New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Fri Dec 29 10:21:20 UTC 2023 

Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

5 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 1574981:  Null pointer dereferences  (REVERSE_INULL)
/lib/northbound.c: 2334 in nb_oper_data_iterate()


________________________________________________________________________________________________________
*** CID 1574981:  Null pointer dereferences  (REVERSE_INULL)
/lib/northbound.c: 2334 in nb_oper_data_iterate()
2328     	else
2329     		ret = nb_oper_data_iter_node(nb_node->snode, xpath, list_entry,
2330     					     &list_keys, translator, true,
2331     					     flags, cb, arg, dnode);
2332     
2333     	list_delete(&list_dnodes);
>>>     CID 1574981:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "dnode" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
2334     	if (dnode) {
2335     		while (lyd_parent(dnode))
2336     			dnode = lyd_parent(dnode);
2337     
2338     		if (tree && ret == NB_OK)
2339     			*tree = dnode;

** CID 1574980:  Null pointer dereferences  (FORWARD_NULL)
/mgmtd/mgmt_txn.c: 1292 in txn_get_tree_data_done()


________________________________________________________________________________________________________
*** CID 1574980:  Null pointer dereferences  (FORWARD_NULL)
/mgmtd/mgmt_txn.c: 1292 in txn_get_tree_data_done()
1286     					     get_tree->partial_error, false);
1287     
1288     	/* we're done with the request */
1289     	mgmt_txn_req_free(&txn_req);
1290     
1291     	if (ret) {
>>>     CID 1574980:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "txn_req".
1292     		MGMTD_TXN_ERR("Error saving the results of GETTREE for txn-id %" PRIu64
1293     			      " req_id %" PRIu64 " to requested type %u",
1294     			      txn->txn_id, txn_req->req_id,
1295     			      get_tree->result_type);
1296     
1297     		(void)mgmt_fe_adapter_txn_error(txn->txn_id, txn_req->req_id,

** CID 1574979:  Insecure data handling  (TAINTED_SCALAR)


________________________________________________________________________________________________________
*** CID 1574979:  Insecure data handling  (TAINTED_SCALAR)
/lib/mgmt_msg.c: 114 in mgmt_msg_read()
108     			 * Message was longer than what was left and we have no
109     			 * available space to read more in. B/c mcount == 0 the
110     			 * message starts at the beginning of the stream so
111     			 * therefor the stream is too small to fit the message..
112     			 * Resize the stream to fit.
113     			 */
>>>     CID 1574979:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted expression "mhdr->len" to "stream_new", which uses it as an allocation size.
114     			news = stream_new(mhdr->len);
115     			stream_put(news, mhdr, left);
116     			stream_set_endp(news, left);
117     			stream_free(ms->ins);
118     			ms->ins = news;
119     		}

** CID 1574978:  Possible Control flow issues  (DEADCODE)
/mgmtd/mgmt_txn.c: 531 in mgmt_txn_req_free()


________________________________________________________________________________________________________
*** CID 1574978:  Possible Control flow issues  (DEADCODE)
/mgmtd/mgmt_txn.c: 531 in mgmt_txn_req_free()
525     	case MGMTD_TXN_GETTREE_TIMEOUT:
526     	case MGMTD_TXN_CLEANUP:
527     		break;
528     	}
529     
530     	if ((*txn_req)->pending_be_proc && pending_list) {
>>>     CID 1574978:  Possible Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "mgmt_txn_reqs_del(pending_l...".
531     		mgmt_txn_reqs_del(pending_list, *txn_req);
532     		MGMTD_TXN_DBG("Removed req-id: %" PRIu64
533     			      " from pending-list (left:%zu)",
534     			      (*txn_req)->req_id,
535     			      mgmt_txn_reqs_count(pending_list));
536     	} else if (req_list) {

** CID 1574977:  Control flow issues  (DEADCODE)
/lib/vty.c: 3660 in vty_mgmt_get_data_result_notified()


________________________________________________________________________________________________________
*** CID 1574977:  Control flow issues  (DEADCODE)
/lib/vty.c: 3660 in vty_mgmt_get_data_result_notified()
3654     	for (indx = 0; indx < num_data; indx++) {
3655     		vty_out(vty, "  \"%s\": \"%s\"\n", yang_data[indx]->xpath,
3656     			yang_data[indx]->value->encoded_str_val);
3657     	}
3658     	if (next_key < 0) {
3659     		vty_out(vty, "]\n");
>>>     CID 1574977:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach the expression "1" inside this statement: "vty_mgmt_resume_response(vt...".
3660     		vty_mgmt_resume_response(vty,
3661     					 success ? CMD_SUCCESS : CMD_WARNING);
3662     	}
3663     
3664     	return 0;
3665     }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yrtN2DGUU98GYhjd55wXsXtw53zRK70R0agdV-2Fb7c45-2BoAJF92cCodBN9BBnDbw-2FFg-3D9SVw_O0IDF7c8sUs2B6kWTeWwAJZqriD5fgsfL8PAN30oQTxZnFGHYubryu2N51kFKyFHCGbTsSEt0MwolX2AcuPTWVbTblzy8drSDkZHj6LLHTtMNOHv0VMQGqgr15Vnxm0JDHWo9PPT9X95Ch8HAz74tvh5Q-2BDntUenAzf2RMH530bhhKu1mRaN5i93f7-2FKHAo-2B1MwpaZ4B17nTzHs0d8bT6NqlGUIxqPWnkb87twSZ2WA-3D

More information about the dev mailing list