New Defects reported by Coverity Scan for freerangerouting/frr

scan-admin at coverity.com scan-admin at coverity.com
Wed Jun 19 23:23:14 UTC 2024 

Hi,

Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.

5 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 1594016:  Possible Control flow issues  (DEADCODE)
/zebra/zebra_srv6.c: 1871 in release_srv6_sid_func_explicit()


________________________________________________________________________________________________________
*** CID 1594016:  Possible Control flow issues  (DEADCODE)
/zebra/zebra_srv6.c: 1871 in release_srv6_sid_func_explicit()
1865     					zlog_warn("%s: failed to release wide SID function %u, function is not allocated",
1866     						  __func__, sid_wide_func);
1867     					return -1;
1868     				}
1869     
1870     				/* Release the SID function from the EWLIB range */
>>>     CID 1594016:  Possible Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "listnode_delete(block->u.us...".
1871     				listnode_delete(block->u.usid.wide_lib[sid_func]
1872     							.func_allocated,
1873     						sid_wide_func_ptr);
1874     				zebra_srv6_sid_func_free(sid_wide_func_ptr);
1875     			} else {
1876     				zlog_warn("%s: function %u is outside ELIB [%u/%u] and EWLIB alloc ranges [%u/%u]",

** CID 1594015:    (DEADCODE)
/zebra/zebra_srv6.c: 1782 in get_srv6_sid()
/zebra/zebra_srv6.c: 1781 in get_srv6_sid()


________________________________________________________________________________________________________
*** CID 1594015:    (DEADCODE)
/zebra/zebra_srv6.c: 1782 in get_srv6_sid()
1776     		}
1777     
1778     		ret = get_srv6_sid_dynamic(sid, ctx, locator);
1779     
1780     		break;
1781     	case SRV6_SID_ALLOC_MODE_MAX:
>>>     CID 1594015:    (DEADCODE)
>>>     Execution cannot reach this statement: "case SRV6_SID_ALLOC_MODE_UN...".
1782     	case SRV6_SID_ALLOC_MODE_UNSPEC:
1783     	default:
1784     		flog_err(EC_ZEBRA_SM_CANNOT_ASSIGN_SID,
1785     			 "%s: SRv6 Manager: Unrecognized alloc mode %u",
1786     			 __func__, alloc_mode);
1787     		/* We should never arrive here */
/zebra/zebra_srv6.c: 1781 in get_srv6_sid()
1775     			return -1;
1776     		}
1777     
1778     		ret = get_srv6_sid_dynamic(sid, ctx, locator);
1779     
1780     		break;
>>>     CID 1594015:    (DEADCODE)
>>>     Execution cannot reach this statement: "case SRV6_SID_ALLOC_MODE_MAX:".
1781     	case SRV6_SID_ALLOC_MODE_MAX:
1782     	case SRV6_SID_ALLOC_MODE_UNSPEC:
1783     	default:
1784     		flog_err(EC_ZEBRA_SM_CANNOT_ASSIGN_SID,
1785     			 "%s: SRv6 Manager: Unrecognized alloc mode %u",
1786     			 __func__, alloc_mode);

** CID 1594014:  Null pointer dereferences  (FORWARD_NULL)
/zebra/zebra_srv6.c: 1860 in release_srv6_sid_func_explicit()


________________________________________________________________________________________________________
*** CID 1594014:  Null pointer dereferences  (FORWARD_NULL)
/zebra/zebra_srv6.c: 1860 in release_srv6_sid_func_explicit()
1854     
1855     				/* Lookup SID function in the functions allocated list of EWLIB range */
1856     				for (ALL_LIST_ELEMENTS_RO(block->u.usid
1857     								  .wide_lib[sid_func]
1858     								  .func_allocated,
1859     							  node, sid_func_ptr))
>>>     CID 1594014:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "sid_wide_func_ptr".
1860     					if (*sid_wide_func_ptr == sid_wide_func)
1861     						break;
1862     
1863     				/* Ensure that the SID function is allocated */
1864     				if (!sid_wide_func_ptr) {
1865     					zlog_warn("%s: failed to release wide SID function %u, function is not allocated",

