111 return false;CID 470390: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".
84 if(!SYSOP || yesno(text[DeleteFileQ]))CID 470389: (SLEEP)
Call to "yesno" might sleep while holding lock "this->input_thread_mutex".
76 clearline();CID 470389: (SLEEP)
Call to "clearline" might sleep while holding lock "this->input_thread_mutex".
203 restoreline();CID 470388: Program hangs (SLEEP)
Call to "restoreline" might sleep while holding lock "this->input_thread_mutex".
654 return(true);CID 470387: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".
86 return false;CID 470386: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".
201 switch(read(in,&ch,1)) {CID 470457: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "&ch" of type "int *" and argument "1UL" to function "read" is suspicious because "sizeof (int) /*4*/" is expected.
3122 return false;CID 470557: Resource leaks (RESOURCE_LEAK)
Variable "spy" going out of scope leaks the storage it points to.
1157 rand(); /* throw-away first result */CID 470556: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
1159 ,rand(),socket,(ulong)time(NULL),(ulong)clock(), server_host_name());CID 470556: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
1089 setsockopt(socket,IPPROTO_TCP,TCP_NODELAY,(char*)&nodelay,sizeof(nodelay));CID 470555: Error handling issues (CHECKED_RETURN)
Calling "setsockopt(socket, IPPROTO_TCP, 1, (char *)&nodelay, 4U)" without checking return value. This library function may fail and return an error code.
3123 }CID 470554: Resource leaks (RESOURCE_LEAK)
Variable "rcptlst" going out of scope leaks the storage it points to. 3122 return false;
4204 ,rand(),socket,(ulong)time(NULL),(ulong)clock(),server_host_name());CID 470553: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
3078 rand(); /* throw-away first result */CID 470553: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
3079 SAFEPRINTF4(session_id,"%x%x%x%lx",getpid(),socket,rand(),(long)clock());CID 470553: (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
1474 JS_ValueToInt32(cx, argv[i], &duration);CID 470929: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToInt32" without checking return value (as is done elsewhere 261 out of 293 times).
412 cert_entry->sess = -1;CID 471381: Null pointer dereferences (NULL_RETURNS)
Dereferencing "cert_entry", which is known to be "NULL".
367 strListCombine(list, auxdata, size - 1, "\r\n");CID 471656: Memory - corruptions (OVERRUN)
Calling "strListCombine" with "auxdata" and "size - 1UL" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.
505 if( isNullChannel( writeChannelInfoPtr ) )CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
517 if( isNullChannel( writeChannelInfoPtr ) )CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
511 if( isNullChannel( writeChannelInfoPtr ) )CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
525 if( isNullChannel( writeChannelInfoPtr ) )CID 476254: (NULL_RETURNS)
Dereferencing "writeChannelInfoPtr", which is known to be "NULL".
335 return (DEBUG_EXIT);CID 476253: Resource leaks (RESOURCE_LEAK)
Variable "line" going out of scope leaks the storage it points to.
413 ssl_sync(cfg, lprintf);CID 477525: Error handling issues (CHECKED_RETURN)
Calling "ssl_sync" without checking return value (as is done elsewhere 6 out of 7 times).
753 return(false);CID 479110: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".
349 return( status ); /* Residual error from peekTag() */CID 479109: (DEADCODE)
Execution cannot reach this statement: "return status;".
364 return( status ); /* Residual error from peekTag() */CID 479109: (DEADCODE)
Execution cannot reach this statement: "return status;".
425 case CRYPT_CTXINFO_SSH_PUBLIC_KEY:CID 479108: Control flow issues (MISSING_BREAK)
The case for value "CRYPT_CTXINFO_SSH_PUBLIC_KEY" is not terminated by a "break" statement.
857 status = activateSubprotocolFunction( sessionInfoPtr );CID 479107: Control flow issues (DEADCODE)
Execution cannot reach this statement: "status = activateSubprotoco...".
621 readShortInteger( stream, &value );CID 479106: Error handling issues (CHECKED_RETURN)
Calling "readShortIntegerTag" without checking return value (as is done elsewhere 36 out of 45 times).
1030 const SES_CLOSESUBPROTOCOL_FUNCTION closeSubprotocolFunction = \CID 479105: Control flow issues (DEADCODE)
Execution cannot reach the expression "sessionInfoPtr->closeInnerSubprotocolFunction.fnPtr" inside this statement: "closeSubprotocolFunction = ...".
220 ch |= string[ i ] << shiftAmt;CID 479104: (BAD_SHIFT)
In expression "string[i] << shiftAmt", left shifting by more than 31 bits has undefined behavior. The shift amount, "shiftAmt", is at least 72.
