Forum: Lost Crypt BBS

New Defects reported by Coverity Scan for Synchronet

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wednesday, January 24, 2024 16:43:19

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

40 new defect(s) introduced to Synchronet found with Coverity Scan.
65 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 40 defect(s)

** CID 479110: Program hangs (LOCK)
/pack_qwk.cpp: 753 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()

________________________________________________________________________________________________________
*** CID 479110: Program hangs (LOCK)
/pack_qwk.cpp: 753 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
747 if(flength(packet) < 1) {
748 remove(packet);
749 if((i = external(cmdstr(temp_cmd(),packet,path,NULL), ex|EX_WILDCARD)) != 0)
750 errormsg(WHERE,ERR_EXEC,cmdstr(temp_cmd(),packet,path,NULL),i);
751 if(flength(packet) < 1) {
752 bputs(text[QWKCompressionFailed]);

CID 479110: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".

753 return(false);
754 }
755 }
756
757 if(!prepack && useron.rest&FLAG('Q')) {
758 dir=opendir(cfg.temp_dir);

** CID 479109: (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 349 in readPkiStatusInfo() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 364 in readPkiStatusInfo()

________________________________________________________________________________________________________
*** CID 479109: (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 349 in readPkiStatusInfo() 343 ( status, errorInfo,
344 "Invalid PKI status string" ) );
345 }
346 hasErrorMessage = TRUE;
347 }
348 if( cryptStatusError( status ) )

CID 479109: (DEADCODE)
Execution cannot reach this statement: "return status;".

349 return( status ); /* Residual error from peekTag() */
350
351 /* Read the failure information */
352 if( checkStatusLimitsPeekTag( stream, status, tag, endPos ) && \
353 tag == BER_BITSTRING )
354 {
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 364 in readPkiStatusInfo() 358 retExt( status,
359 ( status, errorInfo,
360 "Invalid PKI failure information" ) );
361 }
362 }
363 if( cryptStatusError( status ) )

CID 479109: (DEADCODE)
Execution cannot reach this statement: "return status;".

364 return( status ); /* Residual error from peekTag() */
365
366 /* If everything's OK, we're done */
367 if( cmpStatusOK( errorCode ) )
368 return( CRYPT_OK );
369

** CID 479108: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/context/ctx_attr.c: 425 in getContextAttributeS()

________________________________________________________________________________________________________
*** CID 479108: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/context/ctx_attr.c: 425 in getContextAttributeS()
419 out */
420 return( attributeCopy( msgData, contextInfoPtr->ctxPKC->publicKeyInfo,
421 contextInfoPtr->ctxPKC->publicKeyInfoSize ) );
422 }
423 STDC_FALLTHROUGH;
424

CID 479108: Control flow issues (MISSING_BREAK)
The case for value "CRYPT_CTXINFO_SSH_PUBLIC_KEY" is not terminated by a "break" statement.

425 case CRYPT_CTXINFO_SSH_PUBLIC_KEY:
426 if ( needsKey( contextInfoPtr ) )
427 return CRYPT_ERROR_NOTFOUND;
428 if (contextType != CONTEXT_PKC)
429 return CRYPT_ERROR_NOTFOUND;
430 case CRYPT_IATTRIBUTE_KEY_PGP:

** CID 479107: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 857 in activateSession()

________________________________________________________________________________________________________
*** CID 479107: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 857 in activateSession() 851 {
852 const SES_ACTIVATESUBPROTOCOL_FUNCTION activateSubprotocolFunction = \
853 ( SES_ACTIVATESUBPROTOCOL_FUNCTION ) \
854 FNPTR_GET( sessionInfoPtr->activateInnerSubprotocolFunction );
855 REQUIRES( activateSubprotocolFunction != NULL );
856

CID 479107: Control flow issues (DEADCODE)
Execution cannot reach this statement: "status = activateSubprotoco...".

857 status = activateSubprotocolFunction( sessionInfoPtr );
858 if( cryptStatusError( status ) )
859 return( status );
860
861 /* Record the fact that the layered protocol has been
862 activated */

** CID 479106: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/scvp_cli.c: 621 in readScvpResponse()

________________________________________________________________________________________________________
*** CID 479106: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/scvp_cli.c: 621 in readScvpResponse() 615 assert( isWritePtr( stream, sizeof( STREAM ) ) );
616 assert( isWritePtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) ); 617 assert( isWritePtr( protocolInfo, sizeof( SCVP_PROTOCOL_INFO ) ) );
618
619 /* Skip the wrapper, version, and server configuration ID */ 620 readSequence( stream, NULL );

CID 479106: Error handling issues (CHECKED_RETURN)
Calling "readShortIntegerTag" without checking return value (as is done elsewhere 36 out of 45 times).

621 readShortInteger( stream, &value );
622 status = readShortInteger( stream, &value );
623 if( cryptStatusError( status ) )
624 {
625 retExt( status,
626 ( status, SESSION_ERRINFO,

** CID 479105: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1030 in closeSession()

________________________________________________________________________________________________________
*** CID 479105: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1030 in closeSession() 1024 #if defined( USE_WEBSOCKETS ) || defined( USE_EAP )
1025 if( sessionInfoPtr->subProtocol != CRYPT_SUBPROTOCOL_NONE ) 1026 {
1027 /* If there's an inner protocol present, shut that down as well */
1028 if( FNPTR_ISSET( sessionInfoPtr->closeInnerSubprotocolFunction ) )
1029 {

CID 479105: Control flow issues (DEADCODE)
Execution cannot reach the expression "sessionInfoPtr->closeInnerSubprotocolFunction.fnPtr" inside this statement: "closeSubprotocolFunction = ...".

1030 const SES_CLOSESUBPROTOCOL_FUNCTION closeSubprotocolFunction = \
1031 ( SES_CLOSESUBPROTOCOL_FUNCTION ) \
1032 FNPTR_GET( sessionInfoPtr->closeInnerSubprotocolFunction );
1033 REQUIRES( closeSubprotocolFunction != NULL ); 1034
1035 ( void ) closeSubprotocolFunction( sessionInfoPtr );

** CID 479104: (BAD_SHIFT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar()

________________________________________________________________________________________________________
*** CID 479104: (BAD_SHIFT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar()
214 non-char values can only be accessed on word-aligned boundaries */
215 LOOP_SMALL( i = 0, i < WCHAR_SIZE, i++ )
216 {
217 ENSURES_EXT( LOOP_INVARIANT_SMALL( i, 0, WCHAR_SIZE - 1 ), 0 );
218
219 #ifdef DATA_LITTLEENDIAN

CID 479104: (BAD_SHIFT)
In expression "string[i] << shiftAmt", left shifting by more than 31 bits has undefined behavior. The shift amount, "shiftAmt", is at least 72.

220 ch |= string[ i ] << shiftAmt;
221 shiftAmt += 8;
222 #else
223 ch = ( ch << 8 ) | string[ i ];
224 #endif /* DATA_LITTLEENDIAN */
225 }
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar()
214 non-char values can only be accessed on word-aligned boundaries */
215 LOOP_SMALL( i = 0, i < WCHAR_SIZE, i++ )
216 {
217 ENSURES_EXT( LOOP_INVARIANT_SMALL( i, 0, WCHAR_SIZE - 1 ), 0 );
218
219 #ifdef DATA_LITTLEENDIAN

CID 479104: (BAD_SHIFT)
In expression "string[i] << shiftAmt", left shifting by more than 31 bits has undefined behavior. The shift amount, "shiftAmt", is at least 72.

220 ch |= string[ i ] << shiftAmt;
221 shiftAmt += 8;
222 #else
223 ch = ( ch << 8 ) | string[ i ];
224 #endif /* DATA_LITTLEENDIAN */
225 }

** CID 479103: (SLEEP)

________________________________________________________________________________________________________
*** CID 479103: (SLEEP)
/pack_rep.cpp: 120 in sbbs_t::pack_rep(unsigned int)()
114 /*********************/
115 /* Pack new messages */
116 /*********************/
117 SAFEPRINTF(smb.file,"%smail",cfg.data_dir);
118 smb.retry_time=cfg.smb_retry_time;
119 smb.subnum=INVALID_SUB;

CID 479103: (SLEEP)
Call to "smb_open" might sleep while holding lock "this->input_thread_mutex".

120 if((i=smb_open(&smb))!=0) {
121 fclose(rep);
122 if(hdrs!=NULL)
123 fclose(hdrs);
124 if(voting!=NULL)
125 fclose(voting);
/pack_rep.cpp: 112 in sbbs_t::pack_rep(unsigned int)()
106 errormsg(WHERE,ERR_CREATE,str,0);
107 }
108 if(!(cfg.qhub[hubnum]->misc&QHUB_NOVOTING)) {
109 SAFEPRINTF(str,"%sVOTING.DAT",cfg.temp_dir);
110 fexistcase(str);
111 if((voting=fopen(str,"a"))==NULL)

CID 479103: (SLEEP)
Call to "errormsg" might sleep while holding lock "this->input_thread_mutex".

112 errormsg(WHERE,ERR_CREATE,str,0);
113 }
114 /*********************/
115 /* Pack new messages */
116 /*********************/
117 SAFEPRINTF(smb.file,"%smail",cfg.data_dir);
/pack_rep.cpp: 106 in sbbs_t::pack_rep(unsigned int)()
100 ,QWK_BLOCK_LEN, hubid_upper); /* So write header */
101 }
102 if(!(cfg.qhub[hubnum]->misc&QHUB_NOHEADERS)) {
103 SAFEPRINTF(str,"%sHEADERS.DAT",cfg.temp_dir);
104 fexistcase(str);
105 if((hdrs=fopen(str,"a"))==NULL)

CID 479103: (SLEEP)
Call to "errormsg" might sleep while holding lock "this->input_thread_mutex".

106 errormsg(WHERE,ERR_CREATE,str,0);
107 }
108 if(!(cfg.qhub[hubnum]->misc&QHUB_NOVOTING)) {
109 SAFEPRINTF(str,"%sVOTING.DAT",cfg.temp_dir);
110 fexistcase(str);
111 if((voting=fopen(str,"a"))==NULL)

** CID 479102: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/enc_dec/asn1_algoenc.c: 662 in readCryptAlgoParams()

________________________________________________________________________________________________________
*** CID 479102: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/enc_dec/asn1_algoenc.c: 662 in readCryptAlgoParams()
656 RC2_KEYSIZE_MAGIC (corresponding to a 128-bit key) but in
657 practice this doesn't really matter, we just use whatever we
658 find inside the PKCS #1 padding */
659 readSequence( stream, NULL );
660 if( queryInfo->cryptMode != CRYPT_MODE_CBC ) 661 return( readShortInteger( stream, NULL ) );

CID 479102: Error handling issues (CHECKED_RETURN)
Calling "readShortIntegerTag" without checking return value (as is done elsewhere 36 out of 45 times).

662 readShortInteger( stream, NULL );
663 return( readOctetString( stream, queryInfo->iv, 664 &queryInfo->ivLength,
665 MIN_IVSIZE, CRYPT_MAX_IVSIZE ) );
666 #endif /* USE_RC2 */
667

** CID 479101: (CHECKED_RETURN)
/ssl.c: 353 in internal_do_cryptInit()
/ssl.c: 345 in internal_do_cryptInit()

________________________________________________________________________________________________________
*** CID 479101: (CHECKED_RETURN)
/ssl.c: 353 in internal_do_cryptInit()
347 }
348 ret = cryptGetAttributeString(CRYPT_UNUSED, CRYPT_OPTION_INFO_PATCHES, patches, &stp);
349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) {
350 cryptInit_error = ret;
351 cryptlib_initialized = false;
352 cryptEnd();

CID 479101: (CHECKED_RETURN)
Calling "asprintf" without checking return value (as is done elsewhere 19 out of 21 times).

353 asprintf(&cryptfail, "Incorrect cryptlib patch set %.32s (expected %s)", patches, CRYPTLIB_PATCHES);
354 return;
355 }
356 return;
357 }
358
/ssl.c: 345 in internal_do_cryptInit()
339 }
340 tmp = (maj * 100) + (min * 10) + stp;
341 if (tmp != CRYPTLIB_VERSION) {
342 cryptInit_error = CRYPT_ERROR_INVALID;
343 cryptlib_initialized = false;
344 cryptEnd();

CID 479101: (CHECKED_RETURN)
Calling "asprintf" without checking return value (as is done elsewhere 19 out of 21 times).

345 asprintf(&cryptfail, "Incorrect cryptlib version %d (expected %d)", tmp, CRYPTLIB_VERSION);
346 return;
347 }
348 ret = cryptGetAttributeString(CRYPT_UNUSED, CRYPT_OPTION_INFO_PATCHES, patches, &stp);
349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) {
350 cryptInit_error = ret;

** CID 479100: (ATOMICITY)
/ssl.c: 659 in destroy_session()
/ssl.c: 659 in destroy_session()

________________________________________________________________________________________________________
*** CID 479100: (ATOMICITY)
/ssl.c: 659 in destroy_session()
653 lprintf(LOG_ERR, "Unable to unlock cert_epoch_lock for write at %d", __LINE__);
654 return CRYPT_ERROR_INTERNAL;
655 }
656 sess->sess = -1;
657 pthread_mutex_lock(&ssl_cert_list_mutex);
658 sess->next = cert_list;

CID 479100: (ATOMICITY)
Using an unreliable value of "sess" inside the second locked section. If the data that "sess" depends on was changed by another thread, this use might be incorrect.

659 cert_list = sess;
660 pthread_mutex_unlock(&ssl_cert_list_mutex);
661 ret = cryptDestroySession(csess);
662 }
663 else {
664 if (!rwlock_unlock(&cert_epoch_lock)) {
/ssl.c: 659 in destroy_session()
653 lprintf(LOG_ERR, "Unable to unlock cert_epoch_lock for write at %d", __LINE__);
654 return CRYPT_ERROR_INTERNAL;
655 }
656 sess->sess = -1;
657 pthread_mutex_lock(&ssl_cert_list_mutex);
658 sess->next = cert_list;

CID 479100: (ATOMICITY)
Using an unreliable value of "sess" inside the second locked section. If the data that "sess" depends on was changed by another thread, this use might be incorrect.

659 cert_list = sess;
660 pthread_mutex_unlock(&ssl_cert_list_mutex);
661 ret = cryptDestroySession(csess);
662 }
663 else {
664 if (!rwlock_unlock(&cert_epoch_lock)) {

** CID 479099: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_rdmsg.c: 495 in readResponseBody()

________________________________________________________________________________________________________
*** CID 479099: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_rdmsg.c: 495 in readResponseBody()
489 ( status, SESSION_ERRINFO,
490 "Invalid caPubs field in %s", 491 getCMPMessageName( messageType ) ) );
492 }
493 }
494 if( cryptStatusError( status ) )

CID 479099: Control flow issues (DEADCODE)
Execution cannot reach this statement: "return status;".

495 return( status ); /* Residual error from checkStatusPeekTag() */
496
497 /* If it's a revocation response then the only returned data is the
498 status value */
499 if( protocolInfo->operation == CTAG_PB_RR )
500 {

** CID 479098: Program hangs (LOCK)
/pack_rep.cpp: 95 in sbbs_t::pack_rep(unsigned int)()

________________________________________________________________________________________________________
*** CID 479098: Program hangs (LOCK)
/pack_rep.cpp: 95 in sbbs_t::pack_rep(unsigned int)()
89 if(fexistcase(str))
90 fmode="r+b";
91 else
92 fmode="w+b";
93 if((rep=fopen(str, fmode))==NULL) {
94 errormsg(WHERE, ERR_CREATE, str, 0, fmode);

CID 479098: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".

95 return false;
96 }
97 fseek(rep, 0, SEEK_END);
98 if(ftell(rep) < 1) { /* New REP packet */
99 fprintf(rep, "%-*s"
100 ,QWK_BLOCK_LEN, hubid_upper); /* So write header */

** CID 479097: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1035 in closeSession()

________________________________________________________________________________________________________
*** CID 479097: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1035 in closeSession() 1029 {
1030 const SES_CLOSESUBPROTOCOL_FUNCTION closeSubprotocolFunction = \
1031 ( SES_CLOSESUBPROTOCOL_FUNCTION ) \
1032 FNPTR_GET( sessionInfoPtr->closeInnerSubprotocolFunction );
1033 REQUIRES( closeSubprotocolFunction != NULL ); 1034

CID 479097: Control flow issues (DEADCODE)
Execution cannot reach this statement: "(void)closeSubprotocolFunct...".

1035 ( void ) closeSubprotocolFunction( sessionInfoPtr );
1036 }
1037
1038 /* If protocol management is handled by an outer protocol, don't
1039 perform a session shutdown. This is in theory rather nasty in
1040 that an attacker who can spoof an unsecured outer protocol packet

** CID 479096: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 685 in activateConnection()

________________________________________________________________________________________________________
*** CID 479096: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 685 in activateConnection()
679
680 /* If there's sub-protocol selected, activate that as well */ 681 #if defined( USE_WEBSOCKETS ) || defined( USE_EAP )
682 if( sessionInfoPtr->subProtocol != CRYPT_SUBPROTOCOL_NONE && \ 683 FNPTR_ISSET( sessionInfoPtr->activateOuterSubprotocolFunction ) )
684 {

CID 479096: Control flow issues (DEADCODE)
Execution cannot reach the expression "sessionInfoPtr->activateOuterSubprotocolFunction.fnPtr" inside this statement: "activateSubprotocolFunction...".

685 const SES_ACTIVATESUBPROTOCOL_FUNCTION activateSubprotocolFunction = \
686 ( SES_ACTIVATESUBPROTOCOL_FUNCTION ) \
687 FNPTR_GET( sessionInfoPtr->activateOuterSubprotocolFunction );
688 REQUIRES( activateSubprotocolFunction != NULL );
689
690 status = activateSubprotocolFunction( sessionInfoPtr );

** CID 479095: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/kernel/selftest.c: 130 in testSafetyMechanisms()

________________________________________________________________________________________________________
*** CID 479095: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/kernel/selftest.c: 130 in testSafetyMechanisms()
124 tmrIntB |= 0x800;
125 tmrIntC |= 0x01;
126 if( TMR_VALID( tmrInt ) || TMR_GET( tmrInt ) != 20 )
127 return( FALSE );
128 TMR_SCRUB( tmrInt );
129 if( tmrIntA != 20 || tmrIntB != 20 || tmrIntC != 20 )

CID 479095: Control flow issues (DEADCODE)
Execution cannot reach this statement: "return 0;".

130 return( FALSE );
131 CFI_CHECK_UPDATE( "TMR" );
132
133 /* Test the overflow-checking mechanisms. These checks will probably
134 fall prey to optimiser inlining but it'll still statically check that
135 they work as expected.

** CID 479094: (DEADCODE)
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 720 in readAttributeCertInfo() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 668 in readAttributeCertInfo() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 641 in readAttributeCertInfo()

________________________________________________________________________________________________________
*** CID 479094: (DEADCODE)
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 720 in readAttributeCertInfo() 714 {
715 return( certErrorReturn( certInfoPtr, "issuer unique ID",
716 status ) );
717 }
718 }
719 if( cryptStatusError( status ) )

CID 479094: (DEADCODE)
Execution cannot reach this statement: "return status;".

720 return( status ); /* Residual error from peekTag() */
721
722 /* If there are no extensions present, we're done */
723 if( stell( stream ) >= endPos )
724 return( CRYPT_OK );
725
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 668 in readAttributeCertInfo() 662 if( cryptStatusOK( status ) )
663 status = readIssuerDN( stream, certInfoPtr ); 664 if( cryptStatusError( status ) )
665 return( certErrorReturn( certInfoPtr, "issuer name", status ) );
666 }
667 if( cryptStatusError( status ) )

CID 479094: (DEADCODE)
Execution cannot reach this statement: "return status;".

668 return( status ); /* Residual error from peekTag() */
669 if( checkStatusLimitsPeekTag( stream, status, tag, innerEndPos ) && \
670 tag == MAKE_CTAG( CTAG_AC_ISSUER_BASECERTIFICATEID ) ) 671 {
672 status = readUniversal( stream );
673 }
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 641 in readAttributeCertInfo() 635 if( cryptStatusOK( status ) )
636 status = readSubjectDN( stream, certInfoPtr ); 637 if( cryptStatusError( status ) )
638 return( certErrorReturn( certInfoPtr, "holder name", status ) );
639 }
640 if( cryptStatusError( status ) )

CID 479094: (DEADCODE)
Execution cannot reach this statement: "return status;".

641 return( status ); /* Residual error from peekTag() */
642 if( checkStatusLimitsPeekTag( stream, status, tag, innerEndPos ) && \
643 tag == MAKE_CTAG( CTAG_AC_HOLDER_OBJECTDIGESTINFO ) ) 644 {
645 /* This is a complicated structure that in effect encodes a generic
646 hole reference to "other", for now we just skip it until we can

** CID 479093: (DEADCODE)
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1779 in openKeyset() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1770 in openKeyset() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1771 in openKeyset()

________________________________________________________________________________________________________
*** CID 479093: (DEADCODE)
/tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1779 in openKeyset()
1773 break;
1774
1775 case CRYPT_KEYSET_HTTP:
1776 status = setAccessMethodHTTP( keysetInfoPtr ); 1777 break;
1778

CID 479093: (DEADCODE)
Execution cannot reach this statement: "case CRYPT_KEYSET_LDAP:".

1779 case CRYPT_KEYSET_LDAP:
1780 status = setAccessMethodLDAP( keysetInfoPtr ); 1781 break;
1782
1783 default:
1784 retIntError(); /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1770 in openKeyset()
1764 }
1765
1766 /* It's a specific type of keyset, set up the access information for it
1767 and connect to it */
1768 switch( keysetType )
1769 {

CID 479093: (DEADCODE)
Execution cannot reach this statement: "case CRYPT_KEYSET_DATABASE:". 1770 case CRYPT_KEYSET_DATABASE:

1771 case CRYPT_KEYSET_DATABASE_STORE:
1772 status = setAccessMethodDBMS( keysetInfoPtr, keysetType );
1773 break;
1774
1775 case CRYPT_KEYSET_HTTP: /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1771 in openKeyset()
1765
1766 /* It's a specific type of keyset, set up the access information for it
1767 and connect to it */
1768 switch( keysetType )
1769 {
1770 case CRYPT_KEYSET_DATABASE:

CID 479093: (DEADCODE)
Execution cannot reach this statement: "case CRYPT_KEYSET_DATABASE_...".

1771 case CRYPT_KEYSET_DATABASE_STORE:
1772 status = setAccessMethodDBMS( keysetInfoPtr, keysetType );
1773 break;
1774
1775 case CRYPT_KEYSET_HTTP:
1776 status = setAccessMethodHTTP( keysetInfoPtr );

** CID 479092: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/ext_copy.c: 285 in copyAttribute()

________________________________________________________________________________________________________
*** CID 479092: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/ext_copy.c: 285 in copyAttribute()
279 if( DATAPTR_ISSET_PTR( newAttributeHeadPtr ) ) 280 deleteAttributes( newAttributeHeadPtr );
281 return( status );
282 }
283
284 /* Append the new field to the new attribute list */ >>> CID 479092: Resource leaks (RESOURCE_LEAK)

Variable "newAttributeField" going out of scope leaks the storage it points to.

