Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 515063:  Security best practices violations  (SECURE_TEMP)
/sbbsecho.c: 2142 in areamgr_command()


________________________________________________________________________________________________________
*** CID 515063:  Security best practices violations  (SECURE_TEMP)
/sbbsecho.c: 2142 in areamgr_command()
2136     			nodecfg->archive = SBBSECHO_ARCHIVE_NONE;
2137     		else {
2138     			for(u=0;u>>     CID 515063:  Security best practices violations  (SECURE_TEMP)
>>>     "tmpfile" creates files with predictable names, which is unsafe.
2142     				if((tmpf=tmpfile())==NULL) {
2143     					lprintf(LOG_ERR,"ERROR line %d opening tmpfile()",__LINE__);
2144     					return false;
2145     				}
2146     				SAFEPRINTF(str, "Compression type unavailable: %s", p);
2147     				lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DGoz1_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYHiJRuOAYx4mtSc3Rs7eY9P2HGERsO3Ui1TozxvEl3HSa54-2BxmZuyJa4rdPvK8KqeFliWPJD252StMkW9mo-2B6uT2KWq9YxJqegr2CCurq6i8coJamUQEMyVcyknmxOhR1KJArkVSLfkYq8-2BmPn9fVdieJLgwrSG692S4HB3dKfZQ-3D-3D


--- SBBSecho 3.23-Linux