Hi,
Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.
5 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)
** CID 488309: Memory - illegal accesses (STRING_NULL)
________________________________________________________________________________________________________
*** CID 488309: Memory - illegal accesses (STRING_NULL)
/str.cpp: 344 in sbbs_t::sif(char *, char *, int)()
338 m+=2;
339 for(l=m;l>> CID 488309: Memory - illegal accesses (STRING_NULL)
>>> Passing unterminated string "(char *)buf + m" to "getkeys", which expects a null-terminated string.
344 answers[a++]=(char)getkeys((char *)buf+m,0);
345 }
346 else {
347 answers[a]=getkey(mode);
348 outchar(answers[a++]);
349 attr(LIGHTGRAY);
** CID 488308: (STRING_NULL)
________________________________________________________________________________________________________
*** CID 488308: (STRING_NULL)
/sbbsecho.c: 3666 in getzpt()
3660 faddr=atofaddr(buf+i+6);
3661 hdr->destzone=faddr.zone;
3662 hdr->destnet=faddr.net;
3663 hdr->destnode=faddr.node;
3664 i+=6;
3665 while(buf[i] && buf[i]!=' ') i++;
>>> CID 488308: (STRING_NULL)
>>> Passing unterminated string "buf + i + 1" to "atofaddr", which expects a null-terminated string.
3666 faddr=atofaddr(buf+i+1);
3667 hdr->origzone=faddr.zone;
3668 hdr->orignet=faddr.net;
3669 hdr->orignode=faddr.node;
3670 intl_found = true;
3671 }
/sbbsecho.c: 3660 in getzpt()
3654 if((!i || cr) && buf[i]==CTRL_A) { /* kludge */
3655 if(!strncmp(buf+i+1,"TOPT ",5))
3656 hdr->destpoint=atoi(buf+i+6);
3657 else if(!strncmp(buf+i+1,"FMPT ",5))
3658 hdr->origpoint=atoi(buf+i+6);
3659 else if(!strncmp(buf+i+1,"INTL ",5)) {
>>> CID 488308: (STRING_NULL)
>>> Passing unterminated string "buf + i + 6" to "atofaddr", which expects a null-terminated string.
3660 faddr=atofaddr(buf+i+6);
3661 hdr->destzone=faddr.zone;
3662 hdr->destnet=faddr.net;
3663 hdr->destnode=faddr.node;
3664 i+=6;
3665 while(buf[i] && buf[i]!=' ') i++;
** CID 488307: Memory - illegal accesses (STRING_NULL)
________________________________________________________________________________________________________
*** CID 488307: Memory - illegal accesses (STRING_NULL)
/tmp/sbbs-Mar-23-2024/src/smblib/smblib.c: 1085 in smb_getmsghdr()
1079 !=(size_t)msg->hfield[i].length) {
1080 safe_snprintf(smb->last_error,sizeof(smb->last_error)
1081 ,"%s reading header (#%d) field data (%d bytes)", __FUNCTION__, (int)i, (int)msg->hfield[i].length);
1082 smb_freemsgmem(msg);
1083 return(SMB_ERR_READ);
1084 }
>>> CID 488307: Memory - illegal accesses (STRING_NULL)
>>> Passing unterminated string "msg->hfield_dat[i]" to "set_convenience_ptr", which expects a null-terminated string.
1085 set_convenience_ptr(msg,msg->hfield[i].type,msg->hfield[i].length,msg->hfield_dat[i]);
1086
1087 l+=msg->hfield[i].length;
1088 }
1089
1090 /* These convenience pointers must point to something */
** CID 488306: (STRING_NULL)
/sauce.c: 60 in sauce_fread_charinfo()
/sauce.c: 62 in sauce_fread_charinfo()
/sauce.c: 59 in sauce_fread_charinfo()
/sauce.c: 61 in sauce_fread_charinfo()
________________________________________________________________________________________________________
*** CID 488306: (STRING_NULL)
/sauce.c: 60 in sauce_fread_charinfo()
54
55 if(type != NULL)
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));
59 SAFECOPY(info->title, record.title); truncsp(info->title);
>>> CID 488306: (STRING_NULL)
>>> Passing unterminated string "record.author" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
60 SAFECOPY(info->author, record.author); truncsp(info->author);
61 SAFECOPY(info->group, record.group); truncsp(info->group);
62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
65 switch(record.filetype) {
/sauce.c: 62 in sauce_fread_charinfo()
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));
59 SAFECOPY(info->title, record.title); truncsp(info->title);
60 SAFECOPY(info->author, record.author); truncsp(info->author);
61 SAFECOPY(info->group, record.group); truncsp(info->group);
>>> CID 488306: (STRING_NULL)
>>> Passing unterminated string "record.date" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
65 switch(record.filetype) {
66 case sauce_char_filetype_ascii:
67 case sauce_char_filetype_ansi:
/sauce.c: 59 in sauce_fread_charinfo()
53 return false;
54
55 if(type != NULL)
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));
>>> CID 488306: (STRING_NULL)
>>> Passing unterminated string "record.title" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
59 SAFECOPY(info->title, record.title); truncsp(info->title);
60 SAFECOPY(info->author, record.author); truncsp(info->author);
61 SAFECOPY(info->group, record.group); truncsp(info->group);
62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
/sauce.c: 61 in sauce_fread_charinfo()
55 if(type != NULL)
56 *type = record.filetype;
57 if(info != NULL) {
58 memset(info, 0, sizeof(*info));
59 SAFECOPY(info->title, record.title); truncsp(info->title);
60 SAFECOPY(info->author, record.author); truncsp(info->author);
>>> CID 488306: (STRING_NULL)
>>> Passing unterminated string "record.group" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
61 SAFECOPY(info->group, record.group); truncsp(info->group);
62 SAFECOPY(info->date, record.date); truncsp(info->date);
63 info->width = record.tinfo1;
64 info->height = record.tinfo2;
65 switch(record.filetype) {
66 case sauce_char_filetype_ascii:
** CID 488305: Memory - corruptions (STRING_OVERFLOW)
/uedit/uedit.c: 1908 in main()
________________________________________________________________________________________________________
*** CID 488305: Memory - corruptions (STRING_OVERFLOW)
/uedit/uedit.c: 1908 in main()
1902
1903 sbbs_get_ini_fname(ini_file, ctrl_dir);
1904
1905 /* Initialize BBS startup structure */
1906 memset(&bbs_startup,0,sizeof(bbs_startup));
1907 bbs_startup.size=sizeof(bbs_startup);
>>> CID 488305: Memory - corruptions (STRING_OVERFLOW)
>>> You might overrun the 1024-character destination string "bbs_startup.ctrl_dir" by writing 4097 characters from "ctrl_dir".
1908 strcpy(bbs_startup.ctrl_dir,ctrl_dir);
1909
1910 /* Read .ini file here */
1911 if(ini_file[0]!=0 && (fp=fopen(ini_file,"r"))!=NULL) {
1912 printf("Reading %s\n",ini_file);
1913 /* We call this function to set defaults, even if there's no .ini file */
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DTnRX_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQaEw-2F35bzGVOVw-2BfAgK10nKBe2EaCuOVThBtA4zmIf-2FH6jtPrg8CF4KIxfGxqbWYZGzK5dEjEeJjcG-2FZFDV9g6z-2BKMwuy3tSgd6XVj6QkX-2FbE7goOVxulE2g8b9eGhrdwq7nNngW7QJqRO3KLACCgsN-2Bn56lb9VdBetusZbl3sfvQ-3D-3D
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
|