Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 488122: Concurrent data access violations (MISSING_LOCK)
/websrvr.c: 6243 in respond()


________________________________________________________________________________________________________
*** CID 488122: Concurrent data access violations (MISSING_LOCK)
/websrvr.c: 6243 in respond()
6237 ,session->socket, session->client.protocol, session->client.addr, session->req.physical_path
6238 ,session->req.range_start,session->req.range_end, content_length);
6239 else
6240 lprintf(LOG_INFO,"%04d %s [%s] Sending file: %s (%"PRIdOFF" bytes)"
6241 ,session->socket, session->client.protocol, session->client.addr, session->req.physical_path, content_length);
6242 snt=sock_sendfile(session,session->req.physical_path,session->req.range_start,session->req.range_end);

CID 488122: Concurrent data access violations (MISSING_LOCK)
Accessing "session->send_failed" without holding lock "http_session_t.outbuf_write". Elsewhere, "http_session_t.send_failed" is written to with "http_session_t.outbuf_write" held 1 out of 1 times.

6243 if(!session->send_failed) {
6244 if(session->req.ld!=NULL) {
6245 if(snt<0)
6246 snt=0;
6247 session->req.ld->size=snt;
6248 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DmHtV_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbYwk4stqvOulAQyfb9Qz7UqXa-2FyYiLNtJQLdPQNB0BbrubVIHVqt8wbwLmHsBUJon6PC9sbncKQ-2BAxsdRHbzS8LHKyt8nQ5XXM7E400tls6CE8QTOmeO-2BbTPMyH95TYfYCuXcmmWIuH-2F2U7WSDFD5czc7Rvy8hX-2BZbhm7O5DgwmQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

5 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 488309: Memory - illegal accesses (STRING_NULL)


________________________________________________________________________________________________________
*** CID 488309: Memory - illegal accesses (STRING_NULL)
/str.cpp: 344 in sbbs_t::sif(char *, char *, int)()
338 m+=2;
339 for(l=m;l<length;l++)
340 if(buf[l]=='"') {
341 buf[l]=0;
342 break;
343 }

CID 488309: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "(char *)buf + m" to "getkeys", which expects a null-terminated string.

344 answers[a++]=(char)getkeys((char *)buf+m,0);
345 }
346 else {
347 answers[a]=getkey(mode);
348 outchar(answers[a++]);
349 attr(LIGHTGRAY);

** CID 488308: (STRING_NULL)


________________________________________________________________________________________________________
*** CID 488308: (STRING_NULL)
/sbbsecho.c: 3666 in getzpt()
3660 faddr=atofaddr(buf+i+6);
3661 hdr->destzone=faddr.zone;
3662 hdr->destnet=faddr.net;
3663 hdr->destnode=faddr.node;
3664 i+=6;
3665 while(buf[i] && buf[i]!=' ') i++;

CID 488308: (STRING_NULL)
Passing unterminated string "buf + i + 1" to "atofaddr", which expects a null-terminated string.

3666 faddr=atofaddr(buf+i+1);
3667 hdr->origzone=faddr.zone;
3668 hdr->orignet=faddr.net;
3669 hdr->orignode=faddr.node;
3670 intl_found = true;
3671 }
/sbbsecho.c: 3660 in getzpt()
3654 if((!i || cr) && buf[i]==CTRL_A) { /* kludge */ 3655 if(!strncmp(buf+i+1,"TOPT ",5))
3656 hdr->destpoint=atoi(buf+i+6);
3657 else if(!strncmp(buf+i+1,"FMPT ",5))
3658 hdr->origpoint=atoi(buf+i+6);
3659 else if(!strncmp(buf+i+1,"INTL ",5)) {

CID 488308: (STRING_NULL)
Passing unterminated string "buf + i + 6" to "atofaddr", which expects a null-terminated string.

3660 faddr=atofaddr(buf+i+6);
3661 hdr->destzone=faddr.zone;
3662 hdr->destnet=faddr.net;
3663 hdr->destnode=faddr.node;
3664 i+=6;
3665 while(buf[i] && buf[i]!=' ') i++;

** CID 488307: Memory - illegal accesses (STRING_NULL)


________________________________________________________________________________________________________
*** CID 488307: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Mar-23-2024/src/smblib/smblib.c: 1085 in smb_getmsghdr()
1079 !=(size_t)msg->hfield[i].length) {
1080 safe_snprintf(smb->last_error,sizeof(smb->last_error)
1081 ,"%s reading header (#%d) field data (%d bytes)", __FUNCTION__, (int)i, (int)msg->hfield[i].length);
1082 smb_freemsgmem(msg);
1083 return(SMB_ERR_READ);
1084 }

CID 488307: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "msg->hfield_dat[i]" to "set_convenience_ptr", which expects a null-terminated string.

