Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

5 new defect(s) introduced to Synchronet found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 470390: Program hangs (LOCK)
/viewfile.cpp: 111 in sbbs_t::viewfile(const char *)()


________________________________________________________________________________________________________
*** CID 470390: Program hangs (LOCK)
/viewfile.cpp: 111 in sbbs_t::viewfile(const char *)()
105 if(i >= cfg.total_fviews) {
106 bprintf(text[NonviewableFile], getfname(path));
107 return false;
108 }
109 if((i=external(cmdstr(viewcmd, path, path, NULL), EX_STDIO|EX_SH))!=0) {
110 errormsg(WHERE,ERR_EXEC,viewcmd,i); /* must have EX_SH to ^C */

CID 470390: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".

111 return false;
112 }
113 return true;
114 }
115
116 /****************************************************************************/

** CID 470389: (SLEEP)


________________________________________________________________________________________________________
*** CID 470389: (SLEEP)
/upload.cpp: 84 in sbbs_t::uploadfile(smbmsg_t *)()
78 safe_snprintf(str,sizeof(str),"attempted to upload %s to %s %s (%s error code %d)"
79 ,f->name
80 ,cfg.lib[cfg.dir[f->dir]->lib]->sname,cfg.dir[f->dir]->sname,cfg.ftest[i]->ext
81 ,result);
82 logline(LOG_NOTICE,"U!",str);
83 bprintf(text[FileHadErrors],f->name,cfg.ftest[i]->ext);

CID 470389: (SLEEP)
Call to "yesno" might sleep while holding lock "this->input_thread_mutex".

84 if(!SYSOP || yesno(text[DeleteFileQ]))
85 remove(path);
86 return false;
87 }
88 SAFEPRINTF(str,"%ssbbsfile.nam",cfg.node_dir);
89 if((stream=fopen(str,"r"))!=NULL) {
/upload.cpp: 76 in sbbs_t::uploadfile(smbmsg_t *)()
70 if(f->desc != NULL)
71 fprintf(stream, "%s", f->desc);
72 fclose(stream);
73 }
74 // Note: str (%s) is path/to/sbbsfile.des (used to be the description itself)
75 int result = external(cmdstr(cfg.ftest[i]->cmd, path, str, NULL), EX_OFFLINE);

CID 470389: (SLEEP)
Call to "clearline" might sleep while holding lock "this->input_thread_mutex".

76 clearline();
77 if(result != 0) {
78 safe_snprintf(str,sizeof(str),"attempted to upload %s to %s %s (%s error code %d)"
79 ,f->name
80 ,cfg.lib[cfg.dir[f->dir]->lib]->sname,cfg.dir[f->dir]->sname,cfg.ftest[i]->ext
81 ,result);

** CID 470388: Program hangs (SLEEP)


________________________________________________________________________________________________________
*** CID 470388: Program hangs (SLEEP)
/inkey.cpp: 203 in sbbs_t::handle_ctrlkey(char, int)()
197 }
198 js_execfile(cmdstr(cfg.hotkey[i]->cmd+1,nulstr,nulstr,tmp), /* startup_dir: */NULL, /* scope: */js_hotkey_glob, js_hotkey_cx, js_hotkey_glob);
199 } else
200 external(cmdstr(cfg.hotkey[i]->cmd,nulstr,nulstr,tmp),0);
201 if(!(sys_status&SS_SPLITP)) {
202 CRLF;

CID 470388: Program hangs (SLEEP)
Call to "restoreline" might sleep while holding lock "this->input_thread_mutex".

203 restoreline();
204 }
205 lncntr=0;
206 hotkey_inside &= ~(1<<ch);
207 return(0);
208 }

** CID 470387: Program hangs (LOCK)
/chat.cpp: 654 in sbbs_t::sysop_page()()


________________________________________________________________________________________________________
*** CID 470387: Program hangs (LOCK)
/chat.cpp: 654 in sbbs_t::sysop_page()()
648 ,sys_status&SS_SYSPAGE ? text[On] : text[Off]);
649 nosound();
650 }
651 if(!(sys_status&SS_SYSPAGE))
652 remove(syspage_semfile);
653

CID 470387: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".

