From 4d7aae38ab5f88421dea48a6f6541f86ce4cd954 Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Thu, 17 Feb 2022 14:07:57 -0500 Subject: [PATCH 1/4] lib: Fix possible usage of uninited data assert when if_lookup_address is passed with a family that is not AF_INET or AF_INET6 as that we are dead in the water and this is a dev escape Signed-off-by: Donald Sharp --- lib/if.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/if.c b/lib/if.c index a2918b6d74..83fa85ecc1 100644 --- a/lib/if.c +++ b/lib/if.c @@ -490,7 +490,8 @@ struct connected *if_lookup_address(const void *matchaddr, int family, addr.family = AF_INET6; addr.u.prefix6 = *((struct in6_addr *)matchaddr); addr.prefixlen = IPV6_MAX_BITLEN; - } + } else + assert(!"Attempted lookup of family not supported"); match = NULL; From 46da676a62bbf87dc35d46c86c073869b41fae3d Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Fri, 18 Feb 2022 10:45:46 -0500 Subject: [PATCH 2/4] bfdd: Fix overflow possibility with time statements If time ( a uint64_t ) is large enough doing division and subtraction can still lead to situations where the resulting number is greater than a uint32_t. Just use uint32_t as an intermediate storage spot. This is unlikely to every occur in a time frame I could possibly care about but makes Coverity happy. Signed-off-by: Donald Sharp --- bfdd/bfd.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/bfdd/bfd.c b/bfdd/bfd.c index fbe0436b50..588c9fc00f 100644 --- a/bfdd/bfd.c +++ b/bfdd/bfd.c @@ -1424,7 +1424,7 @@ int strtosa(const char *addr, struct sockaddr_any *sa) void integer2timestr(uint64_t time, char *buf, size_t buflen) { - unsigned int year, month, day, hour, minute, second; + uint64_t year, month, day, hour, minute, second; int rv; #define MINUTES (60) @@ -1436,7 +1436,7 @@ void integer2timestr(uint64_t time, char *buf, size_t buflen) year = time / YEARS; time -= year * YEARS; - rv = snprintf(buf, buflen, "%u year(s), ", year); + rv = snprintfrr(buf, buflen, "%" PRIu64 " year(s), ", year); buf += rv; buflen -= rv; } @@ -1444,7 +1444,7 @@ void integer2timestr(uint64_t time, char *buf, size_t buflen) month = time / MONTHS; time -= month * MONTHS; - rv = snprintf(buf, buflen, "%u month(s), ", month); + rv = snprintfrr(buf, buflen, "%" PRIu64 " month(s), ", month); buf += rv; buflen -= rv; } @@ -1452,7 +1452,7 @@ void integer2timestr(uint64_t time, char *buf, size_t buflen) day = time / DAYS; time -= day * DAYS; - rv = snprintf(buf, buflen, "%u day(s), ", day); + rv = snprintfrr(buf, buflen, "%" PRIu64 " day(s), ", day); buf += rv; buflen -= rv; } @@ -1460,7 +1460,7 @@ void integer2timestr(uint64_t time, char *buf, size_t buflen) hour = time / HOURS; time -= hour * HOURS; - rv = snprintf(buf, buflen, "%u hour(s), ", hour); + rv = snprintfrr(buf, buflen, "%" PRIu64 " hour(s), ", hour); buf += rv; buflen -= rv; } @@ -1468,12 +1468,12 @@ void integer2timestr(uint64_t time, char *buf, size_t buflen) minute = time / MINUTES; time -= minute * MINUTES; - rv = snprintf(buf, buflen, "%u minute(s), ", minute); + rv = snprintfrr(buf, buflen, "%" PRIu64 " minute(s), ", minute); buf += rv; buflen -= rv; } second = time % MINUTES; - snprintf(buf, buflen, "%u second(s)", second); + snprintfrr(buf, buflen, "%" PRIu64 " second(s)", second); } const char *bs_to_string(const struct bfd_session *bs) From c960cb28f72bce27dbf0aad75e1a41b85cf1a614 Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Fri, 18 Feb 2022 10:55:16 -0500 Subject: [PATCH 3/4] eigrpd: Up convert to uint64_t before doing math Intentionally up convert uint8_t and uint32_t values to a uint64_t before doing math to make Coverity happy. Signed-off-by: Donald Sharp --- eigrpd/eigrp_metric.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/eigrpd/eigrp_metric.c b/eigrpd/eigrp_metric.c index ea62f9d1be..7ccafd4fa8 100644 --- a/eigrpd/eigrp_metric.c +++ b/eigrpd/eigrp_metric.c @@ -86,19 +86,24 @@ eigrp_metric_t eigrp_calculate_metrics(struct eigrp *eigrp, */ if (eigrp->k_values[0]) - composite += (eigrp->k_values[0] * metric.bandwidth); + composite += ((eigrp_metric_t)eigrp->k_values[0] * + (eigrp_metric_t)metric.bandwidth); if (eigrp->k_values[1]) - composite += ((eigrp->k_values[1] * metric.bandwidth) - / (256 - metric.load)); + composite += (((eigrp_metric_t)eigrp->k_values[1] * + (eigrp_metric_t)metric.bandwidth) / + (256 - metric.load)); if (eigrp->k_values[2]) - composite += (eigrp->k_values[2] * metric.delay); + composite += ((eigrp_metric_t)eigrp->k_values[2] * + (eigrp_metric_t)metric.delay); if (eigrp->k_values[3] && !eigrp->k_values[4]) - composite *= eigrp->k_values[3]; + composite *= (eigrp_metric_t)eigrp->k_values[3]; if (!eigrp->k_values[3] && eigrp->k_values[4]) - composite *= (eigrp->k_values[4] / metric.reliability); + composite *= ((eigrp_metric_t)eigrp->k_values[4] / + (eigrp_metric_t)metric.reliability); if (eigrp->k_values[3] && eigrp->k_values[4]) - composite *= ((eigrp->k_values[4] / metric.reliability) - + eigrp->k_values[3]); + composite *= (((eigrp_metric_t)eigrp->k_values[4] / + (eigrp_metric_t)metric.reliability) + + (eigrp_metric_t)eigrp->k_values[3]); composite = (composite <= EIGRP_METRIC_MAX) ? composite : EIGRP_METRIC_MAX; From bd6beab0a6722f4ea05b528010ee5064adc66e53 Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Tue, 22 Feb 2022 08:21:32 -0500 Subject: [PATCH 4/4] pceplib: Fix uninited data in test vehicle Coverity SA found this. Fix Signed-off-by: Donald Sharp --- pceplib/test/pcep_msg_messages_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pceplib/test/pcep_msg_messages_test.c b/pceplib/test/pcep_msg_messages_test.c index 3fec24a225..e3a74f92d1 100644 --- a/pceplib/test/pcep_msg_messages_test.c +++ b/pceplib/test/pcep_msg_messages_test.c @@ -143,7 +143,7 @@ void test_pcep_msg_create_request() /* Test IPv6 */ rp_obj = pcep_obj_create_rp(0, false, false, false, false, 10, NULL); - struct in6_addr src_addr_ipv6, dst_addr_ipv6; + struct in6_addr src_addr_ipv6 = {}, dst_addr_ipv6 = {}; struct pcep_object_endpoints_ipv6 *ipv6_obj = pcep_obj_create_endpoint_ipv6(&src_addr_ipv6, &dst_addr_ipv6); message = pcep_msg_create_request_ipv6(rp_obj, ipv6_obj, NULL);