1085 set_convenience_ptr(msg,msg->hfield[i].type,msg->hfield[i].length,msg->hfield_dat[i]);
1086
1087 l+=msg->hfield[i].length;
1088 }
1089
1090 /* These convenience pointers must point to something */

** CID 488306: (STRING_NULL)
/sauce.c: 60 in sauce_fread_charinfo()
/sauce.c: 62 in sauce_fread_charinfo()
/sauce.c: 59 in sauce_fread_charinfo()
/sauce.c: 61 in sauce_fread_charinfo()


________________________________________________________________________________________________________
*** CID 488306: (STRING_NULL)
/sauce.c: 60 in sauce_fread_charinfo()
54
55 if(type != NULL)
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));
59 SAFECOPY(info->title, record.title); truncsp(info->title);

CID 488306: (STRING_NULL)
Passing unterminated string "record.author" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

60 SAFECOPY(info->author, record.author); truncsp(info->author); 61 SAFECOPY(info->group, record.group); truncsp(info->group);
62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
65 switch(record.filetype) {
/sauce.c: 62 in sauce_fread_charinfo()
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));
59 SAFECOPY(info->title, record.title); truncsp(info->title);
60 SAFECOPY(info->author, record.author); truncsp(info->author); 61 SAFECOPY(info->group, record.group); truncsp(info->group);

CID 488306: (STRING_NULL)
Passing unterminated string "record.date" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
65 switch(record.filetype) {
66 case sauce_char_filetype_ascii:
67 case sauce_char_filetype_ansi:
/sauce.c: 59 in sauce_fread_charinfo()
53 return false;
54
55 if(type != NULL)
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));

CID 488306: (STRING_NULL)
Passing unterminated string "record.title" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

59 SAFECOPY(info->title, record.title); truncsp(info->title);
60 SAFECOPY(info->author, record.author); truncsp(info->author); 61 SAFECOPY(info->group, record.group); truncsp(info->group);
62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
/sauce.c: 61 in sauce_fread_charinfo()
55 if(type != NULL)
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));
59 SAFECOPY(info->title, record.title); truncsp(info->title);
60 SAFECOPY(info->author, record.author); truncsp(info->author); >>> CID 488306: (STRING_NULL)

Passing unterminated string "record.group" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

61 SAFECOPY(info->group, record.group); truncsp(info->group);
62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
65 switch(record.filetype) {
66 case sauce_char_filetype_ascii:

** CID 488305: Memory - corruptions (STRING_OVERFLOW)
/uedit/uedit.c: 1908 in main()


________________________________________________________________________________________________________
*** CID 488305: Memory - corruptions (STRING_OVERFLOW)
/uedit/uedit.c: 1908 in main()
1902
1903 sbbs_get_ini_fname(ini_file, ctrl_dir);
1904
1905 /* Initialize BBS startup structure */
1906 memset(&bbs_startup,0,sizeof(bbs_startup));
1907 bbs_startup.size=sizeof(bbs_startup);

CID 488305: Memory - corruptions (STRING_OVERFLOW)
You might overrun the 1024-character destination string "bbs_startup.ctrl_dir" by writing 4097 characters from "ctrl_dir".

1908 strcpy(bbs_startup.ctrl_dir,ctrl_dir);
1909
1910 /* Read .ini file here */
1911 if(ini_file[0]!=0 && (fp=fopen(ini_file,"r"))!=NULL) {
1912 printf("Reading %s\n",ini_file);
1913 /* We call this function to set defaults, even if there's no .ini file */


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DTnRX_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQaEw-2F35bzGVOVw-2BfAgK10nKBe2EaCuOVThBtA4zmIf-2FH6jtPrg8CF4KIxfGxqbWYZGzK5dEjEeJjcG-2FZFDV9g6z-2BKMwuy3tSgd6XVj6QkX-2FbE7goOVxulE2g8b9eGhrdwq7nNngW7QJqRO3KLACCgsN-2Bn56lb9VdBetusZbl3sfvQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 492209: High impact quality (Y2K38_SAFETY)
/js_system.c: 2698 in js_system_resolve()


________________________________________________________________________________________________________
*** CID 492209: High impact quality (Y2K38_SAFETY)
/js_system.c: 2698 in js_system_resolve()
2692 LAZY_INTEGER("version_hex", VERSION_HEX);
2693
2694 /* Git repo details */
2695 LAZY_STRING("git_branch", git_branch);
2696 LAZY_STRING("git_hash", git_hash);
2697 LAZY_STRING("git_date", git_date);

CID 492209: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "git_time" is cast to "uint32".

