mirror_frr

proxmox-mirrors/mirror_frr

Fork 0

mirror of https://git.proxmox.com/git/mirror_frr synced 2025-10-27 23:32:47 +00:00

Commit Graph

Author	SHA1	Message	Date
Abhinay Ramesh	42bfee18c2	ospf6d: fix coverity issues. Fixed below coverity issues ________________________________________________________________________________________________________ *** CID 1511366: (TAINTED_SCALAR) /ospf6d/ospf6_message.c: 2631 in ospf6_make_lsupdate_list() 2625 + OSPF6_HEADER_SIZE) 2626 > ospf6_packet_max(on->ospf6_if)) { 2627 ospf6_fill_header(on->ospf6_if, (op)->s, 2628 length + OSPF6_HEADER_SIZE); 2629 (op)->length = length + OSPF6_HEADER_SIZE; 2630 ospf6_fill_lsupdate_header((op)->s, lsa_cnt); >>> CID 1511366: (TAINTED_SCALAR) >>> Passing tainted variable "(op)->length" to a tainted sink. 2631 ospf6_send_lsupdate(on, NULL, op); 2632 2633 /* refresh packet / 2634 op = ospf6_packet_new(on->ospf6_if->ifmtu); 2635 length = OSPF6_LS_UPD_MIN_SIZE; 2636 lsa_cnt = 0; /ospf6d/ospf6_message.c: 2631 in ospf6_make_lsupdate_list() 2625 + OSPF6_HEADER_SIZE) 2626 > ospf6_packet_max(on->ospf6_if)) { 2627 ospf6_fill_header(on->ospf6_if, (op)->s, 2628 length + OSPF6_HEADER_SIZE); 2629 (op)->length = length + OSPF6_HEADER_SIZE; 2630 ospf6_fill_lsupdate_header((op)->s, lsa_cnt); >>> CID 1511366: (TAINTED_SCALAR) >>> Passing tainted variable "(op)->length" to a tainted sink. 2631 ospf6_send_lsupdate(on, NULL, op); ________________________________________________________________________________________________________ ** CID 1511365: (TAINTED_SCALAR) /ospf6d/ospf6_message.c: 2674 in ospf6_make_ls_retrans_list() 2669 if (on->ospf6_if->state == OSPF6_INTERFACE_POINTTOPOINT) 2670 (op)->dst = allspfrouters6; 2671 else 2672 (op)->dst = on->linklocal_addr; 2673 >>> CID 1511365: (TAINTED_SCALAR) >>> Passing tainted variable "(op)->length" to a tainted sink. 2674 ospf6_fill_hdr_checksum(on->ospf6_if, op); 2675 ospf6_packet_add(on->ospf6_if, op); 2676 OSPF6_MESSAGE_WRITE_ON(on->ospf6_if); /ospf6d/ospf6_message.c: 2674 in ospf6_make_ls_retrans_list() 2669 if (on->ospf6_if->state == OSPF6_INTERFACE_POINTTOPOINT) 2670 (op)->dst = allspfrouters6; 2671 else 2672 (op)->dst = on->linklocal_addr; 2673 >>> CID 1511365: (TAINTED_SCALAR) >>> Passing tainted variable "(op)->length" to a tainted sink. 2674 ospf6_fill_hdr_checksum(on->ospf6_if, op); 2675 ospf6_packet_add(on->ospf6_if, op); 2676 OSPF6_MESSAGE_WRITE_ON(on->ospf6_if); /ospf6d/ospf6_message.c: 2674 in ospf6_make_ls_retrans_list() 2668 ospf6_fill_lsupdate_header((op)->s, lsa_cnt); 2669 if (on->ospf6_if->state == OSPF6_INTERFACE_POINTTOPOINT) 2670 (op)->dst = allspfrouters6; 2671 else 2672 (op)->dst = on->linklocal_addr; 2673 >>> CID 1511365: (TAINTED_SCALAR) >>> Passing tainted variable "(op)->length" to a tainted sink. 2674 ospf6_fill_hdr_checksum(on->ospf6_if, op); 2675 ospf6_packet_add(on->ospf6_if, op); 2676 OSPF6_MESSAGE_WRITE_ON(on->ospf6_if); ________________________________________________________________________________________________________ CID 1511364: Insecure data handling (TAINTED_SCALAR) /ospf6d/ospf6_message.c: 2125 in ospf6_write() 2120 if (oi->at_data.flags != 0) { 2121 at_len = ospf6_auth_len_get(oi); 2122 if (at_len) { 2123 iovector[0].iov_len = 2124 ntohs(oh->length) + at_len; >>> CID 1511364: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted variable "iovector[0].iov_len" to a tainted sink. 2125 ospf6_auth_digest_send(oi->linklocal_addr, oi, 2126 oh, at_len, 2127 iovector[0].iov_len); 2128 } else { 2129 iovector[0].iov_len = ntohs(oh->length); 2130 } ________________________________________________________________________________________________________ * CID 1511363: (DEADCODE) /ospf6d/ospf6_auth_trailer.c: 275 in ospf6_hash_hmac_sha_digest() 269 case KEYCHAIN_ALGO_HMAC_SHA512: 270 #ifdef CRYPTO_OPENSSL 271 sha512_digest(mes, len, digest); 272 #endif 273 break; 274 case KEYCHAIN_ALGO_NULL: >>> CID 1511363: (DEADCODE) >>> Execution cannot reach this statement: "case KEYCHAIN_ALGO_MAX:". 