Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 640333: (NEGATIVE_RETURNS)
/writemsg.cpp: 463 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 428 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
/writemsg.cpp: 440 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()


_____________________________________________________________________________________________
*** CID 640333: (NEGATIVE_RETURNS)
/writemsg.cpp: 463 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
457 while (p) {
458 if (*p == ',' || *p == ' ')
459 p++;
460 i = atoi(p);
461 if (!i)
462 break;

CID 640333: (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative.

463 fseek(stream, l, SEEK_SET);
464 j = 1;
465 while (!feof(stream) && !ferror(stream) && j < i) {
466 if (!fgets(tmp, sizeof(tmp), stream))
467 break;
468 j++; /* skip beginning */
/writemsg.cpp: 428 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
422 free(buf);
423 return false;
424 }
425 if (!i && linesquoted)
426 break;
427 if (!i || quote[0] == all_key()) { /* Quote all */

CID 640333: (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative.

428 fseek(stream, l, SEEK_SET);
429 while (!feof(stream) && !ferror(stream)) {
430 if (!fgets(str, sizeof(str), stream))
431 break;
432 quotestr(str);
433 SAFEPRINTF2(tmp, quote_fmt, term->cols - 4, str);
/writemsg.cpp: 440 in sbbs_t::writemsg(const char *, const char *, char *, int, int, const char *, const char *, const char **, const char **)()
434 if (write(file, tmp, strlen(tmp)) > 0)
435 linesquoted++; 436 }
437 break;
438 }
439 if (quote[0] == list_key()) {

CID 640333: (NEGATIVE_RETURNS)
"l" is passed to a parameter that cannot be negative.

440 fseek(stream, l, SEEK_SET);
441 i = 1;
442 term->newline();
443 attr(LIGHTGRAY);
444 while (!feof(stream) && !ferror(stream) && !msgabort()) {
445 if (!fgets(str, sizeof(str), stream))


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
* Synchronet * Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 640376: (SLEEP)


_____________________________________________________________________________________________
*** CID 640376: (SLEEP)
/tmp/sbbs-Jan-04-2026/src/conio/ciolib.c: 575 in initciolib()
569 try_x_init(mode);
570 #endif
571 break;
572 #endif
573 case CIOLIB_MODE_ANSI:
574 try_ansi_init(mode);

CID 640376: (SLEEP)
Call to "try_ansi_init" might sleep while holding lock "init_mutex". 575 break;

576
577 #if defined(WITH_SDL)
578 case CIOLIB_MODE_SDL:
579 case CIOLIB_MODE_SDL_FULLSCREEN:
580 try_sdl_init(mode); /tmp/sbbs-Jan-04-2026/src/conio/ciolib.c: 548 in initciolib()
542 if(!try_sdl_init(CIOLIB_MODE_SDL))
543 #endif
544 #ifndef _WIN32
545 if(!try_curses_init(mode))
546 #endif
547 if (!try_ansi_init(mode))

CID 640376: (SLEEP)
Call to "try_ansi_init" might sleep while holding lock "init_mutex". 548 #ifdef _WIN32

549 if(!try_conio_init(mode));
550 #else
551 ;
552 #endif
553 break; /tmp/sbbs-Jan-04-2026/src/conio/ciolib.c: 543 in initciolib()
537 #endif
538 #if defined(WITH_GDI)
539 if (!try_gdi_init(mode))
540 #endif
541 #if defined(WITH_SDL)
542 if(!try_sdl_init(CIOLIB_MODE_SDL))

CID 640376: (SLEEP)
Call to "try_sdl_init" might sleep while holding lock "init_mutex".

543 #endif
544 #ifndef _WIN32
545 if(!try_curses_init(mode))
546 #endif
547 if (!try_ansi_init(mode))
548 #ifdef _WIN32
/tmp/sbbs-Jan-04-2026/src/conio/ciolib.c: 581 in initciolib()
575 break;
576
577 #if defined(WITH_SDL)
578 case CIOLIB_MODE_SDL:
579 case CIOLIB_MODE_SDL_FULLSCREEN:
580 try_sdl_init(mode);

CID 640376: (SLEEP)
Call to "try_sdl_init" might sleep while holding lock "init_mutex".

581 break;
582 #endif
583
584 #if defined(WITH_GDI)
585 case CIOLIB_MODE_GDI:
586 case CIOLIB_MODE_GDI_FULLSCREEN:


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
* Synchronet * Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

4 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)


** CID 640406: High impact quality (Y2K38_SAFETY)
/getstats.c: 127 in fread_dstats()


_____________________________________________________________________________________________
*** CID 640406: High impact quality (Y2K38_SAFETY)
/getstats.c: 127 in fread_dstats()
121 if (fp == NULL)
122 return false;
123
124 memset(stats, 0, sizeof(*stats));
125 if ((ini = iniReadFile(fp)) == NULL)
126 return false;

CID 640406: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "iniGetDateTime(ini, NULL, "Date", 0L)" is cast to "time32_t".

127 stats->date = (time32_t)iniGetDateTime(ini, NULL, strStatsDate, 0);
128 gettotals(ini, strStatsToday, &stats->today);
129 gettotals(ini, strStatsTotal, &stats->total);
130 iniFreeStringList(ini);
131 stats->last = time32(NULL);
132

** CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
/atcodes.cpp: 844 in ()


_____________________________________________________________________________________________
*** CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH) /atcodes.cpp: 844 in ()
838 if (strcmp(sp, "CLOCK") == 0) {
839 snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840 return str;
841 }
842
843 if (strcmp(sp, "TIMER") == 0) {

CID 640405: API usage errors (PW.PRINTF_ARG_MISMATCH)
argument is incompatible with corresponding format string conversion (expected type "double" but argument has type "long double")

844 snprintf(str, maxlen, "%f", xp_timer());
845 return str;
846 }
847
848 if (strcmp(sp, "GENDERS") == 0)
849 return cfg.new_genders;

** CID 640404: API usage errors (PRINTF_ARGS)
/atcodes.cpp: 844 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()


_____________________________________________________________________________________________
*** CID 640404: API usage errors (PRINTF_ARGS)
/atcodes.cpp: 844 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()
838 if (strcmp(sp, "CLOCK") == 0) {
839 snprintf(str, maxlen, "%" PRIu64, xp_timer64());
840 return str;
841 }
842
843 if (strcmp(sp, "TIMER") == 0) {

CID 640404: API usage errors (PRINTF_ARGS)
Argument "xp_timer()" to format specifier "%f" was expected to have type "double" but has type "long double". [Note: The source code implementation of the function has been overridden by a builtin model.]

844 snprintf(str, maxlen, "%f", xp_timer());
845 return str;
846 }
847
848 if (strcmp(sp, "GENDERS") == 0)
849 return cfg.new_genders;

** CID 640403: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1351 in js_minutestr(JSContext *, unsigned int, unsigned long *)()


_____________________________________________________________________________________________
*** CID 640403: Error handling issues (CHECKED_RETURN)
/js_system.cpp: 1351 in js_minutestr(JSContext *, unsigned int, unsigned long *)()
1345 if (js_argvIsNullOrVoid(cx, argv, 0))
1346 return JS_FALSE;
1347
1348 if (argc > 1 && JSVAL_IS_BOOLEAN(argv[1]))
1349 estimate = JSVAL_TO_BOOLEAN(argv[1]);
1350

CID 640403: Error handling issues (CHECKED_RETURN)
Calling "JS_ValueToECMAUint32" without checking return value (as is done elsewhere 96 out of 102 times).

