New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Thu Apr 1 13:05:20 UTC 2021 

Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

5 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 1503597:  Insecure data handling  (TAINTED_SCALAR)
/ospfd/ospf_te.c: 2464 in ospf_te_parse_ri()


________________________________________________________________________________________________________
*** CID 1503597:  Insecure data handling  (TAINTED_SCALAR)
/ospfd/ospf_te.c: 2464 in ospf_te_parse_ri()
2458     
2459     	ote_debug("  |- Process Router Information LSA %pI4 for Vertex %pI4",
2460     		  &lsa->data->id, &node->router_id);
2461     
2462     	/* Initialize TLV browsing */
2463     	len = ntohs(lsah->length) - OSPF_LSA_HEADER_SIZE;
>>>     CID 1503597:  Insecure data handling  (TAINTED_SCALAR)
>>>     Using tainted variable "len" as a loop boundary.
2464     	for (tlvh = TLV_HDR_TOP(lsah); sum < len; tlvh = TLV_HDR_NEXT(tlvh)) {
2465     		struct ri_sr_tlv_sr_algorithm *algo;
2466     		struct ri_sr_tlv_sid_label_range *range;
2467     		struct ri_sr_tlv_node_msd *msd;
2468     		uint32_t size, lower;
2469     

** CID 1503596:  Error handling issues  (CHECKED_RETURN)
/bgpd/bgp_routemap_nb_config.c: 2580 in lib_route_map_entry_set_action_rmap_set_action_extcommunity_lb_finish()


________________________________________________________________________________________________________
*** CID 1503596:  Error handling issues  (CHECKED_RETURN)
/bgpd/bgp_routemap_nb_config.c: 2580 in lib_route_map_entry_set_action_rmap_set_action_extcommunity_lb_finish()
2574     		snprintf(str, sizeof(str), "%s", "num-multipaths");
2575     	}
2576     
2577     	if (yang_dnode_get_bool(args->dnode, "./two-octet-as-specific"))
2578     		strlcat(str, " non-transitive", sizeof(str));
2579     
>>>     CID 1503596:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "generic_set_add" without checking return value (as is done elsewhere 27 out of 29 times).
2580     	generic_set_add(rhc->rhc_rmi,
2581     			"extcommunity bandwidth", str,
2582     			args->errmsg, args->errmsg_len);
2583     }
2584     
2585     /*

** CID 1503595:  Error handling issues  (CHECKED_RETURN)
/bgpd/bgp_routemap_nb_config.c: 2401 in lib_route_map_entry_set_action_rmap_set_action_aggregator_finish()


________________________________________________________________________________________________________
*** CID 1503595:  Error handling issues  (CHECKED_RETURN)
/bgpd/bgp_routemap_nb_config.c: 2401 in lib_route_map_entry_set_action_rmap_set_action_aggregator_finish()
2395     
2396     	/* Set destroy information. */
2397     	rhc->rhc_shook = generic_set_delete;
2398     	rhc->rhc_rule = "aggregator as";
2399     	rhc->rhc_event = RMAP_EVENT_SET_DELETED;
2400     
>>>     CID 1503595:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "generic_set_add" without checking return value (as is done elsewhere 27 out of 29 times).
2401     	generic_set_add(rhc->rhc_rmi, rhc->rhc_rule, argstr,
2402     			args->errmsg, args->errmsg_len);
2403     	XFREE(MTYPE_ROUTE_MAP_COMPILED, argstr);
2404     }
2405     /*
2406      * XPath:

** CID 1503594:  Error handling issues  (CHECKED_RETURN)
/bgpd/bgp_routemap_nb_config.c: 1017 in lib_route_map_entry_match_condition_rmap_match_condition_comm_list_finish()


________________________________________________________________________________________________________
*** CID 1503594:  Error handling issues  (CHECKED_RETURN)
/bgpd/bgp_routemap_nb_config.c: 1017 in lib_route_map_entry_match_condition_rmap_match_condition_comm_list_finish()
1011     	} else {
1012     		rhc->rhc_rule = "extcommunity";
1013     		event = RMAP_EVENT_ECLIST_ADDED;
1014     		rhc->rhc_event = RMAP_EVENT_ECLIST_DELETED;
1015     	}
1016     
>>>     CID 1503594:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "bgp_route_match_add" without checking return value (as is done elsewhere 20 out of 21 times).
1017     	bgp_route_match_add(rhc->rhc_rmi, rhc->rhc_rule, argstr, event,
1018     			    args->errmsg, args->errmsg_len);
1019     
1020     	if (argstr != value)
1021     		XFREE(MTYPE_ROUTE_MAP_COMPILED, argstr);
1022     }

** CID 1496618:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1496618:  Null pointer dereferences  (FORWARD_NULL)
/bgpd/bgp_evpn_mh.c: 949 in bgp_evpn_type1_route_update()
943     	attr_new = pi->attr;
944     
945     	/* Perform route selection;
946     	 * this is just to set the flags correctly as local route in
947     	 * the ES always wins.
948     	 */
>>>     CID 1496618:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "vpn" to "evpn_route_select_install", which dereferences it.
949     	evpn_route_select_install(bgp, vpn, dest);
950     	bgp_dest_unlock_node(dest);
951     
952     	/* If this is a new route or some attribute has changed, export the
953     	 * route to the global table. The route will be advertised to peers
954     	 * from there. Note that this table is a 2-level tree (RD-level +


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yrtN2DGUU98GYhjd55wXsXtw53zRK70R0agdV-2Fb7c45-2BkxBoZjryQtr5SpUD80NNfE-3DXC2I_O0IDF7c8sUs2B6kWTeWwAJZqriD5fgsfL8PAN30oQTy4ii6OhTmSM-2Bt3Bt8pYVMg44QDpB0rUuhIXWmjlrTxSSsZla7i4UkMIRUbje5ypHJ46JHnjEO1NqXoO-2B4zjC4lPRLREA8VA6MmozsS9lB4R8O9-2B66qvUEhVg-2BI2V06CWdfT4zPZMLVTz-2Bc5z29Ccra125NuT-2F9fdO192IZ0XW05HEy-2Fk6FhdySgDhNi-2B20pys-3D

More information about the dev mailing list