285 insertDoubleListElement( newAttributeHeadPtr, newAttributeListTail,
286 newAttributeField, ATTRIBUTE_LIST );
287 newAttributeListTail = newAttributeField;
288 }
289 ENSURES( LOOP_BOUND_OK );
290 ENSURES( DATAPTR_ISSET_PTR( newAttributeHeadPtr ) );

** CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/ssh2_msgcli.c: 707 in processChannelOpenConfirmation()

________________________________________________________________________________________________________
*** CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/ssh2_msgcli.c: 707 in processChannelOpenConfirmation()
701 done */
702 if( serviceType == SERVICE_PORTFORWARD ) {
703 selectChannel( sessionInfoPtr, origWriteChannelNo, CHANNEL_WRITE );
704 return( CRYPT_OK );
705 }
706

CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"255612575 || channelNo == 0 || !waitforWindow" is always true regardless of the values of its operands. This occurs as the logical operand of "if".

707 if ( TRUE || channelNo == 0 || !waitforWindow )
708 {
709 /* It's a session open request that requires additional messages to do
710 anything useful, create and send the extra packets. Unlike the
711 overall open request, we can't wrap and send the packets in one go
712 because serviceType == SERVICE_SHELL has to send multiple packets,

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D_Ob8_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDXsFtzU0G-2FWPcCSE76ga65FpTOVnlTg2HlohxKy4ePNmfAvcTgQHzRuwjEUPYcoNsjv51yTcWgn-2B5ZoKEZbHKDuJHZyg4oYm-2B85r0HAuyVfWOvaujD7HGzC-2Bi-2BJJr4c31Rz-2B5noR-2FnEcQw4pO0lSZx8Qbg6Ydb9v-2FQISXmWX5vnA-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Thursday, February 01, 2024 16:40:37

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 480410: Uninitialized variables (UNINIT) /tmp/sbbs-Feb-01-2024/src/conio/ciolib.c: 2152 in ciolib_rgb_to_legacyattr()

________________________________________________________________________________________________________
*** CID 480410: Uninitialized variables (UNINIT) /tmp/sbbs-Feb-01-2024/src/conio/ciolib.c: 2152 in ciolib_rgb_to_legacyattr() 2146 }
2147 }
2148 }
2149 }
2150
2151 return (bestb << 4) | bestf;

CID 480410: Uninitialized variables (UNINIT)
Using uninitialized value "bestf".

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D0Whj_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCGuXH-2F8nbk79WMe2MJx6-2FI9exgVraqIoXRfw5t191-2Fkv7cvlCW07dWiwEkebe6LE7W-2FqT6ZfpHP5InVb8zXpzOgZvf4Ur9-2BJrsFE50Fqk6iSfX0glKX5AlD-2FYPX7BWAafhUDNW6RVuwz3H5dgusXmMWB9WTfpkkhCog7HEgqDjmg-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sunday, February 04, 2024 18:09:08

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 483188: Memory - corruptions (OVERRUN)
/ssl.c: 349 in internal_do_cryptInit()

________________________________________________________________________________________________________
*** CID 483188: Memory - corruptions (OVERRUN)
/ssl.c: 349 in internal_do_cryptInit()
343 cryptlib_initialized = false;
344 cryptEnd();
345 asprintf(&cryptfail, "Incorrect cryptlib version %d (expected %d)", tmp, CRYPTLIB_VERSION);
346 return;
347 }
348 ret = cryptGetAttributeString(CRYPT_UNUSED, CRYPT_OPTION_INFO_PATCHES, patches, &stp);

CID 483188: Memory - corruptions (OVERRUN)
Overrunning array """" of 1 bytes by passing it to a function which accesses it at byte offset 31 using argument "32UL".

349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) {
350 cryptInit_error = ret;
351 cryptlib_initialized = false;
352 cryptEnd();
353 asprintf(&cryptfail, "Incorrect cryptlib patch set %.32s (expected %s)", patches, CRYPTLIB_PATCHES);
354 return;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DoE8P_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCgaHhvhfxqmGN-2F2MOiNHiXAXmmE5-2BoMir72-2FKS-2B4CChPr-2B6DUEcHFnW2fJcB9K-2BLqjLkG6SOds2KKoiOogAgt4kivLp-2Bbv0MawXscaXZ6U3zKSU8zPaw8llzmAMgAx1EcIlUZ9-2Faak-2B54E1Z-2BGSHEscOAt6ClVWnKMr9zoYGJFvw-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Monday, February 05, 2024 16:39:54

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
8 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 483249: Error handling issues (CHECKED_RETURN)
/main.cpp: 3570 in sbbs_t::init()()

________________________________________________________________________________________________________
*** CID 483249: Error handling issues (CHECKED_RETURN)
/main.cpp: 3570 in sbbs_t::init()()
3564 thisnode.misc&=(NODE_EVENT|NODE_LOCK|NODE_RRUN);
3565 criterrs=thisnode.errors;
3566 putnodedat(cfg.node_num,&thisnode);
3567
3568 // remove any pending node messages
3569 safe_snprintf(str, sizeof(str), "%smsgs/n%3.3u.msg",cfg.data_dir,cfg.node_num);

CID 483249: Error handling issues (CHECKED_RETURN)
Calling "remove(str)" without checking return value. This library function may fail and return an error code.

3570 remove(str);
3571 // Delete any stale temporary files (with potentially sensitive content)
3572 delfiles(cfg.temp_dir,ALLFILES);
3573 safe_snprintf(str, sizeof(str), "%sMSGTMP", cfg.node_dir);
3574 removecase(str);
3575 safe_snprintf(str, sizeof(str), "%sQUOTES.TXT", cfg.node_dir);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DuxM4_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDlWnKXqUo4ko-2BswZDnU0KThZlBPhv1kFyIVU6rRp9K48otOTA5WQm5qg8o-2FY8FDqYkPfgDhKOyoUIQMv1mPwAY7yKStOAqjn6xloHvMgh0mRG0DJXpuxyIOkTyi2gGZzdoTshBDw9gCNjiMqTW3IeGxtntX-2B4oBRMrCvut8dx1Kg-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wednesday, February 07, 2024 16:48:34

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 486181: (RESOURCE_LEAK)
/js_bbs.cpp: 1730 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()
/js_bbs.cpp: 1732 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()

________________________________________________________________________________________________________
*** CID 486181: (RESOURCE_LEAK)
/js_bbs.cpp: 1730 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()
1724 if (instr == NULL)
1725 return JS_FALSE;
1726
1727 if(JSVAL_IS_OBJECT(argv[1]) && !JSVAL_IS_NULL(argv[1])) {
1728 JSObject* hdrobj;
1729 if((hdrobj = JSVAL_TO_OBJECT(argv[1])) == NULL)

CID 486181: (RESOURCE_LEAK)
Variable "instr" going out of scope leaks the storage it points to. 1730 return JS_FALSE;

1731 if(!js_GetMsgHeaderObjectPrivates(cx, hdrobj, /* smb_t: */NULL, &msg, /* post: */NULL))
1732 return JS_FALSE;
1733 }
1734
1735 rc = JS_SUSPENDREQUEST(cx);
/js_bbs.cpp: 1732 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()
1726
1727 if(JSVAL_IS_OBJECT(argv[1]) && !JSVAL_IS_NULL(argv[1])) {
1728 JSObject* hdrobj;
1729 if((hdrobj = JSVAL_TO_OBJECT(argv[1])) == NULL)
1730 return JS_FALSE;
1731 if(!js_GetMsgHeaderObjectPrivates(cx, hdrobj, /* smb_t: */NULL, &msg, /* post: */NULL))

CID 486181: (RESOURCE_LEAK)
Variable "instr" going out of scope leaks the storage it points to. 1732 return JS_FALSE;

1733 }
1734
1735 rc = JS_SUSPENDREQUEST(cx);
1736 sbbs->expand_atcodes(instr, result, sizeof result, msg);
1737 free(instr);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DmylI_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDXJXQdHoPdhvgvF0Vb847O95f-2F78EIoUagepOVq0LGxVFLDoLOCCiMG-2Fo4JxZOKwjHbMnoOXJKKkCjtFcCkE7VRLhxJ-2FNLJW4jwAN0Jl-2F3no6moASPMez-2F6bxuKm8Qy55QwIHngsrpIdU6tJlGz6f2tQot6J2A4fn-2FWICSVomHTA-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Friday, February 09, 2024 16:39:53

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 486276: (USE_AFTER_FREE)
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()

________________________________________________________________________________________________________
*** CID 486276: (USE_AFTER_FREE)
/tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
1372 break;
1373 case XP_PRINTF_TYPE_SIZET:
1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
1375 break;
1376 }
1377 if(next==NULL) {

CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);

1379 return(NULL);
1380 }
1381 working=next;
1382 }
1383 next=xp_asprintf_end(working, NULL);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DIHvH_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCP2NMkGTJz9ej0zbFZSaut2su5O4d-2FdeN5YNfhO3vr5iN7SLkyWMmA-2BkVBoBNMCMtjp4F5UOP3BhPg-2B0yHPx-2BA66plmcHqc3TbhObiquLp-2FeS-2BJifVzCXGlHdvyg4PHEaoR6LUO7c-2FqTSbtEkku9P0EYfxZeeo5KgjMqT4aVuFYw-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wednesday, February 14, 2024 16:40:33

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 486477: Error handling issues (CHECKED_RETURN)
/writemsg.cpp: 416 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()

________________________________________________________________________________________________________
*** CID 486477: Error handling issues (CHECKED_RETURN)
/writemsg.cpp: 416 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
410 free(buf);
411 return(false);
412 }
413 if(!i && linesquoted)
414 break;
415 if(!i || quote[0]==all_key()) { /* Quote all */

CID 486477: Error handling issues (CHECKED_RETURN)
Calling "fseek(stream, l, 0)" without checking return value. This library function may fail and return an error code.

416 fseek(stream,l,SEEK_SET);
417 while(!feof(stream) && !ferror(stream)) {
418 if(!fgets(str,sizeof(str),stream))
419 break;
420 quotestr(str);
421 SAFEPRINTF2(tmp,quote_fmt,cols-4,str);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D2gqt_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDyBxF-2BuedSB2oLaNTy6psp3Cor4F0rz-2B4SwaIkEVyFE7FwRjEukPY43bM1L1Hi7YMYgyrb0V1krz3N47RLZR8GIqMuk2Z3RqE2OO4o9y0KvmmLDJLp5jbtMBebo-2FmfheUw1RP41SRg-2FK16Oi1OoUubPmh6iPKTPVX1V81t13b6sA-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Friday, February 16, 2024 16:40:21

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 486496: (CHECKED_RETURN)
/writemsg.cpp: 382 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 344 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()

________________________________________________________________________________________________________
*** CID 486496: (CHECKED_RETURN)
/writemsg.cpp: 382 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
376
377 else if(useron_xedit && cfg.xedit[useron_xedit-1]->misc&QUOTENONE)
378 ;
379
380 else if(yesno(text[QuoteMessageQ])) {
381 if(!fexist(quotes_fname(useron_xedit, path, sizeof(path))))

CID 486496: (CHECKED_RETURN)
Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 130 times).

382 fexistcase(path);
383 if((stream=fnopen(&file,path,O_RDONLY))==NULL) {
384 errormsg(WHERE,ERR_OPEN,path,O_RDONLY); 385 free(buf);
386 return(false);
387 }
/writemsg.cpp: 344 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
338 && cfg.sub[subnum]->misc&SUB_QUOTE))) {
339
340 /* Quote entire message to MSGTMP or INPUT.MSG */
341
342 if(useron_xedit && cfg.xedit[useron_xedit-1]->misc&QUOTEALL) {
343 if(!fexist(quotes_fname(useron_xedit, path, sizeof(path))))

CID 486496: (CHECKED_RETURN)
Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 130 times).

344 fexistcase(path);
345 if((stream=fnopen(NULL,path,O_RDONLY))==NULL) { 346 errormsg(WHERE,ERR_OPEN,path,O_RDONLY); 347 free(buf);
348 return(false);
349 }

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dzn-5_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDPrVkNTVRB68tnZKkkXRCkPUT71LTHn8QopE1tYVp-2FX-2Br08qA1yywGwU3c4MVrlWG-2BFbxw1q-2Fo2e8fear09VrdxSTaZYVAh-2F7Xjhpabc-2Bcxm1n9Xbtacc4z9BZManLJqZ02pp-2F9yM96t7IgwLb1rxOxJKJoizd1NnBghDuRAiDsQ-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wednesday, February 21, 2024 16:39:50

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 486966: Memory - illegal accesses (RETURN_LOCAL) /tmp/sbbs-Feb-21-2024/src/xpdev/ini_file.c: 1073 in iniGetSString()

________________________________________________________________________________________________________
*** CID 486966: Memory - illegal accesses (RETURN_LOCAL) /tmp/sbbs-Feb-21-2024/src/xpdev/ini_file.c: 1073 in iniGetSString()
1067 size_t pos;
1068
1069 ret = iniGetString(list, section, key, deflt, fval);
1070 if (ret == NULL)
1071 return ret;
1072 if (ret == deflt)

CID 486966: Memory - illegal accesses (RETURN_LOCAL)
Returning pointer "ret" which points to local variable "fval".

1073 return ret;
1074 if (sz < 1 || value == NULL)
1075 return value;
1076 for (pos = 0; ret[pos]; pos++) {
1077 if (pos == sz - 1)
1078 break;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DCYsZ_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrB1fCECxNjHKDEt971XvCYyugWw34HvI84c7ZyY-2BmycHBmh3Jr1qZj7bY0gisTp5UvajQDEP9IZaQTdaMfzHs9DaKL5izWrIdkGSbov-2BkvcK5JM0MeIsMOKIH6vPln5vf0C7XQzN4AL02tzLGZGEYX2inJEOXX8A46m4M4faN8zLQ-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Saturday, February 24, 2024 16:40:32

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 486983: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Feb-24-2024/src/conio/bitmap_con.c: 503 in get_full_rectangle_locked()

________________________________________________________________________________________________________
*** CID 486983: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Feb-24-2024/src/conio/bitmap_con.c: 503 in get_full_rectangle_locked()
497 {
498 struct rectlist *rect;
499 size_t sz = screen->screenwidth * screen->screenheight;
500 size_t pos;
501
502 // TODO: Some sort of caching here would make things faster...? >>> CID 486983: Concurrent data access violations (MISSING_LOCK)

Accessing "callbacks.drawrect" without holding lock "bitmap_callbacks.lock". Elsewhere, "bitmap_callbacks.drawrect" is written to with "bitmap_callbacks.lock" held 1 out of 1 times (1 of these accesses strongly imply that it is necessary).

503 if(callbacks.drawrect) {
504 rect = alloc_full_rect(screen, true);
505 if (!rect)
506 return rect;
507 for (pos = 0; pos < sz; pos++)
508 rect->data[pos] = color_value(screen->rect->data[pos]);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D8c0G_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAVcLrFKXhsSDRaqja0Q4G60ZIIHvAxvJ-2BFLnRXVDcep-2B1SeryMCXp8nrAo0L5iDlIM3xJ7X0g6QrD0mlxK5meH-2BBJ37jGt-2F-2BR0SSgqyC1ybNJHz3XT2-2F11T7UEUt5-2FUqhSnT2Rs5NZnjzJIv-2Bf3-2BxbnrqOl4LZRHeRWkBYW2FZNw-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tuesday, February 27, 2024 16:40:04

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 487089: High impact quality (Y2K38_SAFETY)
/logout.cpp: 97 in sbbs_t::logout(bool)()

________________________________________________________________________________________________________
*** CID 487089: High impact quality (Y2K38_SAFETY)
/logout.cpp: 97 in sbbs_t::logout(bool)()
91 delfiles(cfg.temp_dir,ALLFILES);
92 if(sys_status&SS_USERON) { // Insures the useron actually went through logon()/getmsgptrs() first
93 putmsgptrs();
94 }
95 if(!REALSYSOP)
96 logofflist();

CID 487089: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".

97 useron.laston=(time32_t)now;
98
99 ttoday=useron.ttoday-useron.textra; /* billable time used prev calls */
100 if(ttoday>=cfg.level_timeperday[useron.level])
101 i=0;
102 else

** CID 487088: Error handling issues (CHECKED_RETURN)
/logout.cpp: 89 in sbbs_t::logout(bool)()

________________________________________________________________________________________________________
*** CID 487088: Error handling issues (CHECKED_RETURN)
/logout.cpp: 89 in sbbs_t::logout(bool)()
83 if(cfg.logout_mod[0]) {
84 lprintf(LOG_DEBUG, "executing logout module: %s", cfg.logout_mod);
85 exec_bin(cfg.logout_mod,&main_csi);
86 }
87 SAFEPRINTF2(path,"%smsgs/%4.4u.msg",cfg.data_dir,useron.number);
88 if(fexistcase(path) && !flength(path)) /* remove any 0 byte message files */

CID 487088: Error handling issues (CHECKED_RETURN)
Calling "remove(path)" without checking return value. This library function may fail and return an error code.

89 remove(path);
90
91 delfiles(cfg.temp_dir,ALLFILES);
92 if(sys_status&SS_USERON) { // Insures the useron actually went through logon()/getmsgptrs() first
93 putmsgptrs();
94 }

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D6w7L_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZL2KLON9c0qMM4K5aJ-2BfdThB6-2BKGg4cWLgpEPITZFj21NY7HODKa21xNCYmqB9WQ9jGdCaJ8kxZplYYP3ZpJQciN5y3k5uG3vF-2Bbjho-2FJ80W4KFTLh14Ge0YKg4KwvJQypDruDryLBwEKW1kUPhOIUyQwbpfzm3Xgxi8Wb6VLKOw-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wednesday, February 28, 2024 16:40:48

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

23 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 23 defect(s)

** CID 487180: Memory - corruptions (BUFFER_SIZE)
/sftp.cpp: 1388 in sftp_readdir(sftp_string *, void *)()

________________________________________________________________________________________________________
*** CID 487180: Memory - corruptions (BUFFER_SIZE)
/sftp.cpp: 1388 in sftp_readdir(sftp_string *, void *)()
1382 return generic_dot_entry(sbbs, dir, tmppath, &dd->info.rootdir.idx);
1383 }
1384 if (dd->info.rootdir.idx == dotdot) {
1385 if (pm->sftp_patt[1]) {
1386 char *dir = const_cast<char *>(".."); 1387 snprintf(tmppath, sizeof(tmppath) - 2 /* for dir */, pm->sftp_patt, sbbs->useron.alias);

CID 487180: Memory - corruptions (BUFFER_SIZE)
Buffer "tmppath" has a size of 4097 characters, and its string length (null character not included) is 4095 characters, leaving an available space of 2 characters. Appending "dir", whose string length (null character not included) is 2 characters, plus the null character overruns "tmppath".

1388 strcat(tmppath, dir);
1389 return generic_dot_realpath_entry(sbbs, dir, tmppath, &dd->info.rootdir.idx);
1390 }
1391 else
1392 dd->info.rootdir.idx++;
1393 }

** CID 487179: (MISSING_LOCK)
/tmp/sbbs-Feb-28-2024/src/sftp/sftp_static.h: 63 in exit_function() /tmp/sbbs-Feb-28-2024/src/sftp/sftp_static.h: 63 in exit_function()

________________________________________________________________________________________________________
*** CID 487179: (MISSING_LOCK)
/tmp/sbbs-Feb-28-2024/src/sftp/sftp_static.h: 63 in exit_function()
57 }
58
59 static bool
60 exit_function(SFTP_STATIC_TYPE state, bool retval)
61 {
62 assert(state->running > 0);

CID 487179: (MISSING_LOCK)
Accessing "state->running" without holding lock "sftp_client_state.mtx". Elsewhere, "sftp_client_state.running" is written to with "sftp_client_state.mtx" held 1 out of 2 times (1 of these accesses strongly imply that it is necessary).

63 state->running--;
64 pthread_mutex_unlock(&state->mtx);
65 return retval;
66 }
67
68 static bool
/tmp/sbbs-Feb-28-2024/src/sftp/sftp_static.h: 63 in exit_function()
57 }
58
59 static bool
60 exit_function(SFTP_STATIC_TYPE state, bool retval)
61 {
62 assert(state->running > 0);

CID 487179: (MISSING_LOCK)
Accessing "state->running" without holding lock "sftp_server_state.mtx". Elsewhere, "sftp_server_state.running" is written to with "sftp_server_state.mtx" held 1 out of 2 times (1 of these accesses strongly imply that it is necessary).

63 state->running--;
64 pthread_mutex_unlock(&state->mtx);
65 return retval;
66 }
67
68 static bool

** CID 487178: (RESOURCE_LEAK)
/tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 78 in s_open() /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 72 in s_open() /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 82 in s_open() /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 68 in s_open()

________________________________________________________________________________________________________
*** CID 487178: (RESOURCE_LEAK) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 78 in s_open()
72 return true;
73 }
74 }
75 if (!(flags & SSH_FXF_CREAT)) {
76 if (flags & SSH_FXF_TRUNC) {
77 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't truncate unless creating");

CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.

78 return true;
79 }
80 if (flags & SSH_FXF_EXCL) {
81 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't open exclisive unless creating");
82 return true;
83 }
/tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 72 in s_open()
66 if (flags & SSH_FXF_CREAT) {
67 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't create unless writing");
68 return true;
69 }
70 if (flags & SSH_FXF_APPEND) {
71 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't append unless writing");

CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.

72 return true;
73 }
74 }
75 if (!(flags & SSH_FXF_CREAT)) {
76 if (flags & SSH_FXF_TRUNC) {
77 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't truncate unless creating");
/tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 82 in s_open()
76 if (flags & SSH_FXF_TRUNC) {
77 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't truncate unless creating");
78 return true;
79 }
80 if (flags & SSH_FXF_EXCL) {
81 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't open exclisive unless creating");

CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.

82 return true;
83 }
84 }
85 attrs = sftp_getfattr(state->rxp);
86 if (attrs == NULL) {
87 free_sftp_str(fname); /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 68 in s_open()
62 if (fname == NULL)
63 return false;
64 flags = get32(state);
65 if (!(flags & SSH_FXF_WRITE)) {
66 if (flags & SSH_FXF_CREAT) {
67 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't create unless writing");

CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.