220 ch |= string[ i ] << shiftAmt;CID 479104: (BAD_SHIFT)
In expression "string[i] << shiftAmt", left shifting by more than 31 bits has undefined behavior. The shift amount, "shiftAmt", is at least 72.
120 if((i=smb_open(&smb))!=0) {CID 479103: (SLEEP)
Call to "smb_open" might sleep while holding lock "this->input_thread_mutex".
112 errormsg(WHERE,ERR_CREATE,str,0);CID 479103: (SLEEP)
Call to "errormsg" might sleep while holding lock "this->input_thread_mutex".
106 errormsg(WHERE,ERR_CREATE,str,0);CID 479103: (SLEEP)
Call to "errormsg" might sleep while holding lock "this->input_thread_mutex".
662 readShortInteger( stream, NULL );CID 479102: Error handling issues (CHECKED_RETURN)
Calling "readShortIntegerTag" without checking return value (as is done elsewhere 36 out of 45 times).
353 asprintf(&cryptfail, "Incorrect cryptlib patch set %.32s (expected %s)", patches, CRYPTLIB_PATCHES);CID 479101: (CHECKED_RETURN)
Calling "asprintf" without checking return value (as is done elsewhere 19 out of 21 times).
345 asprintf(&cryptfail, "Incorrect cryptlib version %d (expected %d)", tmp, CRYPTLIB_VERSION);CID 479101: (CHECKED_RETURN)
Calling "asprintf" without checking return value (as is done elsewhere 19 out of 21 times).
659 cert_list = sess;CID 479100: (ATOMICITY)
Using an unreliable value of "sess" inside the second locked section. If the data that "sess" depends on was changed by another thread, this use might be incorrect.
659 cert_list = sess;CID 479100: (ATOMICITY)
Using an unreliable value of "sess" inside the second locked section. If the data that "sess" depends on was changed by another thread, this use might be incorrect.
495 return( status ); /* Residual error from checkStatusPeekTag() */CID 479099: Control flow issues (DEADCODE)
Execution cannot reach this statement: "return status;".
95 return false;CID 479098: Program hangs (LOCK)
Returning without unlocking "this->input_thread_mutex".
1035 ( void ) closeSubprotocolFunction( sessionInfoPtr );CID 479097: Control flow issues (DEADCODE)
Execution cannot reach this statement: "(void)closeSubprotocolFunct...".
685 const SES_ACTIVATESUBPROTOCOL_FUNCTION activateSubprotocolFunction = \CID 479096: Control flow issues (DEADCODE)
Execution cannot reach the expression "sessionInfoPtr->activateOuterSubprotocolFunction.fnPtr" inside this statement: "activateSubprotocolFunction...".
130 return( FALSE );CID 479095: Control flow issues (DEADCODE)
Execution cannot reach this statement: "return 0;".
720 return( status ); /* Residual error from peekTag() */CID 479094: (DEADCODE)
Execution cannot reach this statement: "return status;".
668 return( status ); /* Residual error from peekTag() */CID 479094: (DEADCODE)
Execution cannot reach this statement: "return status;".
641 return( status ); /* Residual error from peekTag() */CID 479094: (DEADCODE)
Execution cannot reach this statement: "return status;".
1779 case CRYPT_KEYSET_LDAP:CID 479093: (DEADCODE)
Execution cannot reach this statement: "case CRYPT_KEYSET_LDAP:".
1771 case CRYPT_KEYSET_DATABASE_STORE:CID 479093: (DEADCODE)
Execution cannot reach this statement: "case CRYPT_KEYSET_DATABASE:". 1770 case CRYPT_KEYSET_DATABASE:
1771 case CRYPT_KEYSET_DATABASE_STORE:CID 479093: (DEADCODE)
Execution cannot reach this statement: "case CRYPT_KEYSET_DATABASE_...".
285 insertDoubleListElement( newAttributeHeadPtr, newAttributeListTail,Variable "newAttributeField" going out of scope leaks the storage it points to.
707 if ( TRUE || channelNo == 0 || !waitforWindow )CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"255612575 || channelNo == 0 || !waitforWindow" is always true regardless of the values of its operands. This occurs as the logical operand of "if".
CID 480410: Uninitialized variables (UNINIT)
Using uninitialized value "bestf".
349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) {CID 483188: Memory - corruptions (OVERRUN)
Overrunning array """" of 1 bytes by passing it to a function which accesses it at byte offset 31 using argument "32UL".
3570 remove(str);CID 483249: Error handling issues (CHECKED_RETURN)
Calling "remove(str)" without checking return value. This library function may fail and return an error code.
