Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

7 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)


** CID 462165: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 904 in local_draw_rect()


________________________________________________________________________________________________________
*** CID 462165: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 904 in local_draw_rect()
898 x11.XFillRectangle(dpy, win, gc, 0, yoff, xoff, yoff + xim->height);
899 x11.XFillRectangle(dpy, win, gc, xoff+xim->width, yoff, w, yoff + xim->height);
900 x11.XFillRectangle(dpy, win, gc, 0, yoff + xim->height, w, h);
901 }
902 if (x_internal_scaling || xrender_found == false) {
903 if (last == NULL)

CID 462165: Null pointer dereferences (FORWARD_NULL)
Dereferencing null pointer "source".

904 x11.XPutImage(dpy, win, gc, xim, 0, 0, xoff, yoff, source->w, source->h);
905 else {
906 release_buffer(last);
907 last = NULL;
908 }
909 }

** CID 462164: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 448 in internal_setwinsize()


________________________________________________________________________________________________________
*** CID 462164: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 448 in internal_setwinsize()
442 pthread_mutex_lock(&win_mutex);
443 sdl.GetWindowSize(win, &w, &h);
444 pthread_mutex_unlock(&win_mutex);
445 if (w != vs->winwidth || h != vs->winheight)
446 changed = true;
447 pthread_mutex_unlock(&vstatlock);

CID 462164: Concurrent data access violations (MISSING_LOCK)
Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).

448 vstat.scaling = sdl_getscaling();
449 }
450 if (changed)
451 setup_surfaces(vs);
452 }
453

** CID 462163: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 408 in update_cvstat()


________________________________________________________________________________________________________
*** CID 462163: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 408 in update_cvstat()
402 }
403
404 static void
405 update_cvstat(struct video_stats *vs)
406 {
407 if (vs != NULL && vs != &vstat) {

CID 462163: Concurrent data access violations (MISSING_LOCK)
Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).

408 vstat.scaling = sdl_getscaling();
409 pthread_mutex_lock(&vstatlock);
410 *vs = vstat;
411 pthread_mutex_unlock(&vstatlock);
412 }
413 }

** CID 462162: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 657 in setup_surfaces()


________________________________________________________________________________________________________
*** CID 462162: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Jun-03-2023/src/conio/sdl_con.c: 657 in setup_surfaces()
651 else if(sdl_init_good) {
652 ev.type=SDL_QUIT;
653 sdl_exitcode=1;
654 sdl.PeepEvents(&ev, 1, SDL_ADDEVENT, SDL_FIRSTEVENT, SDL_LASTEVENT);
655 }
656 pthread_mutex_unlock(&win_mutex);

CID 462162: Concurrent data access violations (MISSING_LOCK)
Accessing "vstat.scaling" without holding lock "vstatlock". Elsewhere, "video_stats.scaling" is accessed with "vstatlock" held 13 out of 18 times (1 of these accesses strongly imply that it is necessary).

657 vstat.scaling = sdl_getscaling();
658 }
659
660 /* Called from event thread only */
661 static void sdl_add_key(unsigned int keyval, struct video_stats *vs) 662 {

** CID 462161: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 511 in x_init()


________________________________________________________________________________________________________
*** CID 462161: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 511 in x_init()
505 xp_dlclose(dl);
506 return(-1);
507 }
508 #ifdef WITH_XRENDER
509 xrender_found = true;
510 if ((dl2 = xp_dlopen(libnames2,RTLD_LAZY,7)) == NULL) {

CID 462161: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "dl2" to "dlclose", which dereferences it.

511 xp_dlclose(dl2);
512 xrender_found = false;
513 }
514 if (xrender_found && ((x11.XRenderFindStandardFormat = xp_dlsym(dl2, XRenderFindStandardFormat)) == NULL)) {
515 xp_dlclose(dl);
516 xrender_found = false;

** CID 462160: Null pointer dereferences (REVERSE_INULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 589 in init_window()


________________________________________________________________________________________________________
*** CID 462160: Null pointer dereferences (REVERSE_INULL) /tmp/sbbs-Jun-03-2023/src/conio/x_events.c: 589 in init_window()
583 if (classhints) {
584 classhints->res_name = (char *)ciolib_initial_program_name;
585 classhints->res_class = (char *)ciolib_initial_program_class;
586 }
587 wmhints=x11.XAllocWMHints();
588 wmhints->flags = 0;

CID 462160: Null pointer dereferences (REVERSE_INULL)
Null-checking "wmhints" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

589 if(wmhints) {
590 wmhints->initial_state=NormalState;
591 wmhints->flags |= (StateHint | InputHint);
592 wmhints->input = True;
593 set_icon(ciolib_initial_icon, ciolib_initial_icon_width, wmhints);
594 x11.XSetWMProperties(dpy, win, NULL, NULL, 0, 0, NULL, wmhints, classhints);

** CID 462159: (RESOURCE_LEAK)
/tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 591 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 557 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 563 in x_init() /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 570 in x_init()


________________________________________________________________________________________________________
*** CID 462159: (RESOURCE_LEAK)
/tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 591 in x_init()
585 xp_dlclose(dl);
586 sem_destroy(&pastebuf_set);
587 sem_destroy(&pastebuf_used);
588 sem_destroy(&init_complete);
589 sem_destroy(&mode_set);
590 pthread_mutex_destroy(&copybuf_mutex);

CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.

591 return(-1);
592 }
593 _beginthread(x11_mouse_thread,1<<16,NULL);
594 cio_api.options |= CONIO_OPT_SET_TITLE | CONIO_OPT_SET_NAME | CONIO_OPT_SET_ICON;
595 return(0);
596 }
/tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init()
546 #endif
547 setlocale(LC_ALL, "");
548 x11.XSetLocaleModifiers("@im=none");
549
550 if(sem_init(&pastebuf_set, 0, 0)) {
551 xp_dlclose(dl);

CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.

552 return(-1);
553 }
554 if(sem_init(&pastebuf_used, 0, 0)) {
555 xp_dlclose(dl);
556 sem_destroy(&pastebuf_set);
557 return(-1);
/tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init()
546 #endif
547 setlocale(LC_ALL, "");
548 x11.XSetLocaleModifiers("@im=none");
549
550 if(sem_init(&pastebuf_set, 0, 0)) {
551 xp_dlclose(dl);

CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.

552 return(-1);
553 }
554 if(sem_init(&pastebuf_used, 0, 0)) {
555 xp_dlclose(dl);
556 sem_destroy(&pastebuf_set);
557 return(-1);
/tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 557 in x_init()
551 xp_dlclose(dl);
552 return(-1);
553 }
554 if(sem_init(&pastebuf_used, 0, 0)) {
555 xp_dlclose(dl);
556 sem_destroy(&pastebuf_set);

CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.

557 return(-1);
558 }
559 if(sem_init(&init_complete, 0, 0)) {
560 xp_dlclose(dl);
561 sem_destroy(&pastebuf_set);
562 sem_destroy(&pastebuf_used); /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 552 in x_init()
546 #endif
547 setlocale(LC_ALL, "");
548 x11.XSetLocaleModifiers("@im=none");
549
550 if(sem_init(&pastebuf_set, 0, 0)) {
551 xp_dlclose(dl);

CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.

552 return(-1);
553 }
554 if(sem_init(&pastebuf_used, 0, 0)) {
555 xp_dlclose(dl);
556 sem_destroy(&pastebuf_set);
557 return(-1);
/tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 563 in x_init()
557 return(-1);
558 }
559 if(sem_init(&init_complete, 0, 0)) {
560 xp_dlclose(dl);
561 sem_destroy(&pastebuf_set);
562 sem_destroy(&pastebuf_used);

CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.

563 return(-1);
564 }
565 if(sem_init(&mode_set, 0, 0)) {
566 xp_dlclose(dl);
567 sem_destroy(&pastebuf_set);
568 sem_destroy(&pastebuf_used); /tmp/sbbs-Jun-03-2023/src/conio/x_cio.c: 570 in x_init()
564 }
565 if(sem_init(&mode_set, 0, 0)) {
566 xp_dlclose(dl);
567 sem_destroy(&pastebuf_set);
568 sem_destroy(&pastebuf_used);
569 sem_destroy(&init_complete);

CID 462159: (RESOURCE_LEAK)
Variable "dl2" going out of scope leaks the storage it points to.

570 return(-1);
571 }
572
573 if(pthread_mutex_init(&copybuf_mutex, 0)) {
574 xp_dlclose(dl);
575 sem_destroy(&pastebuf_set);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DIG4__g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrBPyDfdctenEpBqzGZNVHs42ttgLTzzOGVhZnCvXDhpCF9jzW-2Bs67lHgn4mRJqKpKp0lKywESuC-2B8aPwq-2BHoGo6NvVv2XtDxVwk0ttDNXD70ZWDHBkynCZQ-2FnfDOJmi8gjr3lodcSxrI82eFAdcseucYkY4oNbs56dG5-2FpY2OKpzQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

6 new defect(s) introduced to Synchronet found with Coverity Scan.
9 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 462184: (RESOURCE_LEAK)
/smbutil.c: 1166 in packmsgs()
/smbutil.c: 1161 in packmsgs()
/smbutil.c: 1249 in packmsgs()


________________________________________________________________________________________________________
*** CID 462184: (RESOURCE_LEAK)
/smbutil.c: 1166 in packmsgs()
1160 if(fread(&hdr,1,sizeof(smbhdr_t),smb.shd_fp) < 1)
1161 return;
1162 fwrite(&hdr,1,sizeof(smbhdr_t),tmp_shd);
1163 fwrite(&(smb.status),1,sizeof(smbstatus_t),tmp_shd);
1164 for(l=sizeof(smbhdr_t)+sizeof(smbstatus_t);l<smb.status.header_offset;l++) {
1165 if(fread(&ch,1,1,smb.shd_fp) < 1) /* copy additional base header records */

CID 462184: (RESOURCE_LEAK)
Variable "datoffset" going out of scope leaks the storage it points to. 1166 return;

1167 fwrite(&ch,1,1,tmp_shd);
1168 }
1169 total=0;
1170 for(l=0;l<smb.status.total_msgs;l++) {
1171 ZERO_VAR(msg);
/smbutil.c: 1161 in packmsgs()
1155 fclose(tmp_sid);
1156 fprintf(errfp,"\n%s!Error allocating memory\n",beep); 1157 return;
1158 }
1159 fseek(smb.shd_fp,0L,SEEK_SET);
1160 if(fread(&hdr,1,sizeof(smbhdr_t),smb.shd_fp) < 1)

CID 462184: (RESOURCE_LEAK)
Variable "datoffset" going out of scope leaks the storage it points to. 1161 return;

1162 fwrite(&hdr,1,sizeof(smbhdr_t),tmp_shd);
1163 fwrite(&(smb.status),1,sizeof(smbstatus_t),tmp_shd);
1164 for(l=sizeof(smbhdr_t)+sizeof(smbstatus_t);l<smb.status.header_offset;l++) {
1165 if(fread(&ch,1,1,smb.shd_fp) < 1) /* copy additional base header records */
1166 return;
/smbutil.c: 1249 in packmsgs()
1243
1244 /* Actually copy the data */
1245
1246 n=smb_datblocks(m);
1247 for(m=0;m<n;m++) {
1248 if(fread(buf,1,SDT_BLOCK_LEN,smb.sdt_fp) < 1)

CID 462184: (RESOURCE_LEAK)
Variable "datoffset" going out of scope leaks the storage it points to. 1249 return;

1250 if(!m && *(ushort *)buf!=XLAT_NONE && *(ushort *)buf!=XLAT_LZH) {
1251 printf("\nUnsupported translation type (%04X)\n"
1252 ,*(ushort *)buf);
1253 break;
1254 }

** CID 462183: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 564 in x_init()


________________________________________________________________________________________________________
*** CID 462183: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 564 in x_init()
558 xrender_found = false;
559 }
560 #endif
561 #ifdef WITH_XINERAMA
562 xinerama_found = true;
563 if ((dl3 = xp_dlopen(libnames3,RTLD_LAZY,1)) == NULL) {

CID 462183: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "dl3" to "dlclose", which dereferences it.

564 xp_dlclose(dl3);
565 xinerama_found = false;
566 }
567 if (xinerama_found && ((x11.XineramaQueryVersion = xp_dlsym(dl3, XineramaQueryVersion)) == NULL)) {
568 xp_dlclose(dl3);
569 xinerama_found = false;

** CID 462182: (RESOURCE_LEAK)
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 619 in x_init() /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 608 in x_init() /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 613 in x_init() /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 626 in x_init() /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 647 in x_init()


________________________________________________________________________________________________________
*** CID 462182: (RESOURCE_LEAK)
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 619 in x_init()
613 return(-1);
614 }
615 if(sem_init(&init_complete, 0, 0)) {
616 xp_dlclose(dl);
617 sem_destroy(&pastebuf_set);
618 sem_destroy(&pastebuf_used);

CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.

619 return(-1);
620 }
621 if(sem_init(&mode_set, 0, 0)) {
622 xp_dlclose(dl);
623 sem_destroy(&pastebuf_set);
624 sem_destroy(&pastebuf_used); /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 608 in x_init()
602 #endif
603 setlocale(LC_ALL, "");
604 x11.XSetLocaleModifiers("@im=none");
605
606 if(sem_init(&pastebuf_set, 0, 0)) {
607 xp_dlclose(dl);

CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.

608 return(-1);
609 }
610 if(sem_init(&pastebuf_used, 0, 0)) {
611 xp_dlclose(dl);
612 sem_destroy(&pastebuf_set);
613 return(-1);
/tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 613 in x_init()
607 xp_dlclose(dl);
608 return(-1);
609 }
610 if(sem_init(&pastebuf_used, 0, 0)) {
611 xp_dlclose(dl);
612 sem_destroy(&pastebuf_set);

CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.

613 return(-1);
614 }
615 if(sem_init(&init_complete, 0, 0)) {
616 xp_dlclose(dl);
617 sem_destroy(&pastebuf_set);
618 sem_destroy(&pastebuf_used); /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 626 in x_init()
620 }
621 if(sem_init(&mode_set, 0, 0)) {
622 xp_dlclose(dl);
623 sem_destroy(&pastebuf_set);
624 sem_destroy(&pastebuf_used);
625 sem_destroy(&init_complete);

CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.

626 return(-1);
627 }
628
629 if(pthread_mutex_init(&copybuf_mutex, 0)) {
630 xp_dlclose(dl);
631 sem_destroy(&pastebuf_set); /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 647 in x_init()
641 xp_dlclose(dl);
642 sem_destroy(&pastebuf_set);
643 sem_destroy(&pastebuf_used);
644 sem_destroy(&init_complete);
645 sem_destroy(&mode_set);
646 pthread_mutex_destroy(&copybuf_mutex);

CID 462182: (RESOURCE_LEAK)
Variable "dl4" going out of scope leaks the storage it points to.

647 return(-1);
648 }
649 _beginthread(x11_mouse_thread,1<<16,NULL);
650 cio_api.options |= CONIO_OPT_SET_TITLE | CONIO_OPT_SET_NAME | CONIO_OPT_SET_ICON;
651 return(0);
652 }

** CID 462181: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 608 in x_init()


________________________________________________________________________________________________________
*** CID 462181: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 608 in x_init()
602 #endif
603 setlocale(LC_ALL, "");
604 x11.XSetLocaleModifiers("@im=none");
605
606 if(sem_init(&pastebuf_set, 0, 0)) {
607 xp_dlclose(dl);

CID 462181: Resource leaks (RESOURCE_LEAK)
Variable "dl3" going out of scope leaks the storage it points to.

608 return(-1);
609 }
610 if(sem_init(&pastebuf_used, 0, 0)) {
611 xp_dlclose(dl);
612 sem_destroy(&pastebuf_set);
613 return(-1);

** CID 462180: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 579 in x_init()


________________________________________________________________________________________________________
*** CID 462180: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-04-2023/src/conio/x_cio.c: 579 in x_init()
573 xinerama_found = false;
574 }
575 #endif
576 #ifdef WITH_XRANDR
577 xrandr_found = true;
578 if ((dl4 = xp_dlopen(libnames4,RTLD_LAZY,2)) == NULL) {

CID 462180: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "dl4" to "dlclose", which dereferences it.

579 xp_dlclose(dl4);
580 xrandr_found = false;
581 }
582 if (xinerama_found && ((x11.XRRQueryVersion = xp_dlsym(dl4, XRRQueryVersion)) == NULL)) {
583 xp_dlclose(dl4);
584 xrandr_found = false;

** CID 462179: Control flow issues (DEADCODE) /tmp/sbbs-Jun-04-2023/src/conio/x_events.c: 304 in fullscreen_geometry()


________________________________________________________________________________________________________
*** CID 462179: Control flow issues (DEADCODE) /tmp/sbbs-Jun-04-2023/src/conio/x_events.c: 304 in fullscreen_geometry()
298 *height = xrrci->height;
299 if (xrrci != NULL)
300 x11.XRRFreeCrtcInfo(xrrci);
301 return true;
302 }
303 if (xrrci != NULL)

CID 462179: Control flow issues (DEADCODE)
Execution cannot reach this statement: "x11.XRRFreeCrtcInfo(xrrci);". 304 x11.XRRFreeCrtcInfo(xrrci);

305 }
306 #endif
307 #ifdef WITH_XINERAMA
308 if (xinerama_found) {
309 // NOTE: Xinerama is limited to a short for the entire screen dimensions.


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DlE0W_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCCsYoL8-2BRAB8pSd-2BoykiJD4ftNgwReCmSBDHZUsIOaydl7n91VpHFpH-2B-2B6udD22Zx0rJjM18W-2BwzJlbPPHAhfNuJskDA1GbbK5bVcFums-2B-2FM-2F0YW6XnLxiKz5gFyKgOgNGYfroq20XOP9rDSr4aT-2Fr9-2BqXnGFlm6brcyj727rBsg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

6 new defect(s) introduced to Synchronet found with Coverity Scan.
38 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 462239: (CHECKED_RETURN) /tmp/sbbs-Jun-06-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 428 in dlmmap_locked()
/tmp/sbbs-Jun-06-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 416 in dlmmap_locked()


________________________________________________________________________________________________________
*** CID 462239: (CHECKED_RETURN) /tmp/sbbs-Jun-06-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 428 in dlmmap_locked()
422
423 start = mmap (start, length, prot, flags, execfd, offset);
424
425 if (start == MFAIL)
426 {
427 munmap (ptr, length);

CID 462239: (CHECKED_RETURN)
Calling "ftruncate" without checking return value (as is done elsewhere 45 out of 52 times).

428 ftruncate (execfd, offset);
429 return start;
430 }
431
432 mmap_exec_offset ((char *)start, length) = (char*)ptr - (char*)start; 433 /tmp/sbbs-Jun-06-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 416 in dlmmap_locked()
410 {
411 if (!offset)
412 {
413 close (execfd);
414 goto retry_open;
415 }

CID 462239: (CHECKED_RETURN)
Calling "ftruncate" without checking return value (as is done elsewhere 45 out of 52 times).

416 ftruncate (execfd, offset);
417 return MFAIL;
418 }
419 else if (!offset
420 && open_temp_exec_file_opts[open_temp_exec_file_opts_idx].repeat)
421 open_temp_exec_file_opts_next ();

** CID 462238: (RESOURCE_LEAK)
/writemsg.cpp: 1731 in sbbs_t::editmsg(smb_t *, smbmsg_t *)()
/writemsg.cpp: 1717 in sbbs_t::editmsg(smb_t *, smbmsg_t *)()


________________________________________________________________________________________________________
*** CID 462238: (RESOURCE_LEAK)
/writemsg.cpp: 1731 in sbbs_t::editmsg(smb_t *, smbmsg_t *)()
1725 if(j>1 && (j!=x || feof(instream)) && buf[j-1]==LF && buf[j-2]==CR)
1726 buf[j-1]=buf[j-2]=0; /* Convert to NULL */ 1727 if(fwrite(buf,j,1,smb->sdt_fp) != 1) {
1728 errormsg(WHERE, ERR_WRITE, smb->file, j);
1729 smb_unlocksmbhdr(smb);
1730 smb_freemsgdat(smb,offset,length,1);

CID 462238: (RESOURCE_LEAK)
Variable "instream" going out of scope leaks the storage it points to. 1731 return false;

1732 }
1733 x=SDT_BLOCK_LEN;
1734 }
1735 fflush(smb->sdt_fp);
1736 fclose(instream);
/writemsg.cpp: 1717 in sbbs_t::editmsg(smb_t *, smbmsg_t *)()
1711 fseeko(smb->sdt_fp,offset,SEEK_SET);
1712 xlat=XLAT_NONE;
1713 if(fwrite(&xlat,2,1,smb->sdt_fp) != 1) {
1714 errormsg(WHERE, ERR_WRITE, smb->file, 2);
1715 smb_unlocksmbhdr(smb);
1716 smb_freemsgdat(smb,offset,length,1);

CID 462238: (RESOURCE_LEAK)
Variable "instream" going out of scope leaks the storage it points to. 1717 return false;

1718 }
1719 x=SDT_BLOCK_LEN-2; /* Don't read/write more than 255 */
1720 while(!feof(instream)) {
1721 memset(buf,0,x);
1722 j=fread(buf,1,x,instream);

** CID 462237: Resource leaks (RESOURCE_LEAK)
/writemsg.cpp: 244 in sbbs_t::process_edited_file(const char *, const char *, int, unsigned int *, unsigned int)()


________________________________________________________________________________________________________
*** CID 462237: Resource leaks (RESOURCE_LEAK)
/writemsg.cpp: 244 in sbbs_t::process_edited_file(const char *, const char *, int, unsigned int *, unsigned int)()
238 }
239
240 memset(buf,0,len+1);
241 int rd = fread(buf,len,1,fp);
242 fclose(fp);
243 if(rd != 1)

CID 462237: Resource leaks (RESOURCE_LEAK)
Variable "buf" going out of scope leaks the storage it points to.

244 return -4;
245
246 if((fp=fopen(dest,"wb"))!=NULL) {
247 len=process_edited_text(buf, fp, mode, lines, maxlines);
248 fclose(fp);
249 }

** CID 462236: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-06-2023/src/conio/x_cio.c: 588 in x_initciolib()


________________________________________________________________________________________________________
*** CID 462236: Null pointer dereferences (FORWARD_NULL) /tmp/sbbs-Jun-06-2023/src/conio/x_cio.c: 588 in x_initciolib()
582 }
583 #endif
584 #ifdef WITH_XRANDR
585 xrandr_found = true;
586 if ((dl4 = xp_dlopen(libnames4,RTLD_LAZY,2)) == NULL)
587 xrandr_found = false;

CID 462236: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "dl4" to "dlsym", which dereferences it.

588 if (xinerama_found && ((x11.XRRQueryVersion = xp_dlsym(dl4, XRRQueryVersion)) == NULL)) {
589 xp_dlclose(dl4);
590 xrandr_found = false;
591 }
592 if (xinerama_found && ((x11.XRRGetScreenResources = xp_dlsym(dl4, XRRGetScreenResources)) == NULL)) {
593 xp_dlclose(dl4);

** CID 462235: Resource leaks (RESOURCE_LEAK)
/fmsgdump.c: 114 in msgdump()


________________________________________________________________________________________________________
*** CID 462235: Resource leaks (RESOURCE_LEAK)
/fmsgdump.c: 114 in msgdump()
108 fprintf(stderr, "!MALLOC failure\n");
109 return __COUNTER__;
110 }
111 fseek(fp, sizeof(hdr), SEEK_SET);
112 if(fread(body, len, 1, fp) != 1) {
113 perror("reading body text");

CID 462235: Resource leaks (RESOURCE_LEAK)
Variable "body" going out of scope leaks the storage it points to.

114 return __COUNTER__;
115 }
116 fprintf(bodyfp, "\n-start of message text-\n");
117 char* p = body;
118 while(*p && p < body + len) {
119 if((p == body || *(p - 1) == '\r') && *p == 1) {

** CID 462234: Resource leaks (RESOURCE_LEAK)
/netmail.cpp: 303 in sbbs_t::netmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()


________________________________________________________________________________________________________
*** CID 462234: Resource leaks (RESOURCE_LEAK)
/netmail.cpp: 303 in sbbs_t::netmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
297 errormsg(WHERE,ERR_ALLOC,str,length);
298 return(false);
299 }
300 if(read(file,buf,length) != length) {
301 close(file);
302 errormsg(WHERE, ERR_READ, str, length);

CID 462234: Resource leaks (RESOURCE_LEAK)
Variable "buf" going out of scope leaks the storage it points to.

303 return false;
304 }
305 close(file);
306
307 smb_net_type_t nettype = NET_FIDO;
308 smb_hfield_str(&msg,SENDER, from);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DcBRy_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrB-2FxlaM9N-2BytN4abAlhxBOfL2Gc48Kht9DWsIw0TGq4KCIUCjvrRsYhjbSc3n6GrPlyk6u8jzpB0aqRS4dcNK81E-2FeN0SyAuTTv987PncAi-2FzopZuXT78jKuoT04lLRnCeEbfBKD6ahQnLeiOpkIZgmfmv57IglbC4RNT9dRkvaUQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

14 new defect(s) introduced to Synchronet found with Coverity Scan.
28 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 14 of 14 defect(s)


** CID 462300: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3525 in do_ansi()


________________________________________________________________________________________________________
*** CID 462300: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3525 in do_ansi()
3519 case 'e': /* Line Position Forward */
3520 seq_default(seq, 0, 1);
3521 if (seq->param_int[0] < 1)
3522 break; 3523 adjust_currpos(cterm, 0, seq->param_int[0], 0);
3524 break;

CID 462300: Control flow issues (MISSING_BREAK)
The case for value "'a'" is not terminated by a "break" statement.