2698 LAZY_INTEGER("git_time", git_time);
2699
2700 LAZY_STRING("platform", PLATFORM_DESC);
2701 LAZY_STRING("architecture", ARCHITECTURE_DESC);
2702 LAZY_STRFUNC("msgbase_lib", sprintf(str,"SMBLIB %s",smb_lib_ver()), str);
2703 LAZY_STRFUNC("compiled_with", DESCRIBE_COMPILER(str), str);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DSh4N_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQaN8mnibgm8pDR-2F-2Bbe3f8EPEDiLDxICRbQfwsS-2Fj8I1S6oBPCdVVfNCUqkg9CbPMpOrc11Ju1i-2FZKGsMzQGZ93UZziuSMITFnGZKSuUqmlzwhD3piRfCu-2FFg3Xzyb2Yn1CDiKvT9pNBRM-2BVi7M2skqdIOXzqcGfoVNCwcEXj-2BCEWA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 492287: Error handling issues (CHECKED_RETURN)
/main.cpp: 4472 in node_thread(void *)()


________________________________________________________________________________________________________
*** CID 492287: Error handling issues (CHECKED_RETURN)
/main.cpp: 4472 in node_thread(void *)()
4466 }
4467 SAFEPRINTF2(str,"%s%s.bin",sbbs->cfg.mods_dir
4468 ,sbbs->cfg.shell[sbbs->useron.shell]->code);
4469 if(sbbs->cfg.mods_dir[0]==0 || !fexistcase(str)) {
4470 SAFEPRINTF2(str,"%s%s.bin",sbbs->cfg.exec_dir
4471 ,sbbs->cfg.shell[sbbs->useron.shell]->code);

CID 492287: Error handling issues (CHECKED_RETURN)
Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 131 times).

4472 fexistcase(str);
4473 }
4474 if((file=sbbs->nopen(str,O_RDONLY))==-1) {
4475 sbbs->errormsg(WHERE,ERR_OPEN,str,O_RDONLY);
4476 sbbs->hangup();
4477 break;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DHvP9_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQagYisv-2BW69zRWxBhimCtdag5Y-2FmNQU-2F9a-2BQz99muYyDMQHaJ9IAAUHt0J4m9PdQ-2FM2LeT5-2B1UNdpeKXpgNOTn265LNUeBHOZI40IJ3EqY58uotyMvBntmOFa6NssYuPj9pyF9jsG3Ot15K77yZ8uUVZ5aWBxVVnDKUwxo1ITxjHQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 493283: Incorrect expression (NO_EFFECT)
/mqtt.c: 811 in mqtt_user_login_fail()


________________________________________________________________________________________________________
*** CID 493283: Incorrect expression (NO_EFFECT)
/mqtt.c: 811 in mqtt_user_login_fail()
805 if(mqtt == NULL || mqtt->cfg == NULL || client == NULL)
806 return MQTT_FAILURE;
807
808 if(!mqtt->cfg->mqtt.enabled)
809 return MQTT_SUCCESS;
810

CID 493283: Incorrect expression (NO_EFFECT)
Comparing an array to null is not useful: "client->protocol == NULL", since the test will always evaluate as true.

811 if(client->protocol == NULL || username == NULL)
812 return MQTT_FAILURE;
813 snprintf(topic, sizeof(topic), "login_fail/%s", client->protocol);
814 strlwr(topic);
815 snprintf(str, sizeof(str), "%s\t%s\t%s"
816 ,username


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DzAgs_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQadI1-2FAsWIvGn-2BZ2YIPvmhLCu-2B1HFus-2FViv7odM0blgwJlSMhW5FP3Xkis4Ci7djMxV4S-2FpyGhgUj8KAvsWeecIJ1ln5YucvZvzvyf4HPVrDO8-2FLvieqY0sywMQ-2FhJEqN8WVo9AKRxOHtw7NsNWjr9Is7xQTg-2BmQd-2BBa6Z-2BXsMiSw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 497098: Resource leaks (RESOURCE_LEAK)
/js_filebase.c: 325 in parse_file_name()


