New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Wed Jul 6 09:13:40 UTC 2022
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
3 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1518830: (RESOURCE_LEAK)
/bfdd/bfd_packet.c: 1582 in bp_echo_socket()
/bfdd/bfd_packet.c: 1572 in bp_echo_socket()
________________________________________________________________________________________________________
*** CID 1518830: (RESOURCE_LEAK)
/bfdd/bfd_packet.c: 1582 in bp_echo_socket()
1576 sll.sll_family = AF_PACKET;
1577 sll.sll_protocol = htons(ETH_P_IP);
1578 sll.sll_ifindex = 0;
1579 if (bind(s, (struct sockaddr *)&sll, sizeof(sll)) < 0) {
1580 zlog_warn("Failed to bind echo socket: %s",
1581 safe_strerror(errno));
>>> CID 1518830: (RESOURCE_LEAK)
>>> Handle variable "s" going out of scope leaks the handle.
1582 return -1;
1583 }
1584
1585 return s;
1586 }
1587 #else
/bfdd/bfd_packet.c: 1572 in bp_echo_socket()
1566 pf.filter = my_filterudp;
1567 pf.len = MY_FILTER_LENGTH;
1568 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, &pf, sizeof(pf)) ==
1569 -1) {
1570 zlog_warn("%s: setsockopt(SO_ATTACH_FILTER): %s", __func__,
1571 strerror(errno));
>>> CID 1518830: (RESOURCE_LEAK)
>>> Handle variable "s" going out of scope leaks the handle.
1572 return -1;
1573 }
1574
1575
1576 sll.sll_family = AF_PACKET;
1577 sll.sll_protocol = htons(ETH_P_IP);
** CID 1518829: Memory - corruptions (BUFFER_SIZE)
/bfdd/bfd_packet.c: 222 in ptm_bfd_echo_fp_snd()
________________________________________________________________________________________________________
*** CID 1518829: Memory - corruptions (BUFFER_SIZE)
/bfdd/bfd_packet.c: 222 in ptm_bfd_echo_fp_snd()
216 SET_FLAG(bfd->flags, BFD_SESS_FLAG_ECHO_ACTIVE);
217
218 memset(sendbuff, 0, sizeof(sendbuff));
219
220 /* add eth hdr */
221 eth = (struct ethhdr *)(sendbuff);
>>> CID 1518829: Memory - corruptions (BUFFER_SIZE)
>>> You might overrun the 6 byte destination string "eth->h_source" by writing the maximum 20 bytes from "bfd->ifp->hw_addr".
222 memcpy(eth->h_source, bfd->ifp->hw_addr, sizeof(bfd->ifp->hw_addr));
223 memcpy(eth->h_dest, bfd->peer_hw_addr, sizeof(bfd->peer_hw_addr));
224
225 total_len += sizeof(struct ethhdr);
226
227 sd = bvrf->bg_echo;
** CID 1518828: Memory - corruptions (OVERRUN)
/bfdd/bfd_packet.c: 222 in ptm_bfd_echo_fp_snd()
________________________________________________________________________________________________________
*** CID 1518828: Memory - corruptions (OVERRUN)
/bfdd/bfd_packet.c: 222 in ptm_bfd_echo_fp_snd()
216 SET_FLAG(bfd->flags, BFD_SESS_FLAG_ECHO_ACTIVE);
217
218 memset(sendbuff, 0, sizeof(sendbuff));
219
220 /* add eth hdr */
221 eth = (struct ethhdr *)(sendbuff);
>>> CID 1518828: Memory - corruptions (OVERRUN)
>>> Overrunning array "eth->h_source" of 6 bytes by passing it to a function which accesses it at byte offset 19 using argument "20UL".
222 memcpy(eth->h_source, bfd->ifp->hw_addr, sizeof(bfd->ifp->hw_addr));
223 memcpy(eth->h_dest, bfd->peer_hw_addr, sizeof(bfd->peer_hw_addr));
224
225 total_len += sizeof(struct ethhdr);
226
227 sd = bvrf->bg_echo;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yrtN2DGUU98GYhjd55wXsXtw53zRK70R0agdV-2Fb7c45-2BkxBoZjryQtr5SpUD80NNfE-3D5f_A_O0IDF7c8sUs2B6kWTeWwAJZqriD5fgsfL8PAN30oQTyvuBz-2FSwpFbstjzE2UfdZc5gWCk-2FQrOd3d8dR144Fqjk0cfYiDKv5D8s78xu1otuUz-2BRY5TMOHCtHQXG2HPb6LmHRUvcvBxmuvoyZUxKb6MxruawcJRVmIGu-2FNyyKFf6k-2BPIbA2QG-2FjTq4BJwGPV9xG4SZz12uAZq9wpPk0yAFZA-3D-3D
More information about the dev
mailing list