From f13530f23a9ba73027f8f40b78eb81396afaa092 Mon Sep 17 00:00:00 2001 From: Sai Gomathi N Date: Thu, 27 Oct 2022 01:52:31 -0700 Subject: [PATCH 1/2] pimd: Unchecked return value In tib_sg_oil_setup: Value returned from a function is not checked for errors before being used. If the function returns an error value, the error value may be mistaken for a normal value. Here, only the nexthop value is being used. So casted the return type to void. Coverity CID-1519816 Signed-off-by: Sai Gomathi N --- pimd/pim_tib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pimd/pim_tib.c b/pimd/pim_tib.c index 8f5de3e938..3455e30064 100644 --- a/pimd/pim_tib.c +++ b/pimd/pim_tib.c @@ -49,7 +49,8 @@ tib_sg_oil_setup(struct pim_instance *pim, pim_sgaddr sg, struct interface *oif) if (up) { memcpy(&nexthop, &up->rpf.source_nexthop, sizeof(struct pim_nexthop)); - pim_ecmp_nexthop_lookup(pim, &nexthop, vif_source, &grp, 0); + (void)pim_ecmp_nexthop_lookup(pim, &nexthop, vif_source, &grp, + 0); if (nexthop.interface) input_iface_vif_index = pim_if_find_vifindex_by_ifindex( pim, nexthop.interface->ifindex); From b6467a4274df734c5a5d1bf4cf9ab5c6d0b8a475 Mon Sep 17 00:00:00 2001 From: Sai Gomathi N Date: Thu, 27 Oct 2022 02:36:00 -0700 Subject: [PATCH 2/2] pimd: Dereference before null check In pim_ecmp_nexthop_search: All paths that lead to this null pointer comparison already dereference the pointer earlier There may be a null pointer dereference, or else the comparison against null is unnecessary. Coverity CID-1519749 Signed-off-by: Sai Gomathi N --- pimd/pim_nht.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pimd/pim_nht.c b/pimd/pim_nht.c index 9feb064e96..f9a9aeb1b0 100644 --- a/pimd/pim_nht.c +++ b/pimd/pim_nht.c @@ -495,12 +495,13 @@ static int pim_ecmp_nexthop_search(struct pim_instance *pim, uint32_t hash_val = 0, mod_val = 0; uint8_t nh_iter = 0, found = 0; uint32_t i, num_nbrs = 0; - pim_addr nh_addr = nexthop->mrib_nexthop_addr; - pim_addr grp_addr = pim_addr_from_prefix(grp); if (!pnc || !pnc->nexthop_num || !nexthop) return 0; + pim_addr nh_addr = nexthop->mrib_nexthop_addr; + pim_addr grp_addr = pim_addr_from_prefix(grp); + memset(&nbrs, 0, sizeof(nbrs)); memset(&ifps, 0, sizeof(ifps));