68 return true;
69 }
70 if (flags & SSH_FXF_APPEND) {
71 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't append unless writing");
72 return true;
73 }

** CID 487177: (Y2K38_SAFETY)
/sftp.cpp: 433 in homefile_attrs(sbbs_t *, const char *)()
/sftp.cpp: 433 in homefile_attrs(sbbs_t *, const char *)()

________________________________________________________________________________________________________
*** CID 487177: (Y2K38_SAFETY)
/sftp.cpp: 433 in homefile_attrs(sbbs_t *, const char *)()
427 if (attr == nullptr)
428 return nullptr;
429 sftp_fattr_set_permissions(attr, S_IFREG | S_IRWXU | S_IRUSR | S_IWUSR);
430 sftp_fattr_set_uid_gid(attr, sbbs->useron.number, users_gid); 431 sftp_fattr_set_size(attr, flength(path));
432 time_t fd = fdate(path);

CID 487177: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".

433 sftp_fattr_set_times(attr, fd, fd);
434 return attr;
435 }
436
437 static sftp_file_attr_t
438 sshkeys_attrs(sbbs_t *sbbs, const char *path)
/sftp.cpp: 433 in homefile_attrs(sbbs_t *, const char *)()
427 if (attr == nullptr)
428 return nullptr;
429 sftp_fattr_set_permissions(attr, S_IFREG | S_IRWXU | S_IRUSR | S_IWUSR);
430 sftp_fattr_set_uid_gid(attr, sbbs->useron.number, users_gid); 431 sftp_fattr_set_size(attr, flength(path));
432 time_t fd = fdate(path);

CID 487177: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".

433 sftp_fattr_set_times(attr, fd, fd);
434 return attr;
435 }
436
437 static sftp_file_attr_t
438 sshkeys_attrs(sbbs_t *sbbs, const char *path)

** CID 487176: (RESOURCE_LEAK)
/sftp.cpp: 741 in find_lib(sbbs_t *, const char *)()
/sftp.cpp: 741 in find_lib(sbbs_t *, const char *)()

________________________________________________________________________________________________________
*** CID 487176: (RESOURCE_LEAK)
/sftp.cpp: 741 in find_lib(sbbs_t *, const char *)()
735 *c = 0;
736 for (l = 0; l < sbbs->cfg.total_libs; l++) {
737 if (!can_user_access_lib(&sbbs->cfg, l, &sbbs->useron, &sbbs->client))
738 continue;
739 exp = expand_slash(sbbs->cfg.lib[l]->lname);
740 if (exp == nullptr)

CID 487176: (RESOURCE_LEAK)
Variable "p" going out of scope leaks the storage it points to.

741 return -1;
742 if (strcmp(p, exp)) {
743 free(exp);
744 continue;
745 }
746 free(exp);
/sftp.cpp: 741 in find_lib(sbbs_t *, const char *)()
735 *c = 0;
736 for (l = 0; l < sbbs->cfg.total_libs; l++) {
737 if (!can_user_access_lib(&sbbs->cfg, l, &sbbs->useron, &sbbs->client))
738 continue;
739 exp = expand_slash(sbbs->cfg.lib[l]->lname);
740 if (exp == nullptr)

CID 487176: (RESOURCE_LEAK)
Variable "p" going out of scope leaks the storage it points to.

741 return -1;
742 if (strcmp(p, exp)) {
743 free(exp);
744 continue;
745 }
746 free(exp);

** CID 487175: Resource leaks (RESOURCE_LEAK)
/sftp.cpp: 1517 in sftp_readdir(sftp_string *, void *)()

________________________________________________________________________________________________________
*** CID 487175: Resource leaks (RESOURCE_LEAK)
/sftp.cpp: 1517 in sftp_readdir(sftp_string *, void *)()
1511 }
1512 attr = get_dir_attrs(sbbs, dd->info.filebase.idx);
1513 if (attr == nullptr)
1514 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Attributes allocation failure");
1515 ename = expand_slash(sbbs->cfg.dir[dd->info.filebase.idx]->lname);
1516 if (ename == nullptr)

CID 487175: Resource leaks (RESOURCE_LEAK)
Variable "attr" going out of scope leaks the storage it points to.

1517 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "EName allocation failure");
1518 lname = get_longname(sbbs, ename, nullptr, attr);
1519 if (lname == nullptr) {
1520 free(ename);
1521 sftp_fattr_free(attr);
1522 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Longname allocation failure");

** CID 487174: Code maintainability issues (UNUSED_VALUE)
/main.cpp: 1993 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()

________________________________________________________________________________________________________
*** CID 487174: Code maintainability issues (UNUSED_VALUE)
/main.cpp: 1993 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
1987
1988 if (cid != sbbs->sftp_channel && cid != sbbs->session_channel) {
1989 lprintf(LOG_WARNING, "Node %d SSH WARNING: attempt to use channel '%s' (%d != %d or %d)"
1990 , sbbs->cfg.node_num, cname ? cname : "<unknown>", cid, sbbs->session_channel, sbbs->sftp_channel);
1991 if (cname) {
1992 free_crypt_attrstr(cname);

CID 487174: Code maintainability issues (UNUSED_VALUE)
Assigning value "NULL" to "cname" here, but that stored value is overwritten before it can be used.

1993 cname = nullptr;
1994 }
1995 if (ssname) {
1996 free_crypt_attrstr(ssname);
1997 ssname = nullptr;
1998 }

** CID 487173: Program hangs (LOCK)
/sftp.cpp: 987 in sftp_send(unsigned char *, unsigned long, void *)()

________________________________________________________________________________________________________
*** CID 487173: Program hangs (LOCK)
/sftp.cpp: 987 in sftp_send(unsigned char *, unsigned long, void *)()
981 if (sbbs->sftp_channel == -1)
982 return false;
983 while (sent < len) {
984 pthread_mutex_lock(&sbbs->ssh_mutex);
985 status = cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL, sbbs->sftp_channel);
986 if (cryptStatusError(status))

CID 487173: Program hangs (LOCK)
Returning without unlocking "sbbs->ssh_mutex".

987 return false;
988 size_t sendbytes = len - sent;
989 #define SENDBYTES_MAX 0x2000
990 if (sendbytes > SENDBYTES_MAX)
991 sendbytes = SENDBYTES_MAX;
992 status = cryptSetAttribute(sbbs->ssh_session, CRYPT_OPTION_NET_WRITETIMEOUT, 5);

** CID 487172: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
/sftp.cpp: 171 in path_map::path_map(sbbs_t *, const unsigned char *, map_path_mode)()

________________________________________________________________________________________________________
*** CID 487172: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
/sftp.cpp: 171 in path_map::path_map(sbbs_t *, const unsigned char *, map_path_mode)()
165 return;
166 }
167 this->is_static_ = false;
168 this->info.filebase.dir = -1;
169 this->info.filebase.lib = -1;
170 this->info.filebase.idx = dot;

CID 487172: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
The expression "this->sftp_path[6UL /* files_path_len */] == 0 || this->sftp_path[6UL /* files_path_len */] == 0" does not accomplish anything because it evaluates to either of its identical operands, "this->sftp_path[6UL /* files_path_len */] == 0".

171 if (this->sftp_path[files_path_len] == 0 || this->sftp_path[files_path_len] == 0) {
172 // Root...
173 result_ = MAP_TO_DIR;
174 return;
175 }
176 const char *lib = &this->sftp_path[files_path_len + 1];

** CID 487171: Insecure data handling (TAINTED_SCALAR) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_attr.c: 324 in sftp_getfattr()

________________________________________________________________________________________________________
*** CID 487171: Insecure data handling (TAINTED_SCALAR) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_attr.c: 324 in sftp_getfattr()
318 ret->atime = sftp_get32(pkt);
319 ret->mtime = sftp_get32(pkt);
320 }
321 if (ret->flags & SSH_FILEXFER_ATTR_EXTENDED) {
322 uint32_t extcnt = sftp_get32(pkt);
323 uint32_t ext;

CID 487171: Insecure data handling (TAINTED_SCALAR)
Using tainted variable "extcnt" as a loop boundary.

324 for (ext = 0; ext < extcnt; ext++) {
325 sftp_str_t type = sftp_getstring(pkt);
326 if (type == NULL)
327 break;
328 sftp_str_t data = sftp_getstring(pkt);
329 if (data == NULL) {

** CID 487170: Security best practices violations (TOCTOU)
/sftp.cpp: 1147 in sftp_open(sftp_string *, unsigned int, sftp_file_attributes *, void *)()

________________________________________________________________________________________________________
*** CID 487170: Security best practices violations (TOCTOU)
/sftp.cpp: 1147 in sftp_open(sftp_string *, unsigned int, sftp_file_attributes *, void *)()
1141 sbbs->sftp_filedes[fdidx]->dir = -1;
1142 else {
1143 sbbs->sftp_filedes[fdidx]->dir = pmap.info.filebase.dir;
1144 sbbs->sftp_filedes[fdidx]->idx_offset = pmap.info.filebase.offset;
1145 sbbs->sftp_filedes[fdidx]->idx_number = pmap.info.filebase.idx;
1146 }

CID 487170: Security best practices violations (TOCTOU)
Calling function "access" to perform check on "pmap.local_path".

1147 if (access(pmap.local_path, F_OK) != 0) {
1148 // File did not exist, and we're creating
1149 if (oflags & O_CREAT) {
1150 sbbs->sftp_filedes[fdidx]->created = true;
1151 }
1152 }

** CID 487169: Error handling issues (CHECKED_RETURN)
/sftp.cpp: 1044 in sftp_cleanup_callback(void *)()

________________________________________________________________________________________________________
*** CID 487169: Error handling issues (CHECKED_RETURN)
/sftp.cpp: 1044 in sftp_cleanup_callback(void *)()
1038
1039 for (unsigned i = 0; i < nfdes; i++) {
1040 if (sbbs->sftp_filedes[i] != nullptr) {
1041 close(sbbs->sftp_filedes[i]->fd);
1042 if (sbbs->sftp_filedes[i]->created && sbbs->sftp_filedes[i]->local_path) {
1043 // If we were uploading, delete the incomplete file

CID 487169: Error handling issues (CHECKED_RETURN)
Calling "remove(sbbs->sftp_filedes[i]->local_path)" without checking return value. This library function may fail and return an error code.

1044 remove(sbbs->sftp_filedes[i]->local_path);
1045 }
1046 free(sbbs->sftp_filedes[i]->local_path);
1047 free(sbbs->sftp_filedes[i]);
1048 sbbs->sftp_filedes[i] = nullptr;
1049 }

** CID 487168: (UNUSED_VALUE) /tmp/sbbs-Feb-28-2024/3rdp/src/cl/session/ssh2_msgsvr.c: 679 in processChannelRequest()
/tmp/sbbs-Feb-28-2024/3rdp/src/cl/session/ssh2_msgsvr.c: 691 in processChannelRequest()

________________________________________________________________________________________________________
*** CID 487168: (UNUSED_VALUE) /tmp/sbbs-Feb-28-2024/3rdp/src/cl/session/ssh2_msgsvr.c: 679 in processChannelRequest()
673 setChannelAttribute(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_WIDTH, status);
674 status = readUint32(stream);
675 if (status > 0)
676 setChannelAttribute(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT, status);
677 break;
678 case REQUEST_SHELL:

CID 487168: (UNUSED_VALUE)
Assigning value from "setChannelAttributeS(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_TYPE, "shell", 5)" to "status" here, but that stored value is overwritten before it can be used.

679 status = setChannelAttributeS( sessionInfoPtr, 680 CRYPT_SESSINFO_SSH_CHANNEL_TYPE,
681 "shell", 5 );
682 break;
683 case REQUEST_NOOP:
684 /* Generic requests containing extra information that we're not
/tmp/sbbs-Feb-28-2024/3rdp/src/cl/session/ssh2_msgsvr.c: 691 in processChannelRequest()
685 interested in */
686 break;
687
688 #ifdef USE_SSH_EXTENDED
689 case REQUEST_EXEC:
690 /* A further generic request that we're not interested in */

CID 487168: (UNUSED_VALUE)
Assigning value from "setChannelAttributeS(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_TYPE, "exec", 4)" to "status" here, but that stored value is overwritten before it can be used.

691 status = setChannelAttributeS( sessionInfoPtr, 692 CRYPT_SESSINFO_SSH_CHANNEL_TYPE,
693 "exec", 4 );
694 break;
695
696 case REQUEST_SUBSYSTEM:

** CID 487167: Program hangs (LOCK)
/main.cpp: 2048 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()

________________________________________________________________________________________________________
*** CID 487167: Program hangs (LOCK)
/main.cpp: 2048 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
2042 if (closed && sbbs->sftp_channel == -1 && sbbs->session_channel == -1)
2043 return CRYPT_ERROR_COMPLETE; 2044 }
2045 }
2046 if (ret == CRYPT_ENVELOPE_RESOURCE)
2047 return CRYPT_ERROR_TIMEOUT;

CID 487167: Program hangs (LOCK)
Returning without unlocking "sbbs->sftp_state->mtx".

2048 return ret;
2049 }
2050 return CRYPT_ERROR_TIMEOUT;
2051 }
2052
2053 void input_thread(void *arg)

** CID 487166: (CHECKED_RETURN)
/main.cpp: 2036 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)() /main.cpp: 2028 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()

________________________________________________________________________________________________________
*** CID 487166: (CHECKED_RETURN)
/main.cpp: 2036 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
2030 closed = true;
2031 }
2032 }
2033 if (sbbs->session_channel != -1) {
2034 if (!channel_open(sbbs, sbbs->session_channel)) {
2035 if (cryptStatusOK(cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL, sbbs->session_channel)))

CID 487166: (CHECKED_RETURN)
Calling "cryptSetAttribute" without checking return value (as is done elsewhere 50 out of 61 times).

2036 cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE, 0);
2037 sbbs->session_channel = -1;
2038 closed = true;
2039 }
2040 }
2041 // All channels are now closed. /main.cpp: 2028 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
2022 if (status != CRYPT_ERROR_NOTFOUND) 2023 sbbs->log_crypt_error_status_sock(status, "getting channel id");
2024 closing_channel = -1;
2025 if (sbbs->sftp_channel != -1) {
2026 if (!channel_open(sbbs, sbbs->sftp_channel)) {
2027 if (cryptStatusOK(cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL, sbbs->sftp_channel)))

CID 487166: (CHECKED_RETURN)
Calling "cryptSetAttribute" without checking return value (as is done elsewhere 50 out of 61 times).

2028 cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE, 0);
2029 sbbs->sftp_channel = -1;
2030 closed = true;
2031 }
2032 }
2033 if (sbbs->session_channel != -1) {

** CID 487165: (REVERSE_INULL)
/main.cpp: 1984 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)() /main.cpp: 1975 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()

________________________________________________________________________________________________________
*** CID 487165: (REVERSE_INULL)
/main.cpp: 1984 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
1978 if (!sftps_recv(sbbs->sftp_state, reinterpret_cast<uint8_t *>(inbuf), tgot))
1979 sbbs->sftp_end();
1980 }
1981 sbbs->sftp_channel = cid;
1982 }
1983 }

CID 487165: (REVERSE_INULL)
Null-checking "cname" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

1984 if (cname && sbbs->session_channel == -1 && strcmp(cname, "shell") == 0) {
1985 sbbs->session_channel = cid;
1986 }
1987
1988 if (cid != sbbs->sftp_channel && cid != sbbs->session_channel) {
1989 lprintf(LOG_WARNING, "Node %d SSH WARNING: attempt to use channel '%s' (%d != %d or %d)"
/main.cpp: 1975 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
1969 return status;
1970 }
1971 cname = get_crypt_attribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_TYPE);
1972 if (strcmp(cname, "subsystem") == 0) {
1973 ssname = get_crypt_attribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_ARG1);
1974 }

CID 487165: (REVERSE_INULL)
Null-checking "cname" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

1975 if (((startup->options & (BBS_OPT_ALLOW_SFTP | BBS_OPT_SSH_ANYAUTH)) == BBS_OPT_ALLOW_SFTP) && ssname && cname && sbbs->sftp_channel == -1 && strcmp(ssname, "sftp") == 0) {
1976 if (sbbs->init_sftp(cid)) {
1977 if (tgot > 0) { 1978 if (!sftps_recv(sbbs->sftp_state, reinterpret_cast<uint8_t *>(inbuf), tgot))
1979 sbbs->sftp_end();
1980 }

** CID 487164: Resource leaks (RESOURCE_LEAK)
/sftp.cpp: 1424 in sftp_readdir(sftp_string *, void *)()

________________________________________________________________________________________________________
*** CID 487164: Resource leaks (RESOURCE_LEAK)
/sftp.cpp: 1424 in sftp_readdir(sftp_string *, void *)()
1418 continue;
1419 }
1420 sprintf(tmppath, static_files[dd->info.rootdir.idx].sftp_patt, sbbs->useron.alias);
1421 remove_trailing_slash(tmppath);
1422 attr = get_attrs(sbbs, tmppath, &link);
1423 if (attr == nullptr)

CID 487164: Resource leaks (RESOURCE_LEAK)
Variable "link" going out of scope leaks the storage it points to.

1424 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Attributes allocation failure");
1425 lname = get_longname(sbbs, tmppath, link, attr);
1426 if (lname == nullptr) {
1427 sftp_fattr_free(attr);
1428 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Longname allocation failure");
1429 }

** CID 487163: Program hangs (LOCK) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 373 in sftps_recv()

________________________________________________________________________________________________________
*** CID 487163: Program hangs (LOCK) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 373 in sftps_recv()
367 if (!sftp_rx_pkt_append(&state->rxp, buf, sz))
368 return exit_function(state, false);
369 if (sftp_have_pkt_sz(state->rxp)) {
370 uint32_t psz = sftp_pkt_sz(state->rxp);
371 if (psz > SFTP_MAX_PACKET_SIZE) {
372 state->lprintf(state->cb_data, "Packet too large (%" PRIu32 " bytes)", psz);

CID 487163: Program hangs (LOCK)
Returning without unlocking "state->mtx".

373 return false;
374 }
375 }
376 while (sftp_have_full_pkt(state->rxp)) {
377 bool handled = false;
378

** CID 487162: Control flow issues (DEADCODE)
/sftp.cpp: 871 in get_attrs(sbbs_t *, const char *, char **)()

________________________________________________________________________________________________________
*** CID 487162: Control flow issues (DEADCODE)
/sftp.cpp: 871 in get_attrs(sbbs_t *, const char *, char **)()
865 else
866 ppath[0] = 0;
867 ret = pm->get_attrs(sbbs, ppath);
868 if (link && pm->link_patt) {
869 asprintf(link, pm->link_patt, sbbs->useron.alias);
870 if (link == nullptr) {

CID 487162: Control flow issues (DEADCODE)
Execution cannot reach this statement: "sftp_fattr_free(ret);".

871 sftp_fattr_free(ret);
872 ret = nullptr;
873 }
874 }
875 return ret;
876 }

** CID 487161: (Y2K38_SAFETY)
/sftp.cpp: 448 in sshkeys_attrs(sbbs_t *, const char *)()
/sftp.cpp: 448 in sshkeys_attrs(sbbs_t *, const char *)()

________________________________________________________________________________________________________
*** CID 487161: (Y2K38_SAFETY)
/sftp.cpp: 448 in sshkeys_attrs(sbbs_t *, const char *)()
442 if (attr == nullptr)
443 return nullptr;
444 sftp_fattr_set_permissions(attr, S_IFLNK | S_IRWXU | S_IRUSR | S_IWUSR);
445 sftp_fattr_set_uid_gid(attr, sbbs->useron.number, users_gid); 446 sftp_fattr_set_size(attr, flength(path));
447 time_t fd = fdate(path);

CID 487161: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".

448 sftp_fattr_set_times(attr, fd, fd);
449 return attr;
450 }
451
452 void
453 remove_trailing_slash(char *str)
/sftp.cpp: 448 in sshkeys_attrs(sbbs_t *, const char *)()
442 if (attr == nullptr)
443 return nullptr;
444 sftp_fattr_set_permissions(attr, S_IFLNK | S_IRWXU | S_IRUSR | S_IWUSR);
445 sftp_fattr_set_uid_gid(attr, sbbs->useron.number, users_gid); 446 sftp_fattr_set_size(attr, flength(path));
447 time_t fd = fdate(path);

CID 487161: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".

448 sftp_fattr_set_times(attr, fd, fd);
449 return attr;
450 }
451
452 void
453 remove_trailing_slash(char *str)

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D4ieG_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZz6Lg2xx1dh6E9z4lSXKW4n9yiZaua5LbXznpVF4MIwbp178psQJ2n-2Fpok7ErzI9IlNJTrPj-2F83NUNTOEjSUjSMYrpz0XVq0IKvzP47fjT8ZUoPS4k4FQsPlqiTS940mDZqL8H0V26aTBOs1jlgpdGUT2g7d1Ei-2FiSNIWvXxdCeA-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Friday, March 01, 2024 16:43:05

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 487600: Error handling issues (CHECKED_RETURN)
/sftp.cpp: 1625 in sftp_readdir(sftp_string *, void *)()

________________________________________________________________________________________________________
*** CID 487600: Error handling issues (CHECKED_RETURN)
/sftp.cpp: 1625 in sftp_readdir(sftp_string *, void *)()
1619 free(link);
1620 if (lname == nullptr) {
1621 sftp_fattr_free(attr);
1622 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Longname allocation failure");
1623 }
1624 vpath = getfname(tmppath);

CID 487600: Error handling issues (CHECKED_RETURN)
Calling "add_name" without checking return value (as is done elsewhere 4 out of 5 times).

1625 fn.add_name(strdup(vpath), lname, attr);
1626 }
1627 }
1628 else {
1629 if (dd->info.filebase.lib == -1) {
1630 // /files/ (ie: list of libs)

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D_Mv9_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZAvea4qFQBhPrjKB4cHy2kAbmKz1-2F0ttbXdmTqhC-2BEq7-2Bvgywi6EN0yh9ZWlpucVXNfv4OAgSDch06A-2FyZfKQuykxNA3ygHnLLNJZ-2FPbpNGcgiztSzdmC0nW0gtMv3miUCmrLhEqR-2FOP8z9BsqWg6i-2B8KyEK4CuE0E7PMo9TUvnw-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sunday, March 03, 2024 16:41:26

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 487672: Null pointer dereferences (NULL_RETURNS) /tmp/sbbs-Mar-03-2024/src/xpdev/datewrap.c: 36 in checktime()

________________________________________________________________________________________________________
*** CID 487672: Null pointer dereferences (NULL_RETURNS) /tmp/sbbs-Mar-03-2024/src/xpdev/datewrap.c: 36 in checktime()
30 struct tm gmt;
31 struct tm tm;
32
33 memset(&tm,0,sizeof(tm));
34 tm.tm_year=94;
35 tm.tm_mday=1;

CID 487672: Null pointer dereferences (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "gmtime_r(&t, &gmt)" when calling "mktime".

