Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 497098: Resource leaks (RESOURCE_LEAK)
/js_filebase.c: 325 in parse_file_name()


________________________________________________________________________________________________________
*** CID 497098: Resource leaks (RESOURCE_LEAK)
/js_filebase.c: 325 in parse_file_name()
319 if(JS_GetProperty(cx, obj, prop_name, &val) && !JSVAL_NULL_OR_VOID(val)) {
320 JSVALUE_TO_MSTRING(cx, val, cp, NULL);
321 if(cp == NULL) {
322 JS_ReportError(cx, "Invalid '%s' string in file object", prop_name);
323 return NULL;
324 }

CID 497098: Resource leaks (RESOURCE_LEAK)
Variable "cp" going out of scope leaks the storage it points to.

325 return strdup(cp);
326 }
327 JS_ReportError(cx, "Missing '%s' string in file object", prop_name);
328 return NULL;
329 }
330


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DxkhG_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZZtSzYzfvQoBQM1WsYtjQc02R5bvuGDasDe1R1GX8VoPvtGi-2FoTZcq6T7jcTA9OlabmiybEJFFTwaaEcFcr7cqoyBFT0Xw3AZ-2Fgf8Xxa1nSM-2FLrkQMPM2ixtLH2vUsu17Tu25sW91h9WUpwNyEySd-2F9Tw4l4H0tRZM-2Bze1SwHZwg-3D-3D



---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 508260: Null pointer dereferences (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 508260: Null pointer dereferences (FORWARD_NULL)
/js_msgbase.c: 950 in parse_header_object()
944 msg->hdr.priority=i32;
945 }
946
947 if(JS_GetProperty(cx, hdr, "field_list", &val) && JSVAL_IS_OBJECT(val)) {
948 array=JSVAL_TO_OBJECT(val);
949 len=0;

CID 508260: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "array" to "JS_GetArrayLength", which dereferences it.

950 if(array == NULL && !JS_GetArrayLength(cx, array, &len)) {
951 JS_ReportError(cx, "Invalid \"field_list\" array in header object");
952 goto err;
953 }
954
955 for(i=0;i<len;i++) {

** CID 508259: Control flow issues (DEADCODE)
/js_internal.c: 491 in js_execfile()


________________________________________________________________________________________________________
*** CID 508259: Control flow issues (DEADCODE)
/js_internal.c: 491 in js_execfile()
485 else {
486 JS_ReportError(cx, "Unable to get parent js."JAVASCRIPT_LOAD_PATH_LIST" array.");
487 return JS_FALSE;
488 }
489 }
490 else {

CID 508259: Control flow issues (DEADCODE)
Execution cannot reach this statement: "JS_ReportError(cx, "Unable ...".

491 JS_ReportError(cx, "Unable to get parent js object"); 492 return JS_FALSE;
493 }
494
495 js_script=JS_CompileFile(cx, js_scope, path);
496


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D20ER_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZSUgE3dQnVG6wGylJBHlsQHMU-2FeSvlPG-2BveassRKfh2KZ3KQqZYMDLXz99-2FrWMwJQ1T1J2N-2BE4YP3SycyU5tkbW6rwM2zqlUIvWZrfgy3l7iQ0Im12Z6xa2F5EX6ZCGf29mh7eZnuIJTmQCiel8IOekKUKQgh0LXaZSb3gnPQHBw-3D-3D



---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

6 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 508288: (STRING_NULL)
/telgate.cpp: 387 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char **, char *, char *, char *)()
/telgate.cpp: 387 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char **, char *, char *, char *)()


________________________________________________________________________________________________________
*** CID 508288: (STRING_NULL)
/telgate.cpp: 387 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char **, char *, char *, char *)()
381 l=K_CHAT;
382 if(!(mode&TG_ECHO))
383 l|=K_NOECHO;
384 rd=getstr((char*)buf,sizeof(buf)-1,l);
385 if(!rd)
386 continue;

CID 508288: (STRING_NULL)
Passing unterminated string "buf" to "strlen", which expects a null-terminated string.

387 SAFECAT(buf,crlf);
388 rd+=2;
389 gotline=true;
390 }
391 if((mode&TG_CRLF) && buf[rd-1]=='\r') 392 buf[rd++]='\n';
/telgate.cpp: 387 in sbbs_t::telnet_gate(char *, unsigned int, unsigned int, char **, char *, char *, char *)()
381 l=K_CHAT;
382 if(!(mode&TG_ECHO))
383 l|=K_NOECHO;
384 rd=getstr((char*)buf,sizeof(buf)-1,l);
385 if(!rd)
386 continue;

CID 508288: (STRING_NULL)
Passing unterminated string "buf" to "strlen", which expects a null-terminated string.

387 SAFECAT(buf,crlf);
388 rd+=2;
389 gotline=true;
390 }
391 if((mode&TG_CRLF) && buf[rd-1]=='\r') 392 buf[rd++]='\n';

** CID 508287: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 508287: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()
3121 size_t tmplen = 0;
3122 for(jsuint i = 0; i < count; ++i) { 3123 jsval val;
3124 if(!JS_GetElement(cx, array, i, &val))
3125 break;
3126 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508287: Resource leaks (RESOURCE_LEAK)
Variable "server_user_name" going out of scope leaks the storage it points to.

