New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Thu Sep 17 11:40:34 UTC 2020


Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

6 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 1497010:  Null pointer dereferences  (NULL_RETURNS)


________________________________________________________________________________________________________
*** CID 1497010:  Null pointer dereferences  (NULL_RETURNS)
/isisd/isis_nb_config.c: 2853 in lib_interface_isis_mpls_holddown_modify()
2847     		break;
2848     	case NB_EV_APPLY:
2849     		circuit = nb_running_get_entry(args->dnode, NULL, true);
2850     		holddown = yang_dnode_get_uint16(args->dnode, NULL);
2851     
2852     		if (circuit->ldp_sync_info == NULL)
>>>     CID 1497010:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a pointer that might be "NULL" "isis" when calling "isis_ldp_sync_if_init".
2853     			isis_ldp_sync_if_init(circuit, isis);
2854     		ldp_sync_info = circuit->ldp_sync_info;
2855     
2856     		SET_FLAG(ldp_sync_info->flags, LDP_SYNC_FLAG_HOLDDOWN);
2857     		ldp_sync_info->holddown = holddown;
2858     		break;

** CID 1497009:    (NULL_RETURNS)
/isisd/isis_nb_config.c: 1921 in isis_instance_mpls_ldp_sync_holddown_modify()
/isisd/isis_nb_config.c: 1924 in isis_instance_mpls_ldp_sync_holddown_modify()


________________________________________________________________________________________________________
*** CID 1497009:    (NULL_RETURNS)
/isisd/isis_nb_config.c: 1921 in isis_instance_mpls_ldp_sync_holddown_modify()
1915     	case NB_EV_ABORT:
1916     		break;
1917     	case NB_EV_APPLY:
1918     		holddown = yang_dnode_get_uint16(args->dnode, NULL);
1919     
1920     		if (holddown == LDP_IGP_SYNC_HOLDDOWN_DEFAULT)
>>>     CID 1497009:    (NULL_RETURNS)
>>>     Dereferencing "isis", which is known to be "NULL".
1921     			UNSET_FLAG(isis->ldp_sync_cmd.flags,
1922     				   LDP_SYNC_FLAG_HOLDDOWN);
1923     		else
1924     			SET_FLAG(isis->ldp_sync_cmd.flags,
1925     				 LDP_SYNC_FLAG_HOLDDOWN);
1926     		isis->ldp_sync_cmd.holddown = holddown;
/isisd/isis_nb_config.c: 1924 in isis_instance_mpls_ldp_sync_holddown_modify()
1918     		holddown = yang_dnode_get_uint16(args->dnode, NULL);
1919     
1920     		if (holddown == LDP_IGP_SYNC_HOLDDOWN_DEFAULT)
1921     			UNSET_FLAG(isis->ldp_sync_cmd.flags,
1922     				   LDP_SYNC_FLAG_HOLDDOWN);
1923     		else
>>>     CID 1497009:    (NULL_RETURNS)
>>>     Dereferencing "isis", which is known to be "NULL".
1924     			SET_FLAG(isis->ldp_sync_cmd.flags,
1925     				 LDP_SYNC_FLAG_HOLDDOWN);
1926     		isis->ldp_sync_cmd.holddown = holddown;
1927     
1928     		/* set holddown time on all ISIS interfaces */
1929     		FOR_ALL_INTERFACES (vrf, ifp) {

** CID 1497008:  Memory - illegal accesses  (USE_AFTER_FREE)
/isisd/isis_nb_config.c: 90 in isis_instance_destroy()


________________________________________________________________________________________________________
*** CID 1497008:  Memory - illegal accesses  (USE_AFTER_FREE)
/isisd/isis_nb_config.c: 90 in isis_instance_destroy()
84     	if (args->event != NB_EV_APPLY)
85     		return NB_OK;
86     	area = nb_running_unset_entry(args->dnode);
87     	isis_area_destroy(area);
88     
89     	/* remove ldp-sync config */
>>>     CID 1497008:  Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Dereferencing freed pointer "area".
90     	if (area->isis->vrf_id == VRF_DEFAULT)
91     		isis_ldp_sync_gbl_exit(true);
92     
93     	return NB_OK;
94     }
95     

** CID 1497007:  Null pointer dereferences  (NULL_RETURNS)
/isisd/isis_nb_config.c: 2886 in lib_interface_isis_mpls_holddown_destroy()