36 return mktime(&tm) - mktime(gmtime_r(&t,&gmt));
37 }
38
39 /* Compensates for struct tm "weirdness" */
40 time_t sane_mktime(struct tm* tm)
41 {

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D-9vV_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbdS62iBETJxCjfqof1M6S95WSy-2FViK1FGVTyAQx6ozqlGvN9awUs6gtEF2eXLxZfTJjLLUyT0fwRFvEc99-2BOQhjAl2O2TUGD1ycgVDsPOsObe7L7LzV-2FFPKXyVz9z9YuZdACZlhk3hv8V4jfGont8ig4eUY-2FGqtqgGqZWYwmWkLQ-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tuesday, March 19, 2024 16:22:45

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 488122: Concurrent data access violations (MISSING_LOCK)
/websrvr.c: 6243 in respond()

________________________________________________________________________________________________________
*** CID 488122: Concurrent data access violations (MISSING_LOCK)
/websrvr.c: 6243 in respond()
6237 ,session->socket, session->client.protocol, session->client.addr, session->req.physical_path
6238 ,session->req.range_start,session->req.range_end, content_length);
6239 else
6240 lprintf(LOG_INFO,"%04d %s [%s] Sending file: %s (%"PRIdOFF" bytes)"
6241 ,session->socket, session->client.protocol, session->client.addr, session->req.physical_path, content_length);
6242 snt=sock_sendfile(session,session->req.physical_path,session->req.range_start,session->req.range_end);

CID 488122: Concurrent data access violations (MISSING_LOCK)
Accessing "session->send_failed" without holding lock "http_session_t.outbuf_write". Elsewhere, "http_session_t.send_failed" is written to with "http_session_t.outbuf_write" held 1 out of 1 times.

6243 if(!session->send_failed) {
6244 if(session->req.ld!=NULL) {
6245 if(snt<0)
6246 snt=0;
6247 session->req.ld->size=snt;
6248 }

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DmHtV_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbYwk4stqvOulAQyfb9Qz7UqXa-2FyYiLNtJQLdPQNB0BbrubVIHVqt8wbwLmHsBUJon6PC9sbncKQ-2BAxsdRHbzS8LHKyt8nQ5XXM7E400tls6CE8QTOmeO-2BbTPMyH95TYfYCuXcmmWIuH-2F2U7WSDFD5czc7Rvy8hX-2BZbhm7O5DgwmQ-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Saturday, March 23, 2024 15:40:16

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

5 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)

** CID 488309: Memory - illegal accesses (STRING_NULL)

________________________________________________________________________________________________________
*** CID 488309: Memory - illegal accesses (STRING_NULL)
/str.cpp: 344 in sbbs_t::sif(char *, char *, int)()
338 m+=2;
339 for(l=m;l<length;l++)
340 if(buf[l]=='"') {
341 buf[l]=0;
342 break;
343 }

CID 488309: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "(char *)buf + m" to "getkeys", which expects a null-terminated string.

344 answers[a++]=(char)getkeys((char *)buf+m,0);
345 }
346 else {
347 answers[a]=getkey(mode);
348 outchar(answers[a++]);
349 attr(LIGHTGRAY);

** CID 488308: (STRING_NULL)

________________________________________________________________________________________________________
*** CID 488308: (STRING_NULL)
/sbbsecho.c: 3666 in getzpt()
3660 faddr=atofaddr(buf+i+6);
3661 hdr->destzone=faddr.zone;
3662 hdr->destnet=faddr.net;
3663 hdr->destnode=faddr.node;
3664 i+=6;
3665 while(buf[i] && buf[i]!=' ') i++;

CID 488308: (STRING_NULL)
Passing unterminated string "buf + i + 1" to "atofaddr", which expects a null-terminated string.

3666 faddr=atofaddr(buf+i+1);
3667 hdr->origzone=faddr.zone;
3668 hdr->orignet=faddr.net;
3669 hdr->orignode=faddr.node;
3670 intl_found = true;
3671 }
/sbbsecho.c: 3660 in getzpt()
3654 if((!i || cr) && buf[i]==CTRL_A) { /* kludge */ 3655 if(!strncmp(buf+i+1,"TOPT ",5))
3656 hdr->destpoint=atoi(buf+i+6);
3657 else if(!strncmp(buf+i+1,"FMPT ",5))
3658 hdr->origpoint=atoi(buf+i+6);
3659 else if(!strncmp(buf+i+1,"INTL ",5)) {

CID 488308: (STRING_NULL)
Passing unterminated string "buf + i + 6" to "atofaddr", which expects a null-terminated string.

3660 faddr=atofaddr(buf+i+6);
3661 hdr->destzone=faddr.zone;
3662 hdr->destnet=faddr.net;
3663 hdr->destnode=faddr.node;
3664 i+=6;
3665 while(buf[i] && buf[i]!=' ') i++;

** CID 488307: Memory - illegal accesses (STRING_NULL)

________________________________________________________________________________________________________
*** CID 488307: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Mar-23-2024/src/smblib/smblib.c: 1085 in smb_getmsghdr()
1079 !=(size_t)msg->hfield[i].length) {
1080 safe_snprintf(smb->last_error,sizeof(smb->last_error)
1081 ,"%s reading header (#%d) field data (%d bytes)", __FUNCTION__, (int)i, (int)msg->hfield[i].length);
1082 smb_freemsgmem(msg);
1083 return(SMB_ERR_READ);
1084 }

CID 488307: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "msg->hfield_dat[i]" to "set_convenience_ptr", which expects a null-terminated string.

1085 set_convenience_ptr(msg,msg->hfield[i].type,msg->hfield[i].length,msg->hfield_dat[i]);
1086
1087 l+=msg->hfield[i].length;
1088 }
1089
1090 /* These convenience pointers must point to something */

** CID 488306: (STRING_NULL)
/sauce.c: 60 in sauce_fread_charinfo()
/sauce.c: 62 in sauce_fread_charinfo()
/sauce.c: 59 in sauce_fread_charinfo()
/sauce.c: 61 in sauce_fread_charinfo()

________________________________________________________________________________________________________
*** CID 488306: (STRING_NULL)
/sauce.c: 60 in sauce_fread_charinfo()
54
55 if(type != NULL)
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));
59 SAFECOPY(info->title, record.title); truncsp(info->title);

CID 488306: (STRING_NULL)
Passing unterminated string "record.author" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

60 SAFECOPY(info->author, record.author); truncsp(info->author); 61 SAFECOPY(info->group, record.group); truncsp(info->group);
62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
65 switch(record.filetype) {
/sauce.c: 62 in sauce_fread_charinfo()
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));
59 SAFECOPY(info->title, record.title); truncsp(info->title);
60 SAFECOPY(info->author, record.author); truncsp(info->author); 61 SAFECOPY(info->group, record.group); truncsp(info->group);

CID 488306: (STRING_NULL)
Passing unterminated string "record.date" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
65 switch(record.filetype) {
66 case sauce_char_filetype_ascii:
67 case sauce_char_filetype_ansi:
/sauce.c: 59 in sauce_fread_charinfo()
53 return false;
54
55 if(type != NULL)
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));

CID 488306: (STRING_NULL)
Passing unterminated string "record.title" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

59 SAFECOPY(info->title, record.title); truncsp(info->title);
60 SAFECOPY(info->author, record.author); truncsp(info->author); 61 SAFECOPY(info->group, record.group); truncsp(info->group);
62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
/sauce.c: 61 in sauce_fread_charinfo()
55 if(type != NULL)
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));
59 SAFECOPY(info->title, record.title); truncsp(info->title);
60 SAFECOPY(info->author, record.author); truncsp(info->author); >>> CID 488306: (STRING_NULL)

Passing unterminated string "record.group" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

61 SAFECOPY(info->group, record.group); truncsp(info->group);
62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
65 switch(record.filetype) {
66 case sauce_char_filetype_ascii:

** CID 488305: Memory - corruptions (STRING_OVERFLOW)
/uedit/uedit.c: 1908 in main()

________________________________________________________________________________________________________
*** CID 488305: Memory - corruptions (STRING_OVERFLOW)
/uedit/uedit.c: 1908 in main()
1902
1903 sbbs_get_ini_fname(ini_file, ctrl_dir);
1904
1905 /* Initialize BBS startup structure */
1906 memset(&bbs_startup,0,sizeof(bbs_startup));
1907 bbs_startup.size=sizeof(bbs_startup);

CID 488305: Memory - corruptions (STRING_OVERFLOW)
You might overrun the 1024-character destination string "bbs_startup.ctrl_dir" by writing 4097 characters from "ctrl_dir".

1908 strcpy(bbs_startup.ctrl_dir,ctrl_dir);
1909
1910 /* Read .ini file here */
1911 if(ini_file[0]!=0 && (fp=fopen(ini_file,"r"))!=NULL) {
1912 printf("Reading %s\n",ini_file);
1913 /* We call this function to set defaults, even if there's no .ini file */

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DTnRX_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQaEw-2F35bzGVOVw-2BfAgK10nKBe2EaCuOVThBtA4zmIf-2FH6jtPrg8CF4KIxfGxqbWYZGzK5dEjEeJjcG-2FZFDV9g6z-2BKMwuy3tSgd6XVj6QkX-2FbE7goOVxulE2g8b9eGhrdwq7nNngW7QJqRO3KLACCgsN-2Bn56lb9VdBetusZbl3sfvQ-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Saturday, April 06, 2024 16:32:05

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 492209: High impact quality (Y2K38_SAFETY)
/js_system.c: 2698 in js_system_resolve()

________________________________________________________________________________________________________
*** CID 492209: High impact quality (Y2K38_SAFETY)
/js_system.c: 2698 in js_system_resolve()
2692 LAZY_INTEGER("version_hex", VERSION_HEX);
2693
2694 /* Git repo details */
2695 LAZY_STRING("git_branch", git_branch);
2696 LAZY_STRING("git_hash", git_hash);
2697 LAZY_STRING("git_date", git_date);

CID 492209: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "git_time" is cast to "uint32".

2698 LAZY_INTEGER("git_time", git_time);
2699
2700 LAZY_STRING("platform", PLATFORM_DESC);
2701 LAZY_STRING("architecture", ARCHITECTURE_DESC);
2702 LAZY_STRFUNC("msgbase_lib", sprintf(str,"SMBLIB %s",smb_lib_ver()), str);
2703 LAZY_STRFUNC("compiled_with", DESCRIBE_COMPILER(str), str);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DSh4N_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQaN8mnibgm8pDR-2F-2Bbe3f8EPEDiLDxICRbQfwsS-2Fj8I1S6oBPCdVVfNCUqkg9CbPMpOrc11Ju1i-2FZKGsMzQGZ93UZziuSMITFnGZKSuUqmlzwhD3piRfCu-2FFg3Xzyb2Yn1CDiKvT9pNBRM-2BVi7M2skqdIOXzqcGfoVNCwcEXj-2BCEWA-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tuesday, April 09, 2024 16:19:43

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 492287: Error handling issues (CHECKED_RETURN)
/main.cpp: 4472 in node_thread(void *)()

________________________________________________________________________________________________________
*** CID 492287: Error handling issues (CHECKED_RETURN)
/main.cpp: 4472 in node_thread(void *)()
4466 }
4467 SAFEPRINTF2(str,"%s%s.bin",sbbs->cfg.mods_dir
4468 ,sbbs->cfg.shell[sbbs->useron.shell]->code);
4469 if(sbbs->cfg.mods_dir[0]==0 || !fexistcase(str)) {
4470 SAFEPRINTF2(str,"%s%s.bin",sbbs->cfg.exec_dir
4471 ,sbbs->cfg.shell[sbbs->useron.shell]->code);

CID 492287: Error handling issues (CHECKED_RETURN)
Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 131 times).

4472 fexistcase(str);
4473 }
4474 if((file=sbbs->nopen(str,O_RDONLY))==-1) {
4475 sbbs->errormsg(WHERE,ERR_OPEN,str,O_RDONLY);
4476 sbbs->hangup();
4477 break;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DHvP9_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQagYisv-2BW69zRWxBhimCtdag5Y-2FmNQU-2F9a-2BQz99muYyDMQHaJ9IAAUHt0J4m9PdQ-2FM2LeT5-2B1UNdpeKXpgNOTn265LNUeBHOZI40IJ3EqY58uotyMvBntmOFa6NssYuPj9pyF9jsG3Ot15K77yZ8uUVZ5aWBxVVnDKUwxo1ITxjHQ-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Saturday, May 04, 2024 12:40:02

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 493283: Incorrect expression (NO_EFFECT)
/mqtt.c: 811 in mqtt_user_login_fail()

________________________________________________________________________________________________________
*** CID 493283: Incorrect expression (NO_EFFECT)
/mqtt.c: 811 in mqtt_user_login_fail()
805 if(mqtt == NULL || mqtt->cfg == NULL || client == NULL)
806 return MQTT_FAILURE;
807
808 if(!mqtt->cfg->mqtt.enabled)
809 return MQTT_SUCCESS;
810

CID 493283: Incorrect expression (NO_EFFECT)
Comparing an array to null is not useful: "client->protocol == NULL", since the test will always evaluate as true.

811 if(client->protocol == NULL || username == NULL)
812 return MQTT_FAILURE;
813 snprintf(topic, sizeof(topic), "login_fail/%s", client->protocol);
814 strlwr(topic);
815 snprintf(str, sizeof(str), "%s\t%s\t%s"
816 ,username

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DzAgs_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQadI1-2FAsWIvGn-2BZ2YIPvmhLCu-2B1HFus-2FViv7odM0blgwJlSMhW5FP3Xkis4Ci7djMxV4S-2FpyGhgUj8KAvsWeecIJ1ln5YucvZvzvyf4HPVrDO8-2FLvieqY0sywMQ-2FhJEqN8WVo9AKRxOHtw7NsNWjr9Is7xQTg-2BmQd-2BBa6Z-2BXsMiSw-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Friday, June 21, 2024 12:40:04

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 497098: Resource leaks (RESOURCE_LEAK)
/js_filebase.c: 325 in parse_file_name()

________________________________________________________________________________________________________
*** CID 497098: Resource leaks (RESOURCE_LEAK)
/js_filebase.c: 325 in parse_file_name()
319 if(JS_GetProperty(cx, obj, prop_name, &val) && !JSVAL_NULL_OR_VOID(val)) {
320 JSVALUE_TO_MSTRING(cx, val, cp, NULL);
321 if(cp == NULL) {
322 JS_ReportError(cx, "Invalid '%s' string in file object", prop_name);
323 return NULL;
324 }

CID 497098: Resource leaks (RESOURCE_LEAK)
Variable "cp" going out of scope leaks the storage it points to.

325 return strdup(cp);
326 }
327 JS_ReportError(cx, "Missing '%s' string in file object", prop_name);
328 return NULL;
329 }
330

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DxkhG_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZZtSzYzfvQoBQM1WsYtjQc02R5bvuGDasDe1R1GX8VoPvtGi-2FoTZcq6T7jcTA9OlabmiybEJFFTwaaEcFcr7cqoyBFT0Xw3AZ-2Fgf8Xxa1nSM-2FLrkQMPM2ixtLH2vUsu17Tu25sW91h9WUpwNyEySd-2F9Tw4l4H0tRZM-2Bze1SwHZwg-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Thursday, August 08, 2024 12:40:34

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 508260: Null pointer dereferences (FORWARD_NULL)

________________________________________________________________________________________________________
*** CID 508260: Null pointer dereferences (FORWARD_NULL)
/js_msgbase.c: 950 in parse_header_object()
944 msg->hdr.priority=i32;
945 }
946
947 if(JS_GetProperty(cx, hdr, "field_list", &val) && JSVAL_IS_OBJECT(val)) {
948 array=JSVAL_TO_OBJECT(val);
949 len=0;

CID 508260: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "array" to "JS_GetArrayLength", which dereferences it.

950 if(array == NULL && !JS_GetArrayLength(cx, array, &len)) {
951 JS_ReportError(cx, "Invalid \"field_list\" array in header object");
952 goto err;
953 }
954
955 for(i=0;i<len;i++) {

** CID 508259: Control flow issues (DEADCODE)
/js_internal.c: 491 in js_execfile()

________________________________________________________________________________________________________
*** CID 508259: Control flow issues (DEADCODE)
/js_internal.c: 491 in js_execfile()
485 else {
486 JS_ReportError(cx, "Unable to get parent js."JAVASCRIPT_LOAD_PATH_LIST" array.");
487 return JS_FALSE;
488 }
489 }
490 else {

CID 508259: Control flow issues (DEADCODE)
Execution cannot reach this statement: "JS_ReportError(cx, "Unable ...".

491 JS_ReportError(cx, "Unable to get parent js object"); 492 return JS_FALSE;
493 }
494
495 js_script=JS_CompileFile(cx, js_scope, path);
496

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D20ER_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZSUgE3dQnVG6wGylJBHlsQHMU-2FeSvlPG-2BveassRKfh2KZ3KQqZYMDLXz99-2FrWMwJQ1T1J2N-2BE4YP3SycyU5tkbW6rwM2zqlUIvWZrfgy3l7iQ0Im12Z6xa2F5EX6ZCGf29mh7eZnuIJTmQCiel8IOekKUKQgh0LXaZSb3gnPQHBw-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Saturday, August 10, 2024 12:40:35

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

6 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)

** CID 508288: (STRING_NULL)
/telgate.cpp: 387 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char **, char *, char *, char *)()
/telgate.cpp: 387 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char **, char *, char *, char *)()

________________________________________________________________________________________________________
*** CID 508288: (STRING_NULL)
/telgate.cpp: 387 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char **, char *, char *, char *)()
381 l=K_CHAT;
382 if(!(mode&TG_ECHO))
383 l|=K_NOECHO;
384 rd=getstr((char*)buf,sizeof(buf)-1,l);
385 if(!rd)
386 continue;

CID 508288: (STRING_NULL)
Passing unterminated string "buf" to "strlen", which expects a null-terminated string.

387 SAFECAT(buf,crlf);
388 rd+=2;
389 gotline=true;
390 }
391 if((mode&TG_CRLF) && buf[rd-1]=='\r') 392 buf[rd++]='\n';
/telgate.cpp: 387 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char **, char *, char *, char *)()
381 l=K_CHAT;
382 if(!(mode&TG_ECHO))
383 l|=K_NOECHO;
384 rd=getstr((char*)buf,sizeof(buf)-1,l);
385 if(!rd)
386 continue;

CID 508288: (STRING_NULL)
Passing unterminated string "buf" to "strlen", which expects a null-terminated string.

387 SAFECAT(buf,crlf);
388 rd+=2;
389 gotline=true;
390 }
391 if((mode&TG_CRLF) && buf[rd-1]=='\r') 392 buf[rd++]='\n';

** CID 508287: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()

________________________________________________________________________________________________________
*** CID 508287: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()
3121 size_t tmplen = 0;
3122 for(jsuint i = 0; i < count; ++i) { 3123 jsval val;
3124 if(!JS_GetElement(cx, array, i, &val))
3125 break;
3126 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508287: Resource leaks (RESOURCE_LEAK)
Variable "server_user_name" going out of scope leaks the storage it points to.

3127 HANDLE_PENDING(cx, tmp);
3128 strListPush(&send_strings, tmp);
3129 }
3130 free(tmp);
3131 }
3132 }

** CID 508286: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()

________________________________________________________________________________________________________
*** CID 508286: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()
3121 size_t tmplen = 0;
3122 for(jsuint i = 0; i < count; ++i) { 3123 jsval val;
3124 if(!JS_GetElement(cx, array, i, &val))
3125 break;
3126 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508286: Resource leaks (RESOURCE_LEAK)
Variable "addr" going out of scope leaks the storage it points to.

3127 HANDLE_PENDING(cx, tmp);
3128 strListPush(&send_strings, tmp);
3129 }
3130 free(tmp);
3131 }
3132 }

** CID 508285: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()

________________________________________________________________________________________________________
*** CID 508285: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()
3121 size_t tmplen = 0;
3122 for(jsuint i = 0; i < count; ++i) { 3123 jsval val;
3124 if(!JS_GetElement(cx, array, i, &val))
3125 break;
3126 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508285: Resource leaks (RESOURCE_LEAK)
Variable "term_type" going out of scope leaks the storage it points to. 3127 HANDLE_PENDING(cx, tmp);

3128 strListPush(&send_strings, tmp);
3129 }
3130 free(tmp);
3131 }
3132 }

** CID 508284: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3041 in js_telnet_gate(JSContext *, unsigned int, unsigned long *)()

________________________________________________________________________________________________________
*** CID 508284: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3041 in js_telnet_gate(JSContext *, unsigned int, unsigned long *)()
3035 size_t tmplen = 0;
3036 for(jsuint i = 0; i < count; ++i) {
3037 jsval val;
3038 if(!JS_GetElement(cx, array, i, &val)) 3039 break;
3040 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508284: Resource leaks (RESOURCE_LEAK)
Variable "addr" going out of scope leaks the storage it points to.

3041 HANDLE_PENDING(cx, tmp);
3042 strListPush(&send_strings, tmp);
3043 }
3044 free(tmp);
3045 ++argn;
3046 }

** CID 508283: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()

________________________________________________________________________________________________________
*** CID 508283: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()
3121 size_t tmplen = 0;
3122 for(jsuint i = 0; i < count; ++i) { 3123 jsval val;
3124 if(!JS_GetElement(cx, array, i, &val))
3125 break;
3126 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508283: Resource leaks (RESOURCE_LEAK)
Variable "client_user_name" going out of scope leaks the storage it points to.