275 case KEYCHAIN_ALGO_MAX: 276 default: /ospf6d/ospf6_auth_trailer.c: 274 in ospf6_hash_hmac_sha_digest() 269 case KEYCHAIN_ALGO_HMAC_SHA512: 270 #ifdef CRYPTO_OPENSSL 271 sha512_digest(mes, len, digest); 272 #endif 273 break; >>> CID 1511363: (DEADCODE) >>> Execution cannot reach this statement: "case KEYCHAIN_ALGO_NULL:". 274 case KEYCHAIN_ALGO_NULL: 275 case KEYCHAIN_ALGO_MAX: 276 default: ________________________________________________________________________________________________________ * CID 1511362: Insecure data handling (TAINTED_SCALAR) /ospf6d/ospf6_auth_trailer.c: 541 in ospf6_auth_check_digest() 535 536 auth_len = ntohs(ospf6_auth->length); 537 538 memcpy(temp_hash, ospf6_auth->data, hash_len); 539 memcpy(ospf6_auth->data, apad, hash_len); 540 >>> CID 1511362: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted variable "oh_len + auth_len + lls_block_len" to a tainted sink. 541 ospf6_auth_update_digest(oi, oh, ospf6_auth, auth_str, 542 (oh_len + auth_len + lls_block_len), 543 hash_algo); ________________________________________________________________________________________________________ * CID 1511361: Insecure data handling (TAINTED_SCALAR) /ospf6d/ospf6_auth_trailer.c: 124 in ospf6_auth_hdr_dump_recv() 118 at_len = length - (oh_len + lls_len); 119 if (at_len > 0) { 120 ospf6_at_hdr = 121 (struct ospf6_auth_hdr )((uint8_t )ospfh + oh_len); 122 at_hdr_len = ntohs(ospf6_at_hdr->length); 123 hash_len = at_hdr_len - OSPF6_AUTH_HDR_MIN_SIZE; >>> CID 1511361: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted variable "hash_len" to a tainted sink. 124 memcpy(temp, ospf6_at_hdr->data, hash_len); 125 temp[hash_len] = '\0'; ________________________________________________________________________________________________________ *** CID 1482146: Insecure data handling (TAINTED_SCALAR) /ospf6d/ospf6_message.c: 2787 in ospf6_lsupdate_send_neighbor_now() 2781 2782 if (IS_OSPF6_DEBUG_FLOODING 2783 \|\| IS_OSPF6_DEBUG_MESSAGE(OSPF6_MESSAGE_TYPE_LSUPDATE, SEND_HDR)) 2784 zlog_debug("%s: Send lsupdate with lsa %s (age %u)", __func__, 2785 lsa->name, ntohs(lsa->header->age)); 2786 >>> CID 1482146: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted variable "op->length" to a tainted sink. 2787 ospf6_send_lsupdate(on, NULL, op); Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>	2022-02-14 06:36:02 +00:00
Abhinay Ramesh	6cb85350df	ospf6d: Stitching the auth trailer code with rest of ospf6. Problem Statement: ================== RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR Fix: ==== Core functionality implemented in previous commit is stitched with rest of ospf6 code as part of this commit. Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>	2022-02-09 01:57:08 +00:00
Abhinay Ramesh	b592ec5ad0	ospf6d: Core functionality of auth trailer implementation.. Problem Statement: ================== Implement RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR. Fix: ==== Changes are done to implement ospf6 ingress and egress packet processing. This commit has the core functionality. It supports below debugability commands: --------------------------------------- debug ospf6 authentication [<tx\|rx>] It supports below clear command: -------------------------------- clear ipv6 ospf6 auth-counters interface [IFNAME] It supports below show commands: -------------------------------- frr# show ipv6 ospf6 interface ens192 ens192 is up, type BROADCAST Interface ID: 5 Number of I/F scoped LSAs is 2 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication trailer is enabled with manual key ==> new info added Packet drop Tx 0, Packet drop Rx 0 ==> drop counters frr# show ipv6 ospf6 neighbor 2.2.2.2 detail Neighbor 2.2.2.2%ens192 Area 1 via interface ens192 (ifindex 3) 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication header present ==> new info added hello DBDesc LSReq LSUpd LSAck Higher sequence no 0x0 0x0 0x0 0x0 0x0 Lower sequence no 0x242E 0x1DC4 0x1DC3 0x23CC 0x1DDA frr# show ipv6 ospf6 OSPFv3 Routing Process (0) with Router-ID 2.2.2.2 Number of areas in this router is 1 Authentication Sequence number info ==> new info added Higher sequence no 3, Lower sequence no 1656 Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>	2022-02-09 01:57:08 +00:00