1731 if(!js_GetMsgHeaderObjectPrivates(cx, hdrobj, /* smb_t: */NULL, &msg, /* post: */NULL))CID 486181: (RESOURCE_LEAK)
Variable "instr" going out of scope leaks the storage it points to. 1730 return JS_FALSE;
1733 }CID 486181: (RESOURCE_LEAK)
Variable "instr" going out of scope leaks the storage it points to. 1732 return JS_FALSE;
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
1379 return(NULL);CID 486276: (USE_AFTER_FREE)
Calling "free" frees pointer "working" which has already been freed. 1378 free(working);
416 fseek(stream,l,SEEK_SET);CID 486477: Error handling issues (CHECKED_RETURN)
Calling "fseek(stream, l, 0)" without checking return value. This library function may fail and return an error code.
382 fexistcase(path);CID 486496: (CHECKED_RETURN)
Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 130 times).
344 fexistcase(path);CID 486496: (CHECKED_RETURN)
Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 130 times).
1073 return ret;CID 486966: Memory - illegal accesses (RETURN_LOCAL)
Returning pointer "ret" which points to local variable "fval".
503 if(callbacks.drawrect) {Accessing "callbacks.drawrect" without holding lock "bitmap_callbacks.lock". Elsewhere, "bitmap_callbacks.drawrect" is written to with "bitmap_callbacks.lock" held 1 out of 1 times (1 of these accesses strongly imply that it is necessary).
97 useron.laston=(time32_t)now;CID 487089: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".
89 remove(path);CID 487088: Error handling issues (CHECKED_RETURN)
Calling "remove(path)" without checking return value. This library function may fail and return an error code.
1388 strcat(tmppath, dir);CID 487180: Memory - corruptions (BUFFER_SIZE)
Buffer "tmppath" has a size of 4097 characters, and its string length (null character not included) is 4095 characters, leaving an available space of 2 characters. Appending "dir", whose string length (null character not included) is 2 characters, plus the null character overruns "tmppath".
63 state->running--;CID 487179: (MISSING_LOCK)
Accessing "state->running" without holding lock "sftp_client_state.mtx". Elsewhere, "sftp_client_state.running" is written to with "sftp_client_state.mtx" held 1 out of 2 times (1 of these accesses strongly imply that it is necessary).
63 state->running--;CID 487179: (MISSING_LOCK)
Accessing "state->running" without holding lock "sftp_server_state.mtx". Elsewhere, "sftp_server_state.running" is written to with "sftp_server_state.mtx" held 1 out of 2 times (1 of these accesses strongly imply that it is necessary).
78 return true;CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.
72 return true;CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.
82 return true;CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.
68 return true;CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.
433 sftp_fattr_set_times(attr, fd, fd);CID 487177: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".
433 sftp_fattr_set_times(attr, fd, fd);CID 487177: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".
741 return -1;CID 487176: (RESOURCE_LEAK)
Variable "p" going out of scope leaks the storage it points to.
741 return -1;CID 487176: (RESOURCE_LEAK)
Variable "p" going out of scope leaks the storage it points to.
1517 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "EName allocation failure");CID 487175: Resource leaks (RESOURCE_LEAK)
Variable "attr" going out of scope leaks the storage it points to.
1993 cname = nullptr;CID 487174: Code maintainability issues (UNUSED_VALUE)
Assigning value "NULL" to "cname" here, but that stored value is overwritten before it can be used.
987 return false;CID 487173: Program hangs (LOCK)
Returning without unlocking "sbbs->ssh_mutex".
171 if (this->sftp_path[files_path_len] == 0 || this->sftp_path[files_path_len] == 0) {CID 487172: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
The expression "this->sftp_path[6UL /* files_path_len */] == 0 || this->sftp_path[6UL /* files_path_len */] == 0" does not accomplish anything because it evaluates to either of its identical operands, "this->sftp_path[6UL /* files_path_len */] == 0".
324 for (ext = 0; ext < extcnt; ext++) {CID 487171: Insecure data handling (TAINTED_SCALAR)
Using tainted variable "extcnt" as a loop boundary.
1147 if (access(pmap.local_path, F_OK) != 0) {CID 487170: Security best practices violations (TOCTOU)
Calling function "access" to perform check on "pmap.local_path".
1044 remove(sbbs->sftp_filedes[i]->local_path);CID 487169: Error handling issues (CHECKED_RETURN)
Calling "remove(sbbs->sftp_filedes[i]->local_path)" without checking return value. This library function may fail and return an error code.
679 status = setChannelAttributeS( sessionInfoPtr, 680 CRYPT_SESSINFO_SSH_CHANNEL_TYPE,CID 487168: (UNUSED_VALUE)
Assigning value from "setChannelAttributeS(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_TYPE, "shell", 5)" to "status" here, but that stored value is overwritten before it can be used.
691 status = setChannelAttributeS( sessionInfoPtr, 692 CRYPT_SESSINFO_SSH_CHANNEL_TYPE,CID 487168: (UNUSED_VALUE)
Assigning value from "setChannelAttributeS(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_TYPE, "exec", 4)" to "status" here, but that stored value is overwritten before it can be used.