1351 JS_ValueToECMAUint32(cx, argv[0], &t);
1352 if ((js_str = JS_NewStringCopyZ(cx, minutes_to_str(t, str, sizeof str, estimate))) == NULL)
1353 return JS_FALSE;
1354
1355 JS_SET_RVAL(cx, arglist, STRING_TO_JSVAL(js_str));
1356 return JS_TRUE;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
* Synchronet * Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 640928: Performance inefficiencies (PASS_BY_VALUE)
/js_user.cpp: 60 in user_private_t::user_private_t(scfg_t *, user_t)()


_____________________________________________________________________________________________
*** CID 640928: Performance inefficiencies (PASS_BY_VALUE) /js_user.cpp: 60 in user_private_t::user_private_t(scfg_t *, user_t)()
54 cached_mail_count mail_pending{cfg, user, true, 0};
55 cached_mail_count spam_waiting{cfg, user, false, MSG_SPAM};
56
57 user_private_t(scfg_t* cfg)
58 : cfg(cfg)
59 {}

CID 640928: Performance inefficiencies (PASS_BY_VALUE)
Passing parameter user of type "user_t" (size 784 bytes) by value, which exceeds the high threshold of 512 bytes.

60 user_private_t(scfg_t* cfg, user_t user)
61 : storage(user)
62 , cached(user.number == 0 ? false : true)
63 , cfg(cfg)
64 {}
65 };

** CID 640927: API usage errors (PRINTF_ARGS)


_____________________________________________________________________________________________
*** CID 640927: API usage errors (PRINTF_ARGS)
/date_str.c: 301 in tm_as_hhmmss()
295 /* Returns 8 character string (e.g. hh:mm:ss or hh:mm am/pm) */
296 /****************************************************************************/
297 char* tm_as_hhmmss(scfg_t* cfg, struct tm* tm, char* str, size_t size) 298 {
299 if (cfg != NULL && (cfg->sys_misc & SM_MILITARY))
300 snprintf(str, size, "%02d:%02d:02d"

CID 640927: API usage errors (PRINTF_ARGS)
This argument was not used by the format string: "tm->tm_sec".

301 , tm->tm_hour, tm->tm_min, tm->tm_sec);
302 else
303 snprintf(str, size, "%02d:%02d %cm"
304 , tm->tm_hour > 12 ? tm->tm_hour - 12 : tm->tm_hour == 0 ? 12 : tm->tm_hour
305 , tm->tm_min, tm->tm_hour >= 12 ? 'p' : 'a'); 306 return str;

** CID 640926: API usage errors (PW.TOO_MANY_PRINTF_ARGS)
/date_str.c: 301 in ()


_____________________________________________________________________________________________
*** CID 640926: API usage errors (PW.TOO_MANY_PRINTF_ARGS) /date_str.c: 301 in ()
295 /* Returns 8 character string (e.g. hh:mm:ss or hh:mm am/pm) */
296 /****************************************************************************/
297 char* tm_as_hhmmss(scfg_t* cfg, struct tm* tm, char* str, size_t size) 298 {
299 if (cfg != NULL && (cfg->sys_misc & SM_MILITARY))
300 snprintf(str, size, "%02d:%02d:02d"

CID 640926: API usage errors (PW.TOO_MANY_PRINTF_ARGS)
the format string ends before this argument

301 , tm->tm_hour, tm->tm_min, tm->tm_sec);
302 else
303 snprintf(str, size, "%02d:%02d %cm"
304 , tm->tm_hour > 12 ? tm->tm_hour - 12 : tm->tm_hour == 0 ? 12 : tm->tm_hour
305 , tm->tm_min, tm->tm_hour >= 12 ? 'p' : 'a'); 306 return str;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
* Synchronet * Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 640932: Insecure data handling (INTEGER_OVERFLOW)
/atcodes.cpp: 1664 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()


_____________________________________________________________________________________________
*** CID 640932: Insecure data handling (INTEGER_OVERFLOW) /atcodes.cpp: 1664 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, JSObject *)()
1658 if (!strcmp(sp, "BYTESLEFT")) {
1659 safe_snprintf(str, maxlen, "%" PRIu64, user_available_credits(&useron));
1660 return str;
1661 }
1662
1663 if (code_match(sp, "CDTLEFT", &param))

CID 640932: Insecure data handling (INTEGER_OVERFLOW)
The cast of "user_available_credits(&this->useron)" to a signed type could result in a negative number.

1664 return byte_count(user_available_credits(&useron), str, maxlen, param, BYTE_COUNT_VERBAL);
1665
1666 if (code_match(sp, "CREDITS", &param))
1667 return byte_count(useron.cdt, str, maxlen, param, BYTE_COUNT_BYTES);
1668
1669 if (code_match(sp, "FREECDT", &param))


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
* Synchronet * Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 640959: (CHECKED_RETURN) /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 479 in add_suffix() /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 481 in add_suffix() /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 483 in add_suffix() /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 480 in add_suffix()


_____________________________________________________________________________________________
*** CID 640959: (CHECKED_RETURN) /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 479 in add_suffix()
473 char* p = strstr(str, ".0");
474 if (p != NULL && *(p + 2) == '\0') // remove trailing ".0"
475 *p = '\0';
476 if (strcmp(str, "1") == 0)
477 plural = "";
478 if (is_word) {

CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).

479 strlcat(str, " ", size);
480 strlcat(str, suffix, size);
481 strlcat(str, plural, size);
482 } else
483 strlcat(str, suffix, size);
484 }
/tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 481 in add_suffix()
475 *p = '\0';
476 if (strcmp(str, "1") == 0)
477 plural = "";
478 if (is_word) {
479 strlcat(str, " ", size);
480 strlcat(str, suffix, size);

CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).

481 strlcat(str, plural, size);
482 } else
483 strlcat(str, suffix, size);
484 }
485
486 /* Convert a duration estimate (in seconds) to a string /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 483 in add_suffix()
477 plural = "";
478 if (is_word) {
479 strlcat(str, " ", size);
480 strlcat(str, suffix, size);
481 strlcat(str, plural, size);
482 } else

CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).

483 strlcat(str, suffix, size);
484 }
485
486 /* Convert a duration estimate (in seconds) to a string
487 * with a single letter multiplier/suffix:
488 * (y)ears, (w)eeks, (d)ays, (h)ours, (m)inutes, or (s)econds /tmp/sbbs-Jan-10-2026/src/xpdev/genwrap.c: 480 in add_suffix()
474 if (p != NULL && *(p + 2) == '\0') // remove trailing ".0"
475 *p = '\0';
476 if (strcmp(str, "1") == 0)
477 plural = "";
478 if (is_word) {
479 strlcat(str, " ", size);

CID 640959: (CHECKED_RETURN)
Calling "strlcat" without checking return value (as is done elsewhere 29 out of 33 times).

480 strlcat(str, suffix, size);
481 strlcat(str, plural, size);
482 } else
483 strlcat(str, suffix, size);
484 }
485


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
* Synchronet * Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 640963: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 401 in sbbs_read_ini()


_____________________________________________________________________________________________
*** CID 640963: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 401 in sbbs_read_ini()
395 , services
396 );
397
398 list = iniReadFile(fp);
399
400 if (!get_ini_globals(list, global))

CID 640963: Resource leaks (RESOURCE_LEAK)
Variable "list" going out of scope leaks the storage it points to.

