Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 487089: High impact quality (Y2K38_SAFETY)
/logout.cpp: 97 in sbbs_t::logout(bool)()


________________________________________________________________________________________________________
*** CID 487089: High impact quality (Y2K38_SAFETY)
/logout.cpp: 97 in sbbs_t::logout(bool)()
91 delfiles(cfg.temp_dir,ALLFILES);
92 if(sys_status&SS_USERON) { // Insures the useron actually went through logon()/getmsgptrs() first
93 putmsgptrs();
94 }
95 if(!REALSYSOP)
96 logofflist();

CID 487089: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".

97 useron.laston=(time32_t)now;
98
99 ttoday=useron.ttoday-useron.textra; /* billable time used prev calls */
100 if(ttoday>=cfg.level_timeperday[useron.level])
101 i=0;
102 else

** CID 487088: Error handling issues (CHECKED_RETURN)
/logout.cpp: 89 in sbbs_t::logout(bool)()


________________________________________________________________________________________________________
*** CID 487088: Error handling issues (CHECKED_RETURN)
/logout.cpp: 89 in sbbs_t::logout(bool)()
83 if(cfg.logout_mod[0]) {
84 lprintf(LOG_DEBUG, "executing logout module: %s", cfg.logout_mod);
85 exec_bin(cfg.logout_mod,&main_csi);
86 }
87 SAFEPRINTF2(path,"%smsgs/%4.4u.msg",cfg.data_dir,useron.number);
88 if(fexistcase(path) && !flength(path)) /* remove any 0 byte message files */

CID 487088: Error handling issues (CHECKED_RETURN)
Calling "remove(path)" without checking return value. This library function may fail and return an error code.

89 remove(path);
90
91 delfiles(cfg.temp_dir,ALLFILES);
92 if(sys_status&SS_USERON) { // Insures the useron actually went through logon()/getmsgptrs() first
93 putmsgptrs();
94 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D6w7L_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZL2KLON9c0qMM4K5aJ-2BfdThB6-2BKGg4cWLgpEPITZFj21NY7HODKa21xNCYmqB9WQ9jGdCaJ8kxZplYYP3ZpJQciN5y3k5uG3vF-2Bbjho-2FJ80W4KFTLh14Ge0YKg4KwvJQypDruDryLBwEKW1kUPhOIUyQwbpfzm3Xgxi8Wb6VLKOw-3D-3D


--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

23 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 23 defect(s)


** CID 487180: Memory - corruptions (BUFFER_SIZE)
/sftp.cpp: 1388 in sftp_readdir(sftp_string *, void *)()


________________________________________________________________________________________________________
*** CID 487180: Memory - corruptions (BUFFER_SIZE)
/sftp.cpp: 1388 in sftp_readdir(sftp_string *, void *)()
1382 return generic_dot_entry(sbbs, dir, tmppath, &dd->info.rootdir.idx);
1383 }
1384 if (dd->info.rootdir.idx == dotdot) {
1385 if (pm->sftp_patt[1]) {
1386 char *dir = const_cast<char *>(".."); 1387 snprintf(tmppath, sizeof(tmppath) - 2 /* for dir */, pm->sftp_patt, sbbs->useron.alias);

CID 487180: Memory - corruptions (BUFFER_SIZE)
Buffer "tmppath" has a size of 4097 characters, and its string length (null character not included) is 4095 characters, leaving an available space of 2 characters. Appending "dir", whose string length (null character not included) is 2 characters, plus the null character overruns "tmppath".

1388 strcat(tmppath, dir);
1389 return generic_dot_realpath_entry(sbbs, dir, tmppath, &dd->info.rootdir.idx);
1390 }
1391 else
1392 dd->info.rootdir.idx++;
1393 }

** CID 487179: (MISSING_LOCK)
/tmp/sbbs-Feb-28-2024/src/sftp/sftp_static.h: 63 in exit_function() /tmp/sbbs-Feb-28-2024/src/sftp/sftp_static.h: 63 in exit_function()


________________________________________________________________________________________________________
*** CID 487179: (MISSING_LOCK)
/tmp/sbbs-Feb-28-2024/src/sftp/sftp_static.h: 63 in exit_function()
57 }
58
59 static bool
60 exit_function(SFTP_STATIC_TYPE state, bool retval)
61 {
62 assert(state->running > 0);

CID 487179: (MISSING_LOCK)
Accessing "state->running" without holding lock "sftp_client_state.mtx". Elsewhere, "sftp_client_state.running" is written to with "sftp_client_state.mtx" held 1 out of 2 times (1 of these accesses strongly imply that it is necessary).

63 state->running--;
64 pthread_mutex_unlock(&state->mtx);
65 return retval;
66 }
67
68 static bool
/tmp/sbbs-Feb-28-2024/src/sftp/sftp_static.h: 63 in exit_function()
57 }
58
59 static bool
60 exit_function(SFTP_STATIC_TYPE state, bool retval)
61 {
62 assert(state->running > 0);

CID 487179: (MISSING_LOCK)
Accessing "state->running" without holding lock "sftp_server_state.mtx". Elsewhere, "sftp_server_state.running" is written to with "sftp_server_state.mtx" held 1 out of 2 times (1 of these accesses strongly imply that it is necessary).

63 state->running--;
64 pthread_mutex_unlock(&state->mtx);
65 return retval;
66 }
67
68 static bool

** CID 487178: (RESOURCE_LEAK)
/tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 78 in s_open() /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 72 in s_open() /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 82 in s_open() /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 68 in s_open()


________________________________________________________________________________________________________
*** CID 487178: (RESOURCE_LEAK) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 78 in s_open()
72 return true;
73 }
74 }
75 if (!(flags & SSH_FXF_CREAT)) {
76 if (flags & SSH_FXF_TRUNC) {
77 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't truncate unless creating");

CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.