654 return(true);
655 }
656
657 bprintf(text[SysopIsNotAvailable],cfg.sys_op);
658
659 return(false);

** CID 470386: Program hangs (LOCK)
/upload.cpp: 86 in sbbs_t::uploadfile(smbmsg_t *)()


________________________________________________________________________________________________________
*** CID 470386: Program hangs (LOCK)
/upload.cpp: 86 in sbbs_t::uploadfile(smbmsg_t *)()
80 ,cfg.lib[cfg.dir[f->dir]->lib]->sname,cfg.dir[f->dir]->sname,cfg.ftest[i]->ext
81 ,result);
82 logline(LOG_NOTICE,"U!",str);
83 bprintf(text[FileHadErrors],f->name,cfg.ftest[i]->ext);
84 if(!SYSOP || yesno(text[DeleteFileQ]))
85 remove(path);

CID 470386: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".

86 return false;
87 }
88 SAFEPRINTF(str,"%ssbbsfile.nam",cfg.node_dir);
89 if((stream=fopen(str,"r"))!=NULL) {
90 if(fgets(str, sizeof(str), stream)) {
91 truncsp(str);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DH5pk_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrA21pPFXGEfXQOHUavDSOcBiYGiM9SWkNBClk7lfGbusFiEUl9SxTFTJ4pQ4-2BlyM1UpLT55ROOl-2F1zOiBksbquFQPYPy5IMrVblt0Rt7EqhjGmGGXslDjsDDEmF37IS-2FgX2UOIpLYk00zJWe4Ps-2Bw7o9YA3yT5trQhVa4wKyo5Ljw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 470457: Incorrect expression (SIZEOF_MISMATCH)
/umonitor/chat.c: 201 in chat()


________________________________________________________________________________________________________
*** CID 470457: Incorrect expression (SIZEOF_MISMATCH)
/umonitor/chat.c: 201 in chat()
195 in=-1;
196 }
197
198 utime(inpath,NULL);
199 _setcursortype(_NORMALCURSOR);
200 while(1) {

CID 470457: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "&ch" of type "int *" and argument "1UL" to function "read" is suspicious because "sizeof (int) /*4*/" is expected.

201 switch(read(in,&ch,1)) {
202 case -1:
203 close(in);
204 in=-1;
205 break;
206


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dn7r8_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrC64hJyXzK3aRg-2FOh461xBPdPC3vMQG8wDm6SWRjPpByDWCbozrDoO3h7iN9haQ83FqvIEsneqqmYW1iHtvLfyFr9U7fTJVs-2FgzA-2B3NTVwG-2FkEOdCKTFxrJHyVvcaeKfjx-2FNRzmWtNl3SJh8ILqS8rD31VNGhVX-2F4wDJ-2F-2FhL0JK9w-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

5 new defect(s) introduced to Synchronet found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 470557: Resource leaks (RESOURCE_LEAK)
/mailsrvr.c: 3122 in smtp_client_thread()


________________________________________________________________________________________________________
*** CID 470557: Resource leaks (RESOURCE_LEAK)
/mailsrvr.c: 3122 in smtp_client_thread()
3116 }
3117
3118 BOOL* mailproc_to_match = calloc(sizeof(*mailproc_to_match), mailproc_count);
3119 if(mailproc_to_match == NULL) {
3120 lprintf(LOG_CRIT,"%04d %s !ERROR allocating memory for mailproc_to_match", socket, client.protocol);
3121 sockprintf(socket,client.protocol,session,smtp_error, "malloc failure");

CID 470557: Resource leaks (RESOURCE_LEAK)
Variable "spy" going out of scope leaks the storage it points to.

3122 return false;
3123 }
3124
3125 /* SMTP session active: */
3126
3127 sockprintf(socket,client.protocol,session,"220 %s Synchronet %s Server %s%c-%s Ready"

** CID 470556: (DC.WEAK_CRYPTO)
/mailsrvr.c: 1157 in pop3_client_thread()
/mailsrvr.c: 1159 in pop3_client_thread()


________________________________________________________________________________________________________
*** CID 470556: (DC.WEAK_CRYPTO)
/mailsrvr.c: 1157 in pop3_client_thread()
1151 memset(&smb,0,sizeof(smb));
1152 memset(&msg,0,sizeof(msg));
1153 memset(&user,0,sizeof(user));
1154 password[0]=0;
1155
1156 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */

CID 470556: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.

