New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Mon Jan 4 01:06:29 UTC 2021
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
101 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 101 defect(s)
** CID 1500587: Security best practices violations (DC.WEAK_CRYPTO)
/pathd/pathd.c: 483 in srte_candidate_add()
________________________________________________________________________________________________________
*** CID 1500587: Security best practices violations (DC.WEAK_CRYPTO)
/pathd/pathd.c: 483 in srte_candidate_add()
477 candidate = XCALLOC(MTYPE_PATH_SR_CANDIDATE, sizeof(*candidate));
478 lsp = XCALLOC(MTYPE_PATH_SR_CANDIDATE, sizeof(*lsp));
479
480 candidate->preference = preference;
481 candidate->policy = policy;
482 candidate->type = SRTE_CANDIDATE_TYPE_UNDEFINED;
>>> CID 1500587: Security best practices violations (DC.WEAK_CRYPTO)
>>> "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
483 candidate->discriminator = rand();
484
485 lsp->candidate = candidate;
486 candidate->lsp = lsp;
487
488 RB_INSERT(srte_candidate_head, &policy->candidate_paths, candidate);
** CID 1500586: Null pointer dereferences (FORWARD_NULL)
/pbrd/pbr_nht.c: 773 in pbr_nht_individual_nexthop_gw_update()
________________________________________________________________________________________________________
*** CID 1500586: Null pointer dereferences (FORWARD_NULL)
/pbrd/pbr_nht.c: 773 in pbr_nht_individual_nexthop_gw_update()
767 break;
768 }
769 }
770 goto done;
771 }
772
>>> CID 1500586: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "pnhi->nhr".
773 switch (pnhi->nhr->prefix.family) {
774 case AF_INET:
775 if (pnhc->nexthop.gate.ipv4.s_addr
776 != pnhi->nhr->prefix.u.prefix4.s_addr)
777 goto done; /* Unrelated change */
778 break;
** CID 1500585: API usage errors (LOCK)
/pathd/path_zebra.c: 161 in path_zebra_router_id_update()
________________________________________________________________________________________________________
*** CID 1500585: API usage errors (LOCK)
/pathd/path_zebra.c: 161 in path_zebra_router_id_update()
155 } else {
156 pthread_mutex_unlock(&g_router_id_v4_mtx);
157 zlog_warn("Unexpected router ID address family for vrf %u: %u",
158 vrf_id, pref.family);
159 return 0;
160 }
>>> CID 1500585: API usage errors (LOCK)
>>> "pthread_mutex_unlock" unlocks "g_router_id_v4_mtx" while it is unlocked.
161 pthread_mutex_unlock(&g_router_id_v4_mtx);
162 zlog_info("%s Router Id updated for VRF %u: %s", family, vrf_id, buf);
163 return 0;
164 }
165
166 /**
** CID 1499854: Error handling issues (CHECKED_RETURN)
/zebra/dplane_fpm_nl.c: 1239 in fpm_process_queue()
________________________________________________________________________________________________________
*** CID 1499854: Error handling issues (CHECKED_RETURN)
/zebra/dplane_fpm_nl.c: 1239 in fpm_process_queue()
1233 frr_with_mutex (&fnc->ctxqueue_mutex) {
1234 ctx = dplane_ctx_dequeue(&fnc->ctxqueue);
1235 }
1236 if (ctx == NULL)
1237 break;
1238
>>> CID 1499854: Error handling issues (CHECKED_RETURN)
>>> Calling "fpm_nl_enqueue" without checking return value (as is done elsewhere 4 out of 5 times).
1239 fpm_nl_enqueue(fnc, ctx);
1240
1241 /* Account the processed entries. */
1242 processed_contexts++;
1243 atomic_fetch_sub_explicit(&fnc->counters.ctxqueue_len, 1,
1244 memory_order_relaxed);
** CID 1499389: Null pointer dereferences (NULL_RETURNS)
/bgpd/bgp_nb_config.c: 6295 in bgp_peer_group_peer_lookup()
________________________________________________________________________________________________________
*** CID 1499389: Null pointer dereferences (NULL_RETURNS)
/bgpd/bgp_nb_config.c: 6295 in bgp_peer_group_peer_lookup()
6289 static struct peer *bgp_peer_group_peer_lookup(struct bgp *bgp,
6290 const char *peer_str)
6291 {
6292 struct peer_group *group = NULL;
6293
6294 group = peer_group_lookup(bgp, peer_str);
>>> CID 1499389: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing "group", which is known to be "NULL".
6295 return group->conf;
6296 }
6297
6298 /*
6299 * XPath:
6300 * /frr-routing:routing/control-plane-protocols/control-plane-protocol/frr-bgp:bgp/peer-groups/peer-group
** CID 1497888: Memory - corruptions (OVERRUN)
/ospfclient/ospf_apiclient.c: 620 in ospf_apiclient_handle_lsa_delete()
________________________________________________________________________________________________________
*** CID 1497888: Memory - corruptions (OVERRUN)
/ospfclient/ospf_apiclient.c: 620 in ospf_apiclient_handle_lsa_delete()
614 __func__, lsalen, OSPF_MAX_LSA_SIZE);
615 return;
616 }
617
618 p = XMALLOC(MTYPE_OSPF_APICLIENT, lsalen);
619
>>> CID 1497888: Memory - corruptions (OVERRUN)
>>> Overrunning struct type lsa_header of 20 bytes by passing it to a function which accesses it at byte offset 1499 using argument "lsalen" (which evaluates to 1500).