3525 case 'a': /* Character Position Forward */
3526 clear_lcf(cterm);
3527 case 'C': /* Cursor Right */
3528 seq_default(seq, 0, 1);
3529 if (seq->param_int[0] < 1)
3530 break;

** CID 462299: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3533 in do_ansi()


________________________________________________________________________________________________________
*** CID 462299: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3533 in do_ansi()
3527 case 'C': /* Cursor Right */
3528 seq_default(seq, 0, 1);
3529 if (seq->param_int[0] < 1)
3530 break; 3531 adjust_currpos(cterm, seq->param_int[0], 0, 0);
3532 break;

CID 462299: Control flow issues (MISSING_BREAK)
The case for value "'j'" is not terminated by a "break" statement.

3533 case 'j': /* Character Position Backward */
3534 clear_lcf(cterm);
3535 case 'D': /* Cursor Left */
3536 seq_default(seq, 0, 1);
3537 if (seq->param_int[0] < 1)
3538 break;

** CID 462298: (NEGATIVE_RETURNS)


________________________________________________________________________________________________________
*** CID 462298: (NEGATIVE_RETURNS)
/exec.cpp: 1892 in sbbs_t::exec(csi_t *)()
1886 }
1887 else
1888 csi->logic=LOGIC_FALSE;
1889 return(0);
1890
1891 case CS_SELECT_EDITOR:

CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1892 csi->logic=select_editor() ? LOGIC_TRUE:LOGIC_FALSE;

1893 return(0);
1894 case CS_SET_EDITOR:
1895 csi->logic=LOGIC_TRUE;
1896 for(i=0;i<cfg.total_xedits;i++)
1897 if(!stricmp(csi->str,cfg.xedit[i]->code)
/exec.cpp: 1880 in sbbs_t::exec(csi_t *)()
1874 case CS_SELECT_SHELL:
1875 csi->logic=select_shell() ? LOGIC_TRUE:LOGIC_FALSE;
1876 return(0);
1877 case CS_SET_SHELL:
1878 csi->logic=LOGIC_TRUE;
1879 for(i=0;i<cfg.total_shells;i++)

CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1880 if(!stricmp(csi->str,cfg.shell[i]->code)

1881 && chk_ar(cfg.shell[i]->ar,&useron,&client))
1882 break;
1883 if(i<cfg.total_shells) {
1884 useron.shell=i;
1885 putuserstr(useron.number, USER_SHELL, cfg.shell[i]->code);
/exec.cpp: 1181 in sbbs_t::exec(csi_t *)()
1175 now=time(NULL);
1176
1177 if(csi->ip>=csi->cs+csi->length)
1178 return(1);
1179
1180 if(*csi->ip>=CS_FUNCTIONS)

CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1181 return(exec_function(csi));

1182
1183 /**********************************************/
1184 /* Miscellaneous variable length instructions */
1185 /**********************************************/
1186
/exec.cpp: 1499 in sbbs_t::exec(csi_t *)()
1493
1494 if(*csi->ip>=CS_TWO_BYTE) {
1495 switch(*(csi->ip++)) {
1496 case CS_TWO_MORE_BYTES:
1497 switch(*(csi->ip++)) {
1498 case CS_USER_EVENT:

CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1499 user_event((user_event_t)*(csi->ip++));

1500 return(0);
1501 }
1502 errormsg(WHERE,ERR_CHK,"shell instruction",*(csi->ip-1));
1503 return(0);
1504 case CS_SETLOGIC:
/exec.cpp: 1181 in sbbs_t::exec(csi_t *)()
1175 now=time(NULL);
1176
1177 if(csi->ip>=csi->cs+csi->length)
1178 return(1);
1179
1180 if(*csi->ip>=CS_FUNCTIONS)

CID 462298: (NEGATIVE_RETURNS)
"this->cursubnum" is passed to a parameter that cannot be negative. 1181 return(exec_function(csi));

1182
1183 /**********************************************/
1184 /* Miscellaneous variable length instructions */
1185 /**********************************************/
1186
/exec.cpp: 1761 in sbbs_t::exec(csi_t *)()
1755 if(logon())
1756 csi->logic=LOGIC_TRUE; 1757 else
1758 csi->logic=LOGIC_FALSE; 1759 return(0);
1760 case CS_LOGOUT:

CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1761 logout();

1762 return(0);
1763 case CS_EXIT:
1764 return(1);
1765 case CS_LOOP_BEGIN:
1766 if(csi->loops<MAX_LOOPDEPTH) /exec.cpp: 1538 in sbbs_t::exec(csi_t *)()
1532 thisnode.status=*csi->ip++; 1533 putnodedat(cfg.node_num,&thisnode);
1534 } else
1535 csi->ip++;
1536 return(0);
1537 case CS_MULTINODE_CHAT:

CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1538 multinodechat(*csi->ip++);

1539 return(0);
1540 case CS_GETSTR:
1541 csi->logic=LOGIC_TRUE;
1542 getstr(csi->str,*csi->ip++,0);
1543 if(sys_status&SS_ABORT) {
/exec.cpp: 1875 in sbbs_t::exec(csi_t *)()
1869 saveline();
1870 return(0);
1871 case CS_RESTORELINE:
1872 restoreline();
1873 return(0);
1874 case CS_SELECT_SHELL:

CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1875 csi->logic=select_shell() ? LOGIC_TRUE:LOGIC_FALSE;

1876 return(0);
1877 case CS_SET_SHELL:
1878 csi->logic=LOGIC_TRUE;
1879 for(i=0;i<cfg.total_shells;i++)
1880 if(!stricmp(csi->str,cfg.shell[i]->code)
/exec.cpp: 1897 in sbbs_t::exec(csi_t *)()
1891 case CS_SELECT_EDITOR:
1892 csi->logic=select_editor() ? LOGIC_TRUE:LOGIC_FALSE;
1893 return(0);
1894 case CS_SET_EDITOR:
1895 csi->logic=LOGIC_TRUE;
1896 for(i=0;i<cfg.total_xedits;i++)

CID 462298: (NEGATIVE_RETURNS)
"this->curdirnum" is passed to a parameter that cannot be negative. 1897 if(!stricmp(csi->str,cfg.xedit[i]->code)

1898 && chk_ar(cfg.xedit[i]->ar,&useron,&client))
1899 break;
1900 if(i<cfg.total_xedits) {
1901 useron.xedit=i+1;
1902 putuserstr(useron.number, USER_XEDIT, cfg.xedit[i]->code);

** CID 462297: Uninitialized variables (UNINIT)


________________________________________________________________________________________________________
*** CID 462297: Uninitialized variables (UNINIT)
/readmsgs.cpp: 218 in sbbs_t::loadposts(unsigned int *, int, unsigned int, int, unsigned int *, unsigned int *)()
212 if(idx.to!=namecrc && idx.from!=namecrc
213 && idx.to!=aliascrc && idx.from!=aliascrc
214 && (useron.number!=1 || idx.to!=sysop)) 215 continue;
216 msg.idx=idx;
217 if(!smb_lockmsghdr(&smb,&msg)) {

CID 462297: Uninitialized variables (UNINIT)
Using uninitialized value "msg.idx_offset" when calling "smb_getmsghdr".

218 if(!smb_getmsghdr(&smb,&msg)) {
219 if(stricmp(msg.to,useron.alias) 220 && stricmp(msg.from,useron.alias)
221 && stricmp(msg.to,useron.name)
222 && stricmp(msg.from,useron.name)
223 && (useron.number!=1 || stricmp(msg.to,"sysop")

** CID 462296: Integer handling issues (SIGN_EXTENSION)
/writemsg.cpp: 296 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()


________________________________________________________________________________________________________
*** CID 462296: Integer handling issues (SIGN_EXTENSION)
/writemsg.cpp: 296 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
290
291 useron_level=useron.level;
292
293 if(editor!=NULL)
294 *editor=NULL;
295

CID 462296: Integer handling issues (SIGN_EXTENSION)
Suspicious implicit sign extension: "this->cfg.level_linespermsg[useron_level]" with type "uint16_t" (16 bits, unsigned) is promoted in "this->cfg.level_linespermsg[useron_level] * (this->cols - 1 + 2) + 1" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->cfg.level_linespermsg[useron_level] * (this->cols - 1 + 2) + 1" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

296 if((buf=(char*)malloc((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) + 1))
297 ==NULL) {
298 errormsg(WHERE,ERR_ALLOC,fname
299 ,(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) +1);
300 return(false);
301 }

** CID 462295: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3509 in do_ansi()


________________________________________________________________________________________________________
*** CID 462295: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3509 in do_ansi()
3503 seq->param_int[0] = cterm->width - j;
3504 MOVETEXT(col, row, max_col - seq->param_int[0], row, col + seq->param_int[0], row);
3505 for(l=0; l < seq->param_int[0]; l++)
3506 PUTCH(' ');
3507 cterm_gotoxy(cterm, i, j);
3508 break;

CID 462295: Control flow issues (MISSING_BREAK)
The case for value "'A'" is not terminated by a "break" statement.

3509 case 'A': /* Cursor Up */
3510 clear_lcf(cterm);
3511 case 'k': /* Line Position Backward */
3512 seq_default(seq, 0, 1);
3513 if (seq->param_int[0] < 1)
3514 break;

** CID 462294: Integer handling issues (NEGATIVE_RETURNS)


________________________________________________________________________________________________________
*** CID 462294: Integer handling issues (NEGATIVE_RETURNS)
/netmail.cpp: 1038 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
1032 if(remsg != NULL && resmb != NULL && !(mode&WM_QUOTE)) {
1033 if(quotemsg(resmb, remsg, /* include tails: */true)) 1034 mode |= WM_QUOTE;
1035 }
1036
1037 SAFEPRINTF(msgpath,"%snetmail.msg",cfg.node_dir);

CID 462294: Integer handling issues (NEGATIVE_RETURNS)
A negative constant "-1" is passed as an argument to a parameter that cannot be negative.

1038 if(!writemsg(msgpath,nulstr,title,WM_NETMAIL|mode,INVALID_SUB, to_list, /* from: */your_addr, &editor, &charset)) {
1039 strListFree(&rcpt_list);
1040 bputs(text[Aborted]);
1041 return(false);
1042 }
1043

** CID 462293: Integer handling issues (NEGATIVE_RETURNS)


________________________________________________________________________________________________________
*** CID 462293: Integer handling issues (NEGATIVE_RETURNS)
/netmail.cpp: 200 in sbbs_t::netmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
194 if(remsg != NULL && resmb != NULL && !(mode&WM_QUOTE)) {
195 if(quotemsg(resmb, remsg, /* include tails: */true)) 196 mode |= WM_QUOTE;
197 }
198
199 msg_tmp_fname(useron.xedit, msgpath, sizeof(msgpath));

CID 462293: Integer handling issues (NEGATIVE_RETURNS)
A negative constant "-1" is passed as an argument to a parameter that cannot be negative.

200 if(!writemsg(msgpath,nulstr,subj,WM_NETMAIL|mode,INVALID_SUB, to, from, &editor, &charset)) {
201 bputs(text[Aborted]);
202 return(false);
203 }
204
205 if(mode&WM_FILE) {

** CID 462292: (NULL_RETURNS)
/execmisc.cpp: 526 in sbbs_t::exec_misc(csi_t *, const char *)()
/execmisc.cpp: 526 in sbbs_t::exec_misc(csi_t *, const char *)()


________________________________________________________________________________________________________
*** CID 462292: (NULL_RETURNS)
/execmisc.cpp: 526 in sbbs_t::exec_misc(csi_t *, const char *)()
520 if(*pp1!=csi->str && (!*pp1 || i==MAX_SYSVARS)) {
521 if(*pp1)
522 *pp1=(char *)realloc(*pp1,strlen(*pp1)+strlen(*pp2)+1);
523 else
524 *pp1=(char *)realloc(*pp1,strlen(*pp2)+1);
525 }

CID 462292: (NULL_RETURNS)
Dereferencing a pointer that might be "nullptr" "*pp1" when calling "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]

526 strcat(*pp1,*pp2);
527 return(0);
528 case FORMAT_STR_VAR:
529 pp=getstrvar(csi,*(int32_t *)csi->ip);
530 csi->ip+=4; /* Skip variable name */
531 p=format_string(this, csi); /execmisc.cpp: 526 in sbbs_t::exec_misc(csi_t *, const char *)()
520 if(*pp1!=csi->str && (!*pp1 || i==MAX_SYSVARS)) {
521 if(*pp1)
522 *pp1=(char *)realloc(*pp1,strlen(*pp1)+strlen(*pp2)+1);
523 else
524 *pp1=(char *)realloc(*pp1,strlen(*pp2)+1);
525 }

CID 462292: (NULL_RETURNS)
Dereferencing a pointer that might be "nullptr" "*pp1" when calling "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]

526 strcat(*pp1,*pp2);
527 return(0);
528 case FORMAT_STR_VAR:
529 pp=getstrvar(csi,*(int32_t *)csi->ip);
530 csi->ip+=4; /* Skip variable name */
531 p=format_string(this, csi);

** CID 462291: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3517 in do_ansi()


________________________________________________________________________________________________________
*** CID 462291: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jun-09-2023/src/conio/cterm.c: 3517 in do_ansi()
3511 case 'k': /* Line Position Backward */
3512 seq_default(seq, 0, 1);
3513 if (seq->param_int[0] < 1)
3514 break; 3515 adjust_currpos(cterm, 0, 0 - seq->param_int[0], 0);
3516 break;

CID 462291: Control flow issues (MISSING_BREAK)
The case for value "'B'" is not terminated by a "break" statement.

3517 case 'B': /* Cursor Down */
3518 clear_lcf(cterm);
3519 case 'e': /* Line Position Forward */
3520 seq_default(seq, 0, 1);
3521 if (seq->param_int[0] < 1)
3522 break;

** CID 462290: Integer handling issues (NEGATIVE_RETURNS)


________________________________________________________________________________________________________
*** CID 462290: Integer handling issues (NEGATIVE_RETURNS)
/netmail.cpp: 1316 in sbbs_t::qnetmail(const char *, const char *, int, smb_t *, smbmsg_t *)()
1310 if(remsg != NULL && resmb != NULL && !(mode&WM_QUOTE)) {
1311 if(quotemsg(resmb, remsg, /* include tails: */true)) 1312 mode |= WM_QUOTE;
1313 }
1314
1315 SAFEPRINTF(msgpath,"%snetmail.msg",cfg.node_dir);

CID 462290: Integer handling issues (NEGATIVE_RETURNS)
A negative constant "-1" is passed as an argument to a parameter that cannot be negative.

1316 if(!writemsg(msgpath,nulstr,title, (mode|WM_QWKNET|WM_NETMAIL) ,INVALID_SUB,to,/* from: */useron.alias, &editor, &charset)) {
1317 bputs(text[Aborted]);
1318 return(false);
1319 }
1320
1321 if((i=smb_stack(&smb,SMB_STACK_PUSH))!=SMB_SUCCESS) {

** CID 462289: Integer handling issues (NEGATIVE_RETURNS)


________________________________________________________________________________________________________
*** CID 462289: Integer handling issues (NEGATIVE_RETURNS)
/bulkmail.cpp: 53 in sbbs_t::bulkmail(unsigned char *)()
47 && !noyes(text[AnonymousQ])) {
48 msg.hdr.attr|=MSG_ANONYMOUS;
49 wm_mode|=WM_ANON;
50 }
51
52 msg_tmp_fname(useron.xedit, msgpath, sizeof(msgpath));

CID 462289: Integer handling issues (NEGATIVE_RETURNS)
A negative constant "-1" is passed as an argument to a parameter that cannot be negative.

53 if(!writemsg(msgpath,nulstr,title,wm_mode,INVALID_SUB,"Bulk Mailing"
54 ,/* From: */useron.alias
55 ,&editor
56 ,&charset)) {
57 bputs(text[Aborted]);
58 return(false);

** CID 462288: High impact quality (Y2K38_SAFETY)
/upload.cpp: 351 in sbbs_t::upload(int)()


________________________________________________________________________________________________________
*** CID 462288: High impact quality (Y2K38_SAFETY)
/upload.cpp: 351 in sbbs_t::upload(int)()
345 SAFEPRINTF(descbeg,text[Rated],toupper(ch));
346 }
347 if(cfg.dir[dirnum]->misc&DIR_ULDATE) {
348 now=time(NULL);
349 if(descbeg[0])
350 strcat(descbeg," ");

CID 462288: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".

351 SAFEPRINTF(str,"%s ",unixtodstr(&cfg,(time32_t)now,tmp));
352 strcat(descbeg,str);
353 }
354 if(cfg.dir[dirnum]->misc&DIR_MULT) {
355 sync();
356 if(!noyes(text[MultipleDiskQ])) {

** CID 462287: Insecure data handling (TAINTED_SCALAR)


________________________________________________________________________________________________________
*** CID 462287: Insecure data handling (TAINTED_SCALAR)
/writemsg.cpp: 762 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
756 while(!feof(tag)) {
757 if(!fgets(str,sizeof(str),tag)) 758 break;
759 truncsp(str);
760 if(utf8) {
761 char buf[sizeof(str)*4];

CID 462287: Insecure data handling (TAINTED_SCALAR)
Passing tainted expression "str" to "cp437_to_utf8_str", which uses it as an offset.

762 cp437_to_utf8_str(str, buf, sizeof(buf) - 1, /* minval: */'\x02');
763 l+=fprintf(stream,"%s\r\n", buf);
764 } else
765 l+=fprintf(stream,"%s\r\n",str);
766 lines++; /* line counter */
767 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DtLKg_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAqovISQpoxJCpfGf5WxBSwicKqoI1-2FF-2FaRmTPl-2BdVuGdSUZJZL-2FtmrL2VG6EaSuRynvnKTam4RxYwMKuXCyGzW07U-2FihjT83mqDNq6SOIYF1Sr-2FPyTE6vlrslg0L6d5zkvnLZ7buAIgjMdQW0NPYYLOxV54tcIwBqmxUNrcgSYSA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 462777: Error handling issues (CHECKED_RETURN)
/sbbsecho.c: 1796 in alter_areas()


________________________________________________________________________________________________________
*** CID 462777: Error handling issues (CHECKED_RETURN)
/sbbsecho.c: 1796 in alter_areas()
1790 chmod(outpath, st.st_mode);
1791 if(cfg.areafile_backups == 0 || !backup(cfg.areafile, cfg.areafile_backups, /* ren: */TRUE))
1792 delfile(cfg.areafile, __LINE__); /* Delete AREAS.BBS */
1793 if(rename(outpath,cfg.areafile)) /* Rename new AREAS.BBS file */
1794 lprintf(LOG_ERR,"ERROR line %d renaming %s to %s",__LINE__,outpath,cfg.areafile);
1795 }

CID 462777: Error handling issues (CHECKED_RETURN)
Calling "remove(outpath)" without checking return value. This library function may fail and return an error code.

1796 remove(outpath); // expected to fail (file does not exist) much of the time
1797 }
1798
1799 bool add_sub_to_arealist(sub_t* sub, fidoaddr_t uplink)
1800 {
1801 FILE* fp = NULL;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3D9Jsa_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrBb4277PBgEvmZlC-2F75f6Wn0OW7OlFk2c1B-2BHtshOYvFkBSQP9EqEdk2ezaBaEw-2BucLGwfFouHIfPe-2Fyudqe7-2BvtImpG7nG3GNHNovDhmEdP7PSdTfD3wACCQeKNpizxWyAzNP4xAGsoa5IGtqS3OShzACd7MFIxkk2Y7iSTOvrLw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 465170: Resource leaks (RESOURCE_LEAK)
/scfg/scfg.c: 2447 in new_item()


________________________________________________________________________________________________________
*** CID 465170: Resource leaks (RESOURCE_LEAK)
/scfg/scfg.c: 2447 in new_item()
2441 void** p;
2442 void* item;
2443
2444 if((item = calloc(size, 1)) == NULL)
2445 return NULL;
2446 if((p = realloc(list, size * ((*total) + 1))) == NULL)

CID 465170: Resource leaks (RESOURCE_LEAK)
Variable "item" going out of scope leaks the storage it points to.

2447 return NULL;
2448 list = p;
2449 for(int i = *total; i > index; --i)
2450 list[i] = list[i - 1];
2451 list[index] = item;
2452 ++(*total);

** CID 465169: (SIZEOF_MISMATCH)
/scfg/scfgxfr1.c: 544 in xfer_opts()
/scfg/scfgxfr1.c: 698 in xfer_opts()
/scfg/scfgxfr1.c: 1124 in xfer_opts()
/scfg/scfgxfr1.c: 844 in xfer_opts()
/scfg/scfgxfr1.c: 412 in xfer_opts()
/scfg/scfgxfr1.c: 982 in xfer_opts()


________________________________________________________________________________________________________
*** CID 465169: (SIZEOF_MISMATCH)
/scfg/scfgxfr1.c: 544 in xfer_opts()
538 }
539 if(msk == MSK_COPY) {
540 savftest=*cfg.ftest[i]; 541 continue;
542 }
543 if(msk == MSK_PASTE) {

CID 465169: (SIZEOF_MISMATCH)
Passing argument "240UL /* sizeof (ftest_t) */" to function "new_item" and then casting the return value to "ftest_t **" is suspicious.

544 if((cfg.ftest = (ftest_t**)new_item(cfg.ftest, sizeof(ftest_t), i, &cfg.total_ftests)) == NULL) {
545 errormsg(WHERE, ERR_ALLOC, "ftests", sizeof(ftest_t) * (cfg.total_ftests + 1));
546 cfg.total_ftests = 0;
547 bail(1);
548 }
549 *cfg.ftest[i]=savftest; /scfg/scfgxfr1.c: 698 in xfer_opts()
692 }
693 if(msk == MSK_COPY) {
694 savdlevent=*cfg.dlevent[i];
695 continue;
696 }
697 if(msk == MSK_PASTE) {

CID 465169: (SIZEOF_MISMATCH)
Passing argument "240UL /* sizeof (dlevent_t) */" to function "new_item" and then casting the return value to "dlevent_t **" is suspicious.

698 if((cfg.dlevent = (dlevent_t**)new_item(cfg.dlevent, sizeof(dlevent_t), i, &cfg.total_dlevents)) == NULL) {
699 errormsg(WHERE, ERR_ALLOC, "dlevents", sizeof(dlevent_t) * (cfg.total_dlevents + 1));
700 cfg.total_dlevents = 0;
701 bail(1);
702 }
703 *cfg.dlevent[i]=savdlevent;
/scfg/scfgxfr1.c: 1124 in xfer_opts()
1118 }
1119 if(msk == MSK_COPY) {
1120 savprot=*cfg.prot[i]; 1121 continue;
1122 }
1123 if(msk == MSK_PASTE) {

CID 465169: (SIZEOF_MISMATCH)
Passing argument "720UL /* sizeof (prot_t) */" to function "new_item" and then casting the return value to "prot_t **" is suspicious.

1124 if((cfg.prot = (prot_t**)new_item(cfg.prot, sizeof(prot_t), i, &cfg.total_prots)) == NULL) {
1125 errormsg(WHERE, ERR_ALLOC, "prots", sizeof(prot_t) * (cfg.total_prots + 1));
1126 cfg.total_prots=0;
1127 bail(1);
1128 }
1129 *cfg.prot[i]=savprot; /scfg/scfgxfr1.c: 844 in xfer_opts()
838 }
839 if(msk == MSK_COPY) {
840 savfextr=*cfg.fextr[i]; 841 continue;
842 }
843 if(msk == MSK_PASTE) {

CID 465169: (SIZEOF_MISMATCH)
Passing argument "199UL /* sizeof (fextr_t) */" to function "new_item" and then casting the return value to "fextr_t **" is suspicious.

844 if((cfg.fextr = (fextr_t**)new_item(cfg.fextr, sizeof(fextr_t), i, &cfg.total_fextrs)) == NULL) {
845 errormsg(WHERE, ERR_ALLOC, "fextrs", sizeof(fextr_t) * (cfg.total_fextrs + 1));
846 cfg.total_fextrs = 0;
847 bail(1);
848 }
849 *cfg.fextr[i]=savfextr; /scfg/scfgxfr1.c: 412 in xfer_opts()
406 }
407 if(msk == MSK_COPY) {
408 savfview=*cfg.fview[i]; 409 continue;
410 }
411 if(msk == MSK_PASTE) {

CID 465169: (SIZEOF_MISMATCH)
Passing argument "199UL /* sizeof (fview_t) */" to function "new_item" and then casting the return value to "fview_t **" is suspicious.

412 if((cfg.fview = (fview_t**)new_item(cfg.fview, sizeof(fview_t), i, &cfg.total_fviews)) == NULL) {
413 errormsg(WHERE, ERR_ALLOC, "fviews", sizeof(fview_t) * (cfg.total_fviews + 1));
414 cfg.total_fviews = 0;
415 bail(1);
416 }
417 *cfg.fview[i]=savfview; /scfg/scfgxfr1.c: 982 in xfer_opts()
976 }
977 if(msk == MSK_COPY) {
978 savfcomp=*cfg.fcomp[i]; 979 continue;
980 }
981 if(msk == MSK_PASTE) {

CID 465169: (SIZEOF_MISMATCH)
Passing argument "199UL /* sizeof (fcomp_t) */" to function "new_item" and then casting the return value to "fcomp_t **" is suspicious.