3127 HANDLE_PENDING(cx, tmp);
3128 strListPush(&send_strings, tmp);
3129 }
3130 free(tmp);
3131 }
3132 }

** CID 508286: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 508286: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()
3121 size_t tmplen = 0;
3122 for(jsuint i = 0; i < count; ++i) { 3123 jsval val;
3124 if(!JS_GetElement(cx, array, i, &val))
3125 break;
3126 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508286: Resource leaks (RESOURCE_LEAK)
Variable "addr" going out of scope leaks the storage it points to.

3127 HANDLE_PENDING(cx, tmp);
3128 strListPush(&send_strings, tmp);
3129 }
3130 free(tmp);
3131 }
3132 }

** CID 508285: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 508285: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()
3121 size_t tmplen = 0;
3122 for(jsuint i = 0; i < count; ++i) { 3123 jsval val;
3124 if(!JS_GetElement(cx, array, i, &val))
3125 break;
3126 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508285: Resource leaks (RESOURCE_LEAK)
Variable "term_type" going out of scope leaks the storage it points to. 3127 HANDLE_PENDING(cx, tmp);

3128 strListPush(&send_strings, tmp);
3129 }
3130 free(tmp);
3131 }
3132 }

** CID 508284: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3041 in js_telnet_gate(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 508284: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3041 in js_telnet_gate(JSContext *, unsigned int, unsigned long *)()
3035 size_t tmplen = 0;
3036 for(jsuint i = 0; i < count; ++i) {
3037 jsval val;
3038 if(!JS_GetElement(cx, array, i, &val)) 3039 break;
3040 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508284: Resource leaks (RESOURCE_LEAK)
Variable "addr" going out of scope leaks the storage it points to.

3041 HANDLE_PENDING(cx, tmp);
3042 strListPush(&send_strings, tmp);
3043 }
3044 free(tmp);
3045 ++argn;
3046 }

** CID 508283: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 508283: Resource leaks (RESOURCE_LEAK)
/js_bbs.cpp: 3127 in js_rlogin_gate(JSContext *, unsigned int, unsigned long *)()
3121 size_t tmplen = 0;
3122 for(jsuint i = 0; i < count; ++i) { 3123 jsval val;
3124 if(!JS_GetElement(cx, array, i, &val))
3125 break;
3126 JSVALUE_TO_RASTRING(cx, val, tmp, &tmplen, NULL);

CID 508283: Resource leaks (RESOURCE_LEAK)
Variable "client_user_name" going out of scope leaks the storage it points to.

3127 HANDLE_PENDING(cx, tmp);
3128 strListPush(&send_strings, tmp);
3129 }
3130 free(tmp);
3131 }
3132 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3Dbu0M_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZNG0uf3i6p71oTc15oH-2BfpO28bQfsz9QVBH3Gtyw7JI9gEMaDnmdnDolPrFN6u9WaZmPVFWjRjCPjNCgu0p853ViRUnY3jw7qF-2FmF-2FRD-2BDN3Me1aa8H00Bk6GPSZ1Hw1-2FmiCWeADspXOcpcxao-2F3gS8JgnOAEga0TIePnt023yjQ-3D-3D



---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

5 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 509555: Null pointer dereferences (FORWARD_NULL)
/js_filebase.c: 1307 in js_update_file()


________________________________________________________________________________________________________
*** CID 509555: Null pointer dereferences (FORWARD_NULL)
/js_filebase.c: 1307 in js_update_file()
1301 char* extdesc = NULL;
1302 char* auxdata = NULL;
1303 rc=JS_SUSPENDREQUEST(cx);
1304 if(filename != NULL && fileobj != NULL
1305 && (p->smb_result = smb_loadfile(&p->smb, filename, &file, file_detail_extdesc)) == SMB_SUCCESS) {
1306 p->smb_result = parse_file_properties(cx, fileobj, &file, &extdesc, &auxdata);

CID 509555: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "file.name" to "strcmp", which dereferences it. 1307 if(p->smb_result == SMB_SUCCESS

1308 && strcmp(filename, file.name) != 0 && smb_findfile(&p->smb, file.name, NULL) == SMB_SUCCESS) {
1309 JS_ReportError(cx, "file (%s) already exists in base", file.name);
1310 p->smb_result = SMB_DUPE_MSG;
1311 }
1312 if(p->smb_result == SMB_SUCCESS

** CID 509554: Memory - illegal accesses (STRING_NULL)
/smbutil.c: 633 in dumpindex()


________________________________________________________________________________________________________
*** CID 509554: Memory - illegal accesses (STRING_NULL)
/smbutil.c: 633 in dumpindex()
627 ,xpDate_to_isoDateStr(time_to_xpDate(idx.time), "-", tmp, sizeof(tmp)));
628 if(smb_msg_type(idx.attr) == SMB_MSG_TYPE_FILE && idxreclen == sizeof(fileidxrec_t)) {
629 fileidxrec_t fidx;
630 fseek(smb.sid_fp,((start-1L) + l) * idxreclen,SEEK_SET);
631 if(!fread(&fidx,sizeof(fidx),1,smb.sid_fp))
632 break;

CID 509554: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "fidx.name" to "printf", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

633 printf(" %02X %.*s", fidx.hash.flags, (int)sizeof(fidx.name), fidx.name);
634 }
635 printf("\n");
636 l++;
637 }
638 }

** CID 509553: Control flow issues (NESTING_INDENT_MISMATCH)
/js_filebase.c: 1335 in js_update_file()


________________________________________________________________________________________________________
*** CID 509553: Control flow issues (NESTING_INDENT_MISMATCH)
/js_filebase.c: 1335 in js_update_file()
1329 } else {
1330 if(file.extdesc != NULL)
1331 truncsp(file.extdesc);
1332 if(!readd_always && strcmp(extdesc ? extdesc : "", file.extdesc ? file.extdesc : "") == 0
1333 && strcmp(auxdata ? auxdata : "", file.auxdata ? file.auxdata : "") == 0)
1334 p->smb_result = smb_putfile(&p->smb, &file);

CID 509553: Control flow issues (NESTING_INDENT_MISMATCH)
This 'if' statement is indented to column 41, as if it were nested within the preceding parent statement, but it is not.