620 memcpy(p, &(cn->data), lsalen);
621 lsa = p;
622
623 /* Invoke registered update callback function */
624 if (oclient->delete_notify) {
625 (oclient->delete_notify)(cn->ifaddr, cn->area_id,
** CID 1497887: Insecure data handling (TAINTED_SCALAR)
/ospfd/ospf_gr_helper.c: 248 in ospf_extract_grace_lsa_fields()
________________________________________________________________________________________________________
*** CID 1497887: Insecure data handling (TAINTED_SCALAR)
/ospfd/ospf_gr_helper.c: 248 in ospf_extract_grace_lsa_fields()
242 __func__, length);
243 return OSPF_GR_FAILURE;
244 }
245
246 length -= OSPF_LSA_HEADER_SIZE;
247
>>> CID 1497887: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "length" as a loop boundary.
248 for (tlvh = TLV_HDR_TOP(lsah); sum < length;
249 tlvh = TLV_HDR_NEXT(tlvh)) {
250
251 /* Check TLV len against overall LSA */
252 if (sum + TLV_SIZE(tlvh) > length) {
253 if (IS_DEBUG_OSPF_GR_HELPER)
** CID 1497886: Memory - corruptions (OVERRUN)
/ospfclient/ospf_apiclient.c: 585 in ospf_apiclient_handle_lsa_update()
________________________________________________________________________________________________________
*** CID 1497886: Memory - corruptions (OVERRUN)
/ospfclient/ospf_apiclient.c: 585 in ospf_apiclient_handle_lsa_update()
579 __func__, lsalen, OSPF_MAX_LSA_SIZE);
580 return;
581 }
582
583 p = XMALLOC(MTYPE_OSPF_APICLIENT, lsalen);
584
>>> CID 1497886: Memory - corruptions (OVERRUN)
>>> Overrunning struct type lsa_header of 20 bytes by passing it to a function which accesses it at byte offset 1499 using argument "lsalen" (which evaluates to 1500).
585 memcpy(p, &(cn->data), lsalen);
586 lsa = p;
587
588 /* Invoke registered update callback function */
589 if (oclient->update_notify) {
590 (oclient->update_notify)(cn->ifaddr, cn->area_id,
** CID 1497885: Insecure data handling (TAINTED_SCALAR)
/ospfd/ospf_gr_helper.c: 1017 in show_ospf_grace_lsa_info()
________________________________________________________________________________________________________
*** CID 1497885: Insecure data handling (TAINTED_SCALAR)
/ospfd/ospf_gr_helper.c: 1017 in show_ospf_grace_lsa_info()
1011 }
1012
1013 length -= OSPF_LSA_HEADER_SIZE;
1014
1015 vty_out(vty, " TLV info:\n");
1016
>>> CID 1497885: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "length" as a loop boundary.
1017 for (tlvh = TLV_HDR_TOP(lsah); sum < length;
1018 tlvh = TLV_HDR_NEXT(tlvh)) {
1019 /* Check TLV len */
1020 if (sum + TLV_SIZE(tlvh) > length) {
1021 vty_out(vty, "%% Invalid TLV length: %u\n",
1022 TLV_SIZE(tlvh));
** CID 1497792: (USE_AFTER_FREE)
/ospf6d/ospf6_interface.c: 1135 in ospf6_interface_show()
/ospf6d/ospf6_interface.c: 1146 in ospf6_interface_show()
/ospf6d/ospf6_interface.c: 1135 in ospf6_interface_show()
/ospf6d/ospf6_interface.c: 1146 in ospf6_interface_show()
/ospf6d/ospf6_interface.c: 1101 in ospf6_interface_show()
/ospf6d/ospf6_interface.c: 1101 in ospf6_interface_show()
/ospf6d/ospf6_interface.c: 1120 in ospf6_interface_show()
/ospf6d/ospf6_interface.c: 1120 in ospf6_interface_show()
________________________________________________________________________________________________________
*** CID 1497792: (USE_AFTER_FREE)
/ospf6d/ospf6_interface.c: 1135 in ospf6_interface_show()
1129 timerstring(&res, duration, sizeof(duration));
1130 vty_out(vty,
1131 " %d Pending LSAs for LSUpdate in Time %s [thread %s]\n",
1132 oi->lsupdate_list->count, duration,
1133 (oi->thread_send_lsupdate ? "on" : "off"));
1134 for (ALL_LSDB(oi->lsupdate_list, lsa, lsanext))
>>> CID 1497792: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
1135 vty_out(vty, " %s\n", lsa->name);
1136
1137 timerclear(&res);
1138 if (oi->thread_send_lsack)
1139 timersub(&oi->thread_send_lsack->u.sands, &now, &res);
1140 timerstring(&res, duration, sizeof(duration));
/ospf6d/ospf6_interface.c: 1146 in ospf6_interface_show()
1140 timerstring(&res, duration, sizeof(duration));
1141 vty_out(vty,
1142 " %d Pending LSAs for LSAck in Time %s [thread %s]\n",
1143 oi->lsack_list->count, duration,
1144 (oi->thread_send_lsack ? "on" : "off"));
1145 for (ALL_LSDB(oi->lsack_list, lsa, lsanext))
>>> CID 1497792: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
1146 vty_out(vty, " %s\n", lsa->name);
1147 }
1148 ospf6_bfd_show_info(vty, oi->bfd_info, 1, json_obj, use_json);
1149 return 0;
1150 }
1151
/ospf6d/ospf6_interface.c: 1135 in ospf6_interface_show()
1129 timerstring(&res, duration, sizeof(duration));
1130 vty_out(vty,
1131 " %d Pending LSAs for LSUpdate in Time %s [thread %s]\n",
1132 oi->lsupdate_list->count, duration,
1133 (oi->thread_send_lsupdate ? "on" : "off"));