982 if((cfg.fcomp = (fcomp_t**)new_item(cfg.fcomp, sizeof(fcomp_t), i, &cfg.total_fcomps)) == NULL) {
983 errormsg(WHERE, ERR_ALLOC, "fcomps", sizeof(fcomp_t) * (cfg.total_fcomps + 1));
984 cfg.total_fcomps = 0;
985 bail(1);
986 }
987 *cfg.fcomp[i]=savfcomp;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3D5wZ8_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCnsQIL3fFmuqL7faauDZIkRsjaF7SdWuX9-2F6F0cLhQPK2eigoJW5CI-2BTBbzcwuB-2Fnb9gU96N518jXtyrLldNWW25I5ASjWizI9KxhCsvWXL8lcGsg-2BB04X9jrEFEkrP4hbjq1CPbLr3dEPsMh2-2BJD6OG7PFXOCZ8vIf02fm0mzeA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 465835: High impact quality (Y2K38_SAFETY)
/atcodes.cpp: 1344 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()


________________________________________________________________________________________________________
*** CID 465835: High impact quality (Y2K38_SAFETY)
/atcodes.cpp: 1344 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()
1338 f = (float)useron.dls / useron.uls;
1339 safe_snprintf(str, maxlen, "%u", f ? (uint)(100 / f) : 0);
1340 return str;
1341 }
1342
1343 if(!strcmp(sp,"LASTNEW"))

CID 465835: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->ns_time" is cast to "time32_t".

1344 return(unixtodstr(&cfg,(time32_t)ns_time,str));
1345
1346 if(strncmp(sp, "LASTNEW:", 8) == 0) {
1347 SAFECOPY(tmp, sp + 8);
1348 c_unescape_str(tmp);
1349 memset(&tm, 0, sizeof(tm));


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DUPeu_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrC3rkJOOdMBm7nMBMgGcmpBP39czlPogoepUuUAf0jPqohwQMNy1ulVEkqUkOGShQTw40WBv406LhOm367tfkxK7FUNIoQlZBuwZ1omfunbNxXxVCmVw8GO3npVkZ3YxshRBZDZsP1O5VMLZ6DNCGvJ679Mp4a2XGGuVrVV7McBrQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

39 new defect(s) introduced to Synchronet found with Coverity Scan.
12 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 39 defect(s)


** CID 469141: Data race undermines locking (LOCK_EVASION)
/answer.cpp: 450 in sbbs_t::answer()()


________________________________________________________________________________________________________
*** CID 469141: Data race undermines locking (LOCK_EVASION)
/answer.cpp: 450 in sbbs_t::answer()()
444 if(telnet_cols >= TERM_COLS_MIN && telnet_cols <= TERM_COLS_MAX)
445 cols = telnet_cols;
446 if(telnet_rows >= TERM_ROWS_MIN && telnet_rows <= TERM_ROWS_MAX)
447 rows = telnet_rows;
448 } else {
449 lprintf(LOG_NOTICE, "no Telnet commands received, reverting to Raw TCP mode");

CID 469141: Data race undermines locking (LOCK_EVASION)
Thread1 sets "telnet_mode" to a new value. Now the two threads have an inconsistent view of "telnet_mode" and updates to fields correlated with "telnet_mode" may be lost.

450 telnet_mode |= TELNET_MODE_OFF;
451 client.protocol = "Raw";
452 client_on(client_socket, &client,/* update: */true);
453 SAFECOPY(connection, client.protocol);
454 node_connection = NODE_CONNECTION_RAW;
455 }

** CID 469140: Error handling issues (CHECKED_RETURN)
/mqtt.c: 521 in mqtt_message_received()


________________________________________________________________________________________________________
*** CID 469140: Error handling issues (CHECKED_RETURN)
/mqtt.c: 521 in mqtt_message_received()
515 if(bbs_startup->node_inbuf != NULL && bbs_startup->node_inbuf[i - 1] != NULL)
516 RingBufWrite(bbs_startup->node_inbuf[i - 1], msg->payload, msg->payloadlen);
517 return;
518 }
519 for(int i = bbs_startup->first_node; i <= bbs_startup->last_node; i++) {
520 if(strcmp(msg->topic, mqtt_topic(mqtt, TOPIC_BBS, topic, sizeof(topic), "node/%d/msg", i)) == 0) {

CID 469140: Error handling issues (CHECKED_RETURN)
Calling "putnmsg" without checking return value (as is done elsewhere 4 out of 5 times).

521 putnmsg(mqtt->cfg, i, msg->payload); 522 return;
523 }
524 if(strcmp(msg->topic, mqtt_topic(mqtt, TOPIC_BBS, topic, sizeof(topic), "node/%d/set/status", i)) == 0) {
525 set_node_status(mqtt->cfg, i, mqtt_message_value(msg, 0));
526 return;

** CID 469139: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/jscntxt.h: 1376 in JSRuntime::realloc(void *, unsigned long, unsigned long, JSContext *)()


________________________________________________________________________________________________________
*** CID 469139: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/jscntxt.h: 1376 in JSRuntime::realloc(void *, unsigned long, unsigned long, JSContext *)()
1370 }
1371
1372 void* realloc(void* p, size_t oldBytes, size_t newBytes, JSContext *cx = NULL) {
1373 JS_ASSERT(oldBytes < newBytes);
1374 updateMallocCounter(newBytes - oldBytes);
1375 void *p2 = ::js_realloc(p, newBytes);

CID 469139: Resource leaks (RESOURCE_LEAK)
Failing to save or free storage allocated by "this->onOutOfMemory(p, newBytes, cx)" leaks it.

1376 return JS_LIKELY(!!p2) ? p2 : onOutOfMemory(p, newBytes, cx); 1377 }
1378
1379 void* realloc(void* p, size_t bytes, JSContext *cx = NULL) {
1380 /*
1381 * For compatibility we do not account for realloc that increases

** CID 469138: Uninitialized variables (UNINIT)
/getkey.cpp: 354 in sbbs_t::getkeys(const char *, unsigned int, int)()


________________________________________________________________________________________________________
*** CID 469138: Uninitialized variables (UNINIT)
/getkey.cpp: 354 in sbbs_t::getkeys(const char *, unsigned int, int)()
348 attr(LIGHTGRAY);
349 CRLF;
350 }
351 lncntr=0;
352 return(-1);
353 }

CID 469138: Uninitialized variables (UNINIT)
Using uninitialized value "*str" when calling "strchr". [Note: The source code implementation of the function has been overridden by a builtin model.]

354 if(ch && !n && ((keys == NULL && !IS_DIGIT(ch)) || (strchr(str,ch)))) { /* return character if in string */
355 if(ch > ' ') {
356 if(!(mode&K_NOECHO))
357 outchar(ch);
358 if(useron.misc&COLDKEYS) {
359 while(online && !(sys_status&SS_ABORT)) {

** CID 469137: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/dlmalloc.c: 3549 in sys_alloc()


________________________________________________________________________________________________________
*** CID 469137: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/dlmalloc.c: 3549 in sys_alloc()
3543 m->max_footprint = m->footprint;
3544
3545 if (!is_initialized(m)) { /* first-time initialization */
3546 m->seg.base = m->least_addr = tbase;
3547 m->seg.size = tsize;
3548 set_segment_flags(&m->seg, mmap_flag);

CID 469137: Concurrent data access violations (MISSING_LOCK)
Accessing "mparams.magic" without holding lock "magic_init_mutex". Elsewhere, "malloc_params.magic" is written to with "magic_init_mutex" held 1 out of 1 times.

3549 m->magic = mparams.magic;
3550 init_bins(m);
3551 if (is_global(m))
3552 init_top(m, (mchunkptr)tbase, tsize - TOP_FOOT_SIZE);
3553 else {
3554 /* Offset top by embedded malloc_state */

** CID 469136: Program hangs (LOCK)
/js_console.cpp: 2175 in js_lock_input(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 469136: Program hangs (LOCK)
/js_console.cpp: 2175 in js_lock_input(JSContext *, unsigned int, unsigned long *)()
2169 pthread_mutex_lock(&sbbs->input_thread_mutex);
2170 } else {
2171 pthread_mutex_unlock(&sbbs->input_thread_mutex);
2172 }
2173 JS_RESUMEREQUEST(cx, rc);
2174

CID 469136: Program hangs (LOCK)
Returning without unlocking "sbbs->input_thread_mutex".

2175 return(JS_TRUE);
2176 }
2177
2178 static JSBool
2179 js_telnet_cmd(JSContext *cx, uintN argc, jsval *arglist)
2180 {

** CID 469135: Concurrent data access violations (MISSING_LOCK)
/js_rtpool.c: 35 in jsrt_GetNew()


________________________________________________________________________________________________________
*** CID 469135: Concurrent data access violations (MISSING_LOCK) /js_rtpool.c: 35 in jsrt_GetNew()
29 {
30 JSRuntime *ret;
31
32 if(!initialized) {
33 initialized=TRUE;
34 pthread_mutex_init(&jsrt_mutex, NULL);

CID 469135: Concurrent data access violations (MISSING_LOCK)
Accessing "rt_list" without holding lock "jsrt_mutex". Elsewhere, "rt_list" is written to with "jsrt_mutex" held 4 out of 5 times.

35 listInit(&rt_list, 0);
36 _beginthread(trigger_thread, TRIGGER_THREAD_STACK_SIZE, NULL); 37 }
38 pthread_mutex_lock(&jsrt_mutex);
39 ret=JS_NewRuntime(maxbytes);
40 listPushNode(&rt_list, ret);

** CID 469134: Program hangs (LOCK)
/writemsg.cpp: 1274 in sbbs_t::editfile(char *, unsigned int)()


________________________________________________________________________________________________________
*** CID 469134: Program hangs (LOCK)
/writemsg.cpp: 1274 in sbbs_t::editfile(char *, unsigned int)()
1268 if(cfg.xedit[useron_xedit-1]->misc&WWIVCOLOR) 1269 mode|=EX_WWIV;
1270 }
1271 CLS;
1272 rioctl(IOCM|PAUSE|ABORT);
1273 if(external(cmdstr(cfg.xedit[useron_xedit-1]->rcmd,msgtmp,nulstr,NULL,mode), mode, cfg.node_dir)!=0)

CID 469134: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".

1274 return false;
1275 l=process_edited_file(msgtmp, path, /* mode: */WM_EDIT, &lines,maxlines);
1276 if(l>0) {
1277 SAFEPRINTF3(str,"created or edited file: %s (%ld bytes, %u lines)"
1278 ,path, l, lines);
1279 logline(LOG_NOTICE,nulstr,str);

** CID 469133: Memory - corruptions (OVERRUN)


________________________________________________________________________________________________________
*** CID 469133: Memory - corruptions (OVERRUN) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/jsobjinlines.h: 952 in js::NewNativeClassInstance(JSContext *, js::Class *, JSObject *, JSObject *)()
946 }
947
948 static inline JSObject *
949 NewNativeClassInstance(JSContext *cx, Class *clasp, JSObject *proto, JSObject *parent)
950 {
951 gc::FinalizeKind kind = gc::GetGCObjectKind(JSCLASS_RESERVED_SLOTS(clasp));

CID 469133: Memory - corruptions (OVERRUN)
Overrunning callee's array of size 11 by passing argument "kind" (which evaluates to 11) in call to "NewNativeClassInstance".

952 return NewNativeClassInstance(cx, clasp, proto, parent, kind);
953 }
954
955 bool
956 FindClassPrototype(JSContext *cx, JSObject *scope, JSProtoKey protoKey, JSObject **protop,
957 Class *clasp);

** CID 469132: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-22-2023/src/conio/sdl_con.c: 692 in sdl_add_key()


________________________________________________________________________________________________________
*** CID 469132: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-22-2023/src/conio/sdl_con.c: 692 in sdl_add_key()
686 static void sdl_add_key(unsigned int keyval, struct video_stats *vs) 687 {
688 if(keyval==0xa600 && vs != NULL) {
689 fullscreen=!fullscreen;
690 cio_api.mode=fullscreen?CIOLIB_MODE_SDL_FULLSCREEN:CIOLIB_MODE_SDL;
691 update_cvstat(vs);

CID 469132: Concurrent data access violations (MISSING_LOCK)
Accessing "win" without holding lock "win_mutex". Elsewhere, "win" is written to with "win_mutex" held 1 out of 1 times.

692 sdl.SetWindowFullscreen(win, fullscreen ? SDL_WINDOW_FULLSCREEN_DESKTOP : 0);
693 if (!fullscreen) {
694 int w, h;
695
696 // Get current window size
697 sdl.GetWindowSize(win, &w, &h);

** CID 469131: Concurrent data access violations (MISSING_LOCK)
/exec.cpp: 848 in sbbs_t::skipto(csi_t *, unsigned char)()


________________________________________________________________________________________________________
*** CID 469131: Concurrent data access violations (MISSING_LOCK)
/exec.cpp: 848 in sbbs_t::skipto(csi_t *, unsigned char)()
842 /* Skcsi->ip to a specific instruction */
843 /****************************************************************************/
844 void sbbs_t::skipto(csi_t *csi, uchar inst)
845 {
846 int i,j;
847

CID 469131: Concurrent data access violations (MISSING_LOCK)
Accessing "csi->cs" without holding lock "sbbs_t.input_thread_mutex". Elsewhere, "csi_t.cs" is written to with "sbbs_t.input_thread_mutex" held 3 out of 3 times.

848 while(csi->ip<csi->cs+csi->length && ((inst&0x80) || *csi->ip!=inst)) {
849
850 if(*csi->ip==CS_IF_TRUE || *csi->ip==CS_IF_FALSE
851 || (*csi->ip>=CS_IF_GREATER && *csi->ip<=CS_IF_LESS_OR_EQUAL)) {
852 csi->ip++;
853 skipto(csi,CS_ENDIF);

** CID 469130: Program hangs (LOCK)
/writemsg.cpp: 628 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()


________________________________________________________________________________________________________
*** CID 469130: Program hangs (LOCK)
/writemsg.cpp: 628 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
622 lprintf(LOG_ERR, "ERROR %d (%s) saving draft message: %s", errno, strerror(errno), draft);
623 }
624
625 if(result != EXIT_SUCCESS || !fexistcase(msgtmp) || !online
626 || (linesquoted && qlen==flength(msgtmp) && qtime==fdate(msgtmp))) {
627 free(buf);

CID 469130: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".

628 return(false);
629 }
630 SAFEPRINTF(str,"%sRESULT.ED",cfg.node_dir);
631 if(!(mode&(WM_EXTDESC|WM_FILE))
632 && fexistcase(str)) {
633 if((fp=fopen(str,"r")) != NULL) {

** CID 469129: Data race undermines locking (LOCK_EVASION)
/main.cpp: 3908 in sbbs_t::hangup()()


________________________________________________________________________________________________________
*** CID 469129: Data race undermines locking (LOCK_EVASION)
/main.cpp: 3908 in sbbs_t::hangup()()
3902 if(client_socket!=INVALID_SOCKET) {
3903 mswait(1000); /* Give socket output buffer time to flush */
3904 client_off(client_socket);
3905 if(ssh_mode) {
3906 pthread_mutex_lock(&ssh_mutex);
3907 ssh_session_destroy(client_socket, ssh_session, __LINE__);

CID 469129: Data race undermines locking (LOCK_EVASION)
Thread1 sets "ssh_mode" to a new value. Now the two threads have an inconsistent view of "ssh_mode" and updates to fields correlated with "ssh_mode" may be lost.

3908 ssh_mode = false;
3909 pthread_mutex_unlock(&ssh_mutex);
3910 }
3911 close_socket(client_socket);
3912 client_socket=INVALID_SOCKET;
3913 }

** CID 469128: Code maintainability issues (UNUSED_VALUE)
/scfg/scfgchat.c: 716 in guru_cfg()


________________________________________________________________________________________________________
*** CID 469128: Code maintainability issues (UNUSED_VALUE)
/scfg/scfgchat.c: 716 in guru_cfg()
710 *cfg.guru[i]=savguru;
711 uifc.changes=1;
712 continue;
713 }
714 if (msk != 0)
715 continue;

CID 469128: Code maintainability issues (UNUSED_VALUE)
Assigning value "0" to "j" here, but that stored value is overwritten before it can be used.

716 j=0;
717 done=0;
718 while(!done) {
719 k=0;
720 snprintf(opt[k++],MAX_OPLN,"%-27.27s%s","Guru Name",cfg.guru[i]->name);
721 snprintf(opt[k++],MAX_OPLN,"%-27.27s%s","Guru Internal Code",cfg.guru[i]->code);

** CID 469127: Code maintainability issues (UNUSED_VALUE)
/scfg/scfgchat.c: 873 in actsets_cfg()


________________________________________________________________________________________________________
*** CID 469127: Code maintainability issues (UNUSED_VALUE)
/scfg/scfgchat.c: 873 in actsets_cfg()
867 uifc.changes=1;
868 continue;
869 }
870 if (msk != 0)
871 continue;
872

CID 469127: Code maintainability issues (UNUSED_VALUE)
Assigning value "0" to "j" here, but that stored value is overwritten before it can be used.

873 j=0;
874 done=0;
875 while(!done) {
876 k=0;
877 snprintf(opt[k++],MAX_OPLN,"%-27.27s%s","Action Set Name",cfg.actset[i]->name);
878 snprintf(opt[k++],MAX_OPLN,"%-27.27s","Configure Chat Actions...");

** CID 469126: Data race undermines locking (LOCK_EVASION) /tmp/sbbs-Nov-22-2023/src/conio/sdl_con.c: 1196 in sdl_video_event_thread()


________________________________________________________________________________________________________
*** CID 469126: Data race undermines locking (LOCK_EVASION) /tmp/sbbs-Nov-22-2023/src/conio/sdl_con.c: 1196 in sdl_video_event_thread() 1190 break;
1191 case SDL_USEREVENT_INIT:
1192 if(!sdl_init_good) { 1193 if(sdl.WasInit(SDL_INIT_VIDEO)==SDL_INIT_VIDEO) {
1194 pthread_mutex_lock(&win_mutex);
1195 _beginthread(sdl_mouse_thread, 0, NULL);

CID 469126: Data race undermines locking (LOCK_EVASION)
Thread1 sets "sdl_init_good" to a new value. Now the two threads have an inconsistent view of "sdl_init_good" and updates to fields correlated with "sdl_init_good" may be lost.

1196 sdl_init_good=1;
1197 pthread_mutex_unlock(&win_mutex);
1198 }
1199 }
1200 sdl_ufunc_retval=0; 1201 sem_post(&sdl_ufunc_ret);

** CID 469125: Program hangs (LOCK)
/js_console.cpp: 2149 in js_do_lock_input()


________________________________________________________________________________________________________
*** CID 469125: Program hangs (LOCK)
/js_console.cpp: 2149 in js_do_lock_input()
2143
2144 if(lock) {
2145 pthread_mutex_lock(&sbbs->input_thread_mutex);
2146 } else {
2147 pthread_mutex_unlock(&sbbs->input_thread_mutex);
2148 }

CID 469125: Program hangs (LOCK)
Returning without unlocking "sbbs->input_thread_mutex".

2149 }
2150
2151 static JSBool
2152 js_lock_input(JSContext *cx, uintN argc, jsval *arglist)
2153 {
2154 jsval *argv=JS_ARGV(cx, arglist);

** CID 469124: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/jscntxt.h: 1387 in JSRuntime::realloc(void *, unsigned long, JSContext *)()


________________________________________________________________________________________________________
*** CID 469124: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/jscntxt.h: 1387 in JSRuntime::realloc(void *, unsigned long, JSContext *)()
1381 * For compatibility we do not account for realloc that increases
1382 * previously allocated memory.
1383 */
1384 if (!p)
1385 updateMallocCounter(bytes);
1386 void *p2 = ::js_realloc(p, bytes);

CID 469124: Resource leaks (RESOURCE_LEAK)
Failing to save or free storage allocated by "this->onOutOfMemory(p, bytes, cx)" leaks it.

1387 return JS_LIKELY(!!p2) ? p2 : onOutOfMemory(p, bytes, cx); 1388 }
1389
1390 void free(void* p) { ::js_free(p); }
1391
1392 bool isGCMallocLimitReached() const { return gcMallocBytes <= 0; }

** CID 469123: Memory - corruptions (USE_AFTER_FREE) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/dlmalloc.c: 3642 in release_unused_segments()


________________________________________________________________________________________________________
*** CID 469123: Memory - corruptions (USE_AFTER_FREE) /tmp/sbbs-Nov-22-2023/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/dlmalloc.c: 3642 in release_unused_segments()
3636 m->footprint -= size;
3637 /* unlink obsoleted record */
3638 sp = pred;
3639 sp->next = next;
3640 }
3641 else { /* back out if cannot unmap */

CID 469123: Memory - corruptions (USE_AFTER_FREE)
Dereferencing freed pointer "tp".

3642 insert_large_chunk(m, tp, psize);
3643 }
3644 }
3645 }
3646 pred = sp;
3647 sp = next;

** CID 469122: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-22-2023/src/conio/bitmap_con.c: 1945 in bitmap_drv_init()


________________________________________________________________________________________________________
*** CID 469122: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-22-2023/src/conio/bitmap_con.c: 1945 in bitmap_drv_init()
1939 }
1940 pthread_mutex_unlock(&screenlock);
1941 pthread_mutex_unlock(&vstatlock);
1942
1943 callbacks.drawrect=drawrect_cb;
1944 callbacks.flush=flush_cb;

CID 469122: Concurrent data access violations (MISSING_LOCK)
Accessing "callbacks.rects" without holding lock "bitmap_callbacks.lock". Elsewhere, "bitmap_callbacks.rects" is written to with "bitmap_callbacks.lock" held 2 out of 3 times.

1945 callbacks.rects = 0;
1946 bitmap_initialized=1;
1947 _beginthread(blinker_thread,0,NULL);
1948
1949 return(0);
1950 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DezJc_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDT3F0wM8qs717Yj7QnFBvYyAUS7vXZd5Pzj9EaE-2FCuUUR9NEokXV0L9QGkQnwKG-2F4JnYcm1wvoWK2grpdczQI6n7wuX-2Bi09RPQD8-2Fo5FYqgA3L383Nxk-2F3tA3xct0exbA8dNWXjcBJFMBco67mM0qFopWSHsWYNweS2rfwVJx4JQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
11 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 469167: (SLEEP)


________________________________________________________________________________________________________
*** CID 469167: (SLEEP)
/main.cpp: 2494 in output_thread(void *)()
2488 */
2489 size_t sendbytes = buftop-bufbot;
2490 if (sendbytes > 0x2000)
2491 sendbytes = 0x2000;
2492 if(cryptStatusError((err=cryptPushData(sbbs->ssh_session, (char*)buf+bufbot, buftop-bufbot, &i)))) {
2493 /* Handle the SSH error here... */

CID 469167: (SLEEP)
Call to "lprintf" might sleep while holding lock "sbbs->ssh_mutex". 2494 GCESSTR(err, node, sbbs->ssh_session, "pushing data");

2495 ssh_errors++;
2496 sbbs->online=FALSE;
2497 i=buftop-bufbot; // Pretend we sent it all
2498 }
2499 else {
/main.cpp: 2479 in output_thread(void *)()
2473 }
2474 if(!sbbs->ssh_mode) {
2475 pthread_mutex_unlock(&sbbs->ssh_mutex); 2476 continue;
2477 }
2478 if (cryptStatusError((err=cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL, sbbs->session_channel)))) {

CID 469167: (SLEEP)
Call to "lprintf" might sleep while holding lock "sbbs->ssh_mutex". 2479 GCESSTR(err, node, sbbs->ssh_session, "setting channel");

2480 ssh_errors++;
2481 sbbs->online=FALSE;
2482 i=buftop-bufbot; // Pretend we sent it all
2483 }
2484 else {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D5OUN_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAWre6lEuRZshFB9v23oRHfb6cJViSmU6jeWo6H6qjr2TD-2FKFU3E7Wk43r5o6gE3xpEUu2LCxXDEO7eIcPPMxFL1Nq6AhOVschJGcr-2Bj9V3IL2-2BV5MIEfM79IRScL2ukizExtyrX8BpZAnSaCd3CJdrnZtJg68NUadTHcpkaQqA0A-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

5 new defect(s) introduced to Synchronet found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 470390: Program hangs (LOCK)
/viewfile.cpp: 111 in sbbs_t::viewfile(const char *)()


________________________________________________________________________________________________________
*** CID 470390: Program hangs (LOCK)
/viewfile.cpp: 111 in sbbs_t::viewfile(const char *)()
105 if(i >= cfg.total_fviews) {
106 bprintf(text[NonviewableFile], getfname(path));
107 return false;
108 }
109 if((i=external(cmdstr(viewcmd, path, path, NULL), EX_STDIO|EX_SH))!=0) {
110 errormsg(WHERE,ERR_EXEC,viewcmd,i); /* must have EX_SH to ^C */

CID 470390: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".

111 return false;
112 }
113 return true;
114 }
115
116 /****************************************************************************/

** CID 470389: (SLEEP)


________________________________________________________________________________________________________
*** CID 470389: (SLEEP)
/upload.cpp: 84 in sbbs_t::uploadfile(smbmsg_t *)()
78 safe_snprintf(str,sizeof(str),"attempted to upload %s to %s %s (%s error code %d)"
79 ,f->name
80 ,cfg.lib[cfg.dir[f->dir]->lib]->sname,cfg.dir[f->dir]->sname,cfg.ftest[i]->ext
81 ,result);
82 logline(LOG_NOTICE,"U!",str);
83 bprintf(text[FileHadErrors],f->name,cfg.ftest[i]->ext);

CID 470389: (SLEEP)
Call to "yesno" might sleep while holding lock "this->input_thread_mutex".

84 if(!SYSOP || yesno(text[DeleteFileQ]))
85 remove(path);
86 return false;
87 }
88 SAFEPRINTF(str,"%ssbbsfile.nam",cfg.node_dir);
89 if((stream=fopen(str,"r"))!=NULL) {
/upload.cpp: 76 in sbbs_t::uploadfile(smbmsg_t *)()
70 if(f->desc != NULL)
71 fprintf(stream, "%s", f->desc);
72 fclose(stream);
73 }
74 // Note: str (%s) is path/to/sbbsfile.des (used to be the description itself)
75 int result = external(cmdstr(cfg.ftest[i]->cmd, path, str, NULL), EX_OFFLINE);

CID 470389: (SLEEP)
Call to "clearline" might sleep while holding lock "this->input_thread_mutex".

