isisd: address Coverity warnings this fixes a bunch of issues found by Coverity SCAN and flagged as "high" impact -- although, they're all rather minute issues. * isisd/isis_adjacency.c: one superfluous check, one possible NULL deref * isisd/isis_circuit.c: two prefix memory leaks * isisd/isis_csm.c: one missing break * isisd/isis_lsp.c: one possible NULL deref * isisd/isis_pfpacket.c: one error-case fd leak * isisd/isis_route.c: one isis_route_info memory leak * isisd/isis_routemap.c: one... fnord * isisd/isis_tlv.c: one infinite loop Reported-by: Coverity SCAN Signed-off-by: David Lamparter <equinox@opensourcerouting.org>

commit: e8aca32f312cbef1cb0b0dd9e87b7e59dc9fa251 [log] [tgz]
author: David Lamparter <equinox@opensourcerouting.org> Tue Nov 27 01:10:30 2012 +0000
committer: David Lamparter <equinox@opensourcerouting.org> Wed Dec 12 15:38:08 2012 +0100
tree: f1dd65169e4cbc6bb7da2d76466b049703587123
parent: 318c8040abc1b8a737c941382e8aca82e546da09 [diff]
diff --git a/isisd/isis_adjacency.c b/isisd/isis_adjacency.c
index 468b0a6..414885f 100644
--- a/isisd/isis_adjacency.c
+++ b/isisd/isis_adjacency.c

@@ -207,7 +207,7 @@
 
       zlog_info ("%%ADJCHANGE: Adjacency to %s (%s) changed from %s to %s, %s",
 		 adj_name,
-		 adj->circuit ? adj->circuit->interface->name : "no circuit",
+		 adj->circuit->interface->name,
 		 adj_state2string (old_state),
 		 adj_state2string (new_state),
 		 reason ? reason : "unspecified");
@@ -427,7 +427,7 @@
       vty_out (vty, ", Speaks: %s", nlpid2string (&adj->nlpids));
       vty_out (vty, "%s", VTY_NEWLINE);
       vty_out (vty, "    SNPA: %s", snpa_print (adj->snpa));
-      if (adj->circuit->circ_type == CIRCUIT_T_BROADCAST)
+      if (adj->circuit && (adj->circuit->circ_type == CIRCUIT_T_BROADCAST))
       {
         dyn = dynhn_find_by_id (adj->lanid);
         if (dyn)

diff --git a/isisd/isis_circuit.c b/isisd/isis_circuit.c
index c09c3a2..3d9fb47 100644
--- a/isisd/isis_circuit.c
+++ b/isisd/isis_circuit.c

@@ -327,6 +327,8 @@
 	  zlog_warn ("Nonexitant ip address %s removal attempt from \
                       circuit %d", buf, circuit->circuit_id);
 	}
+
+      prefix_ipv4_free (ipv4);
     }
 #ifdef HAVE_IPV6
   if (connected->address->family == AF_INET6)
@@ -370,6 +372,8 @@
 	}
       else if (circuit->area)
 	  lsp_regenerate_schedule (circuit->area, circuit->is_type, 0);
+
+      prefix_ipv6_free (ipv6);
     }
 #endif /* HAVE_IPV6 */
   return;

diff --git a/isisd/isis_csm.c b/isisd/isis_csm.c
index 5d74a71..a58ba49 100644
--- a/isisd/isis_csm.c
+++ b/isisd/isis_csm.c

@@ -101,6 +101,7 @@
 	  break;
 	case ISIS_DISABLE:
 	  zlog_warn ("circuit already disabled");
+	  break;
 	case IF_DOWN_FROM_Z:
 	  zlog_warn ("circuit already disconnected");
 	  break;

diff --git a/isisd/isis_lsp.c b/isisd/isis_lsp.c
index 082e9dc..f2a7923 100644
--- a/isisd/isis_lsp.c
+++ b/isisd/isis_lsp.c