1134 for (ALL_LSDB(oi->lsupdate_list, lsa, lsanext))
>>> CID 1497792: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
1135 vty_out(vty, " %s\n", lsa->name);
1136
1137 timerclear(&res);
1138 if (oi->thread_send_lsack)
1139 timersub(&oi->thread_send_lsack->u.sands, &now, &res);
1140 timerstring(&res, duration, sizeof(duration));
/ospf6d/ospf6_interface.c: 1146 in ospf6_interface_show()
1140 timerstring(&res, duration, sizeof(duration));
1141 vty_out(vty,
1142 " %d Pending LSAs for LSAck in Time %s [thread %s]\n",
1143 oi->lsack_list->count, duration,
1144 (oi->thread_send_lsack ? "on" : "off"));
1145 for (ALL_LSDB(oi->lsack_list, lsa, lsanext))
>>> CID 1497792: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
1146 vty_out(vty, " %s\n", lsa->name);
1147 }
1148 ospf6_bfd_show_info(vty, oi->bfd_info, 1, json_obj, use_json);
1149 return 0;
1150 }
1151
/ospf6d/ospf6_interface.c: 1101 in ospf6_interface_show()
1095 json_object_string_add(
1096 json_obj, "lsUpdateSendThread",
1097 (oi->thread_send_lsupdate ? "on" : "off"));
1098
1099 json_arr = json_object_new_array();
1100 for (ALL_LSDB(oi->lsupdate_list, lsa, lsanext))
>>> CID 1497792: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
1101 json_object_array_add(
1102 json_arr, json_object_new_string(lsa->name));
1103 json_object_object_add(json_obj, "pendingLsaLsUpdate",
1104 json_arr);
1105
1106 timerclear(&res);
/ospf6d/ospf6_interface.c: 1101 in ospf6_interface_show()
1095 json_object_string_add(
1096 json_obj, "lsUpdateSendThread",
1097 (oi->thread_send_lsupdate ? "on" : "off"));
1098
1099 json_arr = json_object_new_array();
1100 for (ALL_LSDB(oi->lsupdate_list, lsa, lsanext))
>>> CID 1497792: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
1101 json_object_array_add(
1102 json_arr, json_object_new_string(lsa->name));
1103 json_object_object_add(json_obj, "pendingLsaLsUpdate",
1104 json_arr);
1105
1106 timerclear(&res);
/ospf6d/ospf6_interface.c: 1120 in ospf6_interface_show()
1114 duration);
1115 json_object_string_add(json_obj, "lsAckSendThread",
1116 (oi->thread_send_lsack ? "on" : "off"));
1117
1118 json_arr = json_object_new_array();
1119 for (ALL_LSDB(oi->lsack_list, lsa, lsanext))
>>> CID 1497792: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
1120 json_object_array_add(
1121 json_arr, json_object_new_string(lsa->name));
1122 json_object_object_add(json_obj, "pendingLsaLsAck", json_arr);
1123
1124 } else {
1125 timerclear(&res);
/ospf6d/ospf6_interface.c: 1120 in ospf6_interface_show()
1114 duration);
1115 json_object_string_add(json_obj, "lsAckSendThread",
1116 (oi->thread_send_lsack ? "on" : "off"));
1117
1118 json_arr = json_object_new_array();
1119 for (ALL_LSDB(oi->lsack_list, lsa, lsanext))
>>> CID 1497792: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
1120 json_object_array_add(
1121 json_arr, json_object_new_string(lsa->name));
1122 json_object_object_add(json_obj, "pendingLsaLsAck", json_arr);
1123
1124 } else {
1125 timerclear(&res);
** CID 1497791: (USE_AFTER_FREE)
/ospf6d/ospf6_snmp.c: 685 in ospfv3GeneralGroup()
/ospf6d/ospf6_snmp.c: 685 in ospfv3GeneralGroup()
________________________________________________________________________________________________________
*** CID 1497791: (USE_AFTER_FREE)
/ospf6d/ospf6_snmp.c: 685 in ospfv3GeneralGroup()
679 return SNMP_INTEGER(ospf6->lsdb->count);
680 return SNMP_INTEGER(0);
681 case OSPFv3ASSCOPELSACHECKSUMSUM:
682 if (ospf6) {
683 sum = 0;
684 for (ALL_LSDB(ospf6->lsdb, lsa, lsanext))
>>> CID 1497791: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
685 sum += ntohs(lsa->header->checksum);
686 return SNMP_INTEGER(sum);
687 }
688 return SNMP_INTEGER(0);
689 case OSPFv3ORIGINATENEWLSAS:
690 return SNMP_INTEGER(
/ospf6d/ospf6_snmp.c: 685 in ospfv3GeneralGroup()
679 return SNMP_INTEGER(ospf6->lsdb->count);
680 return SNMP_INTEGER(0);
681 case OSPFv3ASSCOPELSACHECKSUMSUM:
682 if (ospf6) {
683 sum = 0;
684 for (ALL_LSDB(ospf6->lsdb, lsa, lsanext))
>>> CID 1497791: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
685 sum += ntohs(lsa->header->checksum);
686 return SNMP_INTEGER(sum);
687 }
688 return SNMP_INTEGER(0);
689 case OSPFv3ORIGINATENEWLSAS:
690 return SNMP_INTEGER(
** CID 1497790: (USE_AFTER_FREE)
/ospf6d/ospf6_asbr.c: 1090 in ospf6_asbr_send_externals_to_area()
/ospf6d/ospf6_asbr.c: 1090 in ospf6_asbr_send_externals_to_area()
________________________________________________________________________________________________________
*** CID 1497790: (USE_AFTER_FREE)
/ospf6d/ospf6_asbr.c: 1090 in ospf6_asbr_send_externals_to_area()
1084 /* When an area is unstubified, flood all the external LSAs in the area */