76 clearline();
77 if(result != 0) {
78 safe_snprintf(str,sizeof(str),"attempted to upload %s to %s %s (%s error code %d)"
79 ,f->name
80 ,cfg.lib[cfg.dir[f->dir]->lib]->sname,cfg.dir[f->dir]->sname,cfg.ftest[i]->ext
81 ,result);

** CID 470388: Program hangs (SLEEP)


________________________________________________________________________________________________________
*** CID 470388: Program hangs (SLEEP)
/inkey.cpp: 203 in sbbs_t::handle_ctrlkey(char, int)()
197 }
198 js_execfile(cmdstr(cfg.hotkey[i]->cmd+1,nulstr,nulstr,tmp), /* startup_dir: */NULL, /* scope: */js_hotkey_glob, js_hotkey_cx, js_hotkey_glob);
199 } else
200 external(cmdstr(cfg.hotkey[i]->cmd,nulstr,nulstr,tmp),0);
201 if(!(sys_status&SS_SPLITP)) {
202 CRLF;

CID 470388: Program hangs (SLEEP)
Call to "restoreline" might sleep while holding lock "this->input_thread_mutex".

203 restoreline();
204 }
205 lncntr=0;
206 hotkey_inside &= ~(1<<ch);
207 return(0);
208 }

** CID 470387: Program hangs (LOCK)
/chat.cpp: 654 in sbbs_t::sysop_page()()


________________________________________________________________________________________________________
*** CID 470387: Program hangs (LOCK)
/chat.cpp: 654 in sbbs_t::sysop_page()()
648 ,sys_status&SS_SYSPAGE ? text[On] : text[Off]);
649 nosound();
650 }
651 if(!(sys_status&SS_SYSPAGE))
652 remove(syspage_semfile);
653

CID 470387: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".

654 return(true);
655 }
656
657 bprintf(text[SysopIsNotAvailable],cfg.sys_op);
658
659 return(false);

** CID 470386: Program hangs (LOCK)
/upload.cpp: 86 in sbbs_t::uploadfile(smbmsg_t *)()


________________________________________________________________________________________________________
*** CID 470386: Program hangs (LOCK)
/upload.cpp: 86 in sbbs_t::uploadfile(smbmsg_t *)()
80 ,cfg.lib[cfg.dir[f->dir]->lib]->sname,cfg.dir[f->dir]->sname,cfg.ftest[i]->ext
81 ,result);
82 logline(LOG_NOTICE,"U!",str);
83 bprintf(text[FileHadErrors],f->name,cfg.ftest[i]->ext);
84 if(!SYSOP || yesno(text[DeleteFileQ]))
85 remove(path);

CID 470386: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".

86 return false;
87 }
88 SAFEPRINTF(str,"%ssbbsfile.nam",cfg.node_dir);
89 if((stream=fopen(str,"r"))!=NULL) {
90 if(fgets(str, sizeof(str), stream)) {
91 truncsp(str);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DH5pk_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrA21pPFXGEfXQOHUavDSOcBiYGiM9SWkNBClk7lfGbusFiEUl9SxTFTJ4pQ4-2BlyM1UpLT55ROOl-2F1zOiBksbquFQPYPy5IMrVblt0Rt7EqhjGmGGXslDjsDDEmF37IS-2FgX2UOIpLYk00zJWe4Ps-2Bw7o9YA3yT5trQhVa4wKyo5Ljw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 470457: Incorrect expression (SIZEOF_MISMATCH)
/umonitor/chat.c: 201 in chat()


________________________________________________________________________________________________________
*** CID 470457: Incorrect expression (SIZEOF_MISMATCH)
/umonitor/chat.c: 201 in chat()
195 in=-1;
196 }
197
198 utime(inpath,NULL);
199 _setcursortype(_NORMALCURSOR);
200 while(1) {

CID 470457: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "&ch" of type "int *" and argument "1UL" to function "read" is suspicious because "sizeof (int) /*4*/" is expected.

201 switch(read(in,&ch,1)) {
202 case -1:
203 close(in);
204 in=-1;
205 break;
206


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dn7r8_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrC64hJyXzK3aRg-2FOh461xBPdPC3vMQG8wDm6SWRjPpByDWCbozrDoO3h7iN9haQ83FqvIEsneqqmYW1iHtvLfyFr9U7fTJVs-2FgzA-2B3NTVwG-2FkEOdCKTFxrJHyVvcaeKfjx-2FNRzmWtNl3SJh8ILqS8rD31VNGhVX-2F4wDJ-2F-2FhL0JK9w-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

5 new defect(s) introduced to Synchronet found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 470557: Resource leaks (RESOURCE_LEAK)
/mailsrvr.c: 3122 in smtp_client_thread()


________________________________________________________________________________________________________
*** CID 470557: Resource leaks (RESOURCE_LEAK)
/mailsrvr.c: 3122 in smtp_client_thread()
3116 }
3117
3118 BOOL* mailproc_to_match = calloc(sizeof(*mailproc_to_match), mailproc_count);
3119 if(mailproc_to_match == NULL) {
3120 lprintf(LOG_CRIT,"%04d %s !ERROR allocating memory for mailproc_to_match", socket, client.protocol);
3121 sockprintf(socket,client.protocol,session,smtp_error, "malloc failure");

CID 470557: Resource leaks (RESOURCE_LEAK)
Variable "spy" going out of scope leaks the storage it points to.

3122 return false;
3123 }
3124
3125 /* SMTP session active: */
3126
3127 sockprintf(socket,client.protocol,session,"220 %s Synchronet %s Server %s%c-%s Ready"

** CID 470556: (DC.WEAK_CRYPTO)
/mailsrvr.c: 1157 in pop3_client_thread()
/mailsrvr.c: 1159 in pop3_client_thread()


________________________________________________________________________________________________________
*** CID 470556: (DC.WEAK_CRYPTO)
/mailsrvr.c: 1157 in pop3_client_thread()
1151 memset(&smb,0,sizeof(smb));
1152 memset(&msg,0,sizeof(msg));
1153 memset(&user,0,sizeof(user));
1154 password[0]=0;
1155
1156 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */

CID 470556: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.

1157 rand(); /* throw-away first result */
1158 safe_snprintf(challenge,sizeof(challenge),"<%x%x%lx%lx@%.128s>"
1159 ,rand(),socket,(ulong)time(NULL),(ulong)clock(), server_host_name());
1160
1161 sockprintf(socket,client.protocol,session,"+OK Synchronet %s Server %s%c-%s Ready %s"
1162 ,client.protocol, VERSION, REVISION, PLATFORM_DESC, challenge);
/mailsrvr.c: 1159 in pop3_client_thread()
1153 memset(&user,0,sizeof(user));
1154 password[0]=0;
1155
1156 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */
1157 rand(); /* throw-away first result */
1158 safe_snprintf(challenge,sizeof(challenge),"<%x%x%lx%lx@%.128s>"

CID 470556: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.

1159 ,rand(),socket,(ulong)time(NULL),(ulong)clock(), server_host_name());
1160
1161 sockprintf(socket,client.protocol,session,"+OK Synchronet %s Server %s%c-%s Ready %s"
1162 ,client.protocol, VERSION, REVISION, PLATFORM_DESC, challenge);
1163
1164 /* Requires USER or APOP command first */

** CID 470555: Error handling issues (CHECKED_RETURN)
/mailsrvr.c: 1089 in pop3_client_thread()


________________________________________________________________________________________________________
*** CID 470555: Error handling issues (CHECKED_RETURN)
/mailsrvr.c: 1089 in pop3_client_thread()
1083 if ((stat=cryptSetAttribute(session, CRYPT_SESSINFO_PRIVATEKEY, scfg.tls_certificate)) != CRYPT_OK) {
1084 unlock_ssl_cert();
1085 GCESH(stat, client.protocol, socket, host_ip, session, "setting private key");
1086 return false;
1087 }
1088 nodelay = TRUE;

CID 470555: Error handling issues (CHECKED_RETURN)
Calling "setsockopt(socket, IPPROTO_TCP, 1, (char *)&nodelay, 4U)" without checking return value. This library function may fail and return an error code.

1089 setsockopt(socket,IPPROTO_TCP,TCP_NODELAY,(char*)&nodelay,sizeof(nodelay));
1090 nb=0;
1091 ioctlsocket(socket,FIONBIO,&nb);
1092 if ((stat = cryptSetAttribute(session, CRYPT_SESSINFO_NETWORKSOCKET, socket)) != CRYPT_OK) {
1093 unlock_ssl_cert();
1094 GCESH(stat, client.protocol, socket, host_ip, session, "setting session socket");

** CID 470554: Resource leaks (RESOURCE_LEAK)
/mailsrvr.c: 3122 in smtp_client_thread()


________________________________________________________________________________________________________
*** CID 470554: Resource leaks (RESOURCE_LEAK)
/mailsrvr.c: 3122 in smtp_client_thread()
3116 }
3117
3118 BOOL* mailproc_to_match = calloc(sizeof(*mailproc_to_match), mailproc_count);
3119 if(mailproc_to_match == NULL) {
3120 lprintf(LOG_CRIT,"%04d %s !ERROR allocating memory for mailproc_to_match", socket, client.protocol);
3121 sockprintf(socket,client.protocol,session,smtp_error, "malloc failure");

CID 470554: Resource leaks (RESOURCE_LEAK)
Variable "rcptlst" going out of scope leaks the storage it points to. 3122 return false;

3123 }
3124
3125 /* SMTP session active: */
3126
3127 sockprintf(socket,client.protocol,session,"220 %s Synchronet %s Server %s%c-%s Ready"

** CID 470553: (DC.WEAK_CRYPTO)
/mailsrvr.c: 4204 in smtp_client_thread()
/mailsrvr.c: 3078 in smtp_client_thread()
/mailsrvr.c: 3079 in smtp_client_thread()


________________________________________________________________________________________________________
*** CID 470553: (DC.WEAK_CRYPTO)
/mailsrvr.c: 4204 in smtp_client_thread()
4198 }
4199 if(!stricmp(buf,"AUTH CRAM-MD5")) {
4200 ZERO_VAR(relay_user);
4201 listRemoveTaggedNode(&current_logins, socket, /* free_data */TRUE);
4202
4203 safe_snprintf(challenge,sizeof(challenge),"<%x%x%lx%lx@%s>"

CID 470553: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.

4204 ,rand(),socket,(ulong)time(NULL),(ulong)clock(),server_host_name());
4205 #if 0
4206 lprintf(LOG_DEBUG,"%04d SMTP CRAM-MD5 challenge: %s"
4207 ,socket,challenge);
4208 #endif
4209 b64_encode(str,sizeof(str),challenge,strlen(challenge));
/mailsrvr.c: 3078 in smtp_client_thread()
3072 }
3073 SAFEPRINTF(spam.file,"%sspam",scfg.data_dir);
3074 spam.retry_time=scfg.smb_retry_time;
3075 spam.subnum=INVALID_SUB;
3076
3077 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */

CID 470553: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.

3078 rand(); /* throw-away first result */
3079 SAFEPRINTF4(session_id,"%x%x%x%lx",getpid(),socket,rand(),(long)clock());
3080 lprintf(LOG_DEBUG,"%04d %s [%s] Session ID=%s", socket, client.protocol, host_ip, session_id);
3081 SAFEPRINTF3(msgtxt_fname,"%sSBBS_%s.%s.msg", scfg.temp_dir, client.protocol, session_id);
3082 SAFEPRINTF3(newtxt_fname,"%sSBBS_%s.%s.new", scfg.temp_dir, client.protocol, session_id);
3083 SAFEPRINTF3(logtxt_fname,"%sSBBS_%s.%s.log", scfg.temp_dir, client.protocol, session_id);
/mailsrvr.c: 3079 in smtp_client_thread()
3073 SAFEPRINTF(spam.file,"%sspam",scfg.data_dir);
3074 spam.retry_time=scfg.smb_retry_time;
3075 spam.subnum=INVALID_SUB;
3076
3077 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */
3078 rand(); /* throw-away first result */

CID 470553: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.

3079 SAFEPRINTF4(session_id,"%x%x%x%lx",getpid(),socket,rand(),(long)clock());
3080 lprintf(LOG_DEBUG,"%04d %s [%s] Session ID=%s", socket, client.protocol, host_ip, session_id);
3081 SAFEPRINTF3(msgtxt_fname,"%sSBBS_%s.%s.msg", scfg.temp_dir, client.protocol, session_id);
3082 SAFEPRINTF3(newtxt_fname,"%sSBBS_%s.%s.new", scfg.temp_dir, client.protocol, session_id);
3083 SAFEPRINTF3(logtxt_fname,"%sSBBS_%s.%s.log", scfg.temp_dir, client.protocol, session_id);
3084 SAFEPRINTF3(rcptlst_fname,"%sSBBS_%s.%s.lst", scfg.temp_dir, client.protocol, session_id);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DMQd3_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCHTmGHVnVaZLqSbII6djd5LCfNN4WsVVM-2FraC40TFEmwnFiU15BSJwMmbqsO51yAB8H1Xj6zJDPHok6MSfH6DLipAvEvqiECGEj92Ja08CPuUfomEyNGrm6oICWjy04z9LEXD-2FV3t10gYjDHAgXUzBxC2US2YfoE3y-2FXo4-2F5AMeg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 470929: Error handling issues (CHECKED_RETURN)
/js_system.c: 1474 in js_filter_ip()


________________________________________________________________________________________________________
*** CID 470929: Error handling issues (CHECKED_RETURN)
/js_system.c: 1474 in js_filter_ip()
1468 js_system_private_t* sys;
1469 if((sys = (js_system_private_t*)js_GetClassPrivate(cx,obj,&js_system_class))==NULL)
1470 return JS_FALSE;
1471
1472 for(i=0; i<argc && fname == NULL; i++) {
1473 if(JSVAL_IS_NUMBER(argv[i])) {

CID 470929: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 261 out of 293 times).

1474 JS_ValueToInt32(cx, argv[i], &duration);
1475 continue;
1476 }
1477 if(!JSVAL_IS_STRING(argv[i]))
1478 continue;
1479 JSVALUE_TO_MSTRING(cx, argv[i], p, NULL);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dx5vI_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrD-2FFZVvmg9UFbNVSslGQHixwK2gY0JhpVYuBk-2BPEk2wVNUawfpNFUquIquIwrbnMLyXyOL-2Bbdyy88jhCHaZkpnLltM6SvZPalWR8uvzHGJLXvipDKrDTZ6KfbbjJDM-2B9TK-2Bfg-2Bntn7n3JXz8-2BbuvXtlotoQiRFNfFKyqSao3USU5A-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 471381: Null pointer dereferences (NULL_RETURNS)
/ssl.c: 412 in get_ssl_cert()


________________________________________________________________________________________________________
*** CID 471381: Null pointer dereferences (NULL_RETURNS)
/ssl.c: 412 in get_ssl_cert()
406
407 if(!do_cryptInit())
408 return -1;
409 ssl_sync(cfg);
410 lock_ssl_cert_write();
411 cert_entry = malloc(sizeof(*cert_entry));

CID 471381: Null pointer dereferences (NULL_RETURNS)
Dereferencing "cert_entry", which is known to be "NULL".

412 cert_entry->sess = -1;
413 cert_entry->epoch = cert_epoch;
414 cert_entry->next = NULL;
415
416 /* Get the certificate... first try loading it from a file... */
417 if(cryptStatusOK(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, cert_path, CRYPT_KEYOPT_READONLY))) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DNVYG_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAIQBrbLtBWXBu7NOIgqUVW-2FO9u7UhLy-2BFNLgqIU41zpqPfBM73Awa3dQxk3-2F184GO6VUS7KkG6sPhNBuQiQ4Keqf56uFZ5RoDxe4X35uihMatLZZvu1DTj5op2mLHIzl6CugzzedJw-2FjcHjqyoRYDdN5cjuB-2Bi1UXQGnATKvNQkg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 471656: Memory - corruptions (OVERRUN)


________________________________________________________________________________________________________
*** CID 471656: Memory - corruptions (OVERRUN) /tmp/sbbs-Dec-26-2023/src/smblib/smbfile.c: 367 in smb_addfile_withlist()
361
362 if(list != NULL && *list != NULL) {
363 size_t size = strListCount(list) * 1024;
364 auxdata = calloc(1, size);
365 if(auxdata == NULL)
366 return SMB_ERR_MEM;

CID 471656: Memory - corruptions (OVERRUN)
Calling "strListCombine" with "auxdata" and "size - 1UL" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.

367 strListCombine(list, auxdata, size - 1, "\r\n");
368 }
369 result = smb_addfile(smb, file, storage, extdesc, auxdata, path);
370 free(auxdata);
371 return result;
372 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D2BKI_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCT6x0GAlc7xThQfLCGiCZdmR4qZP1NcowX1yNXO3dy1e3iYdu3LqPMf8Ps-2BXyXIS9z1-2BExxr9YuMCEQ-2FkgG8-2FT0EoCNRZOLQUTkkQaenBh-2FjMptDjEjYYaLSTPN90hBdPvbODU2Cx91ZtvmuRMrZszCSUsoWukacGJvvm4ij2thw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 476254: (NULL_RETURNS) /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 505 in getChannelAttribute()
/tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 517 in getChannelAttribute()
/tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 511 in getChannelAttribute()
/tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 525 in getChannelAttribute()


________________________________________________________________________________________________________
*** CID 476254: (NULL_RETURNS) /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 505 in getChannelAttribute()
499 if( isNullChannel( channelInfoPtr ) )
500 return( CRYPT_ERROR_NOTFOUND );
501 *value = channelInfoPtr->channelID;
502 return( CRYPT_OK );
503
504 case CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE:

CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".

505 if( isNullChannel( writeChannelInfoPtr ) )
506 return( CRYPT_ERROR_NOTFOUND );
507 *value = isActiveChannel( writeChannelInfoPtr ) ? TRUE : FALSE;
508 return( CRYPT_OK );
509
510 case CRYPT_SESSINFO_SSH_CHANNEL_OPEN: /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 517 in getChannelAttribute()
511 if( isNullChannel( writeChannelInfoPtr ) )
512 return( CRYPT_ERROR_NOTFOUND );
513 *value = ( writeChannelInfoPtr->flags & CHANNEL_FLAG_READCLOSED ) ? FALSE : TRUE;
514 return( CRYPT_OK );
515
516 case CRYPT_SESSINFO_SSH_CHANNEL_WIDTH:

CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".

517 if( isNullChannel( writeChannelInfoPtr ) )
518 return( CRYPT_ERROR_NOTFOUND );
519 if (writeChannelInfoPtr->width == 0)
520 return CRYPT_ERROR_NOTFOUND;
521 *value = channelInfoPtr->width;
522 return( CRYPT_OK ); /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 511 in getChannelAttribute()
505 if( isNullChannel( writeChannelInfoPtr ) )
506 return( CRYPT_ERROR_NOTFOUND );
507 *value = isActiveChannel( writeChannelInfoPtr ) ? TRUE : FALSE;
508 return( CRYPT_OK );
509
510 case CRYPT_SESSINFO_SSH_CHANNEL_OPEN:

CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".

511 if( isNullChannel( writeChannelInfoPtr ) )
512 return( CRYPT_ERROR_NOTFOUND );
513 *value = ( writeChannelInfoPtr->flags & CHANNEL_FLAG_READCLOSED ) ? FALSE : TRUE;
514 return( CRYPT_OK );
515
516 case CRYPT_SESSINFO_SSH_CHANNEL_WIDTH: /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 525 in getChannelAttribute()
519 if (writeChannelInfoPtr->width == 0)
520 return CRYPT_ERROR_NOTFOUND;
521 *value = channelInfoPtr->width;
522 return( CRYPT_OK );
523
524 case CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT:

CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".

525 if( isNullChannel( writeChannelInfoPtr ) )
526 return( CRYPT_ERROR_NOTFOUND );
527 if (writeChannelInfoPtr->height == 0)
528 return CRYPT_ERROR_NOTFOUND;
529 *value = channelInfoPtr->height;
530 return( CRYPT_OK );

** CID 476253: Resource leaks (RESOURCE_LEAK)
/jsdebug.c: 335 in script_debug_prompt()


________________________________________________________________________________________________________
*** CID 476253: Resource leaks (RESOURCE_LEAK)
/jsdebug.c: 335 in script_debug_prompt()
329 JS_SetInterrupt(JS_GetRuntime(dbg->cx), finish_handler, NULL);
330 return DEBUG_CONTINUE;
331 }
332 if(strncmp(line, "quit\n", 5)==0 ||
333 strncmp(line, "q\n", 2)==0
334 ) {

CID 476253: Resource leaks (RESOURCE_LEAK)
Variable "line" going out of scope leaks the storage it points to.

335 return (DEBUG_EXIT);
336 }
337 if(strncmp(line, "eval ", 5)==0 ||
338 strncmp(line, "e ", 2)==0
339 ) {
340 jsval ret;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dk6EJ_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrA-2FX8i-2FapdB1BvZRHSxZvnvG9Gt4EGgnMOyOKJdrt0Ow7WO8U9rY3qdLrGQhhG9KhbgCqQ-2BdjF-2FCZbP8g3Gc1r4QsbMjorELhC-2FfCV8hEXjaVc-2BoAqZ2-2FQeAkDjxFrK3m04is-2FE5aOQcl1hrivcYLiwVEHyHlsUWiqdJNrqtFX4OA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 477525: Error handling issues (CHECKED_RETURN)
/ssl.c: 413 in get_ssl_cert()


________________________________________________________________________________________________________
*** CID 477525: Error handling issues (CHECKED_RETURN)
/ssl.c: 413 in get_ssl_cert()
407 CRYPT_CERTIFICATE ssl_cert;
408 char sysop_email[sizeof(cfg->sys_inetaddr)+6];
409 struct cert_list *cert_entry;
410
411 if(!do_cryptInit(lprintf))
412 return -1;

CID 477525: Error handling issues (CHECKED_RETURN)
Calling "ssl_sync" without checking return value (as is done elsewhere 6 out of 7 times).

413 ssl_sync(cfg, lprintf);
414 lock_ssl_cert_write();
415 cert_entry = malloc(sizeof(*cert_entry));
416 if(cert_entry == NULL) {
417 unlock_ssl_cert_write(lprintf);
418 free(cert_entry);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DG04V_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDEpEnmlDe-2FjbKZ4LOKbSyZqFRJl-2FW97DzLqL9YhzmfB5NVnMDaFqAVAu8sqMXAtM7gluOaLuz78sK9hLjatBB8CSJ6nN9iJHgKoglAvkWzF0D2D3-2FP2KvQ4r0FVsLXVQDobxZi1VHS1fHv1o1JN4QuvSLew5iAWvpjb3EkIuqiHp61IxzA0v1Q4zB-2F2vdQH-2Fs-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

40 new defect(s) introduced to Synchronet found with Coverity Scan.
65 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 40 defect(s)


** CID 479110: Program hangs (LOCK)
/pack_qwk.cpp: 753 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()


________________________________________________________________________________________________________
*** CID 479110: Program hangs (LOCK)
/pack_qwk.cpp: 753 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
747 if(flength(packet) < 1) {
748 remove(packet);
749 if((i = external(cmdstr(temp_cmd(),packet,path,NULL), ex|EX_WILDCARD)) != 0)
750 errormsg(WHERE,ERR_EXEC,cmdstr(temp_cmd(),packet,path,NULL),i);
751 if(flength(packet) < 1) {
752 bputs(text[QWKCompressionFailed]);

CID 479110: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".

753 return(false);
754 }
755 }
756
757 if(!prepack && useron.rest&FLAG('Q')) {
758 dir=opendir(cfg.temp_dir);

** CID 479109: (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 349 in readPkiStatusInfo() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 364 in readPkiStatusInfo()


________________________________________________________________________________________________________
*** CID 479109: (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 349 in readPkiStatusInfo() 343 ( status, errorInfo,
344 "Invalid PKI status string" ) );
345 }
346 hasErrorMessage = TRUE;
347 }
348 if( cryptStatusError( status ) )

CID 479109: (DEADCODE)
Execution cannot reach this statement: "return status;".

349 return( status ); /* Residual error from peekTag() */
350
351 /* Read the failure information */
352 if( checkStatusLimitsPeekTag( stream, status, tag, endPos ) && \
353 tag == BER_BITSTRING )
354 {
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 364 in readPkiStatusInfo() 358 retExt( status,
359 ( status, errorInfo,
360 "Invalid PKI failure information" ) );
361 }
362 }
363 if( cryptStatusError( status ) )

CID 479109: (DEADCODE)
Execution cannot reach this statement: "return status;".

364 return( status ); /* Residual error from peekTag() */
365
366 /* If everything's OK, we're done */
367 if( cmpStatusOK( errorCode ) )
368 return( CRYPT_OK );
369

** CID 479108: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/context/ctx_attr.c: 425 in getContextAttributeS()


________________________________________________________________________________________________________
*** CID 479108: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/context/ctx_attr.c: 425 in getContextAttributeS()
419 out */
420 return( attributeCopy( msgData, contextInfoPtr->ctxPKC->publicKeyInfo,
421 contextInfoPtr->ctxPKC->publicKeyInfoSize ) );
422 }
423 STDC_FALLTHROUGH;
424

CID 479108: Control flow issues (MISSING_BREAK)
The case for value "CRYPT_CTXINFO_SSH_PUBLIC_KEY" is not terminated by a "break" statement.