1335 if(p->smb_result != SMB_SUCCESS)
1336 JS_ReportError(cx, "%d writing '%s'", p->smb_result, file.name);
1337 else {
1338 if((p->smb_result = smb_removefile_by_name(&p->smb, filename)) == SMB_SUCCESS) {
1339 if(readd_always)
1340 file.hdr.when_imported.time = 0; // we want the file to appear as "new"

** CID 509552: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 244 in smb_findfile()


________________________________________________________________________________________________________
*** CID 509552: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 244 in smb_findfile()
238 if(smb_fread(smb, &fidx, sizeof(fidx), smb->sid_fp) != sizeof(fidx))
239 break;
240
241 f->idx_offset = offset++;
242
243 if(filename != NULL) {

CID 509552: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "fidx.name" to "strcasecmp", which expects a null-terminated string.

244 if(stricmp(fidx.name, fname) != 0)
245 continue;
246 f->file_idx = fidx;
247 return SMB_SUCCESS;
248 }
249

** CID 509551: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 441 in smb_removefile()


________________________________________________________________________________________________________
*** CID 509551: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 441 in smb_removefile()
435 free(fidx);
436 smb_unlocksmbhdr(smb);
437 return SMB_ERR_READ;
438 }
439 rewind(smb->sid_fp);
440 for(uint32_t i = 0; i < smb->status.total_files; i++) { >>> CID 509551: Memory - illegal accesses (STRING_NULL)

Passing unterminated string "fidx[i].name" to "strcasecmp", which expects a null-terminated string.

441 if(stricmp(fidx[i].name, fname) == 0) {
442 removed++;
443 continue;
444 }
445 if(fwrite(fidx + i, sizeof(*fidx), 1, smb->sid_fp) != 1) {
446 safe_snprintf(smb->last_error, sizeof(smb->last_error), "%s re-writing index"


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DpoPN_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZXJOgCi8IFr2wp43pRrORx9tzLYjX2Y-2FSYnzacVgdrC5ToyfEd02kRU0czfft4zgHvFTf4l2icBGvZtBDP8972Z-2BLrNSb7QqVDHjYiK23CNzZR9MLbzXh1WOITpsswqNS5z337vFuU-2BJOMvO3veuWFvtJ3Xwk9mN-2FsudyolEK5nw-3D-3D



---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
17 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 509721: Resource leaks (RESOURCE_LEAK)
/scfg/scfgmsg.c: 139 in import_msg_areas()


________________________________________________________________________________________________________
*** CID 509721: Resource leaks (RESOURCE_LEAK)
/scfg/scfgmsg.c: 139 in import_msg_areas()
133 new_sub_misc = SUB_FIDO;
134 ini = iniReadFile(stream);
135 if(ini == NULL)
136 return 0;
137 list = iniGetSectionList(ini, /* prefix: */NULL);
138 if(list == NULL)

CID 509721: Resource leaks (RESOURCE_LEAK)
Variable "ini" going out of scope leaks the storage it points to.

139 return 0;
140 break;
141 default: // EchoLists (e.g. BACKBONE.NA, badareas.lst) and AREAS.BBS
142 new_sub_misc = SUB_FIDO;
143 break;
144 }

** CID 509720: (RESOURCE_LEAK)
/logon.cpp: 670 in sbbs_t::logonstats()()
/logon.cpp: 676 in sbbs_t::logonstats()()
/logon.cpp: 649 in sbbs_t::logonstats()()
/logon.cpp: 673 in sbbs_t::logonstats()()
/logon.cpp: 682 in sbbs_t::logonstats()()


________________________________________________________________________________________________________
*** CID 509720: (RESOURCE_LEAK)
/logon.cpp: 670 in sbbs_t::logonstats()()
664 }
665 fclose_dstats(dsts);
666 }
667 }
668
669 if(cfg.node_num==0) /* called from event_thread() */

CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.

670 return(0);
671
672 if(thisnode.status==NODE_QUIET) /* Quiet users aren't counted */
673 return(0);
674
675 if(REALSYSOP && !(cfg.sys_misc&SM_SYSSTAT))
/logon.cpp: 676 in sbbs_t::logonstats()()
670 return(0);
671
672 if(thisnode.status==NODE_QUIET) /* Quiet users aren't counted */
673 return(0);
674
675 if(REALSYSOP && !(cfg.sys_misc&SM_SYSSTAT))

CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.