1085 void ospf6_asbr_send_externals_to_area(struct ospf6_area *oa)
1086 {
1087 struct ospf6_lsa *lsa, *lsanext;
1088
1089 for (ALL_LSDB(oa->ospf6->lsdb, lsa, lsanext)) {
>>> CID 1497790: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
1090 if (ntohs(lsa->header->type) == OSPF6_LSTYPE_AS_EXTERNAL) {
1091 zlog_debug("%s: Flooding AS-External LSA %s",
1092 __func__, lsa->name);
1093 ospf6_flood_area(NULL, lsa, oa);
1094 }
1095 }
/ospf6d/ospf6_asbr.c: 1090 in ospf6_asbr_send_externals_to_area()
1084 /* When an area is unstubified, flood all the external LSAs in the area */
1085 void ospf6_asbr_send_externals_to_area(struct ospf6_area *oa)
1086 {
1087 struct ospf6_lsa *lsa, *lsanext;
1088
1089 for (ALL_LSDB(oa->ospf6->lsdb, lsa, lsanext)) {
>>> CID 1497790: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
1090 if (ntohs(lsa->header->type) == OSPF6_LSTYPE_AS_EXTERNAL) {
1091 zlog_debug("%s: Flooding AS-External LSA %s",
1092 __func__, lsa->name);
1093 ospf6_flood_area(NULL, lsa, oa);
1094 }
1095 }
** CID 1497789: (USE_AFTER_FREE)
/ospf6d/ospf6_snmp.c: 1184 in ospfv3IfEntry()
/ospf6d/ospf6_snmp.c: 1184 in ospfv3IfEntry()
________________________________________________________________________________________________________
*** CID 1497789: (USE_AFTER_FREE)
/ospf6d/ospf6_snmp.c: 1184 in ospfv3IfEntry()
1178 return SNMP_INTEGER(oi->cost);
1179 case OSPFv3IFLINKSCOPELSACOUNT:
1180 return SNMP_INTEGER(oi->lsdb->count);
1181 case OSPFv3IFLINKLSACKSUMSUM:
1182 sum = 0;
1183 for (ALL_LSDB(oi->lsdb, lsa, lsanext))
>>> CID 1497789: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
1184 sum += ntohs(lsa->header->checksum);
1185 return SNMP_INTEGER(sum);
1186 case OSPFv3IFDEMANDNBRPROBE:
1187 case OSPFv3IFDEMANDNBRPROBERETRANSLIMIT:
1188 case OSPFv3IFDEMANDNBRPROBEINTERVAL:
1189 case OSPFv3IFTEDISABLED:
/ospf6d/ospf6_snmp.c: 1184 in ospfv3IfEntry()
1178 return SNMP_INTEGER(oi->cost);
1179 case OSPFv3IFLINKSCOPELSACOUNT:
1180 return SNMP_INTEGER(oi->lsdb->count);
1181 case OSPFv3IFLINKLSACKSUMSUM:
1182 sum = 0;
1183 for (ALL_LSDB(oi->lsdb, lsa, lsanext))
>>> CID 1497789: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
1184 sum += ntohs(lsa->header->checksum);
1185 return SNMP_INTEGER(sum);
1186 case OSPFv3IFDEMANDNBRPROBE:
1187 case OSPFv3IFDEMANDNBRPROBERETRANSLIMIT:
1188 case OSPFv3IFDEMANDNBRPROBEINTERVAL:
1189 case OSPFv3IFTEDISABLED:
** CID 1497788: (USE_AFTER_FREE)
/ospf6d/ospf6_neighbor.c: 835 in ospf6_neighbor_show_detail()
/ospf6d/ospf6_neighbor.c: 782 in ospf6_neighbor_show_detail()
/ospf6d/ospf6_neighbor.c: 909 in ospf6_neighbor_show_detail()
/ospf6d/ospf6_neighbor.c: 835 in ospf6_neighbor_show_detail()
/ospf6d/ospf6_neighbor.c: 855 in ospf6_neighbor_show_detail()
/ospf6d/ospf6_neighbor.c: 818 in ospf6_neighbor_show_detail()
/ospf6d/ospf6_neighbor.c: 818 in ospf6_neighbor_show_detail()
/ospf6d/ospf6_neighbor.c: 791 in ospf6_neighbor_show_detail()
/ospf6d/ospf6_neighbor.c: 872 in ospf6_neighbor_show_detail()
/ospf6d/ospf6_neighbor.c: 782 in ospf6_neighbor_show_detail()
/ospf6d/ospf6_neighbor.c: 800 in ospf6_neighbor_show_detail()
/ospf6d/ospf6_neighbor.c: 872 in ospf6_neighbor_show_detail()
/ospf6d/ospf6_neighbor.c: 855 in ospf6_neighbor_show_detail()
/ospf6d/ospf6_neighbor.c: 800 in ospf6_neighbor_show_detail()
/ospf6d/ospf6_neighbor.c: 791 in ospf6_neighbor_show_detail()
________________________________________________________________________________________________________
*** CID 1497788: (USE_AFTER_FREE)
/ospf6d/ospf6_neighbor.c: 835 in ospf6_neighbor_show_detail()
829 json_object_string_add(json_neighbor, "pendingLsaLsReqTime",
830 duration);
831 json_object_string_add(json_neighbor, "lsReqSendThread",
832 (on->thread_send_lsreq ? "on" : "off"));
833 json_array = json_object_new_array();
834 for (ALL_LSDB(on->request_list, lsa, lsanext))
>>> CID 1497788: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
835 json_object_array_add(
836 json_array, json_object_new_string(lsa->name));
837 json_object_object_add(json_neighbor, "pendingLsaLsReq",
838 json_array);
839
840
/ospf6d/ospf6_neighbor.c: 782 in ospf6_neighbor_show_detail()
776 (unsigned long)ntohl(on->dbdesc_seqnum));
777
778 json_array = json_object_new_array();
779 json_object_int_add(json_neighbor, "summaryListCount",
780 on->summary_list->count);
781 for (ALL_LSDB(on->summary_list, lsa, lsanext))
>>> CID 1497788: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
782 json_object_array_add(
783 json_array, json_object_new_string(lsa->name));
784 json_object_object_add(json_neighbor, "summaryListLsa",
785 json_array);
786