2048 return ret;CID 487167: Program hangs (LOCK)
Returning without unlocking "sbbs->sftp_state->mtx".
2036 cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE, 0);CID 487166: (CHECKED_RETURN)
Calling "cryptSetAttribute" without checking return value (as is done elsewhere 50 out of 61 times).
2028 cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE, 0);CID 487166: (CHECKED_RETURN)
Calling "cryptSetAttribute" without checking return value (as is done elsewhere 50 out of 61 times).
1984 if (cname && sbbs->session_channel == -1 && strcmp(cname, "shell") == 0) {CID 487165: (REVERSE_INULL)
Null-checking "cname" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1975 if (((startup->options & (BBS_OPT_ALLOW_SFTP | BBS_OPT_SSH_ANYAUTH)) == BBS_OPT_ALLOW_SFTP) && ssname && cname && sbbs->sftp_channel == -1 && strcmp(ssname, "sftp") == 0) {CID 487165: (REVERSE_INULL)
Null-checking "cname" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1424 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Attributes allocation failure");CID 487164: Resource leaks (RESOURCE_LEAK)
Variable "link" going out of scope leaks the storage it points to.
373 return false;CID 487163: Program hangs (LOCK)
Returning without unlocking "state->mtx".
871 sftp_fattr_free(ret);CID 487162: Control flow issues (DEADCODE)
Execution cannot reach this statement: "sftp_fattr_free(ret);".
448 sftp_fattr_set_times(attr, fd, fd);CID 487161: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".
448 sftp_fattr_set_times(attr, fd, fd);CID 487161: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".
1625 fn.add_name(strdup(vpath), lname, attr);CID 487600: Error handling issues (CHECKED_RETURN)
Calling "add_name" without checking return value (as is done elsewhere 4 out of 5 times).
36 return mktime(&tm) - mktime(gmtime_r(&t,&gmt));CID 487672: Null pointer dereferences (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "gmtime_r(&t, &gmt)" when calling "mktime".
6243 if(!session->send_failed) {CID 488122: Concurrent data access violations (MISSING_LOCK)
Accessing "session->send_failed" without holding lock "http_session_t.outbuf_write". Elsewhere, "http_session_t.send_failed" is written to with "http_session_t.outbuf_write" held 1 out of 1 times.
344 answers[a++]=(char)getkeys((char *)buf+m,0);CID 488309: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "(char *)buf + m" to "getkeys", which expects a null-terminated string.
3666 faddr=atofaddr(buf+i+1);CID 488308: (STRING_NULL)
Passing unterminated string "buf + i + 1" to "atofaddr", which expects a null-terminated string.
3660 faddr=atofaddr(buf+i+6);CID 488308: (STRING_NULL)
Passing unterminated string "buf + i + 6" to "atofaddr", which expects a null-terminated string.
1085 set_convenience_ptr(msg,msg->hfield[i].type,msg->hfield[i].length,msg->hfield_dat[i]);CID 488307: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "msg->hfield_dat[i]" to "set_convenience_ptr", which expects a null-terminated string.
60 SAFECOPY(info->author, record.author); truncsp(info->author); 61 SAFECOPY(info->group, record.group); truncsp(info->group);CID 488306: (STRING_NULL)
Passing unterminated string "record.author" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
62 SAFECOPY(info->date, record.date); truncsp(info->date);CID 488306: (STRING_NULL)
Passing unterminated string "record.date" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
59 SAFECOPY(info->title, record.title); truncsp(info->title);CID 488306: (STRING_NULL)
Passing unterminated string "record.title" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
61 SAFECOPY(info->group, record.group); truncsp(info->group);Passing unterminated string "record.group" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
1908 strcpy(bbs_startup.ctrl_dir,ctrl_dir);CID 488305: Memory - corruptions (STRING_OVERFLOW)
You might overrun the 1024-character destination string "bbs_startup.ctrl_dir" by writing 4097 characters from "ctrl_dir".
2698 LAZY_INTEGER("git_time", git_time);CID 492209: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "git_time" is cast to "uint32".
4472 fexistcase(str);CID 492287: Error handling issues (CHECKED_RETURN)
Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 131 times).
811 if(client->protocol == NULL || username == NULL)CID 493283: Incorrect expression (NO_EFFECT)
Comparing an array to null is not useful: "client->protocol == NULL", since the test will always evaluate as true.
Sysop: | Ruben Figueroa |
---|---|
Location: | Mesquite, Tx |
Users: | 2 |
Nodes: | 4 (0 / 4) |
Uptime: | 117:58:18 |
Calls: | 77 |
Files: | 49 |
Messages: | 64,516 |