401 return false;
402
403 if (global->ctrl_dir[0]) {
404 if (bbs != NULL)
405 SAFECOPY(bbs->ctrl_dir, global->ctrl_dir);
406 if (ftp != NULL)

** CID 640962: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 442 in sbbs_read_ini()


_____________________________________________________________________________________________
*** CID 640962: Resource leaks (RESOURCE_LEAK)
/sbbs_ini.c: 442 in sbbs_read_ini()
436 if (run_bbs != NULL)
437 *run_bbs = iniGetBool(list, section, strAutoStart, true);
438
439 if (bbs != NULL) {
440
441 if (bbs->size != sizeof *bbs)

CID 640962: Resource leaks (RESOURCE_LEAK)
Variable "global_interfaces" going out of scope leaks the storage it points to.

442 return false;
443
444 bbs->outgoing4.s_addr
445 = iniGetIpAddress(list, section, strOutgoing4, global->outgoing4.s_addr);
446 bbs->outgoing6
447 = iniGetIp6Address(list, section, strOutgoing6, global->outgoing6);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
* Synchronet * Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 640971: High impact quality (Y2K38_SAFETY)
/atcodes.cpp: 620 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()


_____________________________________________________________________________________________
*** CID 640971: High impact quality (Y2K38_SAFETY)
/atcodes.cpp: 620 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()
614
615 if (code_match(sp, "UPTIME", &param)) {
616 extern volatile time_t uptime;
617 time_t up = 0;
618 if (uptime != 0 && time(&now) >= uptime)
619 up = now - uptime;

CID 640971: High impact quality (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "up" is cast to "uint".

620 return duration((uint)up, str, maxlen, param, DURATION_MINIMAL_VERBAL);
621 }
622
623 if (!strcmp(sp, "SERVED")) {
624 extern volatile uint served;
625 safe_snprintf(str, maxlen, "%u", served);

** CID 640970: Insecure data handling (INTEGER_OVERFLOW)
/atcodes.cpp: 1695 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()


_____________________________________________________________________________________________
*** CID 640970: Insecure data handling (INTEGER_OVERFLOW) /atcodes.cpp: 1695 in sbbs_t::atcode(const char *, char *, unsigned long, int *, bool, unsigned int, JSObject *)()
1689 if (!strcmp(sp, "BYTESLEFT")) {
1690 safe_snprintf(str, maxlen, "%" PRIu64, user_available_credits(&useron));
1691 return str;
1692 }
1693
1694 if (code_match(sp, "CDTLEFT", &param))

CID 640970: Insecure data handling (INTEGER_OVERFLOW)
The cast of "user_available_credits(&this->useron)" to a signed type could result in a negative number.

1695 return byte_count(static_cast<int64_t>(user_available_credits(&useron)), str, maxlen, param, BYTE_COUNT_VERBAL);
1696
1697 if (code_match(sp, "CREDITS", &param))
1698 return byte_count(useron.cdt, str, maxlen, param, BYTE_COUNT_BYTES);
1699
1700 if (code_match(sp, "FREECDT", &param))


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
* Synchronet * Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 640989: (CONSTANT_EXPRESSION_RESULT)
/chk_ar.cpp: 752 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
/chk_ar.cpp: 763 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()


_____________________________________________________________________________________________
*** CID 640989: (CONSTANT_EXPRESSION_RESULT)
/chk_ar.cpp: 752 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
746 while (**ptrptr != '\0' && **ptrptr != ']' && i < sizeof(tmp) - 1)
747 tmp[i++] = *(*ptrptr)++;
748 tmp[i] = '\0';
749 if (**ptrptr == ']') {
750 (*ptrptr)++;
751 section = tmp;

CID 640989: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

752 SKIP_WHITESPACE(*ptrptr);
753 }
754 }
755 else if (strchr((char *)(*ptrptr), ':') != nullptr) { // [section:]key
756 i = 0;
757 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
/chk_ar.cpp: 763 in sbbs_t::ar_exp(const unsigned char **, user_t *, client_t *)()
757 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
758 tmp[i++] = *(*ptrptr)++;
759 tmp[i] = '\0';
760 if (**ptrptr != '\0') {
761 (*ptrptr)++;
762 section = tmp;

CID 640989: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

763 SKIP_WHITESPACE(*ptrptr);
764 }
765 }
766 SKIP_CHAR((*ptrptr), ':');
767 if (!user_get_bool_property(&cfg, user->number, section, (char*)*ptrptr, false))
768 result = _not;

** CID 640988: Null pointer dereferences (FORWARD_NULL)


_____________________________________________________________________________________________
*** CID 640988: Null pointer dereferences (FORWARD_NULL)
/userdat.c: 4877 in user_get_bool_property()
4871 c_unescape_printable((char*)section);
4872 }
4873 if (key != NULL) {
4874 key = strdup(key);
4875 c_unescape_printable((char*)key);
4876 }

CID 640988: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "key" to "iniReadBool", which dereferences it. 4877 bool result = iniReadBool(fp, section, key, deflt);

4878 iniCloseFile(fp);
4879 free((char*)section);
4880 free((char*)key);
4881 return result;
4882 }

** CID 640987: (CONSTANT_EXPRESSION_RESULT)
/userdat.c: 2740 in ar_exp()
/userdat.c: 2729 in ar_exp()


_____________________________________________________________________________________________
*** CID 640987: (CONSTANT_EXPRESSION_RESULT)
/userdat.c: 2740 in ar_exp()
2734 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)
2735 tmp[i++] = *(*ptrptr)++;
2736 tmp[i] = '\0';
2737 if (**ptrptr != '\0') {
2738 (*ptrptr)++;
2739 section = tmp;

CID 640987: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2740 SKIP_WHITESPACE(*ptrptr);
2741 }
2742 }
2743 SKIP_CHAR((*ptrptr), ':');
2744 if (!user_get_bool_property(cfg, user->number, section, (char*)*ptrptr, false))
2745 result = not;
/userdat.c: 2729 in ar_exp()
2723 while (**ptrptr != '\0' && **ptrptr != ']' && i < sizeof(tmp) - 1)
2724 tmp[i++] = *(*ptrptr)++;
2725 tmp[i] = '\0';
2726 if (**ptrptr == ']') {
2727 (*ptrptr)++;
2728 section = tmp;

CID 640987: (CONSTANT_EXPRESSION_RESULT)
"**ptrptr == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2729 SKIP_WHITESPACE(*ptrptr);
2730 }
2731 }
2732 else if (strchr((char *)(*ptrptr), ':') != NULL) { // [section:]key
2733 i = 0;
2734 while (**ptrptr != '\0' && **ptrptr != ':' && i < sizeof(tmp) - 1)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
* Synchronet * Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

113 new defect(s) introduced to Synchronet found with Coverity Scan.
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 113 defect(s)


** CID 641219: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3499 in alias()


_____________________________________________________________________________________________
*** CID 641219: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3499 in alias()
3493
3494 if (*tp == 0) /* no alias value */
3495 continue;
3496 *tp = 0;
3497
3498 vp = tp + 1;

