From 6182675e7ebcfd9d809e5825207bc9d1e83ff4f8 Mon Sep 17 00:00:00 2001
From: "G. Paul Ziemba" <paulz@labn.net>
Date: Fri, 18 Aug 2023 11:11:17 -0700
Subject: [PATCH 1/4] pbrd: address 230815 coverity: r.action.flags reordering

Signed-off-by: G. Paul Ziemba <paulz@labn.net>
---
 pbrd/pbr_zebra.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/pbrd/pbr_zebra.c b/pbrd/pbr_zebra.c
index 35c771469c19..ee17a193f46f 100644
--- a/pbrd/pbr_zebra.c
+++ b/pbrd/pbr_zebra.c
@@ -568,15 +568,10 @@ static bool pbr_encode_pbr_map_sequence(struct stream *s,
 
 	/* actions */
 
-	SET_FLAG(r.action.flags, PBR_ACTION_TABLE); /* always valid */
-
-	/*
-	 * PBR should maintain its own set of action flags that we
-	 * can copy here instead of trying to infer from magic values.
-	 */
-
 	r.action.flags = pbrms->action_bm;
 
+	SET_FLAG(r.action.flags, PBR_ACTION_TABLE); /* always valid */
+
 	/*
 	 * if the user does not use the command "set vrf name unchanged"
 	 * then pbr_encode_pbr_map_sequence_vrf will not be called

From 2e6c879e99f6d3436161f7b7dd676a3a5d0c0868 Mon Sep 17 00:00:00 2001
From: "G. Paul Ziemba" <paulz@labn.net>
Date: Fri, 18 Aug 2023 11:13:20 -0700
Subject: [PATCH 2/4] pbrd: address 230815 coverity: pbr_vty.c pend/strtoul

Signed-off-by: G. Paul Ziemba <paulz@labn.net>
---
 pbrd/pbr_vty.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/pbrd/pbr_vty.c b/pbrd/pbr_vty.c
index 0d6e1afd5b05..9643fb955a0a 100644
--- a/pbrd/pbr_vty.c
+++ b/pbrd/pbr_vty.c
@@ -441,18 +441,18 @@ DEFPY  (pbr_map_match_dscp,
 	}
 
 	unsigned long ul_dscp;
-	char *pend;
+	char *pend = NULL;
 	uint8_t raw_dscp;
 
 	assert(dscp);
-	ul_dscp = strtol(dscp, &pend, 0);
-	if (*pend)
+	ul_dscp = strtoul(dscp, &pend, 0);
+	if (pend && *pend)
 		raw_dscp = pbr_map_decode_dscp_enum(dscp);
 	else
 		raw_dscp = ul_dscp << 2;
 	if (raw_dscp > PBR_DSFIELD_DSCP) {
 		vty_out(vty, "Invalid dscp value: %s%s\n", dscp,
-			(pend ? "" : " (numeric value must be in range 0-63)"));
+			((pend && *pend) ? "" : " (numeric value must be in range 0-63)"));
 		return CMD_WARNING_CONFIG_FAILED;
 	}
 
@@ -859,19 +859,19 @@ DEFPY  (pbr_map_action_dscp,
 	}
 
 	unsigned long ul_dscp;
-	char *pend;
+	char *pend = NULL;
 	uint8_t raw_dscp;
 
 	assert(dscp);
-	ul_dscp = strtol(dscp, &pend, 0);
-	if (*pend)
+	ul_dscp = strtoul(dscp, &pend, 0);
+	if (pend && *pend)
 		raw_dscp = pbr_map_decode_dscp_enum(dscp);
 	else
 		raw_dscp = ul_dscp << 2;
 
 	if (raw_dscp > PBR_DSFIELD_DSCP) {
 		vty_out(vty, "Invalid dscp value: %s%s\n", dscp,
-			(pend ? "" : " (numeric value must be in range 0-63)"));
+			((pend && *pend) ? "" : " (numeric value must be in range 0-63)"));
 		return CMD_WARNING_CONFIG_FAILED;
 	}
 	if (CHECK_FLAG(pbrms->action_bm, PBR_ACTION_DSCP) &&