Author

SHA1

Message

Date

Abhinay Ramesh

42bfee18c2

ospf6d: fix coverity issues.

Fixed below coverity issues
________________________________________________________________________________________________________
*** CID 1511366:    (TAINTED_SCALAR)
/ospf6d/ospf6_message.c: 2631 in ospf6_make_lsupdate_list()
2625                          + OSPF6_HEADER_SIZE)
2626                         > ospf6_packet_max(on->ospf6_if)) {
2627                             ospf6_fill_header(on->ospf6_if, (*op)->s,
2628                                               length + OSPF6_HEADER_SIZE);
2629                             (*op)->length = length + OSPF6_HEADER_SIZE;
2630                             ospf6_fill_lsupdate_header((*op)->s, *lsa_cnt);
>>>     CID 1511366:    (TAINTED_SCALAR)
>>>     Passing tainted variable "(*op)->length" to a tainted sink.
2631                             ospf6_send_lsupdate(on, NULL, *op);
2632
2633                             /* refresh packet */
2634                             *op = ospf6_packet_new(on->ospf6_if->ifmtu);
2635                             length = OSPF6_LS_UPD_MIN_SIZE;
2636                             *lsa_cnt = 0;
/ospf6d/ospf6_message.c: 2631 in ospf6_make_lsupdate_list()
2625                          + OSPF6_HEADER_SIZE)
2626                         > ospf6_packet_max(on->ospf6_if)) {
2627                             ospf6_fill_header(on->ospf6_if, (*op)->s,
2628                                               length + OSPF6_HEADER_SIZE);
2629                             (*op)->length = length + OSPF6_HEADER_SIZE;
2630                             ospf6_fill_lsupdate_header((*op)->s, *lsa_cnt);
>>>     CID 1511366:    (TAINTED_SCALAR)
>>>     Passing tainted variable "(*op)->length" to a tainted sink.
2631                             ospf6_send_lsupdate(on, NULL, *op);