425 case CRYPT_CTXINFO_SSH_PUBLIC_KEY:
426 if ( needsKey( contextInfoPtr ) )
427 return CRYPT_ERROR_NOTFOUND;
428 if (contextType != CONTEXT_PKC)
429 return CRYPT_ERROR_NOTFOUND;
430 case CRYPT_IATTRIBUTE_KEY_PGP:

** CID 479107: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 857 in activateSession()


________________________________________________________________________________________________________
*** CID 479107: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 857 in activateSession() 851 {
852 const SES_ACTIVATESUBPROTOCOL_FUNCTION activateSubprotocolFunction = \
853 ( SES_ACTIVATESUBPROTOCOL_FUNCTION ) \
854 FNPTR_GET( sessionInfoPtr->activateInnerSubprotocolFunction );
855 REQUIRES( activateSubprotocolFunction != NULL );
856

CID 479107: Control flow issues (DEADCODE)
Execution cannot reach this statement: "status = activateSubprotoco...".

857 status = activateSubprotocolFunction( sessionInfoPtr );
858 if( cryptStatusError( status ) )
859 return( status );
860
861 /* Record the fact that the layered protocol has been
862 activated */

** CID 479106: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/scvp_cli.c: 621 in readScvpResponse()


________________________________________________________________________________________________________
*** CID 479106: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/scvp_cli.c: 621 in readScvpResponse() 615 assert( isWritePtr( stream, sizeof( STREAM ) ) );
616 assert( isWritePtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) ); 617 assert( isWritePtr( protocolInfo, sizeof( SCVP_PROTOCOL_INFO ) ) );
618
619 /* Skip the wrapper, version, and server configuration ID */ 620 readSequence( stream, NULL );

CID 479106: Error handling issues (CHECKED_RETURN)
Calling "readShortIntegerTag" without checking return value (as is done elsewhere 36 out of 45 times).

621 readShortInteger( stream, &value );
622 status = readShortInteger( stream, &value );
623 if( cryptStatusError( status ) )
624 {
625 retExt( status,
626 ( status, SESSION_ERRINFO,

** CID 479105: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1030 in closeSession()


________________________________________________________________________________________________________
*** CID 479105: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1030 in closeSession() 1024 #if defined( USE_WEBSOCKETS ) || defined( USE_EAP )
1025 if( sessionInfoPtr->subProtocol != CRYPT_SUBPROTOCOL_NONE ) 1026 {
1027 /* If there's an inner protocol present, shut that down as well */
1028 if( FNPTR_ISSET( sessionInfoPtr->closeInnerSubprotocolFunction ) )
1029 {

CID 479105: Control flow issues (DEADCODE)
Execution cannot reach the expression "sessionInfoPtr->closeInnerSubprotocolFunction.fnPtr" inside this statement: "closeSubprotocolFunction = ...".

1030 const SES_CLOSESUBPROTOCOL_FUNCTION closeSubprotocolFunction = \
1031 ( SES_CLOSESUBPROTOCOL_FUNCTION ) \
1032 FNPTR_GET( sessionInfoPtr->closeInnerSubprotocolFunction );
1033 REQUIRES( closeSubprotocolFunction != NULL ); 1034
1035 ( void ) closeSubprotocolFunction( sessionInfoPtr );

** CID 479104: (BAD_SHIFT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar()


________________________________________________________________________________________________________
*** CID 479104: (BAD_SHIFT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar()
214 non-char values can only be accessed on word-aligned boundaries */
215 LOOP_SMALL( i = 0, i < WCHAR_SIZE, i++ )
216 {
217 ENSURES_EXT( LOOP_INVARIANT_SMALL( i, 0, WCHAR_SIZE - 1 ), 0 );
218
219 #ifdef DATA_LITTLEENDIAN

CID 479104: (BAD_SHIFT)
In expression "string[i] << shiftAmt", left shifting by more than 31 bits has undefined behavior. The shift amount, "shiftAmt", is at least 72.

220 ch |= string[ i ] << shiftAmt;
221 shiftAmt += 8;
222 #else
223 ch = ( ch << 8 ) | string[ i ];
224 #endif /* DATA_LITTLEENDIAN */
225 }
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar()
214 non-char values can only be accessed on word-aligned boundaries */
215 LOOP_SMALL( i = 0, i < WCHAR_SIZE, i++ )
216 {
217 ENSURES_EXT( LOOP_INVARIANT_SMALL( i, 0, WCHAR_SIZE - 1 ), 0 );
218
219 #ifdef DATA_LITTLEENDIAN

CID 479104: (BAD_SHIFT)
In expression "string[i] << shiftAmt", left shifting by more than 31 bits has undefined behavior. The shift amount, "shiftAmt", is at least 72.

220 ch |= string[ i ] << shiftAmt;
221 shiftAmt += 8;
222 #else
223 ch = ( ch << 8 ) | string[ i ];
224 #endif /* DATA_LITTLEENDIAN */
225 }

** CID 479103: (SLEEP)


________________________________________________________________________________________________________
*** CID 479103: (SLEEP)
/pack_rep.cpp: 120 in sbbs_t::pack_rep(unsigned int)()
114 /*********************/
115 /* Pack new messages */
116 /*********************/
117 SAFEPRINTF(smb.file,"%smail",cfg.data_dir);
118 smb.retry_time=cfg.smb_retry_time;
119 smb.subnum=INVALID_SUB;

CID 479103: (SLEEP)
Call to "smb_open" might sleep while holding lock "this->input_thread_mutex".

120 if((i=smb_open(&smb))!=0) {
121 fclose(rep);
122 if(hdrs!=NULL)
123 fclose(hdrs);
124 if(voting!=NULL)
125 fclose(voting);
/pack_rep.cpp: 112 in sbbs_t::pack_rep(unsigned int)()
106 errormsg(WHERE,ERR_CREATE,str,0);
107 }
108 if(!(cfg.qhub[hubnum]->misc&QHUB_NOVOTING)) {
109 SAFEPRINTF(str,"%sVOTING.DAT",cfg.temp_dir);
110 fexistcase(str);
111 if((voting=fopen(str,"a"))==NULL)

CID 479103: (SLEEP)
Call to "errormsg" might sleep while holding lock "this->input_thread_mutex".

112 errormsg(WHERE,ERR_CREATE,str,0);
113 }
114 /*********************/
115 /* Pack new messages */
116 /*********************/
117 SAFEPRINTF(smb.file,"%smail",cfg.data_dir);
/pack_rep.cpp: 106 in sbbs_t::pack_rep(unsigned int)()
100 ,QWK_BLOCK_LEN, hubid_upper); /* So write header */
101 }
102 if(!(cfg.qhub[hubnum]->misc&QHUB_NOHEADERS)) {
103 SAFEPRINTF(str,"%sHEADERS.DAT",cfg.temp_dir);
104 fexistcase(str);
105 if((hdrs=fopen(str,"a"))==NULL)

CID 479103: (SLEEP)
Call to "errormsg" might sleep while holding lock "this->input_thread_mutex".

106 errormsg(WHERE,ERR_CREATE,str,0);
107 }
108 if(!(cfg.qhub[hubnum]->misc&QHUB_NOVOTING)) {
109 SAFEPRINTF(str,"%sVOTING.DAT",cfg.temp_dir);
110 fexistcase(str);
111 if((voting=fopen(str,"a"))==NULL)

** CID 479102: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/enc_dec/asn1_algoenc.c: 662 in readCryptAlgoParams()


________________________________________________________________________________________________________
*** CID 479102: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/enc_dec/asn1_algoenc.c: 662 in readCryptAlgoParams()
656 RC2_KEYSIZE_MAGIC (corresponding to a 128-bit key) but in
657 practice this doesn't really matter, we just use whatever we
658 find inside the PKCS #1 padding */
659 readSequence( stream, NULL );
660 if( queryInfo->cryptMode != CRYPT_MODE_CBC ) 661 return( readShortInteger( stream, NULL ) );

CID 479102: Error handling issues (CHECKED_RETURN)
Calling "readShortIntegerTag" without checking return value (as is done elsewhere 36 out of 45 times).

662 readShortInteger( stream, NULL );
663 return( readOctetString( stream, queryInfo->iv, 664 &queryInfo->ivLength,
665 MIN_IVSIZE, CRYPT_MAX_IVSIZE ) );
666 #endif /* USE_RC2 */
667

** CID 479101: (CHECKED_RETURN)
/ssl.c: 353 in internal_do_cryptInit()
/ssl.c: 345 in internal_do_cryptInit()


________________________________________________________________________________________________________
*** CID 479101: (CHECKED_RETURN)
/ssl.c: 353 in internal_do_cryptInit()
347 }
348 ret = cryptGetAttributeString(CRYPT_UNUSED, CRYPT_OPTION_INFO_PATCHES, patches, &stp);
349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) {
350 cryptInit_error = ret;
351 cryptlib_initialized = false;
352 cryptEnd();

CID 479101: (CHECKED_RETURN)
Calling "asprintf" without checking return value (as is done elsewhere 19 out of 21 times).

353 asprintf(&cryptfail, "Incorrect cryptlib patch set %.32s (expected %s)", patches, CRYPTLIB_PATCHES);
354 return;
355 }
356 return;
357 }
358
/ssl.c: 345 in internal_do_cryptInit()
339 }
340 tmp = (maj * 100) + (min * 10) + stp;
341 if (tmp != CRYPTLIB_VERSION) {
342 cryptInit_error = CRYPT_ERROR_INVALID;
343 cryptlib_initialized = false;
344 cryptEnd();

CID 479101: (CHECKED_RETURN)
Calling "asprintf" without checking return value (as is done elsewhere 19 out of 21 times).

345 asprintf(&cryptfail, "Incorrect cryptlib version %d (expected %d)", tmp, CRYPTLIB_VERSION);
346 return;
347 }
348 ret = cryptGetAttributeString(CRYPT_UNUSED, CRYPT_OPTION_INFO_PATCHES, patches, &stp);
349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) {
350 cryptInit_error = ret;

** CID 479100: (ATOMICITY)
/ssl.c: 659 in destroy_session()
/ssl.c: 659 in destroy_session()


________________________________________________________________________________________________________
*** CID 479100: (ATOMICITY)
/ssl.c: 659 in destroy_session()
653 lprintf(LOG_ERR, "Unable to unlock cert_epoch_lock for write at %d", __LINE__);
654 return CRYPT_ERROR_INTERNAL;
655 }
656 sess->sess = -1;
657 pthread_mutex_lock(&ssl_cert_list_mutex);
658 sess->next = cert_list;

CID 479100: (ATOMICITY)
Using an unreliable value of "sess" inside the second locked section. If the data that "sess" depends on was changed by another thread, this use might be incorrect.

659 cert_list = sess;
660 pthread_mutex_unlock(&ssl_cert_list_mutex);
661 ret = cryptDestroySession(csess);
662 }
663 else {
664 if (!rwlock_unlock(&cert_epoch_lock)) {
/ssl.c: 659 in destroy_session()
653 lprintf(LOG_ERR, "Unable to unlock cert_epoch_lock for write at %d", __LINE__);
654 return CRYPT_ERROR_INTERNAL;
655 }
656 sess->sess = -1;
657 pthread_mutex_lock(&ssl_cert_list_mutex);
658 sess->next = cert_list;

CID 479100: (ATOMICITY)
Using an unreliable value of "sess" inside the second locked section. If the data that "sess" depends on was changed by another thread, this use might be incorrect.

659 cert_list = sess;
660 pthread_mutex_unlock(&ssl_cert_list_mutex);
661 ret = cryptDestroySession(csess);
662 }
663 else {
664 if (!rwlock_unlock(&cert_epoch_lock)) {

** CID 479099: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_rdmsg.c: 495 in readResponseBody()


________________________________________________________________________________________________________
*** CID 479099: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_rdmsg.c: 495 in readResponseBody()
489 ( status, SESSION_ERRINFO,
490 "Invalid caPubs field in %s", 491 getCMPMessageName( messageType ) ) );
492 }
493 }
494 if( cryptStatusError( status ) )

CID 479099: Control flow issues (DEADCODE)
Execution cannot reach this statement: "return status;".

495 return( status ); /* Residual error from checkStatusPeekTag() */
496
497 /* If it's a revocation response then the only returned data is the
498 status value */
499 if( protocolInfo->operation == CTAG_PB_RR )
500 {

** CID 479098: Program hangs (LOCK)
/pack_rep.cpp: 95 in sbbs_t::pack_rep(unsigned int)()


________________________________________________________________________________________________________
*** CID 479098: Program hangs (LOCK)
/pack_rep.cpp: 95 in sbbs_t::pack_rep(unsigned int)()
89 if(fexistcase(str))
90 fmode="r+b";
91 else
92 fmode="w+b";
93 if((rep=fopen(str, fmode))==NULL) {
94 errormsg(WHERE, ERR_CREATE, str, 0, fmode);

CID 479098: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".

95 return false;
96 }
97 fseek(rep, 0, SEEK_END);
98 if(ftell(rep) < 1) { /* New REP packet */
99 fprintf(rep, "%-*s"
100 ,QWK_BLOCK_LEN, hubid_upper); /* So write header */

** CID 479097: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1035 in closeSession()


________________________________________________________________________________________________________
*** CID 479097: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1035 in closeSession() 1029 {
1030 const SES_CLOSESUBPROTOCOL_FUNCTION closeSubprotocolFunction = \
1031 ( SES_CLOSESUBPROTOCOL_FUNCTION ) \
1032 FNPTR_GET( sessionInfoPtr->closeInnerSubprotocolFunction );
1033 REQUIRES( closeSubprotocolFunction != NULL ); 1034

CID 479097: Control flow issues (DEADCODE)
Execution cannot reach this statement: "(void)closeSubprotocolFunct...".

1035 ( void ) closeSubprotocolFunction( sessionInfoPtr );
1036 }
1037
1038 /* If protocol management is handled by an outer protocol, don't
1039 perform a session shutdown. This is in theory rather nasty in
1040 that an attacker who can spoof an unsecured outer protocol packet

** CID 479096: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 685 in activateConnection()


________________________________________________________________________________________________________
*** CID 479096: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 685 in activateConnection()
679
680 /* If there's sub-protocol selected, activate that as well */ 681 #if defined( USE_WEBSOCKETS ) || defined( USE_EAP )
682 if( sessionInfoPtr->subProtocol != CRYPT_SUBPROTOCOL_NONE && \ 683 FNPTR_ISSET( sessionInfoPtr->activateOuterSubprotocolFunction ) )
684 {

CID 479096: Control flow issues (DEADCODE)
Execution cannot reach the expression "sessionInfoPtr->activateOuterSubprotocolFunction.fnPtr" inside this statement: "activateSubprotocolFunction...".

685 const SES_ACTIVATESUBPROTOCOL_FUNCTION activateSubprotocolFunction = \
686 ( SES_ACTIVATESUBPROTOCOL_FUNCTION ) \
687 FNPTR_GET( sessionInfoPtr->activateOuterSubprotocolFunction );
688 REQUIRES( activateSubprotocolFunction != NULL );
689
690 status = activateSubprotocolFunction( sessionInfoPtr );

** CID 479095: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/kernel/selftest.c: 130 in testSafetyMechanisms()


________________________________________________________________________________________________________
*** CID 479095: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/kernel/selftest.c: 130 in testSafetyMechanisms()
124 tmrIntB |= 0x800;
125 tmrIntC |= 0x01;
126 if( TMR_VALID( tmrInt ) || TMR_GET( tmrInt ) != 20 )
127 return( FALSE );
128 TMR_SCRUB( tmrInt );
129 if( tmrIntA != 20 || tmrIntB != 20 || tmrIntC != 20 )

CID 479095: Control flow issues (DEADCODE)
Execution cannot reach this statement: "return 0;".

130 return( FALSE );
131 CFI_CHECK_UPDATE( "TMR" );
132
133 /* Test the overflow-checking mechanisms. These checks will probably
134 fall prey to optimiser inlining but it'll still statically check that
135 they work as expected.

** CID 479094: (DEADCODE)
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 720 in readAttributeCertInfo() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 668 in readAttributeCertInfo() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 641 in readAttributeCertInfo()


________________________________________________________________________________________________________
*** CID 479094: (DEADCODE)
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 720 in readAttributeCertInfo() 714 {
715 return( certErrorReturn( certInfoPtr, "issuer unique ID",
716 status ) );
717 }
718 }
719 if( cryptStatusError( status ) )

CID 479094: (DEADCODE)
Execution cannot reach this statement: "return status;".

720 return( status ); /* Residual error from peekTag() */
721
722 /* If there are no extensions present, we're done */
723 if( stell( stream ) >= endPos )
724 return( CRYPT_OK );
725
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 668 in readAttributeCertInfo() 662 if( cryptStatusOK( status ) )
663 status = readIssuerDN( stream, certInfoPtr ); 664 if( cryptStatusError( status ) )
665 return( certErrorReturn( certInfoPtr, "issuer name", status ) );
666 }
667 if( cryptStatusError( status ) )

CID 479094: (DEADCODE)
Execution cannot reach this statement: "return status;".

668 return( status ); /* Residual error from peekTag() */
669 if( checkStatusLimitsPeekTag( stream, status, tag, innerEndPos ) && \
670 tag == MAKE_CTAG( CTAG_AC_ISSUER_BASECERTIFICATEID ) ) 671 {
672 status = readUniversal( stream );
673 }
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 641 in readAttributeCertInfo() 635 if( cryptStatusOK( status ) )
636 status = readSubjectDN( stream, certInfoPtr ); 637 if( cryptStatusError( status ) )
638 return( certErrorReturn( certInfoPtr, "holder name", status ) );
639 }
640 if( cryptStatusError( status ) )

CID 479094: (DEADCODE)
Execution cannot reach this statement: "return status;".

641 return( status ); /* Residual error from peekTag() */
642 if( checkStatusLimitsPeekTag( stream, status, tag, innerEndPos ) && \
643 tag == MAKE_CTAG( CTAG_AC_HOLDER_OBJECTDIGESTINFO ) ) 644 {
645 /* This is a complicated structure that in effect encodes a generic
646 hole reference to "other", for now we just skip it until we can

** CID 479093: (DEADCODE)
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1779 in openKeyset() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1770 in openKeyset() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1771 in openKeyset()


________________________________________________________________________________________________________
*** CID 479093: (DEADCODE)
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1779 in openKeyset()
1773 break;
1774
1775 case CRYPT_KEYSET_HTTP:
1776 status = setAccessMethodHTTP( keysetInfoPtr ); 1777 break;
1778

CID 479093: (DEADCODE)
Execution cannot reach this statement: "case CRYPT_KEYSET_LDAP:".

1779 case CRYPT_KEYSET_LDAP:
1780 status = setAccessMethodLDAP( keysetInfoPtr ); 1781 break;
1782
1783 default:
1784 retIntError(); /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1770 in openKeyset()
1764 }
1765
1766 /* It's a specific type of keyset, set up the access information for it
1767 and connect to it */
1768 switch( keysetType )
1769 {

CID 479093: (DEADCODE)
Execution cannot reach this statement: "case CRYPT_KEYSET_DATABASE:". 1770 case CRYPT_KEYSET_DATABASE:

1771 case CRYPT_KEYSET_DATABASE_STORE:
1772 status = setAccessMethodDBMS( keysetInfoPtr, keysetType );
1773 break;
1774
1775 case CRYPT_KEYSET_HTTP: /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1771 in openKeyset()
1765
1766 /* It's a specific type of keyset, set up the access information for it
1767 and connect to it */
1768 switch( keysetType )
1769 {
1770 case CRYPT_KEYSET_DATABASE:

CID 479093: (DEADCODE)
Execution cannot reach this statement: "case CRYPT_KEYSET_DATABASE_...".

1771 case CRYPT_KEYSET_DATABASE_STORE:
1772 status = setAccessMethodDBMS( keysetInfoPtr, keysetType );
1773 break;
1774
1775 case CRYPT_KEYSET_HTTP:
1776 status = setAccessMethodHTTP( keysetInfoPtr );

** CID 479092: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/ext_copy.c: 285 in copyAttribute()


________________________________________________________________________________________________________
*** CID 479092: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/ext_copy.c: 285 in copyAttribute()
279 if( DATAPTR_ISSET_PTR( newAttributeHeadPtr ) ) 280 deleteAttributes( newAttributeHeadPtr );
281 return( status );
282 }
283
284 /* Append the new field to the new attribute list */ >>> CID 479092: Resource leaks (RESOURCE_LEAK)

Variable "newAttributeField" going out of scope leaks the storage it points to.

285 insertDoubleListElement( newAttributeHeadPtr, newAttributeListTail,
286 newAttributeField, ATTRIBUTE_LIST );
287 newAttributeListTail = newAttributeField;
288 }
289 ENSURES( LOOP_BOUND_OK );
290 ENSURES( DATAPTR_ISSET_PTR( newAttributeHeadPtr ) );

** CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/ssh2_msgcli.c: 707 in processChannelOpenConfirmation()


________________________________________________________________________________________________________
*** CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/ssh2_msgcli.c: 707 in processChannelOpenConfirmation()
701 done */
702 if( serviceType == SERVICE_PORTFORWARD ) {
703 selectChannel( sessionInfoPtr, origWriteChannelNo, CHANNEL_WRITE );
704 return( CRYPT_OK );
705 }
706

CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"255612575 || channelNo == 0 || !waitforWindow" is always true regardless of the values of its operands. This occurs as the logical operand of "if".

707 if ( TRUE || channelNo == 0 || !waitforWindow )
708 {
709 /* It's a session open request that requires additional messages to do
710 anything useful, create and send the extra packets. Unlike the
711 overall open request, we can't wrap and send the packets in one go
712 because serviceType == SERVICE_SHELL has to send multiple packets,


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D_Ob8_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDXsFtzU0G-2FWPcCSE76ga65FpTOVnlTg2HlohxKy4ePNmfAvcTgQHzRuwjEUPYcoNsjv51yTcWgn-2B5ZoKEZbHKDuJHZyg4oYm-2B85r0HAuyVfWOvaujD7HGzC-2Bi-2BJJr4c31Rz-2B5noR-2FnEcQw4pO0lSZx8Qbg6Ydb9v-2FQISXmWX5vnA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 480410: Uninitialized variables (UNINIT) /tmp/sbbs-Feb-01-2024/src/conio/ciolib.c: 2152 in ciolib_rgb_to_legacyattr()


________________________________________________________________________________________________________
*** CID 480410: Uninitialized variables (UNINIT) /tmp/sbbs-Feb-01-2024/src/conio/ciolib.c: 2152 in ciolib_rgb_to_legacyattr() 2146 }
2147 }
2148 }
2149 }
2150
2151 return (bestb << 4) | bestf;

CID 480410: Uninitialized variables (UNINIT)
Using uninitialized value "bestf".

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D0Whj_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCGuXH-2F8nbk79WMe2MJx6-2FI9exgVraqIoXRfw5t191-2Fkv7cvlCW07dWiwEkebe6LE7W-2FqT6ZfpHP5InVb8zXpzOgZvf4Ur9-2BJrsFE50Fqk6iSfX0glKX5AlD-2FYPX7BWAafhUDNW6RVuwz3H5dgusXmMWB9WTfpkkhCog7HEgqDjmg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 483188: Memory - corruptions (OVERRUN)
/ssl.c: 349 in internal_do_cryptInit()


________________________________________________________________________________________________________
*** CID 483188: Memory - corruptions (OVERRUN)
/ssl.c: 349 in internal_do_cryptInit()
343 cryptlib_initialized = false;
344 cryptEnd();
345 asprintf(&cryptfail, "Incorrect cryptlib version %d (expected %d)", tmp, CRYPTLIB_VERSION);
346 return;
347 }
348 ret = cryptGetAttributeString(CRYPT_UNUSED, CRYPT_OPTION_INFO_PATCHES, patches, &stp);

CID 483188: Memory - corruptions (OVERRUN)
Overrunning array """" of 1 bytes by passing it to a function which accesses it at byte offset 31 using argument "32UL".

349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) {
350 cryptInit_error = ret;
351 cryptlib_initialized = false;
352 cryptEnd();
353 asprintf(&cryptfail, "Incorrect cryptlib patch set %.32s (expected %s)", patches, CRYPTLIB_PATCHES);
354 return;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DoE8P_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCgaHhvhfxqmGN-2F2MOiNHiXAXmmE5-2BoMir72-2FKS-2B4CChPr-2B6DUEcHFnW2fJcB9K-2BLqjLkG6SOds2KKoiOogAgt4kivLp-2Bbv0MawXscaXZ6U3zKSU8zPaw8llzmAMgAx1EcIlUZ9-2Faak-2B54E1Z-2BGSHEscOAt6ClVWnKMr9zoYGJFvw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
8 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 483249: Error handling issues (CHECKED_RETURN)
/main.cpp: 3570 in sbbs_t::init()()


________________________________________________________________________________________________________
*** CID 483249: Error handling issues (CHECKED_RETURN)
/main.cpp: 3570 in sbbs_t::init()()
3564 thisnode.misc&=(NODE_EVENT|NODE_LOCK|NODE_RRUN);
3565 criterrs=thisnode.errors;
3566 putnodedat(cfg.node_num,&thisnode);
3567
3568 // remove any pending node messages
3569 safe_snprintf(str, sizeof(str), "%smsgs/n%3.3u.msg",cfg.data_dir,cfg.node_num);

CID 483249: Error handling issues (CHECKED_RETURN)
Calling "remove(str)" without checking return value. This library function may fail and return an error code.

