Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 510624: High impact quality (Y2K38_SAFETY)
/upload.cpp: 361 in sbbs_t::upload(int, const char *)()


________________________________________________________________________________________________________
*** CID 510624: High impact quality (Y2K38_SAFETY)
/upload.cpp: 361 in sbbs_t::upload(int, const char *)()
355 SAFEPRINTF(descbeg,text[Rated],toupper(ch));
356 }
357 if(cfg.dir[dirnum]->misc&DIR_ULDATE) {
358 now=time(NULL);
359 if(descbeg[0])
360 strcat(descbeg," ");

CID 510624: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "this->now" is cast to "time32_t".

361 SAFEPRINTF(str,"%s ",unixtodstr(&cfg,(time32_t)now,tmp));
362 strcat(descbeg,str);
363 }
364 if(cfg.dir[dirnum]->misc&DIR_MULT) {
365 sync();
366 if(!noyes(text[MultipleDiskQ])) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DIddI_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYB81ZvyCqI0cAJ-2FU5ubhxKf4JbTpohfwGahN-2FqiJqEJS3JKhfKJrRClFb390j-2Bf3IyHjOgp4TSp0v4WjJhOyS2xAdq9DkOONT15FqaUuN3dwPvrgxJQAm5MhfGSzyQr2ebowkrz6Mx39u7LNSgoa0vxPkqTzBlpznq59pGc5zgjQ-3D-3D


--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 511447: Control flow issues (DEADCODE)
/js_bbs.cpp: 2334 in js_xfer_prot_menu(JSContext *, unsigned int, unsigned long *)()


________________________________________________________________________________________________________
*** CID 511447: Control flow issues (DEADCODE)
/js_bbs.cpp: 2334 in js_xfer_prot_menu(JSContext *, unsigned int, unsigned long *)()
2328 if((sbbs=js_GetPrivate(cx, JS_THIS_OBJECT(cx, arglist)))==NULL) 2329 return(JS_FALSE);
2330
2331 if(argc > 0 && argv[0] == JSVAL_TRUE)
2332 xfer_type = XFER_BATCH_UPLOAD;
2333 if(argc > 1 && argv[1] == JSVAL_TRUE)

CID 511447: Control flow issues (DEADCODE)
Execution cannot reach the expression "XFER_BATCH_UPLOAD" inside this statement: "xfer_type = ((xfer_type == ...".

2334 xfer_type = (xfer_type == XFER_UPLOAD) ? XFER_BATCH_UPLOAD : XFER_BATCH_DOWNLOAD;
2335
2336 rc=JS_SUSPENDREQUEST(cx);
2337 sbbs->xfer_prot_menu(xfer_type, &sbbs->useron, keys, sizeof keys);
2338 JSString* js_str = JS_NewStringCopyZ(cx, keys);
2339 if(js_str == nullptr)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DITFI_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQaq5jE-2BLt6d0xDUmd9IA4TiFW4D2c-2Fv2LVaAIklYCEHPyQvUq2Zlw7GDvJu3j8LRmS7SAP5K0MN-2FeHPuzVDlzgYGLGR7UoaRyivmdwaD-2F8GGj2SeuFl5CNmO4uJ75M69NpIJcEgiKbpoWpXeuJdzQYzNm1WuI45zNZnbxNBPzaHrg-3D-3D


--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 511508: High impact quality (Y2K38_SAFETY)
/date_str.c: 158 in datestr()


________________________________________________________________________________________________________
*** CID 511508: High impact quality (Y2K38_SAFETY)
/date_str.c: 158 in datestr()
152 /****************************************************************************/
153 char* datestr(scfg_t* cfg, time_t t, char* str)
154 {
155 if(t == 0)
156 return "---------";
157 if(!cfg->sys_date_verbal)

CID 511508: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

158 return unixtodstr(cfg, (time32_t)t, str);
159 struct tm tm = {0};
160 if(localtime_r(&t, &tm) == NULL)
161 return "!!!!!!!!!";
162 char fmt[32] = "";
163 switch(cfg->sys_date_fmt) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DeIbg_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZqqLX5nOyr0GCOMCsCoPlrYhtCBBDisrUKXmOFR94rfPCeqYsaUhoG3UZ-2FYUaiUYrgUIufMTzxsRzH7-2B7zAyM4HCi34k5-2FbdZ1Kp-2FDSG9A8IDyw-2BIsKQ-2B2fNzoCls7j0N-2B7Pb2XI8MB8f5lr-2BCPTiUaqWkDFwSWHqbm0IZWY1GZQ-3D-3D


