Merge pull request #3089 from pacovn/Coverity_1473286_Out_of_bounds_access

isisd: out of bounds access (Coverity 1473286)

diff --git a/bfdd/bfdd_vty.c b/bfdd/bfdd_vty.c
index 1c6d03195c8a5754f99fe9f5a4f63e38357bb220..51dd9cb26da77fb153208abca29839fa76043ac2 100644 (file)
--- a/bfdd/bfdd_vty.c
+++ b/bfdd/bfdd_vty.c
@@ -886,14 +886,7 @@ static int bfd_configure_peer(struct bfd_peer_cfg *bpc, bool mhop,
        if (local)
                bpc->bpc_local = *local;
 
-       if (peer) {
-               bpc->bpc_peer = *peer;
-       } else {
-               /* Peer configuration is mandatory. */
-               snprintf(ebuf, ebuflen, "no peer configured");
-               return -1;
-       }
-
+       bpc->bpc_peer = *peer;
        bpc->bpc_mhop = mhop;
 
        /* Handle interface specification configuration. */

diff --git a/bgpd/bgp_zebra.c b/bgpd/bgp_zebra.c
index 3b762a362b0a431d8735fd15d1289cc51c77a1bb..5ab727111caf150a7ca0e728beb7b1e2e07ebf66 100644 (file)
--- a/bgpd/bgp_zebra.c
+++ b/bgpd/bgp_zebra.c
@@ -229,8 +229,6 @@ static int bgp_interface_delete(int command, struct zclient *zclient,
        struct bgp *bgp;
 
        bgp = bgp_lookup_by_vrf_id(vrf_id);
-       if (!bgp)
-               return 0;
 
        s = zclient->ibuf;
        ifp = zebra_interface_state_read(s, vrf_id);
@@ -240,7 +238,8 @@ static int bgp_interface_delete(int command, struct zclient *zclient,
        if (BGP_DEBUG(zebra, ZEBRA))
                zlog_debug("Rx Intf del VRF %u IF %s", vrf_id, ifp->name);
 
-       bgp_update_interface_nbrs(bgp, ifp, NULL);
+       if (bgp)
+               bgp_update_interface_nbrs(bgp, ifp, NULL);
 
        if_set_index(ifp, IFINDEX_INTERNAL);
        return 0;
@@ -257,8 +256,6 @@ static int bgp_interface_up(int command, struct zclient *zclient,
        struct bgp *bgp;
 
        bgp = bgp_lookup_by_vrf_id(vrf_id);
-       if (!bgp)
-               return 0;
 
        s = zclient->ibuf;
        ifp = zebra_interface_state_read(s, vrf_id);
@@ -269,6 +266,9 @@ static int bgp_interface_up(int command, struct zclient *zclient,
        if (BGP_DEBUG(zebra, ZEBRA))
                zlog_debug("Rx Intf up VRF %u IF %s", vrf_id, ifp->name);
 
+       if (!bgp)
+               return 0;
+
        for (ALL_LIST_ELEMENTS(ifp->connected, node, nnode, c))
                bgp_connected_add(bgp, c);
 
@@ -290,8 +290,6 @@ static int bgp_interface_down(int command, struct zclient *zclient,
        struct peer *peer;
 
        bgp = bgp_lookup_by_vrf_id(vrf_id);
-       if (!bgp)
-               return 0;
 
        s = zclient->ibuf;
        ifp = zebra_interface_state_read(s, vrf_id);
@@ -301,6 +299,9 @@ static int bgp_interface_down(int command, struct zclient *zclient,
        if (BGP_DEBUG(zebra, ZEBRA))
                zlog_debug("Rx Intf down VRF %u IF %s", vrf_id, ifp->name);
 
+       if (!bgp)
+               return 0;
+
        for (ALL_LIST_ELEMENTS(ifp->connected, node, nnode, c))
                bgp_connected_delete(bgp, c);
 
@@ -342,8 +343,6 @@ static int bgp_interface_address_add(int command, struct zclient *zclient,
        struct bgp *bgp;
 
        bgp = bgp_lookup_by_vrf_id(vrf_id);
-       if (!bgp)
-               return 0;
 
        ifc = zebra_interface_address_read(command, zclient->ibuf, vrf_id);
 
@@ -357,6 +356,9 @@ static int bgp_interface_address_add(int command, struct zclient *zclient,
                           ifc->ifp->name, buf);
        }
 
