Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

5 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 509555: Null pointer dereferences (FORWARD_NULL)
/js_filebase.c: 1307 in js_update_file()


_______________________________________________________________________________ _________________________
*** CID 509555: Null pointer dereferences (FORWARD_NULL)
/js_filebase.c: 1307 in js_update_file()
1301 char* extdesc = NULL;
1302 char* auxdata = NULL;
1303 rc=JS_SUSPENDREQUEST(cx);
1304 if(filename != NULL && fileobj != NULL
1305 && (p->smb_result = smb_loadfile(&p->smb, filename, &file, file_detail_extdesc)) == SMB_SUCCESS) {
1306 p->smb_result = parse_file_properties(cx, fileobj, &file, &extdesc, &auxdata);

CID 509555: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "file.name" to "strcmp", which dereferences it. 1307 if(p->smb_result == SMB_SUCCESS

1308 && strcmp(filename, file.name) != 0 && smb_findfile(&p->smb, file.name, NULL) == SMB_SUCCESS) {
1309 JS_ReportError(cx, "file (%s) already exists in base", file.name);
1310 p->smb_result = SMB_DUPE_MSG;
1311 }
1312 if(p->smb_result == SMB_SUCCESS

** CID 509554: Memory - illegal accesses (STRING_NULL)
/smbutil.c: 633 in dumpindex()


_______________________________________________________________________________ _________________________
*** CID 509554: Memory - illegal accesses (STRING_NULL)
/smbutil.c: 633 in dumpindex()
627 ,xpDate_to_isoDateStr(time_to_xpDate(idx.time), "-", tmp, sizeof(tmp)));
628 if(smb_msg_type(idx.attr) == SMB_MSG_TYPE_FILE && idxreclen == sizeof(fileidxrec_t)) {
629 fileidxrec_t fidx;
630 fseek(smb.sid_fp,((start-1L) + l) * idxreclen,SEEK_SET);
631 if(!fread(&fidx,sizeof(fidx),1,smb.sid_fp))
632 break;

CID 509554: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "fidx.name" to "printf", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]

633 printf(" %02X %.*s", fidx.hash.flags, (int)sizeof(fidx.name), fidx.name);
634 }
635 printf("\n");
636 l++;
637 }
638 }

** CID 509553: Control flow issues (NESTING_INDENT_MISMATCH)
/js_filebase.c: 1335 in js_update_file()


_______________________________________________________________________________ _________________________
*** CID 509553: Control flow issues (NESTING_INDENT_MISMATCH)
/js_filebase.c: 1335 in js_update_file()
1329 } else {
1330 if(file.extdesc != NULL)
1331 truncsp(file.extdesc);
1332 if(!readd_always && strcmp(extdesc ? extdesc : "", file.extdesc ? file.extdesc : "") == 0
1333 && strcmp(auxdata ? auxdata : "", file.auxdata ? file.auxdata : "") == 0)
1334 p->smb_result = smb_putfile(&p->smb, &file);

CID 509553: Control flow issues (NESTING_INDENT_MISMATCH)
This 'if' statement is indented to column 41, as if it were nested within the preceding parent statement, but it is not.

1335 if(p->smb_result != SMB_SUCCESS)
1336 JS_ReportError(cx, "%d writing '%s'", p->smb_result, file.name);
1337 else {
1338 if((p->smb_result = smb_removefile_by_name(&p->smb, filename)) == SMB_SUCCESS) {
1339 if(readd_always)
1340
file.hdr.when_imported.time = 0; // we want the file to appear as "new"

** CID 509552: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 244 in smb_findfile()


_______________________________________________________________________________ _________________________
*** CID 509552: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 244 in smb_findfile()
238 if(smb_fread(smb, &fidx, sizeof(fidx), smb->sid_fp) != sizeof(fidx))
239 break;
240
241 f->idx_offset = offset++;
242
243 if(filename != NULL) {

CID 509552: Memory - illegal accesses (STRING_NULL)
Passing unterminated string "fidx.name" to "strcasecmp", which expects a null-terminated string.

244 if(stricmp(fidx.name, fname) != 0)
245 continue;
246 f->file_idx = fidx;
247 return SMB_SUCCESS;
248 }
249

** CID 509551: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 441 in smb_removefile()


_______________________________________________________________________________ _________________________
*** CID 509551: Memory - illegal accesses (STRING_NULL) /tmp/sbbs-Sep-14-2024/src/smblib/smbfile.c: 441 in smb_removefile()
435 free(fidx);
436 smb_unlocksmbhdr(smb);
437 return SMB_ERR_READ;
438 }
439 rewind(smb->sid_fp);
440 for(uint32_t i = 0; i < smb->status.total_files; i++) { >>> CID 509551: Memory - illegal accesses (STRING_NULL)

Passing unterminated string "fidx[i].name" to "strcasecmp", which expects a null-terminated string.