--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 511621: High impact quality (Y2K38_SAFETY)
/str.cpp: 990 in sbbs_t::unixtodstr(long, char *)()


________________________________________________________________________________________________________
*** CID 511621: High impact quality (Y2K38_SAFETY)
/str.cpp: 990 in sbbs_t::unixtodstr(long, char *)()
984 }
985
986 char* sbbs_t::unixtodstr(time_t t, char* str)
987 {
988 if(str == nullptr)
989 str = datestr_output;

CID 511621: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

990 return ::unixtodstr(&cfg, t, str);
991 }
992
993 void sbbs_t::sys_info()
994 {
995 char tmp[128];


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DFl35_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbldReasLeT64fJgl4QpY1aZbFANNQbDPFr-2BH2HYcH1IWW1-2FtRGPtb0gVjSH-2BBqjWAK7btzMhM331mrzEXRNmqAyTftaCh3YDujP4YB-2F7PQ4EGqELNq7SpMqQKEr5kiHI5KwG1KMczjzMucZ1MepWUctNMP3lW0eqjsOrH2fBSzrg-3D-3D


--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 512127: (Y2K38_SAFETY)
/scfg/scfgsys.c: 1367 in edit_sys_date_verbal()
/scfg/scfgsys.c: 1368 in edit_sys_date_verbal()


________________________________________________________________________________________________________
*** CID 512127: (Y2K38_SAFETY)
/scfg/scfgsys.c: 1367 in edit_sys_date_verbal()
1361
1362 int edit_sys_date_verbal(int page, int total)
1363 {
1364 int mode = WIN_SAV | WIN_MID;
1365 int i = cfg.sys_date_verbal;
1366 time_t t = time(NULL);

CID 512127: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

1367 snprintf(opt[0],MAX_OPLN,"Numeric (e.g. %s)", unixtodstr(&cfg, (time32_t)t, tmp));
1368 snprintf(opt[1],MAX_OPLN,"Verbal (e.g. %s)", verbal_datestr(&cfg, (time32_t)t, tmp));
1369 opt[2][0] = '\0';
1370 uifc.helpbuf=
1371 "`Short Date Display Format:`\n"
1372 "\n"
/scfg/scfgsys.c: 1368 in edit_sys_date_verbal()
1362 int edit_sys_date_verbal(int page, int total)
1363 {
1364 int mode = WIN_SAV | WIN_MID;
1365 int i = cfg.sys_date_verbal;
1366 time_t t = time(NULL);
1367 snprintf(opt[0],MAX_OPLN,"Numeric (e.g. %s)", unixtodstr(&cfg, (time32_t)t, tmp));

CID 512127: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "t" is cast to "time32_t".

1368 snprintf(opt[1],MAX_OPLN,"Verbal (e.g. %s)", verbal_datestr(&cfg, (time32_t)t, tmp));
1369 opt[2][0] = '\0';
1370 uifc.helpbuf=
1371 "`Short Date Display Format:`\n"
1372 "\n"
1373 "If you would like short (8 character) dates to be displayed using verbal\n"


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DIT5o_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQavH6tAPUwXIDKUPRKBZGiRgKLj76Ij0uFpD4UCNwTCVen1QmVBk6yGbzTBSC2-2BxBE0GJfAoW-2B-2BWaxWl51M-2B9mp1hicInwTEKrQ8chQM9yGDR81PWtwXM-2Bq2j5YCl48NKAoGGKYo0R42EciGZugnM0LqGuohrShDzTlibesBwTavw-3D-3D


--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 514434: (NULL_RETURNS)
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 1001 in prestel_get_state()


________________________________________________________________________________________________________
*** CID 514434: (NULL_RETURNS)
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 1001 in prestel_get_state()
995 TERM_XY(&tx, &ty);
996 line = malloc(sizeof(*line) * tx);
997 prestel_new_line(cterm);
998 if (tx > 1) {
999 vmem_gettext(cterm->x, sy, cterm->x + tx - 2, sy, line);
1000 for (int i = 0; i < (tx - 1); i++) {

CID 514434: (NULL_RETURNS)
Dereferencing "line", which is known to be "NULL".