3127 HANDLE_PENDING(cx, tmp);
3128 strListPush(&send_strings, tmp);
3129 }
3130 free(tmp);
3131 }
3132 }

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3Dbu0M_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZNG0uf3i6p71oTc15oH-2BfpO28bQfsz9QVBH3Gtyw7JI9gEMaDnmdnDolPrFN6u9WaZmPVFWjRjCPjNCgu0p853ViRUnY3jw7qF-2FmF-2FRD-2BDN3Me1aa8H00Bk6GPSZ1Hw1-2FmiCWeADspXOcpcxao-2F3gS8JgnOAEga0TIePnt023yjQ-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Saturday, September 14, 2024 12:40:31

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

5 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)

** CID 509555: Null pointer dereferences (FORWARD_NULL)
/js_filebase.c: 1307 in js_update_file()

________________________________________________________________________________________________________
*** CID 509555: Null pointer dereferences (FORWARD_NULL)
/js_filebase.c: 1307 in js_update_file()
1301 char* extdesc = NULL;
1302 char* auxdata = NULL;
1303 rc=JS_SUSPENDREQUEST(cx);
1304 if(filename != NULL && fileobj != NULL
1305 && (p->smb_result = smb_loadfile(&p->smb, filename, &file, file_detail_extdesc)) == SMB_SUCCESS) {
1306 p->smb_result = parse_file_properties(cx, fileobj, &file, &extdesc, &auxdata);

CID 509555: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "file.name" to "strcmp", which dereferences it. 1307 if(p->smb_result == SMB_SUCCESS

1308 && strcmp(filename, file.name) != 0 && smb_findfile(&p->smb, file.name, NULL) == SMB_SUCCESS) {
1309 JS_ReportError(cx, "file (%s) already exists in base", file.name);
1310 p->smb_result = SMB_DUPE_MSG;
1311 }
1312 if(p->smb_result == SMB_SUCCESS

** CID 509554: Memory - illegal accesses (STRING_NULL)
/smbutil.c: 633 in dumpindex()

________________________________________________________________________________________________________
*** CID 509554: Memory - illegal accesses (STRING_NULL)
/smbutil.c: 633 in dumpindex()
627 ,xpDate_to_isoDateStr(time_to_xpDate(idx.time), "-", tmp, sizeof(tmp)));
628 if(smb_msg_type(idx.attr) == SMB_MSG_TYPE_FILE && idxreclen == sizeof(fileidxrec_t)) {
629 fileidxrec_t fidx;
630 fseek(smb.sid_fp,((start-1L) + l) * idxreclen,SEEK_SET);
631 if(!fread(&fidx,sizeof(fidx),1,smb.sid_fp))
632 break;

CID 509554: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "fidx.name" to "printf", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

633 printf(" %02X %.*s", fidx.hash.flags, (int)sizeof(fidx.name), fidx.name);
634 }
635 printf("\n");
636 l++;
637 }
638 }

** CID 509553: Control flow issues (NESTING_INDENT_MISMATCH)
/js_filebase.c: 1335 in js_update_file()

________________________________________________________________________________________________________
*** CID 509553: Control flow issues (NESTING_INDENT_MISMATCH)
/js_filebase.c: 1335 in js_update_file()
1329 } else {
1330 if(file.extdesc != NULL)
1331 truncsp(file.extdesc);
1332 if(!readd_always && strcmp(extdesc ? extdesc : "", file.extdesc ? file.extdesc : "") == 0
1333 && strcmp(auxdata ? auxdata : "", file.auxdata ? file.auxdata : "") == 0)
1334 p->smb_result = smb_putfile(&p->smb, &file);

CID 509553: Control flow issues (NESTING_INDENT_MISMATCH)
This 'if' statement is indented to column 41, as if it were nested within the preceding parent statement, but it is not.

1335 if(p->smb_result != SMB_SUCCESS)
1336 JS_ReportError(cx, "%d writing '%s'", p->smb_result, file.name);
1337 else {
1338 if((p->smb_result = smb_removefile_by_name(&p->smb, filename)) == SMB_SUCCESS) {
1339 if(readd_always)
1340 file.hdr.when_imported.time = 0; // we want the file to appear as "new"

** CID 509552: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 244 in smb_findfile()

________________________________________________________________________________________________________
*** CID 509552: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 244 in smb_findfile()
238 if(smb_fread(smb, &fidx, sizeof(fidx), smb->sid_fp) != sizeof(fidx))
239 break;
240
241 f->idx_offset = offset++;
242
243 if(filename != NULL) {

CID 509552: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "fidx.name" to "strcasecmp", which expects a null-terminated string.

244 if(stricmp(fidx.name, fname) != 0)
245 continue;
246 f->file_idx = fidx;
247 return SMB_SUCCESS;
248 }
249

** CID 509551: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 441 in smb_removefile()

________________________________________________________________________________________________________
*** CID 509551: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 441 in smb_removefile()
435 free(fidx);
436 smb_unlocksmbhdr(smb);
437 return SMB_ERR_READ;
438 }
439 rewind(smb->sid_fp);
440 for(uint32_t i = 0; i < smb->status.total_files; i++) { >>> CID 509551: Memory - illegal accesses (STRING_NULL)

Passing unterminated string "fidx[i].name" to "strcasecmp", which expects a null-terminated string.

441 if(stricmp(fidx[i].name, fname) == 0) {
442 removed++;
443 continue;
444 }
445 if(fwrite(fidx + i, sizeof(*fidx), 1, smb->sid_fp) != 1) {
446 safe_snprintf(smb->last_error, sizeof(smb->last_error), "%s re-writing index"

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DpoPN_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZXJOgCi8IFr2wp43pRrORx9tzLYjX2Y-2FSYnzacVgdrC5ToyfEd02kRU0czfft4zgHvFTf4l2icBGvZtBDP8972Z-2BLrNSb7QqVDHjYiK23CNzZR9MLbzXh1WOITpsswqNS5z337vFuU-2BJOMvO3veuWFvtJ3Xwk9mN-2FsudyolEK5nw-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sunday, September 22, 2024 12:43:45

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
17 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 509721: Resource leaks (RESOURCE_LEAK)
/scfg/scfgmsg.c: 139 in import_msg_areas()

________________________________________________________________________________________________________
*** CID 509721: Resource leaks (RESOURCE_LEAK)
/scfg/scfgmsg.c: 139 in import_msg_areas()
133 new_sub_misc = SUB_FIDO;
134 ini = iniReadFile(stream);
135 if(ini == NULL)
136 return 0;
137 list = iniGetSectionList(ini, /* prefix: */NULL);
138 if(list == NULL)

CID 509721: Resource leaks (RESOURCE_LEAK)
Variable "ini" going out of scope leaks the storage it points to.

139 return 0;
140 break;
141 default: // EchoLists (e.g. BACKBONE.NA, badareas.lst) and AREAS.BBS
142 new_sub_misc = SUB_FIDO;
143 break;
144 }

** CID 509720: (RESOURCE_LEAK)
/logon.cpp: 670 in sbbs_t::logonstats()()
/logon.cpp: 676 in sbbs_t::logonstats()()
/logon.cpp: 649 in sbbs_t::logonstats()()
/logon.cpp: 673 in sbbs_t::logonstats()()
/logon.cpp: 682 in sbbs_t::logonstats()()

________________________________________________________________________________________________________
*** CID 509720: (RESOURCE_LEAK)
/logon.cpp: 670 in sbbs_t::logonstats()()
664 }
665 fclose_dstats(dsts);
666 }
667 }
668
669 if(cfg.node_num==0) /* called from event_thread() */

CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.

670 return(0);
671
672 if(thisnode.status==NODE_QUIET) /* Quiet users aren't counted */
673 return(0);
674
675 if(REALSYSOP && !(cfg.sys_misc&SM_SYSSTAT))
/logon.cpp: 676 in sbbs_t::logonstats()()
670 return(0);
671
672 if(thisnode.status==NODE_QUIET) /* Quiet users aren't counted */
673 return(0);
674
675 if(REALSYSOP && !(cfg.sys_misc&SM_SYSSTAT))

CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.

676 return(0);
677
678 for(i=0;i<2;i++) {
679 FILE* fp = fopen_dstats(&cfg, i ? 0 : cfg.node_num, /* for_write: */TRUE);
680 if(fp == NULL) {
681 errormsg(WHERE, ERR_OPEN, "dsts.ini", i); /logon.cpp: 649 in sbbs_t::logonstats()()
643 node.misc|=NODE_EVENT;
644 putnodedat(i,&node);
645 }
646 if((dsts = fopen_dstats(&cfg, i, /* for_write: */TRUE)) == NULL) /* doesn't have stats yet */
647 continue;
648

CID 509720: (RESOURCE_LEAK)
Overwriting "csts" in "csts = fopen_cstats(&this->cfg, i, true)" leaks the storage that "csts" points to.

649 if((csts = fopen_cstats(&cfg, i, /* for_write: */TRUE)) == NULL) {
650 fclose_dstats(dsts);
651 errormsg(WHERE, ERR_OPEN, "csts.tab", i);
652 continue;
653 }
654
/logon.cpp: 673 in sbbs_t::logonstats()()
667 }
668
669 if(cfg.node_num==0) /* called from event_thread() */
670 return(0);
671
672 if(thisnode.status==NODE_QUIET) /* Quiet users aren't counted */

CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.

673 return(0);
674
675 if(REALSYSOP && !(cfg.sys_misc&SM_SYSSTAT))
676 return(0);
677
678 for(i=0;i<2;i++) {
/logon.cpp: 682 in sbbs_t::logonstats()()
676 return(0);
677
678 for(i=0;i<2;i++) {
679 FILE* fp = fopen_dstats(&cfg, i ? 0 : cfg.node_num, /* for_write: */TRUE);
680 if(fp == NULL) {
681 errormsg(WHERE, ERR_OPEN, "dsts.ini", i);

CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.

682 return(0L);
683 }
684 if(!fread_dstats(fp, &stats)) {
685 errormsg(WHERE, ERR_READ, "dsts.ini", i);
686 } else {
687 stats.today.logons++;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D1BBg_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYPIsZP1mUIcYDXV-2BIKqJmrVInqiYU6VTjqKrshCKgIaqKtr35-2BruWgG1P-2Bg0yB-2BuAgsL8JZmDQBzw15bXNroJeqqVZoqg0VkgzqvypQVJBEoWQ3SQD0dE3jrBkw3Qa7Rc5CMTgkEjMauyB8RHdROWl9YGmjuyI0AjbW-2Fmd2yoJLA-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Saturday, October 12, 2024 12:41:05

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 510624: High impact quality (Y2K38_SAFETY)
/upload.cpp: 361 in sbbs_t::upload(int, const char *)()

________________________________________________________________________________________________________
*** CID 510624: High impact quality (Y2K38_SAFETY)
/upload.cpp: 361 in sbbs_t::upload(int, const char *)()
355 SAFEPRINTF(descbeg,text[Rated],toupper(ch));
356 }
357 if(cfg.dir[dirnum]->misc&DIR_ULDATE) {
358 now=time(NULL);
359 if(descbeg[0])
360 strcat(descbeg," ");

CID 510624: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".

361 SAFEPRINTF(str,"%s ",unixtodstr(&cfg,(time32_t)now,tmp));
362 strcat(descbeg,str);
363 }
364 if(cfg.dir[dirnum]->misc&DIR_MULT) {
365 sync();
366 if(!noyes(text[MultipleDiskQ])) {

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DIddI_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYB81ZvyCqI0cAJ-2FU5ubhxKf4JbTpohfwGahN-2FqiJqEJS3JKhfKJrRClFb390j-2Bf3IyHjOgp4TSp0v4WjJhOyS2xAdq9DkOONT15FqaUuN3dwPvrgxJQAm5MhfGSzyQr2ebowkrz6Mx39u7LNSgoa0vxPkqTzBlpznq59pGc5zgjQ-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Monday, October 28, 2024 12:49:24

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 511447: Control flow issues (DEADCODE)
/js_bbs.cpp: 2334 in js_xfer_prot_menu(JSContext *, unsigned int, unsigned long *)()

________________________________________________________________________________________________________
*** CID 511447: Control flow issues (DEADCODE)
/js_bbs.cpp: 2334 in js_xfer_prot_menu(JSContext *, unsigned int, unsigned long *)()
2328 if((sbbs=js_GetPrivate(cx, JS_THIS_OBJECT(cx, arglist)))==NULL) 2329 return(JS_FALSE);
2330
2331 if(argc > 0 && argv[0] == JSVAL_TRUE)
2332 xfer_type = XFER_BATCH_UPLOAD;
2333 if(argc > 1 && argv[1] == JSVAL_TRUE)

CID 511447: Control flow issues (DEADCODE)
Execution cannot reach the expression "XFER_BATCH_UPLOAD" inside this statement: "xfer_type = ((xfer_type == ...".

2334 xfer_type = (xfer_type == XFER_UPLOAD) ? XFER_BATCH_UPLOAD : XFER_BATCH_DOWNLOAD;
2335
2336 rc=JS_SUSPENDREQUEST(cx);
2337 sbbs->xfer_prot_menu(xfer_type, &sbbs->useron, keys, sizeof keys);
2338 JSString* js_str = JS_NewStringCopyZ(cx, keys);
2339 if(js_str == nullptr)

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DITFI_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQaq5jE-2BLt6d0xDUmd9IA4TiFW4D2c-2Fv2LVaAIklYCEHPyQvUq2Zlw7GDvJu3j8LRmS7SAP5K0MN-2FeHPuzVDlzgYGLGR7UoaRyivmdwaD-2F8GGj2SeuFl5CNmO4uJ75M69NpIJcEgiKbpoWpXeuJdzQYzNm1WuI45zNZnbxNBPzaHrg-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tuesday, October 29, 2024 12:40:42

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 511508: High impact quality (Y2K38_SAFETY)
/date_str.c: 158 in datestr()

________________________________________________________________________________________________________
*** CID 511508: High impact quality (Y2K38_SAFETY)
/date_str.c: 158 in datestr()
152 /****************************************************************************/
153 char* datestr(scfg_t* cfg, time_t t, char* str)
154 {
155 if(t == 0)
156 return "---------";
157 if(!cfg->sys_date_verbal)

CID 511508: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

158 return unixtodstr(cfg, (time32_t)t, str);
159 struct tm tm = {0};
160 if(localtime_r(&t, &tm) == NULL)
161 return "!!!!!!!!!";
162 char fmt[32] = "";
163 switch(cfg->sys_date_fmt) {

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DeIbg_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZqqLX5nOyr0GCOMCsCoPlrYhtCBBDisrUKXmOFR94rfPCeqYsaUhoG3UZ-2FYUaiUYrgUIufMTzxsRzH7-2B7zAyM4HCi34k5-2FbdZ1Kp-2FDSG9A8IDyw-2BIsKQ-2B2fNzoCls7j0N-2B7Pb2XI8MB8f5lr-2BCPTiUaqWkDFwSWHqbm0IZWY1GZQ-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wednesday, October 30, 2024 12:41:22

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 511621: High impact quality (Y2K38_SAFETY)
/str.cpp: 990 in sbbs_t::unixtodstr(long, char *)()

________________________________________________________________________________________________________
*** CID 511621: High impact quality (Y2K38_SAFETY)
/str.cpp: 990 in sbbs_t::unixtodstr(long, char *)()
984 }
985
986 char* sbbs_t::unixtodstr(time_t t, char* str)
987 {
988 if(str == nullptr)
989 str = datestr_output;

CID 511621: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

990 return ::unixtodstr(&cfg, t, str);
991 }
992
993 void sbbs_t::sys_info()
994 {
995 char tmp[128];

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DFl35_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbldReasLeT64fJgl4QpY1aZbFANNQbDPFr-2BH2HYcH1IWW1-2FtRGPtb0gVjSH-2BBqjWAK7btzMhM331mrzEXRNmqAyTftaCh3YDujP4YB-2F7PQ4EGqELNq7SpMqQKEr5kiHI5KwG1KMczjzMucZ1MepWUctNMP3lW0eqjsOrH2fBSzrg-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Saturday, November 02, 2024 12:39:34

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 512127: (Y2K38_SAFETY)
/scfg/scfgsys.c: 1367 in edit_sys_date_verbal()
/scfg/scfgsys.c: 1368 in edit_sys_date_verbal()

________________________________________________________________________________________________________
*** CID 512127: (Y2K38_SAFETY)
/scfg/scfgsys.c: 1367 in edit_sys_date_verbal()
1361
1362 int edit_sys_date_verbal(int page, int total)
1363 {
1364 int mode = WIN_SAV | WIN_MID;
1365 int i = cfg.sys_date_verbal;
1366 time_t t = time(NULL);

CID 512127: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

1367 snprintf(opt[0],MAX_OPLN,"Numeric (e.g. %s)", unixtodstr(&cfg, (time32_t)t, tmp));
1368 snprintf(opt[1],MAX_OPLN,"Verbal (e.g. %s)", verbal_datestr(&cfg, (time32_t)t, tmp));
1369 opt[2][0] = '\0';
1370 uifc.helpbuf=
1371 "`Short Date Display Format:`\n"
1372 "\n"
/scfg/scfgsys.c: 1368 in edit_sys_date_verbal()
1362 int edit_sys_date_verbal(int page, int total)
1363 {
1364 int mode = WIN_SAV | WIN_MID;
1365 int i = cfg.sys_date_verbal;
1366 time_t t = time(NULL);
1367 snprintf(opt[0],MAX_OPLN,"Numeric (e.g. %s)", unixtodstr(&cfg, (time32_t)t, tmp));

CID 512127: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

1368 snprintf(opt[1],MAX_OPLN,"Verbal (e.g. %s)", verbal_datestr(&cfg, (time32_t)t, tmp));
1369 opt[2][0] = '\0';
1370 uifc.helpbuf=
1371 "`Short Date Display Format:`\n"
1372 "\n"
1373 "If you would like short (8 character) dates to be displayed using verbal\n"

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DIT5o_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQavH6tAPUwXIDKUPRKBZGiRgKLj76Ij0uFpD4UCNwTCVen1QmVBk6yGbzTBSC2-2BxBE0GJfAoW-2B-2BWaxWl51M-2B9mp1hicInwTEKrQ8chQM9yGDR81PWtwXM-2Bq2j5YCl48NKAoGGKYo0R42EciGZugnM0LqGuohrShDzTlibesBwTavw-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sunday, November 03, 2024 13:41:00

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 514434: (NULL_RETURNS)
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 1001 in prestel_get_state()

________________________________________________________________________________________________________
*** CID 514434: (NULL_RETURNS)
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 1001 in prestel_get_state()
995 TERM_XY(&tx, &ty);
996 line = malloc(sizeof(*line) * tx);
997 prestel_new_line(cterm);
998 if (tx > 1) {
999 vmem_gettext(cterm->x, sy, cterm->x + tx - 2, sy, line);
1000 for (int i = 0; i < (tx - 1); i++) {

CID 514434: (NULL_RETURNS)
Dereferencing "line", which is known to be "NULL".

1001 uint8_t ch = line[i].ch;
1002 if (line[i].fg & 0x7F000000) {
1003 ch = (line[i].fg & 0x7F000000) >> 24; 1004 prestel_apply_ctrl(cterm, ch);
1005 }
1006 else {
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 999 in prestel_get_state()
993
994 SCR_XY(&sx, &sy);
995 TERM_XY(&tx, &ty);
996 line = malloc(sizeof(*line) * tx);
997 prestel_new_line(cterm);
998 if (tx > 1) {

CID 514434: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "line" when calling "ciolib_vmem_gettext".

999 vmem_gettext(cterm->x, sy, cterm->x + tx - 2, sy, line);
1000 for (int i = 0; i < (tx - 1); i++) {
1001 uint8_t ch = line[i].ch;
1002 if (line[i].fg & 0x7F000000) {
1003 ch = (line[i].fg & 0x7F000000) >> 24; 1004 prestel_apply_ctrl(cterm, ch);

** CID 514433: (NULL_RETURNS)
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 4990 in prestel_fix_line()

________________________________________________________________________________________________________
*** CID 514433: (NULL_RETURNS)
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 4985 in prestel_fix_line()
4979 bool fixed = false;
4980 bool fixedheight = false;
4981
4982 coord_conv_xy(cterm, CTERM_COORD_TERM, CTERM_COORD_SCREEN, &sy, &sx);
4983 ex = sx + TERM_MAXX - 1;
4984 line = malloc(sizeof(*line) * (ex - sx + 1));

CID 514433: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "line" when calling "ciolib_vmem_gettext".

4985 vmem_gettext(sx, sy, ex, sy, line);
4986 prestel_new_line(cterm);
4987 for (int i = 0; i < TERM_MAXX; i++) {
4988 uint8_t ch;
4989 // Go through the line applying attributes, held mosaics, etc.
4990 if (line[i].fg & 0x7F000000) { /tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 5098 in prestel_fix_line()
5092 line[i].ch += 64;
5093 fixed = true;
5094 }
5095 }
5096 }
5097 if (force || fixed)

CID 514433: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "line" when calling "ciolib_vmem_puttext".

5098 vmem_puttext(sx, sy, ex, sy, line);
5099 free(line);
5100 if (restore) {
5101 cterm->extattr = extattr;
5102 cterm->fg_color = fg_color;
5103 cterm->bg_color = bg_color; /tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 4990 in prestel_fix_line()
4984 line = malloc(sizeof(*line) * (ex - sx + 1));
4985 vmem_gettext(sx, sy, ex, sy, line);
4986 prestel_new_line(cterm);
4987 for (int i = 0; i < TERM_MAXX; i++) {
4988 uint8_t ch;
4989 // Go through the line applying attributes, held mosaics, etc.

CID 514433: (NULL_RETURNS)
Dereferencing "line", which is known to be "NULL".

4990 if (line[i].fg & 0x7F000000) {
4991 // This is a control character
4992 ch = (line[i].fg & 0x7F000000) >> 24;
4993 prestel_apply_ctrl_before(cterm, ch);
4994 if ((cterm->extattr & CTERM_EXTATTR_PRESTEL_DOUBLE_HEIGHT) && ((line[i].bg & 0x01000000) == 0)) {
4995 // Should be double-high

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DIdOQ_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbN8RSzLdCZbSy14N5iWP9J-2FcpNjQ0eI2Oj6rPhHqZBQZA4UM9PchXs94tTdeyxdvCkcPzkWohEpzrEBvlrnd6-2FTfmIpMAsE2mi-2BdkX8vzesYff-2FsK9jSFcjEXcYS-2Fxznm-2FxoYdKxCkLPJPKyAUp9zwS3A1OhpfjMprQ34Tb-2BWdhw-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Monday, November 04, 2024 13:40:33

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 514483: API usage errors (PRINTF_ARGS)

________________________________________________________________________________________________________
*** CID 514483: API usage errors (PRINTF_ARGS)
/websrvr.c: 1659 in http_logon()
1653 SAFECOPY(session->user.modem, session->client.protocol);
1654 SAFECOPY(session->user.comp, session->host_name);
1655 SAFECOPY(session->user.ipaddr, session->host_ip);
1656 session->user.logontime = (time32_t)session->logon_time;
1657 int result = putuserdat(&scfg, &session->user);
1658 if(result != 0)

CID 514483: API usage errors (PRINTF_ARGS)
No argument for format specifier "%d".