78 return true;
79 }
80 if (flags & SSH_FXF_EXCL) {
81 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't open exclisive unless creating");
82 return true;
83 }
/tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 72 in s_open()
66 if (flags & SSH_FXF_CREAT) {
67 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't create unless writing");
68 return true;
69 }
70 if (flags & SSH_FXF_APPEND) {
71 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't append unless writing");

CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.

72 return true;
73 }
74 }
75 if (!(flags & SSH_FXF_CREAT)) {
76 if (flags & SSH_FXF_TRUNC) {
77 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't truncate unless creating");
/tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 82 in s_open()
76 if (flags & SSH_FXF_TRUNC) {
77 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't truncate unless creating");
78 return true;
79 }
80 if (flags & SSH_FXF_EXCL) {
81 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't open exclisive unless creating");

CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.

82 return true;
83 }
84 }
85 attrs = sftp_getfattr(state->rxp);
86 if (attrs == NULL) {
87 free_sftp_str(fname); /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 68 in s_open()
62 if (fname == NULL)
63 return false;
64 flags = get32(state);
65 if (!(flags & SSH_FXF_WRITE)) {
66 if (flags & SSH_FXF_CREAT) {
67 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't create unless writing");

CID 487178: (RESOURCE_LEAK)
Variable "fname" going out of scope leaks the storage it points to.

68 return true;
69 }
70 if (flags & SSH_FXF_APPEND) {
71 sftps_send_error(state, SSH_FX_OP_UNSUPPORTED, "Can't append unless writing");
72 return true;
73 }

** CID 487177: (Y2K38_SAFETY)
/sftp.cpp: 433 in homefile_attrs(sbbs_t *, const char *)()
/sftp.cpp: 433 in homefile_attrs(sbbs_t *, const char *)()


________________________________________________________________________________________________________
*** CID 487177: (Y2K38_SAFETY)
/sftp.cpp: 433 in homefile_attrs(sbbs_t *, const char *)()
427 if (attr == nullptr)
428 return nullptr;
429 sftp_fattr_set_permissions(attr, S_IFREG | S_IRWXU | S_IRUSR | S_IWUSR);
430 sftp_fattr_set_uid_gid(attr, sbbs->useron.number, users_gid); 431 sftp_fattr_set_size(attr, flength(path));
432 time_t fd = fdate(path);

CID 487177: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".

433 sftp_fattr_set_times(attr, fd, fd);
434 return attr;
435 }
436
437 static sftp_file_attr_t
438 sshkeys_attrs(sbbs_t *sbbs, const char *path)
/sftp.cpp: 433 in homefile_attrs(sbbs_t *, const char *)()
427 if (attr == nullptr)
428 return nullptr;
429 sftp_fattr_set_permissions(attr, S_IFREG | S_IRWXU | S_IRUSR | S_IWUSR);
430 sftp_fattr_set_uid_gid(attr, sbbs->useron.number, users_gid); 431 sftp_fattr_set_size(attr, flength(path));
432 time_t fd = fdate(path);

CID 487177: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".

433 sftp_fattr_set_times(attr, fd, fd);
434 return attr;
435 }
436
437 static sftp_file_attr_t
438 sshkeys_attrs(sbbs_t *sbbs, const char *path)

** CID 487176: (RESOURCE_LEAK)
/sftp.cpp: 741 in find_lib(sbbs_t *, const char *)()
/sftp.cpp: 741 in find_lib(sbbs_t *, const char *)()


________________________________________________________________________________________________________
*** CID 487176: (RESOURCE_LEAK)
/sftp.cpp: 741 in find_lib(sbbs_t *, const char *)()
735 *c = 0;
736 for (l = 0; l < sbbs->cfg.total_libs; l++) {
737 if (!can_user_access_lib(&sbbs->cfg, l, &sbbs->useron, &sbbs->client))
738 continue;
739 exp = expand_slash(sbbs->cfg.lib[l]->lname);
740 if (exp == nullptr)

CID 487176: (RESOURCE_LEAK)
Variable "p" going out of scope leaks the storage it points to.

741 return -1;
742 if (strcmp(p, exp)) {
743 free(exp);
744 continue;
745 }
746 free(exp);
/sftp.cpp: 741 in find_lib(sbbs_t *, const char *)()
735 *c = 0;
736 for (l = 0; l < sbbs->cfg.total_libs; l++) {
737 if (!can_user_access_lib(&sbbs->cfg, l, &sbbs->useron, &sbbs->client))
738 continue;
739 exp = expand_slash(sbbs->cfg.lib[l]->lname);
740 if (exp == nullptr)

CID 487176: (RESOURCE_LEAK)
Variable "p" going out of scope leaks the storage it points to.

741 return -1;
742 if (strcmp(p, exp)) {
743 free(exp);
744 continue;
745 }
746 free(exp);

** CID 487175: Resource leaks (RESOURCE_LEAK)
/sftp.cpp: 1517 in sftp_readdir(sftp_string *, void *)()


________________________________________________________________________________________________________
*** CID 487175: Resource leaks (RESOURCE_LEAK)
/sftp.cpp: 1517 in sftp_readdir(sftp_string *, void *)()
1511 }
1512 attr = get_dir_attrs(sbbs, dd->info.filebase.idx);
1513 if (attr == nullptr)
1514 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Attributes allocation failure");
1515 ename = expand_slash(sbbs->cfg.dir[dd->info.filebase.idx]->lname);
1516 if (ename == nullptr)

CID 487175: Resource leaks (RESOURCE_LEAK)
Variable "attr" going out of scope leaks the storage it points to.