________________________________________________________________________________________________________
*** CID 497098: Resource leaks (RESOURCE_LEAK)
/js_filebase.c: 325 in parse_file_name()
319 if(JS_GetProperty(cx, obj, prop_name, &val) && !JSVAL_NULL_OR_VOID(val)) {
320 JSVALUE_TO_MSTRING(cx, val, cp, NULL);
321 if(cp == NULL) {
322 JS_ReportError(cx, "Invalid '%s' string in file object", prop_name);
323 return NULL;
324 }

CID 497098: Resource leaks (RESOURCE_LEAK)
Variable "cp" going out of scope leaks the storage it points to.

325 return strdup(cp);
326 }
327 JS_ReportError(cx, "Missing '%s' string in file object", prop_name);
328 return NULL;
329 }
330


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DxkhG_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZZtSzYzfvQoBQM1WsYtjQc02R5bvuGDasDe1R1GX8VoPvtGi-2FoTZcq6T7jcTA9OlabmiybEJFFTwaaEcFcr7cqoyBFT0Xw3AZ-2Fgf8Xxa1nSM-2FLrkQMPM2ixtLH2vUsu17Tu25sW91h9WUpwNyEySd-2F9Tw4l4H0tRZM-2Bze1SwHZwg-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 508260: Null pointer dereferences (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 508260: Null pointer dereferences (FORWARD_NULL)
/js_msgbase.c: 950 in parse_header_object()
944 msg->hdr.priority=i32;
945 }
946
947 if(JS_GetProperty(cx, hdr, "field_list", &val) && JSVAL_IS_OBJECT(val)) {
948 array=JSVAL_TO_OBJECT(val);
949 len=0;

CID 508260: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "array" to "JS_GetArrayLength", which dereferences it.

950 if(array == NULL && !JS_GetArrayLength(cx, array, &len)) {
951 JS_ReportError(cx, "Invalid \"field_list\" array in header object");
952 goto err;
953 }
954
955 for(i=0;i<len;i++) {

** CID 508259: Control flow issues (DEADCODE)
/js_internal.c: 491 in js_execfile()


________________________________________________________________________________________________________
*** CID 508259: Control flow issues (DEADCODE)
/js_internal.c: 491 in js_execfile()
485 else {
486 JS_ReportError(cx, "Unable to get parent js."JAVASCRIPT_LOAD_PATH_LIST" array.");
487 return JS_FALSE;
488 }
489 }
490 else {

CID 508259: Control flow issues (DEADCODE)
Execution cannot reach this statement: "JS_ReportError(cx, "Unable ...".

491 JS_ReportError(cx, "Unable to get parent js object"); 492 return JS_FALSE;
493 }
494
495 js_script=JS_CompileFile(cx, js_scope, path);
496


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D20ER_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZSUgE3dQnVG6wGylJBHlsQHMU-2FeSvlPG-2BveassRKfh2KZ3KQqZYMDLXz99-2FrWMwJQ1T1J2N-2BE4YP3SycyU5tkbW6rwM2zqlUIvWZrfgy3l7iQ0Im12Z6xa2F5EX6ZCGf29mh7eZnuIJTmQCiel8IOekKUKQgh0LXaZSb3gnPQHBw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

6 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 508288: (STRING_NULL)
/telgate.cpp: 387 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char **, char *, char *, char *)()
/telgate.cpp: 387 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char **, char *, char *, char *)()


________________________________________________________________________________________________________
*** CID 508288: (STRING_NULL)
/telgate.cpp: 387 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char **, char *, char *, char *)()
381 l=K_CHAT;
382 if(!(mode&TG_ECHO))
383 l|=K_NOECHO;
384 rd=getstr((char*)buf,sizeof(buf)-1,l);
385 if(!rd)
386 continue;

CID 508288: (STRING_NULL)
Passing unterminated string "buf" to "strlen", which expects a null-terminated string.

387 SAFECAT(buf,crlf);
388 rd+=2;
389 gotline=true;
390 }
391 if((mode&TG_CRLF) && buf[rd-1]=='\r') 392 buf[rd++]='\n';
/telgate.cpp: 387 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char **, char *, char *, char *)()
381 l=K_CHAT;
382 if(!(mode&TG_ECHO))
383 l|=K_NOECHO;
384 rd=getstr((char*)buf,sizeof(buf)-1,l);
385 if(!rd)
386 continue;

CID 508288: (STRING_NULL)
Passing unterminated string "buf" to "strlen", which expects a null-terminated string.

