mirror of
https://git.proxmox.com/git/mirror_frr
synced 2026-01-24 23:38:22 +00:00
42bfee18c2
Fixed below coverity issues
________________________________________________________________________________________________________
*** CID 1511366: (TAINTED_SCALAR)
/ospf6d/ospf6_message.c: 2631 in ospf6_make_lsupdate_list()
2625 + OSPF6_HEADER_SIZE)
2626 > ospf6_packet_max(on->ospf6_if)) {
2627 ospf6_fill_header(on->ospf6_if, (*op)->s,
2628 length + OSPF6_HEADER_SIZE);
2629 (*op)->length = length + OSPF6_HEADER_SIZE;
2630 ospf6_fill_lsupdate_header((*op)->s, *lsa_cnt);
>>> CID 1511366: (TAINTED_SCALAR)
>>> Passing tainted variable "(*op)->length" to a tainted sink.
2631 ospf6_send_lsupdate(on, NULL, *op);
2632
2633 /* refresh packet */
2634 *op = ospf6_packet_new(on->ospf6_if->ifmtu);
2635 length = OSPF6_LS_UPD_MIN_SIZE;
2636 *lsa_cnt = 0;
/ospf6d/ospf6_message.c: 2631 in ospf6_make_lsupdate_list()
2625 + OSPF6_HEADER_SIZE)
2626 > ospf6_packet_max(on->ospf6_if)) {
2627 ospf6_fill_header(on->ospf6_if, (*op)->s,
2628 length + OSPF6_HEADER_SIZE);
2629 (*op)->length = length + OSPF6_HEADER_SIZE;
2630 ospf6_fill_lsupdate_header((*op)->s, *lsa_cnt);
>>> CID 1511366: (TAINTED_SCALAR)
>>> Passing tainted variable "(*op)->length" to a tainted sink.
2631 ospf6_send_lsupdate(on, NULL, *op);
________________________________________________________________________________________________________
*** CID 1511365: (TAINTED_SCALAR)
/ospf6d/ospf6_message.c: 2674 in ospf6_make_ls_retrans_list()
2669 if (on->ospf6_if->state == OSPF6_INTERFACE_POINTTOPOINT)
2670 (*op)->dst = allspfrouters6;
2671 else
2672 (*op)->dst = on->linklocal_addr;
2673
>>> CID 1511365: (TAINTED_SCALAR)
>>> Passing tainted variable "(*op)->length" to a tainted sink.
2674 ospf6_fill_hdr_checksum(on->ospf6_if, *op);
2675 ospf6_packet_add(on->ospf6_if, *op);
2676 OSPF6_MESSAGE_WRITE_ON(on->ospf6_if);
/ospf6d/ospf6_message.c: 2674 in ospf6_make_ls_retrans_list()
2669 if (on->ospf6_if->state == OSPF6_INTERFACE_POINTTOPOINT)
2670 (*op)->dst = allspfrouters6;
2671 else
2672 (*op)->dst = on->linklocal_addr;
2673
>>> CID 1511365: (TAINTED_SCALAR)
>>> Passing tainted variable "(*op)->length" to a tainted sink.
2674 ospf6_fill_hdr_checksum(on->ospf6_if, *op);
2675 ospf6_packet_add(on->ospf6_if, *op);
2676 OSPF6_MESSAGE_WRITE_ON(on->ospf6_if);
/ospf6d/ospf6_message.c: 2674 in ospf6_make_ls_retrans_list()
2668 ospf6_fill_lsupdate_header((*op)->s, *lsa_cnt);
2669 if (on->ospf6_if->state == OSPF6_INTERFACE_POINTTOPOINT)
2670 (*op)->dst = allspfrouters6;
2671 else
2672 (*op)->dst = on->linklocal_addr;
2673
>>> CID 1511365: (TAINTED_SCALAR)
>>> Passing tainted variable "(*op)->length" to a tainted sink.
2674 ospf6_fill_hdr_checksum(on->ospf6_if, *op);
2675 ospf6_packet_add(on->ospf6_if, *op);
2676 OSPF6_MESSAGE_WRITE_ON(on->ospf6_if);
________________________________________________________________________________________________________
*** CID 1511364: Insecure data handling (TAINTED_SCALAR)
/ospf6d/ospf6_message.c: 2125 in ospf6_write()
2120 if (oi->at_data.flags != 0) {
2121 at_len = ospf6_auth_len_get(oi);
2122 if (at_len) {
2123 iovector[0].iov_len =
2124 ntohs(oh->length) + at_len;
>>> CID 1511364: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "iovector[0].iov_len" to a tainted sink.