787 json_array = json_object_new_array();
/ospf6d/ospf6_neighbor.c: 909 in ospf6_neighbor_show_detail()
903 : "Slave"),
904 (unsigned long)ntohl(on->dbdesc_seqnum));
905
906 vty_out(vty, " Summary-List: %d LSAs\n",
907 on->summary_list->count);
908 for (ALL_LSDB(on->summary_list, lsa, lsanext))
>>> CID 1497788: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
909 vty_out(vty, " %s\n", lsa->name);
910
911 vty_out(vty, " Request-List: %d LSAs\n",
912 on->request_list->count);
913 for (ALL_LSDB(on->request_list, lsa, lsanext))
914 vty_out(vty, " %s\n", lsa->name);
/ospf6d/ospf6_neighbor.c: 835 in ospf6_neighbor_show_detail()
829 json_object_string_add(json_neighbor, "pendingLsaLsReqTime",
830 duration);
831 json_object_string_add(json_neighbor, "lsReqSendThread",
832 (on->thread_send_lsreq ? "on" : "off"));
833 json_array = json_object_new_array();
834 for (ALL_LSDB(on->request_list, lsa, lsanext))
>>> CID 1497788: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
835 json_object_array_add(
836 json_array, json_object_new_string(lsa->name));
837 json_object_object_add(json_neighbor, "pendingLsaLsReq",
838 json_array);
839
840
/ospf6d/ospf6_neighbor.c: 855 in ospf6_neighbor_show_detail()
849 duration);
850 json_object_string_add(
851 json_neighbor, "lsUpdateSendThread",
852 (on->thread_send_lsupdate ? "on" : "off"));
853 json_array = json_object_new_array();
854 for (ALL_LSDB(on->lsupdate_list, lsa, lsanext))
>>> CID 1497788: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
855 json_object_array_add(
856 json_array, json_object_new_string(lsa->name));
857 json_object_object_add(json_neighbor, "pendingLsaLsUpdate",
858 json_array);
859
860 timerclear(&res);
/ospf6d/ospf6_neighbor.c: 818 in ospf6_neighbor_show_detail()
812 json_object_string_add(json_neighbor, "pendingLsaDbDescTime",
813 duration);
814 json_object_string_add(json_neighbor, "dbDescSendThread",
815 (on->thread_send_dbdesc ? "on" : "off"));
816 json_array = json_object_new_array();
817 for (ALL_LSDB(on->dbdesc_list, lsa, lsanext))
>>> CID 1497788: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
818 json_object_array_add(
819 json_array, json_object_new_string(lsa->name));
820 json_object_object_add(json_neighbor, "pendingLsaDbDesc",
821 json_array);
822
823 timerclear(&res);
/ospf6d/ospf6_neighbor.c: 818 in ospf6_neighbor_show_detail()
812 json_object_string_add(json_neighbor, "pendingLsaDbDescTime",
813 duration);
814 json_object_string_add(json_neighbor, "dbDescSendThread",
815 (on->thread_send_dbdesc ? "on" : "off"));
816 json_array = json_object_new_array();
817 for (ALL_LSDB(on->dbdesc_list, lsa, lsanext))
>>> CID 1497788: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
818 json_object_array_add(
819 json_array, json_object_new_string(lsa->name));
820 json_object_object_add(json_neighbor, "pendingLsaDbDesc",
821 json_array);
822
823 timerclear(&res);
/ospf6d/ospf6_neighbor.c: 791 in ospf6_neighbor_show_detail()
785 json_array);
786
787 json_array = json_object_new_array();
788 json_object_int_add(json_neighbor, "requestListCount",
789 on->request_list->count);
790 for (ALL_LSDB(on->request_list, lsa, lsanext))
>>> CID 1497788: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
791 json_object_array_add(
792 json_array, json_object_new_string(lsa->name));
793 json_object_object_add(json_neighbor, "requestListLsa",
794 json_array);
795
796 json_array = json_object_new_array();
/ospf6d/ospf6_neighbor.c: 872 in ospf6_neighbor_show_detail()
866 json_object_string_add(json_neighbor, "pendingLsaLsAckTime",
867 duration);
868 json_object_string_add(json_neighbor, "lsAckSendThread",
869 (on->thread_send_lsack ? "on" : "off"));
870 json_array = json_object_new_array();
871 for (ALL_LSDB(on->lsack_list, lsa, lsanext))
>>> CID 1497788: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
872 json_object_array_add(
873 json_array, json_object_new_string(lsa->name));
874 json_object_object_add(json_neighbor, "pendingLsaLsAck",
875 json_array);
876
877 ospf6_bfd_show_info(vty, on->bfd_info, 0, json_neighbor,
/ospf6d/ospf6_neighbor.c: 782 in ospf6_neighbor_show_detail()
776 (unsigned long)ntohl(on->dbdesc_seqnum));
777
778 json_array = json_object_new_array();
779 json_object_int_add(json_neighbor, "summaryListCount",
780 on->summary_list->count);
781 for (ALL_LSDB(on->summary_list, lsa, lsanext))
>>> CID 1497788: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
782 json_object_array_add(
783 json_array, json_object_new_string(lsa->name));
784 json_object_object_add(json_neighbor, "summaryListLsa",
785 json_array);
786
787 json_array = json_object_new_array();