1157 rand(); /* throw-away first result */
1158 safe_snprintf(challenge,sizeof(challenge),"<%x%x%lx%lx@%.128s>"
1159 ,rand(),socket,(ulong)time(NULL),(ulong)clock(), server_host_name());
1160
1161 sockprintf(socket,client.protocol,session,"+OK Synchronet %s Server %s%c-%s Ready %s"
1162 ,client.protocol, VERSION, REVISION, PLATFORM_DESC, challenge);
/mailsrvr.c: 1159 in pop3_client_thread()
1153 memset(&user,0,sizeof(user));
1154 password[0]=0;
1155
1156 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */
1157 rand(); /* throw-away first result */
1158 safe_snprintf(challenge,sizeof(challenge),"<%x%x%lx%lx@%.128s>"

CID 470556: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.

1159 ,rand(),socket,(ulong)time(NULL),(ulong)clock(), server_host_name());
1160
1161 sockprintf(socket,client.protocol,session,"+OK Synchronet %s Server %s%c-%s Ready %s"
1162 ,client.protocol, VERSION, REVISION, PLATFORM_DESC, challenge);
1163
1164 /* Requires USER or APOP command first */

** CID 470555: Error handling issues (CHECKED_RETURN)
/mailsrvr.c: 1089 in pop3_client_thread()


________________________________________________________________________________________________________
*** CID 470555: Error handling issues (CHECKED_RETURN)
/mailsrvr.c: 1089 in pop3_client_thread()
1083 if ((stat=cryptSetAttribute(session, CRYPT_SESSINFO_PRIVATEKEY, scfg.tls_certificate)) != CRYPT_OK) {
1084 unlock_ssl_cert();
1085 GCESH(stat, client.protocol, socket, host_ip, session, "setting private key");
1086 return false;
1087 }
1088 nodelay = TRUE;

CID 470555: Error handling issues (CHECKED_RETURN)
Calling "setsockopt(socket, IPPROTO_TCP, 1, (char *)&nodelay, 4U)" without checking return value. This library function may fail and return an error code.

1089 setsockopt(socket,IPPROTO_TCP,TCP_NODELAY,(char*)&nodelay,sizeof(nodelay));
1090 nb=0;
1091 ioctlsocket(socket,FIONBIO,&nb);
1092 if ((stat = cryptSetAttribute(session, CRYPT_SESSINFO_NETWORKSOCKET, socket)) != CRYPT_OK) {
1093 unlock_ssl_cert();
1094 GCESH(stat, client.protocol, socket, host_ip, session, "setting session socket");

** CID 470554: Resource leaks (RESOURCE_LEAK)
/mailsrvr.c: 3122 in smtp_client_thread()


________________________________________________________________________________________________________
*** CID 470554: Resource leaks (RESOURCE_LEAK)
/mailsrvr.c: 3122 in smtp_client_thread()
3116 }
3117
3118 BOOL* mailproc_to_match = calloc(sizeof(*mailproc_to_match), mailproc_count);
3119 if(mailproc_to_match == NULL) {
3120 lprintf(LOG_CRIT,"%04d %s !ERROR allocating memory for mailproc_to_match", socket, client.protocol);
3121 sockprintf(socket,client.protocol,session,smtp_error, "malloc failure");

CID 470554: Resource leaks (RESOURCE_LEAK)
Variable "rcptlst" going out of scope leaks the storage it points to. 3122 return false;

3123 }
3124
3125 /* SMTP session active: */
3126
3127 sockprintf(socket,client.protocol,session,"220 %s Synchronet %s Server %s%c-%s Ready"

** CID 470553: (DC.WEAK_CRYPTO)
/mailsrvr.c: 4204 in smtp_client_thread()
/mailsrvr.c: 3078 in smtp_client_thread()
/mailsrvr.c: 3079 in smtp_client_thread()


________________________________________________________________________________________________________
*** CID 470553: (DC.WEAK_CRYPTO)
/mailsrvr.c: 4204 in smtp_client_thread()
4198 }
4199 if(!stricmp(buf,"AUTH CRAM-MD5")) {
4200 ZERO_VAR(relay_user);
4201 listRemoveTaggedNode(&current_logins, socket, /* free_data */TRUE);
4202
4203 safe_snprintf(challenge,sizeof(challenge),"<%x%x%lx%lx@%s>"

CID 470553: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.