2125 ospf6_auth_digest_send(oi->linklocal_addr, oi,
2126 oh, at_len,
2127 iovector[0].iov_len);
2128 } else {
2129 iovector[0].iov_len = ntohs(oh->length);
2130 }
________________________________________________________________________________________________________
*** CID 1511363: (DEADCODE)
/ospf6d/ospf6_auth_trailer.c: 275 in ospf6_hash_hmac_sha_digest()
269 case KEYCHAIN_ALGO_HMAC_SHA512:
270 #ifdef CRYPTO_OPENSSL
271 sha512_digest(mes, len, digest);
272 #endif
273 break;
274 case KEYCHAIN_ALGO_NULL:
>>> CID 1511363: (DEADCODE)
>>> Execution cannot reach this statement: "case KEYCHAIN_ALGO_MAX:".
275 case KEYCHAIN_ALGO_MAX:
276 default:
/ospf6d/ospf6_auth_trailer.c: 274 in ospf6_hash_hmac_sha_digest()
269 case KEYCHAIN_ALGO_HMAC_SHA512:
270 #ifdef CRYPTO_OPENSSL
271 sha512_digest(mes, len, digest);
272 #endif
273 break;
>>> CID 1511363: (DEADCODE)
>>> Execution cannot reach this statement: "case KEYCHAIN_ALGO_NULL:".
274 case KEYCHAIN_ALGO_NULL:
275 case KEYCHAIN_ALGO_MAX:
276 default:
________________________________________________________________________________________________________
*** CID 1511362: Insecure data handling (TAINTED_SCALAR)
/ospf6d/ospf6_auth_trailer.c: 541 in ospf6_auth_check_digest()
535
536 auth_len = ntohs(ospf6_auth->length);
537
538 memcpy(temp_hash, ospf6_auth->data, hash_len);
539 memcpy(ospf6_auth->data, apad, hash_len);
540
>>> CID 1511362: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "oh_len + auth_len + lls_block_len" to a tainted sink.
541 ospf6_auth_update_digest(oi, oh, ospf6_auth, auth_str,
542 (oh_len + auth_len + lls_block_len),
543 hash_algo);
________________________________________________________________________________________________________
*** CID 1511361: Insecure data handling (TAINTED_SCALAR)
/ospf6d/ospf6_auth_trailer.c: 124 in ospf6_auth_hdr_dump_recv()
118 at_len = length - (oh_len + lls_len);
119 if (at_len > 0) {
120 ospf6_at_hdr =
121 (struct ospf6_auth_hdr *)((uint8_t *)ospfh + oh_len);
122 at_hdr_len = ntohs(ospf6_at_hdr->length);
123 hash_len = at_hdr_len - OSPF6_AUTH_HDR_MIN_SIZE;
>>> CID 1511361: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "hash_len" to a tainted sink.
124 memcpy(temp, ospf6_at_hdr->data, hash_len);
125 temp[hash_len] = '\0';
________________________________________________________________________________________________________
*** CID 1482146: Insecure data handling (TAINTED_SCALAR)
/ospf6d/ospf6_message.c: 2787 in ospf6_lsupdate_send_neighbor_now()
2781
2782 if (IS_OSPF6_DEBUG_FLOODING
2783 || IS_OSPF6_DEBUG_MESSAGE(OSPF6_MESSAGE_TYPE_LSUPDATE, SEND_HDR))
2784 zlog_debug("%s: Send lsupdate with lsa %s (age %u)", __func__,
2785 lsa->name, ntohs(lsa->header->age));
2786
>>> CID 1482146: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "op->length" to a tainted sink.