CID 641219: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*vp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3499 SKIP_WHITESPACE(vp);
3500 truncsp(vp);
3501 if (*vp == 0) /* no value */
3502 continue;
3503
3504 if (*np == '*') {

** CID 641218: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 3761 in ctrl_thread()
/ftpsrvr.c: 4084 in ctrl_thread()


_____________________________________________________________________________________________
*** CID 641218: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 3761 in ctrl_thread()
3755 tp = np; /* terminator pointer */
3756 FIND_WHITESPACE(tp);
3757 if (*tp)
3758 *tp = 0;
3759
3760 dp = tp + 1; /* description pointer */

CID 641218: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3761 SKIP_WHITESPACE(dp);
3762 truncsp(dp);
3763
3764 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
3765 continue;
3766
/ftpsrvr.c: 4084 in ctrl_thread()
4078 tp = np; /* terminator pointer */
4079 FIND_WHITESPACE(tp); 4080 if (*tp)
4081 *tp = 0;
4082
4083 dp = tp + 1; /* description pointer */

CID 641218: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

4084 SKIP_WHITESPACE(dp); 4085 truncsp(dp);
4086
4087 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
4088 continue;
4089

** CID 641217: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 353 in smb_netaddr_type() /tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 343 in smb_netaddr_type()


_____________________________________________________________________________________________
*** CID 641217: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 353 in smb_netaddr_type()
347 return NET_FIDO;
348 return NET_NONE;
349 }
350 if (p == str)
351 return NET_UNKNOWN;
352 p++;

CID 641217: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

353 SKIP_WHITESPACE(p);
354 if (*p == 0)
355 return NET_UNKNOWN;
356
357 type = smb_get_net_type_by_addr(p);
358 if (type == NET_INTERNET && strchr(str, ' ') != NULL) /tmp/sbbs-Jan-14-2026/src/smblib/smbstr.c: 343 in smb_netaddr_type()
337 const char* p;
338
339 if (str == NULL || IS_WHITESPACE(*str))
340 return NET_NONE;
341 if ((p = strchr(str, '@')) == NULL) {
342 p = str;

CID 641217: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

343 SKIP_WHITESPACE(p);
344 if (*p == 0)
345 return NET_NONE;
346 if (smb_get_net_type_by_addr(p) == NET_FIDO)
347 return NET_FIDO;
348 return NET_NONE;

** CID 641216: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 6561 in read_areafile_bbs()


_____________________________________________________________________________________________
*** CID 641216: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 6561 in read_areafile_bbs()
6555 lprintf(LOG_ERR, "ERROR allocating memory for area #%u.", cfg.areas + 1);
6556 bail(1);
6557 return;
6558 }
6559 sprintf(tmp_code, "%-.*s", LEN_EXTCODE, p);
6560 tp = tmp_code;

CID 641216: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

6561 FIND_WHITESPACE(tp);
6562 *tp = '\0';
6563 for (i = 0; i < scfg.total_subs; i++)
6564 if (!stricmp(tmp_code, scfg.sub[i]->code))
6565 break;
6566 if (i < scfg.total_subs)

** CID 641215: (CONSTANT_EXPRESSION_RESULT)
/un_rep.cpp: 567 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 554 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 570 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 569 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 552 in sbbs_t::unpack_rep(char *)()
/un_rep.cpp: 555 in sbbs_t::unpack_rep(char *)()


_____________________________________________________________________________________________
*** CID 641215: (CONSTANT_EXPRESSION_RESULT)
/un_rep.cpp: 567 in sbbs_t::unpack_rep(char *)()
561 subscan[n].cfg |= SUB_CFG_NSCAN | SUB_CFG_YSCAN;
562 }
563 continue;
564 }
565 if (strnicmp(str, "RESET ", 6) == 0) { 566 p = str + 6;

CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

567 SKIP_WHITESPACE(p);
568 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
569 FIND_WHITESPACE(p);
570 SKIP_WHITESPACE(p);
571 /* If the [#ofmessages] is blank then the pointer should be set back to the start of the message base */
572 if (*p == 0) /un_rep.cpp: 554 in sbbs_t::unpack_rep(char *)()
548 if (!fgets(str, sizeof(str) - 1, fp)) 549 break;
550 if (strnicmp(str, "AREA ", 5) == 0) { 551 p = str + 5;
552 SKIP_WHITESPACE(p);
553 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {

CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

554 FIND_WHITESPACE(p);
555 SKIP_WHITESPACE(p);
556 if (strchr(p, 'D'))
557 subscan[n].cfg &= ~SUB_CFG_NSCAN;
558 else if (strchr(p, 'a') || strchr(p, 'g'))
559 subscan[n].cfg |= SUB_CFG_NSCAN;
/un_rep.cpp: 570 in sbbs_t::unpack_rep(char *)()
564 }
565 if (strnicmp(str, "RESET ", 6) == 0) { 566 p = str + 6;
567 SKIP_WHITESPACE(p);
568 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
569 FIND_WHITESPACE(p);

CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

570 SKIP_WHITESPACE(p);
571 /* If the [#ofmessages] is blank then the pointer should be set back to the start of the message base */
572 if (*p == 0)
573 subscan[n].ptr = 0;
574 else {
575 /* otherwise it should be set back [#ofmessages] back from the end of the message base. */
/un_rep.cpp: 569 in sbbs_t::unpack_rep(char *)()
563 continue;
564 }
565 if (strnicmp(str, "RESET ", 6) == 0) { 566 p = str + 6;
567 SKIP_WHITESPACE(p);
568 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {

CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

569 FIND_WHITESPACE(p);
570 SKIP_WHITESPACE(p);
571 /* If the [#ofmessages] is blank then the pointer should be set back to the start of the message base */
572 if (*p == 0)
573 subscan[n].ptr = 0;
574 else {
/un_rep.cpp: 552 in sbbs_t::unpack_rep(char *)()
546 if (fp != NULL) {
547 while (!feof(fp)) {
548 if (!fgets(str, sizeof(str) - 1, fp)) 549 break;
550 if (strnicmp(str, "AREA ", 5) == 0) { 551 p = str + 5;

CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

552 SKIP_WHITESPACE(p);
553 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
554 FIND_WHITESPACE(p);
555 SKIP_WHITESPACE(p);
556 if (strchr(p, 'D'))
557 subscan[n].cfg &= ~SUB_CFG_NSCAN;
/un_rep.cpp: 555 in sbbs_t::unpack_rep(char *)()
549 break;
550 if (strnicmp(str, "AREA ", 5) == 0) { 551 p = str + 5;
552 SKIP_WHITESPACE(p);
553 if ((n = resolve_qwkconf(atoi(p))) != INVALID_SUB) {
554 FIND_WHITESPACE(p);

CID 641215: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

555 SKIP_WHITESPACE(p);
556 if (strchr(p, 'D'))
557 subscan[n].cfg &= ~SUB_CFG_NSCAN;
558 else if (strchr(p, 'a') || strchr(p, 'g'))
559 subscan[n].cfg |= SUB_CFG_NSCAN;
560 else if (strchr(p, 'p'))

** CID 641214: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1603 in check_elists()


_____________________________________________________________________________________________
*** CID 641214: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1603 in check_elists()
1597 break;
1598 p = str;
1599 SKIP_WHITESPACE(p); 1600 if (*p == ';') /* Ignore Comment Lines */
1601 continue;
1602 tp = p;