+       if (!bgp)
+               return 0;
+
        if (if_is_operative(ifc->ifp)) {
                bgp_connected_add(bgp, ifc);
 
@@ -379,8 +381,6 @@ static int bgp_interface_address_delete(int command, struct zclient *zclient,
        struct bgp *bgp;
 
        bgp = bgp_lookup_by_vrf_id(vrf_id);
-       if (!bgp)
-               return 0;
 
        ifc = zebra_interface_address_read(command, zclient->ibuf, vrf_id);
 
@@ -394,7 +394,7 @@ static int bgp_interface_address_delete(int command, struct zclient *zclient,
                           ifc->ifp->name, buf);
        }
 
-       if (if_is_operative(ifc->ifp)) {
+       if (bgp && if_is_operative(ifc->ifp)) {
                bgp_connected_delete(bgp, ifc);
        }
 
@@ -483,23 +483,23 @@ static int bgp_interface_vrf_update(int command, struct zclient *zclient,
                           ifp->name, new_vrf_id);
 
        bgp = bgp_lookup_by_vrf_id(vrf_id);
-       if (!bgp)
-               return 0;
 
-       for (ALL_LIST_ELEMENTS(ifp->connected, node, nnode, c))
-               bgp_connected_delete(bgp, c);
+       if (bgp) {
+               for (ALL_LIST_ELEMENTS(ifp->connected, node, nnode, c))
+                       bgp_connected_delete(bgp, c);
 
-       for (ALL_LIST_ELEMENTS(ifp->nbr_connected, node, nnode, nc))
-               bgp_nbr_connected_delete(bgp, nc, 1);
+               for (ALL_LIST_ELEMENTS(ifp->nbr_connected, node, nnode, nc))
+                       bgp_nbr_connected_delete(bgp, nc, 1);
 
-       /* Fast external-failover */
-       if (!CHECK_FLAG(bgp->flags, BGP_FLAG_NO_FAST_EXT_FAILOVER)) {
-               for (ALL_LIST_ELEMENTS(bgp->peer, node, nnode, peer)) {
-                       if ((peer->ttl != 1) && (peer->gtsm_hops != 1))
-                               continue;
+               /* Fast external-failover */
+               if (!CHECK_FLAG(bgp->flags, BGP_FLAG_NO_FAST_EXT_FAILOVER)) {
+                       for (ALL_LIST_ELEMENTS(bgp->peer, node, nnode, peer)) {
+                               if ((peer->ttl != 1) && (peer->gtsm_hops != 1))
+                                       continue;
 
-                       if (ifp == peer->nexthop.ifp)
-                               BGP_EVENT_ADD(peer, BGP_Stop);
+                               if (ifp == peer->nexthop.ifp)
+                                       BGP_EVENT_ADD(peer, BGP_Stop);
+                       }
                }
        }
 
@@ -2191,8 +2191,6 @@ static void bgp_encode_pbr_ipset_match(struct stream *s,
 
        stream_put(s, pbim->ipset_name,
                   ZEBRA_IPSET_NAME_SIZE);
-
-
 }
 
 static void bgp_encode_pbr_ipset_entry_match(struct stream *s,

diff --git a/watchfrr/watchfrr.c b/watchfrr/watchfrr.c
index 9bbe04c338c97888d5c6589f8132cd63a2320e87..ec922490e2af60db4709476303f0c051cfa9a700 100644 (file)
--- a/watchfrr/watchfrr.c
+++ b/watchfrr/watchfrr.c
@@ -1217,12 +1217,13 @@ int main(int argc, char **argv)
                }
        }
        if (!gs.daemons) {
-               fputs("Must specify one or more daemons to monitor.\n", stderr);
+               flog_err(EC_WATCHFRR_UNEXPECTED_DAEMONS,
+                         "Must specify one or more daemons to monitor.");
                frr_help_exit(1);
        }
        if (!watch_only && !gs.special) {
-               fprintf(stderr, "\"%s\" daemon must be in daemon list\n",
-                       special);
+               flog_err(EC_WATCHFRR_UNEXPECTED_DAEMONS,
+                         "\"%s\" daemon must be in daemon lists", special);
                frr_help_exit(1);
        }
 

