From 84aaf8d32a8f321d6b7ec3fe2d67376368685f53 Mon Sep 17 00:00:00 2001 From: Louis Scalbert Date: Wed, 19 Apr 2023 14:49:58 +0200 Subject: [PATCH 1/5] isisd: fix overrun in isis_flex_algo_constraint_drop() Coverity scanner reported the overrun issue #1560312 because reach->id length is 7 bytes and we are trying to copy 8 bytes (ie. ISIS_SYS_ID_LEN + 2). Fix the issue by using the %pPN to display directly the 7 bytes system-id. Fixes: 860b75b40e ("isisd: calculate flex-algo constraint spf") Signed-off-by: Louis Scalbert --- isisd/isis_flex_algo.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/isisd/isis_flex_algo.c b/isisd/isis_flex_algo.c index 742a862fcd..0efc519eab 100644 --- a/isisd/isis_flex_algo.c +++ b/isisd/isis_flex_algo.c @@ -243,8 +243,6 @@ bool isis_flex_algo_constraint_drop(struct isis_spftree *spftree, { bool ret; struct isis_ext_subtlvs *subtlvs = reach->subtlvs; - uint8_t lspid_orig[ISIS_SYS_ID_LEN + 2]; - uint8_t lspid_neigh[ISIS_SYS_ID_LEN + 2]; struct isis_router_cap_fad *fad; struct isis_asla_subtlvs *asla; struct listnode *node; @@ -286,15 +284,11 @@ bool isis_flex_algo_constraint_drop(struct isis_spftree *spftree, if (link_admin_group && link_ext_admin_group) { link_ext_admin_group_bitmap0 = admin_group_get_offset(link_ext_admin_group, 0); - if (*link_admin_group != link_ext_admin_group_bitmap0) { - memcpy(lspid_orig, lsp->hdr.lsp_id, - ISIS_SYS_ID_LEN + 2); - memcpy(lspid_neigh, reach->id, ISIS_SYS_ID_LEN + 2); + if (*link_admin_group != link_ext_admin_group_bitmap0) zlog_warn( - "ISIS-SPF: LSP from %pLS neighbor %pLS. Admin-group 0x%08x differs from ext admin-group 0x%08x.", - lspid_orig, lspid_neigh, *link_admin_group, + "ISIS-SPF: LSP from %pPN neighbor %pPN. Admin-group 0x%08x differs from ext admin-group 0x%08x.", + lsp->hdr.lsp_id, reach->id, *link_admin_group, link_ext_admin_group_bitmap0); - } } /* From eb2010de2af4a9914b0a1218f643424148ac5a4a Mon Sep 17 00:00:00 2001 From: Louis Scalbert Date: Wed, 19 Apr 2023 14:59:57 +0200 Subject: [PATCH 2/5] isisd: fix potential null pointer in isis_affinity_map_check_use() Reported by coverity scanner #1560313 Do not consider the affinity map is in use if the main isis struct is not yet created. Fixes: 9a65cf35da ("isisd: add affinity-map configuration hooks") Signed-off-by: Louis Scalbert --- isisd/isis_affinitymap.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/isisd/isis_affinitymap.c b/isisd/isis_affinitymap.c index e681e820be..3160427e4b 100644 --- a/isisd/isis_affinitymap.c +++ b/isisd/isis_affinitymap.c @@ -20,6 +20,9 @@ static bool isis_affinity_map_check_use(const char *affmap_name) struct affinity_map *map; uint16_t pos; + if (!isis) + return false; + map = affinity_map_get(affmap_name); pos = map->bit_position; From eb74bbd5b3d85eb82bead9a2a0d7d713dbb0ff9d Mon Sep 17 00:00:00 2001 From: Louis Scalbert Date: Wed, 19 Apr 2023 15:07:46 +0200 Subject: [PATCH 3/5] isisd: fix wrong pointer test in area_resign_level() Fix a wrong pointer test issue reported by coverity scanner #1560314 Fixes: 860b75b40e ("isisd: calculate flex-algo constraint spf") Signed-off-by: Louis Scalbert --- isisd/isisd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/isisd/isisd.c b/isisd/isisd.c index f65d21405b..4b01a18ecd 100644 --- a/isisd/isisd.c +++ b/isisd/isisd.c @@ -3144,7 +3144,7 @@ static void area_resign_level(struct isis_area *area, int level) for (ALL_LIST_ELEMENTS_RO(area->flex_algos->flex_algos, node, fa)) { data = fa->data; - if (data->spftree[level - 1]) { + if (data->spftree[tree][level - 1]) { isis_spftree_del( data->spftree[tree][level - 1]); data->spftree[tree][level - 1] = NULL; From 60f9275a8cbf5a21047459e92913763ed99eb810 Mon Sep 17 00:00:00 2001 From: Louis Scalbert Date: Wed, 19 Apr 2023 15:11:36 +0200 Subject: [PATCH 4/5] isisd: fix potential null pointer in isis_affinity_map_update() Reported by coverity scanner #1560315 Do not attempt to update the affinity map if the main isis struct is not yet created. Fixes: 9a65cf35da ("isisd: add affinity-map configuration hooks") Signed-off-by: Louis Scalbert --- isisd/isis_affinitymap.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/isisd/isis_affinitymap.c b/isisd/isis_affinitymap.c index 3160427e4b..41bad0a7d9 100644 --- a/isisd/isis_affinitymap.c +++ b/isisd/isis_affinitymap.c @@ -49,6 +49,9 @@ static void isis_affinity_map_update(const char *affmap_name, uint16_t old_pos, struct flex_algo *fa; bool changed; + if (!isis) + return; + for (ALL_LIST_ELEMENTS_RO(isis->area_list, area_node, area)) { changed = false; for (ALL_LIST_ELEMENTS_RO(area->flex_algos->flex_algos, fa_node, From 3ae589b8a51057523a3c8d2466aad23b40d4d4b5 Mon Sep 17 00:00:00 2001 From: Louis Scalbert Date: Tue, 18 Apr 2023 17:35:41 +0200 Subject: [PATCH 5/5] isisd: fix add an algorithm argument to show isis route "show isis route algorithm ALGO json" display some text output before printing the JSON one. Do not print the text output in JSON mode. Fixes: 0833c25180 ("isisd: add an algorithm argument to show isis route") Signed-off-by: Louis Scalbert --- isisd/isis_spf.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/isisd/isis_spf.c b/isisd/isis_spf.c index 732853796a..466e96b3a2 100644 --- a/isisd/isis_spf.c +++ b/isisd/isis_spf.c @@ -2884,7 +2884,8 @@ static void show_isis_route_common(struct vty *vty, int levels, spftree = area->spftree[SPFTREE_IPV4] [level - 1]; - isis_print_spftree(vty, spftree); + if (!json) + isis_print_spftree(vty, spftree); isis_print_routes(vty, spftree, json ? &json_val : NULL, @@ -2905,7 +2906,8 @@ static void show_isis_route_common(struct vty *vty, int levels, spftree = area->spftree[SPFTREE_IPV6] [level - 1]; - isis_print_spftree(vty, spftree); + if (!json) + isis_print_spftree(vty, spftree); isis_print_routes(vty, spftree, json ? &json_val : NULL, @@ -2927,7 +2929,8 @@ static void show_isis_route_common(struct vty *vty, int levels, spftree = area->spftree[SPFTREE_DSTSRC] [level - 1]; - isis_print_spftree(vty, spftree); + if (!json) + isis_print_spftree(vty, spftree); isis_print_routes(vty, spftree, json ? &json_val : NULL, prefix_sid, backup);