1517 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "EName allocation failure");
1518 lname = get_longname(sbbs, ename, nullptr, attr);
1519 if (lname == nullptr) {
1520 free(ename);
1521 sftp_fattr_free(attr);
1522 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Longname allocation failure");

** CID 487174: Code maintainability issues (UNUSED_VALUE)
/main.cpp: 1993 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()


________________________________________________________________________________________________________
*** CID 487174: Code maintainability issues (UNUSED_VALUE)
/main.cpp: 1993 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
1987
1988 if (cid != sbbs->sftp_channel && cid != sbbs->session_channel) {
1989 lprintf(LOG_WARNING, "Node %d SSH WARNING: attempt to use channel '%s' (%d != %d or %d)"
1990 , sbbs->cfg.node_num, cname ? cname : "<unknown>", cid, sbbs->session_channel, sbbs->sftp_channel);
1991 if (cname) {
1992 free_crypt_attrstr(cname);

CID 487174: Code maintainability issues (UNUSED_VALUE)
Assigning value "NULL" to "cname" here, but that stored value is overwritten before it can be used.

1993 cname = nullptr;
1994 }
1995 if (ssname) {
1996 free_crypt_attrstr(ssname);
1997 ssname = nullptr;
1998 }

** CID 487173: Program hangs (LOCK)
/sftp.cpp: 987 in sftp_send(unsigned char *, unsigned long, void *)()


________________________________________________________________________________________________________
*** CID 487173: Program hangs (LOCK)
/sftp.cpp: 987 in sftp_send(unsigned char *, unsigned long, void *)()
981 if (sbbs->sftp_channel == -1)
982 return false;
983 while (sent < len) {
984 pthread_mutex_lock(&sbbs->ssh_mutex);
985 status = cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL, sbbs->sftp_channel);
986 if (cryptStatusError(status))

CID 487173: Program hangs (LOCK)
Returning without unlocking "sbbs->ssh_mutex".

987 return false;
988 size_t sendbytes = len - sent;
989 #define SENDBYTES_MAX 0x2000
990 if (sendbytes > SENDBYTES_MAX)
991 sendbytes = SENDBYTES_MAX;
992 status = cryptSetAttribute(sbbs->ssh_session, CRYPT_OPTION_NET_WRITETIMEOUT, 5);

** CID 487172: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
/sftp.cpp: 171 in path_map::path_map(sbbs_t *, const unsigned char *, map_path_mode)()


________________________________________________________________________________________________________
*** CID 487172: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
/sftp.cpp: 171 in path_map::path_map(sbbs_t *, const unsigned char *, map_path_mode)()
165 return;
166 }
167 this->is_static_ = false;
168 this->info.filebase.dir = -1;
169 this->info.filebase.lib = -1;
170 this->info.filebase.idx = dot;

CID 487172: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
The expression "this->sftp_path[6UL /* files_path_len */] == 0 || this->sftp_path[6UL /* files_path_len */] == 0" does not accomplish anything because it evaluates to either of its identical operands, "this->sftp_path[6UL /* files_path_len */] == 0".

171 if (this->sftp_path[files_path_len] == 0 || this->sftp_path[files_path_len] == 0) {
172 // Root...
173 result_ = MAP_TO_DIR;
174 return;
175 }
176 const char *lib = &this->sftp_path[files_path_len + 1];

** CID 487171: Insecure data handling (TAINTED_SCALAR) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_attr.c: 324 in sftp_getfattr()


________________________________________________________________________________________________________
*** CID 487171: Insecure data handling (TAINTED_SCALAR) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_attr.c: 324 in sftp_getfattr()
318 ret->atime = sftp_get32(pkt);
319 ret->mtime = sftp_get32(pkt);
320 }
321 if (ret->flags & SSH_FILEXFER_ATTR_EXTENDED) {
322 uint32_t extcnt = sftp_get32(pkt);
323 uint32_t ext;

CID 487171: Insecure data handling (TAINTED_SCALAR)
Using tainted variable "extcnt" as a loop boundary.

324 for (ext = 0; ext < extcnt; ext++) {
325 sftp_str_t type = sftp_getstring(pkt);
326 if (type == NULL)
327 break;
328 sftp_str_t data = sftp_getstring(pkt);
329 if (data == NULL) {

** CID 487170: Security best practices violations (TOCTOU)
/sftp.cpp: 1147 in sftp_open(sftp_string *, unsigned int, sftp_file_attributes *, void *)()


________________________________________________________________________________________________________
*** CID 487170: Security best practices violations (TOCTOU)
/sftp.cpp: 1147 in sftp_open(sftp_string *, unsigned int, sftp_file_attributes *, void *)()
1141 sbbs->sftp_filedes[fdidx]->dir = -1;
1142 else {
1143 sbbs->sftp_filedes[fdidx]->dir = pmap.info.filebase.dir;
1144 sbbs->sftp_filedes[fdidx]->idx_offset = pmap.info.filebase.offset;
1145 sbbs->sftp_filedes[fdidx]->idx_number = pmap.info.filebase.idx;
1146 }

CID 487170: Security best practices violations (TOCTOU)
Calling function "access" to perform check on "pmap.local_path".

