snprintf(vid_buf, sizeof(vid_buf), " VLAN %u", vid);
3203 else
3204 vid_buf[0] = '\0';
3205
>>> CID 1496615: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "nfy & (8 /* 1 << 3 */)" is always 0 regardless of the values of its operands. This occurs as the logical first operand of "?:".
3206 zlog_debug("Tx %s family %s IF %s(%u)%s %sMAC %s dst %s nhg %u%s%s%s%s%s",
3207 nl_msg_type_to_str(cmd), nl_family_to_str(AF_BRIDGE),
3208 dplane_ctx_get_ifname(ctx),
3209 dplane_ctx_get_ifindex(ctx), vid_buf,
3210 dplane_ctx_mac_is_sticky(ctx) ? "sticky " : "",
3211 prefix_mac2str(mac, buf, sizeof(buf)),
** CID 1496614: Error handling issues (CHECKED_RETURN)
/bgpd/bgp_evpn_mh.c: 1445 in bgp_evpn_local_es_up()
________________________________________________________________________________________________________
*** CID 1496614: Error handling issues (CHECKED_RETURN)
/bgpd/bgp_evpn_mh.c: 1445 in bgp_evpn_local_es_up()
1439 /* generate EAD-EVI */
1440 bgp_evpn_local_type1_evi_route_add(bgp, es);
1441
1442 /* generate EAD-ES */
1443 build_evpn_type1_prefix(&p, BGP_EVPN_AD_ES_ETH_TAG,
1444 &es->esi, es->originator_ip);
>>> CID 1496614: Error handling issues (CHECKED_RETURN)
>>> Calling "bgp_evpn_type1_route_update" without checking return value (as is done elsewhere 4 out of 5 times).
1445 bgp_evpn_type1_route_update(bgp, es, NULL, &p);
1446 }
1447
1448 static void bgp_evpn_local_es_do_del(struct bgp *bgp, struct bgp_evpn_es *es)
1449 {
1450 struct bgp_evpn_es_evi *es_evi;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yrtN2DGUU98GYhjd55wXsXtw53zRK70R0agdV-2Fb7c45-2BkxBoZjryQtr5SpUD80NNfE-3D3pD5_O0IDF7c8sUs2B6kWTeWwAJZqriD5fgsfL8PAN30oQTyrxOlWR-2BOiFdmdgt9g4IWDoooua-2FxgGP-2BWxBdNtY52p1KgEF60GKM3vMIOAZ-2FLGrCoDlM5Dgv5-2Bvpczn9SMYBsdSRyKE6h1RkBpva0pinXD2mF-2FtQv4FyqG0cx-2FZyQtcZCiQCbaciLaJB-2FmNNhRVXVqbTNxY9EBQVzUkv92xL7TC3mmcXO9qkHQ3FsF0P9DWs-3D
More information about the dev
mailing list