• New Defects reported by Coverity Scan for Synchronet

    From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Saturday, December 09, 2023 13:46:36
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    5 new defect(s) introduced to Synchronet found with Coverity Scan.
    5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 5 of 5 defect(s)


    ** CID 470390: Program hangs (LOCK)
    /viewfile.cpp: 111 in sbbs_t::viewfile(const char *)()


    ________________________________________________________________________________________________________
    *** CID 470390: Program hangs (LOCK)
    /viewfile.cpp: 111 in sbbs_t::viewfile(const char *)()
    105 if(i >= cfg.total_fviews) {
    106 bprintf(text[NonviewableFile], getfname(path));
    107 return false;
    108 }
    109 if((i=external(cmdstr(viewcmd, path, path, NULL), EX_STDIO|EX_SH))!=0) {
    110 errormsg(WHERE,ERR_EXEC,viewcmd,i); /* must have EX_SH to ^C */
    CID 470390: Program hangs (LOCK)
    Returning without unlocking "this->input_thread_mutex".
    111 return false;
    112 }
    113 return true;
    114 }
    115
    116 /****************************************************************************/

    ** CID 470389: (SLEEP)


    ________________________________________________________________________________________________________
    *** CID 470389: (SLEEP)
    /upload.cpp: 84 in sbbs_t::uploadfile(smbmsg_t *)()
    78 safe_snprintf(str,sizeof(str),"attempted to upload %s to %s %s (%s error code %d)"
    79 ,f->name
    80 ,cfg.lib[cfg.dir[f->dir]->lib]->sname,cfg.dir[f->dir]->sname,cfg.ftest[i]->ext
    81 ,result);
    82 logline(LOG_NOTICE,"U!",str);
    83 bprintf(text[FileHadErrors],f->name,cfg.ftest[i]->ext);
    CID 470389: (SLEEP)
    Call to "yesno" might sleep while holding lock "this->input_thread_mutex".
    84 if(!SYSOP || yesno(text[DeleteFileQ]))
    85 remove(path);
    86 return false;
    87 }
    88 SAFEPRINTF(str,"%ssbbsfile.nam",cfg.node_dir);
    89 if((stream=fopen(str,"r"))!=NULL) {
    /upload.cpp: 76 in sbbs_t::uploadfile(smbmsg_t *)()
    70 if(f->desc != NULL)
    71 fprintf(stream, "%s", f->desc);
    72 fclose(stream);
    73 }
    74 // Note: str (%s) is path/to/sbbsfile.des (used to be the description itself)
    75 int result = external(cmdstr(cfg.ftest[i]->cmd, path, str, NULL), EX_OFFLINE);
    CID 470389: (SLEEP)
    Call to "clearline" might sleep while holding lock "this->input_thread_mutex".
    76 clearline();
    77 if(result != 0) {
    78 safe_snprintf(str,sizeof(str),"attempted to upload %s to %s %s (%s error code %d)"
    79 ,f->name
    80 ,cfg.lib[cfg.dir[f->dir]->lib]->sname,cfg.dir[f->dir]->sname,cfg.ftest[i]->ext
    81 ,result);

    ** CID 470388: Program hangs (SLEEP)


    ________________________________________________________________________________________________________
    *** CID 470388: Program hangs (SLEEP)
    /inkey.cpp: 203 in sbbs_t::handle_ctrlkey(char, int)()
    197 }
    198 js_execfile(cmdstr(cfg.hotkey[i]->cmd+1,nulstr,nulstr,tmp), /* startup_dir: */NULL, /* scope: */js_hotkey_glob, js_hotkey_cx, js_hotkey_glob);
    199 } else
    200 external(cmdstr(cfg.hotkey[i]->cmd,nulstr,nulstr,tmp),0);
    201 if(!(sys_status&SS_SPLITP)) {
    202 CRLF;
    CID 470388: Program hangs (SLEEP)
    Call to "restoreline" might sleep while holding lock "this->input_thread_mutex".
    203 restoreline();
    204 }
    205 lncntr=0;
    206 hotkey_inside &= ~(1<<ch);
    207 return(0);
    208 }

    ** CID 470387: Program hangs (LOCK)
    /chat.cpp: 654 in sbbs_t::sysop_page()()


    ________________________________________________________________________________________________________
    *** CID 470387: Program hangs (LOCK)
    /chat.cpp: 654 in sbbs_t::sysop_page()()
    648 ,sys_status&SS_SYSPAGE ? text[On] : text[Off]);
    649 nosound();
    650 }
    651 if(!(sys_status&SS_SYSPAGE))
    652 remove(syspage_semfile);
    653
    CID 470387: Program hangs (LOCK)
    Returning without unlocking "this->input_thread_mutex".
    654 return(true);
    655 }
    656
    657 bprintf(text[SysopIsNotAvailable],cfg.sys_op);
    658
    659 return(false);

    ** CID 470386: Program hangs (LOCK)
    /upload.cpp: 86 in sbbs_t::uploadfile(smbmsg_t *)()


    ________________________________________________________________________________________________________
    *** CID 470386: Program hangs (LOCK)
    /upload.cpp: 86 in sbbs_t::uploadfile(smbmsg_t *)()
    80 ,cfg.lib[cfg.dir[f->dir]->lib]->sname,cfg.dir[f->dir]->sname,cfg.ftest[i]->ext
    81 ,result);
    82 logline(LOG_NOTICE,"U!",str);
    83 bprintf(text[FileHadErrors],f->name,cfg.ftest[i]->ext);
    84 if(!SYSOP || yesno(text[DeleteFileQ]))
    85 remove(path);
    CID 470386: Program hangs (LOCK)
    Returning without unlocking "this->input_thread_mutex".
    86 return false;
    87 }
    88 SAFEPRINTF(str,"%ssbbsfile.nam",cfg.node_dir);
    89 if((stream=fopen(str,"r"))!=NULL) {
    90 if(fgets(str, sizeof(str), stream)) {
    91 truncsp(str);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DH5pk_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrA21pPFXGEfXQOHUavDSOcBiYGiM9SWkNBClk7lfGbusFiEUl9SxTFTJ4pQ4-2BlyM1UpLT55ROOl-2F1zOiBksbquFQPYPy5IMrVblt0Rt7EqhjGmGGXslDjsDDEmF37IS-2FgX2UOIpLYk00zJWe4Ps-2Bw7o9YA3yT5trQhVa4wKyo5Ljw-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Monday, December 11, 2023 13:38:31
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 470457: Incorrect expression (SIZEOF_MISMATCH)
    /umonitor/chat.c: 201 in chat()


    ________________________________________________________________________________________________________
    *** CID 470457: Incorrect expression (SIZEOF_MISMATCH)
    /umonitor/chat.c: 201 in chat()
    195 in=-1;
    196 }
    197
    198 utime(inpath,NULL);
    199 _setcursortype(_NORMALCURSOR);
    200 while(1) {
    CID 470457: Incorrect expression (SIZEOF_MISMATCH)
    Passing argument "&ch" of type "int *" and argument "1UL" to function "read" is suspicious because "sizeof (int) /*4*/" is expected.
    201 switch(read(in,&ch,1)) {
    202 case -1:
    203 close(in);
    204 in=-1;
    205 break;
    206


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dn7r8_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrC64hJyXzK3aRg-2FOh461xBPdPC3vMQG8wDm6SWRjPpByDWCbozrDoO3h7iN9haQ83FqvIEsneqqmYW1iHtvLfyFr9U7fTJVs-2FgzA-2B3NTVwG-2FkEOdCKTFxrJHyVvcaeKfjx-2FNRzmWtNl3SJh8ILqS8rD31VNGhVX-2F4wDJ-2F-2FhL0JK9w-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Thursday, December 14, 2023 13:44:11
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    5 new defect(s) introduced to Synchronet found with Coverity Scan.
    6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 5 of 5 defect(s)


    ** CID 470557: Resource leaks (RESOURCE_LEAK)
    /mailsrvr.c: 3122 in smtp_client_thread()


    ________________________________________________________________________________________________________
    *** CID 470557: Resource leaks (RESOURCE_LEAK)
    /mailsrvr.c: 3122 in smtp_client_thread()
    3116 }
    3117
    3118 BOOL* mailproc_to_match = calloc(sizeof(*mailproc_to_match), mailproc_count);
    3119 if(mailproc_to_match == NULL) {
    3120 lprintf(LOG_CRIT,"%04d %s !ERROR allocating memory for mailproc_to_match", socket, client.protocol);
    3121 sockprintf(socket,client.protocol,session,smtp_error, "malloc failure");
    CID 470557: Resource leaks (RESOURCE_LEAK)
    Variable "spy" going out of scope leaks the storage it points to.
    3122 return false;
    3123 }
    3124
    3125 /* SMTP session active: */
    3126
    3127 sockprintf(socket,client.protocol,session,"220 %s Synchronet %s Server %s%c-%s Ready"

    ** CID 470556: (DC.WEAK_CRYPTO)
    /mailsrvr.c: 1157 in pop3_client_thread()
    /mailsrvr.c: 1159 in pop3_client_thread()


    ________________________________________________________________________________________________________
    *** CID 470556: (DC.WEAK_CRYPTO)
    /mailsrvr.c: 1157 in pop3_client_thread()
    1151 memset(&smb,0,sizeof(smb));
    1152 memset(&msg,0,sizeof(msg));
    1153 memset(&user,0,sizeof(user));
    1154 password[0]=0;
    1155
    1156 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */
    CID 470556: (DC.WEAK_CRYPTO)
    "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
    1157 rand(); /* throw-away first result */
    1158 safe_snprintf(challenge,sizeof(challenge),"<%x%x%lx%lx@%.128s>"
    1159 ,rand(),socket,(ulong)time(NULL),(ulong)clock(), server_host_name());
    1160
    1161 sockprintf(socket,client.protocol,session,"+OK Synchronet %s Server %s%c-%s Ready %s"
    1162 ,client.protocol, VERSION, REVISION, PLATFORM_DESC, challenge);
    /mailsrvr.c: 1159 in pop3_client_thread()
    1153 memset(&user,0,sizeof(user));
    1154 password[0]=0;
    1155
    1156 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */
    1157 rand(); /* throw-away first result */
    1158 safe_snprintf(challenge,sizeof(challenge),"<%x%x%lx%lx@%.128s>"
    CID 470556: (DC.WEAK_CRYPTO)
    "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
    1159 ,rand(),socket,(ulong)time(NULL),(ulong)clock(), server_host_name());
    1160
    1161 sockprintf(socket,client.protocol,session,"+OK Synchronet %s Server %s%c-%s Ready %s"
    1162 ,client.protocol, VERSION, REVISION, PLATFORM_DESC, challenge);
    1163
    1164 /* Requires USER or APOP command first */

    ** CID 470555: Error handling issues (CHECKED_RETURN)
    /mailsrvr.c: 1089 in pop3_client_thread()


    ________________________________________________________________________________________________________
    *** CID 470555: Error handling issues (CHECKED_RETURN)
    /mailsrvr.c: 1089 in pop3_client_thread()
    1083 if ((stat=cryptSetAttribute(session, CRYPT_SESSINFO_PRIVATEKEY, scfg.tls_certificate)) != CRYPT_OK) {
    1084 unlock_ssl_cert();
    1085 GCESH(stat, client.protocol, socket, host_ip, session, "setting private key");
    1086 return false;
    1087 }
    1088 nodelay = TRUE;
    CID 470555: Error handling issues (CHECKED_RETURN)
    Calling "setsockopt(socket, IPPROTO_TCP, 1, (char *)&nodelay, 4U)" without checking return value. This library function may fail and return an error code.
    1089 setsockopt(socket,IPPROTO_TCP,TCP_NODELAY,(char*)&nodelay,sizeof(nodelay));
    1090 nb=0;
    1091 ioctlsocket(socket,FIONBIO,&nb);
    1092 if ((stat = cryptSetAttribute(session, CRYPT_SESSINFO_NETWORKSOCKET, socket)) != CRYPT_OK) {
    1093 unlock_ssl_cert();
    1094 GCESH(stat, client.protocol, socket, host_ip, session, "setting session socket");