676 return(0);
677
678 for(i=0;i<2;i++) {
679 FILE* fp = fopen_dstats(&cfg, i ? 0 : cfg.node_num, /* for_write: */TRUE);
680 if(fp == NULL) {
681 errormsg(WHERE, ERR_OPEN, "dsts.ini", i); /logon.cpp: 649 in sbbs_t::logonstats()()
643 node.misc|=NODE_EVENT;
644 putnodedat(i,&node);
645 }
646 if((dsts = fopen_dstats(&cfg, i, /* for_write: */TRUE)) == NULL) /* doesn't have stats yet */
647 continue;
648

CID 509720: (RESOURCE_LEAK)
Overwriting "csts" in "csts = fopen_cstats(&this->cfg, i, true)" leaks the storage that "csts" points to.

649 if((csts = fopen_cstats(&cfg, i, /* for_write: */TRUE)) == NULL) {
650 fclose_dstats(dsts);
651 errormsg(WHERE, ERR_OPEN, "csts.tab", i);
652 continue;
653 }
654
/logon.cpp: 673 in sbbs_t::logonstats()()
667 }
668
669 if(cfg.node_num==0) /* called from event_thread() */
670 return(0);
671
672 if(thisnode.status==NODE_QUIET) /* Quiet users aren't counted */

CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.

673 return(0);
674
675 if(REALSYSOP && !(cfg.sys_misc&SM_SYSSTAT))
676 return(0);
677
678 for(i=0;i<2;i++) {
/logon.cpp: 682 in sbbs_t::logonstats()()
676 return(0);
677
678 for(i=0;i<2;i++) {
679 FILE* fp = fopen_dstats(&cfg, i ? 0 : cfg.node_num, /* for_write: */TRUE);
680 if(fp == NULL) {
681 errormsg(WHERE, ERR_OPEN, "dsts.ini", i);

CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.

682 return(0L);
683 }
684 if(!fread_dstats(fp, &stats)) {
685 errormsg(WHERE, ERR_READ, "dsts.ini", i);
686 } else {
687 stats.today.logons++;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D1BBg_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYPIsZP1mUIcYDXV-2BIKqJmrVInqiYU6VTjqKrshCKgIaqKtr35-2BruWgG1P-2Bg0yB-2BuAgsL8JZmDQBzw15bXNroJeqqVZoqg0VkgzqvypQVJBEoWQ3SQD0dE3jrBkw3Qa7Rc5CMTgkEjMauyB8RHdROWl9YGmjuyI0AjbW-2Fmd2yoJLA-3D-3D



---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 510624: High impact quality (Y2K38_SAFETY)
/upload.cpp: 361 in sbbs_t::upload(int, const char *)()


________________________________________________________________________________________________________
*** CID 510624: High impact quality (Y2K38_SAFETY)
/upload.cpp: 361 in sbbs_t::upload(int, const char *)()
355 SAFEPRINTF(descbeg,text[Rated],toupper(ch));
356 }
357 if(cfg.dir[dirnum]->misc&DIR_ULDATE) {
358 now=time(NULL);
359 if(descbeg[0])
360 strcat(descbeg," ");

CID 510624: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".

361 SAFEPRINTF(str,"%s ",unixtodstr(&cfg,(time32_t)now,tmp));
362 strcat(descbeg,str);
363 }
364 if(cfg.dir[dirnum]->misc&DIR_MULT) {
365 sync();
366 if(!noyes(text[MultipleDiskQ])) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DIddI_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYB81ZvyCqI0cAJ-2FU5ubhxKf4JbTpohfwGahN-2FqiJqEJS3JKhfKJrRClFb390j-2Bf3IyHjOgp4TSp0v4WjJhOyS2xAdq9DkOONT15FqaUuN3dwPvrgxJQAm5MhfGSzyQr2ebowkrz6Mx39u7LNSgoa0vxPkqTzBlpznq59pGc5zgjQ-3D-3D



---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 511447: Control flow issues (DEADCODE)
/js_bbs.cpp: 2334 in js_xfer_prot_menu(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 511447: Control flow issues (DEADCODE)
/js_bbs.cpp: 2334 in js_xfer_prot_menu(JSContext *, unsigned int, unsigned long *)()
2328 if((sbbs=js_GetPrivate(cx, JS_THIS_OBJECT(cx, arglist)))==NULL) 2329 return(JS_FALSE);
2330
2331 if(argc > 0 && argv[0] == JSVAL_TRUE)
2332 xfer_type = XFER_BATCH_UPLOAD;
2333 if(argc > 1 && argv[1] == JSVAL_TRUE)

CID 511447: Control flow issues (DEADCODE)
Execution cannot reach the expression "XFER_BATCH_UPLOAD" inside this statement: "xfer_type = ((xfer_type == ...".

2334 xfer_type = (xfer_type == XFER_UPLOAD) ? XFER_BATCH_UPLOAD : XFER_BATCH_DOWNLOAD;
2335
2336 rc=JS_SUSPENDREQUEST(cx);
2337 sbbs->xfer_prot_menu(xfer_type, &sbbs->useron, keys, sizeof keys);
2338 JSString* js_str = JS_NewStringCopyZ(cx, keys);
2339 if(js_str == nullptr)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DITFI_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQaq5jE-2BLt6d0xDUmd9IA4TiFW4D2c-2Fv2LVaAIklYCEHPyQvUq2Zlw7GDvJu3j8LRmS7SAP5K0MN-2FeHPuzVDlzgYGLGR7UoaRyivmdwaD-2F8GGj2SeuFl5CNmO4uJ75M69NpIJcEgiKbpoWpXeuJdzQYzNm1WuI45zNZnbxNBPzaHrg-3D-3D



---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 511508: High impact quality (Y2K38_SAFETY)
/date_str.c: 158 in datestr()