3570 remove(str);
3571 // Delete any stale temporary files (with potentially sensitive content)
3572 delfiles(cfg.temp_dir,ALLFILES);
3573 safe_snprintf(str, sizeof(str), "%sMSGTMP", cfg.node_dir);
3574 removecase(str);
3575 safe_snprintf(str, sizeof(str), "%sQUOTES.TXT", cfg.node_dir);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DuxM4_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDlWnKXqUo4ko-2BswZDnU0KThZlBPhv1kFyIVU6rRp9K48otOTA5WQm5qg8o-2FY8FDqYkPfgDhKOyoUIQMv1mPwAY7yKStOAqjn6xloHvMgh0mRG0DJXpuxyIOkTyi2gGZzdoTshBDw9gCNjiMqTW3IeGxtntX-2B4oBRMrCvut8dx1Kg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 486181: (RESOURCE_LEAK)
/js_bbs.cpp: 1730 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()
/js_bbs.cpp: 1732 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 486181: (RESOURCE_LEAK)
/js_bbs.cpp: 1730 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()
1724 if (instr == NULL)
1725 return JS_FALSE;
1726
1727 if(JSVAL_IS_OBJECT(argv[1]) && !JSVAL_IS_NULL(argv[1])) {
1728 JSObject* hdrobj;
1729 if((hdrobj = JSVAL_TO_OBJECT(argv[1])) == NULL)

CID 486181: (RESOURCE_LEAK)
Variable "instr" going out of scope leaks the storage it points to. 1730 return JS_FALSE;

1731 if(!js_GetMsgHeaderObjectPrivates(cx, hdrobj, /* smb_t: */NULL, &msg, /* post: */NULL))
1732 return JS_FALSE;
1733 }
1734
1735 rc = JS_SUSPENDREQUEST(cx);
/js_bbs.cpp: 1732 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()
1726
1727 if(JSVAL_IS_OBJECT(argv[1]) && !JSVAL_IS_NULL(argv[1])) {
1728 JSObject* hdrobj;
1729 if((hdrobj = JSVAL_TO_OBJECT(argv[1])) == NULL)
1730 return JS_FALSE;
1731 if(!js_GetMsgHeaderObjectPrivates(cx, hdrobj, /* smb_t: */NULL, &msg, /* post: */NULL))

CID 486181: (RESOURCE_LEAK)
Variable "instr" going out of scope leaks the storage it points to. 1732 return JS_FALSE;

1733 }
1734
1735 rc = JS_SUSPENDREQUEST(cx);
1736 sbbs->expand_atcodes(instr, result, sizeof result, msg);
1737 free(instr);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DmylI_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDXJXQdHoPdhvgvF0Vb847O95f-2F78EIoUagepOVq0LGxVFLDoLOCCiMG-2Fo4JxZOKwjHbMnoOXJKKkCjtFcCkE7VRLhxJ-2FNLJW4jwAN0Jl-2F3no6moASPMez-2F6bxuKm8Qy55QwIHngsrpIdU6tJlGz6f2tQot6J2A4fn-2FWICSVomHTA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 486276: (USE_AFTER_FREE)
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()


________________________________________________________________________________________________________
*** CID 486276: (USE_AFTER_FREE)
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DIHvH_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCP2NMkGTJz9ej0zbFZSaut2su5O4d-2FdeN5YNfhO3vr5iN7SLkyWMmA-2BkVBoBNMCMtjp4F5UOP3BhPg-2B0yHPx-2BA66plmcHqc3TbhObiquLp-2FeS-2BJifVzCXGlHdvyg4PHEaoR6LUO7c-2FqTSbtEkku9P0EYfxZeeo5KgjMqT4aVuFYw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 486477: Error handling issues (CHECKED_RETURN)
/writemsg.cpp: 416 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()


________________________________________________________________________________________________________
*** CID 486477: Error handling issues (CHECKED_RETURN)
/writemsg.cpp: 416 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
410 free(buf);
411 return(false);
412 }
413 if(!i && linesquoted)
414 break;
415 if(!i || quote[0]==all_key()) { /* Quote all */

CID 486477: Error handling issues (CHECKED_RETURN)
Calling "fseek(stream, l, 0)" without checking return value. This library function may fail and return an error code.

416 fseek(stream,l,SEEK_SET);
417 while(!feof(stream) && !ferror(stream)) {
418 if(!fgets(str,sizeof(str),stream))
419 break;
420 quotestr(str);
421 SAFEPRINTF2(tmp,quote_fmt,cols-4,str);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D2gqt_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDyBxF-2BuedSB2oLaNTy6psp3Cor4F0rz-2B4SwaIkEVyFE7FwRjEukPY43bM1L1Hi7YMYgyrb0V1krz3N47RLZR8GIqMuk2Z3RqE2OO4o9y0KvmmLDJLp5jbtMBebo-2FmfheUw1RP41SRg-2FK16Oi1OoUubPmh6iPKTPVX1V81t13b6sA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 486496: (CHECKED_RETURN)
/writemsg.cpp: 382 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 344 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()


________________________________________________________________________________________________________
*** CID 486496: (CHECKED_RETURN)
/writemsg.cpp: 382 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
376
377 else if(useron_xedit && cfg.xedit[useron_xedit-1]->misc&QUOTENONE)
378 ;
379
380 else if(yesno(text[QuoteMessageQ])) {
381 if(!fexist(quotes_fname(useron_xedit, path, sizeof(path))))

CID 486496: (CHECKED_RETURN)
Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 130 times).

382 fexistcase(path);
383 if((stream=fnopen(&file,path,O_RDONLY))==NULL) {
384 errormsg(WHERE,ERR_OPEN,path,O_RDONLY); 385 free(buf);
386 return(false);
387 }
/writemsg.cpp: 344 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
338 && cfg.sub[subnum]->misc&SUB_QUOTE))) {
339
340 /* Quote entire message to MSGTMP or INPUT.MSG */
341
342 if(useron_xedit && cfg.xedit[useron_xedit-1]->misc&QUOTEALL) {
343 if(!fexist(quotes_fname(useron_xedit, path, sizeof(path))))

CID 486496: (CHECKED_RETURN)
Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 130 times).

344 fexistcase(path);
345 if((stream=fnopen(NULL,path,O_RDONLY))==NULL) { 346 errormsg(WHERE,ERR_OPEN,path,O_RDONLY); 347 free(buf);
348 return(false);
349 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dzn-5_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDPrVkNTVRB68tnZKkkXRCkPUT71LTHn8QopE1tYVp-2FX-2Br08qA1yywGwU3c4MVrlWG-2BFbxw1q-2Fo2e8fear09VrdxSTaZYVAh-2F7Xjhpabc-2Bcxm1n9Xbtacc4z9BZManLJqZ02pp-2F9yM96t7IgwLb1rxOxJKJoizd1NnBghDuRAiDsQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 486966: Memory - illegal accesses (RETURN_LOCAL) /tmp/sbbs-Feb-21-2024/src/xpdev/ini_file.c: 1073 in iniGetSString()


________________________________________________________________________________________________________
*** CID 486966: Memory - illegal accesses (RETURN_LOCAL) /tmp/sbbs-Feb-21-2024/src/xpdev/ini_file.c: 1073 in iniGetSString()
1067 size_t pos;
1068
1069 ret = iniGetString(list, section, key, deflt, fval);
1070 if (ret == NULL)
1071 return ret;
1072 if (ret == deflt)

CID 486966: Memory - illegal accesses (RETURN_LOCAL)
Returning pointer "ret" which points to local variable "fval".

1073 return ret;
1074 if (sz < 1 || value == NULL)
1075 return value;
1076 for (pos = 0; ret[pos]; pos++) {
1077 if (pos == sz - 1)
1078 break;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DCYsZ_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrB1fCECxNjHKDEt971XvCYyugWw34HvI84c7ZyY-2BmycHBmh3Jr1qZj7bY0gisTp5UvajQDEP9IZaQTdaMfzHs9DaKL5izWrIdkGSbov-2BkvcK5JM0MeIsMOKIH6vPln5vf0C7XQzN4AL02tzLGZGEYX2inJEOXX8A46m4M4faN8zLQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 486983: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Feb-24-2024/src/conio/bitmap_con.c: 503 in get_full_rectangle_locked()


________________________________________________________________________________________________________
*** CID 486983: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Feb-24-2024/src/conio/bitmap_con.c: 503 in get_full_rectangle_locked()
497 {
498 struct rectlist *rect;
499 size_t sz = screen->screenwidth * screen->screenheight;
500 size_t pos;
501
502 // TODO: Some sort of caching here would make things faster...? >>> CID 486983: Concurrent data access violations (MISSING_LOCK)

Accessing "callbacks.drawrect" without holding lock "bitmap_callbacks.lock". Elsewhere, "bitmap_callbacks.drawrect" is written to with "bitmap_callbacks.lock" held 1 out of 1 times (1 of these accesses strongly imply that it is necessary).

503 if(callbacks.drawrect) {
504 rect = alloc_full_rect(screen, true);
505 if (!rect)
506 return rect;
507 for (pos = 0; pos < sz; pos++)
508 rect->data[pos] = color_value(screen->rect->data[pos]);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D8c0G_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAVcLrFKXhsSDRaqja0Q4G60ZIIHvAxvJ-2BFLnRXVDcep-2B1SeryMCXp8nrAo0L5iDlIM3xJ7X0g6QrD0mlxK5meH-2BBJ37jGt-2F-2BR0SSgqyC1ybNJHz3XT2-2F11T7UEUt5-2FUqhSnT2Rs5NZnjzJIv-2Bf3-2BxbnrqOl4LZRHeRWkBYW2FZNw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 487089: High impact quality (Y2K38_SAFETY)
/logout.cpp: 97 in sbbs_t::logout(bool)()


________________________________________________________________________________________________________
*** CID 487089: High impact quality (Y2K38_SAFETY)
/logout.cpp: 97 in sbbs_t::logout(bool)()
91 delfiles(cfg.temp_dir,ALLFILES);
92 if(sys_status&SS_USERON) { // Insures the useron actually went through logon()/getmsgptrs() first
93 putmsgptrs();
94 }
95 if(!REALSYSOP)
96 logofflist();

CID 487089: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".

97 useron.laston=(time32_t)now;
98
99 ttoday=useron.ttoday-useron.textra; /* billable time used prev calls */
100 if(ttoday>=cfg.level_timeperday[useron.level])
101 i=0;
102 else

** CID 487088: Error handling issues (CHECKED_RETURN)
/logout.cpp: 89 in sbbs_t::logout(bool)()


________________________________________________________________________________________________________
*** CID 487088: Error handling issues (CHECKED_RETURN)
/logout.cpp: 89 in sbbs_t::logout(bool)()
83 if(cfg.logout_mod[0]) {
84 lprintf(LOG_DEBUG, "executing logout module: %s", cfg.logout_mod);
85 exec_bin(cfg.logout_mod,&main_csi);
86 }
87 SAFEPRINTF2(path,"%smsgs/%4.4u.msg",cfg.data_dir,useron.number);
88 if(fexistcase(path) && !flength(path)) /* remove any 0 byte message files */

CID 487088: Error handling issues (CHECKED_RETURN)
Calling "remove(path)" without checking return value. This library function may fail and return an error code.

89 remove(path);
90
91 delfiles(cfg.temp_dir,ALLFILES);
92 if(sys_status&SS_USERON) { // Insures the useron actually went through logon()/getmsgptrs() first
93 putmsgptrs();
94 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D6w7L_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZL2KLON9c0qMM4K5aJ-2BfdThB6-2BKGg4cWLgpEPITZFj21NY7HODKa21xNCYmqB9WQ9jGdCaJ8kxZplYYP3ZpJQciN5y3k5uG3vF-2Bbjho-2FJ80W4KFTLh14Ge0YKg4KwvJQypDruDryLBwEKW1kUPhOIUyQwbpfzm3Xgxi8Wb6VLKOw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

23 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 23 defect(s)


** CID 487180: Memory - corruptions (BUFFER_SIZE)
/sftp.cpp: 1388 in sftp_readdir(sftp_string *, void *)()


________________________________________________________________________________________________________
*** CID 487180: Memory - corruptions (BUFFER_SIZE)
/sftp.cpp: 1388 in sftp_readdir(sftp_string *, void *)()
1382 return generic_dot_entry(sbbs, dir, tmppath, &dd->info.rootdir.idx);
1383 }
1384 if (dd->info.rootdir.idx == dotdot) {
1385 if (pm->sftp_patt[1]) {
1386 char *dir = const_cast<char *>(".."); 1387 snprintf(tmppath, sizeof(tmppath) - 2 /* for dir */, pm->sftp_patt, sbbs->useron.alias);

CID 487180: Memory - corruptions (BUFFER_SIZE)
Buffer "tmppath" has a size of 4097 characters, and its string length (null character not included) is 4095 characters, leaving an available space of 2 characters. Appending "dir", whose string length (null character not included) is 2 characters, plus the null character overruns "tmppath".

1388 strcat(tmppath, dir);
1389 return generic_dot_realpath_entry(sbbs, dir, tmppath, &dd->info.rootdir.idx);
1390 }
1391 else
1392 dd->info.rootdir.idx++;
1393 }

** CID 487179: (MISSING_LOCK)
/tmp/sbbs-Feb-28-2024/src/sftp/sftp_static.h: 63 in exit_function() /tmp/sbbs-Feb-28-2024/src/sftp/sftp_static.h: 63 in exit_function()


________________________________________________________________________________________________________
*** CID 487179: (MISSING_LOCK)
/tmp/sbbs-Feb-28-2024/src/sftp/sftp_static.h: 63 in exit_function()
57 }
58
59 static bool
60 exit_function(SFTP_STATIC_TYPE state, bool retval)
61 {
62 assert(state->running > 0);

CID 487179: (MISSING_LOCK)
Accessing "state->running" without holding lock "sftp_client_state.mtx". Elsewhere, "sftp_client_state.running" is written to with "sftp_client_state.mtx" held 1 out of 2 times (1 of these accesses strongly imply that it is necessary).

63 state->running--;
64 pthread_mutex_unlock(&state->mtx);
65 return retval;
66 }
67
68 static bool
/tmp/sbbs-Feb-28-2024/src/sftp/sftp_static.h: 63 in exit_function()
57 }
58
59 static bool
60 exit_function(SFTP_STATIC_TYPE state, bool retval)
61 {
62 assert(state->running > 0);

CID 487179: (MISSING_LOCK)
Accessing "state->running" without holding lock "sftp_server_state.mtx". Elsewhere, "sftp_server_state.running" is written to with "sftp_server_state.mtx" held 1 out of 2 times (1 of these accesses strongly imply that it is necessary).

63 state->running--;
64 pthread_mutex_unlock(&state->mtx);
65 return retval;
66 }
67
68 static bool

** CID 487178: (RESOURCE_LEAK)
/tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 78 in s_open() /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 72 in s_open() /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 82 in s_open() /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 68 in s_open()


________________________________________________________________________________________________________
*** CID 487178: (RESOURCE_LEAK) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 78 in s_open()
72 return true;
73 }
74 }
75 if (!(flags & SSH_FXF_CREAT)) {
76 if (flags & SSH_FXF_TRUNC) {
77 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't truncate unless creating");

CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.

78 return true;
79 }
80 if (flags & SSH_FXF_EXCL) {
81 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't open exclisive unless creating");
82 return true;
83 }
/tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 72 in s_open()
66 if (flags & SSH_FXF_CREAT) {
67 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't create unless writing");
68 return true;
69 }
70 if (flags & SSH_FXF_APPEND) {
71 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't append unless writing");

CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.

72 return true;
73 }
74 }
75 if (!(flags & SSH_FXF_CREAT)) {
76 if (flags & SSH_FXF_TRUNC) {
77 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't truncate unless creating");
/tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 82 in s_open()
76 if (flags & SSH_FXF_TRUNC) {
77 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't truncate unless creating");
78 return true;
79 }
80 if (flags & SSH_FXF_EXCL) {
81 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't open exclisive unless creating");

CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.

82 return true;
83 }
84 }
85 attrs = sftp_getfattr(state->rxp);
86 if (attrs == NULL) {
87 free_sftp_str(fname); /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 68 in s_open()
62 if (fname == NULL)
63 return false;
64 flags = get32(state);
65 if (!(flags & SSH_FXF_WRITE)) {
66 if (flags & SSH_FXF_CREAT) {
67 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't create unless writing");

CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.

68 return true;
69 }
70 if (flags & SSH_FXF_APPEND) {
71 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't append unless writing");
72 return true;
73 }

** CID 487177: (Y2K38_SAFETY)
/sftp.cpp: 433 in homefile_attrs(sbbs_t *, const char *)()
/sftp.cpp: 433 in homefile_attrs(sbbs_t *, const char *)()


________________________________________________________________________________________________________
*** CID 487177: (Y2K38_SAFETY)
/sftp.cpp: 433 in homefile_attrs(sbbs_t *, const char *)()
427 if (attr == nullptr)
428 return nullptr;
429 sftp_fattr_set_permissions(attr, S_IFREG | S_IRWXU | S_IRUSR | S_IWUSR);
430 sftp_fattr_set_uid_gid(attr, sbbs->useron.number, users_gid); 431 sftp_fattr_set_size(attr, flength(path));
432 time_t fd = fdate(path);

CID 487177: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".

433 sftp_fattr_set_times(attr, fd, fd);
434 return attr;
435 }
436
437 static sftp_file_attr_t
438 sshkeys_attrs(sbbs_t *sbbs, const char *path)
/sftp.cpp: 433 in homefile_attrs(sbbs_t *, const char *)()
427 if (attr == nullptr)
428 return nullptr;
429 sftp_fattr_set_permissions(attr, S_IFREG | S_IRWXU | S_IRUSR | S_IWUSR);
430 sftp_fattr_set_uid_gid(attr, sbbs->useron.number, users_gid); 431 sftp_fattr_set_size(attr, flength(path));
432 time_t fd = fdate(path);

CID 487177: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".

433 sftp_fattr_set_times(attr, fd, fd);
434 return attr;
435 }
436
437 static sftp_file_attr_t
438 sshkeys_attrs(sbbs_t *sbbs, const char *path)

** CID 487176: (RESOURCE_LEAK)
/sftp.cpp: 741 in find_lib(sbbs_t *, const char *)()
/sftp.cpp: 741 in find_lib(sbbs_t *, const char *)()


________________________________________________________________________________________________________
*** CID 487176: (RESOURCE_LEAK)
/sftp.cpp: 741 in find_lib(sbbs_t *, const char *)()
735 *c = 0;
736 for (l = 0; l < sbbs->cfg.total_libs; l++) {
737 if (!can_user_access_lib(&sbbs->cfg, l, &sbbs->useron, &sbbs->client))
738 continue;
739 exp = expand_slash(sbbs->cfg.lib[l]->lname);
740 if (exp == nullptr)

CID 487176: (RESOURCE_LEAK)
Variable "p" going out of scope leaks the storage it points to.

741 return -1;
742 if (strcmp(p, exp)) {
743 free(exp);
744 continue;
745 }
746 free(exp);
/sftp.cpp: 741 in find_lib(sbbs_t *, const char *)()
735 *c = 0;
736 for (l = 0; l < sbbs->cfg.total_libs; l++) {
737 if (!can_user_access_lib(&sbbs->cfg, l, &sbbs->useron, &sbbs->client))
738 continue;
739 exp = expand_slash(sbbs->cfg.lib[l]->lname);
740 if (exp == nullptr)

CID 487176: (RESOURCE_LEAK)
Variable "p" going out of scope leaks the storage it points to.

741 return -1;
742 if (strcmp(p, exp)) {
743 free(exp);
744 continue;
745 }
746 free(exp);

** CID 487175: Resource leaks (RESOURCE_LEAK)
/sftp.cpp: 1517 in sftp_readdir(sftp_string *, void *)()


________________________________________________________________________________________________________
*** CID 487175: Resource leaks (RESOURCE_LEAK)
/sftp.cpp: 1517 in sftp_readdir(sftp_string *, void *)()
1511 }
1512 attr = get_dir_attrs(sbbs, dd->info.filebase.idx);
1513 if (attr == nullptr)
1514 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Attributes allocation failure");
1515 ename = expand_slash(sbbs->cfg.dir[dd->info.filebase.idx]->lname);
1516 if (ename == nullptr)

CID 487175: Resource leaks (RESOURCE_LEAK)
Variable "attr" going out of scope leaks the storage it points to.

1517 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "EName allocation failure");
1518 lname = get_longname(sbbs, ename, nullptr, attr);
1519 if (lname == nullptr) {
1520 free(ename);
1521 sftp_fattr_free(attr);
1522 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Longname allocation failure");

** CID 487174: Code maintainability issues (UNUSED_VALUE)
/main.cpp: 1993 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()


________________________________________________________________________________________________________
*** CID 487174: Code maintainability issues (UNUSED_VALUE)
/main.cpp: 1993 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
1987
1988 if (cid != sbbs->sftp_channel && cid != sbbs->session_channel) {
1989 lprintf(LOG_WARNING, "Node %d SSH WARNING: attempt to use channel '%s' (%d != %d or %d)"
1990 , sbbs->cfg.node_num, cname ? cname : "<unknown>", cid, sbbs->session_channel, sbbs->sftp_channel);
1991 if (cname) {
1992 free_crypt_attrstr(cname);

CID 487174: Code maintainability issues (UNUSED_VALUE)
Assigning value "NULL" to "cname" here, but that stored value is overwritten before it can be used.

1993 cname = nullptr;
1994 }
1995 if (ssname) {
1996 free_crypt_attrstr(ssname);
1997 ssname = nullptr;
1998 }

** CID 487173: Program hangs (LOCK)
/sftp.cpp: 987 in sftp_send(unsigned char *, unsigned long, void *)()


________________________________________________________________________________________________________
*** CID 487173: Program hangs (LOCK)
/sftp.cpp: 987 in sftp_send(unsigned char *, unsigned long, void *)()
981 if (sbbs->sftp_channel == -1)
982 return false;
983 while (sent < len) {
984 pthread_mutex_lock(&sbbs->ssh_mutex);
985 status = cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL, sbbs->sftp_channel);
986 if (cryptStatusError(status))

CID 487173: Program hangs (LOCK)
Returning without unlocking "sbbs->ssh_mutex".

987 return false;
988 size_t sendbytes = len - sent;
989 #define SENDBYTES_MAX 0x2000
990 if (sendbytes > SENDBYTES_MAX)
991 sendbytes = SENDBYTES_MAX;
992 status = cryptSetAttribute(sbbs->ssh_session, CRYPT_OPTION_NET_WRITETIMEOUT, 5);

** CID 487172: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
/sftp.cpp: 171 in path_map::path_map(sbbs_t *, const unsigned char *, map_path_mode)()


________________________________________________________________________________________________________
*** CID 487172: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
/sftp.cpp: 171 in path_map::path_map(sbbs_t *, const unsigned char *, map_path_mode)()
165 return;
166 }
167 this->is_static_ = false;
168 this->info.filebase.dir = -1;
169 this->info.filebase.lib = -1;
170 this->info.filebase.idx = dot;

CID 487172: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
The expression "this->sftp_path[6UL /* files_path_len */] == 0 || this->sftp_path[6UL /* files_path_len */] == 0" does not accomplish anything because it evaluates to either of its identical operands, "this->sftp_path[6UL /* files_path_len */] == 0".

171 if (this->sftp_path[files_path_len] == 0 || this->sftp_path[files_path_len] == 0) {
172 // Root...
173 result_ = MAP_TO_DIR;
174 return;
175 }
176 const char *lib = &this->sftp_path[files_path_len + 1];

** CID 487171: Insecure data handling (TAINTED_SCALAR) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_attr.c: 324 in sftp_getfattr()


________________________________________________________________________________________________________
*** CID 487171: Insecure data handling (TAINTED_SCALAR) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_attr.c: 324 in sftp_getfattr()
318 ret->atime = sftp_get32(pkt);
319 ret->mtime = sftp_get32(pkt);
320 }
321 if (ret->flags & SSH_FILEXFER_ATTR_EXTENDED) {
322 uint32_t extcnt = sftp_get32(pkt);
323 uint32_t ext;

CID 487171: Insecure data handling (TAINTED_SCALAR)
Using tainted variable "extcnt" as a loop boundary.

324 for (ext = 0; ext < extcnt; ext++) {
325 sftp_str_t type = sftp_getstring(pkt);
326 if (type == NULL)
327 break;
328 sftp_str_t data = sftp_getstring(pkt);
329 if (data == NULL) {

** CID 487170: Security best practices violations (TOCTOU)
/sftp.cpp: 1147 in sftp_open(sftp_string *, unsigned int, sftp_file_attributes *, void *)()


________________________________________________________________________________________________________
*** CID 487170: Security best practices violations (TOCTOU)
/sftp.cpp: 1147 in sftp_open(sftp_string *, unsigned int, sftp_file_attributes *, void *)()
1141 sbbs->sftp_filedes[fdidx]->dir = -1;
1142 else {
1143 sbbs->sftp_filedes[fdidx]->dir = pmap.info.filebase.dir;
1144 sbbs->sftp_filedes[fdidx]->idx_offset = pmap.info.filebase.offset;
1145 sbbs->sftp_filedes[fdidx]->idx_number = pmap.info.filebase.idx;
1146 }

CID 487170: Security best practices violations (TOCTOU)
Calling function "access" to perform check on "pmap.local_path".

1147 if (access(pmap.local_path, F_OK) != 0) {
1148 // File did not exist, and we're creating
1149 if (oflags & O_CREAT) {
1150 sbbs->sftp_filedes[fdidx]->created = true;
1151 }
1152 }

** CID 487169: Error handling issues (CHECKED_RETURN)
/sftp.cpp: 1044 in sftp_cleanup_callback(void *)()


________________________________________________________________________________________________________
*** CID 487169: Error handling issues (CHECKED_RETURN)
/sftp.cpp: 1044 in sftp_cleanup_callback(void *)()
1038
1039 for (unsigned i = 0; i < nfdes; i++) {
1040 if (sbbs->sftp_filedes[i] != nullptr) {
1041 close(sbbs->sftp_filedes[i]->fd);
1042 if (sbbs->sftp_filedes[i]->created && sbbs->sftp_filedes[i]->local_path) {
1043 // If we were uploading, delete the incomplete file

CID 487169: Error handling issues (CHECKED_RETURN)
Calling "remove(sbbs->sftp_filedes[i]->local_path)" without checking return value. This library function may fail and return an error code.