From eb3929b4faf8bfbc2f7a06782714fef9e5d0838b Mon Sep 17 00:00:00 2001
From: "G. Paul Ziemba" <paulz@labn.net>
Date: Fri, 18 Aug 2023 11:14:25 -0700
Subject: [PATCH 3/4] pbrd: address 230815 coverity: pbr_vty.c pbrms

Signed-off-by: G. Paul Ziemba <paulz@labn.net>
---
 pbrd/pbr_vty.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/pbrd/pbr_vty.c b/pbrd/pbr_vty.c
index 9643fb955a0a..c20d7a5b57ef 100644
--- a/pbrd/pbr_vty.c
+++ b/pbrd/pbr_vty.c
@@ -790,6 +790,9 @@ DEFPY  (pbr_map_action_src_port,
 	/* clang-format on */
 	struct pbr_map_sequence *pbrms = VTY_GET_CONTEXT(pbr_map_sequence);
 
+	if (!pbrms)
+		return CMD_WARNING_CONFIG_FAILED;
+
 	if (no) {
 		if (!CHECK_FLAG(pbrms->action_bm, PBR_ACTION_SRC_PORT))
 			return CMD_SUCCESS;
@@ -821,6 +824,9 @@ DEFPY  (pbr_map_action_dst_port,
 	/* clang-format on */
 	struct pbr_map_sequence *pbrms = VTY_GET_CONTEXT(pbr_map_sequence);
 
+	if (!pbrms)
+		return CMD_WARNING_CONFIG_FAILED;
+
 	if (no) {
 		if (!CHECK_FLAG(pbrms->action_bm, PBR_ACTION_DST_PORT))
 			return CMD_SUCCESS;
@@ -851,6 +857,9 @@ DEFPY  (pbr_map_action_dscp,
 	/* clang-format on */
 	struct pbr_map_sequence *pbrms = VTY_GET_CONTEXT(pbr_map_sequence);
 
+	if (!pbrms)
+		return CMD_WARNING_CONFIG_FAILED;
+
 	if (no) {
 		if (!CHECK_FLAG(pbrms->action_bm, PBR_ACTION_DSCP))
 			return CMD_SUCCESS;
@@ -898,6 +907,9 @@ DEFPY  (pbr_map_action_ecn,
 	/* clang-format on */
 	struct pbr_map_sequence *pbrms = VTY_GET_CONTEXT(pbr_map_sequence);
 
+	if (!pbrms)
+		return CMD_WARNING_CONFIG_FAILED;
+
 	if (no) {
 		if (!CHECK_FLAG(pbrms->action_bm, PBR_ACTION_ECN))
 			return CMD_SUCCESS;

From 5cde1e89f06b8a8795f694b5c9ee7b78cd0b50f0 Mon Sep 17 00:00:00 2001
From: "G. Paul Ziemba" <paulz@labn.net>
Date: Fri, 18 Aug 2023 11:19:05 -0700
Subject: [PATCH 4/4] pbrd: address 230815 coverity: pbr_vty.c vrf_name

Signed-off-by: G. Paul Ziemba <paulz@labn.net>
---
 pbrd/pbr_vty.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pbrd/pbr_vty.c b/pbrd/pbr_vty.c
index c20d7a5b57ef..3dbb0b958bb2 100644
--- a/pbrd/pbr_vty.c
+++ b/pbrd/pbr_vty.c
@@ -1354,6 +1354,7 @@ DEFPY(pbr_map_vrf, pbr_map_vrf_cmd,
 	 * If an equivalent set vrf * exists, just return success.
 	 */
 	if ((pbrms->forwarding_type == PBR_FT_SETVRF) &&
+	    vrf_name &&
 	    strncmp(pbrms->vrf_name, vrf_name, sizeof(pbrms->vrf_name)) == 0)
 		return CMD_SUCCESS;
 	else if (!vrf_name && (pbrms->forwarding_type == PBR_FT_VRF_UNCHANGED))