1147 if (access(pmap.local_path, F_OK) != 0) {
1148 // File did not exist, and we're creating
1149 if (oflags & O_CREAT) {
1150 sbbs->sftp_filedes[fdidx]->created = true;
1151 }
1152 }

** CID 487169: Error handling issues (CHECKED_RETURN)
/sftp.cpp: 1044 in sftp_cleanup_callback(void *)()


________________________________________________________________________________________________________
*** CID 487169: Error handling issues (CHECKED_RETURN)
/sftp.cpp: 1044 in sftp_cleanup_callback(void *)()
1038
1039 for (unsigned i = 0; i < nfdes; i++) {
1040 if (sbbs->sftp_filedes[i] != nullptr) {
1041 close(sbbs->sftp_filedes[i]->fd);
1042 if (sbbs->sftp_filedes[i]->created && sbbs->sftp_filedes[i]->local_path) {
1043 // If we were uploading, delete the incomplete file

CID 487169: Error handling issues (CHECKED_RETURN)
Calling "remove(sbbs->sftp_filedes[i]->local_path)" without checking return value. This library function may fail and return an error code.

1044 remove(sbbs->sftp_filedes[i]->local_path);
1045 }
1046 free(sbbs->sftp_filedes[i]->local_path);
1047 free(sbbs->sftp_filedes[i]);
1048 sbbs->sftp_filedes[i] = nullptr;
1049 }

** CID 487168: (UNUSED_VALUE) /tmp/sbbs-Feb-28-2024/3rdp/src/cl/session/ssh2_msgsvr.c: 679 in processChannelRequest()
/tmp/sbbs-Feb-28-2024/3rdp/src/cl/session/ssh2_msgsvr.c: 691 in processChannelRequest()


________________________________________________________________________________________________________
*** CID 487168: (UNUSED_VALUE) /tmp/sbbs-Feb-28-2024/3rdp/src/cl/session/ssh2_msgsvr.c: 679 in processChannelRequest()
673 setChannelAttribute(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_WIDTH, status);
674 status = readUint32(stream);
675 if (status > 0)
676 setChannelAttribute(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT, status);
677 break;
678 case REQUEST_SHELL:

CID 487168: (UNUSED_VALUE)
Assigning value from "setChannelAttributeS(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_TYPE, "shell", 5)" to "status" here, but that stored value is overwritten before it can be used.

679 status = setChannelAttributeS( sessionInfoPtr, 680 CRYPT_SESSINFO_SSH_CHANNEL_TYPE,
681 "shell", 5 );
682 break;
683 case REQUEST_NOOP:
684 /* Generic requests containing extra information that we're not
/tmp/sbbs-Feb-28-2024/3rdp/src/cl/session/ssh2_msgsvr.c: 691 in processChannelRequest()
685 interested in */
686 break;
687
688 #ifdef USE_SSH_EXTENDED
689 case REQUEST_EXEC:
690 /* A further generic request that we're not interested in */

CID 487168: (UNUSED_VALUE)
Assigning value from "setChannelAttributeS(sessionInfoPtr, CRYPT_SESSINFO_SSH_CHANNEL_TYPE, "exec", 4)" to "status" here, but that stored value is overwritten before it can be used.

691 status = setChannelAttributeS( sessionInfoPtr, 692 CRYPT_SESSINFO_SSH_CHANNEL_TYPE,
693 "exec", 4 );
694 break;
695
696 case REQUEST_SUBSYSTEM:

** CID 487167: Program hangs (LOCK)
/main.cpp: 2048 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()


________________________________________________________________________________________________________
*** CID 487167: Program hangs (LOCK)
/main.cpp: 2048 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
2042 if (closed && sbbs->sftp_channel == -1 && sbbs->session_channel == -1)
2043 return CRYPT_ERROR_COMPLETE; 2044 }
2045 }
2046 if (ret == CRYPT_ENVELOPE_RESOURCE)
2047 return CRYPT_ERROR_TIMEOUT;

CID 487167: Program hangs (LOCK)
Returning without unlocking "sbbs->sftp_state->mtx".

2048 return ret;
2049 }
2050 return CRYPT_ERROR_TIMEOUT;
2051 }
2052
2053 void input_thread(void *arg)

** CID 487166: (CHECKED_RETURN)
/main.cpp: 2036 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)() /main.cpp: 2028 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()


________________________________________________________________________________________________________
*** CID 487166: (CHECKED_RETURN)
/main.cpp: 2036 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
2030 closed = true;
2031 }
2032 }
2033 if (sbbs->session_channel != -1) {
2034 if (!channel_open(sbbs, sbbs->session_channel)) {
2035 if (cryptStatusOK(cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL, sbbs->session_channel)))

CID 487166: (CHECKED_RETURN)
Calling "cryptSetAttribute" without checking return value (as is done elsewhere 50 out of 61 times).

2036 cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE, 0);
2037 sbbs->session_channel = -1;
2038 closed = true;
2039 }
2040 }
2041 // All channels are now closed. /main.cpp: 2028 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
2022 if (status != CRYPT_ERROR_NOTFOUND) 2023 sbbs->log_crypt_error_status_sock(status, "getting channel id");
2024 closing_channel = -1;
2025 if (sbbs->sftp_channel != -1) {
2026 if (!channel_open(sbbs, sbbs->sftp_channel)) {
2027 if (cryptStatusOK(cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL, sbbs->sftp_channel)))

CID 487166: (CHECKED_RETURN)
Calling "cryptSetAttribute" without checking return value (as is done elsewhere 50 out of 61 times).