1659 lprintf(LOG_ERR, "%04d %s [%s] <%s> !Error %d writing user data for user #%d"
1660 ,session->socket, session->client.protocol, session->host_ip
1661 ,session->username, session->user.number);
1662
1663 }
1664 SAFECOPY(session->client.user, session->username);

** CID 514482: API usage errors (PW.TOO_FEW_PRINTF_ARGS)
/websrvr.c: 1661 in ()

________________________________________________________________________________________________________
*** CID 514482: API usage errors (PW.TOO_FEW_PRINTF_ARGS)
/websrvr.c: 1661 in ()
1655 SAFECOPY(session->user.ipaddr, session->host_ip);
1656 session->user.logontime = (time32_t)session->logon_time;
1657 int result = putuserdat(&scfg, &session->user);
1658 if(result != 0)
1659 lprintf(LOG_ERR, "%04d %s [%s] <%s> !Error %d writing user data for user #%d"
1660 ,session->socket, session->client.protocol, session->host_ip

CID 514482: API usage errors (PW.TOO_FEW_PRINTF_ARGS)
the format string requires additional arguments

1661 ,session->username, session->user.number);
1662
1663 }
1664 SAFECOPY(session->client.user, session->username);
1665 session->client.usernum = session->user.number;
1666 client_on(session->socket, &session->client, /* update existing client record? */true);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DjGNe_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZrw1ACipL81Cfrev1KTkNSpg9ocZGsXxFU4AldvxV89V-2FFS8Im4F3ZlIWKiU1IgZ7U6FnHvW5nOIPElnOgDye48Et-2FcrMwNOZVyWRSzqRdvKvjv7tIxk-2BD72e1fmIEEOvn4SDov1pv-2FzEWSevpHegP3dEU8oXtKIA8RNAEjZ1XUg-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tuesday, November 05, 2024 13:40:05

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 514519: (LOCK)
/main.cpp: 4849 in sbbs_t::daily_maint()()
/main.cpp: 4849 in sbbs_t::daily_maint()()

________________________________________________________________________________________________________
*** CID 514519: (LOCK)
/main.cpp: 4849 in sbbs_t::daily_maint()()
4843 lprintf(result ? LOG_ERR : LOG_INFO, "Daily event: '%s' returned %d", cmd, result);
4844 }
4845 if((sys_status & SS_NEW_MONTH) && cfg.sys_monthly[0]) {
4846 lputs(LOG_INFO, "DAILY: Running monthly event");
4847 const char* cmd = cmdstr(cfg.sys_monthly,nulstr,nulstr,NULL);
4848 online = ON_LOCAL;

CID 514519: (LOCK)
"external" unlocks "this->input_thread_mutex" while it is unlocked. 4849 int result = external(cmd, EX_OFFLINE);

4850 online = false;
4851 lprintf(result ? LOG_ERR : LOG_INFO, "Monthly event: '%s' returned %d", cmd, result);
4852 }
4853 lputs(LOG_INFO, "DAILY: System maintenance ended");
4854 sys_status&=~SS_DAILY;
/main.cpp: 4849 in sbbs_t::daily_maint()()
4843 lprintf(result ? LOG_ERR : LOG_INFO, "Daily event: '%s' returned %d", cmd, result);
4844 }
4845 if((sys_status & SS_NEW_MONTH) && cfg.sys_monthly[0]) {
4846 lputs(LOG_INFO, "DAILY: Running monthly event");
4847 const char* cmd = cmdstr(cfg.sys_monthly,nulstr,nulstr,NULL);
4848 online = ON_LOCAL;

CID 514519: (LOCK)
"external" locks "this->input_thread_mutex" while it is locked.

4849 int result = external(cmd, EX_OFFLINE);
4850 online = false;
4851 lprintf(result ? LOG_ERR : LOG_INFO, "Monthly event: '%s' returned %d", cmd, result);
4852 }
4853 lputs(LOG_INFO, "DAILY: System maintenance ended");
4854 sys_status&=~SS_DAILY;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DmVJv_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZYt7Pe-2B8KlpNPxf3vYfbGXTetKrkOysaWsLoXwVVJy-2BlT3vWHLSa-2F-2BgpVoMRk-2FB9lZhpdNOATgKKch-2FKRWKdw7CGPsa8-2BoRGvrYP8DjPqUmQVJXsmXD2xm4gPlAPoQOpnW8tWCZcdj7lp745Fp7QOqFvNAcU4EQLHiapc9wQpj6A-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sunday, November 10, 2024 14:42:03

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 514629: API usage errors (PW.PRINTF_ARG_MISMATCH) /tmp/sbbs-Nov-10-2024/src/smblib/smblib.c: 298 in ()

________________________________________________________________________________________________________
*** CID 514629: API usage errors (PW.PRINTF_ARG_MISMATCH) /tmp/sbbs-Nov-10-2024/src/smblib/smblib.c: 298 in ()
292 else
293 if(time(NULL)-start>=(time_t)smb->retry_time) 294 break;
295 ++count;
296 SLEEP((count / 10) * smb->retry_delay);
297 }

CID 514629: API usage errors (PW.PRINTF_ARG_MISMATCH)
argument is incompatible with corresponding format string conversion (expected type "int" but argument has type "long")

298 safe_snprintf(smb->last_error,sizeof(smb->last_error),"%s timeout locking message base after %d seconds", __FUNCTION__, time(NULL) - start);
299 return(SMB_ERR_TIMEOUT);
300 }
301
302 /****************************************************************************/
303 /* Read the SMB header from the header file and place into smb.status */

** CID 514628: API usage errors (PRINTF_ARGS)

________________________________________________________________________________________________________
*** CID 514628: API usage errors (PRINTF_ARGS) /tmp/sbbs-Nov-10-2024/src/smblib/smblib.c: 298 in smb_locksmbhdr()
292 else
293 if(time(NULL)-start>=(time_t)smb->retry_time) 294 break;
295 ++count;
296 SLEEP((count / 10) * smb->retry_delay);
297 }

CID 514628: API usage errors (PRINTF_ARGS)
Argument "time(NULL) - start" to format specifier "%d" was expected to have type "int" but has type "long".

298 safe_snprintf(smb->last_error,sizeof(smb->last_error),"%s timeout locking message base after %d seconds", __FUNCTION__, time(NULL) - start);
299 return(SMB_ERR_TIMEOUT);
300 }
301
302 /****************************************************************************/
303 /* Read the SMB header from the header file and place into smb.status */

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D04SY_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbRNqpwvGc4zcZ5uKeIndhuSqNnxi4ZbqnqhqxxcEUjkJJHGyGkBZt6V7UXUX2xnB2lvPBmqBCBxBghPzBYV7kJY89l3F0Je2EKuh7lbcH1Ki5248pEoplbC6UdQ14IH1AzZ-2BYu06Kjq-2F-2BS7xugvit0MheMfmyl63WZ-2BGQqWv04fA-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Monday, November 11, 2024 14:28:43

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 514647: Resource leaks (RESOURCE_LEAK)
/userdat.c: 1397 in getnodeext()

________________________________________________________________________________________________________
*** CID 514647: Resource leaks (RESOURCE_LEAK)
/userdat.c: 1397 in getnodeext()
1391 {
1392 int f;
1393
1394 if(!VALID_CFG(cfg) || num < 1)
1395 return "";
1396 if((f = opennodeext(cfg)) < 1)

CID 514647: Resource leaks (RESOURCE_LEAK)
Handle variable "f" going out of scope leaks the handle.

1397 return "";
1398 (void)lseek(f, (num-1) * 128, SEEK_SET);
1399 if(read(f, buf, 128) != 128)
1400 memset(buf, 0, 128);
1401 close(f);
1402 buf[127] = 0;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DNrRS_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZ3ELp6fsbhc-2FY9mD5Zp1-2FoSxtPMVY9W2gQFqb-2BWiMKBXb3R551uQj1an4L8jxHGCtVzJ8f8hTy9TuLVRQzLD3L1M-2FICoSbiZvQ-2FUBPSeV-2BCcsclK4jYNyukSMcGAKOr-2BtLQBr5jUdpUtVX-2FuxQBKwF4hNcUqyrDA8X7YI-2FfcIZtw-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tuesday, November 19, 2024 13:40:34

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 515048: Security best practices violations (SECURE_TEMP)
/sbbsecho.c: 1848 in add_areas_from_echolists()

________________________________________________________________________________________________________
*** CID 515048: Security best practices violations (SECURE_TEMP)
/sbbsecho.c: 1848 in add_areas_from_echolists()
1842 match=0;
1843 for(k=0; cfg.listcfg[j].keys[k] ;k++) {
1844 if(match) break;
1845 for(x=0; nodecfg->keys[x] ;x++) {
1846 if(!stricmp(cfg.listcfg[j].keys[k]
1847 ,nodecfg->keys[x])) {

CID 515048: Security best practices violations (SECURE_TEMP)
"tmpfile" creates files with predictable names, which is unsafe.

1848 if((fwdfile=tmpfile())==NULL) { 1849 lprintf(LOG_ERR,"ERROR line %d opening forward temp "
1850 "file",__LINE__);
1851 match=1;
1852 break;
1853 }

** CID 515047: Control flow issues (NO_EFFECT)
/sbbsecho.c: 1635 in alter_areas_ini()

________________________________________________________________________________________________________
*** CID 515047: Control flow issues (NO_EFFECT)
/sbbsecho.c: 1635 in alter_areas_ini()
1629 continue;
1630 }
1631 }
1632 if(add_area[0] != NULL) { /* Check for areas to add */
1633 bool add_all = (stricmp(add_area[0], "+ALL") == 0);
1634 j = strListFind(add_area, echotag, /* case-sensitive */false);

CID 515047: Control flow issues (NO_EFFECT)
This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "j >= 0U".

1635 if(add_all || j >= 0) {
1636 if(j >= 0)
1637 add_area[j][0]=0; /* So we can check other lists */
1638 uint areanum = find_area(echotag);
1639 if(!area_is_valid(areanum)) {
1640 lprintf(LOG_ERR, "Invalid area num on line %d", __LINE__);

** CID 515046: Error handling issues (CHECKED_RETURN)
/sbbsecho.c: 1989 in alter_areas()

________________________________________________________________________________________________________
*** CID 515046: Error handling issues (CHECKED_RETURN)
/sbbsecho.c: 1989 in alter_areas()
1983 ,smb_faddrtoa(&addr,NULL), (ulong)added, cfg.areafile);
1984 if(deleted)
1985 lprintf(LOG_DEBUG, "AreaFix (for %s) Removed links to %lu areas in %s"
1986 ,smb_faddrtoa(&addr,NULL), (ulong)deleted, cfg.areafile);
1987 if(added || deleted) {
1988 if(stat(cfg.areafile, &st) == 0)

CID 515046: Error handling issues (CHECKED_RETURN)
Calling "chmod(outpath, st.st_mode)" without checking return value. This library function may fail and return an error code.

1989 chmod(outpath, st.st_mode);
1990 if(cfg.areafile_backups == 0 || !backup(cfg.areafile, cfg.areafile_backups, /* ren: */TRUE))
1991 delfile(cfg.areafile, __LINE__); /* Delete AREAS.BBS */
1992 if(rename(outpath,cfg.areafile)) /* Rename new AREAS.BBS file */
1993 lprintf(LOG_ERR,"ERROR line %d renaming %s to %s",__LINE__,outpath,cfg.areafile);
1994 }

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D1jSz_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbxEcP2FV-2FE8SZ4Zj-2B5i-2FvXMBc1u-2B9IyI73gYzjnV6pIIbqC2pGfKYB3KXIl7XZEKXLdLz8vi8-2BwsF6O91kuZqV1ShM13vaTkO37J3VV7GT6YwOX288v8WtwpdrdHMhRE2EqIozgp1HMSE07wuarfyxBLAND56oVPlNda7IFeLuFA-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Thursday, November 21, 2024 13:54:30

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 515063: Security best practices violations (SECURE_TEMP)
/sbbsecho.c: 2142 in areamgr_command()

________________________________________________________________________________________________________
*** CID 515063: Security best practices violations (SECURE_TEMP)
/sbbsecho.c: 2142 in areamgr_command()
2136 nodecfg->archive = SBBSECHO_ARCHIVE_NONE;
2137 else {
2138 for(u=0;u<cfg.arcdefs;u++)
2139 if(stricmp(p,cfg.arcdef[u].name) == 0) 2140 break;
2141 if(u==cfg.arcdefs) {

CID 515063: Security best practices violations (SECURE_TEMP)
"tmpfile" creates files with predictable names, which is unsafe.

2142 if((tmpf=tmpfile())==NULL) {
2143 lprintf(LOG_ERR,"ERROR line %d opening tmpfile()",__LINE__);
2144 return false;
2145 }
2146 SAFEPRINTF(str, "Compression type unavailable: %s", p);
2147 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DGoz1_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYHiJRuOAYx4mtSc3Rs7eY9P2HGERsO3Ui1TozxvEl3HSa54-2BxmZuyJa4rdPvK8KqeFliWPJD252StMkW9mo-2B6uT2KWq9YxJqegr2CCurq6i8coJamUQEMyVcyknmxOhR1KJArkVSLfkYq8-2BmPn9fVdieJLgwrSG692S4HB3dKfZQ-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sunday, November 24, 2024 15:11:51

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 515130: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-24-2024/src/conio/sdl_con.c: 357 in sdl_get_bounds()

________________________________________________________________________________________________________
*** CID 515130: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Nov-24-2024/src/conio/sdl_con.c: 357 in sdl_get_bounds()
351 SDL_Rect r;
352 int ABUw, ABUh;
353 int pixelw, pixelh;
354
355 if (sdl.GetDisplayUsableBounds(0, &r) != 0)
356 return false;

CID 515130: Concurrent data access violations (MISSING_LOCK)
Accessing "win" without holding lock "win_mutex". Elsewhere, "win" is written to with "win_mutex" held 1 out of 1 times.

357 sdl.GetWindowSize(win, &ABUw, &ABUh);
358 sdl.GetWindowSizeInPixels(win, &pixelw, &pixelh);
359 if (pixelw == 0 || pixelh == 0 || ABUw == 0 || ABUh == 0) {
360 *w = r.w;
361 *h = r.h;
362 return true;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D_t4Q_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYVVBXfFUuA-2FsWyQ5uMS5ufMK7jgOcJ6VIupDH54bwQZq7SuxKbKUjUqnKiK9OnXbOb5gfXyBtjeI0-2BrMXfePEiZJ6tllUVEkd4WCimYeBdVV8tZ-2FZWYZleIzw9Ex3-2BGpSI29JxK7ySTVVle557znXI2HDyHti8hj8D3RvYxamaIw-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Monday, December 02, 2024 13:42:27

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

14 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 14 of 14 defect(s)

** CID 515601: Program hangs (LOCK)
/js_bbs.cpp: 3400 in js_get_node_message(JSContext *, unsigned int, unsigned long *)()

________________________________________________________________________________________________________
*** CID 515601: Program hangs (LOCK)
/js_bbs.cpp: 3400 in js_get_node_message(JSContext *, unsigned int, unsigned long *)()
3394 clearline = JSVAL_TO_BOOLEAN(argv[0]);
3395
3396 rc=JS_SUSPENDREQUEST(cx);
3397 sbbs->getnmsg(clearline ? true : false);
3398 JS_RESUMEREQUEST(cx, rc);
3399

CID 515601: Program hangs (LOCK)
Returning without unlocking "sbbs->nodefile_mutex".

3400 return(JS_TRUE);
3401 }
3402
3403 static JSBool
3404 js_put_node_message(JSContext *cx, uintN argc, jsval *arglist)
3405 {

** CID 515600: Error handling issues (CHECKED_RETURN)
/download.cpp: 367 in sbbs_t::seqwait(unsigned int)()

________________________________________________________________________________________________________
*** CID 515600: Error handling issues (CHECKED_RETURN)
/download.cpp: 367 in sbbs_t::seqwait(unsigned int)()
361
362 if(!devnum)
363 return;
364 for(start=now=time(NULL);online && now-start<90;now=time(NULL)) {
365 if(msgabort()) /* max wait ^^^^ sec */
366 break;

CID 515600: Error handling issues (CHECKED_RETURN)
Calling "getnodedat" without checking return value (as is done elsewhere 52 out of 59 times).

367 getnodedat(cfg.node_num,&thisnode,true); /* open and lock this record */
368 for(i=1;i<=cfg.sys_nodes;i++) {
369 if(i==cfg.node_num) continue;
370 if(getnodedat(i,&node, true)) {
371 if((node.status==NODE_INUSE || node.status==NODE_QUIET)
372 && node.action==NODE_RFSD && node.aux==devnum) {

** CID 515599: Concurrent data access violations (MISSING_LOCK)
/putnode.cpp: 108 in sbbs_t::unlocknodedat(unsigned int)()

________________________________________________________________________________________________________
*** CID 515599: Concurrent data access violations (MISSING_LOCK) /putnode.cpp: 108 in sbbs_t::unlocknodedat(unsigned int)()
102 errormsg(WHERE, ERR_CHK, "node number", number);
103 return false;
104 }
105 int result = unlock(nodefile, (number - 1) * sizeof(node_t), sizeof(node_t));
106 if(cfg.node_misc & NM_CLOSENODEDAB) {
107 close(nodefile);

CID 515599: Concurrent data access violations (MISSING_LOCK)
Accessing "this->nodefile" without holding lock "sbbs_t.nodefile_mutex". Elsewhere, "sbbs_t.nodefile" is written to with "sbbs_t.nodefile_mutex" held 4 out of 5 times.

108 nodefile = -1;
109 }
110 pthread_mutex_unlock(&nodefile_mutex);
111 return result == 0;
112 }
113

** CID 515598: (SLEEP)

________________________________________________________________________________________________________
*** CID 515598: (SLEEP)
/getnode.cpp: 268 in sbbs_t::getnmsg(bool)()
262 buf[length]=0;
263
264 if(clearline)
265 this->clearline();
266 else if(column)
267 CRLF;

CID 515598: (SLEEP)
Call to "putmsg" might sleep while holding lock "this->nodefile_mutex". 268 putmsg(buf,P_NOATCODES);

269 free(buf);
270
271 return retval == 0;
272 }
273
/getnode.cpp: 265 in sbbs_t::getnmsg(bool)()
259 }
260 int retval = chsize(file,0L);
261 close(file);
262 buf[length]=0;
263
264 if(clearline)

CID 515598: (SLEEP)
Call to "clearline" might sleep while holding lock "this->nodefile_mutex".

265 this->clearline();
266 else if(column)
267 CRLF;
268 putmsg(buf,P_NOATCODES);
269 free(buf);
270

** CID 515597: Program hangs (LOCK)
/main.cpp: 2243 in input_thread(void *)()

________________________________________________________________________________________________________
*** CID 515597: Program hangs (LOCK)
/main.cpp: 2243 in input_thread(void *)()
2237 }
2238 else
2239 #endif
2240 rd = recv(sock, (char*)inbuf, rd, 0);
2241
2242 if(pthread_mutex_unlock(&sbbs->input_thread_mutex)!=0) >>> CID 515597: Program hangs (LOCK)

"errormsg" locks "sbbs->nodefile_mutex" while it is locked.

2243 sbbs->errormsg(WHERE,ERR_UNLOCK,"input_thread_mutex",0);
2244
2245 if (rd == 0 && !socket_recvdone(sock, 0))
2246 continue;
2247
2248 if(rd == SOCKET_ERROR)

** CID 515596: Program hangs (LOCK)
/logfile.cpp: 331 in sbbs_t::errormsg(int, const char *, const char *, const char *, const char *, int, const char *)()

________________________________________________________________________________________________________
*** CID 515596: Program hangs (LOCK)
/logfile.cpp: 331 in sbbs_t::errormsg(int, const char *, const char *, const char *, const char *, int, const char *)()
325 fprintf(logfile_fp,"!! %s%s", str, log_line_ending); 326 logcol=1;
327 fflush(logfile_fp);
328 }
329
330 errormsg_inside=false;

CID 515596: Program hangs (LOCK)
Returning without unlocking "this->nodefile_mutex".

331 }
332
333 /****************************************************************************/
334 /* Open a log file for append, supporting log rotation based on size */
335 /****************************************************************************/
336 extern "C" FILE* fopenlog(scfg_t* cfg, const char* path)

** CID 515595: Program hangs (LOCK)
/main.cpp: 4335 in sbbs_t::logoffstats()()

________________________________________________________________________________________________________
*** CID 515595: Program hangs (LOCK)
/main.cpp: 4335 in sbbs_t::logoffstats()()
4329
4330 for(i=0;i<2;i++) {
4331 FILE* fp = fopen_dstats(&cfg, i ? 0 : cfg.node_num, /* for_write: */true);
4332 if(fp == NULL)
4333 continue;
4334 if(!fread_dstats(fp, &stats)) {

CID 515595: Program hangs (LOCK)
"errormsg" locks "this->nodefile_mutex" while it is locked.

4335 errormsg(WHERE, ERR_READ, "dsts.ini", i);
4336 } else {
4337 stats.total.timeon += minutes_used;
4338 stats.today.timeon += minutes_used;
4339 if(!fwrite_dstats(fp, &stats, __FUNCTION__)) 4340 errormsg(WHERE, ERR_WRITE, "dsts.ini", i);

** CID 515594: (SLEEP)

________________________________________________________________________________________________________
*** CID 515594: (SLEEP)
/main.cpp: 4649 in sbbs_t::daily_maint()()
4643 backup(str,cfg.user_backup_level,false);
4644 }
4645
4646 if(cfg.mail_backup_level) {
4647 lputs(LOG_INFO,"DAILY: Backing-up mail data...");
4648 smb_t mail;

CID 515594: (SLEEP)
Call to "smb_open_sub" might sleep while holding lock "this->nodefile_mutex".

4649 int result = smb_open_sub(&cfg, &mail, INVALID_SUB); 4650 if(result != SMB_SUCCESS)
4651 lprintf(LOG_ERR, "ERROR %d (%s) opening mail base", result, mail.last_error);
4652 else {
4653 result = smb_lock(&mail);
4654 if(result != SMB_SUCCESS)
/main.cpp: 4778 in sbbs_t::daily_maint()()
4772 closeuserdat(userfile);
4773
4774 lputs(LOG_INFO,"DAILY: Purging deleted/expired e-mail");
4775 SAFEPRINTF(smb.file,"%smail",cfg.data_dir);
4776 smb.retry_time=cfg.smb_retry_time;
4777 smb.subnum=INVALID_SUB;

CID 515594: (SLEEP)
Call to "smb_open" might sleep while holding lock "this->nodefile_mutex".

4778 if((i=smb_open(&smb))!=0)
4779 errormsg(WHERE,ERR_OPEN,smb.file,i,smb.last_error); 4780 else {
4781 if(filelength(fileno(smb.shd_fp))>0) {
4782 if((i=smb_locksmbhdr(&smb))!=0)
4783 errormsg(WHERE,ERR_LOCK,smb.file,i,smb.last_error);

** CID 515593: (LOCK)
/getnode.cpp: 258 in sbbs_t::getnmsg(bool)()
/getnode.cpp: 252 in sbbs_t::getnmsg(bool)()
/getnode.cpp: 242 in sbbs_t::getnmsg(bool)()
/getnode.cpp: 271 in sbbs_t::getnmsg(bool)()
/getnode.cpp: 237 in sbbs_t::getnmsg(bool)()
/getnode.cpp: 247 in sbbs_t::getnmsg(bool)()

________________________________________________________________________________________________________
*** CID 515593: (LOCK)
/getnode.cpp: 258 in sbbs_t::getnmsg(bool)()
252 return false;
253 }
254 if(read(file,buf,length)!=length) {
255 close(file);
256 free(buf);
257 errormsg(WHERE,ERR_READ,str,length);

CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".

258 return false;
259 }
260 int retval = chsize(file,0L);
261 close(file);
262 buf[length]=0;
263
/getnode.cpp: 252 in sbbs_t::getnmsg(bool)()
246 close(file);
247 return true;
248 }
249 if((buf=(char *)malloc(length+1))==NULL) {
250 close(file);
251 errormsg(WHERE,ERR_ALLOC,str,length+1);

CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".