    ** CID 470554: Resource leaks (RESOURCE_LEAK)
    /mailsrvr.c: 3122 in smtp_client_thread()


    ________________________________________________________________________________________________________
    *** CID 470554: Resource leaks (RESOURCE_LEAK)
    /mailsrvr.c: 3122 in smtp_client_thread()
    3116 }
    3117
    3118 BOOL* mailproc_to_match = calloc(sizeof(*mailproc_to_match), mailproc_count);
    3119 if(mailproc_to_match == NULL) {
    3120 lprintf(LOG_CRIT,"%04d %s !ERROR allocating memory for mailproc_to_match", socket, client.protocol);
    3121 sockprintf(socket,client.protocol,session,smtp_error, "malloc failure");
    CID 470554: Resource leaks (RESOURCE_LEAK)
    Variable "rcptlst" going out of scope leaks the storage it points to. 3122 return false;
    3123 }
    3124
    3125 /* SMTP session active: */
    3126
    3127 sockprintf(socket,client.protocol,session,"220 %s Synchronet %s Server %s%c-%s Ready"

    ** CID 470553: (DC.WEAK_CRYPTO)
    /mailsrvr.c: 4204 in smtp_client_thread()
    /mailsrvr.c: 3078 in smtp_client_thread()
    /mailsrvr.c: 3079 in smtp_client_thread()


    ________________________________________________________________________________________________________
    *** CID 470553: (DC.WEAK_CRYPTO)
    /mailsrvr.c: 4204 in smtp_client_thread()
    4198 }
    4199 if(!stricmp(buf,"AUTH CRAM-MD5")) {
    4200 ZERO_VAR(relay_user);
    4201 listRemoveTaggedNode(&current_logins, socket, /* free_data */TRUE);
    4202
    4203 safe_snprintf(challenge,sizeof(challenge),"<%x%x%lx%lx@%s>"
    CID 470553: (DC.WEAK_CRYPTO)
    "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
    4204 ,rand(),socket,(ulong)time(NULL),(ulong)clock(),server_host_name());
    4205 #if 0
    4206 lprintf(LOG_DEBUG,"%04d SMTP CRAM-MD5 challenge: %s"
    4207 ,socket,challenge);
    4208 #endif
    4209 b64_encode(str,sizeof(str),challenge,strlen(challenge));
    /mailsrvr.c: 3078 in smtp_client_thread()
    3072 }
    3073 SAFEPRINTF(spam.file,"%sspam",scfg.data_dir);
    3074 spam.retry_time=scfg.smb_retry_time;
    3075 spam.subnum=INVALID_SUB;
    3076
    3077 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */
    CID 470553: (DC.WEAK_CRYPTO)
    "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
    3078 rand(); /* throw-away first result */
    3079 SAFEPRINTF4(session_id,"%x%x%x%lx",getpid(),socket,rand(),(long)clock());
    3080 lprintf(LOG_DEBUG,"%04d %s [%s] Session ID=%s", socket, client.protocol, host_ip, session_id);
    3081 SAFEPRINTF3(msgtxt_fname,"%sSBBS_%s.%s.msg", scfg.temp_dir, client.protocol, session_id);
    3082 SAFEPRINTF3(newtxt_fname,"%sSBBS_%s.%s.new", scfg.temp_dir, client.protocol, session_id);
    3083 SAFEPRINTF3(logtxt_fname,"%sSBBS_%s.%s.log", scfg.temp_dir, client.protocol, session_id);
    /mailsrvr.c: 3079 in smtp_client_thread()
    3073 SAFEPRINTF(spam.file,"%sspam",scfg.data_dir);
    3074 spam.retry_time=scfg.smb_retry_time;
    3075 spam.subnum=INVALID_SUB;
    3076
    3077 srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId())); /* seed random number generator */
    3078 rand(); /* throw-away first result */
    CID 470553: (DC.WEAK_CRYPTO)
    "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
    3079 SAFEPRINTF4(session_id,"%x%x%x%lx",getpid(),socket,rand(),(long)clock());
    3080 lprintf(LOG_DEBUG,"%04d %s [%s] Session ID=%s", socket, client.protocol, host_ip, session_id);
    3081 SAFEPRINTF3(msgtxt_fname,"%sSBBS_%s.%s.msg", scfg.temp_dir, client.protocol, session_id);
    3082 SAFEPRINTF3(newtxt_fname,"%sSBBS_%s.%s.new", scfg.temp_dir, client.protocol, session_id);
    3083 SAFEPRINTF3(logtxt_fname,"%sSBBS_%s.%s.log", scfg.temp_dir, client.protocol, session_id);
    3084 SAFEPRINTF3(rcptlst_fname,"%sSBBS_%s.%s.lst", scfg.temp_dir, client.protocol, session_id);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DMQd3_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCHTmGHVnVaZLqSbII6djd5LCfNN4WsVVM-2FraC40TFEmwnFiU15BSJwMmbqsO51yAB8H1Xj6zJDPHok6MSfH6DLipAvEvqiECGEj92Ja08CPuUfomEyNGrm6oICWjy04z9LEXD-2FV3t10gYjDHAgXUzBxC2US2YfoE3y-2FXo4-2F5AMeg-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Monday, December 18, 2023 13:39:50
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 470929: Error handling issues (CHECKED_RETURN)
    /js_system.c: 1474 in js_filter_ip()


    ________________________________________________________________________________________________________
    *** CID 470929: Error handling issues (CHECKED_RETURN)
    /js_system.c: 1474 in js_filter_ip()
    1468 js_system_private_t* sys;
    1469 if((sys = (js_system_private_t*)js_GetClassPrivate(cx,obj,&js_system_class))==NULL)
    1470 return JS_FALSE;
    1471
    1472 for(i=0; i<argc && fname == NULL; i++) {
    1473 if(JSVAL_IS_NUMBER(argv[i])) {
    CID 470929: Error handling issues (CHECKED_RETURN)
    Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 261 out of 293 times).
    1474 JS_ValueToInt32(cx, argv[i], &duration);
    1475 continue;
    1476 }
    1477 if(!JSVAL_IS_STRING(argv[i]))
    1478 continue;
    1479 JSVALUE_TO_MSTRING(cx, argv[i], p, NULL);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dx5vI_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrD-2FFZVvmg9UFbNVSslGQHixwK2gY0JhpVYuBk-2BPEk2wVNUawfpNFUquIquIwrbnMLyXyOL-2Bbdyy88jhCHaZkpnLltM6SvZPalWR8uvzHGJLXvipDKrDTZ6KfbbjJDM-2B9TK-2Bfg-2Bntn7n3JXz8-2BbuvXtlotoQiRFNfFKyqSao3USU5A-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Thursday, December 21, 2023 15:17:37
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 471381: Null pointer dereferences (NULL_RETURNS)
    /ssl.c: 412 in get_ssl_cert()


    ________________________________________________________________________________________________________
    *** CID 471381: Null pointer dereferences (NULL_RETURNS)
    /ssl.c: 412 in get_ssl_cert()
    406
    407 if(!do_cryptInit())
    408 return -1;
    409 ssl_sync(cfg);
    410 lock_ssl_cert_write();
    411 cert_entry = malloc(sizeof(*cert_entry));
    CID 471381: Null pointer dereferences (NULL_RETURNS)
    Dereferencing "cert_entry", which is known to be "NULL".
    412 cert_entry->sess = -1;
    413 cert_entry->epoch = cert_epoch;
    414 cert_entry->next = NULL;
    415
    416 /* Get the certificate... first try loading it from a file... */
    417 if(cryptStatusOK(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, cert_path, CRYPT_KEYOPT_READONLY))) {


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DNVYG_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAIQBrbLtBWXBu7NOIgqUVW-2FO9u7UhLy-2BFNLgqIU41zpqPfBM73Awa3dQxk3-2F184GO6VUS7KkG6sPhNBuQiQ4Keqf56uFZ5RoDxe4X35uihMatLZZvu1DTj5op2mLHIzl6CugzzedJw-2FjcHjqyoRYDdN5cjuB-2Bi1UXQGnATKvNQkg-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tuesday, December 26, 2023 13:39:07
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 471656: Memory - corruptions (OVERRUN)


    ________________________________________________________________________________________________________
    *** CID 471656: Memory - corruptions (OVERRUN) /tmp/sbbs-Dec-26-2023/src/smblib/smbfile.c: 367 in smb_addfile_withlist()
    361
    362 if(list != NULL && *list != NULL) {
    363 size_t size = strListCount(list) * 1024;
    364 auxdata = calloc(1, size);
    365 if(auxdata == NULL)
    366 return SMB_ERR_MEM;
    CID 471656: Memory - corruptions (OVERRUN)
    Calling "strListCombine" with "auxdata" and "size - 1UL" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.
    367 strListCombine(list, auxdata, size - 1, "\r\n");
    368 }
    369 result = smb_addfile(smb, file, storage, extdesc, auxdata, path);
    370 free(auxdata);
    371 return result;
    372 }


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D2BKI_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCT6x0GAlc7xThQfLCGiCZdmR4qZP1NcowX1yNXO3dy1e3iYdu3LqPMf8Ps-2BXyXIS9z1-2BExxr9YuMCEQ-2FkgG8-2FT0EoCNRZOLQUTkkQaenBh-2FjMptDjEjYYaLSTPN90hBdPvbODU2Cx91ZtvmuRMrZszCSUsoWukacGJvvm4ij2thw-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Saturday, December 30, 2023 13:39:01
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    2 new defect(s) introduced to Synchronet found with Coverity Scan.
    3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 2 of 2 defect(s)


    ** CID 476254: (NULL_RETURNS) /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 505 in getChannelAttribute()
    /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 517 in getChannelAttribute()
    /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 511 in getChannelAttribute()
    /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 525 in getChannelAttribute()


    ________________________________________________________________________________________________________
    *** CID 476254: (NULL_RETURNS) /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 505 in getChannelAttribute()
    499 if( isNullChannel( channelInfoPtr ) )
    500 return( CRYPT_ERROR_NOTFOUND );
    501 *value = channelInfoPtr->channelID;
    502 return( CRYPT_OK );
    503
    504 case CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE:
    CID 476254: (NULL_RETURNS)
    Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
    505 if( isNullChannel( writeChannelInfoPtr ) )
    506 return( CRYPT_ERROR_NOTFOUND );
    507 *value = isActiveChannel( writeChannelInfoPtr ) ? TRUE : FALSE;
    508 return( CRYPT_OK );
    509
    510 case CRYPT_SESSINFO_SSH_CHANNEL_OPEN: /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 517 in getChannelAttribute()
    511 if( isNullChannel( writeChannelInfoPtr ) )
    512 return( CRYPT_ERROR_NOTFOUND );
    513 *value = ( writeChannelInfoPtr->flags & CHANNEL_FLAG_READCLOSED ) ? FALSE : TRUE;
    514 return( CRYPT_OK );
    515
    516 case CRYPT_SESSINFO_SSH_CHANNEL_WIDTH:
    CID 476254: (NULL_RETURNS)
    Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
    517 if( isNullChannel( writeChannelInfoPtr ) )
    518 return( CRYPT_ERROR_NOTFOUND );
    519 if (writeChannelInfoPtr->width == 0)
    520 return CRYPT_ERROR_NOTFOUND;
    521 *value = channelInfoPtr->width;
    522 return( CRYPT_OK ); /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 511 in getChannelAttribute()
    505 if( isNullChannel( writeChannelInfoPtr ) )
    506 return( CRYPT_ERROR_NOTFOUND );
    507 *value = isActiveChannel( writeChannelInfoPtr ) ? TRUE : FALSE;
    508 return( CRYPT_OK );
    509
    510 case CRYPT_SESSINFO_SSH_CHANNEL_OPEN:
    CID 476254: (NULL_RETURNS)
    Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
    511 if( isNullChannel( writeChannelInfoPtr ) )
    512 return( CRYPT_ERROR_NOTFOUND );
    513 *value = ( writeChannelInfoPtr->flags & CHANNEL_FLAG_READCLOSED ) ? FALSE : TRUE;
    514 return( CRYPT_OK );
    515
    516 case CRYPT_SESSINFO_SSH_CHANNEL_WIDTH: /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 525 in getChannelAttribute()
    519 if (writeChannelInfoPtr->width == 0)
    520 return CRYPT_ERROR_NOTFOUND;
    521 *value = channelInfoPtr->width;
    522 return( CRYPT_OK );
    523
    524 case CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT:
    CID 476254: (NULL_RETURNS)
    Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
    525 if( isNullChannel( writeChannelInfoPtr ) )
    526 return( CRYPT_ERROR_NOTFOUND );
    527 if (writeChannelInfoPtr->height == 0)
    528 return CRYPT_ERROR_NOTFOUND;
    529 *value = channelInfoPtr->height;
    530 return( CRYPT_OK );

