Hi, Please find the latest report on new defect(s) introduced to ISC-DHCP found with Coverity Scan. 3 new defect(s) introduced to ISC-DHCP found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 1426059: Null pointer dereferences (REVERSE_INULL) /client/dhc6.c: 5146 in do_decline6() ________________________________________________________________________________________________________ *** CID 1426059: Null pointer dereferences (REVERSE_INULL) /client/dhc6.c: 5146 in do_decline6() 5140 5141 decline_done: 5142 /* We here because we've exhausted our retry limits or 5143 * something else has gone wrong with the decline process. 5144 * So let's just toss the existing lease and start over. 5145 */ >>> CID 1426059: Null pointer dereferences (REVERSE_INULL) >>> Null-checking "client->active_lease" suggests that it may be null, but it has already been dereferenced on all paths leading to the check. 5146 if (client->active_lease != NULL) { 5147 dhc6_lease_destroy(&client->active_lease, MDL); 5148 client->active_lease = NULL; 5149 } 5150 5151 start_init6(client); ** CID 1426058: Security best practices violations (STRING_OVERFLOW) /server/ddns.c: 1588 in ddns_fwd_srv_add3() ________________________________________________________________________________________________________ *** CID 1426058: Security best practices violations (STRING_OVERFLOW) /server/ddns.c: 1588 in ddns_fwd_srv_add3() 1582 #if defined (DEBUG_DNS_UPDATES) 1583 log_info ("DDNS: ddns_fwd_srv_add3: %s eresult: %d", 1584 dump_ddns_cb(ddns_cb), eresult); 1585 #endif 1586 1587 /* Construct a printable form of the address for logging */ >>> CID 1426058: Security best practices violations (STRING_OVERFLOW) >>> You might overrun the 46-character fixed-size string "ddns_address" by copying the return value of "piaddr" without checking the length. 1588 strcpy(ddns_address, piaddr(ddns_cb->address)); 1589 1590 switch(eresult) { 1591 case ISC_R_SUCCESS: 1592 log_info("Added new forward map from %.*s to %s", 1593 (int)ddns_cb->fwd_name.len, ** CID 1426057: Control flow issues (DEADCODE) /server/dhcpv6.c: 3297 in shorten_lifetimes() ________________________________________________________________________________________________________ *** CID 1426057: Control flow issues (DEADCODE) /server/dhcpv6.c: 3297 in shorten_lifetimes() 3291 /* shouldn't happen */ 3292 continue; 3293 } 3294 3295 /* If address matches (and for PDs the prefix len matches) 3296 * we assume this is our subopt, so update the lifetimes */ >>> CID 1426057: Control flow issues (DEADCODE) >>> Execution cannot reach the expression "oc->data.data[8] == lease->plen" inside this statement: "if (!memcmp(oc->data.data +...". 3297 if (!memcmp(oc->data.data + addr_offset, &lease->addr, 16) && 3298 (subopt_type != D6O_IA_PD || 3299 (oc->data.data[IASUBOPT_PD_PREFLEN_OFFSET] == 3300 lease->plen))) { 3301 u_int32_t pref_life = getULong(oc->data.data + 3302 pref_offset); ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRab6kucGE8G6mRE1FKR2Ag87FjH5D5EKomg9SJ1sIkWFA-3D-3D_XFX-2BxtADztfMDcW4r2GH7E6TGVT4PiaTwnwuQkVMpYrncv2rcmU4rOCNLS9NuzXfZGkt4o2sutnxwz88J9-2BBp2mL9xwz6PIyP0MUSKiMoziqtS1c7S6GCDs45vXLIN4HtkhEtFEXdHxuuTMQow6wBUGRAdXdHsngYd2uxIXU0R5kWM6usUgIA1f79IdT1qeO9S1xwYP7NSrQgGAu3U-2BRWA-3D-3D To manage Coverity Scan email notifications for "dhcp-bugs@isc.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4VSUMfbZdfDe692MqhPm-2FjBlgt0jMCazKWgh17L1-2BKT8-2FRVwhIiDkSLwzkWTXmM-2F9gyMcfjzFAlSj57xJcTpCQFePWpS-2BYrfumELiSWoXoLY-3D_XFX-2BxtADztfMDcW4r2GH7E6TGVT4PiaTwnwuQkVMpYrncv2rcmU4rOCNLS9NuzXfJ8MLdem39CSthES4jgbrqJM4KPwM5OfpJrSad4IAA0yQT7vEm9b0nXnU-2BtXoG5Y22hIlAlkcmsfQatLfBSxm7QWwE9aUb9pFKgXXR9p7PYPYk6shWpPX0EJx13FmeTuCEcUupgm5meADdBh9qKh3cw-3D-3D