1001 uint8_t ch = line[i].ch;
1002 if (line[i].fg & 0x7F000000) {
1003 ch = (line[i].fg & 0x7F000000) >> 24; 1004 prestel_apply_ctrl(cterm, ch);
1005 }
1006 else {
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 999 in prestel_get_state()
993
994 SCR_XY(&sx, &sy);
995 TERM_XY(&tx, &ty);
996 line = malloc(sizeof(*line) * tx);
997 prestel_new_line(cterm);
998 if (tx > 1) {

CID 514434: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "line" when calling "ciolib_vmem_gettext".

999 vmem_gettext(cterm->x, sy, cterm->x + tx - 2, sy, line);
1000 for (int i = 0; i < (tx - 1); i++) {
1001 uint8_t ch = line[i].ch;
1002 if (line[i].fg & 0x7F000000) {
1003 ch = (line[i].fg & 0x7F000000) >> 24; 1004 prestel_apply_ctrl(cterm, ch);

** CID 514433: (NULL_RETURNS)
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 4990 in prestel_fix_line()


________________________________________________________________________________________________________
*** CID 514433: (NULL_RETURNS)
/tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 4985 in prestel_fix_line()
4979 bool fixed = false;
4980 bool fixedheight = false;
4981
4982 coord_conv_xy(cterm, CTERM_COORD_TERM, CTERM_COORD_SCREEN, &sy, &sx);
4983 ex = sx + TERM_MAXX - 1;
4984 line = malloc(sizeof(*line) * (ex - sx + 1));

CID 514433: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "line" when calling "ciolib_vmem_gettext".

4985 vmem_gettext(sx, sy, ex, sy, line);
4986 prestel_new_line(cterm);
4987 for (int i = 0; i < TERM_MAXX; i++) {
4988 uint8_t ch;
4989 // Go through the line applying attributes, held mosaics, etc.
4990 if (line[i].fg & 0x7F000000) { /tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 5098 in prestel_fix_line()
5092 line[i].ch += 64;
5093 fixed = true;
5094 }
5095 }
5096 }
5097 if (force || fixed)

CID 514433: (NULL_RETURNS)
Dereferencing a pointer that might be "NULL" "line" when calling "ciolib_vmem_puttext".

5098 vmem_puttext(sx, sy, ex, sy, line);
5099 free(line);
5100 if (restore) {
5101 cterm->extattr = extattr;
5102 cterm->fg_color = fg_color;
5103 cterm->bg_color = bg_color; /tmp/sbbs-Nov-03-2024/src/conio/cterm.c: 4990 in prestel_fix_line()
4984 line = malloc(sizeof(*line) * (ex - sx + 1));
4985 vmem_gettext(sx, sy, ex, sy, line);
4986 prestel_new_line(cterm);
4987 for (int i = 0; i < TERM_MAXX; i++) {
4988 uint8_t ch;
4989 // Go through the line applying attributes, held mosaics, etc.

CID 514433: (NULL_RETURNS)
Dereferencing "line", which is known to be "NULL".

4990 if (line[i].fg & 0x7F000000) {
4991 // This is a control character
4992 ch = (line[i].fg & 0x7F000000) >> 24;
4993 prestel_apply_ctrl_before(cterm, ch);
4994 if ((cterm->extattr & CTERM_EXTATTR_PRESTEL_DOUBLE_HEIGHT) && ((line[i].bg & 0x01000000) == 0)) {
4995 // Should be double-high


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DIdOQ_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbN8RSzLdCZbSy14N5iWP9J-2FcpNjQ0eI2Oj6rPhHqZBQZA4UM9PchXs94tTdeyxdvCkcPzkWohEpzrEBvlrnd6-2FTfmIpMAsE2mi-2BdkX8vzesYff-2FsK9jSFcjEXcYS-2Fxznm-2FxoYdKxCkLPJPKyAUp9zwS3A1OhpfjMprQ34Tb-2BWdhw-3D-3D


--- SBBSecho 3.21-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 514483: API usage errors (PRINTF_ARGS)


________________________________________________________________________________________________________
*** CID 514483: API usage errors (PRINTF_ARGS)
/websrvr.c: 1659 in http_logon()
1653 SAFECOPY(session->user.modem, session->client.protocol);
1654 SAFECOPY(session->user.comp, session->host_name);
1655 SAFECOPY(session->user.ipaddr, session->host_ip);
1656 session->user.logontime = (time32_t)session->logon_time;
1657 int result = putuserdat(&scfg, &session->user);
1658 if(result != 0)

CID 514483: API usage errors (PRINTF_ARGS)
No argument for format specifier "%d".

