New Defects reported by Coverity Scan for freerangerouting/frr
scan-admin at coverity.com
scan-admin at coverity.com
Wed Mar 6 00:22:18 UTC 2024
Hi,
Please find the latest report on new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
2 new defect(s) introduced to freerangerouting/frr found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1584234: (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1584234: (TAINTED_SCALAR)
/zebra/fpm_listener.c: 594 in fpm_serve()
588 while (1) {
589
590 hdr = read_fpm_msg(buf, sizeof(buf));
591 if (!hdr)
592 return;
593
>>> CID 1584234: (TAINTED_SCALAR)
>>> Passing tainted expression "*hdr" to "process_fpm_msg", which uses it as a loop boundary.
594 process_fpm_msg(hdr);
595 }
596 }
597
598 int main(int argc, char **argv)
599 {
/zebra/fpm_listener.c: 594 in fpm_serve()
588 while (1) {
589
590 hdr = read_fpm_msg(buf, sizeof(buf));
591 if (!hdr)
592 return;
593
>>> CID 1584234: (TAINTED_SCALAR)
>>> Passing tainted expression "hdr->msg_len" to "process_fpm_msg", which uses it as a loop boundary.
594 process_fpm_msg(hdr);
595 }
596 }
597
598 int main(int argc, char **argv)
599 {
/zebra/fpm_listener.c: 594 in fpm_serve()
588 while (1) {
589
590 hdr = read_fpm_msg(buf, sizeof(buf));
591 if (!hdr)
592 return;
593
>>> CID 1584234: (TAINTED_SCALAR)
>>> Passing tainted expression "hdr->msg_len" to "process_fpm_msg", which uses it as a loop boundary.
594 process_fpm_msg(hdr);
595 }
596 }
597
598 int main(int argc, char **argv)
599 {
/zebra/fpm_listener.c: 594 in fpm_serve()
588 while (1) {
589
590 hdr = read_fpm_msg(buf, sizeof(buf));
591 if (!hdr)
592 return;
593
>>> CID 1584234: (TAINTED_SCALAR)
>>> Passing tainted expression "hdr" to "process_fpm_msg", which uses it as a loop boundary.
594 process_fpm_msg(hdr);
595 }
596 }
597
598 int main(int argc, char **argv)
599 {
/zebra/fpm_listener.c: 594 in fpm_serve()
588 while (1) {
589
590 hdr = read_fpm_msg(buf, sizeof(buf));
591 if (!hdr)
592 return;
593
>>> CID 1584234: (TAINTED_SCALAR)
>>> Passing tainted expression "hdr" to "process_fpm_msg", which uses it as a loop boundary.
594 process_fpm_msg(hdr);
595 }
596 }
597
598 int main(int argc, char **argv)
599 {
** CID 1584233: (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1584233: (TAINTED_SCALAR)
/zebra/fpm_listener.c: 577 in process_fpm_msg()
571
572 if (hdr->msg_type != FPM_MSG_TYPE_NETLINK) {
573 fprintf(stderr, "Unknown fpm message type %u\n", hdr->msg_type);
574 return;
575 }
576
>>> CID 1584233: (TAINTED_SCALAR)
>>> Passing tainted expression "fpm_msg_data_len(hdr)" to "parse_netlink_msg", which uses it as a loop boundary.
577 parse_netlink_msg(fpm_msg_data(hdr), fpm_msg_data_len(hdr));
578 }
579
580 /*
581 * fpm_serve
582 */
/zebra/fpm_listener.c: 577 in process_fpm_msg()
571
572 if (hdr->msg_type != FPM_MSG_TYPE_NETLINK) {
573 fprintf(stderr, "Unknown fpm message type %u\n", hdr->msg_type);
574 return;
575 }
576
>>> CID 1584233: (TAINTED_SCALAR)
>>> Passing tainted expression "fpm_msg_data_len(hdr)" to "parse_netlink_msg", which uses it as a loop boundary.
577 parse_netlink_msg(fpm_msg_data(hdr), fpm_msg_data_len(hdr));
578 }
579
580 /*
581 * fpm_serve
582 */
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4jkWudbux5UNqYsSt9ZXO3s9m3KMDrlSX-2Bp41IzjejfmdC2hinnLY-2BZ6PvlTenLZs-3DJII2_t0zeZlCsA34Fiw17aIfmh-2F3kFs1q7rysihvAefHXY785uAOmK-2BaalTEoYQSDBOSHNnpwZf8tRfyymB2y1VD6Zc3R6OHlxIqsJNQaixlEXeCZHuosUSHi-2FE1xTakkGHJAj1R0ZdplqSwc8UhlDh25mdx-2BIdxxgsqg0yqHFo2XDLl54O4JcrsJwPFhvIg08J-2Bgn102yRbfw8cQ4KgOgItd1g-3D-3D
More information about the dev
mailing list