    ** CID 476253: Resource leaks (RESOURCE_LEAK)
    /jsdebug.c: 335 in script_debug_prompt()


    ________________________________________________________________________________________________________
    *** CID 476253: Resource leaks (RESOURCE_LEAK)
    /jsdebug.c: 335 in script_debug_prompt()
    329 JS_SetInterrupt(JS_GetRuntime(dbg->cx), finish_handler, NULL);
    330 return DEBUG_CONTINUE;
    331 }
    332 if(strncmp(line, "quit\n", 5)==0 ||
    333 strncmp(line, "q\n", 2)==0
    334 ) {
    CID 476253: Resource leaks (RESOURCE_LEAK)
    Variable "line" going out of scope leaks the storage it points to.
    335 return (DEBUG_EXIT);
    336 }
    337 if(strncmp(line, "eval ", 5)==0 ||
    338 strncmp(line, "e ", 2)==0
    339 ) {
    340 jsval ret;


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dk6EJ_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrA-2FX8i-2FapdB1BvZRHSxZvnvG9Gt4EGgnMOyOKJdrt0Ow7WO8U9rY3qdLrGQhhG9KhbgCqQ-2BdjF-2FCZbP8g3Gc1r4QsbMjorELhC-2FfCV8hEXjaVc-2BoAqZ2-2FQeAkDjxFrK3m04is-2FE5aOQcl1hrivcYLiwVEHyHlsUWiqdJNrqtFX4OA-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tuesday, January 09, 2024 13:51:54
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 477525: Error handling issues (CHECKED_RETURN)
    /ssl.c: 413 in get_ssl_cert()


    ________________________________________________________________________________________________________
    *** CID 477525: Error handling issues (CHECKED_RETURN)
    /ssl.c: 413 in get_ssl_cert()
    407 CRYPT_CERTIFICATE ssl_cert;
    408 char sysop_email[sizeof(cfg->sys_inetaddr)+6];
    409 struct cert_list *cert_entry;
    410
    411 if(!do_cryptInit(lprintf))
    412 return -1;
    CID 477525: Error handling issues (CHECKED_RETURN)
    Calling "ssl_sync" without checking return value (as is done elsewhere 6 out of 7 times).
    413 ssl_sync(cfg, lprintf);
    414 lock_ssl_cert_write();
    415 cert_entry = malloc(sizeof(*cert_entry));
    416 if(cert_entry == NULL) {
    417 unlock_ssl_cert_write(lprintf);
    418 free(cert_entry);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DG04V_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDEpEnmlDe-2FjbKZ4LOKbSyZqFRJl-2FW97DzLqL9YhzmfB5NVnMDaFqAVAu8sqMXAtM7gluOaLuz78sK9hLjatBB8CSJ6nN9iJHgKoglAvkWzF0D2D3-2FP2KvQ4r0FVsLXVQDobxZi1VHS1fHv1o1JN4QuvSLew5iAWvpjb3EkIuqiHp61IxzA0v1Q4zB-2F2vdQH-2Fs-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wednesday, January 24, 2024 13:43:19
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    40 new defect(s) introduced to Synchronet found with Coverity Scan.
    65 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 20 of 40 defect(s)


    ** CID 479110: Program hangs (LOCK)
    /pack_qwk.cpp: 753 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()


    ________________________________________________________________________________________________________
    *** CID 479110: Program hangs (LOCK)
    /pack_qwk.cpp: 753 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
    747 if(flength(packet) < 1) {
    748 remove(packet);
    749 if((i = external(cmdstr(temp_cmd(),packet,path,NULL), ex|EX_WILDCARD)) != 0)
    750 errormsg(WHERE,ERR_EXEC,cmdstr(temp_cmd(),packet,path,NULL),i);
    751 if(flength(packet) < 1) {
    752 bputs(text[QWKCompressionFailed]);
    CID 479110: Program hangs (LOCK)
    Returning without unlocking "this->input_thread_mutex".
    753 return(false);
    754 }
    755 }
    756
    757 if(!prepack && useron.rest&FLAG('Q')) {
    758 dir=opendir(cfg.temp_dir);

    ** CID 479109: (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 349 in readPkiStatusInfo() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 364 in readPkiStatusInfo()


    ________________________________________________________________________________________________________
    *** CID 479109: (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 349 in readPkiStatusInfo() 343 ( status, errorInfo,
    344 "Invalid PKI status string" ) );
    345 }
    346 hasErrorMessage = TRUE;
    347 }
    348 if( cryptStatusError( status ) )
    CID 479109: (DEADCODE)
    Execution cannot reach this statement: "return status;".
    349 return( status ); /* Residual error from peekTag() */
    350
    351 /* Read the failure information */
    352 if( checkStatusLimitsPeekTag( stream, status, tag, endPos ) && \
    353 tag == BER_BITSTRING )
    354 {
    /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 364 in readPkiStatusInfo() 358 retExt( status,
    359 ( status, errorInfo,
    360 "Invalid PKI failure information" ) );
    361 }
    362 }
    363 if( cryptStatusError( status ) )
    CID 479109: (DEADCODE)
    Execution cannot reach this statement: "return status;".
    364 return( status ); /* Residual error from peekTag() */
    365
    366 /* If everything's OK, we're done */
    367 if( cmpStatusOK( errorCode ) )
    368 return( CRYPT_OK );
    369

    ** CID 479108: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/context/ctx_attr.c: 425 in getContextAttributeS()


    ________________________________________________________________________________________________________
    *** CID 479108: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/context/ctx_attr.c: 425 in getContextAttributeS()
    419 out */
    420 return( attributeCopy( msgData, contextInfoPtr->ctxPKC->publicKeyInfo,
    421 contextInfoPtr->ctxPKC->publicKeyInfoSize ) );
    422 }
    423 STDC_FALLTHROUGH;
    424
    CID 479108: Control flow issues (MISSING_BREAK)
    The case for value "CRYPT_CTXINFO_SSH_PUBLIC_KEY" is not terminated by a "break" statement.
    425 case CRYPT_CTXINFO_SSH_PUBLIC_KEY:
    426 if ( needsKey( contextInfoPtr ) )
    427 return CRYPT_ERROR_NOTFOUND;
    428 if (contextType != CONTEXT_PKC)
    429 return CRYPT_ERROR_NOTFOUND;
    430 case CRYPT_IATTRIBUTE_KEY_PGP:

    ** CID 479107: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 857 in activateSession()


    ________________________________________________________________________________________________________
    *** CID 479107: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 857 in activateSession() 851 {
    852 const SES_ACTIVATESUBPROTOCOL_FUNCTION activateSubprotocolFunction = \
    853 ( SES_ACTIVATESUBPROTOCOL_FUNCTION ) \
    854 FNPTR_GET( sessionInfoPtr->activateInnerSubprotocolFunction );
    855 REQUIRES( activateSubprotocolFunction != NULL );
    856
    CID 479107: Control flow issues (DEADCODE)
    Execution cannot reach this statement: "status = activateSubprotoco...".
    857 status = activateSubprotocolFunction( sessionInfoPtr );
    858 if( cryptStatusError( status ) )
    859 return( status );
    860
    861 /* Record the fact that the layered protocol has been
    862 activated */

    ** CID 479106: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/scvp_cli.c: 621 in readScvpResponse()


    ________________________________________________________________________________________________________
    *** CID 479106: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/scvp_cli.c: 621 in readScvpResponse() 615 assert( isWritePtr( stream, sizeof( STREAM ) ) );
    616 assert( isWritePtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) ); 617 assert( isWritePtr( protocolInfo, sizeof( SCVP_PROTOCOL_INFO ) ) );
    618
    619 /* Skip the wrapper, version, and server configuration ID */ 620 readSequence( stream, NULL );
    CID 479106: Error handling issues (CHECKED_RETURN)
    Calling "readShortIntegerTag" without checking return value (as is done elsewhere 36 out of 45 times).
    621 readShortInteger( stream, &value );
    622 status = readShortInteger( stream, &value );
    623 if( cryptStatusError( status ) )
    624 {
    625 retExt( status,
    626 ( status, SESSION_ERRINFO,

    ** CID 479105: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1030 in closeSession()


    ________________________________________________________________________________________________________
    *** CID 479105: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1030 in closeSession() 1024 #if defined( USE_WEBSOCKETS ) || defined( USE_EAP )
    1025 if( sessionInfoPtr->subProtocol != CRYPT_SUBPROTOCOL_NONE ) 1026 {
    1027 /* If there's an inner protocol present, shut that down as well */
    1028 if( FNPTR_ISSET( sessionInfoPtr->closeInnerSubprotocolFunction ) )
    1029 {
    CID 479105: Control flow issues (DEADCODE)
    Execution cannot reach the expression "sessionInfoPtr->closeInnerSubprotocolFunction.fnPtr" inside this statement: "closeSubprotocolFunction = ...".
    1030 const SES_CLOSESUBPROTOCOL_FUNCTION closeSubprotocolFunction = \
    1031 ( SES_CLOSESUBPROTOCOL_FUNCTION ) \
    1032 FNPTR_GET( sessionInfoPtr->closeInnerSubprotocolFunction );
    1033 REQUIRES( closeSubprotocolFunction != NULL ); 1034
    1035 ( void ) closeSubprotocolFunction( sessionInfoPtr );

    ** CID 479104: (BAD_SHIFT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar()


    ________________________________________________________________________________________________________
    *** CID 479104: (BAD_SHIFT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar()
    214 non-char values can only be accessed on word-aligned boundaries */
    215 LOOP_SMALL( i = 0, i < WCHAR_SIZE, i++ )
    216 {
    217 ENSURES_EXT( LOOP_INVARIANT_SMALL( i, 0, WCHAR_SIZE - 1 ), 0 );
    218
    219 #ifdef DATA_LITTLEENDIAN
    CID 479104: (BAD_SHIFT)
    In expression "string[i] << shiftAmt", left shifting by more than 31 bits has undefined behavior. The shift amount, "shiftAmt", is at least 72.
    220 ch |= string[ i ] << shiftAmt;
    221 shiftAmt += 8;
    222 #else
    223 ch = ( ch << 8 ) | string[ i ];
    224 #endif /* DATA_LITTLEENDIAN */
    225 }
    /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar()
    214 non-char values can only be accessed on word-aligned boundaries */
    215 LOOP_SMALL( i = 0, i < WCHAR_SIZE, i++ )
    216 {
    217 ENSURES_EXT( LOOP_INVARIANT_SMALL( i, 0, WCHAR_SIZE - 1 ), 0 );
    218
    219 #ifdef DATA_LITTLEENDIAN
    CID 479104: (BAD_SHIFT)
    In expression "string[i] << shiftAmt", left shifting by more than 31 bits has undefined behavior. The shift amount, "shiftAmt", is at least 72.
    220 ch |= string[ i ] << shiftAmt;
    221 shiftAmt += 8;
    222 #else
    223 ch = ( ch << 8 ) | string[ i ];
    224 #endif /* DATA_LITTLEENDIAN */
    225 }

    ** CID 479103: (SLEEP)


    ________________________________________________________________________________________________________
    *** CID 479103: (SLEEP)
    /pack_rep.cpp: 120 in sbbs_t::pack_rep(unsigned int)()
    114 /*********************/
    115 /* Pack new messages */
    116 /*********************/
    117 SAFEPRINTF(smb.file,"%smail",cfg.data_dir);
    118 smb.retry_time=cfg.smb_retry_time;
    119 smb.subnum=INVALID_SUB;
    CID 479103: (SLEEP)
    Call to "smb_open" might sleep while holding lock "this->input_thread_mutex".
    120 if((i=smb_open(&smb))!=0) {
    121 fclose(rep);
    122 if(hdrs!=NULL)
    123 fclose(hdrs);
    124 if(voting!=NULL)
    125 fclose(voting);
    /pack_rep.cpp: 112 in sbbs_t::pack_rep(unsigned int)()
    106 errormsg(WHERE,ERR_CREATE,str,0);
    107 }
    108 if(!(cfg.qhub[hubnum]->misc&QHUB_NOVOTING)) {
    109 SAFEPRINTF(str,"%sVOTING.DAT",cfg.temp_dir);
    110 fexistcase(str);
    111 if((voting=fopen(str,"a"))==NULL)
    CID 479103: (SLEEP)
    Call to "errormsg" might sleep while holding lock "this->input_thread_mutex".
    112 errormsg(WHERE,ERR_CREATE,str,0);
    113 }
    114 /*********************/
    115 /* Pack new messages */
    116 /*********************/
    117 SAFEPRINTF(smb.file,"%smail",cfg.data_dir);
    /pack_rep.cpp: 106 in sbbs_t::pack_rep(unsigned int)()
    100 ,QWK_BLOCK_LEN, hubid_upper); /* So write header */
    101 }
    102 if(!(cfg.qhub[hubnum]->misc&QHUB_NOHEADERS)) {
    103 SAFEPRINTF(str,"%sHEADERS.DAT",cfg.temp_dir);
    104 fexistcase(str);
    105 if((hdrs=fopen(str,"a"))==NULL)
    CID 479103: (SLEEP)
    Call to "errormsg" might sleep while holding lock "this->input_thread_mutex".
    106 errormsg(WHERE,ERR_CREATE,str,0);
    107 }
    108 if(!(cfg.qhub[hubnum]->misc&QHUB_NOVOTING)) {
    109 SAFEPRINTF(str,"%sVOTING.DAT",cfg.temp_dir);
    110 fexistcase(str);
    111 if((voting=fopen(str,"a"))==NULL)