________________________________________________________________________________________________________
*** CID 1511365:    (TAINTED_SCALAR)
/ospf6d/ospf6_message.c: 2674 in ospf6_make_ls_retrans_list()
2669                             if (on->ospf6_if->state == OSPF6_INTERFACE_POINTTOPOINT)
2670                                     (*op)->dst = allspfrouters6;
2671                             else
2672                                     (*op)->dst = on->linklocal_addr;
2673
>>>     CID 1511365:    (TAINTED_SCALAR)
>>>     Passing tainted variable "(*op)->length" to a tainted sink.
2674                             ospf6_fill_hdr_checksum(on->ospf6_if, *op);
2675                             ospf6_packet_add(on->ospf6_if, *op);
2676                             OSPF6_MESSAGE_WRITE_ON(on->ospf6_if);
/ospf6d/ospf6_message.c: 2674 in ospf6_make_ls_retrans_list()
2669                             if (on->ospf6_if->state == OSPF6_INTERFACE_POINTTOPOINT)
2670                                     (*op)->dst = allspfrouters6;
2671                             else
2672                                     (*op)->dst = on->linklocal_addr;
2673
>>>     CID 1511365:    (TAINTED_SCALAR)
>>>     Passing tainted variable "(*op)->length" to a tainted sink.
2674                             ospf6_fill_hdr_checksum(on->ospf6_if, *op);
2675                             ospf6_packet_add(on->ospf6_if, *op);
2676                             OSPF6_MESSAGE_WRITE_ON(on->ospf6_if);
/ospf6d/ospf6_message.c: 2674 in ospf6_make_ls_retrans_list()
2668                             ospf6_fill_lsupdate_header((*op)->s, *lsa_cnt);
2669                             if (on->ospf6_if->state == OSPF6_INTERFACE_POINTTOPOINT)
2670                                     (*op)->dst = allspfrouters6;
2671                             else
2672                                     (*op)->dst = on->linklocal_addr;
2673
>>>     CID 1511365:    (TAINTED_SCALAR)
>>>     Passing tainted variable "(*op)->length" to a tainted sink.
2674                             ospf6_fill_hdr_checksum(on->ospf6_if, *op);
2675                             ospf6_packet_add(on->ospf6_if, *op);
2676                             OSPF6_MESSAGE_WRITE_ON(on->ospf6_if);

________________________________________________________________________________________________________
*** CID 1511364:  Insecure data handling  (TAINTED_SCALAR)
/ospf6d/ospf6_message.c: 2125 in ospf6_write()
2120                     if (oi->at_data.flags != 0) {
2121                             at_len = ospf6_auth_len_get(oi);
2122                             if (at_len) {
2123                                     iovector[0].iov_len =
2124                                             ntohs(oh->length) + at_len;
>>>     CID 1511364:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "iovector[0].iov_len" to a tainted sink.
2125                                     ospf6_auth_digest_send(oi->linklocal_addr, oi,
2126                                                            oh, at_len,
2127                                                            iovector[0].iov_len);
2128                             } else {
2129                                     iovector[0].iov_len = ntohs(oh->length);
2130                             }

________________________________________________________________________________________________________
*** CID 1511363:    (DEADCODE)
/ospf6d/ospf6_auth_trailer.c: 275 in ospf6_hash_hmac_sha_digest()
269      case KEYCHAIN_ALGO_HMAC_SHA512:
270     #ifdef CRYPTO_OPENSSL
271              sha512_digest(mes, len, digest);
272     #endif
273              break;
274      case KEYCHAIN_ALGO_NULL:
>>>     CID 1511363:    (DEADCODE)
>>>     Execution cannot reach this statement: "case KEYCHAIN_ALGO_MAX:".
275      case KEYCHAIN_ALGO_MAX:
276      default:

/ospf6d/ospf6_auth_trailer.c: 274 in ospf6_hash_hmac_sha_digest()
269      case KEYCHAIN_ALGO_HMAC_SHA512:
270     #ifdef CRYPTO_OPENSSL
271              sha512_digest(mes, len, digest);
272     #endif
273              break;
>>>     CID 1511363:    (DEADCODE)
>>>     Execution cannot reach this statement: "case KEYCHAIN_ALGO_NULL:".
274      case KEYCHAIN_ALGO_NULL:
275      case KEYCHAIN_ALGO_MAX:
276      default:

________________________________________________________________________________________________________
*** CID 1511362:  Insecure data handling  (TAINTED_SCALAR)
/ospf6d/ospf6_auth_trailer.c: 541 in ospf6_auth_check_digest()
535
536      auth_len = ntohs(ospf6_auth->length);
537
538      memcpy(temp_hash, ospf6_auth->data, hash_len);
539      memcpy(ospf6_auth->data, apad, hash_len);
540
>>>     CID 1511362:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "oh_len + auth_len + lls_block_len" to a tainted sink.
541      ospf6_auth_update_digest(oi, oh, ospf6_auth, auth_str,
542                               (oh_len + auth_len + lls_block_len),
543                               hash_algo);