2028 cryptSetAttribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE, 0);
2029 sbbs->sftp_channel = -1;
2030 closed = true;
2031 }
2032 }
2033 if (sbbs->session_channel != -1) {

** CID 487165: (REVERSE_INULL)
/main.cpp: 1984 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)() /main.cpp: 1975 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()


________________________________________________________________________________________________________
*** CID 487165: (REVERSE_INULL)
/main.cpp: 1984 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
1978 if (!sftps_recv(sbbs->sftp_state, reinterpret_cast<uint8_t *>(inbuf), tgot))
1979 sbbs->sftp_end();
1980 }
1981 sbbs->sftp_channel = cid;
1982 }
1983 }

CID 487165: (REVERSE_INULL)
Null-checking "cname" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

1984 if (cname && sbbs->session_channel == -1 && strcmp(cname, "shell") == 0) {
1985 sbbs->session_channel = cid;
1986 }
1987
1988 if (cid != sbbs->sftp_channel && cid != sbbs->session_channel) {
1989 lprintf(LOG_WARNING, "Node %d SSH WARNING: attempt to use channel '%s' (%d != %d or %d)"
/main.cpp: 1975 in crypt_pop_channel_data(sbbs_t *, char *, int, int *)()
1969 return status;
1970 }
1971 cname = get_crypt_attribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_TYPE);
1972 if (strcmp(cname, "subsystem") == 0) {
1973 ssname = get_crypt_attribute(sbbs->ssh_session, CRYPT_SESSINFO_SSH_CHANNEL_ARG1);
1974 }

CID 487165: (REVERSE_INULL)
Null-checking "cname" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

1975 if (((startup->options & (BBS_OPT_ALLOW_SFTP | BBS_OPT_SSH_ANYAUTH)) == BBS_OPT_ALLOW_SFTP) && ssname && cname && sbbs->sftp_channel == -1 && strcmp(ssname, "sftp") == 0) {
1976 if (sbbs->init_sftp(cid)) {
1977 if (tgot > 0) { 1978 if (!sftps_recv(sbbs->sftp_state, reinterpret_cast<uint8_t *>(inbuf), tgot))
1979 sbbs->sftp_end();
1980 }

** CID 487164: Resource leaks (RESOURCE_LEAK)
/sftp.cpp: 1424 in sftp_readdir(sftp_string *, void *)()


________________________________________________________________________________________________________
*** CID 487164: Resource leaks (RESOURCE_LEAK)
/sftp.cpp: 1424 in sftp_readdir(sftp_string *, void *)()
1418 continue;
1419 }
1420 sprintf(tmppath, static_files[dd->info.rootdir.idx].sftp_patt, sbbs->useron.alias);
1421 remove_trailing_slash(tmppath);
1422 attr = get_attrs(sbbs, tmppath, &link);
1423 if (attr == nullptr)

CID 487164: Resource leaks (RESOURCE_LEAK)
Variable "link" going out of scope leaks the storage it points to.

1424 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Attributes allocation failure");
1425 lname = get_longname(sbbs, tmppath, link, attr);
1426 if (lname == nullptr) {
1427 sftp_fattr_free(attr);
1428 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Longname allocation failure");
1429 }

** CID 487163: Program hangs (LOCK) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 373 in sftps_recv()


________________________________________________________________________________________________________
*** CID 487163: Program hangs (LOCK) /tmp/sbbs-Feb-28-2024/src/sftp/sftp_server.c: 373 in sftps_recv()
367 if (!sftp_rx_pkt_append(&state->rxp, buf, sz))
368 return exit_function(state, false);
369 if (sftp_have_pkt_sz(state->rxp)) {
370 uint32_t psz = sftp_pkt_sz(state->rxp);
371 if (psz > SFTP_MAX_PACKET_SIZE) {
372 state->lprintf(state->cb_data, "Packet too large (%" PRIu32 " bytes)", psz);

CID 487163: Program hangs (LOCK)
Returning without unlocking "state->mtx".

373 return false;
374 }
375 }
376 while (sftp_have_full_pkt(state->rxp)) {
377 bool handled = false;
378

** CID 487162: Control flow issues (DEADCODE)
/sftp.cpp: 871 in get_attrs(sbbs_t *, const char *, char **)()


________________________________________________________________________________________________________
*** CID 487162: Control flow issues (DEADCODE)
/sftp.cpp: 871 in get_attrs(sbbs_t *, const char *, char **)()
865 else
866 ppath[0] = 0;
867 ret = pm->get_attrs(sbbs, ppath);
868 if (link && pm->link_patt) {
869 asprintf(link, pm->link_patt, sbbs->useron.alias);
870 if (link == nullptr) {

CID 487162: Control flow issues (DEADCODE)
Execution cannot reach this statement: "sftp_fattr_free(ret);".

871 sftp_fattr_free(ret);
872 ret = nullptr;
873 }
874 }
875 return ret;
876 }

** CID 487161: (Y2K38_SAFETY)
/sftp.cpp: 448 in sshkeys_attrs(sbbs_t *, const char *)()
/sftp.cpp: 448 in sshkeys_attrs(sbbs_t *, const char *)()


________________________________________________________________________________________________________
*** CID 487161: (Y2K38_SAFETY)
/sftp.cpp: 448 in sshkeys_attrs(sbbs_t *, const char *)()
442 if (attr == nullptr)
443 return nullptr;
444 sftp_fattr_set_permissions(attr, S_IFLNK | S_IRWXU | S_IRUSR | S_IWUSR);
445 sftp_fattr_set_uid_gid(attr, sbbs->useron.number, users_gid); 446 sftp_fattr_set_size(attr, flength(path));
447 time_t fd = fdate(path);

CID 487161: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".

448 sftp_fattr_set_times(attr, fd, fd);
449 return attr;
450 }
451
452 void
453 remove_trailing_slash(char *str)
/sftp.cpp: 448 in sshkeys_attrs(sbbs_t *, const char *)()
442 if (attr == nullptr)
443 return nullptr;
444 sftp_fattr_set_permissions(attr, S_IFLNK | S_IRWXU | S_IRUSR | S_IWUSR);
445 sftp_fattr_set_uid_gid(attr, sbbs->useron.number, users_gid); 446 sftp_fattr_set_size(attr, flength(path));
447 time_t fd = fdate(path);

CID 487161: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "fd" is cast to "uint32_t".