387 SAFECAT(buf,crlf);
388 rd+=2;
389 gotline=true;
390 }
391 if((mode&TG_CRLF) && buf[rd-1]=='\r') 392 buf[rd++]='\n';

** CID 508287: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 508287: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()
3121 size_t tmplen = 0;
3122 for(jsuint i = 0; i < count; ++i) { 3123 jsval val;
3124 if(!JS_GetElement(cx, array, i, &val))
3125 break;
3126 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508287: Resource leaks (RESOURCE_LEAK)
Variable "server_user_name" going out of scope leaks the storage it points to.

3127 HANDLE_PENDING(cx, tmp);
3128 strListPush(&send_strings, tmp);
3129 }
3130 free(tmp);
3131 }
3132 }

** CID 508286: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 508286: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()
3121 size_t tmplen = 0;
3122 for(jsuint i = 0; i < count; ++i) { 3123 jsval val;
3124 if(!JS_GetElement(cx, array, i, &val))
3125 break;
3126 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508286: Resource leaks (RESOURCE_LEAK)
Variable "addr" going out of scope leaks the storage it points to.

3127 HANDLE_PENDING(cx, tmp);
3128 strListPush(&send_strings, tmp);
3129 }
3130 free(tmp);
3131 }
3132 }

** CID 508285: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 508285: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()
3121 size_t tmplen = 0;
3122 for(jsuint i = 0; i < count; ++i) { 3123 jsval val;
3124 if(!JS_GetElement(cx, array, i, &val))
3125 break;
3126 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508285: Resource leaks (RESOURCE_LEAK)
Variable "term_type" going out of scope leaks the storage it points to. 3127 HANDLE_PENDING(cx, tmp);

3128 strListPush(&send_strings, tmp);
3129 }
3130 free(tmp);
3131 }
3132 }

** CID 508284: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3041 in js_telnet_gate(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 508284: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3041 in js_telnet_gate(JSContext *, unsigned int, unsigned long *)()
3035 size_t tmplen = 0;
3036 for(jsuint i = 0; i < count; ++i) {
3037 jsval val;
3038 if(!JS_GetElement(cx, array, i, &val)) 3039 break;
3040 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508284: Resource leaks (RESOURCE_LEAK)
Variable "addr" going out of scope leaks the storage it points to.

3041 HANDLE_PENDING(cx, tmp);
3042 strListPush(&send_strings, tmp);
3043 }
3044 free(tmp);
3045 ++argn;
3046 }

** CID 508283: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 508283: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()
3121 size_t tmplen = 0;
3122 for(jsuint i = 0; i < count; ++i) { 3123 jsval val;
3124 if(!JS_GetElement(cx, array, i, &val))
3125 break;
3126 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508283: Resource leaks (RESOURCE_LEAK)
Variable "client_user_name" going out of scope leaks the storage it points to.

3127 HANDLE_PENDING(cx, tmp);
3128 strListPush(&send_strings, tmp);
3129 }
3130 free(tmp);
3131 }
3132 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3Dbu0M_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZNG0uf3i6p71oTc15oH-2BfpO28bQfsz9QVBH3Gtyw7JI9gEMaDnmdnDolPrFN6u9WaZmPVFWjRjCPjNCgu0p853ViRUnY3jw7qF-2FmF-2FRD-2BDN3Me1aa8H00Bk6GPSZ1Hw1-2FmiCWeADspXOcpcxao-2F3gS8JgnOAEga0TIePnt023yjQ-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

5 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 509555: Null pointer dereferences (FORWARD_NULL)
/js_filebase.c: 1307 in js_update_file()


________________________________________________________________________________________________________
*** CID 509555: Null pointer dereferences (FORWARD_NULL)
/js_filebase.c: 1307 in js_update_file()
1301 char* extdesc = NULL;
1302 char* auxdata = NULL;
1303 rc=JS_SUSPENDREQUEST(cx);
1304 if(filename != NULL && fileobj != NULL
1305 && (p->smb_result = smb_loadfile(&p->smb, filename, &file, file_detail_extdesc)) == SMB_SUCCESS) {
1306 p->smb_result = parse_file_properties(cx, fileobj, &file, &extdesc, &auxdata);

CID 509555: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "file.name" to "strcmp", which dereferences it. 1307 if(p->smb_result == SMB_SUCCESS

