New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Thu Apr 1 13:05:20 UTC 2021
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
5 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)
** CID 1503597: Insecure data handling (TAINTED_SCALAR)
/ospfd/ospf_te.c: 2464 in ospf_te_parse_ri()
________________________________________________________________________________________________________
*** CID 1503597: Insecure data handling (TAINTED_SCALAR)
/ospfd/ospf_te.c: 2464 in ospf_te_parse_ri()
2458
2459 ote_debug(" |- Process Router Information LSA %pI4 for Vertex %pI4",
2460 &lsa->data->id, &node->router_id);
2461
2462 /* Initialize TLV browsing */
2463 len = ntohs(lsah->length) - OSPF_LSA_HEADER_SIZE;
>>> CID 1503597: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "len" as a loop boundary.
2464 for (tlvh = TLV_HDR_TOP(lsah); sum < len; tlvh = TLV_HDR_NEXT(tlvh)) {
2465 struct ri_sr_tlv_sr_algorithm *algo;
2466 struct ri_sr_tlv_sid_label_range *range;
2467 struct ri_sr_tlv_node_msd *msd;
2468 uint32_t size, lower;
2469
** CID 1503596: Error handling issues (CHECKED_RETURN)
/bgpd/bgp_routemap_nb_config.c: 2580 in lib_route_map_entry_set_action_rmap_set_action_extcommunity_lb_finish()
________________________________________________________________________________________________________
*** CID 1503596: Error handling issues (CHECKED_RETURN)
/bgpd/bgp_routemap_nb_config.c: 2580 in lib_route_map_entry_set_action_rmap_set_action_extcommunity_lb_finish()
2574 snprintf(str, sizeof(str), "%s", "num-multipaths");
2575 }
2576
2577 if (yang_dnode_get_bool(args->dnode, "./two-octet-as-specific"))
2578 strlcat(str, " non-transitive", sizeof(str));
2579
>>> CID 1503596: Error handling issues (CHECKED_RETURN)
>>> Calling "generic_set_add" without checking return value (as is done elsewhere 27 out of 29 times).
2580 generic_set_add(rhc->rhc_rmi,
2581 "extcommunity bandwidth", str,
2582 args->errmsg, args->errmsg_len);
2583 }
2584
2585 /*
** CID 1503595: Error handling issues (CHECKED_RETURN)
/bgpd/bgp_routemap_nb_config.c: 2401 in lib_route_map_entry_set_action_rmap_set_action_aggregator_finish()
________________________________________________________________________________________________________
*** CID 1503595: Error handling issues (CHECKED_RETURN)
/bgpd/bgp_routemap_nb_config.c: 2401 in lib_route_map_entry_set_action_rmap_set_action_aggregator_finish()
2395
2396 /* Set destroy information. */
2397 rhc->rhc_shook = generic_set_delete;
2398 rhc->rhc_rule = "aggregator as";
2399 rhc->rhc_event = RMAP_EVENT_SET_DELETED;
2400
>>> CID 1503595: Error handling issues (CHECKED_RETURN)
>>> Calling "generic_set_add" without checking return value (as is done elsewhere 27 out of 29 times).
2401 generic_set_add(rhc->rhc_rmi, rhc->rhc_rule, argstr,
2402 args->errmsg, args->errmsg_len);
2403 XFREE(MTYPE_ROUTE_MAP_COMPILED, argstr);
2404 }
2405 /*
2406 * XPath:
** CID 1503594: Error handling issues (CHECKED_RETURN)
/bgpd/bgp_routemap_nb_config.c: 1017 in lib_route_map_entry_match_condition_rmap_match_condition_comm_list_finish()
________________________________________________________________________________________________________
*** CID 1503594: Error handling issues (CHECKED_RETURN)
/bgpd/bgp_routemap_nb_config.c: 1017 in lib_route_map_entry_match_condition_rmap_match_condition_comm_list_finish()
1011 } else {
1012 rhc->rhc_rule = "extcommunity";
1013 event = RMAP_EVENT_ECLIST_ADDED;
1014 rhc->rhc_event = RMAP_EVENT_ECLIST_DELETED;
1015 }
1016
>>> CID 1503594: Error handling issues (CHECKED_RETURN)
>>> Calling "bgp_route_match_add" without checking return value (as is done elsewhere 20 out of 21 times).
1017 bgp_route_match_add(rhc->rhc_rmi, rhc->rhc_rule, argstr, event,
1018 args->errmsg, args->errmsg_len);
1019
1020 if (argstr != value)
1021 XFREE(MTYPE_ROUTE_MAP_COMPILED, argstr);
1022 }
** CID 1496618: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1496618: Null pointer dereferences (FORWARD_NULL)
/bgpd/bgp_evpn_mh.c: 949 in bgp_evpn_type1_route_update()
943 attr_new = pi->attr;
944
945 /* Perform route selection;
946 * this is just to set the flags correctly as local route in
947 * the ES always wins.
948 */
>>> CID 1496618: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "vpn" to "evpn_route_select_install", which dereferences it.
949 evpn_route_select_install(bgp, vpn, dest);
950 bgp_dest_unlock_node(dest);
951
952 /* If this is a new route or some attribute has changed, export the
953 * route to the global table. The route will be advertised to peers
954 * from there. Note that this table is a 2-level tree (RD-level +
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yrtN2DGUU98GYhjd55wXsXtw53zRK70R0agdV-2Fb7c45-2BkxBoZjryQtr5SpUD80NNfE-3DXC2I_O0IDF7c8sUs2B6kWTeWwAJZqriD5fgsfL8PAN30oQTy4ii6OhTmSM-2Bt3Bt8pYVMg44QDpB0rUuhIXWmjlrTxSSsZla7i4UkMIRUbje5ypHJ46JHnjEO1NqXoO-2B4zjC4lPRLREA8VA6MmozsS9lB4R8O9-2B66qvUEhVg-2BI2V06CWdfT4zPZMLVTz-2Bc5z29Ccra125NuT-2F9fdO192IZ0XW05HEy-2Fk6FhdySgDhNi-2B20pys-3D
More information about the dev
mailing list