________________________________________________________________________________________________________
*** CID 511508: High impact quality (Y2K38_SAFETY)
/date_str.c: 158 in datestr()
152 /****************************************************************************/
153 char* datestr(scfg_t* cfg, time_t t, char* str)
154 {
155 if(t == 0)
156 return "---------";
157 if(!cfg->sys_date_verbal)

CID 511508: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

158 return unixtodstr(cfg, (time32_t)t, str);
159 struct tm tm = {0};
160 if(localtime_r(&t, &tm) == NULL)
161 return "!!!!!!!!!";
162 char fmt[32] = "";
163 switch(cfg->sys_date_fmt) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DeIbg_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZqqLX5nOyr0GCOMCsCoPlrYhtCBBDisrUKXmOFR94rfPCeqYsaUhoG3UZ-2FYUaiUYrgUIufMTzxsRzH7-2B7zAyM4HCi34k5-2FbdZ1Kp-2FDSG9A8IDyw-2BIsKQ-2B2fNzoCls7j0N-2B7Pb2XI8MB8f5lr-2BCPTiUaqWkDFwSWHqbm0IZWY1GZQ-3D-3D



---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 511621: High impact quality (Y2K38_SAFETY)
/str.cpp: 990 in sbbs_t::unixtodstr(long, char *)()


________________________________________________________________________________________________________
*** CID 511621: High impact quality (Y2K38_SAFETY)
/str.cpp: 990 in sbbs_t::unixtodstr(long, char *)()
984 }
985
986 char* sbbs_t::unixtodstr(time_t t, char* str)
987 {
988 if(str == nullptr)
989 str = datestr_output;

CID 511621: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

990 return ::unixtodstr(&cfg, t, str);
991 }
992
993 void sbbs_t::sys_info()
994 {
995 char tmp[128];


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DFl35_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbldReasLeT64fJgl4QpY1aZbFANNQbDPFr-2BH2HYcH1IWW1-2FtRGPtb0gVjSH-2BBqjWAK7btzMhM331mrzEXRNmqAyTftaCh3YDujP4YB-2F7PQ4EGqELNq7SpMqQKEr5kiHI5KwG1KMczjzMucZ1MepWUctNMP3lW0eqjsOrH2fBSzrg-3D-3D



---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 512127: (Y2K38_SAFETY)
/scfg/scfgsys.c: 1367 in edit_sys_date_verbal()
/scfg/scfgsys.c: 1368 in edit_sys_date_verbal()


________________________________________________________________________________________________________
*** CID 512127: (Y2K38_SAFETY)
/scfg/scfgsys.c: 1367 in edit_sys_date_verbal()
1361
1362 int edit_sys_date_verbal(int page, int total)
1363 {
1364 int mode = WIN_SAV | WIN_MID;
1365 int i = cfg.sys_date_verbal;
1366 time_t t = time(NULL);

CID 512127: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

1367 snprintf(opt[0],MAX_OPLN,"Numeric (e.g. %s)", unixtodstr(&cfg, (time32_t)t, tmp));
1368 snprintf(opt[1],MAX_OPLN,"Verbal (e.g. %s)", verbal_datestr(&cfg, (time32_t)t, tmp));
1369 opt[2][0] = '\0';
1370 uifc.helpbuf=
1371 "`Short Date Display Format:`\n"
1372 "\n"
/scfg/scfgsys.c: 1368 in edit_sys_date_verbal()
1362 int edit_sys_date_verbal(int page, int total)
1363 {
1364 int mode = WIN_SAV | WIN_MID;
1365 int i = cfg.sys_date_verbal;
1366 time_t t = time(NULL);
1367 snprintf(opt[0],MAX_OPLN,"Numeric (e.g. %s)", unixtodstr(&cfg, (time32_t)t, tmp));

CID 512127: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

1368 snprintf(opt[1],MAX_OPLN,"Verbal (e.g. %s)", verbal_datestr(&cfg, (time32_t)t, tmp));
1369 opt[2][0] = '\0';
1370 uifc.helpbuf=
1371 "`Short Date Display Format:`\n"
1372 "\n"
1373 "If you would like short (8 character) dates to be displayed using verbal\n"


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DIT5o_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQavH6tAPUwXIDKUPRKBZGiRgKLj76Ij0uFpD4UCNwTCVen1QmVBk6yGbzTBSC2-2BxBE0GJfAoW-2B-2BWaxWl51M-2B9mp1hicInwTEKrQ8chQM9yGDR81PWtwXM-2Bq2j5YCl48NKAoGGKYo0R42EciGZugnM0LqGuohrShDzTlibesBwTavw-3D-3D



---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 514434: (NULL_RETURNS)
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 1001 in prestel_get_state()


________________________________________________________________________________________________________
*** CID 514434: (NULL_RETURNS)
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 1001 in prestel_get_state()
995 TERM_XY(&tx, &ty);
996 line = malloc(sizeof(*line) * tx);
997 prestel_new_line(cterm);
998 if (tx > 1) {
999 vmem_gettext(cterm->x, sy, cterm->x + tx - 2, sy, line);
1000 for (int i = 0; i < (tx - 1); i++) {

CID 514434: (NULL_RETURNS)
Dereferencing "line", which is known to be "NULL".

