[quagga-dev 10033] [PATCH 7/7] isisd: address Coverity warnings

David Lamparter equinox at opensourcerouting.org
Tue Nov 27 02:10:30 GMT 2012


this fixes a bunch of issues found by Coverity SCAN and flagged as
"high" impact -- although, they're all rather minute issues.

* isisd/isis_adjacency.c: one superfluous check, one possible NULL deref
* isisd/isis_circuit.c: two prefix memory leaks
* isisd/isis_csm.c: one missing break
* isisd/isis_lsp.c: one possible NULL deref
* isisd/isis_pfpacket.c: one error-case fd leak
* isisd/isis_route.c: one isis_route_info memory leak
* isisd/isis_routemap.c: one... fnord
* isisd/isis_tlv.c: one infinite loop

Reported-by: Coverity SCAN
Signed-off-by: David Lamparter <equinox at opensourcerouting.org>
---
 isisd/isis_adjacency.c |    4 ++--
 isisd/isis_circuit.c   |    4 ++++
 isisd/isis_csm.c       |    1 +
 isisd/isis_lsp.c       |    4 +++-
 isisd/isis_pfpacket.c  |    1 +
 isisd/isis_route.c     |    6 +++++-
 isisd/isis_routemap.c  |    3 +--
 isisd/isis_spf.c       |    2 +-
 isisd/isis_tlv.c       |    1 +
 9 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/isisd/isis_adjacency.c b/isisd/isis_adjacency.c
index 468b0a6..414885f 100644
--- a/isisd/isis_adjacency.c
+++ b/isisd/isis_adjacency.c
@@ -207,7 +207,7 @@ isis_adj_state_change (struct isis_adjacency *adj, enum isis_adj_state new_state
 
       zlog_info ("%%ADJCHANGE: Adjacency to %s (%s) changed from %s to %s, %s",
 		 adj_name,
-		 adj->circuit ? adj->circuit->interface->name : "no circuit",
+		 adj->circuit->interface->name,
 		 adj_state2string (old_state),
 		 adj_state2string (new_state),
 		 reason ? reason : "unspecified");
@@ -427,7 +427,7 @@ isis_adj_print_vty (struct isis_adjacency *adj, struct vty *vty, char detail)
       vty_out (vty, ", Speaks: %s", nlpid2string (&adj->nlpids));
       vty_out (vty, "%s", VTY_NEWLINE);
       vty_out (vty, "    SNPA: %s", snpa_print (adj->snpa));
-      if (adj->circuit->circ_type == CIRCUIT_T_BROADCAST)
+      if (adj->circuit && (adj->circuit->circ_type == CIRCUIT_T_BROADCAST))
       {
         dyn = dynhn_find_by_id (adj->lanid);
         if (dyn)
diff --git a/isisd/isis_circuit.c b/isisd/isis_circuit.c
index c09c3a2..3d9fb47 100644
--- a/isisd/isis_circuit.c
+++ b/isisd/isis_circuit.c
@@ -327,6 +327,8 @@ isis_circuit_del_addr (struct isis_circuit *circuit,
 	  zlog_warn ("Nonexitant ip address %s removal attempt from \
                       circuit %d", buf, circuit->circuit_id);
 	}
+
+      prefix_ipv4_free (ipv4);
     }
 #ifdef HAVE_IPV6
   if (connected->address->family == AF_INET6)
@@ -370,6 +372,8 @@ isis_circuit_del_addr (struct isis_circuit *circuit,
 	}
       else if (circuit->area)
 	  lsp_regenerate_schedule (circuit->area, circuit->is_type, 0);
+
+      prefix_ipv6_free (ipv6);
     }
 #endif /* HAVE_IPV6 */
   return;
diff --git a/isisd/isis_csm.c b/isisd/isis_csm.c
index 5d74a71..a58ba49 100644
--- a/isisd/isis_csm.c
+++ b/isisd/isis_csm.c
@@ -101,6 +101,7 @@ isis_csm_state_change (int event, struct isis_circuit *circuit, void *arg)
 	  break;
 	case ISIS_DISABLE:
 	  zlog_warn ("circuit already disabled");
+	  break;
 	case IF_DOWN_FROM_Z:
 	  zlog_warn ("circuit already disconnected");
 	  break;
diff --git a/isisd/isis_lsp.c b/isisd/isis_lsp.c
index 082e9dc..f2a7923 100644
--- a/isisd/isis_lsp.c
+++ b/isisd/isis_lsp.c
@@ -1631,7 +1631,7 @@ lsp_generate (struct isis_area *area, int level)
 static int
 lsp_regenerate (struct isis_area *area, int level)
 {
-  dict_t *lspdb = area->lspdb[level - 1];
+  dict_t *lspdb;
   struct isis_lsp *lsp, *frag;
   struct listnode *node;
   u_char lspid[ISIS_SYS_ID_LEN + 2];
@@ -1640,6 +1640,8 @@ lsp_regenerate (struct isis_area *area, int level)
   if ((area == NULL) || (area->is_type & level) != level)
     return ISIS_ERROR;
 