448 sftp_fattr_set_times(attr, fd, fd);
449 return attr;
450 }
451
452 void
453 remove_trailing_slash(char *str)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D4ieG_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZz6Lg2xx1dh6E9z4lSXKW4n9yiZaua5LbXznpVF4MIwbp178psQJ2n-2Fpok7ErzI9IlNJTrPj-2F83NUNTOEjSUjSMYrpz0XVq0IKvzP47fjT8ZUoPS4k4FQsPlqiTS940mDZqL8H0V26aTBOs1jlgpdGUT2g7d1Ei-2FiSNIWvXxdCeA-3D-3D


--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 487600: Error handling issues (CHECKED_RETURN)
/sftp.cpp: 1625 in sftp_readdir(sftp_string *, void *)()


________________________________________________________________________________________________________
*** CID 487600: Error handling issues (CHECKED_RETURN)
/sftp.cpp: 1625 in sftp_readdir(sftp_string *, void *)()
1619 free(link);
1620 if (lname == nullptr) {
1621 sftp_fattr_free(attr);
1622 return sftps_send_error(sbbs->sftp_state, SSH_FX_FAILURE, "Longname allocation failure");
1623 }
1624 vpath = getfname(tmppath);

CID 487600: Error handling issues (CHECKED_RETURN)
Calling "add_name" without checking return value (as is done elsewhere 4 out of 5 times).

1625 fn.add_name(strdup(vpath), lname, attr);
1626 }
1627 }
1628 else {
1629 if (dd->info.filebase.lib == -1) {
1630 // /files/ (ie: list of libs)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D_Mv9_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZAvea4qFQBhPrjKB4cHy2kAbmKz1-2F0ttbXdmTqhC-2BEq7-2Bvgywi6EN0yh9ZWlpucVXNfv4OAgSDch06A-2FyZfKQuykxNA3ygHnLLNJZ-2FPbpNGcgiztSzdmC0nW0gtMv3miUCmrLhEqR-2FOP8z9BsqWg6i-2B8KyEK4CuE0E7PMo9TUvnw-3D-3D


--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 487672: Null pointer dereferences (NULL_RETURNS) /tmp/sbbs-Mar-03-2024/src/xpdev/datewrap.c: 36 in checktime()


________________________________________________________________________________________________________
*** CID 487672: Null pointer dereferences (NULL_RETURNS) /tmp/sbbs-Mar-03-2024/src/xpdev/datewrap.c: 36 in checktime()
30 struct tm gmt;
31 struct tm tm;
32
33 memset(&tm,0,sizeof(tm));
34 tm.tm_year=94;
35 tm.tm_mday=1;

CID 487672: Null pointer dereferences (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "gmtime_r(&t, &gmt)" when calling "mktime".

36 return mktime(&tm) - mktime(gmtime_r(&t,&gmt));
37 }
38
39 /* Compensates for struct tm "weirdness" */
40 time_t sane_mktime(struct tm* tm)
41 {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D-9vV_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbdS62iBETJxCjfqof1M6S95WSy-2FViK1FGVTyAQx6ozqlGvN9awUs6gtEF2eXLxZfTJjLLUyT0fwRFvEc99-2BOQhjAl2O2TUGD1ycgVDsPOsObe7L7LzV-2FFPKXyVz9z9YuZdACZlhk3hv8V4jfGont8ig4eUY-2FGqtqgGqZWYwmWkLQ-3D-3D


--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 488122: Concurrent data access violations (MISSING_LOCK)
/websrvr.c: 6243 in respond()


________________________________________________________________________________________________________
*** CID 488122: Concurrent data access violations (MISSING_LOCK)
/websrvr.c: 6243 in respond()
6237 ,session->socket, session->client.protocol, session->client.addr, session->req.physical_path
6238 ,session->req.range_start,session->req.range_end, content_length);
6239 else
6240 lprintf(LOG_INFO,"%04d %s [%s] Sending file: %s (%"PRIdOFF" bytes)"
6241 ,session->socket, session->client.protocol, session->client.addr, session->req.physical_path, content_length);
6242 snt=sock_sendfile(session,session->req.physical_path,session->req.range_start,session->req.range_end);

CID 488122: Concurrent data access violations (MISSING_LOCK)
Accessing "session->send_failed" without holding lock "http_session_t.outbuf_write". Elsewhere, "http_session_t.send_failed" is written to with "http_session_t.outbuf_write" held 1 out of 1 times.

6243 if(!session->send_failed) {
6244 if(session->req.ld!=NULL) {
6245 if(snt<0)
6246 snt=0;
6247 session->req.ld->size=snt;
6248 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DmHtV_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbYwk4stqvOulAQyfb9Qz7UqXa-2FyYiLNtJQLdPQNB0BbrubVIHVqt8wbwLmHsBUJon6PC9sbncKQ-2BAxsdRHbzS8LHKyt8nQ5XXM7E400tls6CE8QTOmeO-2BbTPMyH95TYfYCuXcmmWIuH-2F2U7WSDFD5czc7Rvy8hX-2BZbhm7O5DgwmQ-3D-3D


--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

5 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 488309: Memory - illegal accesses (STRING_NULL)


________________________________________________________________________________________________________
*** CID 488309: Memory - illegal accesses (STRING_NULL)
/str.cpp: 344 in sbbs_t::sif(char *, char *, int)()
338 m+=2;
339 for(l=m;l<length;l++)
340 if(buf[l]=='"') {
341 buf[l]=0;
342 break;
343 }

CID 488309: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "(char *)buf + m" to "getkeys", which expects a null-terminated string.

