TIP: Click on subject to list as thread! ANSI
echo: sync_programming
to: cov-scan@synchro.net
from: scan-admin@coverity.com
date: 2022-01-03 13:53:00
subject: New Defects reported by C

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 345193:  Security best practices violations  (STRING_OVERFLOW)
/js_system.c: 1742 in js_new_user()


________________________________________________________________________________________________________
*** CID 345193:  Security best practices violations  (STRING_OVERFLOW)
/js_system.c: 1742 in js_new_user()
1736     		user.expire=0;
1737
1738     	/* settings */
1739     	if(cfg->total_fcomps)
1740     		strcpy(user.tmpext,cfg->fcomp[0]->ext);
1741     	else
>>>     CID 345193:  Security best practices violations  (STRING_OVERFLOW)
>>>     You might overrun the 4-character fixed-size string "user.tmpext" by copying "supported_archive_formats[0]" without checking the length.
1742     		strcpy(user.tmpext,supported_archive_formats[0]);
1743
1744     	user.shell=cfg->new_shell;
1745     	user.misc=cfg->new_misc|(AUTOTERM|COLOR);
1746     	user.prot=cfg->new_prot;
1747     	user.qwk=QWK_DEFAULT;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DLHqT_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrASNRMrjmtERpNIdQUnJSJsKnAEJXIhAxYXn8Wsbe-2FZLcOyNTvGzTXSVf3pSFMNPtPlIb534EHtx-2FbVt-2FfWmb57n4Bq9KDPi7f788OCM9cJpzKEEOL9D4Rv1Q811tuCjU09XGZwjBhiJvxCsLDf07Au06lrQrx64u7WGcNazjKonw-3D-3D


--- SBBSecho 3.14-Linux
                                                                                                                         
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

SOURCE: echomail via QWK@pharcyde.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.