Hi,
Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.
3 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 515048: Security best practices violations (SECURE_TEMP)
/sbbsecho.c: 1848 in add_areas_from_echolists()
________________________________________________________________________________________________________
*** CID 515048: Security best practices violations (SECURE_TEMP)
/sbbsecho.c: 1848 in add_areas_from_echolists()
1842 match=0;
1843 for(k=0; cfg.listcfg[j].keys[k] ;k++) {
1844 if(match) break;
1845 for(x=0; nodecfg->keys[x] ;x++) {
1846 if(!stricmp(cfg.listcfg[j].keys[k]
1847 ,nodecfg->keys[x])) {
>>> CID 515048: Security best practices violations (SECURE_TEMP)
>>> "tmpfile" creates files with predictable names, which is unsafe.
1848 if((fwdfile=tmpfile())==NULL) {
1849 lprintf(LOG_ERR,"ERROR line %d opening forward temp "
1850 "file",__LINE__);
1851 match=1;
1852 break;
1853 }
** CID 515047: Control flow issues (NO_EFFECT)
/sbbsecho.c: 1635 in alter_areas_ini()
________________________________________________________________________________________________________
*** CID 515047: Control flow issues (NO_EFFECT)
/sbbsecho.c: 1635 in alter_areas_ini()
1629 continue;
1630 }
1631 }
1632 if(add_area[0] != NULL) { /* Check for areas to add */
1633 bool add_all = (stricmp(add_area[0], "+ALL") == 0);
1634 j = strListFind(add_area, echotag, /* case-sensitive */false);
>>> CID 515047: Control flow issues (NO_EFFECT)
>>> This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "j >= 0U".
1635 if(add_all || j >= 0) {
1636 if(j >= 0)
1637 add_area[j][0]=0; /* So we can check other lists */
1638 uint areanum = find_area(echotag);
1639 if(!area_is_valid(areanum)) {
1640 lprintf(LOG_ERR, "Invalid area num on line %d", __LINE__);
** CID 515046: Error handling issues (CHECKED_RETURN)
/sbbsecho.c: 1989 in alter_areas()
________________________________________________________________________________________________________
*** CID 515046: Error handling issues (CHECKED_RETURN)
/sbbsecho.c: 1989 in alter_areas()
1983 ,smb_faddrtoa(&addr,NULL), (ulong)added, cfg.areafile);
1984 if(deleted)
1985 lprintf(LOG_DEBUG, "AreaFix (for %s) Removed links to %lu areas in %s"
1986 ,smb_faddrtoa(&addr,NULL), (ulong)deleted, cfg.areafile);
1987 if(added || deleted) {
1988 if(stat(cfg.areafile, &st) == 0)
>>> CID 515046: Error handling issues (CHECKED_RETURN)
>>> Calling "chmod(outpath, st.st_mode)" without checking return value. This library function may fail and return an error code.
1989 chmod(outpath, st.st_mode);
1990 if(cfg.areafile_backups == 0 || !backup(cfg.areafile, cfg.areafile_backups, /* ren: */TRUE))
1991 delfile(cfg.areafile, __LINE__); /* Delete AREAS.BBS */
1992 if(rename(outpath,cfg.areafile)) /* Rename new AREAS.BBS file */
1993 lprintf(LOG_ERR,"ERROR line %d renaming %s to %s",__LINE__,outpath,cfg.areafile);
1994 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3D1jSz_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQbxEcP2FV-2FE8SZ4Zj-2B5i-2FvXMBc1u-2B9IyI73gYzjnV6pIIbqC2pGfKYB3KXIl7XZEKXLdLz8vi8-2BwsF6O91kuZqV1ShM13vaTkO37J3VV7GT6YwOX288v8WtwpdrdHMhRE2EqIozgp1HMSE07wuarfyxBLAND56oVPlNda7IFeLuFA-3D-3D
--- SBBSecho 3.23-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
|