1659 lprintf(LOG_ERR, "%04d %s [%s] <%s> !Error %d writing user data for user #%d"
1660 ,session->socket, session->client.protocol, session->host_ip
1661 ,session->username, session->user.number);
1662
1663 }
1664 SAFECOPY(session->client.user, session->username);

** CID 514482: API usage errors (PW.TOO_FEW_PRINTF_ARGS)
/websrvr.c: 1661 in ()


________________________________________________________________________________________________________
*** CID 514482: API usage errors (PW.TOO_FEW_PRINTF_ARGS)
/websrvr.c: 1661 in ()
1655 SAFECOPY(session->user.ipaddr, session->host_ip);
1656 session->user.logontime = (time32_t)session->logon_time;
1657 int result = putuserdat(&scfg, &session->user);
1658 if(result != 0)
1659 lprintf(LOG_ERR, "%04d %s [%s] <%s> !Error %d writing user data for user #%d"
1660 ,session->socket, session->client.protocol, session->host_ip

CID 514482: API usage errors (PW.TOO_FEW_PRINTF_ARGS)
the format string requires additional arguments

1661 ,session->username, session->user.number);
1662
1663 }
1664 SAFECOPY(session->client.user, session->username);
1665 session->client.usernum = session->user.number;
1666 client_on(session->socket, &session->client, /* update existing client record? */true);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DjGNe_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZrw1ACipL81Cfrev1KTkNSpg9ocZGsXxFU4AldvxV89V-2FFS8Im4F3ZlIWKiU1IgZ7U6FnHvW5nOIPElnOgDye48Et-2FcrMwNOZVyWRSzqRdvKvjv7tIxk-2BD72e1fmIEEOvn4SDov1pv-2FzEWSevpHegP3dEU8oXtKIA8RNAEjZ1XUg-3D-3D


--- SBBSecho 3.21-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 514519: (LOCK)
/main.cpp: 4849 in sbbs_t::daily_maint()()
/main.cpp: 4849 in sbbs_t::daily_maint()()


________________________________________________________________________________________________________
*** CID 514519: (LOCK)
/main.cpp: 4849 in sbbs_t::daily_maint()()
4843 lprintf(result ? LOG_ERR : LOG_INFO, "Daily event: '%s' returned %d", cmd, result);
4844 }
4845 if((sys_status & SS_NEW_MONTH) && cfg.sys_monthly[0]) {
4846 lputs(LOG_INFO, "DAILY: Running monthly event");
4847 const char* cmd = cmdstr(cfg.sys_monthly,nulstr,nulstr,NULL);
4848 online = ON_LOCAL;

CID 514519: (LOCK)
"external" unlocks "this->input_thread_mutex" while it is unlocked. 4849 int result = external(cmd, EX_OFFLINE);

4850 online = false;
4851 lprintf(result ? LOG_ERR : LOG_INFO, "Monthly event: '%s' returned %d", cmd, result);
4852 }
4853 lputs(LOG_INFO, "DAILY: System maintenance ended");
4854 sys_status&=~SS_DAILY;
/main.cpp: 4849 in sbbs_t::daily_maint()()
4843 lprintf(result ? LOG_ERR : LOG_INFO, "Daily event: '%s' returned %d", cmd, result);
4844 }
4845 if((sys_status & SS_NEW_MONTH) && cfg.sys_monthly[0]) {
4846 lputs(LOG_INFO, "DAILY: Running monthly event");
4847 const char* cmd = cmdstr(cfg.sys_monthly,nulstr,nulstr,NULL);
4848 online = ON_LOCAL;

CID 514519: (LOCK)
"external" locks "this->input_thread_mutex" while it is locked.

4849 int result = external(cmd, EX_OFFLINE);
4850 online = false;
4851 lprintf(result ? LOG_ERR : LOG_INFO, "Monthly event: '%s' returned %d", cmd, result);
4852 }
4853 lputs(LOG_INFO, "DAILY: System maintenance ended");
4854 sys_status&=~SS_DAILY;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DmVJv_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZYt7Pe-2B8KlpNPxf3vYfbGXTetKrkOysaWsLoXwVVJy-2BlT3vWHLSa-2F-2BgpVoMRk-2FB9lZhpdNOATgKKch-2FKRWKdw7CGPsa8-2BoRGvrYP8DjPqUmQVJXsmXD2xm4gPlAPoQOpnW8tWCZcdj7lp745Fp7QOqFvNAcU4EQLHiapc9wQpj6A-3D-3D


--- SBBSecho 3.21-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 514629: API usage errors (PW.PRINTF_ARG_MISMATCH) /tmp/sbbs-Nov-10-2024/src/smblib/smblib.c: 298 in ()


