From 7134ba70601c5af70fa0342510f95521217028db Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Mon, 28 Oct 2019 20:30:06 -0400 Subject: [PATCH 1/2] zebra: Fix some nhg SA issues found in latest Coverity Fix 2 Coverity issues: 1) zebra_nhg.c -> all paths in nhg_ctx_process_finish have already deref'ed the ctx pointer no need for a test of it 2) the **ifp pointer passed in may be NULL. Prevent an accidental deref if calling function does not pass in a ifp pointer. Signed-off-by: Donald Sharp --- zebra/rt_netlink.c | 9 +++++++-- zebra/zebra_nhg.c | 3 +-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/zebra/rt_netlink.c b/zebra/rt_netlink.c index 640802fe316c..915ad1a10ccb 100644 --- a/zebra/rt_netlink.c +++ b/zebra/rt_netlink.c @@ -2246,6 +2246,7 @@ static struct nexthop netlink_nexthop_process_nh(struct rtattr **tb, enum nexthop_types_t type = 0; int if_index = 0; size_t sz = 0; + struct interface *ifp_lookup; if_index = *(int *)RTA_DATA(tb[NHA_OIF]); @@ -2280,9 +2281,13 @@ static struct nexthop netlink_nexthop_process_nh(struct rtattr **tb, if (if_index) nh.ifindex = if_index; - *ifp = if_lookup_by_index_per_ns(zebra_ns_lookup(ns_id), nh.ifindex); + ifp_lookup = + if_lookup_by_index_per_ns(zebra_ns_lookup(ns_id), nh.ifindex); + if (ifp) - nh.vrf_id = (*ifp)->vrf_id; + *ifp = ifp_lookup; + if (ifp_lookup) + nh.vrf_id = ifp_lookup->vrf_id; else { flog_warn( EC_ZEBRA_UNKNOWN_INTERFACE, diff --git a/zebra/zebra_nhg.c b/zebra/zebra_nhg.c index 2bb117b2729d..05da25b2b8e2 100644 --- a/zebra/zebra_nhg.c +++ b/zebra/zebra_nhg.c @@ -886,8 +886,7 @@ static void nhg_ctx_process_finish(struct nhg_ctx *ctx) nexthop_del_labels(nh); done: - if (ctx) - nhg_ctx_free(ctx); + nhg_ctx_free(ctx); } static int queue_add(struct nhg_ctx *ctx) From d1accb2e1985f1125ce30d3d521a90c1cd0c28ef Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Mon, 28 Oct 2019 20:52:40 -0400 Subject: [PATCH 2/2] zebra: zvni_map_to_svi may return NULL act accordingly The zvni_map_to_svi function may return NULL as such prevent a deref and crash. Found via coverity Signed-off-by: Donald Sharp --- zebra/zebra_vxlan.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/zebra/zebra_vxlan.c b/zebra/zebra_vxlan.c index 2417b505adf9..1d2748c8efc3 100644 --- a/zebra/zebra_vxlan.c +++ b/zebra/zebra_vxlan.c @@ -5775,12 +5775,14 @@ static void process_remote_macip_del(vni_t vni, vlan_if = zvni_map_to_svi(vxl->access_vlan, zif->brslave_info.br_if); if (IS_ZEBRA_DEBUG_VXLAN) - zlog_debug("%s: IP %s (flags 0x%x intf %s) is remote and duplicate, read kernel for local entry", - __PRETTY_FUNCTION__, - ipaddr2str(ipaddr, buf1, - sizeof(buf1)), n->flags, - vlan_if->name); - neigh_read_specific_ip(ipaddr, vlan_if); + zlog_debug( + "%s: IP %s (flags 0x%x intf %s) is remote and duplicate, read kernel for local entry", + __PRETTY_FUNCTION__, + ipaddr2str(ipaddr, buf1, sizeof(buf1)), + n->flags, + vlan_if ? vlan_if->name : "Unknown"); + if (vlan_if) + neigh_read_specific_ip(ipaddr, vlan_if); } /* When the MAC changes for an IP, it is possible the