Hi,
Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.
1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 515063: Security best practices violations (SECURE_TEMP)
/sbbsecho.c: 2142 in areamgr_command()
________________________________________________________________________________________________________
*** CID 515063: Security best practices violations (SECURE_TEMP)
/sbbsecho.c: 2142 in areamgr_command()
2136 nodecfg->archive = SBBSECHO_ARCHIVE_NONE;
2137 else {
2138 for(u=0;u>> CID 515063: Security best practices violations (SECURE_TEMP)
>>> "tmpfile" creates files with predictable names, which is unsafe.
2142 if((tmpf=tmpfile())==NULL) {
2143 lprintf(LOG_ERR,"ERROR line %d opening tmpfile()",__LINE__);
2144 return false;
2145 }
2146 SAFEPRINTF(str, "Compression type unavailable: %s", p);
2147 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DGoz1_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYHiJRuOAYx4mtSc3Rs7eY9P2HGERsO3Ui1TozxvEl3HSa54-2BxmZuyJa4rdPvK8KqeFliWPJD252StMkW9mo-2B6uT2KWq9YxJqegr2CCurq6i8coJamUQEMyVcyknmxOhR1KJArkVSLfkYq8-2BmPn9fVdieJLgwrSG692S4HB3dKfZQ-3D-3D
--- SBBSecho 3.23-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
|