4204 ,rand(),socket,(ulong)time(NULL),(ulong)clock(),server_host_name());
4205 #if 0
4206 lprintf(LOG_DEBUG,"%04d SMTP CRAM-MD5 challenge: %s"
4207 ,socket,challenge);
4208 #endif
4209 b64_encode(str,sizeof(str),challenge,strlen(challenge));
/mailsrvr.c: 3078 in smtp_client_thread()
3072 }
3073 SAFEPRINTF(spam.file,"%sspam",scfg.data_dir);
3074 spam.retry_time=scfg.smb_retry_time;
3075 spam.subnum=INVALID_SUB;
3076
3077 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */

CID 470553: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.

3078 rand(); /* throw-away first result */
3079 SAFEPRINTF4(session_id,"%x%x%x%lx",getpid(),socket,rand(),(long)clock());
3080 lprintf(LOG_DEBUG,"%04d %s [%s] Session ID=%s", socket, client.protocol, host_ip, session_id);
3081 SAFEPRINTF3(msgtxt_fname,"%sSBBS_%s.%s.msg", scfg.temp_dir, client.protocol, session_id);
3082 SAFEPRINTF3(newtxt_fname,"%sSBBS_%s.%s.new", scfg.temp_dir, client.protocol, session_id);
3083 SAFEPRINTF3(logtxt_fname,"%sSBBS_%s.%s.log", scfg.temp_dir, client.protocol, session_id);
/mailsrvr.c: 3079 in smtp_client_thread()
3073 SAFEPRINTF(spam.file,"%sspam",scfg.data_dir);
3074 spam.retry_time=scfg.smb_retry_time;
3075 spam.subnum=INVALID_SUB;
3076
3077 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */
3078 rand(); /* throw-away first result */

CID 470553: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.

3079 SAFEPRINTF4(session_id,"%x%x%x%lx",getpid(),socket,rand(),(long)clock());
3080 lprintf(LOG_DEBUG,"%04d %s [%s] Session ID=%s", socket, client.protocol, host_ip, session_id);
3081 SAFEPRINTF3(msgtxt_fname,"%sSBBS_%s.%s.msg", scfg.temp_dir, client.protocol, session_id);
3082 SAFEPRINTF3(newtxt_fname,"%sSBBS_%s.%s.new", scfg.temp_dir, client.protocol, session_id);
3083 SAFEPRINTF3(logtxt_fname,"%sSBBS_%s.%s.log", scfg.temp_dir, client.protocol, session_id);
3084 SAFEPRINTF3(rcptlst_fname,"%sSBBS_%s.%s.lst", scfg.temp_dir, client.protocol, session_id);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DMQd3_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCHTmGHVnVaZLqSbII6djd5LCfNN4WsVVM-2FraC40TFEmwnFiU15BSJwMmbqsO51yAB8H1Xj6zJDPHok6MSfH6DLipAvEvqiECGEj92Ja08CPuUfomEyNGrm6oICWjy04z9LEXD-2FV3t10gYjDHAgXUzBxC2US2YfoE3y-2FXo4-2F5AMeg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 470929: Error handling issues (CHECKED_RETURN)
/js_system.c: 1474 in js_filter_ip()


________________________________________________________________________________________________________
*** CID 470929: Error handling issues (CHECKED_RETURN)
/js_system.c: 1474 in js_filter_ip()
1468 js_system_private_t* sys;
1469 if((sys = (js_system_private_t*)js_GetClassPrivate(cx,obj,&js_system_class))==NULL)
1470 return JS_FALSE;
1471
1472 for(i=0; i<argc && fname == NULL; i++) {
1473 if(JSVAL_IS_NUMBER(argv[i])) {

CID 470929: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 261 out of 293 times).