/ospf6d/ospf6_neighbor.c: 800 in ospf6_neighbor_show_detail()
794 json_array);
795
796 json_array = json_object_new_array();
797 json_object_int_add(json_neighbor, "reTransListCount",
798 on->retrans_list->count);
799 for (ALL_LSDB(on->retrans_list, lsa, lsanext))
>>> CID 1497788: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
800 json_object_array_add(
801 json_array, json_object_new_string(lsa->name));
802 json_object_object_add(json_neighbor, "reTransListLsa",
803 json_array);
804
805
/ospf6d/ospf6_neighbor.c: 872 in ospf6_neighbor_show_detail()
866 json_object_string_add(json_neighbor, "pendingLsaLsAckTime",
867 duration);
868 json_object_string_add(json_neighbor, "lsAckSendThread",
869 (on->thread_send_lsack ? "on" : "off"));
870 json_array = json_object_new_array();
871 for (ALL_LSDB(on->lsack_list, lsa, lsanext))
>>> CID 1497788: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
872 json_object_array_add(
873 json_array, json_object_new_string(lsa->name));
874 json_object_object_add(json_neighbor, "pendingLsaLsAck",
875 json_array);
876
877 ospf6_bfd_show_info(vty, on->bfd_info, 0, json_neighbor,
/ospf6d/ospf6_neighbor.c: 855 in ospf6_neighbor_show_detail()
849 duration);
850 json_object_string_add(
851 json_neighbor, "lsUpdateSendThread",
852 (on->thread_send_lsupdate ? "on" : "off"));
853 json_array = json_object_new_array();
854 for (ALL_LSDB(on->lsupdate_list, lsa, lsanext))
>>> CID 1497788: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
855 json_object_array_add(
856 json_array, json_object_new_string(lsa->name));
857 json_object_object_add(json_neighbor, "pendingLsaLsUpdate",
858 json_array);
859
860 timerclear(&res);
/ospf6d/ospf6_neighbor.c: 800 in ospf6_neighbor_show_detail()
794 json_array);
795
796 json_array = json_object_new_array();
797 json_object_int_add(json_neighbor, "reTransListCount",
798 on->retrans_list->count);
799 for (ALL_LSDB(on->retrans_list, lsa, lsanext))
>>> CID 1497788: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
800 json_object_array_add(
801 json_array, json_object_new_string(lsa->name));
802 json_object_object_add(json_neighbor, "reTransListLsa",
803 json_array);
804
805
/ospf6d/ospf6_neighbor.c: 791 in ospf6_neighbor_show_detail()
785 json_array);
786
787 json_array = json_object_new_array();
788 json_object_int_add(json_neighbor, "requestListCount",
789 on->request_list->count);
790 for (ALL_LSDB(on->request_list, lsa, lsanext))
>>> CID 1497788: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
791 json_object_array_add(
792 json_array, json_object_new_string(lsa->name));
793 json_object_object_add(json_neighbor, "requestListLsa",
794 json_array);
795
796 json_array = json_object_new_array();
** CID 1497787: (USE_AFTER_FREE)
/ospf6d/ospf6_message.c: 1942 in ospf6_lsreq_send()
/ospf6d/ospf6_message.c: 1947 in ospf6_lsreq_send()
/ospf6d/ospf6_message.c: 1947 in ospf6_lsreq_send()
________________________________________________________________________________________________________
*** CID 1497787: (USE_AFTER_FREE)
/ospf6d/ospf6_message.c: 1942 in ospf6_lsreq_send()
1936 /* set Request entries in lsreq */
1937 p = (uint8_t *)((caddr_t)oh + sizeof(struct ospf6_header));
1938 for (ALL_LSDB(on->request_list, lsa, lsanext)) {
1939 /* MTU check */
1940 if (p - sendbuf + sizeof(struct ospf6_lsreq_entry)
1941 > ospf6_packet_max(on->ospf6_if)) {
>>> CID 1497787: (USE_AFTER_FREE)
>>> Calling "ospf6_lsdb_lsa_unlock" frees pointer "lsa" which has already been freed.
1942 ospf6_lsdb_lsa_unlock(lsa);
1943 break;
1944 }
1945
1946 e = (struct ospf6_lsreq_entry *)p;
1947 e->type = lsa->header->type;
/ospf6d/ospf6_message.c: 1942 in ospf6_lsreq_send()
1936 /* set Request entries in lsreq */
1937 p = (uint8_t *)((caddr_t)oh + sizeof(struct ospf6_header));
1938 for (ALL_LSDB(on->request_list, lsa, lsanext)) {
1939 /* MTU check */
1940 if (p - sendbuf + sizeof(struct ospf6_lsreq_entry)
1941 > ospf6_packet_max(on->ospf6_if)) {
>>> CID 1497787: (USE_AFTER_FREE)
>>> Passing freed pointer "lsa" as an argument to "ospf6_lsdb_lsa_unlock".
1942 ospf6_lsdb_lsa_unlock(lsa);
1943 break;
1944 }
1945
1946 e = (struct ospf6_lsreq_entry *)p;
1947 e->type = lsa->header->type;
/ospf6d/ospf6_message.c: 1942 in ospf6_lsreq_send()
1936 /* set Request entries in lsreq */
1937 p = (uint8_t *)((caddr_t)oh + sizeof(struct ospf6_header));
1938 for (ALL_LSDB(on->request_list, lsa, lsanext)) {
1939 /* MTU check */
1940 if (p - sendbuf + sizeof(struct ospf6_lsreq_entry)
1941 > ospf6_packet_max(on->ospf6_if)) {
>>> CID 1497787: (USE_AFTER_FREE)
>>> Calling "ospf6_lsdb_lsa_unlock" frees pointer "lsa" which has already been freed.
