New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Tue Aug 27 23:28:47 UTC 2024 

Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

2 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 1599385:  Null pointer dereferences  (REVERSE_INULL)
/bgpd/bgp_routemap.c: 1084 in route_match_vni()


________________________________________________________________________________________________________
*** CID 1599385:  Null pointer dereferences  (REVERSE_INULL)
/bgpd/bgp_routemap.c: 1084 in route_match_vni()
1078     	    && (evp->prefix.route_type != BGP_EVPN_AD_ROUTE
1079     		&& evp->prefix.route_type != BGP_EVPN_MAC_IP_ROUTE
1080     		&& evp->prefix.route_type != BGP_EVPN_IP_PREFIX_ROUTE))
1081     		return RMAP_NOOP;
1082     
1083     	for (label_cnt = 0; label_cnt < BGP_MAX_LABELS &&
>>>     CID 1599385:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "path" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1084     			    label_cnt < BGP_PATH_INFO_NUM_LABELS(path);
1085     	     label_cnt++) {
1086     		if (vni == label2vni(&path->extra->labels->label[label_cnt]))
1087     			return RMAP_MATCH;
1088     	}
1089     

** CID 1599384:    (USE_AFTER_FREE)
/bgpd/bgp_route.c: 4883 in bgp_update()
/bgpd/bgp_route.c: 4965 in bgp_update()
/bgpd/bgp_route.c: 4937 in bgp_update()
/bgpd/bgp_route.c: 4909 in bgp_update()
/bgpd/bgp_route.c: 5389 in bgp_update()


________________________________________________________________________________________________________
*** CID 1599384:    (USE_AFTER_FREE)
/bgpd/bgp_route.c: 4883 in bgp_update()
4877     		     bgp_path_info_labels_same(pi, bgp_labels.label,
4878     					       bgp_labels.num_labels))) {
4879     			if (get_active_bdc_from_pi(pi, afi, safi) &&
4880     			    peer->sort == BGP_PEER_EBGP &&
4881     			    CHECK_FLAG(pi->flags, BGP_PATH_HISTORY)) {
4882     				if (bgp_debug_update(peer, p, NULL, 1)) {
>>>     CID 1599384:    (USE_AFTER_FREE)
>>>     Passing freed pointer "evpn" as an argument to "bgp_debug_rdpfxpath2str".
4883     					bgp_debug_rdpfxpath2str(
4884     						afi, safi, prd, p, label,
4885     						num_labels, addpath_id ? 1 : 0,
4886     						addpath_id, evpn, pfx_buf,
4887     						sizeof(pfx_buf));
4888     					zlog_debug("%pBP rcvd %s", peer,
/bgpd/bgp_route.c: 4965 in bgp_update()
4959     			 */
4960     			bgp_aggregate_decrement(bgp, p, pi, afi, safi);
4961     		}
4962     
4963     		/* Received Logging. */
4964     		if (bgp_debug_update(peer, p, NULL, 1)) {
>>>     CID 1599384:    (USE_AFTER_FREE)
>>>     Passing freed pointer "evpn" as an argument to "bgp_debug_rdpfxpath2str".
4965     			bgp_debug_rdpfxpath2str(afi, safi, prd, p, label,
4966     						num_labels, addpath_id ? 1 : 0,
4967     						addpath_id, evpn, pfx_buf,
4968     						sizeof(pfx_buf));
4969     			zlog_debug("%pBP rcvd %s", peer, pfx_buf);
4970     		}
/bgpd/bgp_route.c: 4937 in bgp_update()
4931     			return;
4932     		}
4933     
4934     		/* Withdraw/Announce before we fully processed the withdraw */
4935     		if (CHECK_FLAG(pi->flags, BGP_PATH_REMOVED)) {
4936     			if (bgp_debug_update(peer, p, NULL, 1)) {
>>>     CID 1599384:    (USE_AFTER_FREE)
>>>     Passing freed pointer "evpn" as an argument to "bgp_debug_rdpfxpath2str".
4937     				bgp_debug_rdpfxpath2str(
4938     					afi, safi, prd, p, label, num_labels,
4939     					addpath_id ? 1 : 0, addpath_id, evpn,
4940     					pfx_buf, sizeof(pfx_buf));
4941     				zlog_debug(
4942     					"%pBP rcvd %s, flapped quicker than processing",
/bgpd/bgp_route.c: 4909 in bgp_update()
4903     							"%pBP rcvd UPDATE w/ attr: %s",
4904     							peer,
4905     							peer->rcvd_attr_str);
4906     						peer->rcvd_attr_printed = 1;
4907     					}
4908     
>>>     CID 1599384:    (USE_AFTER_FREE)
>>>     Passing freed pointer "evpn" as an argument to "bgp_debug_rdpfxpath2str".
4909     					bgp_debug_rdpfxpath2str(
4910     						afi, safi, prd, p, label,
4911     						num_labels, addpath_id ? 1 : 0,
4912     						addpath_id, evpn, pfx_buf,
4913     						sizeof(pfx_buf));
4914     					zlog_debug(
/bgpd/bgp_route.c: 5389 in bgp_update()
5383     		if (!peer->rcvd_attr_printed) {
5384     			zlog_debug("%pBP rcvd UPDATE w/ attr: %s", peer,
5385     				   peer->rcvd_attr_str);
5386     			peer->rcvd_attr_printed = 1;
5387     		}
5388     
>>>     CID 1599384:    (USE_AFTER_FREE)
>>>     Passing freed pointer "evpn" as an argument to "bgp_debug_rdpfxpath2str".
5389     		bgp_debug_rdpfxpath2str(afi, safi, prd, p, label, num_labels,
5390     					addpath_id ? 1 : 0, addpath_id, evpn,
5391     					pfx_buf, sizeof(pfx_buf));
5392     		zlog_debug("%pBP rcvd UPDATE about %s -- DENIED due to: %s",
5393     			   peer, pfx_buf, reason);
5394     	}


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4jkWudbux5UNqYsSt9ZXO3s9m3KMDrlSX-2Bp41IzjejfmdC2hinnLY-2BZ6PvlTenLZs-3DwZFg_t0zeZlCsA34Fiw17aIfmh-2F3kFs1q7rysihvAefHXY7-2FT3Wex2Kyq8vq2GU4oxc0INa4LGQkWp2o2udzYi1E195dKzlJbpozeVIoom9zXeJ3a0xfYNt6q7iptmI9Oipl9P3vpI8V6-2B-2Be3-2B7DRNfNWJgr03b76RYNp8E5SzAMxO0GQOZLaFPlJuONzooC6oGSCeZbxOf2xdqUWygcR8FWfUA-3D-3D

More information about the dev mailing list