1474 JS_ValueToInt32(cx, argv[i], &duration);
1475 continue;
1476 }
1477 if(!JSVAL_IS_STRING(argv[i]))
1478 continue;
1479 JSVALUE_TO_MSTRING(cx, argv[i], p, NULL);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dx5vI_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrD-2FFZVvmg9UFbNVSslGQHixwK2gY0JhpVYuBk-2BPEk2wVNUawfpNFUquIquIwrbnMLyXyOL-2Bbdyy88jhCHaZkpnLltM6SvZPalWR8uvzHGJLXvipDKrDTZ6KfbbjJDM-2B9TK-2Bfg-2Bntn7n3JXz8-2BbuvXtlotoQiRFNfFKyqSao3USU5A-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 471381: Null pointer dereferences (NULL_RETURNS)
/ssl.c: 412 in get_ssl_cert()


________________________________________________________________________________________________________
*** CID 471381: Null pointer dereferences (NULL_RETURNS)
/ssl.c: 412 in get_ssl_cert()
406
407 if(!do_cryptInit())
408 return -1;
409 ssl_sync(cfg);
410 lock_ssl_cert_write();
411 cert_entry = malloc(sizeof(*cert_entry));

CID 471381: Null pointer dereferences (NULL_RETURNS)
Dereferencing "cert_entry", which is known to be "NULL".

412 cert_entry->sess = -1;
413 cert_entry->epoch = cert_epoch;
414 cert_entry->next = NULL;
415
416 /* Get the certificate... first try loading it from a file... */
417 if(cryptStatusOK(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, cert_path, CRYPT_KEYOPT_READONLY))) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DNVYG_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAIQBrbLtBWXBu7NOIgqUVW-2FO9u7UhLy-2BFNLgqIU41zpqPfBM73Awa3dQxk3-2F184GO6VUS7KkG6sPhNBuQiQ4Keqf56uFZ5RoDxe4X35uihMatLZZvu1DTj5op2mLHIzl6CugzzedJw-2FjcHjqyoRYDdN5cjuB-2Bi1UXQGnATKvNQkg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 471656: Memory - corruptions (OVERRUN)


________________________________________________________________________________________________________
*** CID 471656: Memory - corruptions (OVERRUN) /tmp/sbbs-Dec-26-2023/src/smblib/smbfile.c: 367 in smb_addfile_withlist()
361
362 if(list != NULL && *list != NULL) {
363 size_t size = strListCount(list) * 1024;
364 auxdata = calloc(1, size);
365 if(auxdata == NULL)
366 return SMB_ERR_MEM;

CID 471656: Memory - corruptions (OVERRUN)
Calling "strListCombine" with "auxdata" and "size - 1UL" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.

367 strListCombine(list, auxdata, size - 1, "\r\n");
368 }
369 result = smb_addfile(smb, file, storage, extdesc, auxdata, path);
370 free(auxdata);
371 return result;
372 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D2BKI_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCT6x0GAlc7xThQfLCGiCZdmR4qZP1NcowX1yNXO3dy1e3iYdu3LqPMf8Ps-2BXyXIS9z1-2BExxr9YuMCEQ-2FkgG8-2FT0EoCNRZOLQUTkkQaenBh-2FjMptDjEjYYaLSTPN90hBdPvbODU2Cx91ZtvmuRMrZszCSUsoWukacGJvvm4ij2thw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 476254: (NULL_RETURNS) /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 505 in getChannelAttribute()
/tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 517 in getChannelAttribute()
/tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 511 in getChannelAttribute()
/tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 525 in getChannelAttribute()


________________________________________________________________________________________________________
*** CID 476254: (NULL_RETURNS) /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 505 in getChannelAttribute()
499 if( isNullChannel( channelInfoPtr ) )
500 return( CRYPT_ERROR_NOTFOUND );
501 *value = channelInfoPtr->channelID;
502 return( CRYPT_OK );
503
504 case CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE:

CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".

505 if( isNullChannel( writeChannelInfoPtr ) )
506 return( CRYPT_ERROR_NOTFOUND );
507 *value = isActiveChannel( writeChannelInfoPtr ) ? TRUE : FALSE;
508 return( CRYPT_OK );
509
510 case CRYPT_SESSINFO_SSH_CHANNEL_OPEN: /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 517 in getChannelAttribute()
511 if( isNullChannel( writeChannelInfoPtr ) )
512 return( CRYPT_ERROR_NOTFOUND );
513 *value = ( writeChannelInfoPtr->flags & CHANNEL_FLAG_READCLOSED ) ? FALSE : TRUE;
514 return( CRYPT_OK );
515
516 case CRYPT_SESSINFO_SSH_CHANNEL_WIDTH:

CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".