CID 641214: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1603 FIND_WHITESPACE(tp); 1604 *tp = '\0';
1605 if (!stricmp(areatag, p)) {
1606 match = true; 1607 break;
1608 }

** CID 641213: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3492 in alias()


_____________________________________________________________________________________________
*** CID 641213: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /userdat.c: 3492 in alias()
3486 break;
3487 np = line;
3488 SKIP_WHITESPACE(np);
3489 if (*np == ';' || *np == 0) /* no name value, or comment */
3490 continue;
3491 tp = np;

CID 641213: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3492 FIND_WHITESPACE(tp);
3493
3494 if (*tp == 0) /* no alias value */
3495 continue;
3496 *tp = 0;
3497

** CID 641212: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1531 in netmail_arealist()


_____________________________________________________________________________________________
*** CID 641212: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 1531 in netmail_arealist()
1525 truncsp(str);
1526 p = str;
1527 SKIP_WHITESPACE(p);
1528 if (*p == 0 || *p == ';') /* Ignore Blank and Comment Lines */
1529 continue;
1530 tp = p; >>> CID 641212: Integer handling issues (CONSTANT_EXPRESSION_RESULT)

"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1531 FIND_WHITESPACE(tp);
1532 *tp = '\0';
1533 if (find_linked_area(p, addr) == SUB_NOT_FOUND) {
1534 if (strListFind(area_list, p, /* case_sensitive */ false) < 0)
1535 strListPush(&area_list, p);
1536 }

** CID 641211: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 232 in key_name()


_____________________________________________________________________________________________
*** CID 641211: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 232 in key_name()
226 *vp = NULL;
227
228 if (p == NULL)
229 return NULL;
230
231 /* Parse value name */

CID 641211: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

232 SKIP_WHITESPACE(p);
233 if (*p == INI_COMMENT_CHAR)
234 return NULL;
235 if (*p == INI_OPEN_SECTION_CHAR)
236 return INI_NEW_SECTION;
237 equal = strchr(p, '=');

** CID 641210: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /wordwrap.c: 211 in get_ws_len()


_____________________________________________________________________________________________
*** CID 641210: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /wordwrap.c: 211 in get_ws_len()
205 {
206 struct section_len ret = {0, 0};
207
208 for (ret.bytes = 0; ; ret.bytes++) {
209 if (!buf[ret.bytes])
210 break;

CID 641210: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)buf[ret.bytes] == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

211 if (!IS_WHITESPACE(buf[ret.bytes]))
212 break;
213 if (buf[ret.bytes] == '\t') {
214 ret.len++;
215 while ((ret.len + col) % 8)
216 ret.len++;

** CID 641209: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 83 in section_name() /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 87 in section_name()


_____________________________________________________________________________________________
*** CID 641209: (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 83 in section_name()
77 }
78
79 static char* section_name(char* p)
80 {
81 char* tp;
82

CID 641209: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

83 SKIP_WHITESPACE(p);
84 if (*p != INI_OPEN_SECTION_CHAR)
85 return NULL;
86 p++;
87 SKIP_WHITESPACE(p);
88 tp = strrchr(p, INI_CLOSE_SECTION_CHAR); /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 87 in section_name()
81 char* tp;
82
83 SKIP_WHITESPACE(p);
84 if (*p != INI_OPEN_SECTION_CHAR)
85 return NULL;
86 p++;

CID 641209: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

87 SKIP_WHITESPACE(p);
88 tp = strrchr(p, INI_CLOSE_SECTION_CHAR);
89 if (tp == NULL)
90 return NULL;
91 *tp = 0;
92 truncsp(p);

** CID 641208: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1989 in parse_mail_address(const char *, char *, unsigned long, char *, unsigned long)()


_____________________________________________________________________________________________
*** CID 641208: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1989 in parse_mail_address(const char *, char *, unsigned long, char *, unsigned long)()
1983
1984 /* Get the address */
1985 if ((tp = (char*)strchr(p, '<')) != NULL)
1986 tp++;
1987 else
1988 tp = (char*)p;

CID 641208: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1989 SKIP_WHITESPACE(tp);
1990 sprintf(addr, "%.*s", (int)addr_len, tp);
1991 truncstr(addr, ">( ");
1992
1993 if (name != NULL) {
1994 SAFECOPY(tmp, p);

** CID 641207: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 2496 in process_areamgr()


_____________________________________________________________________________________________
*** CID 641207: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /sbbsecho.c: 2496 in process_areamgr()
2490 }
2491
2492 m = strlen(p);
2493 add_area = strListInit();
2494 del_area = strListInit();
2495 for (l = 0; l < m; l++) {

CID 641207: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)p[l] == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2496 while (*(p + l) && IS_WHITESPACE(*(p + l))) l++;
2497 while (*(p + l) == CTRL_A) { /* Ignore kludge lines June-13-2004 */
2498 while (*(p + l) && *(p + l) != '\r') l++;
2499 continue;
2500 }
2501 if (!(*(p + l)))

** CID 641206: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 118 in section_match()


_____________________________________________________________________________________________
*** CID 641206: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-14-2026/src/xpdev/ini_file.c: 118 in section_match() 112 /* Search for matches */
113 for (i = 0; names[i] != NULL && !found; i++)
114 for (j = 0; comps[j] != NULL && !found; j++) {
115 n = names[i];
116 SKIP_WHITESPACE(n);
117 c = comps[j];

CID 641206: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*c == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

118 SKIP_WHITESPACE(c);
119 if (case_sensitive)
120 found = strcmp(n, c) == 0;
121 else
122 found = stricmp(n, c) == 0;
123 }

** CID 641205: (CONSTANT_EXPRESSION_RESULT)
/sbbsecho.c: 2225 in areamgr_command()
/sbbsecho.c: 2191 in areamgr_command()
/sbbsecho.c: 2224 in areamgr_command()
/sbbsecho.c: 2335 in areamgr_command()
/sbbsecho.c: 2156 in areamgr_command()
/sbbsecho.c: 2273 in areamgr_command()
/sbbsecho.c: 2192 in areamgr_command()
/sbbsecho.c: 2336 in areamgr_command()
/sbbsecho.c: 2250 in areamgr_command()
/sbbsecho.c: 2155 in areamgr_command()
/sbbsecho.c: 2274 in areamgr_command()
/sbbsecho.c: 2306 in areamgr_command()
/sbbsecho.c: 2249 in areamgr_command()


_____________________________________________________________________________________________
*** CID 641205: (CONSTANT_EXPRESSION_RESULT)
/sbbsecho.c: 2225 in areamgr_command()
2219 }
2220
2221 if (strnicmp(instr, "PKTPWD ", 7) == 0) {
2222 char pktpwd[FIDO_PASS_LEN + 1]; /* Packet password for this node */
2223 char* p = instr;
2224 FIND_WHITESPACE(p);

