From: Donald Sharp <sharpd@cumulusnetworks.com>
Date: Fri, 25 Aug 2017 12:07:58 +0000 (-0400)
Subject: zebra: Coverity Code Cleanup
X-Git-Tag: frr-4.0-dev~355^2
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=refs%2Fpull%2F1044%2Fhead;p=mirror%2Ffrr.git

zebra: Coverity Code Cleanup

1) Various socket close issues
2) Ensure afi passed is usable
3) Fix some reads beyond buffer and reads after free
4) Ensure some failure modes are handled properly
5) Memory Leak(s) fix
6) There is no 6.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
---

diff --git a/zebra/redistribute.c b/zebra/redistribute.c
index 9b21eb4d8c..6f08b5b5a0 100644
--- a/zebra/redistribute.c
+++ b/zebra/redistribute.c
@@ -52,6 +52,12 @@ static u_int32_t zebra_import_table_distance[AFI_MAX][ZEBRA_KERNEL_TABLE_MAX];
 
 int is_zebra_import_table_enabled(afi_t afi, u_int32_t table_id)
 {
+	/*
+	 * Make sure that what we are called with actualy makes sense
+	 */
+	if (afi == AFI_MAX)
+		return 0;
+
 	if (is_zebra_valid_kernel_table(table_id))
 		return zebra_import_table_used[afi][table_id];
 	return 0;
diff --git a/zebra/rtadv.c b/zebra/rtadv.c
index 295975c5ca..88836af72e 100644
--- a/zebra/rtadv.c
+++ b/zebra/rtadv.c
@@ -630,7 +630,6 @@ static int rtadv_make_socket(void)
 			 safe_strerror(errno));
 
 	if (sock < 0) {
-		close(sock);
 		return -1;
 	}
 
diff --git a/zebra/zebra_ptm.c b/zebra/zebra_ptm.c
index 1bf672d4a1..b18b3e7429 100644
--- a/zebra/zebra_ptm.c
+++ b/zebra/zebra_ptm.c
@@ -156,7 +156,7 @@ void zebra_ptm_finish(void)
 	if (ptm_cb.wb)
 		buffer_free(ptm_cb.wb);
 
-	if (ptm_cb.ptm_sock != -1)
+	if (ptm_cb.ptm_sock >= 0)
 		close(ptm_cb.ptm_sock);
 }
 
diff --git a/zebra/zebra_rib.c b/zebra/zebra_rib.c
index dc61ea5e40..63ac06b160 100644
--- a/zebra/zebra_rib.c
+++ b/zebra/zebra_rib.c
@@ -2745,23 +2745,27 @@ unsigned long rib_score_proto(u_char proto, u_short instance)
 void rib_close_table(struct route_table *table)
 {
 	struct route_node *rn;
-	rib_table_info_t *info = table->info;
+	rib_table_info_t *info;
 	struct route_entry *re;
 
-	if (table)
-		for (rn = route_top(table); rn; rn = srcdest_route_next(rn))
-			RNODE_FOREACH_RE(rn, re)
-			{
-				if (!CHECK_FLAG(re->status,
-						ROUTE_ENTRY_SELECTED_FIB))
-					continue;
+	if (!table)
+		return;
 
-				if (info->safi == SAFI_UNICAST)
-					hook_call(rib_update, rn, NULL);
+	info = table->info;
 
-				if (!RIB_SYSTEM_ROUTE(re))
-					rib_uninstall_kernel(rn, re);
-			}
+	for (rn = route_top(table); rn; rn = srcdest_route_next(rn))
+		RNODE_FOREACH_RE(rn, re)
+		{
+			if (!CHECK_FLAG(re->status,
+					ROUTE_ENTRY_SELECTED_FIB))
+				continue;
+
+			if (info->safi == SAFI_UNICAST)
+				hook_call(rib_update, rn, NULL);
+
+			if (!RIB_SYSTEM_ROUTE(re))
+				rib_uninstall_kernel(rn, re);
+		}
 }
 
 /* Routing information base initialize. */
diff --git a/zebra/zebra_vrf.c b/zebra/zebra_vrf.c
index 82c0524a8f..0a26ac6ad7 100644
--- a/zebra/zebra_vrf.c
+++ b/zebra/zebra_vrf.c
@@ -470,6 +470,10 @@ static int vrf_config_write(struct vty *vty)
 	RB_FOREACH(vrf, vrf_name_head, &vrfs_by_name)
 	{
 		zvrf = vrf->info;
+
+		if (!zvrf)
+			continue;
+
 		if (strcmp(zvrf_name(zvrf), VRF_DEFAULT_NAME)) {
 			vty_out(vty, "vrf %s\n", zvrf_name(zvrf));
 			vty_out(vty, "!\n");
diff --git a/zebra/zebra_vxlan.c b/zebra/zebra_vxlan.c
index b20ba7d9f5..ef24e533d0 100644
--- a/zebra/zebra_vxlan.c
+++ b/zebra/zebra_vxlan.c
@@ -1155,14 +1155,15 @@ static int zvni_neigh_uninstall(zebra_vni_t *zvni, zebra_neigh_t *n)
 	if (!(n->flags & ZEBRA_NEIGH_REMOTE))
 		return 0;
 
-	zvrf = vrf_info_lookup(zvni->vxlan_if->vrf_id);
-	assert(zvrf);
 	if (!zvni->vxlan_if) {
 		zlog_err("VNI %u hash %p couldn't be uninstalled - no intf",
 			 zvni->vni, zvni);
 		return -1;
 	}
 
+	zvrf = vrf_info_lookup(zvni->vxlan_if->vrf_id);
+	assert(zvrf);
+
 	zif = zvni->vxlan_if->info;
 	if (!zif)
 		return -1;
@@ -1361,7 +1362,7 @@ static int zvni_gw_macip_add(struct interface *ifp, zebra_vni_t *zvni,
 		zlog_debug(
 			"%u:SVI %s(%u) VNI %u, sending GW MAC %s IP %s add to BGP",
 			ifp->vrf_id, ifp->name, ifp->ifindex, zvni->vni,
-			prefix_mac2str(macaddr, NULL, ETHER_ADDR_STRLEN),
+			prefix_mac2str(macaddr, buf, sizeof(buf)),
 			ipaddr2str(ip, buf2, sizeof(buf2)));
 
 	zvni_neigh_send_add_to_client(zvrf, zvni->vni, ip, macaddr,
@@ -1420,7 +1421,8 @@ static int zvni_gw_macip_del(struct interface *ifp, zebra_vni_t *zvni,
 	zvni_neigh_del(zvni, n);
 
 	/* see if the mac needs to be deleted as well*/
-	zvni_deref_ip2mac(zvni, mac, 0);
+	if (mac)
+		zvni_deref_ip2mac(zvni, mac, 0);
 
 	return 0;
 }
diff --git a/zebra/zserv.c b/zebra/zserv.c
index 7899a8375c..98494cff07 100644
--- a/zebra/zserv.c
+++ b/zebra/zserv.c
@@ -1674,7 +1674,7 @@ static int zread_ipv6_delete(struct zserv *client, u_short length,
 	api.safi = stream_getw(s);
 
 	/* IPv4 prefix. */
-	memset(&p, 0, sizeof(struct prefix_ipv6));
+	memset(&p, 0, sizeof(struct prefix));
 	p.family = AF_INET6;
 	p.prefixlen = stream_getc(s);
 	stream_get(&p.u.prefix6, s, PSIZE(p.prefixlen));