2787 ospf6_send_lsupdate(on, NULL, op);
Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
|
||
|---|---|---|
| .. | ||
| .gitignore | ||
| Makefile | ||
| ospf6_abr.c | ||
| ospf6_abr.h | ||
| ospf6_area.c | ||
| ospf6_area.h | ||
| ospf6_asbr.c | ||
| ospf6_asbr.h | ||
| ospf6_auth_trailer.c | ||
| ospf6_auth_trailer.h | ||
| ospf6_bfd.c | ||
| ospf6_bfd.h | ||
| ospf6_flood.c | ||
| ospf6_flood.h | ||
| ospf6_gr_helper.c | ||
| ospf6_gr.c | ||
| ospf6_gr.h | ||
| ospf6_interface.c | ||
| ospf6_interface.h | ||
| ospf6_intra.c | ||
| ospf6_intra.h | ||
| ospf6_lsa.c | ||
| ospf6_lsa.h | ||
| ospf6_lsdb.c | ||
| ospf6_lsdb.h | ||
| ospf6_main.c | ||
| ospf6_message.c | ||
| ospf6_message.h | ||
| ospf6_neighbor.c | ||
| ospf6_neighbor.h | ||
| ospf6_network.c | ||
| ospf6_network.h | ||
| ospf6_nssa.c | ||
| ospf6_nssa.h | ||
| ospf6_proto.c | ||
| ospf6_proto.h | ||
| ospf6_route.c | ||
| ospf6_route.h | ||
| ospf6_routemap_nb_config.c | ||
| ospf6_routemap_nb.c | ||
| ospf6_routemap_nb.h | ||
| ospf6_snmp.c | ||
| ospf6_spf.c | ||
| ospf6_spf.h | ||
| ospf6_top.c | ||
| ospf6_top.h | ||
| ospf6_zebra.c | ||
| ospf6_zebra.h | ||
| ospf6d.c | ||
| ospf6d.h | ||
| README | ||
| subdir.am | ||
Zebra OSPF daemon for IPv6 network
2003/08/18
README for newer code is not yet. General usage should remain
the same. For further usage, see command helps by typing '?'
in vty, and then imagin ! ;p) Previous README contents follows.
Zebra OSPF daemon for IPv6 network
2001/12/20
Zebra OSPF6d is OSPF version 3 daemon which is specified by
"OSPF for IPv6" (RFC 2740).
*** NOTE ***
Zebra ospf6d is in development yet. It may lack some functionalities,
and may have some bugs. Use the latest version from the anoncvs
repository (http://www.zebra.org/cvs.html) !
This file README is like memo yet, so please feel free to ask
<yasu@sfc.wide.ad.jp> by E-mail. Patches will be appriciated.
ospf6d's vty port was default to 2606/tcp.
Use commands below.
VIEW NODE:
show ipv6 ospf6
To see Router-ID, uptime of ospf6d, some statistics.
show ipv6 ospf6 database ...
This command shows LSA database. You can specify
LS-type/LS-ID/Advertising-Router of LSAs. '*' is recognized.
show ipv6 ospf6 interface ...
To see the status of the OSPF interface, and the configuration
like interface costs.
show ipv6 ospf6 neighbor ...
Shows state of neighbors and choosed (Backup) DR on the I/F.
show ipv6 ospf6 route (X::X)
This command shows internal routing table of the ospf6d.
Routes not calculated by OSPFv3 (like connected routes)
are not shown. If Address is specified (X::X), shows the route
that the address matches.
show ipv6 ospf6 route redistribute (X::X)
Shows the routes advertised as AS-External routes by the router
itself. If Address is specified (X::X), shows the route
that the address matches.
CONFIG NODE:
interface NAME
To enter INTERFACE NODE
router ospf6 ...
To enter OSPF6 NODE
INTERFACE NODE:
ipv6 ospf6 cost COST
Sets the interface's output cost. Depends on interface bandwidth by default.
ipv6 ospf6 hello-interval HELLOINTERVAL
Sets the interface's Hello Interval. default 10
ipv6 ospf6 dead-interval DEADINTERVAL
Sets the interface's Router Dead Interval. default 40
ipv6 ospf6 retransmit-interval RETRANSMITINTERVAL
Sets the interface's Rxmt Interval. default 5
ipv6 ospf6 priority PRIORITY
Sets the interface's Router Priority. default 1
ipv6 ospf6 transmit-delay TRANSMITDELAY
Sets the interface's Inf-Trans-Delay. default 1
OSPF6 NODE:
router-id A.B.C.D
Sets the router's Router-ID
interface NAME area AREA
Binds interface to specified Area, and start
sending OSPFv3 packets.
auto-cost reference-bandwidth COST
Sets the reference bandwidth for cost calculations, where this
bandwidth is considered equivalent to an OSPF cost of 1, specified
in Mbits/s. The default is 100Mbit/s (i.e. a link of bandwidth
100Mbit/s or higher will have a cost of 1. Cost of lower bandwidth
links will be scaled with reference to this cost). This
configuration setting MUST be consistent across all routers within
the OSPF domain.
Sample configuration is in ospf6d.conf.sample.
--
Yasuhiro Ohara <yasu@sfc.wide.ad.jp>
Kunihiro Ishiguro <kunihiro@zebra.org>