1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • New Defects reported by C

    From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Tue Jan 24 13:36:00 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    2 new defect(s) introduced to Synchronet found with Coverity Scan.
    1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 2 of 2 defect(s)


    ** CID 434885: Null pointer dereferences (FORWARD_NULL)
    /services.c: 720 in js_client_update()


    ________________________________________________________________________________________________________
    *** CID 434885: Null pointer dereferences (FORWARD_NULL)
    /services.c: 720 in js_client_update()
    714 inet_addrtop(&addr, client.addr, sizeof(client.addr)); 715 client.port=inet_addrport(&addr);
    716 }
    717
    718 if(argc>1) {
    719 JSVALUE_TO_MSTRING(cx, argv[1], cstr, NULL);
    CID 434885: Null pointer dereferences (FORWARD_NULL)
    Passing null pointer "cstr" to "strncpy", which dereferences it.
    720 SAFECOPY(client.user, cstr);
    721 }
    722
    723 if(argc>2)
    724 JSVALUE_TO_STRBUF(cx, argv[2], client.host, sizeof(client.host), NULL);
    725

    ** CID 434884: Null pointer dereferences (FORWARD_NULL)
    /services.c: 666 in js_client_add()


    ________________________________________________________________________________________________________
    *** CID 434884: Null pointer dereferences (FORWARD_NULL)
    /services.c: 666 in js_client_add()
    660 client.port=inet_addrport(&addr);
    661 }
    662
    663 if(argc>1) {
    664 JSVALUE_TO_MSTRING(cx, argv[1], cstr, NULL);
    665 HANDLE_PENDING(cx, cstr);
    CID 434884: Null pointer dereferences (FORWARD_NULL)
    Passing null pointer "cstr" to "strncpy", which dereferences it.
    666 SAFECOPY(client.user, cstr);
    667 }
    668
    669 if(argc>2)
    670 JSVALUE_TO_STRBUF(cx, argv[2], client.host, sizeof(client.host), NULL);
    671


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DvLhJ_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrBNa4gwWWzuH4YpejndlE5gsky18iXCI4AkB01pepljfQqe7LF9jGy-2FPzogJNdd8GOgQ3TnLbTyrrZZkhw2xvoNM46EZwpq7pxgwtgEEnxcRLT7VMF9VB0-2Ff-2B2KirIMbgwvbghsG43LiLS-2FF-2BCh68FdiTiQ6aMChynPzZbnhEv4cw-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Wed Jan 25 13:37:00 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    1 new defect(s) introduced to Synchronet found with Coverity Scan.
    11 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)


    ** CID 434888: Uninitialized variables (UNINIT)
    /xtrn.cpp: 1370 in sbbs_t::external(const char *, long, const char *)()


    ________________________________________________________________________________________________________
    *** CID 434888: Uninitialized variables (UNINIT)
    /xtrn.cpp: 1370 in sbbs_t::external(const char *, long, const char *)()
    1364 if(startup_dir!=NULL && startup_dir[0]) {
    1365 SAFECOPY(str, startup_dir);
    1366 *lastchar(str) = 0;
    1367 SAFECOPY(gamedir, getfname(str));
    1368 }
    1369
    CID 434888: Uninitialized variables (UNINIT)
    Using uninitialized value "*gamedir".
    1370 if(*gamedir == 0) {
    1371 lprintf(LOG_ERR, "No startup directory configured for DOS command-line: %s", cmdline);
    1372 fclose(dosemubatfp);
    1373 return -1;
    1374 }
    1375


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3Di5Wp_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCu-2BeyEJW9rE8BW4LDJPQ2W2Wvs6n0p1O-2Fo9AM1iUao-2F2dlnwxD-2FRtUP2nmCEvhxiitStz1ds8-2B9EaUt0OTDXr5sDsyoKOngliXhJ9VISshWIOON7LUlF3dVpV2T8YLPOtt-2BDQXU15hmmSHz-2FmlMcFUnz-2Fr7tGDaZQcVs-2F9URbkGQ-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From scan-admin@coverity.com@VERT to cov-scan@synchro.net on Mon Jan 30 13:36:00 2023
    Hi,

    Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

    2 new defect(s) introduced to Synchronet found with Coverity Scan.


    New defect(s) Reported-by: Coverity Scan
    Showing 2 of 2 defect(s)


    ** CID 435652: High impact quality (Y2K38_SAFETY)
    /logfile.cpp: 46 in hacklog()


    ________________________________________________________________________________________________________
    *** CID 435652: High impact quality (Y2K38_SAFETY)
    /logfile.cpp: 46 in hacklog()
    40 return false;
    41
    42 inet_addrtop(addr, ip, sizeof(ip));
    43 fprintf(fp,"SUSPECTED %s HACK ATTEMPT for user '%s' on %.24s%sUsing port %u at %s [%s]%s"
    44 ,prot
    45 ,user
    CID 435652: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "now" is cast to "time32_t".
    46 ,timestr(cfg, (time32_t)now, tstr)
    47 ,log_line_ending
    48 ,inet_addrport(addr)
    49 ,host
    50 ,ip
    51 ,log_line_ending

    ** CID 435651: High impact quality (Y2K38_SAFETY)
    /logfile.cpp: 102 in spamlog()


    ________________________________________________________________________________________________________
    *** CID 435651: High impact quality (Y2K38_SAFETY)
    /logfile.cpp: 102 in spamlog()
    96 if(from==NULL)
    97 from=host;
    98
    99 fprintf(fp, "SUSPECTED %s SPAM %s on %.24s%sHost: %s [%s]%sFrom: %.128s %s%s"
    100 ,prot
    101 ,action
    CID 435651: High impact quality (Y2K38_SAFETY)
    A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "now" is cast to "time32_t".
    102 ,timestr(cfg, (time32_t)now, tstr)
    103 ,log_line_ending
    104 ,host
    105 ,ip_addr
    106 ,log_line_ending
    107 ,from


    ________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DrmwL_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrD1h-2BJFDuaPIzN3MjUxXvYYHQg-2Fq-2FfU-2Fa0iL0wmBIUr-2BFn-2Bh5d5qL-2FdY2FQedxymvZp-2Fl55lN-2BSO3rsaz-2BpIvPpEo8wZX8gGIoIufwknwcoNkG-2FC8e4PiByeZMHapM18xVRoUJvvlaXk0sHvmcwKAwJTorTghaXM6HlUMk6GBouCg-3D-3D



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net