1308 && strcmp(filename, file.name) != 0 && smb_findfile(&p->smb, file.name, NULL) == SMB_SUCCESS) {
1309 JS_ReportError(cx, "file (%s) already exists in base", file.name);
1310 p->smb_result = SMB_DUPE_MSG;
1311 }
1312 if(p->smb_result == SMB_SUCCESS

** CID 509554: Memory - illegal accesses (STRING_NULL)
/smbutil.c: 633 in dumpindex()


________________________________________________________________________________________________________
*** CID 509554: Memory - illegal accesses (STRING_NULL)
/smbutil.c: 633 in dumpindex()
627 ,xpDate_to_isoDateStr(time_to_xpDate(idx.time), "-", tmp, sizeof(tmp)));
628 if(smb_msg_type(idx.attr) == SMB_MSG_TYPE_FILE && idxreclen == sizeof(fileidxrec_t)) {
629 fileidxrec_t fidx;
630 fseek(smb.sid_fp,((start-1L) + l) * idxreclen,SEEK_SET);
631 if(!fread(&fidx,sizeof(fidx),1,smb.sid_fp))
632 break;

CID 509554: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "fidx.name" to "printf", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

633 printf(" %02X %.*s", fidx.hash.flags, (int)sizeof(fidx.name), fidx.name);
634 }
635 printf("\n");
636 l++;
637 }
638 }

** CID 509553: Control flow issues (NESTING_INDENT_MISMATCH)
/js_filebase.c: 1335 in js_update_file()


________________________________________________________________________________________________________
*** CID 509553: Control flow issues (NESTING_INDENT_MISMATCH)
/js_filebase.c: 1335 in js_update_file()
1329 } else {
1330 if(file.extdesc != NULL)
1331 truncsp(file.extdesc);
1332 if(!readd_always && strcmp(extdesc ? extdesc : "", file.extdesc ? file.extdesc : "") == 0
1333 && strcmp(auxdata ? auxdata : "", file.auxdata ? file.auxdata : "") == 0)
1334 p->smb_result = smb_putfile(&p->smb, &file);

CID 509553: Control flow issues (NESTING_INDENT_MISMATCH)
This 'if' statement is indented to column 41, as if it were nested within the preceding parent statement, but it is not.

1335 if(p->smb_result != SMB_SUCCESS)
1336 JS_ReportError(cx, "%d writing '%s'", p->smb_result, file.name);
1337 else {
1338 if((p->smb_result = smb_removefile_by_name(&p->smb, filename)) == SMB_SUCCESS) {
1339 if(readd_always)
1340 file.hdr.when_imported.time = 0; // we want the file to appear as "new"

** CID 509552: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 244 in smb_findfile()


________________________________________________________________________________________________________
*** CID 509552: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 244 in smb_findfile()
238 if(smb_fread(smb, &fidx, sizeof(fidx), smb->sid_fp) != sizeof(fidx))
239 break;
240
241 f->idx_offset = offset++;
242
243 if(filename != NULL) {

CID 509552: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "fidx.name" to "strcasecmp", which expects a null-terminated string.

244 if(stricmp(fidx.name, fname) != 0)
245 continue;
246 f->file_idx = fidx;
247 return SMB_SUCCESS;
248 }
249

** CID 509551: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 441 in smb_removefile()


________________________________________________________________________________________________________
*** CID 509551: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 441 in smb_removefile()
435 free(fidx);
436 smb_unlocksmbhdr(smb);
437 return SMB_ERR_READ;
438 }
439 rewind(smb->sid_fp);
440 for(uint32_t i = 0; i < smb->status.total_files; i++) { >>> CID 509551: Memory - illegal accesses (STRING_NULL)

Passing unterminated string "fidx[i].name" to "strcasecmp", which expects a null-terminated string.

441 if(stricmp(fidx[i].name, fname) == 0) {
442 removed++;
443 continue;
444 }
445 if(fwrite(fidx + i, sizeof(*fidx), 1, smb->sid_fp) != 1) {
446 safe_snprintf(smb->last_error, sizeof(smb->last_error), "%s re-writing index"


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DpoPN_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZXJOgCi8IFr2wp43pRrORx9tzLYjX2Y-2FSYnzacVgdrC5ToyfEd02kRU0czfft4zgHvFTf4l2icBGvZtBDP8972Z-2BLrNSb7QqVDHjYiK23CNzZR9MLbzXh1WOITpsswqNS5z337vFuU-2BJOMvO3veuWFvtJ3Xwk9mN-2FsudyolEK5nw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net