441 if(stricmp(fidx[i].name, fname) == 0) {
442 removed++;
443 continue;
444 }
445 if(fwrite(fidx + i, sizeof(*fidx), 1, smb->sid_fp) != 1) {
446 safe_snprintf(smb->last_error, sizeof(smb->last_error), "%s re-writing index"


_______________________________________________________________________________ _________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/l s/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIo VQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DpoPN_7FYjIqE8olEh4k02KWtt1r 1LGSyuXVEtCuKuJCXgAQZXJOgCi8IFr2wp43pRrORx9tzLYjX2Y-2FSYnzacVgdrC5ToyfEd02kRU0c zfft4zgHvFTf4l2icBGvZtBDP8972Z-2BLrNSb7QqVDHjYiK23CNzZR9MLbzXh1WOITpsswqNS5z337 vFuU-2BJOMvO3veuWFvtJ3Xwk9mN-2FsudyolEK5nw-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
17 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 509721: Resource leaks (RESOURCE_LEAK)
/scfg/scfgmsg.c: 139 in import_msg_areas()


_______________________________________________________________________________ _________________________
*** CID 509721: Resource leaks (RESOURCE_LEAK)
/scfg/scfgmsg.c: 139 in import_msg_areas()
133 new_sub_misc = SUB_FIDO;
134 ini = iniReadFile(stream);
135 if(ini == NULL)
136 return 0;
137 list = iniGetSectionList(ini, /* prefix: */NULL);
138 if(list == NULL)

CID 509721: Resource leaks (RESOURCE_LEAK)
Variable "ini" going out of scope leaks the storage it points to.

139 return 0;
140 break;
141 default: // EchoLists (e.g. BACKBONE.NA, badareas.lst) and AREAS.BBS
142 new_sub_misc = SUB_FIDO;
143 break;
144 }

** CID 509720: (RESOURCE_LEAK)
/logon.cpp: 670 in sbbs_t::logonstats()()
/logon.cpp: 676 in sbbs_t::logonstats()()
/logon.cpp: 649 in sbbs_t::logonstats()()
/logon.cpp: 673 in sbbs_t::logonstats()()
/logon.cpp: 682 in sbbs_t::logonstats()()


_______________________________________________________________________________ _________________________
*** CID 509720: (RESOURCE_LEAK)
/logon.cpp: 670 in sbbs_t::logonstats()()
664 }
665 fclose_dstats(dsts);
666 }
667 }
668
669 if(cfg.node_num==0) /* called from event_thread() */

CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.

670 return(0);
671
672 if(thisnode.status==NODE_QUIET) /* Quiet users aren't counted */
673 return(0);
674
675 if(REALSYSOP && !(cfg.sys_misc&SM_SYSSTAT))
/logon.cpp: 676 in sbbs_t::logonstats()()
670 return(0);
671
672 if(thisnode.status==NODE_QUIET) /* Quiet users aren't counted */
673 return(0);
674
675 if(REALSYSOP && !(cfg.sys_misc&SM_SYSSTAT))

CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.

676 return(0);
677
678 for(i=0;i<2;i++) {
679 FILE* fp = fopen_dstats(&cfg, i ? 0 : cfg.node_num, /* for_write: */TRUE);
680 if(fp == NULL) {
681 errormsg(WHERE, ERR_OPEN, "dsts.ini", i); /logon.cpp: 649 in sbbs_t::logonstats()()
643 node.misc|=NODE_EVENT;
644 putnodedat(i,&node);
645 }
646 if((dsts = fopen_dstats(&cfg, i, /* for_write: */TRUE)) == NULL) /* doesn't have stats yet */
647 continue;
648

CID 509720: (RESOURCE_LEAK)
Overwriting "csts" in "csts = fopen_cstats(&this->cfg, i, true)" leaks the storage that "csts" points to.

649 if((csts = fopen_cstats(&cfg, i, /* for_write: */TRUE)) == NULL) {
650 fclose_dstats(dsts);
651 errormsg(WHERE, ERR_OPEN, "csts.tab", i);
652 continue;
653 }
654
/logon.cpp: 673 in sbbs_t::logonstats()()
667 }
668
669 if(cfg.node_num==0) /* called from event_thread() */
670 return(0);
671
672 if(thisnode.status==NODE_QUIET) /* Quiet users aren't counted */

CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.

673 return(0);
674
675 if(REALSYSOP && !(cfg.sys_misc&SM_SYSSTAT))
676 return(0);
677
678 for(i=0;i<2;i++) {
/logon.cpp: 682 in sbbs_t::logonstats()()
676 return(0);
677
678 for(i=0;i<2;i++) {
679 FILE* fp = fopen_dstats(&cfg, i ? 0 : cfg.node_num, /* for_write: */TRUE);
680 if(fp == NULL) {
681 errormsg(WHERE, ERR_OPEN, "dsts.ini", i);

CID 509720: (RESOURCE_LEAK)
Variable "csts" going out of scope leaks the storage it points to.

682 return(0L);
683 }
684 if(!fread_dstats(fp, &stats)) {
685 errormsg(WHERE, ERR_READ, "dsts.ini", i);
686 } else {
687 stats.today.logons++;


_______________________________________________________________________________ _________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/l s/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIo VQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D1BBg_7FYjIqE8olEh4k02KWtt1r 1LGSyuXVEtCuKuJCXgAQYPIsZP1mUIcYDXV-2BIKqJmrVInqiYU6VTjqKrshCKgIaqKtr35-2BruWgG 1P-2Bg0yB-2BuAgsL8JZmDQBzw15bXNroJeqqVZoqg0VkgzqvypQVJBEoWQ3SQD0dE3jrBkw3Qa7Rc5 CMTgkEjMauyB8RHdROWl9YGmjuyI0AjbW-2Fmd2yoJLA-3D-3D



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net