344 answers[a++]=(char)getkeys((char *)buf+m,0);
345 }
346 else {
347 answers[a]=getkey(mode);
348 outchar(answers[a++]);
349 attr(LIGHTGRAY);

** CID 488308: (STRING_NULL)


________________________________________________________________________________________________________
*** CID 488308: (STRING_NULL)
/sbbsecho.c: 3666 in getzpt()
3660 faddr=atofaddr(buf+i+6);
3661 hdr->destzone=faddr.zone;
3662 hdr->destnet=faddr.net;
3663 hdr->destnode=faddr.node;
3664 i+=6;
3665 while(buf[i] && buf[i]!=' ') i++;

CID 488308: (STRING_NULL)
Passing unterminated string "buf + i + 1" to "atofaddr", which expects a null-terminated string.

3666 faddr=atofaddr(buf+i+1);
3667 hdr->origzone=faddr.zone;
3668 hdr->orignet=faddr.net;
3669 hdr->orignode=faddr.node;
3670 intl_found = true;
3671 }
/sbbsecho.c: 3660 in getzpt()
3654 if((!i || cr) && buf[i]==CTRL_A) { /* kludge */ 3655 if(!strncmp(buf+i+1,"TOPT ",5))
3656 hdr->destpoint=atoi(buf+i+6);
3657 else if(!strncmp(buf+i+1,"FMPT ",5))
3658 hdr->origpoint=atoi(buf+i+6);
3659 else if(!strncmp(buf+i+1,"INTL ",5)) {

CID 488308: (STRING_NULL)
Passing unterminated string "buf + i + 6" to "atofaddr", which expects a null-terminated string.

3660 faddr=atofaddr(buf+i+6);
3661 hdr->destzone=faddr.zone;
3662 hdr->destnet=faddr.net;
3663 hdr->destnode=faddr.node;
3664 i+=6;
3665 while(buf[i] && buf[i]!=' ') i++;

** CID 488307: Memory - illegal accesses (STRING_NULL)


________________________________________________________________________________________________________
*** CID 488307: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Mar-23-2024/src/smblib/smblib.c: 1085 in smb_getmsghdr()
1079 !=(size_t)msg->hfield[i].length) {
1080 safe_snprintf(smb->last_error,sizeof(smb->last_error)
1081 ,"%s reading header (#%d) field data (%d bytes)", __FUNCTION__, (int)i, (int)msg->hfield[i].length);
1082 smb_freemsgmem(msg);
1083 return(SMB_ERR_READ);
1084 }

CID 488307: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "msg->hfield_dat[i]" to "set_convenience_ptr", which expects a null-terminated string.

1085 set_convenience_ptr(msg,msg->hfield[i].type,msg->hfield[i].length,msg->hfield_dat[i]);
1086
1087 l+=msg->hfield[i].length;
1088 }
1089
1090 /* These convenience pointers must point to something */

** CID 488306: (STRING_NULL)
/sauce.c: 60 in sauce_fread_charinfo()
/sauce.c: 62 in sauce_fread_charinfo()
/sauce.c: 59 in sauce_fread_charinfo()
/sauce.c: 61 in sauce_fread_charinfo()


________________________________________________________________________________________________________
*** CID 488306: (STRING_NULL)
/sauce.c: 60 in sauce_fread_charinfo()
54
55 if(type != NULL)
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));
59 SAFECOPY(info->title, record.title); truncsp(info->title);

CID 488306: (STRING_NULL)
Passing unterminated string "record.author" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

60 SAFECOPY(info->author, record.author); truncsp(info->author); 61 SAFECOPY(info->group, record.group); truncsp(info->group);
62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
65 switch(record.filetype) {
/sauce.c: 62 in sauce_fread_charinfo()
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));
59 SAFECOPY(info->title, record.title); truncsp(info->title);
60 SAFECOPY(info->author, record.author); truncsp(info->author); 61 SAFECOPY(info->group, record.group); truncsp(info->group);

CID 488306: (STRING_NULL)
Passing unterminated string "record.date" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
65 switch(record.filetype) {
66 case sauce_char_filetype_ascii:
67 case sauce_char_filetype_ansi:
/sauce.c: 59 in sauce_fread_charinfo()
53 return false;
54
55 if(type != NULL)
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));

CID 488306: (STRING_NULL)
Passing unterminated string "record.title" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

59 SAFECOPY(info->title, record.title); truncsp(info->title);
60 SAFECOPY(info->author, record.author); truncsp(info->author); 61 SAFECOPY(info->group, record.group); truncsp(info->group);
62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
/sauce.c: 61 in sauce_fread_charinfo()
55 if(type != NULL)
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));
59 SAFECOPY(info->title, record.title); truncsp(info->title);
60 SAFECOPY(info->author, record.author); truncsp(info->author); >>> CID 488306: (STRING_NULL)

Passing unterminated string "record.group" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

61 SAFECOPY(info->group, record.group); truncsp(info->group);
62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
65 switch(record.filetype) {
66 case sauce_char_filetype_ascii:

** CID 488305: Memory - corruptions (STRING_OVERFLOW)
/uedit/uedit.c: 1908 in main()


________________________________________________________________________________________________________
*** CID 488305: Memory - corruptions (STRING_OVERFLOW)
/uedit/uedit.c: 1908 in main()
1902
1903 sbbs_get_ini_fname(ini_file, ctrl_dir);
1904
1905 /* Initialize BBS startup structure */
1906 memset(&bbs_startup,0,sizeof(bbs_startup));
1907 bbs_startup.size=sizeof(bbs_startup);

CID 488305: Memory - corruptions (STRING_OVERFLOW)
You might overrun the 1024-character destination string "bbs_startup.ctrl_dir" by writing 4097 characters from "ctrl_dir".