    ** CID 479102: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/enc_dec/asn1_algoenc.c: 662 in readCryptAlgoParams()


    ________________________________________________________________________________________________________
    *** CID 479102: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/enc_dec/asn1_algoenc.c: 662 in readCryptAlgoParams()
    656 RC2_KEYSIZE_MAGIC (corresponding to a 128-bit key) but in
    657 practice this doesn't really matter, we just use whatever we
    658 find inside the PKCS #1 padding */
    659 readSequence( stream, NULL );
    660 if( queryInfo->cryptMode != CRYPT_MODE_CBC ) 661 return( readShortInteger( stream, NULL ) );
    CID 479102: Error handling issues (CHECKED_RETURN)
    Calling "readShortIntegerTag" without checking return value (as is done elsewhere 36 out of 45 times).
    662 readShortInteger( stream, NULL );
    663 return( readOctetString( stream, queryInfo->iv, 664 &queryInfo->ivLength,
    665 MIN_IVSIZE, CRYPT_MAX_IVSIZE ) );
    666 #endif /* USE_RC2 */
    667

    ** CID 479101: (CHECKED_RETURN)
    /ssl.c: 353 in internal_do_cryptInit()
    /ssl.c: 345 in internal_do_cryptInit()


    ________________________________________________________________________________________________________
    *** CID 479101: (CHECKED_RETURN)
    /ssl.c: 353 in internal_do_cryptInit()
    347 }
    348 ret = cryptGetAttributeString(CRYPT_UNUSED, CRYPT_OPTION_INFO_PATCHES, patches, &stp);
    349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) {
    350 cryptInit_error = ret;
    351 cryptlib_initialized = false;
    352 cryptEnd();
    CID 479101: (CHECKED_RETURN)
    Calling "asprintf" without checking return value (as is done elsewhere 19 out of 21 times).
    353 asprintf(&cryptfail, "Incorrect cryptlib patch set %.32s (expected %s)", patches, CRYPTLIB_PATCHES);
    354 return;
    355 }
    356 return;
    357 }
    358
    /ssl.c: 345 in internal_do_cryptInit()
    339 }
    340 tmp = (maj * 100) + (min * 10) + stp;
    341 if (tmp != CRYPTLIB_VERSION) {
    342 cryptInit_error = CRYPT_ERROR_INVALID;
    343 cryptlib_initialized = false;
    344 cryptEnd();
    CID 479101: (CHECKED_RETURN)
    Calling "asprintf" without checking return value (as is done elsewhere 19 out of 21 times).
    345 asprintf(&cryptfail, "Incorrect cryptlib version %d (expected %d)", tmp, CRYPTLIB_VERSION);
    346 return;
    347 }
    348 ret = cryptGetAttributeString(CRYPT_UNUSED, CRYPT_OPTION_INFO_PATCHES, patches, &stp);
    349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) {
    350 cryptInit_error = ret;

    ** CID 479100: (ATOMICITY)
    /ssl.c: 659 in destroy_session()
    /ssl.c: 659 in destroy_session()


    ________________________________________________________________________________________________________
    *** CID 479100: (ATOMICITY)
    /ssl.c: 659 in destroy_session()
    653 lprintf(LOG_ERR, "Unable to unlock cert_epoch_lock for write at %d", __LINE__);
    654 return CRYPT_ERROR_INTERNAL;
    655 }
    656 sess->sess = -1;
    657 pthread_mutex_lock(&ssl_cert_list_mutex);
    658 sess->next = cert_list;
    CID 479100: (ATOMICITY)
    Using an unreliable value of "sess" inside the second locked section. If the data that "sess" depends on was changed by another thread, this use might be incorrect.
    659 cert_list = sess;
    660 pthread_mutex_unlock(&ssl_cert_list_mutex);
    661 ret = cryptDestroySession(csess);
    662 }
    663 else {
    664 if (!rwlock_unlock(&cert_epoch_lock)) {
    /ssl.c: 659 in destroy_session()
    653 lprintf(LOG_ERR, "Unable to unlock cert_epoch_lock for write at %d", __LINE__);
    654 return CRYPT_ERROR_INTERNAL;
    655 }
    656 sess->sess = -1;
    657 pthread_mutex_lock(&ssl_cert_list_mutex);
    658 sess->next = cert_list;
    CID 479100: (ATOMICITY)
    Using an unreliable value of "sess" inside the second locked section. If the data that "sess" depends on was changed by another thread, this use might be incorrect.
    659 cert_list = sess;
    660 pthread_mutex_unlock(&ssl_cert_list_mutex);
    661 ret = cryptDestroySession(csess);
    662 }
    663 else {
    664 if (!rwlock_unlock(&cert_epoch_lock)) {

    ** CID 479099: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_rdmsg.c: 495 in readResponseBody()


    ________________________________________________________________________________________________________
    *** CID 479099: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_rdmsg.c: 495 in readResponseBody()
    489 ( status, SESSION_ERRINFO,
    490 "Invalid caPubs field in %s", 491 getCMPMessageName( messageType ) ) );
    492 }
    493 }
    494 if( cryptStatusError( status ) )
    CID 479099: Control flow issues (DEADCODE)
    Execution cannot reach this statement: "return status;".
    495 return( status ); /* Residual error from checkStatusPeekTag() */
    496
    497 /* If it's a revocation response then the only returned data is the
    498 status value */
    499 if( protocolInfo->operation == CTAG_PB_RR )
    500 {

    ** CID 479098: Program hangs (LOCK)
    /pack_rep.cpp: 95 in sbbs_t::pack_rep(unsigned int)()


    ________________________________________________________________________________________________________
    *** CID 479098: Program hangs (LOCK)
    /pack_rep.cpp: 95 in sbbs_t::pack_rep(unsigned int)()
    89 if(fexistcase(str))
    90 fmode="r+b";
    91 else
    92 fmode="w+b";
    93 if((rep=fopen(str, fmode))==NULL) {
    94 errormsg(WHERE, ERR_CREATE, str, 0, fmode);
    CID 479098: Program hangs (LOCK)
    Returning without unlocking "this->input_thread_mutex".
    95 return false;
    96 }
    97 fseek(rep, 0, SEEK_END);
    98 if(ftell(rep) < 1) { /* New REP packet */
    99 fprintf(rep, "%-*s"
    100 ,QWK_BLOCK_LEN, hubid_upper); /* So write header */

    ** CID 479097: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1035 in closeSession()


    ________________________________________________________________________________________________________
    *** CID 479097: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1035 in closeSession() 1029 {
    1030 const SES_CLOSESUBPROTOCOL_FUNCTION closeSubprotocolFunction = \
    1031 ( SES_CLOSESUBPROTOCOL_FUNCTION ) \
    1032 FNPTR_GET( sessionInfoPtr->closeInnerSubprotocolFunction );
    1033 REQUIRES( closeSubprotocolFunction != NULL ); 1034
    CID 479097: Control flow issues (DEADCODE)
    Execution cannot reach this statement: "(void)closeSubprotocolFunct...".
    1035 ( void ) closeSubprotocolFunction( sessionInfoPtr );
    1036 }
    1037
    1038 /* If protocol management is handled by an outer protocol, don't
    1039 perform a session shutdown. This is in theory rather nasty in
    1040 that an attacker who can spoof an unsecured outer protocol packet

    ** CID 479096: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 685 in activateConnection()


    ________________________________________________________________________________________________________
    *** CID 479096: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 685 in activateConnection()
    679
    680 /* If there's sub-protocol selected, activate that as well */ 681 #if defined( USE_WEBSOCKETS ) || defined( USE_EAP )
    682 if( sessionInfoPtr->subProtocol != CRYPT_SUBPROTOCOL_NONE && \ 683 FNPTR_ISSET( sessionInfoPtr->activateOuterSubprotocolFunction ) )
    684 {
    CID 479096: Control flow issues (DEADCODE)
    Execution cannot reach the expression "sessionInfoPtr->activateOuterSubprotocolFunction.fnPtr" inside this statement: "activateSubprotocolFunction...".
    685 const SES_ACTIVATESUBPROTOCOL_FUNCTION activateSubprotocolFunction = \
    686 ( SES_ACTIVATESUBPROTOCOL_FUNCTION ) \
    687 FNPTR_GET( sessionInfoPtr->activateOuterSubprotocolFunction );
    688 REQUIRES( activateSubprotocolFunction != NULL );
    689
    690 status = activateSubprotocolFunction( sessionInfoPtr );

    ** CID 479095: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/kernel/selftest.c: 130 in testSafetyMechanisms()


    ________________________________________________________________________________________________________
    *** CID 479095: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/kernel/selftest.c: 130 in testSafetyMechanisms()
    124 tmrIntB |= 0x800;
    125 tmrIntC |= 0x01;
    126 if( TMR_VALID( tmrInt ) || TMR_GET( tmrInt ) != 20 )
    127 return( FALSE );
    128 TMR_SCRUB( tmrInt );
    129 if( tmrIntA != 20 || tmrIntB != 20 || tmrIntC != 20 )
    CID 479095: Control flow issues (DEADCODE)
    Execution cannot reach this statement: "return 0;".
    130 return( FALSE );
    131 CFI_CHECK_UPDATE( "TMR" );
    132
    133 /* Test the overflow-checking mechanisms. These checks will probably
    134 fall prey to optimiser inlining but it'll still statically check that
    135 they work as expected.