1942 ospf6_lsdb_lsa_unlock(lsa);
1943 break;
1944 }
1945
1946 e = (struct ospf6_lsreq_entry *)p;
1947 e->type = lsa->header->type;
/ospf6d/ospf6_message.c: 1947 in ospf6_lsreq_send()
1941 > ospf6_packet_max(on->ospf6_if)) {
1942 ospf6_lsdb_lsa_unlock(lsa);
1943 break;
1944 }
1945
1946 e = (struct ospf6_lsreq_entry *)p;
>>> CID 1497787: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
1947 e->type = lsa->header->type;
1948 e->id = lsa->header->id;
1949 e->adv_router = lsa->header->adv_router;
1950 p += sizeof(struct ospf6_lsreq_entry);
1951 last_req = lsa;
1952 }
/ospf6d/ospf6_message.c: 1947 in ospf6_lsreq_send()
1941 > ospf6_packet_max(on->ospf6_if)) {
1942 ospf6_lsdb_lsa_unlock(lsa);
1943 break;
1944 }
1945
1946 e = (struct ospf6_lsreq_entry *)p;
>>> CID 1497787: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "lsa".
1947 e->type = lsa->header->type;
1948 e->id = lsa->header->id;
1949 e->adv_router = lsa->header->adv_router;
1950 p += sizeof(struct ospf6_lsreq_entry);
1951 last_req = lsa;
1952 }
** CID 1497786: (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1497786: (USE_AFTER_FREE)
/ospf6d/ospf6_message.c: 1837 in ospf6_dbdesc_send()
1831 dbdesc->seqnum = htonl(on->dbdesc_seqnum);
1832
1833 /* if this is not initial one, set LSA headers in dbdesc */
1834 p = (uint8_t *)((caddr_t)dbdesc + sizeof(struct ospf6_dbdesc));
1835 if (!CHECK_FLAG(on->dbdesc_bits, OSPF6_DBDESC_IBIT)) {
1836 for (ALL_LSDB(on->dbdesc_list, lsa, lsanext)) {
>>> CID 1497786: (USE_AFTER_FREE)
>>> Calling "ospf6_lsa_age_update_to_send" dereferences freed pointer "lsa".
1837 ospf6_lsa_age_update_to_send(lsa,
1838 on->ospf6_if->transdelay);
1839
1840 /* MTU check */
1841 if (p - sendbuf + sizeof(struct ospf6_lsa_header)
1842 > ospf6_packet_max(on->ospf6_if)) {
/ospf6d/ospf6_message.c: 1837 in ospf6_dbdesc_send()
1831 dbdesc->seqnum = htonl(on->dbdesc_seqnum);
1832
1833 /* if this is not initial one, set LSA headers in dbdesc */
1834 p = (uint8_t *)((caddr_t)dbdesc + sizeof(struct ospf6_dbdesc));
1835 if (!CHECK_FLAG(on->dbdesc_bits, OSPF6_DBDESC_IBIT)) {
1836 for (ALL_LSDB(on->dbdesc_list, lsa, lsanext)) {
>>> CID 1497786: (USE_AFTER_FREE)
>>> Calling "ospf6_lsa_age_update_to_send" dereferences freed pointer "lsa".
1837 ospf6_lsa_age_update_to_send(lsa,
1838 on->ospf6_if->transdelay);
1839
1840 /* MTU check */
1841 if (p - sendbuf + sizeof(struct ospf6_lsa_header)
1842 > ospf6_packet_max(on->ospf6_if)) {
** CID 1496729: Integer handling issues (SIGN_EXTENSION)
/bgpd/bgp_ecommunity.c: 268 in ecommunity_dup()
________________________________________________________________________________________________________
*** CID 1496729: Integer handling issues (SIGN_EXTENSION)
/bgpd/bgp_ecommunity.c: 268 in ecommunity_dup()
262 struct ecommunity *new;
263
264 new = XCALLOC(MTYPE_ECOMMUNITY, sizeof(struct ecommunity));
265 new->size = ecom->size;
266 new->unit_size = ecom->unit_size;
267 if (new->size) {
>>> CID 1496729: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "ecom->unit_size" with type "uint8_t" (8 bits, unsigned) is promoted in "ecom->size * ecom->unit_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "ecom->size * ecom->unit_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
268 new->val = XMALLOC(MTYPE_ECOMMUNITY_VAL,
269 ecom->size * ecom->unit_size);
270 memcpy(new->val, ecom->val,
271 (size_t)ecom->size * (size_t)ecom->unit_size);
272 } else
273 new->val = NULL;
** CID 1496726: Integer handling issues (SIGN_EXTENSION)
/bgpd/bgp_ecommunity.c: 1259 in ecommunity_strip()
________________________________________________________________________________________________________
*** CID 1496726: Integer handling issues (SIGN_EXTENSION)
/bgpd/bgp_ecommunity.c: 1259 in ecommunity_strip()
1253 XFREE(MTYPE_ECOMMUNITY_VAL, ecom->val);
1254 ecom->size = 0;
1255 return true;
1256 }
1257
1258 /* Strip matching ext community(ies). */
>>> CID 1496726: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "ecom->unit_size" with type "uint8_t" (8 bits, unsigned) is promoted in "(ecom->size - found) * ecom->unit_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "(ecom->size - found) * ecom->unit_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
1259 new = XMALLOC(MTYPE_ECOMMUNITY_VAL,
1260 (ecom->size - found) * ecom->unit_size);
1261 q = new;
1262 for (c = 0, p = ecom->val; c < ecom->size; c++, p += ecom->unit_size) {
1263 if (!(p[0] == type && p[1] == subtype)) {
1264 memcpy(q, p, ecom->unit_size);
** CID 1496724: (SIGN_EXTENSION)
/bgpd/bgp_ecommunity.c: 1300 in ecommunity_del_val()
/bgpd/bgp_ecommunity.c: 1298 in ecommunity_del_val()
/bgpd/bgp_ecommunity.c: 1304 in ecommunity_del_val()
________________________________________________________________________________________________________
*** CID 1496724: (SIGN_EXTENSION)
/bgpd/bgp_ecommunity.c: 1300 in ecommunity_del_val()
1294 return false;
1295
1296 /* Delete the selected value */
1297 ecom->size--;