________________________________________________________________________________________________________
*** CID 514629: API usage errors (PW.PRINTF_ARG_MISMATCH) /tmp/sbbs-Nov-10-2024/src/smblib/smblib.c: 298 in ()
292 else
293 if(time(NULL)-start>=(time_t)smb->retry_time) 294 break;
295 ++count;
296 SLEEP((count / 10) * smb->retry_delay);
297 }

CID 514629: API usage errors (PW.PRINTF_ARG_MISMATCH)
argument is incompatible with corresponding format string conversion (expected type "int" but argument has type "long")

298 safe_snprintf(smb->last_error,sizeof(smb->last_error),"%s timeout locking message base after %d seconds", __FUNCTION__, time(NULL) - start);
299 return(SMB_ERR_TIMEOUT);
300 }
301
302 /****************************************************************************/
303 /* Read the SMB header from the header file and place into smb.status */

** CID 514628: API usage errors (PRINTF_ARGS)


________________________________________________________________________________________________________
*** CID 514628: API usage errors (PRINTF_ARGS) /tmp/sbbs-Nov-10-2024/src/smblib/smblib.c: 298 in smb_locksmbhdr()
292 else
293 if(time(NULL)-start>=(time_t)smb->retry_time) 294 break;
295 ++count;
296 SLEEP((count / 10) * smb->retry_delay);
297 }

CID 514628: API usage errors (PRINTF_ARGS)
Argument "time(NULL) - start" to format specifier "%d" was expected to have type "int" but has type "long".

298 safe_snprintf(smb->last_error,sizeof(smb->last_error),"%s timeout locking message base after %d seconds", __FUNCTION__, time(NULL) - start);
299 return(SMB_ERR_TIMEOUT);
300 }
301
302 /****************************************************************************/
303 /* Read the SMB header from the header file and place into smb.status */


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D04SY_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbRNqpwvGc4zcZ5uKeIndhuSqNnxi4ZbqnqhqxxcEUjkJJHGyGkBZt6V7UXUX2xnB2lvPBmqBCBxBghPzBYV7kJY89l3F0Je2EKuh7lbcH1Ki5248pEoplbC6UdQ14IH1AzZ-2BYu06Kjq-2F-2BS7xugvit0MheMfmyl63WZ-2BGQqWv04fA-3D-3D


--- SBBSecho 3.21-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 514647: Resource leaks (RESOURCE_LEAK)
/userdat.c: 1397 in getnodeext()


________________________________________________________________________________________________________
*** CID 514647: Resource leaks (RESOURCE_LEAK)
/userdat.c: 1397 in getnodeext()
1391 {
1392 int f;
1393
1394 if(!VALID_CFG(cfg) || num < 1)
1395 return "";
1396 if((f = opennodeext(cfg)) < 1)

CID 514647: Resource leaks (RESOURCE_LEAK)
Handle variable "f" going out of scope leaks the handle.

1397 return "";
1398 (void)lseek(f, (num-1) * 128, SEEK_SET);
1399 if(read(f, buf, 128) != 128)
1400 memset(buf, 0, 128);
1401 close(f);
1402 buf[127] = 0;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DNrRS_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZ3ELp6fsbhc-2FY9mD5Zp1-2FoSxtPMVY9W2gQFqb-2BWiMKBXb3R551uQj1an4L8jxHGCtVzJ8f8hTy9TuLVRQzLD3L1M-2FICoSbiZvQ-2FUBPSeV-2BCcsclK4jYNyukSMcGAKOr-2BtLQBr5jUdpUtVX-2FuxQBKwF4hNcUqyrDA8X7YI-2FfcIZtw-3D-3D


--- SBBSecho 3.21-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 515048: Security best practices violations (SECURE_TEMP)
/sbbsecho.c: 1848 in add_areas_from_echolists()


________________________________________________________________________________________________________
*** CID 515048: Security best practices violations (SECURE_TEMP)
/sbbsecho.c: 1848 in add_areas_from_echolists()
1842 match=0;
1843 for(k=0; cfg.listcfg[j].keys[k] ;k++) {
1844 if(match) break;
1845 for(x=0; nodecfg->keys[x] ;x++) {
1846 if(!stricmp(cfg.listcfg[j].keys[k]
1847 ,nodecfg->keys[x])) {

CID 515048: Security best practices violations (SECURE_TEMP)
"tmpfile" creates files with predictable names, which is unsafe.