    ** CID 479094: (DEADCODE)
    /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 720 in readAttributeCertInfo() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 668 in readAttributeCertInfo() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 641 in readAttributeCertInfo()


    ________________________________________________________________________________________________________
    *** CID 479094: (DEADCODE)
    /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 720 in readAttributeCertInfo() 714 {
    715 return( certErrorReturn( certInfoPtr, "issuer unique ID",
    716 status ) );
    717 }
    718 }
    719 if( cryptStatusError( status ) )
    CID 479094: (DEADCODE)
    Execution cannot reach this statement: "return status;".
    720 return( status ); /* Residual error from peekTag() */
    721
    722 /* If there are no extensions present, we're done */
    723 if( stell( stream ) >= endPos )
    724 return( CRYPT_OK );
    725
    /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 668 in readAttributeCertInfo() 662 if( cryptStatusOK( status ) )
    663 status = readIssuerDN( stream, certInfoPtr ); 664 if( cryptStatusError( status ) )
    665 return( certErrorReturn( certInfoPtr, "issuer name", status ) );
    666 }
    667 if( cryptStatusError( status ) )
    CID 479094: (DEADCODE)
    Execution cannot reach this statement: "return status;".
    668 return( status ); /* Residual error from peekTag() */
    669 if( checkStatusLimitsPeekTag( stream, status, tag, innerEndPos ) && \
    670 tag == MAKE_CTAG( CTAG_AC_ISSUER_BASECERTIFICATEID ) ) 671 {
    672 status = readUniversal( stream );
    673 }
    /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 641 in readAttributeCertInfo() 635 if( cryptStatusOK( status ) )
    636 status = readSubjectDN( stream, certInfoPtr ); 637 if( cryptStatusError( status ) )
    638 return( certErrorReturn( certInfoPtr, "holder name", status ) );
    639 }
    640 if( cryptStatusError( status ) )
    CID 479094: (DEADCODE)
    Execution cannot reach this statement: "return status;".
    641 return( status ); /* Residual error from peekTag() */
    642 if( checkStatusLimitsPeekTag( stream, status, tag, innerEndPos ) && \
    643 tag == MAKE_CTAG( CTAG_AC_HOLDER_OBJECTDIGESTINFO ) ) 644 {
    645 /* This is a complicated structure that in effect encodes a generic
    646 hole reference to "other", for now we just skip it until we can

    ** CID 479093: (DEADCODE)
    /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1779 in openKeyset() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1770 in openKeyset() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1771 in openKeyset()


    ________________________________________________________________________________________________________
    *** CID 479093: (DEADCODE)
    /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1779 in openKeyset()
    1773 break;
    1774
    1775 case CRYPT_KEYSET_HTTP:
    1776 status = setAccessMethodHTTP( keysetInfoPtr ); 1777 break;
    1778
    CID 479093: (DEADCODE)
    Execution cannot reach this statement: "case CRYPT_KEYSET_LDAP:".
    1779 case CRYPT_KEYSET_LDAP:
    1780 status = setAccessMethodLDAP( keysetInfoPtr ); 1781 break;
    1782
    1783 default:
    1784 retIntError(); /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1770 in openKeyset()
    1764 }
    1765
    1766 /* It's a specific type of keyset, set up the access information for it
    1767 and connect to it */
    1768 switch( keysetType )
    1769 {
    CID 479093: (DEADCODE)
    Execution cannot reach this statement: "case CRYPT_KEYSET_DATABASE:". 1770 case CRYPT_KEYSET_DATABASE:
    1771 case CRYPT_KEYSET_DATABASE_STORE:
    1772 status = setAccessMethodDBMS( keysetInfoPtr, keysetType );
    1773 break;
    1774
    1775 case CRYPT_KEYSET_HTTP: /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1771 in openKeyset()
    1765
    1766 /* It's a specific type of keyset, set up the access information for it
    1767 and connect to it */
    1768 switch( keysetType )
    1769 {
    1770 case CRYPT_KEYSET_DATABASE:
    CID 479093: (DEADCODE)
    Execution cannot reach this statement: "case CRYPT_KEYSET_DATABASE_...".
    1771 case CRYPT_KEYSET_DATABASE_STORE:
    1772 status = setAccessMethodDBMS( keysetInfoPtr, keysetType );
    1773 break;
    1774
    1775 case CRYPT_KEYSET_HTTP:
    1776 status = setAccessMethodHTTP( keysetInfoPtr );

    ** CID 479092: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/ext_copy.c: 285 in copyAttribute()


    ________________________________________________________________________________________________________
    *** CID 479092: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/ext_copy.c: 285 in copyAttribute()
    279 if( DATAPTR_ISSET_PTR( newAttributeHeadPtr ) ) 280 deleteAttributes( newAttributeHeadPtr );
    281 return( status );
    282 }
    283
    284 /* Append the new field to the new attribute list */ >>> CID 479092: Resource leaks (RESOURCE_LEAK)
    Variable "newAttributeField" going out of scope leaks the storage it points to.
    285 insertDoubleListElement( newAttributeHeadPtr, newAttributeListTail,
    286 newAttributeField, ATTRIBUTE_LIST );
    287 newAttributeListTail = newAttributeField;
    288 }
    289 ENSURES( LOOP_BOUND_OK );
    290 ENSURES( DATAPTR_ISSET_PTR( newAttributeHeadPtr ) );

    ** CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/ssh2_msgcli.c: 707 in processChannelOpenConfirmation()


    ________________________________________________________________________________________________________
    *** CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/ssh2_msgcli.c: 707 in processChannelOpenConfirmation()
    701 done */
    702 if( serviceType == SERVICE_PORTFORWARD ) {
    703 selectChannel( sessionInfoPtr, origWriteChannelNo, CHANNEL_WRITE );
    704 return( CRYPT_OK );
    705 }
    706
    CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
    "255612575 || channelNo == 0 || !waitforWindow" is always true regardless of the values of its operands. This occurs as the logical operand of "if".
    707 if ( TRUE || channelNo == 0 || !waitforWindow )
    708 {
    709 /* It's a session open request that requires additional messages to do
    710 anything useful, create and send the extra packets. Unlike the
    711 overall open request, we can't wrap and send the packets in one go
    712 because serviceType == SERVICE_SHELL has to send multiple packets,


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D_Ob8_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDXsFtzU0G-2FWPcCSE76ga65FpTOVnlTg2HlohxKy4ePNmfAvcTgQHzRuwjEUPYcoNsjv51yTcWgn-2B5ZoKEZbHKDuJHZyg4oYm-2B85r0HAuyVfWOvaujD7HGzC-2Bi-2BJJr4c31Rz-2B5noR-2FnEcQw4pO0lSZx8Qbg6Ydb9v-2FQISXmWX5vnA-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Thursday, February 01, 2024 13:40:37
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 480410: Uninitialized variables (UNINIT) /tmp/sbbs-Feb-01-2024/src/conio/ciolib.c: 2152 in ciolib_rgb_to_legacyattr()


    ________________________________________________________________________________________________________
    *** CID 480410: Uninitialized variables (UNINIT) /tmp/sbbs-Feb-01-2024/src/conio/ciolib.c: 2152 in ciolib_rgb_to_legacyattr() 2146 }
    2147 }
    2148 }
    2149 }
    2150
    2151 return (bestb << 4) | bestf;
    CID 480410: Uninitialized variables (UNINIT)
    Using uninitialized value "bestf".


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D0Whj_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCGuXH-2F8nbk79WMe2MJx6-2FI9exgVraqIoXRfw5t191-2Fkv7cvlCW07dWiwEkebe6LE7W-2FqT6ZfpHP5InVb8zXpzOgZvf4Ur9-2BJrsFE50Fqk6iSfX0glKX5AlD-2FYPX7BWAafhUDNW6RVuwz3H5dgusXmMWB9WTfpkkhCog7HEgqDjmg-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Sunday, February 04, 2024 15:09:08
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 483188: Memory - corruptions (OVERRUN)
    /ssl.c: 349 in internal_do_cryptInit()


    ________________________________________________________________________________________________________
    *** CID 483188: Memory - corruptions (OVERRUN)
    /ssl.c: 349 in internal_do_cryptInit()
    343 cryptlib_initialized = false;
    344 cryptEnd();
    345 asprintf(&cryptfail, "Incorrect cryptlib version %d (expected %d)", tmp, CRYPTLIB_VERSION);
    346 return;
    347 }
    348 ret = cryptGetAttributeString(CRYPT_UNUSED, CRYPT_OPTION_INFO_PATCHES, patches, &stp);
    CID 483188: Memory - corruptions (OVERRUN)
    Overrunning array """" of 1 bytes by passing it to a function which accesses it at byte offset 31 using argument "32UL".
    349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) {
    350 cryptInit_error = ret;
    351 cryptlib_initialized = false;
    352 cryptEnd();
    353 asprintf(&cryptfail, "Incorrect cryptlib patch set %.32s (expected %s)", patches, CRYPTLIB_PATCHES);
    354 return;


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DoE8P_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCgaHhvhfxqmGN-2F2MOiNHiXAXmmE5-2BoMir72-2FKS-2B4CChPr-2B6DUEcHFnW2fJcB9K-2BLqjLkG6SOds2KKoiOogAgt4kivLp-2Bbv0MawXscaXZ6U3zKSU8zPaw8llzmAMgAx1EcIlUZ9-2Faak-2B54E1Z-2BGSHEscOAt6ClVWnKMr9zoYGJFvw-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Monday, February 05, 2024 13:39:54
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    8 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 483249: Error handling issues (CHECKED_RETURN)
    /main.cpp: 3570 in sbbs_t::init()()


    ________________________________________________________________________________________________________
    *** CID 483249: Error handling issues (CHECKED_RETURN)
    /main.cpp: 3570 in sbbs_t::init()()
    3564 thisnode.misc&=(NODE_EVENT|NODE_LOCK|NODE_RRUN);
    3565 criterrs=thisnode.errors;
    3566 putnodedat(cfg.node_num,&thisnode);
    3567
    3568 // remove any pending node messages
    3569 safe_snprintf(str, sizeof(str), "%smsgs/n%3.3u.msg",cfg.data_dir,cfg.node_num);
    CID 483249: Error handling issues (CHECKED_RETURN)
    Calling "remove(str)" without checking return value. This library function may fail and return an error code.
    3570 remove(str);
    3571 // Delete any stale temporary files (with potentially sensitive content)
    3572 delfiles(cfg.temp_dir,ALLFILES);
    3573 safe_snprintf(str, sizeof(str), "%sMSGTMP", cfg.node_dir);
    3574 removecase(str);
    3575 safe_snprintf(str, sizeof(str), "%sQUOTES.TXT", cfg.node_dir);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DuxM4_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDlWnKXqUo4ko-2BswZDnU0KThZlBPhv1kFyIVU6rRp9K48otOTA5WQm5qg8o-2FY8FDqYkPfgDhKOyoUIQMv1mPwAY7yKStOAqjn6xloHvMgh0mRG0DJXpuxyIOkTyi2gGZzdoTshBDw9gCNjiMqTW3IeGxtntX-2B4oBRMrCvut8dx1Kg-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wednesday, February 07, 2024 13:48:34
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 486181: (RESOURCE_LEAK)
    /js_bbs.cpp: 1730 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()
    /js_bbs.cpp: 1732 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()


    ________________________________________________________________________________________________________
    *** CID 486181: (RESOURCE_LEAK)
    /js_bbs.cpp: 1730 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()
    1724 if (instr == NULL)
    1725 return JS_FALSE;
    1726
    1727 if(JSVAL_IS_OBJECT(argv[1]) && !JSVAL_IS_NULL(argv[1])) {
    1728 JSObject* hdrobj;
    1729 if((hdrobj = JSVAL_TO_OBJECT(argv[1])) == NULL)
    CID 486181: (RESOURCE_LEAK)
    Variable "instr" going out of scope leaks the storage it points to. 1730 return JS_FALSE;
    1731 if(!js_GetMsgHeaderObjectPrivates(cx, hdrobj, /* smb_t: */NULL, &msg, /* post: */NULL))
    1732 return JS_FALSE;
    1733 }
    1734
    1735 rc = JS_SUSPENDREQUEST(cx);
    /js_bbs.cpp: 1732 in js_expand_atcodes(JSContext *, unsigned int, unsigned long *)()
    1726
    1727 if(JSVAL_IS_OBJECT(argv[1]) && !JSVAL_IS_NULL(argv[1])) {
    1728 JSObject* hdrobj;
    1729 if((hdrobj = JSVAL_TO_OBJECT(argv[1])) == NULL)
    1730 return JS_FALSE;
    1731 if(!js_GetMsgHeaderObjectPrivates(cx, hdrobj, /* smb_t: */NULL, &msg, /* post: */NULL))
    CID 486181: (RESOURCE_LEAK)
    Variable "instr" going out of scope leaks the storage it points to. 1732 return JS_FALSE;
    1733 }
    1734
    1735 rc = JS_SUSPENDREQUEST(cx);
    1736 sbbs->expand_atcodes(instr, result, sizeof result, msg);
    1737 free(instr);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DmylI_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDXJXQdHoPdhvgvF0Vb847O95f-2F78EIoUagepOVq0LGxVFLDoLOCCiMG-2Fo4JxZOKwjHbMnoOXJKKkCjtFcCkE7VRLhxJ-2FNLJW4jwAN0Jl-2F3no6moASPMez-2F6bxuKm8Qy55QwIHngsrpIdU6tJlGz6f2tQot6J2A4fn-2FWICSVomHTA-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Friday, February 09, 2024 13:39:53
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 486276: (USE_AFTER_FREE)
    /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf() /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()