252 return false;
253 }
254 if(read(file,buf,length)!=length) {
255 close(file);
256 free(buf);
257 errormsg(WHERE,ERR_READ,str,length);
/getnode.cpp: 242 in sbbs_t::getnmsg(bool)()
236 if(flength(str)<1L)
237 return true;
238 if((file=nopen(str,O_RDWR))==-1) {
239 /**
240 errormsg(WHERE,ERR_OPEN,str,O_RDWR);
241 **/

CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".

242 return false;
243 }
244 length=(long)filelength(file);
245 if(length <= 0) {
246 close(file);
247 return true;
/getnode.cpp: 271 in sbbs_t::getnmsg(bool)()
265 this->clearline();
266 else if(column)
267 CRLF;
268 putmsg(buf,P_NOATCODES);
269 free(buf);
270

CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".

271 return retval == 0;
272 }
273
274 /****************************************************************************/
275 /* 'ext' must be at least 128 bytes! */
276 /****************************************************************************/
/getnode.cpp: 237 in sbbs_t::getnmsg(bool)()
231 thisnode.misc&=~NODE_NMSG; /* clear the NMSG flag */
232 putnodedat(cfg.node_num,&thisnode);
233 }
234
235 SAFEPRINTF2(str,"%smsgs/n%3.3u.msg",cfg.data_dir,cfg.node_num); 236 if(flength(str)<1L)

CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".

237 return true;
238 if((file=nopen(str,O_RDWR))==-1) {
239 /**
240 errormsg(WHERE,ERR_OPEN,str,O_RDWR);
241 **/
242 return false;
/getnode.cpp: 247 in sbbs_t::getnmsg(bool)()
241 **/
242 return false;
243 }
244 length=(long)filelength(file);
245 if(length <= 0) {
246 close(file);

CID 515593: (LOCK)
Returning without unlocking "this->nodefile_mutex".

247 return true;
248 }
249 if((buf=(char *)malloc(length+1))==NULL) {
250 close(file);
251 errormsg(WHERE,ERR_ALLOC,str,length+1);
252 return false;

** CID 515592: (SLEEP)

________________________________________________________________________________________________________
*** CID 515592: (SLEEP)
/getnode.cpp: 162 in sbbs_t::nodesync(bool)()
156 thisnode.misc&=~NODE_UDAT;
157 putnodedat(cfg.node_num,&thisnode);
158 }
159 }
160 if(!(sys_status&SS_MOFF)) {
161 if(thisnode.misc&NODE_MSGW)

CID 515592: (SLEEP)
Call to "getsmsg" might sleep while holding lock "this->nodefile_mutex".

162 getsmsg(useron.number, clearline); /* getsmsg clears MSGW flag */
163 if(thisnode.misc&NODE_NMSG)
164 getnmsg(clearline); /* getnmsg clears NMSG flag */
165 }
166 }
167
/getnode.cpp: 174 in sbbs_t::nodesync(bool)()
168 if(cfg.sync_mod[0])
169 exec_bin(cfg.sync_mod,&main_csi);
170
171 if(thisnode.misc&NODE_INTR) {
172 bputs(text[NodeLocked]);
173 logline(LOG_NOTICE,nulstr,"Interrupted");

CID 515592: (SLEEP)
Call to "hangup" might sleep while holding lock "this->nodefile_mutex". 174 hangup();

175 nodesync_inside=0;
176 return;
177 }
178
179 if(thisnode.misc&NODE_LCHAT) { // pulled into local chat with sysop
/getnode.cpp: 164 in sbbs_t::nodesync(bool)()
158 }
159 }
160 if(!(sys_status&SS_MOFF)) {
161 if(thisnode.misc&NODE_MSGW)
162 getsmsg(useron.number, clearline); /* getsmsg clears MSGW flag */
163 if(thisnode.misc&NODE_NMSG)

CID 515592: (SLEEP)
Call to "getnmsg" might sleep while holding lock "this->nodefile_mutex".

164 getnmsg(clearline); /* getnmsg clears NMSG flag */
165 }
166 }
167
168 if(cfg.sync_mod[0])
169 exec_bin(cfg.sync_mod,&main_csi);
/getnode.cpp: 211 in sbbs_t::nodesync(bool)()
205 }
206
207 if(sys_status&SS_USERON && online && (timeleft/60)<(5-timeleft_warn)
208 && !SYSOP) {
209 timeleft_warn=5-(timeleft/60);
210 if(!(sys_status&SS_MOFF)) {

CID 515592: (SLEEP)
Call to "attr" might sleep while holding lock "this->nodefile_mutex". 211 attr(LIGHTGRAY);

212 bprintf(text[OnlyXminutesLeft]
213 ,((ushort)timeleft/60)+1,(timeleft/60) ? "s" : nulstr);
214 }
215 }
216
/getnode.cpp: 217 in sbbs_t::nodesync(bool)()
211 attr(LIGHTGRAY);
212 bprintf(text[OnlyXminutesLeft]
213 ,((ushort)timeleft/60)+1,(timeleft/60) ? "s" : nulstr);
214 }
215 }
216

CID 515592: (SLEEP)
Call to "attr" might sleep while holding lock "this->nodefile_mutex". 217 attr(atr); /* replace original attributes */

218 nodesync_inside=0;
219 }
220
221 /****************************************************************************/
222 /* Prints short messages waiting for this node, if any... */
/getnode.cpp: 181 in sbbs_t::nodesync(bool)()
175 nodesync_inside=0;
176 return;
177 }
178
179 if(thisnode.misc&NODE_LCHAT) { // pulled into local chat with sysop
180 saveline();

CID 515592: (SLEEP)
Call to "privchat" might sleep while holding lock "this->nodefile_mutex".

181 privchat(true);
182 restoreline();
183 }
184
185 if(thisnode.misc&NODE_FCHAT) { // forced into private chat
186 int n = getpagingnode(&cfg);
/getnode.cpp: 182 in sbbs_t::nodesync(bool)()
176 return;
177 }
178
179 if(thisnode.misc&NODE_LCHAT) { // pulled into local chat with sysop
180 saveline();
181 privchat(true);

CID 515592: (SLEEP)
Call to "restoreline" might sleep while holding lock "this->nodefile_mutex".

182 restoreline();
183 }
184
185 if(thisnode.misc&NODE_FCHAT) { // forced into private chat
186 int n = getpagingnode(&cfg);
187 if(n) {
/getnode.cpp: 197 in sbbs_t::nodesync(bool)()
191 action = save_action;
192 restoreline();
193 }
194 if(getnodedat(cfg.node_num, &thisnode, true)) {
195 thisnode.action = action;
196 thisnode.misc &= ~NODE_FCHAT;

CID 515592: (SLEEP)
Call to "putnodedat" might sleep while holding lock "this->nodefile_mutex".

197 putnodedat(cfg.node_num, &thisnode);
198 }
199 }
200
201 if(sys_status&SS_USERON && memcmp(&nodesync_user,&useron,sizeof(user_t))) {
202 getusrdirs();

** CID 515591: (LOCK)
/getnode.cpp: 219 in sbbs_t::nodesync(bool)()
/getnode.cpp: 157 in sbbs_t::nodesync(bool)()

________________________________________________________________________________________________________
*** CID 515591: (LOCK)
/getnode.cpp: 219 in sbbs_t::nodesync(bool)()
213 ,((ushort)timeleft/60)+1,(timeleft/60) ? "s" : nulstr);
214 }
215 }
216
217 attr(atr); /* replace original attributes */
218 nodesync_inside=0;

CID 515591: (LOCK)
Returning without unlocking "this->nodefile_mutex".

219 }
220
221 /****************************************************************************/
222 /* Prints short messages waiting for this node, if any... */
223 /****************************************************************************/
224 bool sbbs_t::getnmsg(bool clearline)
/getnode.cpp: 164 in sbbs_t::nodesync(bool)()
158 }
159 }
160 if(!(sys_status&SS_MOFF)) {
161 if(thisnode.misc&NODE_MSGW)
162 getsmsg(useron.number, clearline); /* getsmsg clears MSGW flag */
163 if(thisnode.misc&NODE_NMSG)

CID 515591: (LOCK)
"getnmsg" locks "this->nodefile_mutex" while it is locked.

164 getnmsg(clearline); /* getnmsg clears NMSG flag */
165 }
166 }
167
168 if(cfg.sync_mod[0])
169 exec_bin(cfg.sync_mod,&main_csi);
/getnode.cpp: 197 in sbbs_t::nodesync(bool)()
191 action = save_action;
192 restoreline();
193 }
194 if(getnodedat(cfg.node_num, &thisnode, true)) {
195 thisnode.action = action;
196 thisnode.misc &= ~NODE_FCHAT;

CID 515591: (LOCK)
"putnodedat" locks "this->nodefile_mutex" while it is locked.

197 putnodedat(cfg.node_num, &thisnode);
198 }
199 }
200
201 if(sys_status&SS_USERON && memcmp(&nodesync_user,&useron,sizeof(user_t))) {
202 getusrdirs();
/getnode.cpp: 157 in sbbs_t::nodesync(bool)()
151 }
152 }
153 if(thisnode.misc&NODE_UDAT && !(useron.rest&FLAG('G'))) { /* not guest */
154 getuserdat(&cfg, &useron);
155 if(getnodedat(cfg.node_num,&thisnode, true)) { 156 thisnode.misc&=~NODE_UDAT;

CID 515591: (LOCK)
"putnodedat" locks "this->nodefile_mutex" while it is locked.

157 putnodedat(cfg.node_num,&thisnode);
158 }
159 }
160 if(!(sys_status&SS_MOFF)) {
161 if(thisnode.misc&NODE_MSGW)
162 getsmsg(useron.number, clearline); /* getsmsg clears MSGW flag */

** CID 515590: (LOCK)
/un_qwk.cpp: 94 in sbbs_t::unpack_qwk(char *, unsigned int)()
/un_qwk.cpp: 123 in sbbs_t::unpack_qwk(char *, unsigned int)()

________________________________________________________________________________________________________
*** CID 515590: (LOCK)
/un_qwk.cpp: 94 in sbbs_t::unpack_qwk(char *, unsigned int)()
88 lprintf(LOG_ERR, "libarchive error %ld (%s) extracting %s", file_count, error, packet);
89 if(*cfg.qhub[hubnum]->unpack == '\0')
90 return false;
91 i=external(cmdstr(cfg.qhub[hubnum]->unpack,packet,ALLFILES,NULL),EX_OFFLINE);
92 if(i) {
93 errormsg(WHERE,ERR_EXEC,cmdstr(cfg.qhub[hubnum]->unpack,packet,ALLFILES,NULL),i);

CID 515590: (LOCK)
Returning without unlocking "this->input_thread_mutex".

94 return(false);
95 }
96 }
97 SAFEPRINTF(str,"%sMESSAGES.DAT",cfg.temp_dir);
98 if(!fexistcase(str)) {
99 lprintf(LOG_WARNING,"%s doesn't contain MESSAGES.DAT (%s)",packet,str);
/un_qwk.cpp: 123 in sbbs_t::unpack_qwk(char *, unsigned int)()
117 remove(fname);
118 }
119 SAFEPRINTF(fname, "%sVOTING.DAT", cfg.temp_dir);
120 if(fexistcase(fname)) {
121 lprintf(LOG_DEBUG, "Reading %s", fname);
122 if((fp=fopen(fname,"r")) == NULL)

CID 515590: (LOCK)
"errormsg" locks "this->nodefile_mutex" while it is locked.

123 errormsg(WHERE,ERR_OPEN,fname,O_RDONLY);
124 else {
125 voting=iniReadFile(fp);
126 fclose(fp);
127 }
128 remove(fname);

** CID 515589: Error handling issues (CHECKED_RETURN)
/logon.cpp: 124 in sbbs_t::logon()()

________________________________________________________________________________________________________
*** CID 515589: Error handling issues (CHECKED_RETURN)
/logon.cpp: 124 in sbbs_t::logon()()
118 ,useron.number,useron.alias);
119 logline(LOG_NOTICE,"+!",str);
120 hangup();
121 return(false);
122 }
123 if(yesno(text[RemoveNodeLockQ])) {

CID 515589: Error handling issues (CHECKED_RETURN)
Calling "getnodedat" without checking return value (as is done elsewhere 52 out of 59 times).

124 getnodedat(cfg.node_num,&thisnode, true);
125 logline("S-","Removed Node Lock");
126 thisnode.misc&=~NODE_LOCK;
127 }
128 else
129 getnodedat(cfg.node_num,&thisnode, true);

** CID 515588: (SLEEP)
/main.cpp: 3450 in event_thread(void *)()
/main.cpp: 3272 in event_thread(void *)()

________________________________________________________________________________________________________
*** CID 515588: (SLEEP)
/main.cpp: 3277 in event_thread(void *)()
3271 while(!sbbs->terminated) {
3272 mswait(1000); 3273 now=time(NULL); 3274 if(now-start>10 && now-lastnodechk<10)
3275 continue;
3276 for(j=first_node;j<=last_node;j++) {

CID 515588: (SLEEP)
Call to "getnodedat" might sleep while holding lock "sbbs->nodefile_mutex".

3277 if(!sbbs->getnodedat(j,&node, true))
3278 continue;
3279 if(node.status==NODE_WFC)
3280 node.status=NODE_EVENT_LIMBO;
3281 node.aux=sbbs->cfg.event[i]->node;
3282 sbbs->putnodedat(j,&node);
/main.cpp: 3450 in event_thread(void *)()
3444 }
3445 }
3446 }
3447 }
3448 }
3449 sbbs->event_code = nulstr;

CID 515588: (SLEEP)
Call to "nanosleep" might sleep while holding lock "sbbs->nodefile_mutex".

3450 mswait(1000);
3451 }
3452 sbbs->cfg.node_num=0;
3453 sbbs->useron.number = 0;
3454 sbbs->js_cleanup();
3455
/main.cpp: 3373 in event_thread(void *)()
3367 && (sbbs->cfg.event[i]->node<first_node || sbbs->cfg.event[i]->node>last_node)) {
3368 sbbs->lprintf(LOG_NOTICE,"Changing node status for nodes %d through %d to WFC"
3369 ,first_node,last_node); 3370 sbbs->cfg.event[i]->last=(time32_t)now;
3371 for(j=first_node;j<=last_node;j++) {
3372 node.status=NODE_INVALID_STATUS;

CID 515588: (SLEEP)
Call to "getnodedat" might sleep while holding lock "sbbs->nodefile_mutex".

3373 if(!sbbs->getnodedat(j,&node, true))
3374 continue;
3375 node.status=NODE_WFC; 3376 sbbs->putnodedat(j,&node);
3377 }
3378 }
/main.cpp: 3413 in event_thread(void *)()
3407 cmd = sbbs->cmdstr(cmd, nulstr, sbbs->cfg.event[i]->dir, NULL);
3408 sbbs->lprintf(LOG_INFO,"Running %s%stimed event: %s"
3409 ,native_executable(&sbbs->cfg, cmd, ex_mode) ? "native ":"16-bit DOS "
3410 ,(ex_mode&EX_BG) ? "background ":""
3411 ,cmd);
3412 {

CID 515588: (SLEEP)
Call to "external" might sleep while holding lock "sbbs->nodefile_mutex".

3413 int result = sbbs->external(cmd, ex_mode, sbbs->cfg.event[i]->dir);
3414 if(!(ex_mode&EX_BG)) 3415 sbbs->lprintf(result ? sbbs->cfg.event[i]->errlevel : LOG_INFO, "Timed event: '%s' returned %d", cmd, result);
3416 else
3417 sbbs->lprintf(LOG_DEBUG, "Background timed event spawned: %s", cmd);
3418 }
/main.cpp: 3277 in event_thread(void *)()
3271 while(!sbbs->terminated) {
3272 mswait(1000); 3273 now=time(NULL); 3274 if(now-start>10 && now-lastnodechk<10)
3275 continue;
3276 for(j=first_node;j<=last_node;j++) {

CID 515588: (SLEEP)
Call to "getnodedat" might sleep while holding lock "sbbs->nodefile_mutex".

3277 if(!sbbs->getnodedat(j,&node, true))
3278 continue;
3279 if(node.status==NODE_WFC)
3280 node.status=NODE_EVENT_LIMBO;
3281 node.aux=sbbs->cfg.event[i]->node;
3282 sbbs->putnodedat(j,&node);
/main.cpp: 2986 in event_thread(void *)()
2980 if(!fexist(fname))
2981 continue;
2982 sbbs->useron.number = 0;
2983 sbbs->lprintf(LOG_INFO, "QWK pack semaphore signaled: %s", fname);
2984 int usernum = atoi(fname+offset);
2985 sbbs->useron.number = usernum;

CID 515588: (SLEEP)
Call to "getuserdat" might sleep while holding lock "sbbs->nodefile_mutex".

2986 int retval = getuserdat(&sbbs->cfg,&sbbs->useron);
2987 if(retval != 0) {
2988 sbbs->lprintf(LOG_WARNING, "ERROR %d reading user data for user #%d", retval, usernum);
2989 sbbs->fremove(WHERE, fname, /* log-all-errors: */true);
2990 continue;
2991 }
/main.cpp: 3272 in event_thread(void *)()
3266 sbbs->lprintf(LOG_DEBUG,"event last run: %s (0x%08x)"
3267 ,sbbs->timestr(sbbs->cfg.event[i]->last)
3268 ,sbbs->cfg.event[i]->last);
3269 lastnodechk=0; /* really last event time check */
3270 start=time(NULL);
3271 while(!sbbs->terminated) {

CID 515588: (SLEEP)
Call to "nanosleep" might sleep while holding lock "sbbs->nodefile_mutex".

3272 mswait(1000); 3273 now=time(NULL); 3274 if(now-start>10 && now-lastnodechk<10)
3275 continue;
3276 for(j=first_node;j<=last_node;j++) {
3277 if(!sbbs->getnodedat(j,&node, true))

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D0VuE_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZXtRHBZwsv7Kfty0nOtNaK0UAFlR-2FrVR2f6CKktOSW3KEH5A-2BAGbll45RILco6MRWsB-2BPA-2F5LbzoDmAwnm2EdPSGWu8DKQDA8ovxbR0nzs0zWwn4zpQwqZ0g5MQ5Uxv60wCv-2BEyap91XzPuWSQ2OUE7j0iN0wndXT1J2mredhBFg-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Friday, December 06, 2024 13:41:13

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
9 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 515659: Resource leaks (RESOURCE_LEAK)
/readmail.cpp: 814 in sbbs_t::readmail(unsigned int, int, int)()

________________________________________________________________________________________________________
*** CID 515659: Resource leaks (RESOURCE_LEAK)
/readmail.cpp: 814 in sbbs_t::readmail(unsigned int, int, int)()
808 }
809
810 smb_close(&smb);
811 smb_stack(&smb,SMB_STACK_POP);
812 current_msg=NULL;
813

CID 515659: Resource leaks (RESOURCE_LEAK)
Variable "mail" going out of scope leaks the storage it points to.

814 return lm_mode;
815 }
816
817 int sbbs_t::searchmail(mail_t *mail, int start, int msgs, int which, const char *search, const char* order)
818 {
819 char* buf;

** CID 515658: Error handling issues (CHECKED_RETURN)

________________________________________________________________________________________________________
*** CID 515658: Error handling issues (CHECKED_RETURN)
/dupefind.c: 75 in display_filename()
69 char *display_filename(scfg_t *cfg, uint dirnum, uint32_t fil_off)
70 {
71 static char str[256];
72 static smb_t smb;
73 if(smb_open_dir(cfg, &smb, dirnum) != SMB_SUCCESS)
74 return smb.last_error;

CID 515658: Error handling issues (CHECKED_RETURN)
Calling "smb_fseek(smb.sid_fp, (fil_off - 1U) * 128UL, 0)" without checking return value. It wraps a library function that may fail and return an error code.

75 smb_fseek(smb.sid_fp, (fil_off - 1) * sizeof(fileidxrec_t), SEEK_SET); 76 fileidxrec_t idx;
77 if(smb_fread(&smb, &idx, sizeof(idx), smb.sid_fp) != sizeof(idx)) {
78 smb_close(&smb);
79 return smb.last_error;
80 }

** CID 515657: Error handling issues (CHECKED_RETURN)
/load_cfg.c: 627 in smb_open_dir()

________________________________________________________________________________________________________
*** CID 515657: Error handling issues (CHECKED_RETURN)
/load_cfg.c: 627 in smb_open_dir()
621 if(filelength(fileno(smb->shd_fp)) < 1) {
622 smb->status.max_files = cfg->dir[dirnum]->maxfiles; 623 smb->status.max_age = cfg->dir[dirnum]->maxage;
624 smb->status.attr = SMB_FILE_DIRECTORY; 625 if(cfg->dir[dirnum]->misc & DIR_NOHASH)
626 smb->status.attr |= SMB_NOHASH;

CID 515657: Error handling issues (CHECKED_RETURN)
Calling "smb_create" without checking return value (as is done elsewhere 16 out of 17 times).

627 smb_create(smb);
628 }
629 return SMB_SUCCESS;
630 }
631
632 int get_lang_count(scfg_t* cfg)

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DArCi_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZBUi-2F07t06F46PFVW9NK8AEOuHmZrMv6aNSdOw0AIeo4ogvPzV8VRWZ8jRTfiHC12zKsA4sipybJiH6RgyZ0m7AfiNQvXpSFbavk3k9Q6PyWgsjGH13ueAcyWa7DsklJg0kfAfT7EZWBHjtJZZ7z9FYBEIQ4aPAWfq3llNwIH-2F5w-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Saturday, December 07, 2024 13:42:14

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
8 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 515673: Code maintainability issues (SIZEOF_MISMATCH)
/sbbsecho.c: 1309 in link_area()

________________________________________________________________________________________________________
*** CID 515673: Code maintainability issues (SIZEOF_MISMATCH)
/sbbsecho.c: 1309 in link_area()
1303 return false;
1304 }
1305
1306 void link_area(unsigned area_num, const fidoaddr_t* addr)
1307 {
1308 area_t* area = &cfg.area[area_num];

CID 515673: Code maintainability issues (SIZEOF_MISMATCH)
Passing argument "area->link" of type "fidoaddr_t const *" and argument "8UL /* sizeof (addr) */ * (area->links + 1)" to function "realloc_or_free" is suspicious. In this case, "sizeof (fidoaddr_t const *)" is equal to "sizeof (fidoaddr_t const)", but this is not a portable assumption.

