Hi,
Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.
3 new defect(s) introduced to Synchronet found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 329620: Uninitialized variables (UNINIT)
/tmp/sbbs-Mar-21-2021/src/xpdev/sockwrap.c: 556 in nonblocking_connect()
________________________________________________________________________________________________________
*** CID 329620: Uninitialized variables (UNINIT)
/tmp/sbbs-Mar-21-2021/src/xpdev/sockwrap.c: 556 in nonblocking_connect()
550 result=ERROR_VALUE;
551 if(result==EWOULDBLOCK || result==EINPROGRESS) {
552 if (socket_writable(sock, timeout * 1000)) {
553 result = 0;
554 }
555 else {
>>> CID 329620: Uninitialized variables (UNINIT)
>>> Using uninitialized value "optlen" when calling "getsockopt".
556 if(getsockopt(sock, SOL_SOCKET, SO_ERROR, (void*)&result, &optlen)==SOCKET_ERROR)
557 result=ERROR_VALUE;
558 }
559 }
560 }
561 return result;
** CID 329619: (RESOURCE_LEAK)
/tmp/sbbs-Mar-21-2021/src/xpdev/multisock.c: 382 in xpms_accept()
/tmp/sbbs-Mar-21-2021/src/xpdev/multisock.c: 625 in xpms_accept()
/tmp/sbbs-Mar-21-2021/src/xpdev/multisock.c: 384 in xpms_accept()
/tmp/sbbs-Mar-21-2021/src/xpdev/multisock.c: 402 in xpms_accept()
/tmp/sbbs-Mar-21-2021/src/xpdev/multisock.c: 566 in xpms_accept()
________________________________________________________________________________________________________
*** CID 329619: (RESOURCE_LEAK)
/tmp/sbbs-Mar-21-2021/src/xpdev/multisock.c: 382 in xpms_accept()
376 poll_timeout = INT_MAX;
377 else
378 poll_timeout = timeout;
379
380 switch (poll(fds, scnt, timeout)) {
381 case 0:
>>> CID 329619: (RESOURCE_LEAK)
>>> Variable "fds" going out of scope leaks the storage it points to.
382 return INVALID_SOCKET;
383 case -1:
384 return SOCKET_ERROR;
385 default:
386 scnt = 0;
387 for(i=0; isock_count; i++) {
/tmp/sbbs-Mar-21-2021/src/xpdev/multisock.c: 625 in xpms_accept()
619 return ret;
620 }
621 }
622 }
623 }
624
>>> CID 329619: (RESOURCE_LEAK)
>>> Variable "fds" going out of scope leaks the storage it points to.
625 return INVALID_SOCKET;
/tmp/sbbs-Mar-21-2021/src/xpdev/multisock.c: 384 in xpms_accept()
378 poll_timeout = timeout;
379
380 switch (poll(fds, scnt, timeout)) {
381 case 0:
382 return INVALID_SOCKET;
383 case -1:
>>> CID 329619: (RESOURCE_LEAK)
>>> Variable "fds" going out of scope leaks the storage it points to.
384 return SOCKET_ERROR;
385 default:
386 scnt = 0;
387 for(i=0; isock_count; i++) {
388 if(xpms_set->socks[i].sock == INVALID_SOCKET)
389 continue;
/tmp/sbbs-Mar-21-2021/src/xpdev/multisock.c: 402 in xpms_accept()
396 else {
397 #endif
398 if(cb_data)
399 *cb_data=xpms_set->socks[i].cb_data;
400 ret = accept(xpms_set->socks[i].sock, &addr->addr, addrlen);
401 if (ret == INVALID_SOCKET)
>>> CID 329619: (RESOURCE_LEAK)
>>> Variable "fds" going out of scope leaks the storage it points to.
402 return ret;
403
404 // Set host_ip from haproxy protocol, if its used
405 // https://u15810271.ct.sendgrid.net/ls/click?upn=CTPegkVN6peWFCMEieYYmFhfLHSS4WW27WEbAQ0FnW2DAsEL4QRepj-2FHt2fmG7L-2BnWOoJSnAMuZZVvs-2FTpt9KdaKEu5rXFXNd-2BvSGu5ZLas-3Dd_90_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrBHl4bR3Ma1f60TFhv7T6ysQTqzEd9nvMDO73rOMH-2FoJ5nhN868MA2phqypJ2oV92b97jXxFmunct7Y4klqGur0z6R0WcReKRfq0D0HPM1tk6CAFrC65I3bitVBEnBiVT8QTt-2F7UTr2oUauVjXSlBWa0Bh93CLCT6FEG1AINFfOnaX7z7JDCirzBRH9jqSpkRA-3D
406 if (flags & XPMS_ACCEPT_FLAG_HAPROXY) {
407 memset(addr, 0, sizeof(*addr));
/tmp/sbbs-Mar-21-2021/src/xpdev/multisock.c: 566 in xpms_accept()
560 switch (l) {
561 // IPv4 - AF_INET
562 case HAPROXY_AFINET:
563 if (i != 12) {
564 xpms_set->lprintf(LOG_ERR,"%04d * HAPROXY Something went wrong - IPv4 address length is incorrect",ret);
565 closesocket(ret);
>>> CID 329619: (RESOURCE_LEAK)
>>> Variable "fds" going out of scope leaks the storage it points to.
566 return INVALID_SOCKET;
567 }
568 addr->in.sin_family = AF_INET;
569 if (read_socket(ret, hapstr, i, xpms_set->lprintf)==FALSE) {
570 xpms_set->lprintf(LOG_ERR,"%04d * HAPROXY looking for IPv4 address - failed",ret);
571 closesocket(ret);
** CID 329618: Null pointer dereferences (NULL_RETURNS)
/tmp/sbbs-Mar-21-2021/src/xpdev/multisock.c: 368 in xpms_accept()
________________________________________________________________________________________________________
*** CID 329618: Null pointer dereferences (NULL_RETURNS)
/tmp/sbbs-Mar-21-2021/src/xpdev/multisock.c: 368 in xpms_accept()
362 if(FD_ISSET(xpms_set->socks[i].sock, &read_fs)) {
363 #else
364 fds = calloc(xpms_set->sock_count, sizeof(*fds));
365 for (i = 0; i sock_count; i++) {
366 if (xpms_set->socks[i].sock == INVALID_SOCKET)
367 continue;
>>> CID 329618: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing "fds", which is known to be "NULL".
368 fds[scnt].fd = xpms_set->socks[i].sock;
369 fds[scnt].events = POLLIN;
370 scnt++;
371 }
372
373 if (timeout == XPMS_FOREVER)
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DLHmn_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrBHl4bR3Ma1f60TFhv7T6ysowkKJDrUA6C75fu3BRJq-2FUw5eN9b5XYSctzsJ98DPYfDP7j4AYhQkY30dnFu4TwCdwjnMT8mAI2-2Bg-2FqSBUEH44x5j1MZehgipi7vnrC2DB2OwTaDXMtI26MENFL9HDj08iR5XhCILdRMD4IRrtvokulJVT7mfhTDsxurasyCN6A-3D
--- SBBSecho 3.14-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
|