From e8aca32f312cbef1cb0b0dd9e87b7e59dc9fa251 Mon Sep 17 00:00:00 2001 From: David Lamparter Date: Tue, 27 Nov 2012 01:10:30 +0000 Subject: isisd: address Coverity warnings this fixes a bunch of issues found by Coverity SCAN and flagged as "high" impact -- although, they're all rather minute issues. * isisd/isis_adjacency.c: one superfluous check, one possible NULL deref * isisd/isis_circuit.c: two prefix memory leaks * isisd/isis_csm.c: one missing break * isisd/isis_lsp.c: one possible NULL deref * isisd/isis_pfpacket.c: one error-case fd leak * isisd/isis_route.c: one isis_route_info memory leak * isisd/isis_routemap.c: one... fnord * isisd/isis_tlv.c: one infinite loop Reported-by: Coverity SCAN Signed-off-by: David Lamparter --- isisd/isis_adjacency.c | 4 ++-- isisd/isis_circuit.c | 4 ++++ isisd/isis_csm.c | 1 + isisd/isis_lsp.c | 4 +++- isisd/isis_pfpacket.c | 1 + isisd/isis_route.c | 6 +++++- isisd/isis_routemap.c | 3 +-- isisd/isis_spf.c | 2 +- isisd/isis_tlv.c | 1 + 9 files changed, 19 insertions(+), 7 deletions(-) (limited to 'isisd') diff --git a/isisd/isis_adjacency.c b/isisd/isis_adjacency.c index 468b0a69..414885fc 100644 --- a/isisd/isis_adjacency.c +++ b/isisd/isis_adjacency.c @@ -207,7 +207,7 @@ isis_adj_state_change (struct isis_adjacency *adj, enum isis_adj_state new_state zlog_info ("%%ADJCHANGE: Adjacency to %s (%s) changed from %s to %s, %s", adj_name, - adj->circuit ? adj->circuit->interface->name : "no circuit", + adj->circuit->interface->name, adj_state2string (old_state), adj_state2string (new_state), reason ? reason : "unspecified"); @@ -427,7 +427,7 @@ isis_adj_print_vty (struct isis_adjacency *adj, struct vty *vty, char detail) vty_out (vty, ", Speaks: %s", nlpid2string (&adj->nlpids)); vty_out (vty, "%s", VTY_NEWLINE); vty_out (vty, " SNPA: %s", snpa_print (adj->snpa)); - if (adj->circuit->circ_type == CIRCUIT_T_BROADCAST) + if (adj->circuit && (adj->circuit->circ_type == CIRCUIT_T_BROADCAST)) { dyn = dynhn_find_by_id (adj->lanid); if (dyn) diff --git a/isisd/isis_circuit.c b/isisd/isis_circuit.c index c09c3a28..3d9fb473 100644 --- a/isisd/isis_circuit.c +++ b/isisd/isis_circuit.c @@ -327,6 +327,8 @@ isis_circuit_del_addr (struct isis_circuit *circuit, zlog_warn ("Nonexitant ip address %s removal attempt from \ circuit %d", buf, circuit->circuit_id); } + + prefix_ipv4_free (ipv4); } #ifdef HAVE_IPV6 if (connected->address->family == AF_INET6) @@ -370,6 +372,8 @@ isis_circuit_del_addr (struct isis_circuit *circuit, } else if (circuit->area) lsp_regenerate_schedule (circuit->area, circuit->is_type, 0); + + prefix_ipv6_free (ipv6); } #endif /* HAVE_IPV6 */ return; diff --git a/isisd/isis_csm.c b/isisd/isis_csm.c index 5d74a71b..a58ba490 100644 --- a/isisd/isis_csm.c +++ b/isisd/isis_csm.c @@ -101,6 +101,7 @@ isis_csm_state_change (int event, struct isis_circuit *circuit, void *arg) break; case ISIS_DISABLE: zlog_warn ("circuit already disabled"); + break; case IF_DOWN_FROM_Z: zlog_warn ("circuit already disconnected"); break; diff --git a/isisd/isis_lsp.c b/isisd/isis_lsp.c index 082e9dcd..f2a7923d 100644 --- a/isisd/isis_lsp.c +++ b/isisd/isis_lsp.c @@ -1631,7 +1631,7 @@ lsp_generate (struct isis_area *area, int level) static int lsp_regenerate (struct isis_area *area, int level) { - dict_t *lspdb = area->lspdb[level - 1]; + dict_t *lspdb; struct isis_lsp *lsp, *frag; struct listnode *node; u_char lspid[ISIS_SYS_ID_LEN + 2]; @@ -1640,6 +1640,8 @@ lsp_regenerate (struct isis_area *area, int level) if ((area == NULL) || (area->is_type & level) != level) return ISIS_ERROR; + lspdb = area->lspdb[level - 1]; + memset (lspid, 0, ISIS_SYS_ID_LEN + 2); memcpy (lspid, isis->sysid, ISIS_SYS_ID_LEN); diff --git a/isisd/isis_pfpacket.c b/isisd/isis_pfpacket.c index e5589aea..4bc8717a 100644 --- a/isisd/isis_pfpacket.c +++ b/isisd/isis_pfpacket.c @@ -129,6 +129,7 @@ open_packet_socket (struct isis_circuit *circuit) sizeof (struct sockaddr_ll)) < 0) { zlog_warn ("open_packet_socket(): bind() failed: %s", safe_strerror (errno)); + close (fd); return ISIS_WARNING; } diff --git a/isisd/isis_route.c b/isisd/isis_route.c index c99d9583..8ab470ce 100644 --- a/isisd/isis_route.c +++ b/isisd/isis_route.c @@ -438,7 +438,11 @@ isis_route_create (struct prefix *prefix, u_int32_t cost, u_int32_t depth, route_node = route_node_get (area->route_table6[level - 1], prefix); #endif /* HAVE_IPV6 */ else - return NULL; + { + isis_route_info_delete (rinfo_new); + return NULL; + } + rinfo_old = route_node->info; if (!rinfo_old) { diff --git a/isisd/isis_routemap.c b/isisd/isis_routemap.c index 558d3910..84a14ac5 100644 --- a/isisd/isis_routemap.c +++ b/isisd/isis_routemap.c @@ -69,8 +69,7 @@ isis_route_map_upd (const char *name) for (i = 0; i <= ZEBRA_ROUTE_MAX; i++) { if (isis->rmap[i].name) - isis->rmap[i].map = isis->rmap[i].map = - route_map_lookup_by_name (isis->rmap[i].name); + isis->rmap[i].map = route_map_lookup_by_name (isis->rmap[i].name); else isis->rmap[i].map = NULL; } diff --git a/isisd/isis_spf.c b/isisd/isis_spf.c index 1cb51138..e0a8d01c 100644 --- a/isisd/isis_spf.c +++ b/isisd/isis_spf.c @@ -1492,7 +1492,7 @@ isis_print_paths (struct vty *vty, struct list *paths, u_char *root_sysid) struct listnode *anode; struct isis_vertex *vertex; struct isis_adjacency *adj; - u_char buff[255]; + u_char buff[BUFSIZ]; vty_out (vty, "Vertex Type Metric " "Next-Hop Interface Parent%s", VTY_NEWLINE); diff --git a/isisd/isis_tlv.c b/isisd/isis_tlv.c index ed3e0e81..2c2415ae 100644 --- a/isisd/isis_tlv.c +++ b/isisd/isis_tlv.c @@ -712,6 +712,7 @@ parse_tlvs (char *areatag, u_char * stream, int size, u_int32_t * expected, Neighbor Extended Local Circuit ID (four octets, if Neighbor System ID is present) */ pnt += length; + value_len += length; } } else -- cgit v1.2.1