1908 strcpy(bbs_startup.ctrl_dir,ctrl_dir);
1909
1910 /* Read .ini file here */
1911 if(ini_file[0]!=0 && (fp=fopen(ini_file,"r"))!=NULL) {
1912 printf("Reading %s\n",ini_file);
1913 /* We call this function to set defaults, even if there's no .ini file */


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DTnRX_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQaEw-2F35bzGVOVw-2BfAgK10nKBe2EaCuOVThBtA4zmIf-2FH6jtPrg8CF4KIxfGxqbWYZGzK5dEjEeJjcG-2FZFDV9g6z-2BKMwuy3tSgd6XVj6QkX-2FbE7goOVxulE2g8b9eGhrdwq7nNngW7QJqRO3KLACCgsN-2Bn56lb9VdBetusZbl3sfvQ-3D-3D


--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 492209: High impact quality (Y2K38_SAFETY)
/js_system.c: 2698 in js_system_resolve()


________________________________________________________________________________________________________
*** CID 492209: High impact quality (Y2K38_SAFETY)
/js_system.c: 2698 in js_system_resolve()
2692 LAZY_INTEGER("version_hex", VERSION_HEX);
2693
2694 /* Git repo details */
2695 LAZY_STRING("git_branch", git_branch);
2696 LAZY_STRING("git_hash", git_hash);
2697 LAZY_STRING("git_date", git_date);

CID 492209: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "git_time" is cast to "uint32".

2698 LAZY_INTEGER("git_time", git_time);
2699
2700 LAZY_STRING("platform", PLATFORM_DESC);
2701 LAZY_STRING("architecture", ARCHITECTURE_DESC);
2702 LAZY_STRFUNC("msgbase_lib", sprintf(str,"SMBLIB %s",smb_lib_ver()), str);
2703 LAZY_STRFUNC("compiled_with", DESCRIBE_COMPILER(str), str);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DSh4N_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQaN8mnibgm8pDR-2F-2Bbe3f8EPEDiLDxICRbQfwsS-2Fj8I1S6oBPCdVVfNCUqkg9CbPMpOrc11Ju1i-2FZKGsMzQGZ93UZziuSMITFnGZKSuUqmlzwhD3piRfCu-2FFg3Xzyb2Yn1CDiKvT9pNBRM-2BVi7M2skqdIOXzqcGfoVNCwcEXj-2BCEWA-3D-3D


--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 492287: Error handling issues (CHECKED_RETURN)
/main.cpp: 4472 in node_thread(void *)()


________________________________________________________________________________________________________
*** CID 492287: Error handling issues (CHECKED_RETURN)
/main.cpp: 4472 in node_thread(void *)()
4466 }
4467 SAFEPRINTF2(str,"%s%s.bin",sbbs->cfg.mods_dir
4468 ,sbbs->cfg.shell[sbbs->useron.shell]->code);
4469 if(sbbs->cfg.mods_dir[0]==0 || !fexistcase(str)) {
4470 SAFEPRINTF2(str,"%s%s.bin",sbbs->cfg.exec_dir
4471 ,sbbs->cfg.shell[sbbs->useron.shell]->code);

CID 492287: Error handling issues (CHECKED_RETURN)
Calling "fexistcase" without checking return value (as is done elsewhere 117 out of 131 times).

4472 fexistcase(str);
4473 }
4474 if((file=sbbs->nopen(str,O_RDONLY))==-1) {
4475 sbbs->errormsg(WHERE,ERR_OPEN,str,O_RDONLY);
4476 sbbs->hangup();
4477 break;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DHvP9_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQagYisv-2BW69zRWxBhimCtdag5Y-2FmNQU-2F9a-2BQz99muYyDMQHaJ9IAAUHt0J4m9PdQ-2FM2LeT5-2B1UNdpeKXpgNOTn265LNUeBHOZI40IJ3EqY58uotyMvBntmOFa6NssYuPj9pyF9jsG3Ot15K77yZ8uUVZ5aWBxVVnDKUwxo1ITxjHQ-3D-3D


--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 493283: Incorrect expression (NO_EFFECT)
/mqtt.c: 811 in mqtt_user_login_fail()


________________________________________________________________________________________________________
*** CID 493283: Incorrect expression (NO_EFFECT)
/mqtt.c: 811 in mqtt_user_login_fail()
805 if(mqtt == NULL || mqtt->cfg == NULL || client == NULL)
806 return MQTT_FAILURE;
807
808 if(!mqtt->cfg->mqtt.enabled)
809 return MQTT_SUCCESS;
810

CID 493283: Incorrect expression (NO_EFFECT)
Comparing an array to null is not useful: "client->protocol == NULL", since the test will always evaluate as true.

811 if(client->protocol == NULL || username == NULL)
812 return MQTT_FAILURE;
813 snprintf(topic, sizeof(topic), "login_fail/%s", client->protocol);
814 strlwr(topic);
815 snprintf(str, sizeof(str), "%s\t%s\t%s"
816 ,username


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DzAgs_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQadI1-2FAsWIvGn-2BZ2YIPvmhLCu-2B1HFus-2FViv7odM0blgwJlSMhW5FP3Xkis4Ci7djMxV4S-2FpyGhgUj8KAvsWeecIJ1ln5YucvZvzvyf4HPVrDO8-2FLvieqY0sywMQ-2FhJEqN8WVo9AKRxOHtw7NsNWjr9Is7xQTg-2BmQd-2BBa6Z-2BXsMiSw-3D-3D


--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)