1001 uint8_t ch = line[i].ch;
1002 if (line[i].fg & 0x7F000000) {
1003 ch = (line[i].fg & 0x7F000000) >> 24; 1004 prestel_apply_ctrl(cterm, ch);
1005 }
1006 else {
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 999 in prestel_get_state()
993
994 SCR_XY(&sx, &sy);
995 TERM_XY(&tx, &ty);
996 line = malloc(sizeof(*line) * tx);
997 prestel_new_line(cterm);
998 if (tx > 1) {

CID 514434: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "line" when calling "ciolib_vmem_gettext".

999 vmem_gettext(cterm->x, sy, cterm->x + tx - 2, sy, line);
1000 for (int i = 0; i < (tx - 1); i++) {
1001 uint8_t ch = line[i].ch;
1002 if (line[i].fg & 0x7F000000) {
1003 ch = (line[i].fg & 0x7F000000) >> 24; 1004 prestel_apply_ctrl(cterm, ch);

** CID 514433: (NULL_RETURNS)
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 4990 in prestel_fix_line()


________________________________________________________________________________________________________
*** CID 514433: (NULL_RETURNS)
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 4985 in prestel_fix_line()
4979 bool fixed = false;
4980 bool fixedheight = false;
4981
4982 coord_conv_xy(cterm, CTERM_COORD_TERM, CTERM_COORD_SCREEN, &sy, &sx);
4983 ex = sx + TERM_MAXX - 1;
4984 line = malloc(sizeof(*line) * (ex - sx + 1));

CID 514433: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "line" when calling "ciolib_vmem_gettext".

4985 vmem_gettext(sx, sy, ex, sy, line);
4986 prestel_new_line(cterm);
4987 for (int i = 0; i < TERM_MAXX; i++) {
4988 uint8_t ch;
4989 // Go through the line applying attributes, held mosaics, etc.
4990 if (line[i].fg & 0x7F000000) { /tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 5098 in prestel_fix_line()
5092 line[i].ch += 64;
5093 fixed = true;
5094 }
5095 }
5096 }
5097 if (force || fixed)

CID 514433: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "line" when calling "ciolib_vmem_puttext".

5098 vmem_puttext(sx, sy, ex, sy, line);
5099 free(line);
5100 if (restore) {
5101 cterm->extattr = extattr;
5102 cterm->fg_color = fg_color;
5103 cterm->bg_color = bg_color; /tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 4990 in prestel_fix_line()
4984 line = malloc(sizeof(*line) * (ex - sx + 1));
4985 vmem_gettext(sx, sy, ex, sy, line);
4986 prestel_new_line(cterm);
4987 for (int i = 0; i < TERM_MAXX; i++) {
4988 uint8_t ch;
4989 // Go through the line applying attributes, held mosaics, etc.

CID 514433: (NULL_RETURNS)
Dereferencing "line", which is known to be "NULL".

4990 if (line[i].fg & 0x7F000000) {
4991 // This is a control character
4992 ch = (line[i].fg & 0x7F000000) >> 24;
4993 prestel_apply_ctrl_before(cterm, ch);
4994 if ((cterm->extattr & CTERM_EXTATTR_PRESTEL_DOUBLE_HEIGHT) && ((line[i].bg & 0x01000000) == 0)) {
4995 // Should be double-high


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DIdOQ_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbN8RSzLdCZbSy14N5iWP9J-2FcpNjQ0eI2Oj6rPhHqZBQZA4UM9PchXs94tTdeyxdvCkcPzkWohEpzrEBvlrnd6-2FTfmIpMAsE2mi-2BdkX8vzesYff-2FsK9jSFcjEXcYS-2Fxznm-2FxoYdKxCkLPJPKyAUp9zwS3A1OhpfjMprQ34Tb-2BWdhw-3D-3D



---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 514483: API usage errors (PRINTF_ARGS)


________________________________________________________________________________________________________
*** CID 514483: API usage errors (PRINTF_ARGS)
/websrvr.c: 1659 in http_logon()
1653 SAFECOPY(session->user.modem, session->client.protocol);
1654 SAFECOPY(session->user.comp, session->host_name);
1655 SAFECOPY(session->user.ipaddr, session->host_ip);
1656 session->user.logontime = (time32_t)session->logon_time;
1657 int result = putuserdat(&scfg, &session->user);
1658 if(result != 0)

CID 514483: API usage errors (PRINTF_ARGS)
No argument for format specifier "%d".

1659 lprintf(LOG_ERR, "%04d %s [%s] <%s> !Error %d writing user data for user #%d"
1660 ,session->socket, session->client.protocol, session->host_ip
1661 ,session->username, session->user.number);
1662
1663 }
1664 SAFECOPY(session->client.user, session->username);

** CID 514482: API usage errors (PW.TOO_FEW_PRINTF_ARGS)
/websrvr.c: 1661 in ()


________________________________________________________________________________________________________
*** CID 514482: API usage errors (PW.TOO_FEW_PRINTF_ARGS)
/websrvr.c: 1661 in ()
1655 SAFECOPY(session->user.ipaddr, session->host_ip);
1656 session->user.logontime = (time32_t)session->logon_time;
1657 int result = putuserdat(&scfg, &session->user);
1658 if(result != 0)
1659 lprintf(LOG_ERR, "%04d %s [%s] <%s> !Error %d writing user data for user #%d"
1660 ,session->socket, session->client.protocol, session->host_ip

CID 514482: API usage errors (PW.TOO_FEW_PRINTF_ARGS)
the format string requires additional arguments