1848 if((fwdfile=tmpfile())==NULL) { 1849 lprintf(LOG_ERR,"ERROR line %d opening forward temp "
1850 "file",__LINE__);
1851 match=1;
1852 break;
1853 }

** CID 515047: Control flow issues (NO_EFFECT)
/sbbsecho.c: 1635 in alter_areas_ini()


________________________________________________________________________________________________________
*** CID 515047: Control flow issues (NO_EFFECT)
/sbbsecho.c: 1635 in alter_areas_ini()
1629 continue;
1630 }
1631 }
1632 if(add_area[0] != NULL) { /* Check for areas to add */
1633 bool add_all = (stricmp(add_area[0], "+ALL") == 0);
1634 j = strListFind(add_area, echotag, /* case-sensitive */false);

CID 515047: Control flow issues (NO_EFFECT)
This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "j >= 0U".

1635 if(add_all || j >= 0) {
1636 if(j >= 0)
1637 add_area[j][0]=0; /* So we can check other lists */
1638 uint areanum = find_area(echotag);
1639 if(!area_is_valid(areanum)) {
1640 lprintf(LOG_ERR, "Invalid area num on line %d", __LINE__);

** CID 515046: Error handling issues (CHECKED_RETURN)
/sbbsecho.c: 1989 in alter_areas()


________________________________________________________________________________________________________
*** CID 515046: Error handling issues (CHECKED_RETURN)
/sbbsecho.c: 1989 in alter_areas()
1983 ,smb_faddrtoa(&addr,NULL), (ulong)added, cfg.areafile);
1984 if(deleted)
1985 lprintf(LOG_DEBUG, "AreaFix (for %s) Removed links to %lu areas in %s"
1986 ,smb_faddrtoa(&addr,NULL), (ulong)deleted, cfg.areafile);
1987 if(added || deleted) {
1988 if(stat(cfg.areafile, &st) == 0)

CID 515046: Error handling issues (CHECKED_RETURN)
Calling "chmod(outpath, st.st_mode)" without checking return value. This library function may fail and return an error code.

1989 chmod(outpath, st.st_mode);
1990 if(cfg.areafile_backups == 0 || !backup(cfg.areafile, cfg.areafile_backups, /* ren: */TRUE))
1991 delfile(cfg.areafile, __LINE__); /* Delete AREAS.BBS */
1992 if(rename(outpath,cfg.areafile)) /* Rename new AREAS.BBS file */
1993 lprintf(LOG_ERR,"ERROR line %d renaming %s to %s",__LINE__,outpath,cfg.areafile);
1994 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D1jSz_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbxEcP2FV-2FE8SZ4Zj-2B5i-2FvXMBc1u-2B9IyI73gYzjnV6pIIbqC2pGfKYB3KXIl7XZEKXLdLz8vi8-2BwsF6O91kuZqV1ShM13vaTkO37J3VV7GT6YwOX288v8WtwpdrdHMhRE2EqIozgp1HMSE07wuarfyxBLAND56oVPlNda7IFeLuFA-3D-3D


--- SBBSecho 3.23-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 515063: Security best practices violations (SECURE_TEMP)
/sbbsecho.c: 2142 in areamgr_command()


________________________________________________________________________________________________________
*** CID 515063: Security best practices violations (SECURE_TEMP)
/sbbsecho.c: 2142 in areamgr_command()
2136 nodecfg->archive = SBBSECHO_ARCHIVE_NONE;
2137 else {
2138 for(u=0;u<cfg.arcdefs;u++)
2139 if(stricmp(p,cfg.arcdef[u].name) == 0) 2140 break;
2141 if(u==cfg.arcdefs) {

CID 515063: Security best practices violations (SECURE_TEMP)
"tmpfile" creates files with predictable names, which is unsafe.

2142 if((tmpf=tmpfile())==NULL) {
2143 lprintf(LOG_ERR,"ERROR line %d opening tmpfile()",__LINE__);
2144 return false;
2145 }
2146 SAFEPRINTF(str, "Compression type unavailable: %s", p);
2147 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DGoz1_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYHiJRuOAYx4mtSc3Rs7eY9P2HGERsO3Ui1TozxvEl3HSa54-2BxmZuyJa4rdPvK8KqeFliWPJD252StMkW9mo-2B6uT2KWq9YxJqegr2CCurq6i8coJamUQEMyVcyknmxOhR1KJArkVSLfkYq8-2BmPn9fVdieJLgwrSG692S4HB3dKfZQ-3D-3D


--- SBBSecho 3.23-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)