** CID 1594013:  Null pointer dereferences  (REVERSE_INULL)
/zebra/zebra_srv6.c: 961 in zebra_srv6_sid_compose()


________________________________________________________________________________________________________
*** CID 1594013:  Null pointer dereferences  (REVERSE_INULL)
/zebra/zebra_srv6.c: 961 in zebra_srv6_sid_compose()
955     				   struct srv6_locator *locator,
956     				   uint32_t sid_func)
957     {
958     	uint8_t offset, func_len;
959     	struct srv6_sid_format *format = locator->sid_format;
960     
>>>     CID 1594013:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "locator" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
961     	if (!sid_value || !locator)
962     		return false;
963     
964     	if (format) {
965     		offset = format->block_len + format->node_len;
966     		func_len = format->function_len;

** CID 1594012:    (TAINTED_SCALAR)


________________________________________________________________________________________________________
*** CID 1594012:    (TAINTED_SCALAR)
/nhrpd/nhrp_peer.c: 1139 in nhrp_packet_send_error()
1133     	/* Don`t add extension according to RFC */
1134     	zbuf_put(zb, pp->hdr, sizeof(*pp->hdr));
1135     	zbuf_put(zb, sockunion_get_addr(&pp->src_nbma),
1136     		 hdr->src_nbma_address_len);
1137     	zbuf_put(zb, sockunion_get_addr(&pp->src_proto),
1138     		 hdr->src_protocol_address_len);
>>>     CID 1594012:    (TAINTED_SCALAR)
>>>     Passing tainted expression "hdr->dst_protocol_address_len" to "zbuf_put", which uses it as an offset.
1139     	zbuf_put(zb, sockunion_get_addr(&pp->dst_proto),
1140     		 hdr->dst_protocol_address_len);
1141     	nhrp_packet_complete_auth(zb, hdr, pp->ifp, false);
1142     
1143     	nhrp_peer_send(pp->peer, zb);
1144     	zbuf_free(zb);
/nhrpd/nhrp_peer.c: 1135 in nhrp_packet_send_error()
1129     	hdr->flags = pp->hdr->flags;
1130     	hdr->hop_count = 0; /* XXX: cisco returns 255 */
1131     
1132     	/* Payload is the packet causing error */
1133     	/* Don`t add extension according to RFC */
1134     	zbuf_put(zb, pp->hdr, sizeof(*pp->hdr));
>>>     CID 1594012:    (TAINTED_SCALAR)
>>>     Passing tainted expression "hdr->src_nbma_address_len" to "zbuf_put", which uses it as an offset.
1135     	zbuf_put(zb, sockunion_get_addr(&pp->src_nbma),
1136     		 hdr->src_nbma_address_len);
1137     	zbuf_put(zb, sockunion_get_addr(&pp->src_proto),
1138     		 hdr->src_protocol_address_len);
1139     	zbuf_put(zb, sockunion_get_addr(&pp->dst_proto),
1140     		 hdr->dst_protocol_address_len);
/nhrpd/nhrp_peer.c: 1137 in nhrp_packet_send_error()
1131     
1132     	/* Payload is the packet causing error */
1133     	/* Don`t add extension according to RFC */
1134     	zbuf_put(zb, pp->hdr, sizeof(*pp->hdr));
1135     	zbuf_put(zb, sockunion_get_addr(&pp->src_nbma),
1136     		 hdr->src_nbma_address_len);
>>>     CID 1594012:    (TAINTED_SCALAR)
>>>     Passing tainted expression "hdr->src_protocol_address_len" to "zbuf_put", which uses it as an offset.
1137     	zbuf_put(zb, sockunion_get_addr(&pp->src_proto),
1138     		 hdr->src_protocol_address_len);
1139     	zbuf_put(zb, sockunion_get_addr(&pp->dst_proto),
1140     		 hdr->dst_protocol_address_len);
1141     	nhrp_packet_complete_auth(zb, hdr, pp->ifp, false);
1142     


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4jkWudbux5UNqYsSt9ZXO3s9m3KMDrlSX-2Bp41IzjejfmdC2hinnLY-2BZ6PvlTenLZs-3DEkZI_t0zeZlCsA34Fiw17aIfmh-2F3kFs1q7rysihvAefHXY7-2B6-2FZm-2FVBRnMPQb1mckeNnl5pjp6gwLohA3ZmrQQ9poHIkkkuTmQobrP906XK1H7r9O6wJSDiAVF1QwMYiT458uNMgKTkZ9nvQyW1ur6xP7Em7vfIjbtdefS0P1siLo6h64YFqW0JmuAWRfxU0-2Fw61Bh3-2Fa4RrAuJNm35MAgngKGA-3D-3D

More information about the dev mailing list