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2225 SKIP_WHITESPACE(p);
2226 SAFECOPY(pktpwd, p);
2227 if (!stricmp(pktpwd, nodecfg->pktpwd)) {
2228 snprintf(str, sizeof str, "Your packet password was already set to '%s'."
2229 , nodecfg->pktpwd);
2230 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
/sbbsecho.c: 2191 in areamgr_command()
2185 return true;
2186 }
2187
2188 if (strnicmp(instr, "PASSWORD ", 9) == 0 || strnicmp(instr, "PWD ", 4) == 0) {
2189 char password[FIDO_SUBJ_LEN]; /* AreaMgr password for this node */
2190 char* p = instr;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2191 FIND_WHITESPACE(p);
2192 SKIP_WHITESPACE(p);
2193 SAFECOPY(password, p);
2194 if (strchr(password, ' ') != NULL) {
2195 snprintf(str, sizeof str, "Your AreaMgr password cannot contain spaces.");
2196 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
/sbbsecho.c: 2224 in areamgr_command()
2218 return true;
2219 }
2220
2221 if (strnicmp(instr, "PKTPWD ", 7) == 0) {
2222 char pktpwd[FIDO_PASS_LEN + 1]; /* Packet password for this node */
2223 char* p = instr;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2224 FIND_WHITESPACE(p);
2225 SKIP_WHITESPACE(p);
2226 SAFECOPY(pktpwd, p);
2227 if (!stricmp(pktpwd, nodecfg->pktpwd)) {
2228 snprintf(str, sizeof str, "Your packet password was already set to '%s'."
2229 , nodecfg->pktpwd);
/sbbsecho.c: 2335 in areamgr_command()
2329 , str, /* dest: */ addr, /* src: */ NULL);
2330 return true;
2331 }
2332
2333 if (strnicmp(instr, "ECHOSTATS ", 10) == 0) {
2334 char* p = instr;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2335 FIND_WHITESPACE(p);
2336 SKIP_WHITESPACE(p);
2337 echostat_t* stat = get_echostat(p, /* create: */ false);
2338 if (stat == NULL) {
2339 lprintf(LOG_INFO, "AreaMgr (for %s) EchoStats request for unknown echo: %s", faddrtoa(&addr), p);
2340 } else {
/sbbsecho.c: 2156 in areamgr_command()
2150 alter_config(nodecfg, "Name", to);
2151 }
2152
2153 if (strnicmp(instr, "COMPRESSION ", 12) == 0 || strnicmp(instr, "COMPRESS ", 9) == 0) {
2154 char* p = instr;
2155 FIND_WHITESPACE(p);

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2156 SKIP_WHITESPACE(p);
2157 if (!stricmp(p, "NONE"))
2158 nodecfg->archive = SBBSECHO_ARCHIVE_NONE;
2159 else {
2160 for (u = 0; u < cfg.arcdefs; u++)
2161 if (stricmp(p, cfg.arcdef[u].name) == 0)
/sbbsecho.c: 2273 in areamgr_command()
2267 create_netmail(to, /* msg: */ NULL, "TIC File Password Change Request", str, /* dest: */ addr, /* src: */ NULL);
2268 return true;
2269 }
2270
2271 if (strnicmp(instr, "NOTIFY ", 7) == 0) {
2272 char* p = instr;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2273 FIND_WHITESPACE(p);
2274 SKIP_WHITESPACE(p);
2275 if (alter_config(nodecfg, "Notify", p)) {
2276 SAFEPRINTF2(str, "Your Notification Messages have been changed from '%s' to '%s'."
2277 , nodecfg->send_notify ? "ON" : "OFF", p);
2278 } else {
/sbbsecho.c: 2192 in areamgr_command()
2186 }
2187
2188 if (strnicmp(instr, "PASSWORD ", 9) == 0 || strnicmp(instr, "PWD ", 4) == 0) {
2189 char password[FIDO_SUBJ_LEN]; /* AreaMgr password for this node */
2190 char* p = instr;
2191 FIND_WHITESPACE(p);

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2192 SKIP_WHITESPACE(p);
2193 SAFECOPY(password, p);
2194 if (strchr(password, ' ') != NULL) {
2195 snprintf(str, sizeof str, "Your AreaMgr password cannot contain spaces.");
2196 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
2197 create_netmail(to, /* msg: */ NULL, "AreaMgr Password Change Request", str
/sbbsecho.c: 2336 in areamgr_command()
2330 return true;
2331 }
2332
2333 if (strnicmp(instr, "ECHOSTATS ", 10) == 0) {
2334 char* p = instr;
2335 FIND_WHITESPACE(p);

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2336 SKIP_WHITESPACE(p);
2337 echostat_t* stat = get_echostat(p, /* create: */ false);
2338 if (stat == NULL) {
2339 lprintf(LOG_INFO, "AreaMgr (for %s) EchoStats request for unknown echo: %s", faddrtoa(&addr), p);
2340 } else {
2341 FILE* fp;
/sbbsecho.c: 2250 in areamgr_command()
2244 }
2245
2246 if (strnicmp(instr, "TICPWD ", 7) == 0) {
2247 char ticpwd[SBBSECHO_MAX_TICPWD_LEN + 1]; /* TIC File password for this node */
2248 char* p = instr;
2249 FIND_WHITESPACE(p);

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2250 SKIP_WHITESPACE(p);
2251 SAFECOPY(ticpwd, p);
2252 if (!stricmp(ticpwd, nodecfg->ticpwd)) {
2253 snprintf(str, sizeof str, "Your TIC File password was already set to '%s'."
2254 , nodecfg->ticpwd);
2255 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str);
/sbbsecho.c: 2155 in areamgr_command()
2149 lprintf(LOG_INFO, "AreaMgr (for %s) Changing name to: %s", faddrtoa(&addr), to);
2150 alter_config(nodecfg, "Name", to);
2151 }
2152
2153 if (strnicmp(instr, "COMPRESSION ", 12) == 0 || strnicmp(instr, "COMPRESS ", 9) == 0) {
2154 char* p = instr;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2155 FIND_WHITESPACE(p);
2156 SKIP_WHITESPACE(p);
2157 if (!stricmp(p, "NONE"))
2158 nodecfg->archive = SBBSECHO_ARCHIVE_NONE;
2159 else {
2160 for (u = 0; u < cfg.arcdefs; u++)
/sbbsecho.c: 2274 in areamgr_command()
2268 return true;
2269 }
2270
2271 if (strnicmp(instr, "NOTIFY ", 7) == 0) {
2272 char* p = instr;
2273 FIND_WHITESPACE(p);

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2274 SKIP_WHITESPACE(p);
2275 if (alter_config(nodecfg, "Notify", p)) {
2276 SAFEPRINTF2(str, "Your Notification Messages have been changed from '%s' to '%s'."
2277 , nodecfg->send_notify ? "ON" : "OFF", p);
2278 } else {
2279 SAFECOPY(str, "Error changing Notify Setting"); /sbbsecho.c: 2306 in areamgr_command()
2300 return true;
2301 }
2302
2303 // %RESCAN <area-tag> [R=<count> || D=<days>]
2304 if (strnicmp(instr, "RESCAN ", 7) == 0) {
2305 char* p = instr + 7;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2306 SKIP_WHITESPACE(p);
2307 char* tp = p;
2308 FIND_WHITESPACE(tp);
2309 if (*tp != '\0') {
2310 *tp = '\0';
2311 ++tp;
/sbbsecho.c: 2249 in areamgr_command()
2243 return true;
2244 }
2245
2246 if (strnicmp(instr, "TICPWD ", 7) == 0) {
2247 char ticpwd[SBBSECHO_MAX_TICPWD_LEN + 1]; /* TIC File password for this node */
2248 char* p = instr;