517 if( isNullChannel( writeChannelInfoPtr ) )
518 return( CRYPT_ERROR_NOTFOUND );
519 if (writeChannelInfoPtr->width == 0)
520 return CRYPT_ERROR_NOTFOUND;
521 *value = channelInfoPtr->width;
522 return( CRYPT_OK ); /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 511 in getChannelAttribute()
505 if( isNullChannel( writeChannelInfoPtr ) )
506 return( CRYPT_ERROR_NOTFOUND );
507 *value = isActiveChannel( writeChannelInfoPtr ) ? TRUE : FALSE;
508 return( CRYPT_OK );
509
510 case CRYPT_SESSINFO_SSH_CHANNEL_OPEN:

CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".

511 if( isNullChannel( writeChannelInfoPtr ) )
512 return( CRYPT_ERROR_NOTFOUND );
513 *value = ( writeChannelInfoPtr->flags & CHANNEL_FLAG_READCLOSED ) ? FALSE : TRUE;
514 return( CRYPT_OK );
515
516 case CRYPT_SESSINFO_SSH_CHANNEL_WIDTH: /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 525 in getChannelAttribute()
519 if (writeChannelInfoPtr->width == 0)
520 return CRYPT_ERROR_NOTFOUND;
521 *value = channelInfoPtr->width;
522 return( CRYPT_OK );
523
524 case CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT:

CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".

525 if( isNullChannel( writeChannelInfoPtr ) )
526 return( CRYPT_ERROR_NOTFOUND );
527 if (writeChannelInfoPtr->height == 0)
528 return CRYPT_ERROR_NOTFOUND;
529 *value = channelInfoPtr->height;
530 return( CRYPT_OK );

** CID 476253: Resource leaks (RESOURCE_LEAK)
/jsdebug.c: 335 in script_debug_prompt()


________________________________________________________________________________________________________
*** CID 476253: Resource leaks (RESOURCE_LEAK)
/jsdebug.c: 335 in script_debug_prompt()
329 JS_SetInterrupt(JS_GetRuntime(dbg->cx), finish_handler, NULL);
330 return DEBUG_CONTINUE;
331 }
332 if(strncmp(line, "quit\n", 5)==0 ||
333 strncmp(line, "q\n", 2)==0
334 ) {

CID 476253: Resource leaks (RESOURCE_LEAK)
Variable "line" going out of scope leaks the storage it points to.

335 return (DEBUG_EXIT);
336 }
337 if(strncmp(line, "eval ", 5)==0 ||
338 strncmp(line, "e ", 2)==0
339 ) {
340 jsval ret;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dk6EJ_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrA-2FX8i-2FapdB1BvZRHSxZvnvG9Gt4EGgnMOyOKJdrt0Ow7WO8U9rY3qdLrGQhhG9KhbgCqQ-2BdjF-2FCZbP8g3Gc1r4QsbMjorELhC-2FfCV8hEXjaVc-2BoAqZ2-2FQeAkDjxFrK3m04is-2FE5aOQcl1hrivcYLiwVEHyHlsUWiqdJNrqtFX4OA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 477525: Error handling issues (CHECKED_RETURN)
/ssl.c: 413 in get_ssl_cert()


________________________________________________________________________________________________________
*** CID 477525: Error handling issues (CHECKED_RETURN)
/ssl.c: 413 in get_ssl_cert()
407 CRYPT_CERTIFICATE ssl_cert;
408 char sysop_email[sizeof(cfg->sys_inetaddr)+6];
409 struct cert_list *cert_entry;
410
411 if(!do_cryptInit(lprintf))
412 return -1;

CID 477525: Error handling issues (CHECKED_RETURN)
Calling "ssl_sync" without checking return value (as is done elsewhere 6 out of 7 times).

413 ssl_sync(cfg, lprintf);
414 lock_ssl_cert_write();
415 cert_entry = malloc(sizeof(*cert_entry));
416 if(cert_entry == NULL) {
417 unlock_ssl_cert_write(lprintf);
418 free(cert_entry);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DG04V_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDEpEnmlDe-2FjbKZ4LOKbSyZqFRJl-2FW97DzLqL9YhzmfB5NVnMDaFqAVAu8sqMXAtM7gluOaLuz78sK9hLjatBB8CSJ6nN9iJHgKoglAvkWzF0D2D3-2FP2KvQ4r0FVsLXVQDobxZi1VHS1fHv1o1JN4QuvSLew5iAWvpjb3EkIuqiHp61IxzA0v1Q4zB-2F2vdQH-2Fs-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net