1298 p = XMALLOC(MTYPE_ECOMMUNITY_VAL, ecom->size * ecom->unit_size);
1299 if (c != 0)
>>> CID 1496724: (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "ecom->unit_size" with type "uint8_t" (8 bits, unsigned) is promoted in "c * ecom->unit_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "c * ecom->unit_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
1300 memcpy(p, ecom->val, c * ecom->unit_size);
1301 if ((ecom->size - c) != 0)
1302 memcpy(p + (c)*ecom->unit_size,
1303 ecom->val + (c + 1) * ecom->unit_size,
1304 (ecom->size - c) * ecom->unit_size);
1305 XFREE(MTYPE_ECOMMUNITY_VAL, ecom->val);
/bgpd/bgp_ecommunity.c: 1298 in ecommunity_del_val()
1292 }
1293 if (found == 0)
1294 return false;
1295
1296 /* Delete the selected value */
1297 ecom->size--;
>>> CID 1496724: (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "ecom->unit_size" with type "uint8_t" (8 bits, unsigned) is promoted in "ecom->size * ecom->unit_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "ecom->size * ecom->unit_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
1298 p = XMALLOC(MTYPE_ECOMMUNITY_VAL, ecom->size * ecom->unit_size);
1299 if (c != 0)
1300 memcpy(p, ecom->val, c * ecom->unit_size);
1301 if ((ecom->size - c) != 0)
1302 memcpy(p + (c)*ecom->unit_size,
1303 ecom->val + (c + 1) * ecom->unit_size,
/bgpd/bgp_ecommunity.c: 1304 in ecommunity_del_val()
1298 p = XMALLOC(MTYPE_ECOMMUNITY_VAL, ecom->size * ecom->unit_size);
1299 if (c != 0)
1300 memcpy(p, ecom->val, c * ecom->unit_size);
1301 if ((ecom->size - c) != 0)
1302 memcpy(p + (c)*ecom->unit_size,
1303 ecom->val + (c + 1) * ecom->unit_size,
>>> CID 1496724: (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "ecom->unit_size" with type "uint8_t" (8 bits, unsigned) is promoted in "(ecom->size - c) * ecom->unit_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "(ecom->size - c) * ecom->unit_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
1304 (ecom->size - c) * ecom->unit_size);
1305 XFREE(MTYPE_ECOMMUNITY_VAL, ecom->val);
1306 ecom->val = p;
1307 return true;
1308 }
1309
** CID 1496723: (SIGN_EXTENSION)
/bgpd/bgp_ecommunity.c: 158 in ecommunity_add_val_internal()
/bgpd/bgp_ecommunity.c: 164 in ecommunity_add_val_internal()
/bgpd/bgp_ecommunity.c: 106 in ecommunity_add_val_internal()
________________________________________________________________________________________________________
*** CID 1496723: (SIGN_EXTENSION)
/bgpd/bgp_ecommunity.c: 158 in ecommunity_add_val_internal()
152
153 if (ins_idx == -1)
154 ins_idx = c;
155
156 /* Add the value to the structure with numerical sorting. */
157 ecom->size++;
>>> CID 1496723: (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "ecom_size" with type "uint8_t" (8 bits, unsigned) is promoted in "ecom->size * ecom_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "ecom->size * ecom_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
158 ecom->val = XREALLOC(MTYPE_ECOMMUNITY_VAL, ecom->val,
159 ecom_length_size(ecom, ecom_size));
160
161
162 memmove(ecom->val + ((ins_idx + 1) * ecom_size),
163 ecom->val + (ins_idx * ecom_size),
/bgpd/bgp_ecommunity.c: 164 in ecommunity_add_val_internal()
158 ecom->val = XREALLOC(MTYPE_ECOMMUNITY_VAL, ecom->val,
159 ecom_length_size(ecom, ecom_size));
160
161
162 memmove(ecom->val + ((ins_idx + 1) * ecom_size),
163 ecom->val + (ins_idx * ecom_size),
>>> CID 1496723: (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "ecom_size" with type "uint8_t" (8 bits, unsigned) is promoted in "(ecom->size - 1 - ins_idx) * ecom_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "(ecom->size - 1 - ins_idx) * ecom_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
164 (ecom->size - 1 - ins_idx) * ecom_size);
165 memcpy(ecom->val + (ins_idx * ecom_size),
166 eval, ecom_size);
167
168 return true;
169 }
/bgpd/bgp_ecommunity.c: 106 in ecommunity_add_val_internal()
100 const struct ecommunity_val_ipv6 *eval6 =
101 (struct ecommunity_val_ipv6 *)eval;
102
103 /* When this is fist value, just add it. */
104 if (ecom->val == NULL) {
105 ecom->size = 1;
>>> CID 1496723: (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "ecom_size" with type "uint8_t" (8 bits, unsigned) is promoted in "ecom->size * ecom_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "ecom->size * ecom_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
106 ecom->val = XMALLOC(MTYPE_ECOMMUNITY_VAL,
107 ecom_length_size(ecom, ecom_size));
108 memcpy(ecom->val, eval, ecom_size);
109 return true;
110 }
111
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yrtN2DGUU98GYhjd55wXsXtw53zRK70R0agdV-2Fb7c45-2BkxBoZjryQtr5SpUD80NNfE-3DJ-HA_O0IDF7c8sUs2B6kWTeWwAJZqriD5fgsfL8PAN30oQTyHWANfM-2BHPiDqvk8GwruJJdAwOWmcrsFf-2Bm1sZrp-2BWNFnh7UBDmWq2ZwyoBaC3v8O5dELi7ZhgwgwbEAW4OdIDwtTqQuJrelVJ24Qjwd9RKm0yTWbCjibevPpKRoiDfnLglXwQaPR5D9y04YU9cEOZ-2BZPN001bzVGZ5URpUrNVX-2B6jCxWHa3V-2BW6sTmBmE978-3D
More information about the dev
mailing list