diff --git a/watchfrr/watchfrr_errors.c b/watchfrr/watchfrr_errors.c
index c720b65099c8b575a233a09d7589545e00be1efb..0aa27ef661a8f9e81c3d4fe5d5348be45bf2aeac 100644 (file)
--- a/watchfrr/watchfrr_errors.c
+++ b/watchfrr/watchfrr_errors.c
@@ -31,6 +31,12 @@ static struct log_ref ferr_watchfrr_err[] = {
                .description = "WATCHFRR has detected a connectivity issue with one of the FRR daemons",
                .suggestion = "Ensure that FRR is still running and if not please open an Issue"
        },
+       {
+               .code = EC_WATCHFRR_UNEXPECTED_DAEMONS,
+               .title = "WATCHFRR wrong daemons to watch",
+               .description = "As part of WATCHFRR startup you must specify 1 or more daemons to monitor",
+               .suggestion = "Update your startup scripts to include zebra and any other daemon you would like to monitor",
+       },
        {
                .code = END_FERR,
        }

diff --git a/watchfrr/watchfrr_errors.h b/watchfrr/watchfrr_errors.h
index 93103b6551b1d44f9426b3e60dea606ec136f723..9d5abde52b7eb774d1b5ad1e7907568c38abdf1e 100644 (file)
--- a/watchfrr/watchfrr_errors.h
+++ b/watchfrr/watchfrr_errors.h
@@ -25,6 +25,7 @@
 
 enum watchfrr_log_refs {
        EC_WATCHFRR_CONNECTION = WATCHFRR_FERR_START,
+       EC_WATCHFRR_UNEXPECTED_DAEMONS,
 };
 
 extern void watchfrr_error_init(void);

diff --git a/zebra/rt_netlink.c b/zebra/rt_netlink.c
index 040de379e1f5d08457810faf1f04901bd266779f..795ee2703aa700c4d4b4839ed88f15d7fffe4d00 100644 (file)
--- a/zebra/rt_netlink.c
+++ b/zebra/rt_netlink.c
@@ -2200,7 +2200,7 @@ static int netlink_macfdb_update(struct interface *ifp, vlanid_t vid,
        struct interface *br_if;
        struct zebra_if *br_zif;
        char buf[ETHER_ADDR_STRLEN];
-       int vid_present = 0, dst_present = 0;
+       int vid_present = 0;
        char vid_buf[20];
        char dst_buf[30];
        struct zebra_vrf *zvrf = zebra_vrf_lookup_by_id(ifp->vrf_id);
@@ -2234,7 +2234,6 @@ static int netlink_macfdb_update(struct interface *ifp, vlanid_t vid,
        req.ndm.ndm_ifindex = ifp->ifindex;
        dst_alen = 4; // TODO: hardcoded
        addattr_l(&req.n, sizeof(req), NDA_DST, &vtep_ip, dst_alen);
-       dst_present = 1;
        sprintf(dst_buf, " dst %s", inet_ntoa(vtep_ip));
        br_zif = (struct zebra_if *)br_if->info;
        if (IS_ZEBRA_IF_BRIDGE_VLAN_AWARE(br_zif) && vid > 0) {
@@ -2250,8 +2249,7 @@ static int netlink_macfdb_update(struct interface *ifp, vlanid_t vid,
                           nl_family_to_str(req.ndm.ndm_family), ifp->name,
                           ifp->ifindex, vid_present ? vid_buf : "",
                           sticky ? "sticky " : "",
-                          prefix_mac2str(mac, buf, sizeof(buf)),
-                          dst_present ? dst_buf : "");
+                          prefix_mac2str(mac, buf, sizeof(buf)), dst_buf);
 
        return netlink_talk(netlink_talk_filter, &req.n, &zns->netlink_cmd, zns,
                            0);

diff --git a/zebra/zebra_vxlan.c b/zebra/zebra_vxlan.c
index ea0bef37183b841569bd7588714cf9a566678be8..989d63f9b1ff58ab56c02ae6d4abef522f899064 100644 (file)
--- a/zebra/zebra_vxlan.c
+++ b/zebra/zebra_vxlan.c
@@ -4269,10 +4269,8 @@ static void process_remote_macip_add(vni_t vni,
                                        vni,
                                        prefix_mac2str(macaddr,
                                                       buf, sizeof(buf)),
-                                       ipa_len ? " IP " : "",
-                                       ipa_len ?
-                                       ipaddr2str(ipaddr,
-                                                  buf1, sizeof(buf1)) : "",
+                                       " IP ",
+                                       ipaddr2str(ipaddr, buf1, sizeof(buf1)),
                                        n_type,
                                        tmp_seq);
                                return;