    ________________________________________________________________________________________________________
    *** CID 486276: (USE_AFTER_FREE)
    /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL); /tmp/sbbs-Feb-09-2024/src/xpdev/xpprintf.c: 1378 in xp_vasprintf()
    1372 break;
    1373 case XP_PRINTF_TYPE_SIZET:
    1374 next=xp_asprintf_next(working, type, va_arg(va, size_t));
    1375 break;
    1376 }
    1377 if(next==NULL) {
    CID 486276: (USE_AFTER_FREE)
    Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
    1379 return(NULL);
    1380 }
    1381 working=next;
    1382 }
    1383 next=xp_asprintf_end(working, NULL);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DIHvH_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCP2NMkGTJz9ej0zbFZSaut2su5O4d-2FdeN5YNfhO3vr5iN7SLkyWMmA-2BkVBoBNMCMtjp4F5UOP3BhPg-2B0yHPx-2BA66plmcHqc3TbhObiquLp-2FeS-2BJifVzCXGlHdvyg4PHEaoR6LUO7c-2FqTSbtEkku9P0EYfxZeeo5KgjMqT4aVuFYw-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wednesday, February 14, 2024 13:40:33
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 486477: Error handling issues (CHECKED_RETURN)
    /writemsg.cpp: 416 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()


    ________________________________________________________________________________________________________
    *** CID 486477: Error handling issues (CHECKED_RETURN)
    /writemsg.cpp: 416 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
    410 free(buf);
    411 return(false);
    412 }
    413 if(!i && linesquoted)
    414 break;
    415 if(!i || quote[0]==all_key()) { /* Quote all */
    CID 486477: Error handling issues (CHECKED_RETURN)
    Calling "fseek(stream, l, 0)" without checking return value. This library function may fail and return an error code.
    416 fseek(stream,l,SEEK_SET);
    417 while(!feof(stream) && !ferror(stream)) {
    418 if(!fgets(str,sizeof(str),stream))
    419 break;
    420 quotestr(str);
    421 SAFEPRINTF2(tmp,quote_fmt,cols-4,str);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D2gqt_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDyBxF-2BuedSB2oLaNTy6psp3Cor4F0rz-2B4SwaIkEVyFE7FwRjEukPY43bM1L1Hi7YMYgyrb0V1krz3N47RLZR8GIqMuk2Z3RqE2OO4o9y0KvmmLDJLp5jbtMBebo-2FmfheUw1RP41SRg-2FK16Oi1OoUubPmh6iPKTPVX1V81t13b6sA-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Friday, February 16, 2024 13:40:21
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 486496: (CHECKED_RETURN)
    /writemsg.cpp: 382 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
    /writemsg.cpp: 344 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()


    ________________________________________________________________________________________________________
    *** CID 486496: (CHECKED_RETURN)
    /writemsg.cpp: 382 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
    376
    377 else if(useron_xedit && cfg.xedit[useron_xedit-1]->misc&QUOTENONE)
    378 ;
    379
    380 else if(yesno(text[QuoteMessageQ])) {
    381 if(!fexist(quotes_fname(useron_xedit, path, sizeof(path))))
    CID 486496: (CHECKED_RETURN)
    Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 130 times).
    382 fexistcase(path);
    383 if((stream=fnopen(&file,path,O_RDONLY))==NULL) {
    384 errormsg(WHERE,ERR_OPEN,path,O_RDONLY); 385 free(buf);
    386 return(false);
    387 }
    /writemsg.cpp: 344 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
    338 && cfg.sub[subnum]->misc&SUB_QUOTE))) {
    339
    340 /* Quote entire message to MSGTMP or INPUT.MSG */
    341
    342 if(useron_xedit && cfg.xedit[useron_xedit-1]->misc&QUOTEALL) {
    343 if(!fexist(quotes_fname(useron_xedit, path, sizeof(path))))
    CID 486496: (CHECKED_RETURN)
    Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 130 times).
    344 fexistcase(path);
    345 if((stream=fnopen(NULL,path,O_RDONLY))==NULL) { 346 errormsg(WHERE,ERR_OPEN,path,O_RDONLY); 347 free(buf);
    348 return(false);
    349 }


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dzn-5_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDPrVkNTVRB68tnZKkkXRCkPUT71LTHn8QopE1tYVp-2FX-2Br08qA1yywGwU3c4MVrlWG-2BFbxw1q-2Fo2e8fear09VrdxSTaZYVAh-2F7Xjhpabc-2Bcxm1n9Xbtacc4z9BZManLJqZ02pp-2F9yM96t7IgwLb1rxOxJKJoizd1NnBghDuRAiDsQ-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wednesday, February 21, 2024 13:39:50
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 486966: Memory - illegal accesses (RETURN_LOCAL) /tmp/sbbs-Feb-21-2024/src/xpdev/ini_file.c: 1073 in iniGetSString()


    ________________________________________________________________________________________________________
    *** CID 486966: Memory - illegal accesses (RETURN_LOCAL) /tmp/sbbs-Feb-21-2024/src/xpdev/ini_file.c: 1073 in iniGetSString()
    1067 size_t pos;
    1068
    1069 ret = iniGetString(list, section, key, deflt, fval);
    1070 if (ret == NULL)
    1071 return ret;
    1072 if (ret == deflt)
    CID 486966: Memory - illegal accesses (RETURN_LOCAL)
    Returning pointer "ret" which points to local variable "fval".
    1073 return ret;
    1074 if (sz < 1 || value == NULL)
    1075 return value;
    1076 for (pos = 0; ret[pos]; pos++) {
    1077 if (pos == sz - 1)
    1078 break;


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DCYsZ_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrB1fCECxNjHKDEt971XvCYyugWw34HvI84c7ZyY-2BmycHBmh3Jr1qZj7bY0gisTp5UvajQDEP9IZaQTdaMfzHs9DaKL5izWrIdkGSbov-2BkvcK5JM0MeIsMOKIH6vPln5vf0C7XQzN4AL02tzLGZGEYX2inJEOXX8A46m4M4faN8zLQ-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Saturday, February 24, 2024 13:40:32
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 486983: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Feb-24-2024/src/conio/bitmap_con.c: 503 in get_full_rectangle_locked()


    ________________________________________________________________________________________________________
    *** CID 486983: Concurrent data access violations (MISSING_LOCK) /tmp/sbbs-Feb-24-2024/src/conio/bitmap_con.c: 503 in get_full_rectangle_locked()
    497 {
    498 struct rectlist *rect;
    499 size_t sz = screen->screenwidth * screen->screenheight;
    500 size_t pos;
    501
    502 // TODO: Some sort of caching here would make things faster...? >>> CID 486983: Concurrent data access violations (MISSING_LOCK)
    Accessing "callbacks.drawrect" without holding lock "bitmap_callbacks.lock". Elsewhere, "bitmap_callbacks.drawrect" is written to with "bitmap_callbacks.lock" held 1 out of 1 times (1 of these accesses strongly imply that it is necessary).
    503 if(callbacks.drawrect) {
    504 rect = alloc_full_rect(screen, true);
    505 if (!rect)
    506 return rect;
    507 for (pos = 0; pos < sz; pos++)
    508 rect->data[pos] = color_value(screen->rect->data[pos]);


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D8c0G_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAVcLrFKXhsSDRaqja0Q4G60ZIIHvAxvJ-2BFLnRXVDcep-2B1SeryMCXp8nrAo0L5iDlIM3xJ7X0g6QrD0mlxK5meH-2BBJ37jGt-2F-2BR0SSgqyC1ybNJHz3XT2-2F11T7UEUt5-2FUqhSnT2Rs5NZnjzJIv-2Bf3-2BxbnrqOl4LZRHeRWkBYW2FZNw-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tuesday, February 27, 2024 13:40:04
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    2 new defect(s) introduced to Synchronet found with Coverity Scan.
    3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 2 of 2 defect(s)


    ** CID 487089: High impact quality (Y2K38_SAFETY)
    /logout.cpp: 97 in sbbs_t::logout(bool)()


    ________________________________________________________________________________________________________
    *** CID 487089: High impact quality (Y2K38_SAFETY)
    /logout.cpp: 97 in sbbs_t::logout(bool)()
    91 delfiles(cfg.temp_dir,ALLFILES);
    92 if(sys_status&SS_USERON) { // Insures the useron actually went through logon()/getmsgptrs() first
    93 putmsgptrs();
    94 }
    95 if(!REALSYSOP)
    96 logofflist();
    CID 487089: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".
    97 useron.laston=(time32_t)now;
    98
    99 ttoday=useron.ttoday-useron.textra; /* billable time used prev calls */
    100 if(ttoday>=cfg.level_timeperday[useron.level])
    101 i=0;
    102 else

    ** CID 487088: Error handling issues (CHECKED_RETURN)
    /logout.cpp: 89 in sbbs_t::logout(bool)()


    ________________________________________________________________________________________________________
    *** CID 487088: Error handling issues (CHECKED_RETURN)
    /logout.cpp: 89 in sbbs_t::logout(bool)()
    83 if(cfg.logout_mod[0]) {
    84 lprintf(LOG_DEBUG, "executing logout module: %s", cfg.logout_mod);
    85 exec_bin(cfg.logout_mod,&main_csi);
    86 }
    87 SAFEPRINTF2(path,"%smsgs/%4.4u.msg",cfg.data_dir,useron.number);
    88 if(fexistcase(path) && !flength(path)) /* remove any 0 byte message files */
    CID 487088: Error handling issues (CHECKED_RETURN)
    Calling "remove(path)" without checking return value. This library function may fail and return an error code.
    89 remove(path);
    90
    91 delfiles(cfg.temp_dir,ALLFILES);
    92 if(sys_status&SS_USERON) { // Insures the useron actually went through logon()/getmsgptrs() first
    93 putmsgptrs();
    94 }


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D6w7L_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZL2KLON9c0qMM4K5aJ-2BfdThB6-2BKGg4cWLgpEPITZFj21NY7HODKa21xNCYmqB9WQ9jGdCaJ8kxZplYYP3ZpJQciN5y3k5uG3vF-2Bbjho-2FJ80W4KFTLh14Ge0YKg4KwvJQypDruDryLBwEKW1kUPhOIUyQwbpfzm3Xgxi8Wb6VLKOw-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wednesday, February 28, 2024 13:40:48
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    23 new defect(s) introduced to Synchronet found with Coverity Scan.
    2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 20 of 23 defect(s)


    ** CID 487180: Memory - corruptions (BUFFER_SIZE)
    /sftp.cpp: 1388 in sftp_readdir(sftp_string *, void *)()


    ________________________________________________________________________________________________________
    *** CID 487180: Memory - corruptions (BUFFER_SIZE)
    /sftp.cpp: 1388 in sftp_readdir(sftp_string *, void *)()
    1382 return generic_dot_entry(sbbs, dir, tmppath, &dd->info.rootdir.idx);
    1383 }
    1384 if (dd->info.rootdir.idx == dotdot) {
    1385 if (pm->sftp_patt[1]) {
    1386 char *dir = const_cast<char *>(".."); 1387 snprintf(tmppath, sizeof(tmppath) - 2 /* for dir */, pm->sftp_patt, sbbs->useron.alias);
    CID 487180: Memory - corruptions (BUFFER_SIZE)
    Buffer "tmppath" has a size of 4097 characters, and its string length (null character not included) is 4095 characters, leaving an available space of 2 characters. Appending "dir", whose string length (null character not included) is 2 characters, plus the null character overruns "tmppath".
    1388 strcat(tmppath, dir);
    1389 return generic_dot_realpath_entry(sbbs, dir, tmppath, &dd->info.rootdir.idx);
    1390 }
    1391 else
    1392 dd->info.rootdir.idx++;
    1393 }

    ** CID 487179: (MISSING_LOCK)
    /tmp/sbbs-Feb-28-2024/src/sftp/sftp_static.h: 63 in exit_function() /tmp/sbbs-Feb-28-2024/src/sftp/sftp_static.h: 63 in exit_function()


    ________________________________________________________________________________________________________
    *** CID 487179: (MISSING_LOCK)
    /tmp/sbbs-Feb-28-2024/src/sftp/sftp_static.h: 63 in exit_function()
    57 }
    58
    59 static bool
    60 exit_function(SFTP_STATIC_TYPE state, bool retval)
    61 {
    62 assert(state->running > 0);
    CID 487179: (MISSING_LOCK)
    Accessing "state->running" without holding lock "sftp_client_state.mtx". Elsewhere, "sftp_client_state.running" is written to with "sftp_client_state.mtx" held 1 out of 2 times (1 of these accesses strongly imply that it is necessary).
    63 state->running--;
    64 pthread_mutex_unlock(&state->mtx);
    65 return retval;
    66 }
    67
    68 static bool
    /tmp/sbbs-Feb-28-2024/src/sftp/sftp_static.h: 63 in exit_function()
    57 }
    58
    59 static bool
    60 exit_function(SFTP_STATIC_TYPE state, bool retval)
    61 {
    62 assert(state->running > 0);
    CID 487179: (MISSING_LOCK)
    Accessing "state->running" without holding lock "sftp_server_state.mtx". Elsewhere, "sftp_server_state.running" is written to with "sftp_server_state.mtx" held 1 out of 2 times (1 of these accesses strongly imply that it is necessary).
    63 state->running--;
    64 pthread_mutex_unlock(&state->mtx);
    65 return retval;
    66 }
    67
    68 static bool