1044 remove(sbbs->sftp_filedes[i]->local_path);
1045 }
1046 free(sbbs->sftp_filedes[i]->local_path);
1047 free(sbbs->sftp_filedes[i]);
1048 sbbs->sftp_filedes[i] = nullptr;
1049 }

** CID 487168: (UNUSED_VALUE) /tmp/sbbs-Feb-28-2024/3rdp/src/cl/session/ssh2_msgsvr.c: 679 in processChannelRequest()
/tmp/sbbs-Feb-28-2024/3rdp/src/cl/session/ssh2_msgsvr.c: 691 in processChannelRequest()


________________________________________________________________________________________________________
*** CID 487168: (UNUSED_VALUE) /tmp/sbbs-Feb-28-2024/3rdp/src/cl/session/ssh2_msgsvr.c: 679 in processChannelRequest()
673 setChannelAttribute(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_WIDTH, status);
674 status = readUint32(stream);
675 if (status > 0)
676 setChannelAttribute(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT, status);
677 break;
678 case REQUEST_SHELL:

CID 487168: (UNUSED_VALUE)
Assigning value from "setChannelAttributeS(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_TYPE, "shell", 5)" to "status" here, but that stored value is overwritten before it can be used.

679 status = setChannelAttributeS( sessionInfoPtr, 680 CRYPT_SESSINFO_SSH_CHANNEL_TYPE,
681 "shell", 5 );
682 break;
683 case REQUEST_NOOP:
684 /* Generic requests containing extra information that we're not
/tmp/sbbs-Feb-28-2024/3rdp/src/cl/session/ssh2_msgsvr.c: 691 in processChannelRequest()
685 interested in */
686 break;
687
688 #ifdef USE_SSH_EXTENDED
689 case REQUEST_EXEC:
690 /* A further generic request that we're not interested in */

CID 487168: (UNUSED_VALUE)
Assigning value from "setChannelAttributeS(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_TYPE, "exec", 4)" to "status" here, but that stored value is overwritten before it can be used.

691 status = setChannelAttributeS( sessionInfoPtr, 692 CRYPT_SESSINFO_SSH_CHANNEL_TYPE,
693 "exec", 4 );
694 break;
695
696 case REQUEST_SUBSYSTEM:

** CID 487167: Program hangs (LOCK)
/main.cpp: 2048 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()


________________________________________________________________________________________________________
*** CID 487167: Program hangs (LOCK)
/main.cpp: 2048 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
2042 if (closed && sbbs->sftp_channel == -1 && sbbs->session_channel == -1)
2043 return CRYPT_ERROR_COMPLETE; 2044 }
2045 }
2046 if (ret == CRYPT_ENVELOPE_RESOURCE)
2047 return CRYPT_ERROR_TIMEOUT;

CID 487167: Program hangs (LOCK)
Returning without unlocking "sbbs->sftp_state->mtx".

2048 return ret;
2049 }
2050 return CRYPT_ERROR_TIMEOUT;
2051 }
2052
2053 void input_thread(void *arg)

** CID 487166: (CHECKED_RETURN)
/main.cpp: 2036 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)() /main.cpp: 2028 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()


________________________________________________________________________________________________________
*** CID 487166: (CHECKED_RETURN)
/main.cpp: 2036 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
2030 closed = true;
2031 }
2032 }
2033 if (sbbs->session_channel != -1) {
2034 if (!channel_open(sbbs, sbbs->session_channel)) {
2035 if (cryptStatusOK(cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL, sbbs->session_channel)))

CID 487166: (CHECKED_RETURN)
Calling "cryptSetAttribute" without checking return value (as is done elsewhere 50 out of 61 times).

2036 cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE, 0);
2037 sbbs->session_channel = -1;
2038 closed = true;
2039 }
2040 }
2041 // All channels are now closed. /main.cpp: 2028 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
2022 if (status != CRYPT_ERROR_NOTFOUND) 2023 sbbs->log_crypt_error_status_sock(status, "getting channel id");
2024 closing_channel = -1;
2025 if (sbbs->sftp_channel != -1) {
2026 if (!channel_open(sbbs, sbbs->sftp_channel)) {
2027 if (cryptStatusOK(cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL, sbbs->sftp_channel)))

CID 487166: (CHECKED_RETURN)
Calling "cryptSetAttribute" without checking return value (as is done elsewhere 50 out of 61 times).

2028 cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE, 0);
2029 sbbs->sftp_channel = -1;
2030 closed = true;
2031 }
2032 }
2033 if (sbbs->session_channel != -1) {

** CID 487165: (REVERSE_INULL)
/main.cpp: 1984 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)() /main.cpp: 1975 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()


________________________________________________________________________________________________________
*** CID 487165: (REVERSE_INULL)
/main.cpp: 1984 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
1978 if (!sftps_recv(sbbs->sftp_state, reinterpret_cast<uint8_t *>(inbuf), tgot))
1979 sbbs->sftp_end();
1980 }
1981 sbbs->sftp_channel = cid;
1982 }
1983 }

CID 487165: (REVERSE_INULL)
Null-checking "cname" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

1984 if (cname && sbbs->session_channel == -1 && strcmp(cname, "shell") == 0) {
1985 sbbs->session_channel = cid;
1986 }
1987
1988 if (cid != sbbs->sftp_channel && cid != sbbs->session_channel) {
1989 lprintf(LOG_WARNING, "Node %d SSH WARNING: attempt to use channel '%s' (%d != %d or %d)"
/main.cpp: 1975 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
1969 return status;
1970 }
1971 cname = get_crypt_attribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_TYPE);
1972 if (strcmp(cname, "subsystem") == 0) {
1973 ssname = get_crypt_attribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_ARG1);
1974 }

CID 487165: (REVERSE_INULL)
Null-checking "cname" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

1975 if (((startup->options & (BBS_OPT_ALLOW_SFTP | BBS_OPT_SSH_ANYAUTH)) == BBS_OPT_ALLOW_SFTP) && ssname && cname && sbbs->sftp_channel == -1 && strcmp(ssname, "sftp") == 0) {
1976 if (sbbs->init_sftp(cid)) {
1977 if (tgot > 0) { 1978 if (!sftps_recv(sbbs->sftp_state, reinterpret_cast<uint8_t *>(inbuf), tgot))
1979 sbbs->sftp_end();
1980 }

** CID 487164: Resource leaks (RESOURCE_LEAK)
/sftp.cpp: 1424 in sftp_readdir(sftp_string *, void *)()


________________________________________________________________________________________________________
*** CID 487164: Resource leaks (RESOURCE_LEAK)
/sftp.cpp: 1424 in sftp_readdir(sftp_string *, void *)()
1418 continue;
1419 }
1420 sprintf(tmppath, static_files[dd->info.rootdir.idx].sftp_patt, sbbs->useron.alias);
1421 remove_trailing_slash(tmppath);
1422 attr = get_attrs(sbbs, tmppath, &link);
1423 if (attr == nullptr)

CID 487164: Resource leaks (RESOURCE_LEAK)
Variable "link" going out of scope leaks the storage it points to.

1424 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Attributes allocation failure");
1425 lname = get_longname(sbbs, tmppath, link, attr);
1426 if (lname == nullptr) {
1427 sftp_fattr_free(attr);
1428 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Longname allocation failure");
1429 }

** CID 487163: Program hangs (LOCK) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 373 in sftps_recv()


________________________________________________________________________________________________________
*** CID 487163: Program hangs (LOCK) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 373 in sftps_recv()
367 if (!sftp_rx_pkt_append(&state->rxp, buf, sz))
368 return exit_function(state, false);
369 if (sftp_have_pkt_sz(state->rxp)) {
370 uint32_t psz = sftp_pkt_sz(state->rxp);
371 if (psz > SFTP_MAX_PACKET_SIZE) {
372 state->lprintf(state->cb_data, "Packet too large (%" PRIu32 " bytes)", psz);

CID 487163: Program hangs (LOCK)
Returning without unlocking "state->mtx".

373 return false;
374 }
375 }
376 while (sftp_have_full_pkt(state->rxp)) {
377 bool handled = false;
378

** CID 487162: Control flow issues (DEADCODE)
/sftp.cpp: 871 in get_attrs(sbbs_t *, const char *, char **)()


________________________________________________________________________________________________________
*** CID 487162: Control flow issues (DEADCODE)
/sftp.cpp: 871 in get_attrs(sbbs_t *, const char *, char **)()
865 else
866 ppath[0] = 0;
867 ret = pm->get_attrs(sbbs, ppath);
868 if (link && pm->link_patt) {
869 asprintf(link, pm->link_patt, sbbs->useron.alias);
870 if (link == nullptr) {

CID 487162: Control flow issues (DEADCODE)
Execution cannot reach this statement: "sftp_fattr_free(ret);".

871 sftp_fattr_free(ret);
872 ret = nullptr;
873 }
874 }
875 return ret;
876 }

** CID 487161: (Y2K38_SAFETY)
/sftp.cpp: 448 in sshkeys_attrs(sbbs_t *, const char *)()
/sftp.cpp: 448 in sshkeys_attrs(sbbs_t *, const char *)()


________________________________________________________________________________________________________
*** CID 487161: (Y2K38_SAFETY)
/sftp.cpp: 448 in sshkeys_attrs(sbbs_t *, const char *)()
442 if (attr == nullptr)
443 return nullptr;
444 sftp_fattr_set_permissions(attr, S_IFLNK | S_IRWXU | S_IRUSR | S_IWUSR);
445 sftp_fattr_set_uid_gid(attr, sbbs->useron.number, users_gid); 446 sftp_fattr_set_size(attr, flength(path));
447 time_t fd = fdate(path);

CID 487161: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".

448 sftp_fattr_set_times(attr, fd, fd);
449 return attr;
450 }
451
452 void
453 remove_trailing_slash(char *str)
/sftp.cpp: 448 in sshkeys_attrs(sbbs_t *, const char *)()
442 if (attr == nullptr)
443 return nullptr;
444 sftp_fattr_set_permissions(attr, S_IFLNK | S_IRWXU | S_IRUSR | S_IWUSR);
445 sftp_fattr_set_uid_gid(attr, sbbs->useron.number, users_gid); 446 sftp_fattr_set_size(attr, flength(path));
447 time_t fd = fdate(path);

CID 487161: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".

448 sftp_fattr_set_times(attr, fd, fd);
449 return attr;
450 }
451
452 void
453 remove_trailing_slash(char *str)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D4ieG_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZz6Lg2xx1dh6E9z4lSXKW4n9yiZaua5LbXznpVF4MIwbp178psQJ2n-2Fpok7ErzI9IlNJTrPj-2F83NUNTOEjSUjSMYrpz0XVq0IKvzP47fjT8ZUoPS4k4FQsPlqiTS940mDZqL8H0V26aTBOs1jlgpdGUT2g7d1Ei-2FiSNIWvXxdCeA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 487600: Error handling issues (CHECKED_RETURN)
/sftp.cpp: 1625 in sftp_readdir(sftp_string *, void *)()


________________________________________________________________________________________________________
*** CID 487600: Error handling issues (CHECKED_RETURN)
/sftp.cpp: 1625 in sftp_readdir(sftp_string *, void *)()
1619 free(link);
1620 if (lname == nullptr) {
1621 sftp_fattr_free(attr);
1622 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Longname allocation failure");
1623 }
1624 vpath = getfname(tmppath);

CID 487600: Error handling issues (CHECKED_RETURN)
Calling "add_name" without checking return value (as is done elsewhere 4 out of 5 times).

1625 fn.add_name(strdup(vpath), lname, attr);
1626 }
1627 }
1628 else {
1629 if (dd->info.filebase.lib == -1) {
1630 // /files/ (ie: list of libs)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D_Mv9_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZAvea4qFQBhPrjKB4cHy2kAbmKz1-2F0ttbXdmTqhC-2BEq7-2Bvgywi6EN0yh9ZWlpucVXNfv4OAgSDch06A-2FyZfKQuykxNA3ygHnLLNJZ-2FPbpNGcgiztSzdmC0nW0gtMv3miUCmrLhEqR-2FOP8z9BsqWg6i-2B8KyEK4CuE0E7PMo9TUvnw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 487672: Null pointer dereferences (NULL_RETURNS) /tmp/sbbs-Mar-03-2024/src/xpdev/datewrap.c: 36 in checktime()


________________________________________________________________________________________________________
*** CID 487672: Null pointer dereferences (NULL_RETURNS) /tmp/sbbs-Mar-03-2024/src/xpdev/datewrap.c: 36 in checktime()
30 struct tm gmt;
31 struct tm tm;
32
33 memset(&tm,0,sizeof(tm));
34 tm.tm_year=94;
35 tm.tm_mday=1;

CID 487672: Null pointer dereferences (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "gmtime_r(&t, &gmt)" when calling "mktime".

36 return mktime(&tm) - mktime(gmtime_r(&t,&gmt));
37 }
38
39 /* Compensates for struct tm "weirdness" */
40 time_t sane_mktime(struct tm* tm)
41 {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D-9vV_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbdS62iBETJxCjfqof1M6S95WSy-2FViK1FGVTyAQx6ozqlGvN9awUs6gtEF2eXLxZfTJjLLUyT0fwRFvEc99-2BOQhjAl2O2TUGD1ycgVDsPOsObe7L7LzV-2FFPKXyVz9z9YuZdACZlhk3hv8V4jfGont8ig4eUY-2FGqtqgGqZWYwmWkLQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 488122: Concurrent data access violations (MISSING_LOCK)
/websrvr.c: 6243 in respond()


________________________________________________________________________________________________________
*** CID 488122: Concurrent data access violations (MISSING_LOCK)
/websrvr.c: 6243 in respond()
6237 ,session->socket, session->client.protocol, session->client.addr, session->req.physical_path
6238 ,session->req.range_start,session->req.range_end, content_length);
6239 else
6240 lprintf(LOG_INFO,"%04d %s [%s] Sending file: %s (%"PRIdOFF" bytes)"
6241 ,session->socket, session->client.protocol, session->client.addr, session->req.physical_path, content_length);
6242 snt=sock_sendfile(session,session->req.physical_path,session->req.range_start,session->req.range_end);

CID 488122: Concurrent data access violations (MISSING_LOCK)
Accessing "session->send_failed" without holding lock "http_session_t.outbuf_write". Elsewhere, "http_session_t.send_failed" is written to with "http_session_t.outbuf_write" held 1 out of 1 times.

6243 if(!session->send_failed) {
6244 if(session->req.ld!=NULL) {
6245 if(snt<0)
6246 snt=0;
6247 session->req.ld->size=snt;
6248 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DmHtV_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbYwk4stqvOulAQyfb9Qz7UqXa-2FyYiLNtJQLdPQNB0BbrubVIHVqt8wbwLmHsBUJon6PC9sbncKQ-2BAxsdRHbzS8LHKyt8nQ5XXM7E400tls6CE8QTOmeO-2BbTPMyH95TYfYCuXcmmWIuH-2F2U7WSDFD5czc7Rvy8hX-2BZbhm7O5DgwmQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

5 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 488309: Memory - illegal accesses (STRING_NULL)


________________________________________________________________________________________________________
*** CID 488309: Memory - illegal accesses (STRING_NULL)
/str.cpp: 344 in sbbs_t::sif(char *, char *, int)()
338 m+=2;
339 for(l=m;l<length;l++)
340 if(buf[l]=='"') {
341 buf[l]=0;
342 break;
343 }

CID 488309: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "(char *)buf + m" to "getkeys", which expects a null-terminated string.

344 answers[a++]=(char)getkeys((char *)buf+m,0);
345 }
346 else {
347 answers[a]=getkey(mode);
348 outchar(answers[a++]);
349 attr(LIGHTGRAY);

** CID 488308: (STRING_NULL)


________________________________________________________________________________________________________
*** CID 488308: (STRING_NULL)
/sbbsecho.c: 3666 in getzpt()
3660 faddr=atofaddr(buf+i+6);
3661 hdr->destzone=faddr.zone;
3662 hdr->destnet=faddr.net;
3663 hdr->destnode=faddr.node;
3664 i+=6;
3665 while(buf[i] && buf[i]!=' ') i++;

CID 488308: (STRING_NULL)
Passing unterminated string "buf + i + 1" to "atofaddr", which expects a null-terminated string.

3666 faddr=atofaddr(buf+i+1);
3667 hdr->origzone=faddr.zone;
3668 hdr->orignet=faddr.net;
3669 hdr->orignode=faddr.node;
3670 intl_found = true;
3671 }
/sbbsecho.c: 3660 in getzpt()
3654 if((!i || cr) && buf[i]==CTRL_A) { /* kludge */ 3655 if(!strncmp(buf+i+1,"TOPT ",5))
3656 hdr->destpoint=atoi(buf+i+6);
3657 else if(!strncmp(buf+i+1,"FMPT ",5))
3658 hdr->origpoint=atoi(buf+i+6);
3659 else if(!strncmp(buf+i+1,"INTL ",5)) {

CID 488308: (STRING_NULL)
Passing unterminated string "buf + i + 6" to "atofaddr", which expects a null-terminated string.

3660 faddr=atofaddr(buf+i+6);
3661 hdr->destzone=faddr.zone;
3662 hdr->destnet=faddr.net;
3663 hdr->destnode=faddr.node;
3664 i+=6;
3665 while(buf[i] && buf[i]!=' ') i++;

** CID 488307: Memory - illegal accesses (STRING_NULL)


________________________________________________________________________________________________________
*** CID 488307: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Mar-23-2024/src/smblib/smblib.c: 1085 in smb_getmsghdr()
1079 !=(size_t)msg->hfield[i].length) {
1080 safe_snprintf(smb->last_error,sizeof(smb->last_error)
1081 ,"%s reading header (#%d) field data (%d bytes)", __FUNCTION__, (int)i, (int)msg->hfield[i].length);
1082 smb_freemsgmem(msg);
1083 return(SMB_ERR_READ);
1084 }

CID 488307: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "msg->hfield_dat[i]" to "set_convenience_ptr", which expects a null-terminated string.

1085 set_convenience_ptr(msg,msg->hfield[i].type,msg->hfield[i].length,msg->hfield_dat[i]);
1086
1087 l+=msg->hfield[i].length;
1088 }
1089
1090 /* These convenience pointers must point to something */

** CID 488306: (STRING_NULL)
/sauce.c: 60 in sauce_fread_charinfo()
/sauce.c: 62 in sauce_fread_charinfo()
/sauce.c: 59 in sauce_fread_charinfo()
/sauce.c: 61 in sauce_fread_charinfo()


________________________________________________________________________________________________________
*** CID 488306: (STRING_NULL)
/sauce.c: 60 in sauce_fread_charinfo()
54
55 if(type != NULL)
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));
59 SAFECOPY(info->title, record.title); truncsp(info->title);

CID 488306: (STRING_NULL)
Passing unterminated string "record.author" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

60 SAFECOPY(info->author, record.author); truncsp(info->author); 61 SAFECOPY(info->group, record.group); truncsp(info->group);
62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
65 switch(record.filetype) {
/sauce.c: 62 in sauce_fread_charinfo()
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));
59 SAFECOPY(info->title, record.title); truncsp(info->title);
60 SAFECOPY(info->author, record.author); truncsp(info->author); 61 SAFECOPY(info->group, record.group); truncsp(info->group);

CID 488306: (STRING_NULL)
Passing unterminated string "record.date" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
65 switch(record.filetype) {
66 case sauce_char_filetype_ascii:
67 case sauce_char_filetype_ansi:
/sauce.c: 59 in sauce_fread_charinfo()
53 return false;
54
55 if(type != NULL)
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));

CID 488306: (STRING_NULL)
Passing unterminated string "record.title" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

59 SAFECOPY(info->title, record.title); truncsp(info->title);
60 SAFECOPY(info->author, record.author); truncsp(info->author); 61 SAFECOPY(info->group, record.group); truncsp(info->group);
62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
/sauce.c: 61 in sauce_fread_charinfo()
55 if(type != NULL)
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));
59 SAFECOPY(info->title, record.title); truncsp(info->title);
60 SAFECOPY(info->author, record.author); truncsp(info->author); >>> CID 488306: (STRING_NULL)

Passing unterminated string "record.group" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

61 SAFECOPY(info->group, record.group); truncsp(info->group);
62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
65 switch(record.filetype) {
66 case sauce_char_filetype_ascii:

** CID 488305: Memory - corruptions (STRING_OVERFLOW)
/uedit/uedit.c: 1908 in main()


________________________________________________________________________________________________________
*** CID 488305: Memory - corruptions (STRING_OVERFLOW)
/uedit/uedit.c: 1908 in main()
1902
1903 sbbs_get_ini_fname(ini_file, ctrl_dir);
1904
1905 /* Initialize BBS startup structure */
1906 memset(&bbs_startup,0,sizeof(bbs_startup));
1907 bbs_startup.size=sizeof(bbs_startup);

CID 488305: Memory - corruptions (STRING_OVERFLOW)
You might overrun the 1024-character destination string "bbs_startup.ctrl_dir" by writing 4097 characters from "ctrl_dir".

1908 strcpy(bbs_startup.ctrl_dir,ctrl_dir);
1909
1910 /* Read .ini file here */
1911 if(ini_file[0]!=0 && (fp=fopen(ini_file,"r"))!=NULL) {
1912 printf("Reading %s\n",ini_file);
1913 /* We call this function to set defaults, even if there's no .ini file */


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DTnRX_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQaEw-2F35bzGVOVw-2BfAgK10nKBe2EaCuOVThBtA4zmIf-2FH6jtPrg8CF4KIxfGxqbWYZGzK5dEjEeJjcG-2FZFDV9g6z-2BKMwuy3tSgd6XVj6QkX-2FbE7goOVxulE2g8b9eGhrdwq7nNngW7QJqRO3KLACCgsN-2Bn56lb9VdBetusZbl3sfvQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 492209: High impact quality (Y2K38_SAFETY)
/js_system.c: 2698 in js_system_resolve()


________________________________________________________________________________________________________
*** CID 492209: High impact quality (Y2K38_SAFETY)
/js_system.c: 2698 in js_system_resolve()
2692 LAZY_INTEGER("version_hex", VERSION_HEX);
2693
2694 /* Git repo details */
2695 LAZY_STRING("git_branch", git_branch);
2696 LAZY_STRING("git_hash", git_hash);
2697 LAZY_STRING("git_date", git_date);

CID 492209: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "git_time" is cast to "uint32".

2698 LAZY_INTEGER("git_time", git_time);
2699
2700 LAZY_STRING("platform", PLATFORM_DESC);
2701 LAZY_STRING("architecture", ARCHITECTURE_DESC);
2702 LAZY_STRFUNC("msgbase_lib", sprintf(str,"SMBLIB %s",smb_lib_ver()), str);
2703 LAZY_STRFUNC("compiled_with", DESCRIBE_COMPILER(str), str);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DSh4N_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQaN8mnibgm8pDR-2F-2Bbe3f8EPEDiLDxICRbQfwsS-2Fj8I1S6oBPCdVVfNCUqkg9CbPMpOrc11Ju1i-2FZKGsMzQGZ93UZziuSMITFnGZKSuUqmlzwhD3piRfCu-2FFg3Xzyb2Yn1CDiKvT9pNBRM-2BVi7M2skqdIOXzqcGfoVNCwcEXj-2BCEWA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 492287: Error handling issues (CHECKED_RETURN)
/main.cpp: 4472 in node_thread(void *)()


________________________________________________________________________________________________________
*** CID 492287: Error handling issues (CHECKED_RETURN)
/main.cpp: 4472 in node_thread(void *)()
4466 }
4467 SAFEPRINTF2(str,"%s%s.bin",sbbs->cfg.mods_dir
4468 ,sbbs->cfg.shell[sbbs->useron.shell]->code);
4469 if(sbbs->cfg.mods_dir[0]==0 || !fexistcase(str)) {
4470 SAFEPRINTF2(str,"%s%s.bin",sbbs->cfg.exec_dir
4471 ,sbbs->cfg.shell[sbbs->useron.shell]->code);

CID 492287: Error handling issues (CHECKED_RETURN)
Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 131 times).

4472 fexistcase(str);
4473 }
4474 if((file=sbbs->nopen(str,O_RDONLY))==-1) {
4475 sbbs->errormsg(WHERE,ERR_OPEN,str,O_RDONLY);
4476 sbbs->hangup();
4477 break;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DHvP9_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQagYisv-2BW69zRWxBhimCtdag5Y-2FmNQU-2F9a-2BQz99muYyDMQHaJ9IAAUHt0J4m9PdQ-2FM2LeT5-2B1UNdpeKXpgNOTn265LNUeBHOZI40IJ3EqY58uotyMvBntmOFa6NssYuPj9pyF9jsG3Ot15K77yZ8uUVZ5aWBxVVnDKUwxo1ITxjHQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 493283: Incorrect expression (NO_EFFECT)
/mqtt.c: 811 in mqtt_user_login_fail()


________________________________________________________________________________________________________
*** CID 493283: Incorrect expression (NO_EFFECT)
/mqtt.c: 811 in mqtt_user_login_fail()
805 if(mqtt == NULL || mqtt->cfg == NULL || client == NULL)
806 return MQTT_FAILURE;
807
808 if(!mqtt->cfg->mqtt.enabled)
809 return MQTT_SUCCESS;
810

CID 493283: Incorrect expression (NO_EFFECT)
Comparing an array to null is not useful: "client->protocol == NULL", since the test will always evaluate as true.