1309 if((area->link = realloc_or_free(area->link, (sizeof addr) * (area->links + 1))) == NULL) {
1310 lprintf(LOG_ERR,"ERROR line %d allocating memory for area "
1311 "#%u links.",__LINE__, area_num + 1);
1312 bail(1);
1313 return;
1314 }

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DjswB_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZTIkIcVsFEubRKPyVR-2BCuKY5oHLU9ayFn6T1x6if3eS0nVM4zzDglf0kSu84NvdLQvLmLpVUMBWFTCqIbKw97TOhNhU4Up-2FQ0gGVaItXyTTfc3Uu2zZfP2qWOCQU0YU4SaCyb8-2B3kJNnxUzaATxOedk4YqKEgN0RG-2F7ZgTWOZJ5A-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sunday, December 08, 2024 13:41:14

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 515715: Incorrect expression (SIZEOF_MISMATCH)
/userdat.c: 1420 in node_vstatus()

________________________________________________________________________________________________________
*** CID 515715: Incorrect expression (SIZEOF_MISMATCH)
/userdat.c: 1420 in node_vstatus()
1414 return cfg->text != NULL ? cfg->text[NodeStatusOffline] : "Offline";
1415 case NODE_NETTING: /* Obsolete */
1416 return "Networking";
1417 case NODE_LOGON:
1418 return cfg->text != NULL ? cfg->text[NodeStatusLogon] : "At login prompt";
1419 case NODE_LOGOUT:

CID 515715: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "str" of type "char *" and argument "8UL /* sizeof (str) */" to function "safe_snprintf" is suspicious.

1420 snprintf(str, sizeof str, cfg->text != NULL ? cfg->text[NodeStatusLogout] : "Logging out %s", username(cfg,node->useron,tmp));
1421 return str;
1422 case NODE_EVENT_WAITING:
1423 return cfg->text != NULL ? cfg->text[NodeStatusEventWaiting] : "Waiting for all nodes to become inactive";
1424 case NODE_EVENT_LIMBO:
1425 snprintf(str, size, cfg->text != NULL ? cfg->text[NodeStatusEventLimbo] : "Waiting for node %d to finish external event"

** CID 515714: Uninitialized variables (UNINIT)

________________________________________________________________________________________________________
*** CID 515714: Uninitialized variables (UNINIT)
/getnode.cpp: 289 in sbbs_t::getnodeext(unsigned int, char *)()
283 errormsg(WHERE,ERR_CHK,"node number",number);
284 return false;
285 }
286
287 if((node_ext=opennodeext(&cfg))==-1) {
288 memset(ext,0,128);

CID 515714: Uninitialized variables (UNINIT)
Using uninitialized value "*str" when calling "errormsg".

289 errormsg(WHERE,ERR_OPEN,str,O_RDONLY|O_DENYNONE);
290 return false;
291 }
292
293 number--; /* make zero based */
294 for(count=0;count<LOOP_NODEDAB;count++) {

** CID 515713: Incorrect expression (SIZEOF_MISMATCH)
/userdat.c: 1512 in node_activity()

________________________________________________________________________________________________________
*** CID 515713: Incorrect expression (SIZEOF_MISMATCH)
/userdat.c: 1512 in node_activity()
1506 return cfg->text != NULL ? cfg->text[NodeActivityLoggingOn] : "logging on";
1507 case NODE_LCHT:
1508 snprintf(str, size, cfg->text != NULL ? cfg->text[NodeActivityLocalChat] : "chatting with %s", cfg->sys_op);
1509 break;
1510 case NODE_MCHT:
1511 if(node->aux != 0)

CID 515713: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "str" of type "char *" and argument "8UL /* sizeof (str) */" to function "safe_snprintf" is suspicious.

1512 snprintf(str, sizeof str
1513 ,cfg->text != NULL ? cfg->text[NodeActivityChatChannel] : "in multinode chat channel %d"
1514 ,node->aux & 0xff);
1515 else
1516 return cfg->text != NULL ? cfg->text[NodeActivityGlobalChat] : "in multinode global chat channel";
1517 break;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3Drf1g_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQY9ty8xtnl2sw1SqlPRU2WILlz6B-2F41RYA0wpD7iGPK7iJJRJMlj06LpTw8H4oLu0ZD6NOR-2Fs4yPZ6xU2n8ZKWHL4-2F4cgQ0xljfi-2B5nJtvQuTTNG4kyAp2Ph0XvRGRr1KcMs8Gin6jWDWu2x-2Bkj9Q6Trx86Of-2BJRienYR-2Fbv9gQgw-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sunday, December 15, 2024 13:49:15

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 516068: Null pointer dereferences (FORWARD_NULL)
/websrvr.c: 5419 in js_ErrorReporter()

________________________________________________________________________________________________________
*** CID 516068: Null pointer dereferences (FORWARD_NULL)
/websrvr.c: 5419 in js_ErrorReporter()
5413 pthread_mutex_lock(&mutex);
5414 if(lastline == report->lineno && report->filename != NULL && strcmp(lastfile, report->filename) == 0)
5415 log_level = LOG_WARNING;
5416 else
5417 log_level = LOG_ERR;
5418 lastline = report->lineno;

CID 516068: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "report->filename" to "strlcpy", which dereferences it. [Note: The source code implementation of the function has been overridden by a builtin model.]

5419 SAFECOPY(lastfile, report->filename);
5420 pthread_mutex_unlock(&mutex);
5421 warning="";
5422 }
5423
5424 lprintf(log_level,"%04d !JavaScript %s%s%s: %s, Request: %s"

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DwGMb_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYoPlNm5BibC088PrWc35An4cdaeXCJhAHOfo6MdQKpuyixiVEFSUvV84YSqGOWCuXdzqHO6D3vFmsefEKTNsriv31FvxSemaYCwQ1e-2F5VqBGX6SKqkk-2F5GGTcyG8HHnvAZdIDYA7eRF8DYP-2F3cg26HCdIpmNxtLPnr6lFDWLJb2Q-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tuesday, December 17, 2024 13:48:21

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

9 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 9 of 9 defect(s)

** CID 516415: Error handling issues (CHECKED_RETURN)
/userdat.c: 1472 in node_activity()

________________________________________________________________________________________________________
*** CID 516415: Error handling issues (CHECKED_RETURN)
/userdat.c: 1472 in node_activity()
1466 case NODE_AMSG:
1467 return cfg->text != NULL ? cfg->text[NodeActivityAutoMsg] : "posting auto-message";
1468 case NODE_XTRN:
1469 if(node->aux == 0)
1470 return cfg->text != NULL ? cfg->text[NodeActivityXtrnMenu] : "at external program menu";
1471 user.number = node->useron;

CID 516415: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

1472 getuserdat(cfg, &user);
1473 xtrnnum = getxtrnnum(cfg, user.curxtrn);
1474 if(is_valid_xtrnnum(cfg, xtrnnum))
1475 snprintf(str, size, "%s %s"
1476 ,cfg->text != NULL ? cfg->text[NodeActivityRunningXtrn] : "running"
1477 ,cfg->xtrn[xtrnnum]->name);

** CID 516414: Error handling issues (CHECKED_RETURN)
/useredit.cpp: 65 in sbbs_t::useredit(int)()

________________________________________________________________________________________________________
*** CID 516414: Error handling issues (CHECKED_RETURN)
/useredit.cpp: 65 in sbbs_t::useredit(int)()
59 if(sys_status&SS_INUEDIT)
60 return;
61 sys_status|=SS_INUEDIT;
62 while(online) {
63 CLS;
64 attr(LIGHTGRAY);

CID 516414: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

65 getuserdat(&cfg,&user);
66 if(!user.number) {
67 user.number=1;
68 getuserdat(&cfg,&user);
69 if(!user.number) {
70 bputs(text[NoUserData]);

** CID 516413: Error handling issues (CHECKED_RETURN)
/answer.cpp: 168 in sbbs_t::answer()()

________________________________________________________________________________________________________
*** CID 516413: Error handling issues (CHECKED_RETURN)
/answer.cpp: 168 in sbbs_t::answer()()
162 (but keep full terminal type/speed string in rlogin_term): */
163 truncstr(terminal,"/");
164 useron.number = 0;
165 if(rlogin_name[0])
166 useron.number = find_login_id(&cfg, rlogin_name);
167 if(useron.number) {

CID 516413: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

168 getuserdat(&cfg,&useron);
169 SAFEPRINTF(path,"%srlogin.cfg",cfg.ctrl_dir);
170 if(!findstr(client.addr,path)) {
171 SAFECOPY(tmp, rlogin_pass);
172 for(i=0;i<3 && online;i++) { 173 if(stricmp(tmp,useron.pass)) {

** CID 516412: Error handling issues (CHECKED_RETURN)
/login.cpp: 51 in sbbs_t::login(const char *, const char *, const char *, const char *)()

________________________________________________________________________________________________________
*** CID 516412: Error handling issues (CHECKED_RETURN)
/login.cpp: 51 in sbbs_t::login(const char *, const char *, const char *, const char *)()
45 long useron_misc=useron.misc;
46
47 username = parse_login(username);
48
49 useron.number = find_login_id(&cfg, username);
50 if(useron.number) {

CID 516412: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

51 getuserdat(&cfg,&useron);
52 if(useron.number && useron.misc&(DELETED|INACTIVE))
53 useron.number=0;
54 }
55
56 if(!useron.number) {

** CID 516411: (CHECKED_RETURN)
/useredit.cpp: 733 in sbbs_t::maindflts(user_t *)()
/useredit.cpp: 738 in sbbs_t::maindflts(user_t *)()

________________________________________________________________________________________________________
*** CID 516411: (CHECKED_RETURN)
/useredit.cpp: 733 in sbbs_t::maindflts(user_t *)()
727
728 action=NODE_DFLT;
729 if (cfg.usercfg_mod[0]) {
730 char cmdline[256];
731 snprintf(cmdline, sizeof(cmdline), "%s %u", cfg.usercfg_mod, user->number);
732 exec_bin(cmdline, &main_csi);

CID 516411: (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

733 getuserdat(&cfg, user);
734 return;
735 }
736 while(online) {
737 CLS;
738 getuserdat(&cfg,user);
/useredit.cpp: 738 in sbbs_t::maindflts(user_t *)()
732 exec_bin(cmdline, &main_csi);
733 getuserdat(&cfg, user);
734 return;
735 }
736 while(online) {
737 CLS;

CID 516411: (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

738 getuserdat(&cfg,user);
739 bprintf(text[UserDefaultsHdr],user->alias,user->number);
740 if(user == &useron) {
741 update_nodeterm();
742 load_user_text();
743 }

** CID 516410: Error handling issues (CHECKED_RETURN)
/websrvr.c: 1662 in http_logon()

________________________________________________________________________________________________________
*** CID 516410: Error handling issues (CHECKED_RETURN)
/websrvr.c: 1662 in http_logon()
1656 session->req.finished=true;
1657 }
1658
1659 void http_logon(http_session_t * session, user_t *usr)
1660 {
1661 if(usr==NULL)

CID 516410: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

1662 getuserdat(&scfg, &session->user);
1663 else
1664 session->user=*usr;
1665
1666 if(session->user.number==session->last_user_num)
1667 return;

** CID 516409: Error handling issues (CHECKED_RETURN)
/str.cpp: 1388 in sbbs_t::change_user()()

________________________________________________________________________________________________________
*** CID 516409: Error handling issues (CHECKED_RETURN)
/str.cpp: 1388 in sbbs_t::change_user()()
1382 putmsgptrs();
1383 putuserstr(useron.number, USER_CURSUB
1384 ,cfg.sub[usrsub[curgrp][cursub[curgrp]]]->code);
1385 putuserstr(useron.number, USER_CURDIR
1386 ,cfg.dir[usrdir[curlib][curdir[curlib]]]->code);
1387 useron.number=i;

CID 516409: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

1388 getuserdat(&cfg,&useron);
1389 if(getnodedat(cfg.node_num,&thisnode, true)) {
1390 thisnode.useron=useron.number;
1391 putnodedat(cfg.node_num,&thisnode);
1392 }
1393 getmsgptrs();

** CID 516408: Error handling issues (CHECKED_RETURN)
/useredit.cpp: 1166 in sbbs_t::purgeuser(int)()

________________________________________________________________________________________________________
*** CID 516408: Error handling issues (CHECKED_RETURN)
/useredit.cpp: 1166 in sbbs_t::purgeuser(int)()
1160
1161 void sbbs_t::purgeuser(int usernumber)
1162 { char str[128];
1163 user_t user;
1164
1165 user.number=usernumber;

CID 516408: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

1166 getuserdat(&cfg,&user);
1167 SAFEPRINTF2(str,"Purged %s #%u",user.alias,usernumber);
1168 logentry("!*",str);
1169 delallmail(usernumber, MAIL_ANY);
1170 putusername(&cfg,usernumber,nulstr);
1171 putusermisc(usernumber, user.misc | DELETED);

** CID 516407: Error handling issues (CHECKED_RETURN)
/websrvr.c: 2037 in check_ars()

________________________________________________________________________________________________________
*** CID 516407: Error handling issues (CHECKED_RETURN)
/websrvr.c: 2037 in check_ars()
2031 else
2032 lprintf(LOG_NOTICE,"%04d !UNKNOWN USER: '%s'" 2033 ,session->socket,session->req.auth.username);
2034 return(false);
2035 }
2036 thisuser.number=i;

CID 516407: Error handling issues (CHECKED_RETURN)
Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).

2037 getuserdat(&scfg, &thisuser);
2038 switch(session->req.auth.type) {
2039 case AUTHENTICATION_TLS_PSK:
2040 if((auth_allowed & (1<<AUTHENTICATION_TLS_PSK))==0)
2041 return(false);
2042 if(session->last_user_num!=0) {

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DQyWe_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZaRdcpKH1DbVbWKil-2BYXbuPo6Nlz2IWCRH2bHbIl-2BZWutyiZLTcraL5FS1iiZSM0cIaa70yw-2BvQnYvTFtY90cnRY6AunfTZ3TOchBhkmrNG5r6R9YGJilsgu5Suh4msrRA-2BqV-2BHoo-2B29c88W6IVBSZdgQoHyw-2Bn9zmKTgeEHvaqQ-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Friday, December 20, 2024 13:38:55

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 516431: Incorrect expression (EVALUATION_ORDER)
/scfg/scfgsys.c: 1740 in sys_cfg()

________________________________________________________________________________________________________
*** CID 516431: Incorrect expression (EVALUATION_ORDER)
/scfg/scfgsys.c: 1740 in sys_cfg()
1734 char sys_pass[sizeof(cfg.sys_pass)];
1735 SAFECOPY(sys_pass, cfg.sys_pass);
1736 while(1) {
1737 i=0;
1738 snprintf(opt[i++],MAX_OPLN,"%-20s%s","BBS Name",cfg.sys_name);
1739 snprintf(opt[i++],MAX_OPLN,"%-20s%s","Location",cfg.sys_location);

CID 516431: Incorrect expression (EVALUATION_ORDER)
In argument #6 of "safe_snprintf(opt[i++], 75UL, "%-20s%s%s %s", "Local Time Zone", ((cfg.sys_timezone == -1) ? "Auto: " : ""), smb_zonestr(sys_timezone(&cfg), NULL), ((!(cfg.sys_timezone <= 1000 && cfg.sys_timezone >= -1000) && (cfg.sys_timezone & 0xc000 || cfg.sys_timezone == 4096 || cfg.sys_timezone == 4156 || cfg.sys_timezone == 4216 || cfg.sys_timezone == 4816 || cfg.sys_timezone == 4696 || cfg.sys_timezone == 4666) && cfg.sys_misc & 0x4000U) ? "(Auto-DST)" : ""))", a call is made to "sys_timezone(&cfg)". In argument #1 of this function, the object "cfg.sys_timezone" is modified. This object is also used in "(cfg.sys_timezone == -1) ? "Auto: " : """, the argument #5 of the outer function call. The order in which these arguments are evaluated is not specified, and will vary between platforms.

1740 snprintf(opt[i++],MAX_OPLN,"%-20s%s%s %s","Local Time Zone"
1741 ,cfg.sys_timezone == SYS_TIMEZONE_AUTO ? "Auto: " : ""
1742 ,smb_zonestr(sys_timezone(&cfg),NULL)
1743 ,SMB_TZ_HAS_DST(cfg.sys_timezone) && cfg.sys_misc&SM_AUTO_DST ? "(Auto-DST)" : "");
1744 snprintf(opt[i++],MAX_OPLN,"%-20s%s (e.g. %s)","Short Date Format"
1745 ,date_format(&cfg, str, sizeof str)

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3Du0AK_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZX-2BkC2-2BAZJhPPYfXPDeIQ-2B4YvLEfkbd-2Bd6D-2Bq6Hgb3A8yT9nXPdJTazBcJukBEh03pJKxvVooRsB2exFituB7-2FZiW-2B-2FFf3SbStI-2Fat2UXSZKXBODkmruS46NddedKGixq1GgfIg-2BgPQfkssXqpoMR-2BzxwZcTjLKvzCO0Vk2ny9Gw-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Saturday, December 21, 2024 13:40:03

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 516448: High impact quality (Y2K38_SAFETY)
/js_msgbase.c: 1441 in js_get_msg_header_resolve()

________________________________________________________________________________________________________
*** CID 516448: High impact quality (Y2K38_SAFETY)
/js_msgbase.c: 1441 in js_get_msg_header_resolve()
1435 /* Fixed length portion of msg header */
1436 LAZY_UINTEGER("type", p->msg.hdr.type, JSPROP_ENUMERATE);
1437 LAZY_UINTEGER("version", p->msg.hdr.version, JSPROP_ENUMERATE); 1438 LAZY_UINTEGER("attr", p->msg.hdr.attr, JSPROP_ENUMERATE);
1439 LAZY_UINTEGER("auxattr", p->msg.hdr.auxattr, JSPROP_ENUMERATE); 1440 LAZY_UINTEGER("netattr", p->msg.hdr.netattr, JSPROP_ENUMERATE); >>> CID 516448: High impact quality (Y2K38_SAFETY)

A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(p->msg.hdr.when_written)" is cast to "uint32".

1441 LAZY_UINTEGER("when_written_time", smb_time(p->msg.hdr.when_written), JSPROP_ENUMERATE);
1442 LAZY_INTEGER("when_written_zone", p->msg.hdr.when_written.zone, JSPROP_ENUMERATE);
1443 LAZY_INTEGER("when_written_zone_offset", smb_tzutc(p->msg.hdr.when_written.zone), JSPROP_ENUMERATE|JSPROP_READONLY);
1444 LAZY_UINTEGER("when_imported_time", p->msg.hdr.when_imported.time, JSPROP_ENUMERATE);
1445 LAZY_INTEGER("when_imported_zone", p->msg.hdr.when_imported.zone, JSPROP_ENUMERATE);
1446 LAZY_INTEGER("when_imported_zone_offset", smb_tzutc(p->msg.hdr.when_imported.zone), JSPROP_ENUMERATE|JSPROP_READONLY);

** CID 516447: High impact quality (Y2K38_SAFETY)
/postmsg.cpp: 625 in votemsg()

________________________________________________________________________________________________________
*** CID 516447: High impact quality (Y2K38_SAFETY)
/postmsg.cpp: 625 in votemsg()
619 }
620 answers++;
621 }
622 }
623 }
624 safe_snprintf(smsg, sizeof(smsg), smsgfmt

CID 516447: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg->hdr.when_written)" is cast to "time32_t".

625 ,timestr(cfg, (time32_t)smb_time(msg->hdr.when_written), tstr)
626 ,cfg->grp[cfg->sub[smb->subnum]->grp]->sname
627 ,cfg->sub[smb->subnum]->sname
628 ,from
629 ,remsg.subj);
630 SAFECAT(smsg, votes);

** CID 516446: (Y2K38_SAFETY)
/qwknodes.c: 366 in main()
/qwknodes.c: 392 in main()
/qwknodes.c: 361 in main()
/qwknodes.c: 384 in main()
/qwknodes.c: 333 in main()
/qwknodes.c: 343 in main()

________________________________________________________________________________________________________
*** CID 516446: (Y2K38_SAFETY)
/qwknodes.c: 366 in main()
360 ,msg.from,p+1
361 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
362 ,str); 363 else
364 fprintf(users,"%-25.25s %-8.8s %s\r\n"
365 ,msg.from,str

CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".

366 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp));
367 }
368 if(cmd&NODES && msg.from_net.type==NET_QWK) {
369 if(mode&TAGS)
370 gettag(&msg,tag);
371 if(mode&FEED) /qwknodes.c: 392 in main()
386 }
387 else
388 fprintf(nodes,"%-8.8s %s\r\n"
389 ,str 390 ,mode&TAGS
391 ? tag >>> CID 516446: (Y2K38_SAFETY)

A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".

392 : unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp));
393 }
394 }
395 }
396 smb_freemsgmem(&msg);
397 }
/qwknodes.c: 361 in main()
355 else
356 strcpy(str,msg.from_net.addr);
357 p=strrchr(str,'/');
358 if(p)
359 fprintf(users,"%-25.25s %-8.8s %s (%s)\r\n"
360 ,msg.from,p+1

CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".

361 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
362 ,str); 363 else
364 fprintf(users,"%-25.25s %-8.8s %s\r\n"
365 ,msg.from,str
366 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp));
/qwknodes.c: 384 in main()
378 fprintf(nodes,"%-8.8s %s\r\n"
379 ,p+1
380 ,tag);
381 else
382 fprintf(nodes,"%-8.8s %s (%s)\r\n"
383 ,p+1

CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".

384 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
385 ,str);
386 }
387 else
388 fprintf(nodes,"%-8.8s %s\r\n"
389 ,str /qwknodes.c: 333 in main()
327 p=strrchr(addr,'/');
328 if(!p)
329 p=addr; 330 else
331 *(p++)=0;
332 safe_snprintf(str, sizeof(str), "%s %s:%s%c%s"

CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".

333 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),tmp)
334 ,p,cfg.sys_id,p==addr ? 0 : '/'
335 ,addr); 336 fprintf(route,"%s\r\n",str);
337 }
338 else {
/qwknodes.c: 343 in main()
337 }
338 else {
339 p=strrchr(addr,'/');
340 if(p) {
341 *(p++)=0;
342 fprintf(route,"%s %s:%.*s\r\n"

CID 516446: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "smb_time(msg.hdr.when_written)" is cast to "time32_t".

343 ,unixtodstr(&cfg,smb_time(msg.hdr.when_written),str)
344 ,p
345 ,(uint)(p-addr)
346 ,addr); 347 }
348 }

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DNGSj_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYgWGJ9BYEIxvdbhMAIayAni-2FuUZOlays8-2BQNW1Qj2YoLcEBScLdhHrJ52SvmolJ5itsnLRiKIwdue9DQ-2F9PO-2FUFGY-2Fa0jLnspeSlF2FiQB80TbxuUTyDk42cNSQCBuIqgPC4jh5ZIq8dm-2B49xrAWdl9U3UIFg1xXJFs0kJktVUnA-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

Who's Online
Recent Visitors

System Info

Sysop:	zerwind
Location:	Worcester, Ma
Users:	5
Nodes:	10 (0 / 10)
Uptime:	12:41:20
Calls:	33
Files:	1,943
Messages:	16,209

New Defects reported by Coverity Scan for Synchronet

Who's Online

Recent Visitors

System Info