1661 ,session->username, session->user.number);
1662
1663 }
1664 SAFECOPY(session->client.user, session->username);
1665 session->client.usernum = session->user.number;
1666 client_on(session->socket, &session->client, /* update existing client record? */true);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DjGNe_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZrw1ACipL81Cfrev1KTkNSpg9ocZGsXxFU4AldvxV89V-2FFS8Im4F3ZlIWKiU1IgZ7U6FnHvW5nOIPElnOgDye48Et-2FcrMwNOZVyWRSzqRdvKvjv7tIxk-2BD72e1fmIEEOvn4SDov1pv-2FzEWSevpHegP3dEU8oXtKIA8RNAEjZ1XUg-3D-3D



---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 514519: (LOCK)
/main.cpp: 4849 in sbbs_t::daily_maint()()
/main.cpp: 4849 in sbbs_t::daily_maint()()


________________________________________________________________________________________________________
*** CID 514519: (LOCK)
/main.cpp: 4849 in sbbs_t::daily_maint()()
4843 lprintf(result ? LOG_ERR : LOG_INFO, "Daily event: '%s' returned %d", cmd, result);
4844 }
4845 if((sys_status & SS_NEW_MONTH) && cfg.sys_monthly[0]) {
4846 lputs(LOG_INFO, "DAILY: Running monthly event");
4847 const char* cmd = cmdstr(cfg.sys_monthly,nulstr,nulstr,NULL);
4848 online = ON_LOCAL;

CID 514519: (LOCK)
"external" unlocks "this->input_thread_mutex" while it is unlocked. 4849 int result = external(cmd, EX_OFFLINE);

4850 online = false;
4851 lprintf(result ? LOG_ERR : LOG_INFO, "Monthly event: '%s' returned %d", cmd, result);
4852 }
4853 lputs(LOG_INFO, "DAILY: System maintenance ended");
4854 sys_status&=~SS_DAILY;
/main.cpp: 4849 in sbbs_t::daily_maint()()
4843 lprintf(result ? LOG_ERR : LOG_INFO, "Daily event: '%s' returned %d", cmd, result);
4844 }
4845 if((sys_status & SS_NEW_MONTH) && cfg.sys_monthly[0]) {
4846 lputs(LOG_INFO, "DAILY: Running monthly event");
4847 const char* cmd = cmdstr(cfg.sys_monthly,nulstr,nulstr,NULL);
4848 online = ON_LOCAL;

CID 514519: (LOCK)
"external" locks "this->input_thread_mutex" while it is locked.

4849 int result = external(cmd, EX_OFFLINE);
4850 online = false;
4851 lprintf(result ? LOG_ERR : LOG_INFO, "Monthly event: '%s' returned %d", cmd, result);
4852 }
4853 lputs(LOG_INFO, "DAILY: System maintenance ended");
4854 sys_status&=~SS_DAILY;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DmVJv_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZYt7Pe-2B8KlpNPxf3vYfbGXTetKrkOysaWsLoXwVVJy-2BlT3vWHLSa-2F-2BgpVoMRk-2FB9lZhpdNOATgKKch-2FKRWKdw7CGPsa8-2BoRGvrYP8DjPqUmQVJXsmXD2xm4gPlAPoQOpnW8tWCZcdj7lp745Fp7QOqFvNAcU4EQLHiapc9wQpj6A-3D-3D



---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 514629: API usage errors (PW.PRINTF_ARG_MISMATCH) /tmp/sbbs-Nov-10-2024/src/smblib/smblib.c: 298 in ()


________________________________________________________________________________________________________
*** CID 514629: API usage errors (PW.PRINTF_ARG_MISMATCH) /tmp/sbbs-Nov-10-2024/src/smblib/smblib.c: 298 in ()
292 else
293 if(time(NULL)-start>=(time_t)smb->retry_time) 294 break;
295 ++count;
296 SLEEP((count / 10) * smb->retry_delay);
297 }

CID 514629: API usage errors (PW.PRINTF_ARG_MISMATCH)
argument is incompatible with corresponding format string conversion (expected type "int" but argument has type "long")

298 safe_snprintf(smb->last_error,sizeof(smb->last_error),"%s timeout locking message base after %d seconds", __FUNCTION__, time(NULL) - start);
299 return(SMB_ERR_TIMEOUT);
300 }
301
302 /****************************************************************************/
303 /* Read the SMB header from the header file and place into smb.status */

** CID 514628: API usage errors (PRINTF_ARGS)


________________________________________________________________________________________________________
*** CID 514628: API usage errors (PRINTF_ARGS) /tmp/sbbs-Nov-10-2024/src/smblib/smblib.c: 298 in smb_locksmbhdr()
292 else
293 if(time(NULL)-start>=(time_t)smb->retry_time) 294 break;
295 ++count;
296 SLEEP((count / 10) * smb->retry_delay);
297 }

CID 514628: API usage errors (PRINTF_ARGS)
Argument "time(NULL) - start" to format specifier "%d" was expected to have type "int" but has type "long".