CID 641205: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2249 FIND_WHITESPACE(p);
2250 SKIP_WHITESPACE(p);
2251 SAFECOPY(ticpwd, p);
2252 if (!stricmp(ticpwd, nodecfg->ticpwd)) {
2253 snprintf(str, sizeof str, "Your TIC File password was already set to '%s'."
2254 , nodecfg->ticpwd);

** CID 641204: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /main.cpp: 5749 in bbs_thread()


_____________________________________________________________________________________________
*** CID 641204: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /main.cpp: 5749 in bbs_thread()
5743 /* ToDo: Make ident timeout configurable */
5744 if (identify(&client_addr, inet_addrport(&client_addr), str, sizeof(str) - 1, /* timeout: */ 1)) {
5745 lprintf(LOG_DEBUG, "%04d %s [%s] Ident Response: %s", client_socket, client.protocol, host_ip, str);
5746 identity = strrchr(str, ':'); 5747 if (identity != NULL) {
5748 identity++; /* skip colon */

CID 641204: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*identity == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

5749 SKIP_WHITESPACE(identity);
5750 if (*identity)
5751 lprintf(LOG_INFO, "%04d %s [%s] Identity: %s", client_socket, client.protocol, host_ip, identity);
5752 }
5753 }
5754 sbbs->cp437_out(crlf);

** CID 641203: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 432 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()
/netmail.cpp: 422 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()


_____________________________________________________________________________________________
*** CID 641203: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 432 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()
426 SAFECOPY(to, p);
427 p += strlen(p) + 1;
428 continue;
429 }
430 if (strncmp(p, "Subject:", 8) == 0) {
431 p += 8;

CID 641203: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

432 SKIP_WHITESPACE(p);
433 char* tp = strchr(p, QWK_NEWLINE); /* chop off at first CR */
434 if (tp != NULL)
435 *tp = 0;
436 subject = p;
437 p += strlen(p) + 1;
/netmail.cpp: 422 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned char)()
416 SAFECOPY(to, into);
417
418 // Parse QWKE Kludge Lines here:
419 while (p < end && *p != QWK_NEWLINE) {
420 if (strncmp(p, "To:", 3) == 0) {
421 p += 3;

CID 641203: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

422 SKIP_WHITESPACE(p);
423 char* tp = strchr(p, QWK_NEWLINE); /* chop off at first CR */
424 if (tp != NULL)
425 *tp = 0;
426 SAFECOPY(to, p);
427 p += strlen(p) + 1;

** CID 641202: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1960 in dns_blacklisted(int, const char *, xp_sockaddr *, char *, char *, char *)()


_____________________________________________________________________________________________
*** CID 641202: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /mailsrvr.cpp: 1960 in dns_blacklisted(int, const char *, xp_sockaddr *, char *, char *, char *)()
1954 continue;
1955
1956 sprintf(list, "%.100s", p);
1957
1958 /* terminate */
1959 tp = p;

CID 641202: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1960 FIND_WHITESPACE(tp);
1961 *tp = 0;
1962
1963 found = rblchk(sock, prot, addr, p);
1964 }
1965 fclose(fp);

** CID 641201: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 1185 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
/netmail.cpp: 1195 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
/netmail.cpp: 975 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
/netmail.cpp: 1202 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()


_____________________________________________________________________________________________
*** CID 641201: (CONSTANT_EXPRESSION_RESULT)
/netmail.cpp: 1185 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
1179 break;
1180 }
1181
1182 /* Get destination user address */
1183 if ((p = strrchr(rcpt_list[rcpt_count], '<')) != NULL) {
1184 p++;

CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1185 SKIP_WHITESPACE(p);
1186 SAFECOPY(addr, p);
1187 p = strrchr(addr, '>');
1188 if (p == NULL) {
1189 bprintf(text[InvalidNetMailAddr], rcpt_list[rcpt_count]);
1190 break;
/netmail.cpp: 1195 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
1189 bprintf(text[InvalidNetMailAddr], rcpt_list[rcpt_count]);
1190 break;
1191 }
1192 *p = 0;
1193 } else {
1194 p = rcpt_list[rcpt_count];

CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1195 SKIP_WHITESPACE(p);
1196 SAFECOPY(addr, p);
1197 }
1198 truncsp(addr);
1199
1200 /* Get destination user name */
/netmail.cpp: 975 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
969 bprintf(text[InvalidNetMailAddr], p);
970 continue;
971 }
972 while (at > p && *at > ' ')
973 at--;
974 p = at;

CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

975 SKIP_WHITESPACE(p);
976 uint16_t net_type = smb_netaddr_type(p);
977 if (net_type != NET_INTERNET) {
978 bprintf(text[InvalidNetMailAddr], p);
979 break;
980 }
/netmail.cpp: 1202 in sbbs_t::inetmail(const char *, const char *, int, smb_t *, smbmsg_t *, char **)()
1196 SAFECOPY(addr, p);
1197 }
1198 truncsp(addr);
1199
1200 /* Get destination user name */
1201 p = rcpt_list[rcpt_count];

CID 641201: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1202 SKIP_WHITESPACE(p);
1203 SAFECOPY(name, p);
1204 p = strrchr(name, '<');
1205 if (!p)
1206 p = strrchr(name, '@');
1207 if (!p)

** CID 641200: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 1534 in ftpalias()
/ftpsrvr.c: 1547 in ftpalias()


_____________________________________________________________________________________________
*** CID 641200: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.c: 1534 in ftpalias()
1528
1529 while (!feof(fp)) {
1530 if (!fgets(line, sizeof(line), fp))
1531 break;
1532
1533 p = line; /* alias */

CID 641200: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1534 SKIP_WHITESPACE(p);
1535 if (*p == ';') /* comment */
1536 continue;
1537
1538 tp = p; /* terminator */
1539 FIND_WHITESPACE(tp);
/ftpsrvr.c: 1547 in ftpalias()
1541 *tp = 0;
1542
1543 if (stricmp(p, alias)) /* Not a match */
1544 continue;
1545
1546 p = tp + 1; /* filename */

CID 641200: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1547 SKIP_WHITESPACE(p);
1548
1549 tp = p; /* terminator */
1550 FIND_WHITESPACE(tp);
1551 if (*tp)
1552 *tp = 0;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
* Synchronet * Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 642982: (FORWARD_NULL)
/prntfile.cpp: 263 in sbbs_t::printfile(const char *, int, int, JSObject *)()
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()


_____________________________________________________________________________________________
*** CID 642982: (FORWARD_NULL)
/prntfile.cpp: 263 in sbbs_t::printfile(const char *, int, int, JSObject *)()
257 default:
258 case TERM_KEY_DOWN:
259 nextline = line + 1; 260 break;
261 }
262 if (nextline != line + 1 && nextline < lines)

CID 642982: (FORWARD_NULL)
Dereferencing null pointer "offset".

263 fseeko(stream, offset[nextline], 0);
264 line = nextline;
265 }
266 else
267 ++line;
268 }
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);

CID 642982: (FORWARD_NULL)
Dereferencing null pointer "offset".

228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

** CID 642981: Error handling issues (CHECKED_RETURN)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()


_____________________________________________________________________________________________
*** CID 642981: Error handling issues (CHECKED_RETURN)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);

CID 642981: Error handling issues (CHECKED_RETURN)
Calling "fseeko(stream, offset[lines - 1UL], 0)" without checking return value. This library function may fail and return an error code.