________________________________________________________________________________________________________
*** CID 1497007:  Null pointer dereferences  (NULL_RETURNS)
/isisd/isis_nb_config.c: 2886 in lib_interface_isis_mpls_holddown_destroy()
2880     		break;
2881     	case NB_EV_APPLY:
2882     		circuit = nb_running_get_entry(args->dnode, NULL, true);
2883     		ldp_sync_info = circuit->ldp_sync_info;
2884     		UNSET_FLAG(ldp_sync_info->flags, LDP_SYNC_FLAG_HOLDDOWN);
2885     
>>>     CID 1497007:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing "isis", which is known to be "NULL".
2886     		if (CHECK_FLAG(isis->ldp_sync_cmd.flags,
2887     			       LDP_SYNC_FLAG_HOLDDOWN))
2888     			ldp_sync_info->holddown = isis->ldp_sync_cmd.holddown;
2889     		else
2890     			ldp_sync_info->holddown = LDP_IGP_SYNC_HOLDDOWN_DEFAULT;
2891     		break;
2892     	}
2893     	return NB_OK;

** CID 1497006:  Null pointer dereferences  (NULL_RETURNS)
/isisd/isis_nb_config.c: 1863 in isis_instance_mpls_ldp_sync_create()


________________________________________________________________________________________________________
*** CID 1497006:  Null pointer dereferences  (NULL_RETURNS)
/isisd/isis_nb_config.c: 1863 in isis_instance_mpls_ldp_sync_create()
1857     	case NB_EV_APPLY:
1858     		/* register with opaque client to recv LDP-IGP Sync msgs */
1859     		zclient_register_opaque(zclient, LDP_IGP_SYNC_IF_STATE_UPDATE);
1860     		zclient_register_opaque(zclient, LDP_IGP_SYNC_ANNOUNCE_UPDATE);
1861     		zclient_register_opaque(zclient, LDP_IGP_SYNC_HELLO_UPDATE);
1862     
>>>     CID 1497006:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing "isis", which is known to be "NULL".
1863     		if (!CHECK_FLAG(isis->ldp_sync_cmd.flags,
1864     				LDP_SYNC_FLAG_ENABLE)) {
1865     			SET_FLAG(isis->ldp_sync_cmd.flags,
1866     				 LDP_SYNC_FLAG_ENABLE);
1867     
1868     			/* turn on LDP-IGP Sync on all ptop ISIS interfaces */

** CID 1497005:  Null pointer dereferences  (NULL_RETURNS)


________________________________________________________________________________________________________
*** CID 1497005:  Null pointer dereferences  (NULL_RETURNS)
/isisd/isis_nb_config.c: 2793 in lib_interface_isis_mpls_ldp_sync_modify()
2787     		break;
2788     	case NB_EV_APPLY:
2789     		circuit = nb_running_get_entry(args->dnode, NULL, true);
2790     		ldp_sync_enable = yang_dnode_get_bool(args->dnode, NULL);
2791     
2792     		if (circuit->ldp_sync_info == NULL)
>>>     CID 1497005:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a pointer that might be "NULL" "isis" when calling "isis_ldp_sync_if_init".
2793     			isis_ldp_sync_if_init(circuit, isis);
2794     		ldp_sync_info = circuit->ldp_sync_info;
2795     
2796     		if (ldp_sync_enable) {
2797     			/* enable LDP-SYNC on an interface
2798     			 *  if ptop interface send message to LDP to get state


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yrtN2DGUU98GYhjd55wXsXtw53zRK70R0agdV-2Fb7c45-2BkxBoZjryQtr5SpUD80NNfE-3Dk2tU_O0IDF7c8sUs2B6kWTeWwAJZqriD5fgsfL8PAN30oQTyiFdchKisGQrSPODtBZe1mBycsVis-2BhNmQ9F-2BgZl5oQVTFNrSlIendj3e-2B-2BlMp2QL9r3wxFqIbAUPN8MU9FdbvBV7wzl-2BTlQWRX1KAeiBtWyToxfJ8dAyvVuivbU32kWFSnFZVmzi-2F7Eqlko-2BtQEw-2B7Wl6EJ4JwFnsdu71WjhL-2FXSHnXg3hI6J5wBIzmqtL74-3D




More information about the dev mailing list