    ** CID 487178: (RESOURCE_LEAK)
    /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 78 in s_open() /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 72 in s_open() /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 82 in s_open() /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 68 in s_open()


    ________________________________________________________________________________________________________
    *** CID 487178: (RESOURCE_LEAK) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 78 in s_open()
    72 return true;
    73 }
    74 }
    75 if (!(flags & SSH_FXF_CREAT)) {
    76 if (flags & SSH_FXF_TRUNC) {
    77 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't truncate unless creating");
    CID 487178: (RESOURCE_LEAK)
    Variable "fname" going out of scope leaks the storage it points to.
    78 return true;
    79 }
    80 if (flags & SSH_FXF_EXCL) {
    81 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't open exclisive unless creating");
    82 return true;
    83 }
    /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 72 in s_open()
    66 if (flags & SSH_FXF_CREAT) {
    67 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't create unless writing");
    68 return true;
    69 }
    70 if (flags & SSH_FXF_APPEND) {
    71 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't append unless writing");
    CID 487178: (RESOURCE_LEAK)
    Variable "fname" going out of scope leaks the storage it points to.
    72 return true;
    73 }
    74 }
    75 if (!(flags & SSH_FXF_CREAT)) {
    76 if (flags & SSH_FXF_TRUNC) {
    77 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't truncate unless creating");
    /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 82 in s_open()
    76 if (flags & SSH_FXF_TRUNC) {
    77 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't truncate unless creating");
    78 return true;
    79 }
    80 if (flags & SSH_FXF_EXCL) {
    81 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't open exclisive unless creating");
    CID 487178: (RESOURCE_LEAK)
    Variable "fname" going out of scope leaks the storage it points to.
    82 return true;
    83 }
    84 }
    85 attrs = sftp_getfattr(state->rxp);
    86 if (attrs == NULL) {
    87 free_sftp_str(fname); /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 68 in s_open()
    62 if (fname == NULL)
    63 return false;
    64 flags = get32(state);
    65 if (!(flags & SSH_FXF_WRITE)) {
    66 if (flags & SSH_FXF_CREAT) {
    67 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't create unless writing");
    CID 487178: (RESOURCE_LEAK)
    Variable "fname" going out of scope leaks the storage it points to.
    68 return true;
    69 }
    70 if (flags & SSH_FXF_APPEND) {
    71 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't append unless writing");
    72 return true;
    73 }

    ** CID 487177: (Y2K38_SAFETY)
    /sftp.cpp: 433 in homefile_attrs(sbbs_t *, const char *)()
    /sftp.cpp: 433 in homefile_attrs(sbbs_t *, const char *)()


    ________________________________________________________________________________________________________
    *** CID 487177: (Y2K38_SAFETY)
    /sftp.cpp: 433 in homefile_attrs(sbbs_t *, const char *)()
    427 if (attr == nullptr)
    428 return nullptr;
    429 sftp_fattr_set_permissions(attr, S_IFREG | S_IRWXU | S_IRUSR | S_IWUSR);
    430 sftp_fattr_set_uid_gid(attr, sbbs->useron.number, users_gid); 431 sftp_fattr_set_size(attr, flength(path));
    432 time_t fd = fdate(path);
    CID 487177: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".
    433 sftp_fattr_set_times(attr, fd, fd);
    434 return attr;
    435 }
    436
    437 static sftp_file_attr_t
    438 sshkeys_attrs(sbbs_t *sbbs, const char *path)
    /sftp.cpp: 433 in homefile_attrs(sbbs_t *, const char *)()
    427 if (attr == nullptr)
    428 return nullptr;
    429 sftp_fattr_set_permissions(attr, S_IFREG | S_IRWXU | S_IRUSR | S_IWUSR);
    430 sftp_fattr_set_uid_gid(attr, sbbs->useron.number, users_gid); 431 sftp_fattr_set_size(attr, flength(path));
    432 time_t fd = fdate(path);
    CID 487177: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".
    433 sftp_fattr_set_times(attr, fd, fd);
    434 return attr;
    435 }
    436
    437 static sftp_file_attr_t
    438 sshkeys_attrs(sbbs_t *sbbs, const char *path)

    ** CID 487176: (RESOURCE_LEAK)
    /sftp.cpp: 741 in find_lib(sbbs_t *, const char *)()
    /sftp.cpp: 741 in find_lib(sbbs_t *, const char *)()


    ________________________________________________________________________________________________________
    *** CID 487176: (RESOURCE_LEAK)
    /sftp.cpp: 741 in find_lib(sbbs_t *, const char *)()
    735 *c = 0;
    736 for (l = 0; l < sbbs->cfg.total_libs; l++) {
    737 if (!can_user_access_lib(&sbbs->cfg, l, &sbbs->useron, &sbbs->client))
    738 continue;
    739 exp = expand_slash(sbbs->cfg.lib[l]->lname);
    740 if (exp == nullptr)
    CID 487176: (RESOURCE_LEAK)
    Variable "p" going out of scope leaks the storage it points to.
    741 return -1;
    742 if (strcmp(p, exp)) {
    743 free(exp);
    744 continue;
    745 }
    746 free(exp);
    /sftp.cpp: 741 in find_lib(sbbs_t *, const char *)()
    735 *c = 0;
    736 for (l = 0; l < sbbs->cfg.total_libs; l++) {
    737 if (!can_user_access_lib(&sbbs->cfg, l, &sbbs->useron, &sbbs->client))
    738 continue;
    739 exp = expand_slash(sbbs->cfg.lib[l]->lname);
    740 if (exp == nullptr)
    CID 487176: (RESOURCE_LEAK)
    Variable "p" going out of scope leaks the storage it points to.
    741 return -1;
    742 if (strcmp(p, exp)) {
    743 free(exp);
    744 continue;
    745 }
    746 free(exp);

    ** CID 487175: Resource leaks (RESOURCE_LEAK)
    /sftp.cpp: 1517 in sftp_readdir(sftp_string *, void *)()


    ________________________________________________________________________________________________________
    *** CID 487175: Resource leaks (RESOURCE_LEAK)
    /sftp.cpp: 1517 in sftp_readdir(sftp_string *, void *)()
    1511 }
    1512 attr = get_dir_attrs(sbbs, dd->info.filebase.idx);
    1513 if (attr == nullptr)
    1514 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Attributes allocation failure");
    1515 ename = expand_slash(sbbs->cfg.dir[dd->info.filebase.idx]->lname);
    1516 if (ename == nullptr)
    CID 487175: Resource leaks (RESOURCE_LEAK)
    Variable "attr" going out of scope leaks the storage it points to.
    1517 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "EName allocation failure");
    1518 lname = get_longname(sbbs, ename, nullptr, attr);
    1519 if (lname == nullptr) {
    1520 free(ename);
    1521 sftp_fattr_free(attr);
    1522 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Longname allocation failure");

    ** CID 487174: Code maintainability issues (UNUSED_VALUE)
    /main.cpp: 1993 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()


    ________________________________________________________________________________________________________
    *** CID 487174: Code maintainability issues (UNUSED_VALUE)
    /main.cpp: 1993 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
    1987
    1988 if (cid != sbbs->sftp_channel && cid != sbbs->session_channel) {
    1989 lprintf(LOG_WARNING, "Node %d SSH WARNING: attempt to use channel '%s' (%d != %d or %d)"
    1990 , sbbs->cfg.node_num, cname ? cname : "<unknown>", cid, sbbs->session_channel, sbbs->sftp_channel);
    1991 if (cname) {
    1992 free_crypt_attrstr(cname);
    CID 487174: Code maintainability issues (UNUSED_VALUE)
    Assigning value "NULL" to "cname" here, but that stored value is overwritten before it can be used.
    1993 cname = nullptr;
    1994 }
    1995 if (ssname) {
    1996 free_crypt_attrstr(ssname);
    1997 ssname = nullptr;
    1998 }

    ** CID 487173: Program hangs (LOCK)
    /sftp.cpp: 987 in sftp_send(unsigned char *, unsigned long, void *)()


    ________________________________________________________________________________________________________
    *** CID 487173: Program hangs (LOCK)
    /sftp.cpp: 987 in sftp_send(unsigned char *, unsigned long, void *)()
    981 if (sbbs->sftp_channel == -1)
    982 return false;
    983 while (sent < len) {
    984 pthread_mutex_lock(&sbbs->ssh_mutex);
    985 status = cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL, sbbs->sftp_channel);
    986 if (cryptStatusError(status))
    CID 487173: Program hangs (LOCK)
    Returning without unlocking "sbbs->ssh_mutex".
    987 return false;
    988 size_t sendbytes = len - sent;
    989 #define SENDBYTES_MAX 0x2000
    990 if (sendbytes > SENDBYTES_MAX)
    991 sendbytes = SENDBYTES_MAX;
    992 status = cryptSetAttribute(sbbs->ssh_session, CRYPT_OPTION_NET_WRITETIMEOUT, 5);

    ** CID 487172: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
    /sftp.cpp: 171 in path_map::path_map(sbbs_t *, const unsigned char *, map_path_mode)()


    ________________________________________________________________________________________________________
    *** CID 487172: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
    /sftp.cpp: 171 in path_map::path_map(sbbs_t *, const unsigned char *, map_path_mode)()
    165 return;
    166 }
    167 this->is_static_ = false;
    168 this->info.filebase.dir = -1;
    169 this->info.filebase.lib = -1;
    170 this->info.filebase.idx = dot;
    CID 487172: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
    The expression "this->sftp_path[6UL /* files_path_len */] == 0 || this->sftp_path[6UL /* files_path_len */] == 0" does not accomplish anything because it evaluates to either of its identical operands, "this->sftp_path[6UL /* files_path_len */] == 0".
    171 if (this->sftp_path[files_path_len] == 0 || this->sftp_path[files_path_len] == 0) {
    172 // Root...
    173 result_ = MAP_TO_DIR;
    174 return;
    175 }
    176 const char *lib = &this->sftp_path[files_path_len + 1];

    ** CID 487171: Insecure data handling (TAINTED_SCALAR) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_attr.c: 324 in sftp_getfattr()


    ________________________________________________________________________________________________________
    *** CID 487171: Insecure data handling (TAINTED_SCALAR) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_attr.c: 324 in sftp_getfattr()
    318 ret->atime = sftp_get32(pkt);
    319 ret->mtime = sftp_get32(pkt);
    320 }
    321 if (ret->flags & SSH_FILEXFER_ATTR_EXTENDED) {
    322 uint32_t extcnt = sftp_get32(pkt);
    323 uint32_t ext;
    CID 487171: Insecure data handling (TAINTED_SCALAR)
    Using tainted variable "extcnt" as a loop boundary.
    324 for (ext = 0; ext < extcnt; ext++) {
    325 sftp_str_t type = sftp_getstring(pkt);
    326 if (type == NULL)
    327 break;
    328 sftp_str_t data = sftp_getstring(pkt);
    329 if (data == NULL) {

    ** CID 487170: Security best practices violations (TOCTOU)
    /sftp.cpp: 1147 in sftp_open(sftp_string *, unsigned int, sftp_file_attributes *, void *)()


    ________________________________________________________________________________________________________
    *** CID 487170: Security best practices violations (TOCTOU)
    /sftp.cpp: 1147 in sftp_open(sftp_string *, unsigned int, sftp_file_attributes *, void *)()
    1141 sbbs->sftp_filedes[fdidx]->dir = -1;
    1142 else {
    1143 sbbs->sftp_filedes[fdidx]->dir = pmap.info.filebase.dir;
    1144 sbbs->sftp_filedes[fdidx]->idx_offset = pmap.info.filebase.offset;
    1145 sbbs->sftp_filedes[fdidx]->idx_number = pmap.info.filebase.idx;
    1146 }
    CID 487170: Security best practices violations (TOCTOU)
    Calling function "access" to perform check on "pmap.local_path".
    1147 if (access(pmap.local_path, F_OK) != 0) {
    1148 // File did not exist, and we're creating
    1149 if (oflags & O_CREAT) {
    1150 sbbs->sftp_filedes[fdidx]->created = true;
    1151 }
    1152 }