298 safe_snprintf(smb->last_error,sizeof(smb->last_error),"%s timeout locking message base after %d seconds", __FUNCTION__, time(NULL) - start);
299 return(SMB_ERR_TIMEOUT);
300 }
301
302 /****************************************************************************/
303 /* Read the SMB header from the header file and place into smb.status */


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D04SY_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbRNqpwvGc4zcZ5uKeIndhuSqNnxi4ZbqnqhqxxcEUjkJJHGyGkBZt6V7UXUX2xnB2lvPBmqBCBxBghPzBYV7kJY89l3F0Je2EKuh7lbcH1Ki5248pEoplbC6UdQ14IH1AzZ-2BYu06Kjq-2F-2BS7xugvit0MheMfmyl63WZ-2BGQqWv04fA-3D-3D



---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 514647: Resource leaks (RESOURCE_LEAK)
/userdat.c: 1397 in getnodeext()


________________________________________________________________________________________________________
*** CID 514647: Resource leaks (RESOURCE_LEAK)
/userdat.c: 1397 in getnodeext()
1391 {
1392 int f;
1393
1394 if(!VALID_CFG(cfg) || num < 1)
1395 return "";
1396 if((f = opennodeext(cfg)) < 1)

CID 514647: Resource leaks (RESOURCE_LEAK)
Handle variable "f" going out of scope leaks the handle.

1397 return "";
1398 (void)lseek(f, (num-1) * 128, SEEK_SET);
1399 if(read(f, buf, 128) != 128)
1400 memset(buf, 0, 128);
1401 close(f);
1402 buf[127] = 0;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DNrRS_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZ3ELp6fsbhc-2FY9mD5Zp1-2FoSxtPMVY9W2gQFqb-2BWiMKBXb3R551uQj1an4L8jxHGCtVzJ8f8hTy9TuLVRQzLD3L1M-2FICoSbiZvQ-2FUBPSeV-2BCcsclK4jYNyukSMcGAKOr-2BtLQBr5jUdpUtVX-2FuxQBKwF4hNcUqyrDA8X7YI-2FfcIZtw-3D-3D



---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 515048: Security best practices violations (SECURE_TEMP)
/sbbsecho.c: 1848 in add_areas_from_echolists()


________________________________________________________________________________________________________
*** CID 515048: Security best practices violations (SECURE_TEMP)
/sbbsecho.c: 1848 in add_areas_from_echolists()
1842 match=0;
1843 for(k=0; cfg.listcfg[j].keys[k] ;k++) {
1844 if(match) break;
1845 for(x=0; nodecfg->keys[x] ;x++) {
1846 if(!stricmp(cfg.listcfg[j].keys[k]
1847 ,nodecfg->keys[x])) {

CID 515048: Security best practices violations (SECURE_TEMP)
"tmpfile" creates files with predictable names, which is unsafe.

1848 if((fwdfile=tmpfile())==NULL) { 1849 lprintf(LOG_ERR,"ERROR line %d opening forward temp "
1850 "file",__LINE__);
1851 match=1;
1852 break;
1853 }

** CID 515047: Control flow issues (NO_EFFECT)
/sbbsecho.c: 1635 in alter_areas_ini()


________________________________________________________________________________________________________
*** CID 515047: Control flow issues (NO_EFFECT)
/sbbsecho.c: 1635 in alter_areas_ini()
1629 continue;
1630 }
1631 }
1632 if(add_area[0] != NULL) { /* Check for areas to add */
1633 bool add_all = (stricmp(add_area[0], "+ALL") == 0);
1634 j = strListFind(add_area, echotag, /* case-sensitive */false);

CID 515047: Control flow issues (NO_EFFECT)
This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "j >= 0U".

1635 if(add_all || j >= 0) {
1636 if(j >= 0)
1637 add_area[j][0]=0; /* So we can check other lists */
1638 uint areanum = find_area(echotag);
1639 if(!area_is_valid(areanum)) {
1640 lprintf(LOG_ERR, "Invalid area num on line %d", __LINE__);

** CID 515046: Error handling issues (CHECKED_RETURN)
/sbbsecho.c: 1989 in alter_areas()


________________________________________________________________________________________________________
*** CID 515046: Error handling issues (CHECKED_RETURN)
/sbbsecho.c: 1989 in alter_areas()
1983 ,smb_faddrtoa(&addr,NULL), (ulong)added, cfg.areafile);
1984 if(deleted)
1985 lprintf(LOG_DEBUG, "AreaFix (for %s) Removed links to %lu areas in %s"
1986 ,smb_faddrtoa(&addr,NULL), (ulong)deleted, cfg.areafile);
1987 if(added || deleted) {
1988 if(stat(cfg.areafile, &st) == 0)

CID 515046: Error handling issues (CHECKED_RETURN)
Calling "chmod(outpath, st.st_mode)" without checking return value. This library function may fail and return an error code.

1989 chmod(outpath, st.st_mode);
1990 if(cfg.areafile_backups == 0 || !backup(cfg.areafile, cfg.areafile_backups, /* ren: */TRUE))
1991 delfile(cfg.areafile, __LINE__); /* Delete AREAS.BBS */
1992 if(rename(outpath,cfg.areafile)) /* Rename new AREAS.BBS file */
1993 lprintf(LOG_ERR,"ERROR line %d renaming %s to %s",__LINE__,outpath,cfg.areafile);
1994 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D1jSz_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbxEcP2FV-2FE8SZ4Zj-2B5i-2FvXMBc1u-2B9IyI73gYzjnV6pIIbqC2pGfKYB3KXIl7XZEKXLdLz8vi8-2BwsF6O91kuZqV1ShM13vaTkO37J3VV7GT6YwOX288v8WtwpdrdHMhRE2EqIozgp1HMSE07wuarfyxBLAND56oVPlNda7IFeLuFA-3D-3D



---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net