From 500fe387a0e4ff474e3f85a317ac73f733dccf01 Mon Sep 17 00:00:00 2001 From: Rafael Zalamena Date: Wed, 6 Jul 2022 07:49:56 -0300 Subject: [PATCH 1/2] bfdd: fix coverity scan resource leak Close the descriptor if something fails and we don't return it. Signed-off-by: Rafael Zalamena --- bfdd/bfd_packet.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bfdd/bfd_packet.c b/bfdd/bfd_packet.c index 6b0afef65f..23778c82d5 100644 --- a/bfdd/bfd_packet.c +++ b/bfdd/bfd_packet.c @@ -1569,6 +1569,7 @@ int bp_echo_socket(const struct vrf *vrf) -1) { zlog_warn("%s: setsockopt(SO_ATTACH_FILTER): %s", __func__, strerror(errno)); + close(s); return -1; } @@ -1579,6 +1580,7 @@ int bp_echo_socket(const struct vrf *vrf) if (bind(s, (struct sockaddr *)&sll, sizeof(sll)) < 0) { zlog_warn("Failed to bind echo socket: %s", safe_strerror(errno)); + close(s); return -1; } From f14233edbded0f2acccdf491b2173debd5c836e6 Mon Sep 17 00:00:00 2001 From: Rafael Zalamena Date: Wed, 6 Jul 2022 07:52:17 -0300 Subject: [PATCH 2/2] bfdd: fix coverity memory overrun Use the destination for the operator `sizeof()` instead of the source which could (and is) be bigger than destination. We are not truncating any data here it just happens that the zebra interface data structure hardware address can be bigger due to different types of interface. Signed-off-by: Rafael Zalamena --- bfdd/bfd_packet.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bfdd/bfd_packet.c b/bfdd/bfd_packet.c index 23778c82d5..d34d642762 100644 --- a/bfdd/bfd_packet.c +++ b/bfdd/bfd_packet.c @@ -219,8 +219,8 @@ void ptm_bfd_echo_fp_snd(struct bfd_session *bfd) /* add eth hdr */ eth = (struct ethhdr *)(sendbuff); - memcpy(eth->h_source, bfd->ifp->hw_addr, sizeof(bfd->ifp->hw_addr)); - memcpy(eth->h_dest, bfd->peer_hw_addr, sizeof(bfd->peer_hw_addr)); + memcpy(eth->h_source, bfd->ifp->hw_addr, sizeof(eth->h_source)); + memcpy(eth->h_dest, bfd->peer_hw_addr, sizeof(eth->h_dest)); total_len += sizeof(struct ethhdr);