    ** CID 487169: Error handling issues (CHECKED_RETURN)
    /sftp.cpp: 1044 in sftp_cleanup_callback(void *)()


    ________________________________________________________________________________________________________
    *** CID 487169: Error handling issues (CHECKED_RETURN)
    /sftp.cpp: 1044 in sftp_cleanup_callback(void *)()
    1038
    1039 for (unsigned i = 0; i < nfdes; i++) {
    1040 if (sbbs->sftp_filedes[i] != nullptr) {
    1041 close(sbbs->sftp_filedes[i]->fd);
    1042 if (sbbs->sftp_filedes[i]->created && sbbs->sftp_filedes[i]->local_path) {
    1043 // If we were uploading, delete the incomplete file
    CID 487169: Error handling issues (CHECKED_RETURN)
    Calling "remove(sbbs->sftp_filedes[i]->local_path)" without checking return value. This library function may fail and return an error code.
    1044 remove(sbbs->sftp_filedes[i]->local_path);
    1045 }
    1046 free(sbbs->sftp_filedes[i]->local_path);
    1047 free(sbbs->sftp_filedes[i]);
    1048 sbbs->sftp_filedes[i] = nullptr;
    1049 }

    ** CID 487168: (UNUSED_VALUE) /tmp/sbbs-Feb-28-2024/3rdp/src/cl/session/ssh2_msgsvr.c: 679 in processChannelRequest()
    /tmp/sbbs-Feb-28-2024/3rdp/src/cl/session/ssh2_msgsvr.c: 691 in processChannelRequest()


    ________________________________________________________________________________________________________
    *** CID 487168: (UNUSED_VALUE) /tmp/sbbs-Feb-28-2024/3rdp/src/cl/session/ssh2_msgsvr.c: 679 in processChannelRequest()
    673 setChannelAttribute(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_WIDTH, status);
    674 status = readUint32(stream);
    675 if (status > 0)
    676 setChannelAttribute(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT, status);
    677 break;
    678 case REQUEST_SHELL:
    CID 487168: (UNUSED_VALUE)
    Assigning value from "setChannelAttributeS(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_TYPE, "shell", 5)" to "status" here, but that stored value is overwritten before it can be used.
    679 status = setChannelAttributeS( sessionInfoPtr, 680 CRYPT_SESSINFO_SSH_CHANNEL_TYPE,
    681 "shell", 5 );
    682 break;
    683 case REQUEST_NOOP:
    684 /* Generic requests containing extra information that we're not
    /tmp/sbbs-Feb-28-2024/3rdp/src/cl/session/ssh2_msgsvr.c: 691 in processChannelRequest()
    685 interested in */
    686 break;
    687
    688 #ifdef USE_SSH_EXTENDED
    689 case REQUEST_EXEC:
    690 /* A further generic request that we're not interested in */
    CID 487168: (UNUSED_VALUE)
    Assigning value from "setChannelAttributeS(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_TYPE, "exec", 4)" to "status" here, but that stored value is overwritten before it can be used.
    691 status = setChannelAttributeS( sessionInfoPtr, 692 CRYPT_SESSINFO_SSH_CHANNEL_TYPE,
    693 "exec", 4 );
    694 break;
    695
    696 case REQUEST_SUBSYSTEM:

    ** CID 487167: Program hangs (LOCK)
    /main.cpp: 2048 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()


    ________________________________________________________________________________________________________
    *** CID 487167: Program hangs (LOCK)
    /main.cpp: 2048 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
    2042 if (closed && sbbs->sftp_channel == -1 && sbbs->session_channel == -1)
    2043 return CRYPT_ERROR_COMPLETE; 2044 }
    2045 }
    2046 if (ret == CRYPT_ENVELOPE_RESOURCE)
    2047 return CRYPT_ERROR_TIMEOUT;
    CID 487167: Program hangs (LOCK)
    Returning without unlocking "sbbs->sftp_state->mtx".
    2048 return ret;
    2049 }
    2050 return CRYPT_ERROR_TIMEOUT;
    2051 }
    2052
    2053 void input_thread(void *arg)

    ** CID 487166: (CHECKED_RETURN)
    /main.cpp: 2036 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)() /main.cpp: 2028 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()


    ________________________________________________________________________________________________________
    *** CID 487166: (CHECKED_RETURN)
    /main.cpp: 2036 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
    2030 closed = true;
    2031 }
    2032 }
    2033 if (sbbs->session_channel != -1) {
    2034 if (!channel_open(sbbs, sbbs->session_channel)) {
    2035 if (cryptStatusOK(cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL, sbbs->session_channel)))
    CID 487166: (CHECKED_RETURN)
    Calling "cryptSetAttribute" without checking return value (as is done elsewhere 50 out of 61 times).
    2036 cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE, 0);
    2037 sbbs->session_channel = -1;
    2038 closed = true;
    2039 }
    2040 }
    2041 // All channels are now closed. /main.cpp: 2028 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
    2022 if (status != CRYPT_ERROR_NOTFOUND) 2023 sbbs->log_crypt_error_status_sock(status, "getting channel id");
    2024 closing_channel = -1;
    2025 if (sbbs->sftp_channel != -1) {
    2026 if (!channel_open(sbbs, sbbs->sftp_channel)) {
    2027 if (cryptStatusOK(cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL, sbbs->sftp_channel)))
    CID 487166: (CHECKED_RETURN)
    Calling "cryptSetAttribute" without checking return value (as is done elsewhere 50 out of 61 times).
    2028 cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE, 0);
    2029 sbbs->sftp_channel = -1;
    2030 closed = true;
    2031 }
    2032 }
    2033 if (sbbs->session_channel != -1) {

    ** CID 487165: (REVERSE_INULL)
    /main.cpp: 1984 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)() /main.cpp: 1975 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()


    ________________________________________________________________________________________________________
    *** CID 487165: (REVERSE_INULL)
    /main.cpp: 1984 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
    1978 if (!sftps_recv(sbbs->sftp_state, reinterpret_cast<uint8_t *>(inbuf), tgot))
    1979 sbbs->sftp_end();
    1980 }
    1981 sbbs->sftp_channel = cid;
    1982 }
    1983 }
    CID 487165: (REVERSE_INULL)
    Null-checking "cname" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
    1984 if (cname && sbbs->session_channel == -1 && strcmp(cname, "shell") == 0) {
    1985 sbbs->session_channel = cid;
    1986 }
    1987
    1988 if (cid != sbbs->sftp_channel && cid != sbbs->session_channel) {
    1989 lprintf(LOG_WARNING, "Node %d SSH WARNING: attempt to use channel '%s' (%d != %d or %d)"
    /main.cpp: 1975 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
    1969 return status;
    1970 }
    1971 cname = get_crypt_attribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_TYPE);
    1972 if (strcmp(cname, "subsystem") == 0) {
    1973 ssname = get_crypt_attribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_ARG1);
    1974 }
    CID 487165: (REVERSE_INULL)
    Null-checking "cname" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
    1975 if (((startup->options & (BBS_OPT_ALLOW_SFTP | BBS_OPT_SSH_ANYAUTH)) == BBS_OPT_ALLOW_SFTP) && ssname && cname && sbbs->sftp_channel == -1 && strcmp(ssname, "sftp") == 0) {
    1976 if (sbbs->init_sftp(cid)) {
    1977 if (tgot > 0) { 1978 if (!sftps_recv(sbbs->sftp_state, reinterpret_cast<uint8_t *>(inbuf), tgot))
    1979 sbbs->sftp_end();
    1980 }

    ** CID 487164: Resource leaks (RESOURCE_LEAK)
    /sftp.cpp: 1424 in sftp_readdir(sftp_string *, void *)()


    ________________________________________________________________________________________________________
    *** CID 487164: Resource leaks (RESOURCE_LEAK)
    /sftp.cpp: 1424 in sftp_readdir(sftp_string *, void *)()
    1418 continue;
    1419 }
    1420 sprintf(tmppath, static_files[dd->info.rootdir.idx].sftp_patt, sbbs->useron.alias);
    1421 remove_trailing_slash(tmppath);
    1422 attr = get_attrs(sbbs, tmppath, &link);
    1423 if (attr == nullptr)
    CID 487164: Resource leaks (RESOURCE_LEAK)
    Variable "link" going out of scope leaks the storage it points to.
    1424 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Attributes allocation failure");
    1425 lname = get_longname(sbbs, tmppath, link, attr);
    1426 if (lname == nullptr) {
    1427 sftp_fattr_free(attr);
    1428 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Longname allocation failure");
    1429 }

    ** CID 487163: Program hangs (LOCK) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 373 in sftps_recv()


    ________________________________________________________________________________________________________
    *** CID 487163: Program hangs (LOCK) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 373 in sftps_recv()
    367 if (!sftp_rx_pkt_append(&state->rxp, buf, sz))
    368 return exit_function(state, false);
    369 if (sftp_have_pkt_sz(state->rxp)) {
    370 uint32_t psz = sftp_pkt_sz(state->rxp);
    371 if (psz > SFTP_MAX_PACKET_SIZE) {
    372 state->lprintf(state->cb_data, "Packet too large (%" PRIu32 " bytes)", psz);
    CID 487163: Program hangs (LOCK)
    Returning without unlocking "state->mtx".
    373 return false;
    374 }
    375 }
    376 while (sftp_have_full_pkt(state->rxp)) {
    377 bool handled = false;
    378

    ** CID 487162: Control flow issues (DEADCODE)
    /sftp.cpp: 871 in get_attrs(sbbs_t *, const char *, char **)()


    ________________________________________________________________________________________________________
    *** CID 487162: Control flow issues (DEADCODE)
    /sftp.cpp: 871 in get_attrs(sbbs_t *, const char *, char **)()
    865 else
    866 ppath[0] = 0;
    867 ret = pm->get_attrs(sbbs, ppath);
    868 if (link && pm->link_patt) {
    869 asprintf(link, pm->link_patt, sbbs->useron.alias);
    870 if (link == nullptr) {
    CID 487162: Control flow issues (DEADCODE)
    Execution cannot reach this statement: "sftp_fattr_free(ret);".
    871 sftp_fattr_free(ret);
    872 ret = nullptr;
    873 }
    874 }
    875 return ret;
    876 }

    ** CID 487161: (Y2K38_SAFETY)
    /sftp.cpp: 448 in sshkeys_attrs(sbbs_t *, const char *)()
    /sftp.cpp: 448 in sshkeys_attrs(sbbs_t *, const char *)()


    ________________________________________________________________________________________________________
    *** CID 487161: (Y2K38_SAFETY)
    /sftp.cpp: 448 in sshkeys_attrs(sbbs_t *, const char *)()
    442 if (attr == nullptr)
    443 return nullptr;
    444 sftp_fattr_set_permissions(attr, S_IFLNK | S_IRWXU | S_IRUSR | S_IWUSR);
    445 sftp_fattr_set_uid_gid(attr, sbbs->useron.number, users_gid); 446 sftp_fattr_set_size(attr, flength(path));
    447 time_t fd = fdate(path);
    CID 487161: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".
    448 sftp_fattr_set_times(attr, fd, fd);
    449 return attr;
    450 }
    451
    452 void
    453 remove_trailing_slash(char *str)
    /sftp.cpp: 448 in sshkeys_attrs(sbbs_t *, const char *)()
    442 if (attr == nullptr)
    443 return nullptr;
    444 sftp_fattr_set_permissions(attr, S_IFLNK | S_IRWXU | S_IRUSR | S_IWUSR);
    445 sftp_fattr_set_uid_gid(attr, sbbs->useron.number, users_gid); 446 sftp_fattr_set_size(attr, flength(path));
    447 time_t fd = fdate(path);
    CID 487161: (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".
    448 sftp_fattr_set_times(attr, fd, fd);
    449 return attr;
    450 }
    451
    452 void
    453 remove_trailing_slash(char *str)


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D4ieG_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZz6Lg2xx1dh6E9z4lSXKW4n9yiZaua5LbXznpVF4MIwbp178psQJ2n-2Fpok7ErzI9IlNJTrPj-2F83NUNTOEjSUjSMYrpz0XVq0IKvzP47fjT8ZUoPS4k4FQsPlqiTS940mDZqL8H0V26aTBOs1jlgpdGUT2g7d1Ei-2FiSNIWvXxdCeA-3D-3D



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net