811 if(client->protocol == NULL || username == NULL)
812 return MQTT_FAILURE;
813 snprintf(topic, sizeof(topic), "login_fail/%s", client->protocol);
814 strlwr(topic);
815 snprintf(str, sizeof(str), "%s\t%s\t%s"
816 ,username


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DzAgs_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQadI1-2FAsWIvGn-2BZ2YIPvmhLCu-2B1HFus-2FViv7odM0blgwJlSMhW5FP3Xkis4Ci7djMxV4S-2FpyGhgUj8KAvsWeecIJ1ln5YucvZvzvyf4HPVrDO8-2FLvieqY0sywMQ-2FhJEqN8WVo9AKRxOHtw7NsNWjr9Is7xQTg-2BmQd-2BBa6Z-2BXsMiSw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 497098: Resource leaks (RESOURCE_LEAK)
/js_filebase.c: 325 in parse_file_name()


________________________________________________________________________________________________________
*** CID 497098: Resource leaks (RESOURCE_LEAK)
/js_filebase.c: 325 in parse_file_name()
319 if(JS_GetProperty(cx, obj, prop_name, &val) && !JSVAL_NULL_OR_VOID(val)) {
320 JSVALUE_TO_MSTRING(cx, val, cp, NULL);
321 if(cp == NULL) {
322 JS_ReportError(cx, "Invalid '%s' string in file object", prop_name);
323 return NULL;
324 }

CID 497098: Resource leaks (RESOURCE_LEAK)
Variable "cp" going out of scope leaks the storage it points to.

325 return strdup(cp);
326 }
327 JS_ReportError(cx, "Missing '%s' string in file object", prop_name);
328 return NULL;
329 }
330


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DxkhG_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZZtSzYzfvQoBQM1WsYtjQc02R5bvuGDasDe1R1GX8VoPvtGi-2FoTZcq6T7jcTA9OlabmiybEJFFTwaaEcFcr7cqoyBFT0Xw3AZ-2Fgf8Xxa1nSM-2FLrkQMPM2ixtLH2vUsu17Tu25sW91h9WUpwNyEySd-2F9Tw4l4H0tRZM-2Bze1SwHZwg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 508260: Null pointer dereferences (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 508260: Null pointer dereferences (FORWARD_NULL)
/js_msgbase.c: 950 in parse_header_object()
944 msg->hdr.priority=i32;
945 }
946
947 if(JS_GetProperty(cx, hdr, "field_list", &val) && JSVAL_IS_OBJECT(val)) {
948 array=JSVAL_TO_OBJECT(val);
949 len=0;

CID 508260: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "array" to "JS_GetArrayLength", which dereferences it.

950 if(array == NULL && !JS_GetArrayLength(cx, array, &len)) {
951 JS_ReportError(cx, "Invalid \"field_list\" array in header object");
952 goto err;
953 }
954
955 for(i=0;i<len;i++) {

** CID 508259: Control flow issues (DEADCODE)
/js_internal.c: 491 in js_execfile()


________________________________________________________________________________________________________
*** CID 508259: Control flow issues (DEADCODE)
/js_internal.c: 491 in js_execfile()
485 else {
486 JS_ReportError(cx, "Unable to get parent js."JAVASCRIPT_LOAD_PATH_LIST" array.");
487 return JS_FALSE;
488 }
489 }
490 else {

CID 508259: Control flow issues (DEADCODE)
Execution cannot reach this statement: "JS_ReportError(cx, "Unable ...".

491 JS_ReportError(cx, "Unable to get parent js object"); 492 return JS_FALSE;
493 }
494
495 js_script=JS_CompileFile(cx, js_scope, path);
496


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D20ER_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZSUgE3dQnVG6wGylJBHlsQHMU-2FeSvlPG-2BveassRKfh2KZ3KQqZYMDLXz99-2FrWMwJQ1T1J2N-2BE4YP3SycyU5tkbW6rwM2zqlUIvWZrfgy3l7iQ0Im12Z6xa2F5EX6ZCGf29mh7eZnuIJTmQCiel8IOekKUKQgh0LXaZSb3gnPQHBw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

6 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 508288: (STRING_NULL)
/telgate.cpp: 387 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char **, char *, char *, char *)()
/telgate.cpp: 387 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char **, char *, char *, char *)()


________________________________________________________________________________________________________
*** CID 508288: (STRING_NULL)
/telgate.cpp: 387 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char **, char *, char *, char *)()
381 l=K_CHAT;
382 if(!(mode&TG_ECHO))
383 l|=K_NOECHO;
384 rd=getstr((char*)buf,sizeof(buf)-1,l);
385 if(!rd)
386 continue;

CID 508288: (STRING_NULL)
Passing unterminated string "buf" to "strlen", which expects a null-terminated string.

387 SAFECAT(buf,crlf);
388 rd+=2;
389 gotline=true;
390 }
391 if((mode&TG_CRLF) && buf[rd-1]=='\r') 392 buf[rd++]='\n';
/telgate.cpp: 387 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char **, char *, char *, char *)()
381 l=K_CHAT;
382 if(!(mode&TG_ECHO))
383 l|=K_NOECHO;
384 rd=getstr((char*)buf,sizeof(buf)-1,l);
385 if(!rd)
386 continue;

CID 508288: (STRING_NULL)
Passing unterminated string "buf" to "strlen", which expects a null-terminated string.

387 SAFECAT(buf,crlf);
388 rd+=2;
389 gotline=true;
390 }
391 if((mode&TG_CRLF) && buf[rd-1]=='\r') 392 buf[rd++]='\n';

** CID 508287: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 508287: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()
3121 size_t tmplen = 0;
3122 for(jsuint i = 0; i < count; ++i) { 3123 jsval val;
3124 if(!JS_GetElement(cx, array, i, &val))
3125 break;
3126 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508287: Resource leaks (RESOURCE_LEAK)
Variable "server_user_name" going out of scope leaks the storage it points to.

3127 HANDLE_PENDING(cx, tmp);
3128 strListPush(&send_strings, tmp);
3129 }
3130 free(tmp);
3131 }
3132 }

** CID 508286: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 508286: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()
3121 size_t tmplen = 0;
3122 for(jsuint i = 0; i < count; ++i) { 3123 jsval val;
3124 if(!JS_GetElement(cx, array, i, &val))
3125 break;
3126 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508286: Resource leaks (RESOURCE_LEAK)
Variable "addr" going out of scope leaks the storage it points to.

3127 HANDLE_PENDING(cx, tmp);
3128 strListPush(&send_strings, tmp);
3129 }
3130 free(tmp);
3131 }
3132 }

** CID 508285: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 508285: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()
3121 size_t tmplen = 0;
3122 for(jsuint i = 0; i < count; ++i) { 3123 jsval val;
3124 if(!JS_GetElement(cx, array, i, &val))
3125 break;
3126 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508285: Resource leaks (RESOURCE_LEAK)
Variable "term_type" going out of scope leaks the storage it points to. 3127 HANDLE_PENDING(cx, tmp);

3128 strListPush(&send_strings, tmp);
3129 }
3130 free(tmp);
3131 }
3132 }

** CID 508284: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3041 in js_telnet_gate(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 508284: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3041 in js_telnet_gate(JSContext *, unsigned int, unsigned long *)()
3035 size_t tmplen = 0;
3036 for(jsuint i = 0; i < count; ++i) {
3037 jsval val;
3038 if(!JS_GetElement(cx, array, i, &val)) 3039 break;
3040 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508284: Resource leaks (RESOURCE_LEAK)
Variable "addr" going out of scope leaks the storage it points to.

3041 HANDLE_PENDING(cx, tmp);
3042 strListPush(&send_strings, tmp);
3043 }
3044 free(tmp);
3045 ++argn;
3046 }

** CID 508283: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 508283: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()
3121 size_t tmplen = 0;
3122 for(jsuint i = 0; i < count; ++i) { 3123 jsval val;
3124 if(!JS_GetElement(cx, array, i, &val))
3125 break;
3126 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508283: Resource leaks (RESOURCE_LEAK)
Variable "client_user_name" going out of scope leaks the storage it points to.

3127 HANDLE_PENDING(cx, tmp);
3128 strListPush(&send_strings, tmp);
3129 }
3130 free(tmp);
3131 }
3132 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3Dbu0M_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZNG0uf3i6p71oTc15oH-2BfpO28bQfsz9QVBH3Gtyw7JI9gEMaDnmdnDolPrFN6u9WaZmPVFWjRjCPjNCgu0p853ViRUnY3jw7qF-2FmF-2FRD-2BDN3Me1aa8H00Bk6GPSZ1Hw1-2FmiCWeADspXOcpcxao-2F3gS8JgnOAEga0TIePnt023yjQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

5 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 509555: Null pointer dereferences (FORWARD_NULL)
/js_filebase.c: 1307 in js_update_file()


________________________________________________________________________________________________________
*** CID 509555: Null pointer dereferences (FORWARD_NULL)
/js_filebase.c: 1307 in js_update_file()
1301 char* extdesc = NULL;
1302 char* auxdata = NULL;
1303 rc=JS_SUSPENDREQUEST(cx);
1304 if(filename != NULL && fileobj != NULL
1305 && (p->smb_result = smb_loadfile(&p->smb, filename, &file, file_detail_extdesc)) == SMB_SUCCESS) {
1306 p->smb_result = parse_file_properties(cx, fileobj, &file, &extdesc, &auxdata);

CID 509555: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "file.name" to "strcmp", which dereferences it. 1307 if(p->smb_result == SMB_SUCCESS

1308 && strcmp(filename, file.name) != 0 && smb_findfile(&p->smb, file.name, NULL) == SMB_SUCCESS) {
1309 JS_ReportError(cx, "file (%s) already exists in base", file.name);
1310 p->smb_result = SMB_DUPE_MSG;
1311 }
1312 if(p->smb_result == SMB_SUCCESS

** CID 509554: Memory - illegal accesses (STRING_NULL)
/smbutil.c: 633 in dumpindex()


________________________________________________________________________________________________________
*** CID 509554: Memory - illegal accesses (STRING_NULL)
/smbutil.c: 633 in dumpindex()
627 ,xpDate_to_isoDateStr(time_to_xpDate(idx.time), "-", tmp, sizeof(tmp)));
628 if(smb_msg_type(idx.attr) == SMB_MSG_TYPE_FILE && idxreclen == sizeof(fileidxrec_t)) {
629 fileidxrec_t fidx;
630 fseek(smb.sid_fp,((start-1L) + l) * idxreclen,SEEK_SET);
631 if(!fread(&fidx,sizeof(fidx),1,smb.sid_fp))
632 break;

CID 509554: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "fidx.name" to "printf", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

633 printf(" %02X %.*s", fidx.hash.flags, (int)sizeof(fidx.name), fidx.name);
634 }
635 printf("\n");
636 l++;
637 }
638 }

** CID 509553: Control flow issues (NESTING_INDENT_MISMATCH)
/js_filebase.c: 1335 in js_update_file()


________________________________________________________________________________________________________
*** CID 509553: Control flow issues (NESTING_INDENT_MISMATCH)
/js_filebase.c: 1335 in js_update_file()
1329 } else {
1330 if(file.extdesc != NULL)
1331 truncsp(file.extdesc);
1332 if(!readd_always && strcmp(extdesc ? extdesc : "", file.extdesc ? file.extdesc : "") == 0
1333 && strcmp(auxdata ? auxdata : "", file.auxdata ? file.auxdata : "") == 0)
1334 p->smb_result = smb_putfile(&p->smb, &file);

CID 509553: Control flow issues (NESTING_INDENT_MISMATCH)
This 'if' statement is indented to column 41, as if it were nested within the preceding parent statement, but it is not.

1335 if(p->smb_result != SMB_SUCCESS)
1336 JS_ReportError(cx, "%d writing '%s'", p->smb_result, file.name);
1337 else {
1338 if((p->smb_result = smb_removefile_by_name(&p->smb, filename)) == SMB_SUCCESS) {
1339 if(readd_always)
1340 file.hdr.when_imported.time = 0; // we want the file to appear as "new"

** CID 509552: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 244 in smb_findfile()


________________________________________________________________________________________________________
*** CID 509552: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 244 in smb_findfile()
238 if(smb_fread(smb, &fidx, sizeof(fidx), smb->sid_fp) != sizeof(fidx))
239 break;
240
241 f->idx_offset = offset++;
242
243 if(filename != NULL) {

CID 509552: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "fidx.name" to "strcasecmp", which expects a null-terminated string.

244 if(stricmp(fidx.name, fname) != 0)
245 continue;
246 f->file_idx = fidx;
247 return SMB_SUCCESS;
248 }
249

** CID 509551: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 441 in smb_removefile()


________________________________________________________________________________________________________
*** CID 509551: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 441 in smb_removefile()
435 free(fidx);
436 smb_unlocksmbhdr(smb);
437 return SMB_ERR_READ;
438 }
439 rewind(smb->sid_fp);
440 for(uint32_t i = 0; i < smb->status.total_files; i++) { >>> CID 509551: Memory - illegal accesses (STRING_NULL)

Passing unterminated string "fidx[i].name" to "strcasecmp", which expects a null-terminated string.

441 if(stricmp(fidx[i].name, fname) == 0) {
442 removed++;
443 continue;
444 }
445 if(fwrite(fidx + i, sizeof(*fidx), 1, smb->sid_fp) != 1) {
446 safe_snprintf(smb->last_error, sizeof(smb->last_error), "%s re-writing index"


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DpoPN_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZXJOgCi8IFr2wp43pRrORx9tzLYjX2Y-2FSYnzacVgdrC5ToyfEd02kRU0czfft4zgHvFTf4l2icBGvZtBDP8972Z-2BLrNSb7QqVDHjYiK23CNzZR9MLbzXh1WOITpsswqNS5z337vFuU-2BJOMvO3veuWFvtJ3Xwk9mN-2FsudyolEK5nw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
17 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 509721: Resource leaks (RESOURCE_LEAK)
/scfg/scfgmsg.c: 139 in import_msg_areas()


________________________________________________________________________________________________________
*** CID 509721: Resource leaks (RESOURCE_LEAK)
/scfg/scfgmsg.c: 139 in import_msg_areas()
133 new_sub_misc = SUB_FIDO;
134 ini = iniReadFile(stream);
135 if(ini == NULL)
136 return 0;
137 list = iniGetSectionList(ini, /* prefix: */NULL);
138 if(list == NULL)

CID 509721: Resource leaks (RESOURCE_LEAK)
Variable "ini" going out of scope leaks the storage it points to.

139 return 0;
140 break;
141 default: // EchoLists (e.g. BACKBONE.NA, badareas.lst) and AREAS.BBS
142 new_sub_misc = SUB_FIDO;
143 break;
144 }

** CID 509720: (RESOURCE_LEAK)
/logon.cpp: 670 in sbbs_t::logonstats()()
/logon.cpp: 676 in sbbs_t::logonstats()()
/logon.cpp: 649 in sbbs_t::logonstats()()
/logon.cpp: 673 in sbbs_t::logonstats()()
/logon.cpp: 682 in sbbs_t::logonstats()()


________________________________________________________________________________________________________
*** CID 509720: (RESOURCE_LEAK)
/logon.cpp: 670 in sbbs_t::logonstats()()
664 }
665 fclose_dstats(dsts);
666 }
667 }
668
669 if(cfg.node_num==0) /* called from event_thread() */

CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.

670 return(0);
671
672 if(thisnode.status==NODE_QUIET) /* Quiet users aren't counted */
673 return(0);
674
675 if(REALSYSOP && !(cfg.sys_misc&SM_SYSSTAT))
/logon.cpp: 676 in sbbs_t::logonstats()()
670 return(0);
671
672 if(thisnode.status==NODE_QUIET) /* Quiet users aren't counted */
673 return(0);
674
675 if(REALSYSOP && !(cfg.sys_misc&SM_SYSSTAT))

CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.

676 return(0);
677
678 for(i=0;i<2;i++) {
679 FILE* fp = fopen_dstats(&cfg, i ? 0 : cfg.node_num, /* for_write: */TRUE);
680 if(fp == NULL) {
681 errormsg(WHERE, ERR_OPEN, "dsts.ini", i); /logon.cpp: 649 in sbbs_t::logonstats()()
643 node.misc|=NODE_EVENT;
644 putnodedat(i,&node);
645 }
646 if((dsts = fopen_dstats(&cfg, i, /* for_write: */TRUE)) == NULL) /* doesn't have stats yet */
647 continue;
648

CID 509720: (RESOURCE_LEAK)
Overwriting "csts" in "csts = fopen_cstats(&this->cfg, i, true)" leaks the storage that "csts" points to.

649 if((csts = fopen_cstats(&cfg, i, /* for_write: */TRUE)) == NULL) {
650 fclose_dstats(dsts);
651 errormsg(WHERE, ERR_OPEN, "csts.tab", i);
652 continue;
653 }
654
/logon.cpp: 673 in sbbs_t::logonstats()()
667 }
668
669 if(cfg.node_num==0) /* called from event_thread() */
670 return(0);
671
672 if(thisnode.status==NODE_QUIET) /* Quiet users aren't counted */

CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.

673 return(0);
674
675 if(REALSYSOP && !(cfg.sys_misc&SM_SYSSTAT))
676 return(0);
677
678 for(i=0;i<2;i++) {
/logon.cpp: 682 in sbbs_t::logonstats()()
676 return(0);
677
678 for(i=0;i<2;i++) {
679 FILE* fp = fopen_dstats(&cfg, i ? 0 : cfg.node_num, /* for_write: */TRUE);
680 if(fp == NULL) {
681 errormsg(WHERE, ERR_OPEN, "dsts.ini", i);

CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.

682 return(0L);
683 }
684 if(!fread_dstats(fp, &stats)) {
685 errormsg(WHERE, ERR_READ, "dsts.ini", i);
686 } else {
687 stats.today.logons++;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D1BBg_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYPIsZP1mUIcYDXV-2BIKqJmrVInqiYU6VTjqKrshCKgIaqKtr35-2BruWgG1P-2Bg0yB-2BuAgsL8JZmDQBzw15bXNroJeqqVZoqg0VkgzqvypQVJBEoWQ3SQD0dE3jrBkw3Qa7Rc5CMTgkEjMauyB8RHdROWl9YGmjuyI0AjbW-2Fmd2yoJLA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 510624: High impact quality (Y2K38_SAFETY)
/upload.cpp: 361 in sbbs_t::upload(int, const char *)()


________________________________________________________________________________________________________
*** CID 510624: High impact quality (Y2K38_SAFETY)
/upload.cpp: 361 in sbbs_t::upload(int, const char *)()
355 SAFEPRINTF(descbeg,text[Rated],toupper(ch));
356 }
357 if(cfg.dir[dirnum]->misc&DIR_ULDATE) {
358 now=time(NULL);
359 if(descbeg[0])
360 strcat(descbeg," ");

CID 510624: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".

361 SAFEPRINTF(str,"%s ",unixtodstr(&cfg,(time32_t)now,tmp));
362 strcat(descbeg,str);
363 }
364 if(cfg.dir[dirnum]->misc&DIR_MULT) {
365 sync();
366 if(!noyes(text[MultipleDiskQ])) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DIddI_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYB81ZvyCqI0cAJ-2FU5ubhxKf4JbTpohfwGahN-2FqiJqEJS3JKhfKJrRClFb390j-2Bf3IyHjOgp4TSp0v4WjJhOyS2xAdq9DkOONT15FqaUuN3dwPvrgxJQAm5MhfGSzyQr2ebowkrz6Mx39u7LNSgoa0vxPkqTzBlpznq59pGc5zgjQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 511447: Control flow issues (DEADCODE)
/js_bbs.cpp: 2334 in js_xfer_prot_menu(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 511447: Control flow issues (DEADCODE)
/js_bbs.cpp: 2334 in js_xfer_prot_menu(JSContext *, unsigned int, unsigned long *)()
2328 if((sbbs=js_GetPrivate(cx, JS_THIS_OBJECT(cx, arglist)))==NULL) 2329 return(JS_FALSE);
2330
2331 if(argc > 0 && argv[0] == JSVAL_TRUE)
2332 xfer_type = XFER_BATCH_UPLOAD;
2333 if(argc > 1 && argv[1] == JSVAL_TRUE)

CID 511447: Control flow issues (DEADCODE)
Execution cannot reach the expression "XFER_BATCH_UPLOAD" inside this statement: "xfer_type = ((xfer_type == ...".

2334 xfer_type = (xfer_type == XFER_UPLOAD) ? XFER_BATCH_UPLOAD : XFER_BATCH_DOWNLOAD;
2335
2336 rc=JS_SUSPENDREQUEST(cx);
2337 sbbs->xfer_prot_menu(xfer_type, &sbbs->useron, keys, sizeof keys);
2338 JSString* js_str = JS_NewStringCopyZ(cx, keys);
2339 if(js_str == nullptr)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DITFI_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQaq5jE-2BLt6d0xDUmd9IA4TiFW4D2c-2Fv2LVaAIklYCEHPyQvUq2Zlw7GDvJu3j8LRmS7SAP5K0MN-2FeHPuzVDlzgYGLGR7UoaRyivmdwaD-2F8GGj2SeuFl5CNmO4uJ75M69NpIJcEgiKbpoWpXeuJdzQYzNm1WuI45zNZnbxNBPzaHrg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 511508: High impact quality (Y2K38_SAFETY)
/date_str.c: 158 in datestr()


________________________________________________________________________________________________________
*** CID 511508: High impact quality (Y2K38_SAFETY)
/date_str.c: 158 in datestr()
152 /****************************************************************************/
153 char* datestr(scfg_t* cfg, time_t t, char* str)
154 {
155 if(t == 0)
156 return "---------";
157 if(!cfg->sys_date_verbal)

CID 511508: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

158 return unixtodstr(cfg, (time32_t)t, str);
159 struct tm tm = {0};
160 if(localtime_r(&t, &tm) == NULL)
161 return "!!!!!!!!!";
162 char fmt[32] = "";
163 switch(cfg->sys_date_fmt) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DeIbg_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZqqLX5nOyr0GCOMCsCoPlrYhtCBBDisrUKXmOFR94rfPCeqYsaUhoG3UZ-2FYUaiUYrgUIufMTzxsRzH7-2B7zAyM4HCi34k5-2FbdZ1Kp-2FDSG9A8IDyw-2BIsKQ-2B2fNzoCls7j0N-2B7Pb2XI8MB8f5lr-2BCPTiUaqWkDFwSWHqbm0IZWY1GZQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 511621: High impact quality (Y2K38_SAFETY)
/str.cpp: 990 in sbbs_t::unixtodstr(long, char *)()


________________________________________________________________________________________________________
*** CID 511621: High impact quality (Y2K38_SAFETY)
/str.cpp: 990 in sbbs_t::unixtodstr(long, char *)()
984 }
985
986 char* sbbs_t::unixtodstr(time_t t, char* str)
987 {
988 if(str == nullptr)
989 str = datestr_output;

CID 511621: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

990 return ::unixtodstr(&cfg, t, str);
991 }
992
993 void sbbs_t::sys_info()
994 {
995 char tmp[128];


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DFl35_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbldReasLeT64fJgl4QpY1aZbFANNQbDPFr-2BH2HYcH1IWW1-2FtRGPtb0gVjSH-2BBqjWAK7btzMhM331mrzEXRNmqAyTftaCh3YDujP4YB-2F7PQ4EGqELNq7SpMqQKEr5kiHI5KwG1KMczjzMucZ1MepWUctNMP3lW0eqjsOrH2fBSzrg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 512127: (Y2K38_SAFETY)
/scfg/scfgsys.c: 1367 in edit_sys_date_verbal()
/scfg/scfgsys.c: 1368 in edit_sys_date_verbal()


________________________________________________________________________________________________________
*** CID 512127: (Y2K38_SAFETY)
/scfg/scfgsys.c: 1367 in edit_sys_date_verbal()
1361
1362 int edit_sys_date_verbal(int page, int total)
1363 {
1364 int mode = WIN_SAV | WIN_MID;
1365 int i = cfg.sys_date_verbal;
1366 time_t t = time(NULL);

CID 512127: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

1367 snprintf(opt[0],MAX_OPLN,"Numeric (e.g. %s)", unixtodstr(&cfg, (time32_t)t, tmp));
1368 snprintf(opt[1],MAX_OPLN,"Verbal (e.g. %s)", verbal_datestr(&cfg, (time32_t)t, tmp));
1369 opt[2][0] = '\0';
1370 uifc.helpbuf=
1371 "`Short Date Display Format:`\n"
1372 "\n"
/scfg/scfgsys.c: 1368 in edit_sys_date_verbal()
1362 int edit_sys_date_verbal(int page, int total)
1363 {
1364 int mode = WIN_SAV | WIN_MID;
1365 int i = cfg.sys_date_verbal;
1366 time_t t = time(NULL);
1367 snprintf(opt[0],MAX_OPLN,"Numeric (e.g. %s)", unixtodstr(&cfg, (time32_t)t, tmp));

CID 512127: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

1368 snprintf(opt[1],MAX_OPLN,"Verbal (e.g. %s)", verbal_datestr(&cfg, (time32_t)t, tmp));
1369 opt[2][0] = '\0';
1370 uifc.helpbuf=
1371 "`Short Date Display Format:`\n"
1372 "\n"
1373 "If you would like short (8 character) dates to be displayed using verbal\n"


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DIT5o_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQavH6tAPUwXIDKUPRKBZGiRgKLj76Ij0uFpD4UCNwTCVen1QmVBk6yGbzTBSC2-2BxBE0GJfAoW-2B-2BWaxWl51M-2B9mp1hicInwTEKrQ8chQM9yGDR81PWtwXM-2Bq2j5YCl48NKAoGGKYo0R42EciGZugnM0LqGuohrShDzTlibesBwTavw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net