________________________________________________________________________________________________________
*** CID 1511361:  Insecure data handling  (TAINTED_SCALAR)
/ospf6d/ospf6_auth_trailer.c: 124 in ospf6_auth_hdr_dump_recv()
118      at_len = length - (oh_len + lls_len);
119      if (at_len > 0) {
120              ospf6_at_hdr =
121                      (struct ospf6_auth_hdr *)((uint8_t *)ospfh + oh_len);
122              at_hdr_len = ntohs(ospf6_at_hdr->length);
123              hash_len = at_hdr_len - OSPF6_AUTH_HDR_MIN_SIZE;
>>>     CID 1511361:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "hash_len" to a tainted sink.
124              memcpy(temp, ospf6_at_hdr->data, hash_len);
125              temp[hash_len] = '\0';

________________________________________________________________________________________________________
*** CID 1482146:  Insecure data handling  (TAINTED_SCALAR)
/ospf6d/ospf6_message.c: 2787 in ospf6_lsupdate_send_neighbor_now()
2781
2782             if (IS_OSPF6_DEBUG_FLOODING
2783                 || IS_OSPF6_DEBUG_MESSAGE(OSPF6_MESSAGE_TYPE_LSUPDATE, SEND_HDR))
2784                     zlog_debug("%s: Send lsupdate with lsa %s (age %u)", __func__,
2785                                lsa->name, ntohs(lsa->header->age));
2786
>>>     CID 1482146:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "op->length" to a tainted sink.
2787             ospf6_send_lsupdate(on, NULL, op);

Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>

2022-02-14 06:36:02 +00:00

Abhinay Ramesh

6cb85350df

ospf6d: Stitching the auth trailer code with rest of ospf6.

Problem Statement:
==================
RFC 7166 support for OSPF6 in FRR code.

RCA:
====
This feature is newly supported in FRR

Fix:
====
Core functionality implemented in previous commit is
stitched with rest of ospf6 code as part of this commit.

Risk:
=====
Low risk

Tests Executed:
===============
Have executed the combination of commands.

Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>

2022-02-09 01:57:08 +00:00

Abhinay Ramesh

b592ec5ad0

ospf6d: Core functionality of auth trailer implementation..

Problem Statement:
==================
Implement RFC 7166 support for OSPF6 in FRR code.

RCA:
====
This feature is newly supported in FRR.

Fix:
====
Changes are done to implement ospf6 ingress and egress
packet processing.
This commit has the core functionality.

It supports below debugability commands:
---------------------------------------
debug ospf6 authentication [<tx|rx>]

It supports below clear command:
--------------------------------
clear ipv6 ospf6 auth-counters interface [IFNAME]

It supports below show commands:
--------------------------------
frr# show ipv6 ospf6 interface ens192
ens192 is up, type BROADCAST
  Interface ID: 5
  Number of I/F scoped LSAs is 2
    0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off]
    0 Pending LSAs for LSAck in Time 00:00:00 [thread off]
  Authentication trailer is enabled with manual key         ==> new info added
    Packet drop Tx 0, Packet drop Rx 0			    ==> drop counters

frr# show ipv6 ospf6 neighbor 2.2.2.2 detail
 Neighbor 2.2.2.2%ens192
    Area 1 via interface ens192 (ifindex 3)
    0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off]
    0 Pending LSAs for LSAck in Time 00:00:00 [thread off]
    Authentication header present                           ==> new info added
                         hello        DBDesc       LSReq        LSUpd        LSAck
      Higher sequence no 0x0          0x0          0x0          0x0          0x0
      Lower sequence no  0x242E       0x1DC4       0x1DC3       0x23CC       0x1DDA

frr# show ipv6 ospf6
 OSPFv3 Routing Process (0) with Router-ID 2.2.2.2
 Number of areas in this router is 1
 Authentication Sequence number info                       ==> new info added
  Higher sequence no 3, Lower sequence no 1656

Risk:
=====
Low risk

Tests Executed:
===============
Have executed the combination of commands.

Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>

2022-02-09 01:57:08 +00:00

3 Commits