@@ -1631,7 +1631,7 @@
 static int
 lsp_regenerate (struct isis_area *area, int level)
 {
-  dict_t *lspdb = area->lspdb[level - 1];
+  dict_t *lspdb;
   struct isis_lsp *lsp, *frag;
   struct listnode *node;
   u_char lspid[ISIS_SYS_ID_LEN + 2];
@@ -1640,6 +1640,8 @@
   if ((area == NULL) || (area->is_type & level) != level)
     return ISIS_ERROR;
 
+  lspdb = area->lspdb[level - 1];
+
   memset (lspid, 0, ISIS_SYS_ID_LEN + 2);
   memcpy (lspid, isis->sysid, ISIS_SYS_ID_LEN);
 

diff --git a/isisd/isis_pfpacket.c b/isisd/isis_pfpacket.c
index e5589ae..4bc8717 100644
--- a/isisd/isis_pfpacket.c
+++ b/isisd/isis_pfpacket.c

@@ -129,6 +129,7 @@
 	    sizeof (struct sockaddr_ll)) < 0)
     {
       zlog_warn ("open_packet_socket(): bind() failed: %s", safe_strerror (errno));
+      close (fd);
       return ISIS_WARNING;
     }
 

diff --git a/isisd/isis_route.c b/isisd/isis_route.c
index c99d958..8ab470c 100644
--- a/isisd/isis_route.c
+++ b/isisd/isis_route.c

@@ -438,7 +438,11 @@
     route_node = route_node_get (area->route_table6[level - 1], prefix);
 #endif /* HAVE_IPV6 */
   else
-    return NULL;
+    {
+      isis_route_info_delete (rinfo_new);
+      return NULL;
+    }
+
   rinfo_old = route_node->info;
   if (!rinfo_old)
     {

diff --git a/isisd/isis_routemap.c b/isisd/isis_routemap.c
index 558d391..84a14ac 100644
--- a/isisd/isis_routemap.c
+++ b/isisd/isis_routemap.c

@@ -69,8 +69,7 @@
   for (i = 0; i <= ZEBRA_ROUTE_MAX; i++)
     {
       if (isis->rmap[i].name)
-	isis->rmap[i].map = isis->rmap[i].map =
-	  route_map_lookup_by_name (isis->rmap[i].name);
+	isis->rmap[i].map = route_map_lookup_by_name (isis->rmap[i].name);
       else
 	isis->rmap[i].map = NULL;
     }

diff --git a/isisd/isis_spf.c b/isisd/isis_spf.c
index 1cb5113..e0a8d01 100644
--- a/isisd/isis_spf.c
+++ b/isisd/isis_spf.c

@@ -1492,7 +1492,7 @@
   struct listnode *anode;
   struct isis_vertex *vertex;
   struct isis_adjacency *adj;
-  u_char buff[255];
+  u_char buff[BUFSIZ];
 
   vty_out (vty, "Vertex               Type         Metric "
                 "Next-Hop             Interface Parent%s", VTY_NEWLINE);

diff --git a/isisd/isis_tlv.c b/isisd/isis_tlv.c
index ed3e0e8..2c2415a 100644
--- a/isisd/isis_tlv.c
+++ b/isisd/isis_tlv.c

@@ -712,6 +712,7 @@
             Neighbor Extended Local Circuit ID (four octets, if Neighbor
               System ID is present) */
 		  pnt += length;
+		  value_len += length;
 		}
 	    }
 	  else
commit	e8aca32f312cbef1cb0b0dd9e87b7e59dc9fa251	[log] [tgz]
author	David Lamparter <equinox@opensourcerouting.org>	Tue Nov 27 01:10:30 2012 +0000
committer	David Lamparter <equinox@opensourcerouting.org>	Wed Dec 12 15:38:08 2012 +0100
tree	f1dd65169e4cbc6bb7da2d76466b049703587123
parent	318c8040abc1b8a737c941382e8aca82e546da09 [diff]