+  lspdb = area->lspdb[level - 1];
+
   memset (lspid, 0, ISIS_SYS_ID_LEN + 2);
   memcpy (lspid, isis->sysid, ISIS_SYS_ID_LEN);
 
diff --git a/isisd/isis_pfpacket.c b/isisd/isis_pfpacket.c
index e5589ae..4bc8717 100644
--- a/isisd/isis_pfpacket.c
+++ b/isisd/isis_pfpacket.c
@@ -129,6 +129,7 @@ open_packet_socket (struct isis_circuit *circuit)
 	    sizeof (struct sockaddr_ll)) < 0)
     {
       zlog_warn ("open_packet_socket(): bind() failed: %s", safe_strerror (errno));
+      close (fd);
       return ISIS_WARNING;
     }
 
diff --git a/isisd/isis_route.c b/isisd/isis_route.c
index c99d958..8ab470c 100644
--- a/isisd/isis_route.c
+++ b/isisd/isis_route.c
@@ -438,7 +438,11 @@ isis_route_create (struct prefix *prefix, u_int32_t cost, u_int32_t depth,
     route_node = route_node_get (area->route_table6[level - 1], prefix);
 #endif /* HAVE_IPV6 */
   else
-    return NULL;
+    {
+      isis_route_info_delete (rinfo_new);
+      return NULL;
+    }
+
   rinfo_old = route_node->info;
   if (!rinfo_old)
     {
diff --git a/isisd/isis_routemap.c b/isisd/isis_routemap.c
index 558d391..84a14ac 100644
--- a/isisd/isis_routemap.c
+++ b/isisd/isis_routemap.c
@@ -69,8 +69,7 @@ isis_route_map_upd (const char *name)
   for (i = 0; i <= ZEBRA_ROUTE_MAX; i++)
     {
       if (isis->rmap[i].name)
-	isis->rmap[i].map = isis->rmap[i].map =
-	  route_map_lookup_by_name (isis->rmap[i].name);
+	isis->rmap[i].map = route_map_lookup_by_name (isis->rmap[i].name);
       else
 	isis->rmap[i].map = NULL;
     }
diff --git a/isisd/isis_spf.c b/isisd/isis_spf.c
index 1cb5113..e0a8d01 100644
--- a/isisd/isis_spf.c
+++ b/isisd/isis_spf.c
@@ -1492,7 +1492,7 @@ isis_print_paths (struct vty *vty, struct list *paths, u_char *root_sysid)
   struct listnode *anode;
   struct isis_vertex *vertex;
   struct isis_adjacency *adj;
-  u_char buff[255];
+  u_char buff[BUFSIZ];
 
   vty_out (vty, "Vertex               Type         Metric "
                 "Next-Hop             Interface Parent%s", VTY_NEWLINE);
diff --git a/isisd/isis_tlv.c b/isisd/isis_tlv.c
index ed3e0e8..2c2415a 100644
--- a/isisd/isis_tlv.c
+++ b/isisd/isis_tlv.c
@@ -712,6 +712,7 @@ parse_tlvs (char *areatag, u_char * stream, int size, u_int32_t * expected,
             Neighbor Extended Local Circuit ID (four octets, if Neighbor
               System ID is present) */
 		  pnt += length;
+		  value_len += length;
 		}
 	    }
 	  else
-- 
1.7.8.6




More information about the Quagga-dev mailing list