228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);

** CID 642980: Integer handling issues (INTEGER_OVERFLOW)
/prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()


_____________________________________________________________________________________________
*** CID 642980: Integer handling issues (INTEGER_OVERFLOW) /prntfile.cpp: 228 in sbbs_t::printfile(const char *, int, int, JSObject *)()
222 else
223 nextline = line - (((term->rows - 1) * 2) - 1);
224 break;
225 case TERM_KEY_END:
226 {
227 bputs(text[SeekingFile]);

CID 642980: Integer handling issues (INTEGER_OVERFLOW)
Expression "lines - 1UL", where "lines" is known to be equal to 0, underflows the type of "lines - 1UL", which is type "unsigned long".

228 fseeko(stream, offset[lines - 1], SEEK_SET);
229 if (fgets(buf, length + 1, stream) == NULL)
230 break;
231 off_t lastline = lines - 1;
232 while (!feof(stream) && !msgabort()) {
233 o = ftello(stream);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
* Synchronet * Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

2 new defect(s) introduced to Synchronet found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 642992: API usage errors (PRINTF_ARGS)


_____________________________________________________________________________________________
*** CID 642992: API usage errors (PRINTF_ARGS)
/ftpsrvr.c: 5024 in ctrl_thread()
5018 transfer_aborted = TRUE;
5019 }
5020 }
5021 if (count && (count % 60) == 0)
5022 lprintf(LOG_WARNING, "%04d Still waiting (%us) for transfer to complete "
5023 "(aborted=%d, lastactive=%" PRId64 "s, max_inactivity=%us) ..."

CID 642992: API usage errors (PRINTF_ARGS)
Argument "count" to format specifier "%u" was expected to have type "unsigned int" but has type "unsigned long".

5024 , sock, count, transfer_aborted, (uint64_t)(time(NULL)-lastactive)
5025 , startup->max_inactivity);
5026 count++;
5027 mswait(1000);
5028 }
5029 lprintf(LOG_DEBUG, "%04d Done waiting for transfer to complete", sock);

** CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
/ftpsrvr.c: 5024 in ()


_____________________________________________________________________________________________
*** CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
/ftpsrvr.c: 5024 in ()
5018 transfer_aborted = TRUE;
5019 }
5020 }
5021 if (count && (count % 60) == 0)
5022 lprintf(LOG_WARNING, "%04d Still waiting (%us) for transfer to complete "
5023 "(aborted=%d, lastactive=%" PRId64 "s, max_inactivity=%us) ..."

CID 642991: API usage errors (PW.PRINTF_ARG_MISMATCH)
argument is incompatible with corresponding format string conversion (expected type "unsigned int" but argument has type "unsigned long")

5024 , sock, count, transfer_aborted, (uint64_t)(time(NULL)-lastactive)
5025 , startup->max_inactivity);
5026 count++;
5027 mswait(1000);
5028 }
5029 lprintf(LOG_DEBUG, "%04d Done waiting for transfer to complete", sock);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
* Synchronet * Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

18 new defect(s) introduced to Synchronet found with Coverity Scan.
12 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 18 of 18 defect(s)


** CID 643146: Program hangs (SLEEP)


_____________________________________________________________________________________________
*** CID 643146: Program hangs (SLEEP)
/filterfile.hpp: 56 in filterFile::listed(const char *, const char *, trash *)()
50 const std::lock_guard<std::mutex> lock(mutex); 51 if ((now - lastftime_check) >= fchk_interval) { 52 lastftime_check = now;
53 time_t latest = fdate(fname);
54 if (latest > timestamp) {
55 strListFree(&list);

CID 643146: Program hangs (SLEEP)
Call to "findstr_list" might sleep while holding lock "lock._M_device". 56 list = findstr_list(fname);

57 timestamp = latest;
58 ++fread_count;
59 }
60 }
61 result = trash_in_list(str1, str2, list, details);

** CID 643145: Security best practices violations (DC.WEAK_CRYPTO) /ftpsrvr.cpp: 1844 in ftp_tmpfname(char *, const char *, int)()


_____________________________________________________________________________________________
*** CID 643145: Security best practices violations (DC.WEAK_CRYPTO) /ftpsrvr.cpp: 1844 in ftp_tmpfname(char *, const char *, int)() 1838 return FALSE;
1839 }
1840
1841 static char* ftp_tmpfname(char* fname, const char* ext, SOCKET sock) 1842 {
1843 safe_snprintf(fname, MAX_PATH, "%sSBBS_FTP.%x%x%x%lx.%s"

CID 643145: Security best practices violations (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.

1844 , scfg.temp_dir, getpid(), sock, rand(), (ulong)clock(), ext);
1845 return fname;
1846 }
1847
1848 #if defined(__GNUC__) // Catch printf-format errors
1849 static BOOL send_mlsx(FILE *fp, SOCKET sock, CRYPT_SESSION sess, const char *format, ...) __attribute__ ((format (printf, 4, 5)));

** CID 643144: Memory - corruptions (OVERRUN)
/ftpsrvr.cpp: 1359 in filexfer(xp_sockaddr *, int, int, int, int, int *, int *, char *, long, volatile int *, volatile int *, int, int, long *, user_t *, client_t *, int, int, int, int, char *, int)()


_____________________________________________________________________________________________
*** CID 643144: Memory - corruptions (OVERRUN)
/ftpsrvr.cpp: 1359 in filexfer(xp_sockaddr *, int, int, int, int, int *, int *, char *, long, volatile int *, volatile int *, int, int, long *, user_t *, client_t *, int, int, int, int, char *, int)()
1353 }
1354
1355 addr_len = sizeof(*addr);
1356 #ifdef SOCKET_DEBUG_ACCEPT
1357 socket_debug[ctrl_sock] |= SOCKET_DEBUG_ACCEPT;
1358 #endif

CID 643144: Memory - corruptions (OVERRUN)
Overrunning struct type sockaddr of 16 bytes by passing it to a function which accesses it at byte offset 127 using argument "addr_len" (which evaluates to 128).

1359 *data_sock = accept(pasv_sock, &addr->addr, &addr_len); 1360 #ifdef SOCKET_DEBUG_ACCEPT
1361 socket_debug[ctrl_sock] &= ~SOCKET_DEBUG_ACCEPT;
1362 #endif
1363 if (*data_sock == INVALID_SOCKET) {
1364 lprintf(LOG_WARNING, "%04d <%s> PASV !DATA ERROR %d accepting connection on socket %d"

** CID 643143: Error handling issues (CHECKED_RETURN)
/ftpsrvr.cpp: 450 in sock_recvbyte(int, int, char *, long *)()


_____________________________________________________________________________________________
*** CID 643143: Error handling issues (CHECKED_RETURN)
/ftpsrvr.cpp: 450 in sock_recvbyte(int, int, char *, long *)()
444 /* Try a read with no timeout first. */
445 if ((ret = cryptSetAttribute(sess, CRYPT_OPTION_NET_READTIMEOUT, 0)) != CRYPT_OK)
446 GCES(ret, sock, sess, estr, "setting read timeout");
447 while (1) {
448 ret = cryptPopData(sess, buf, 1, &len);
449 /* Successive reads will be with the full timeout after a socket_readable() */

CID 643143: Error handling issues (CHECKED_RETURN)
Calling "cryptSetAttribute" without checking return value (as is done elsewhere 55 out of 68 times).

450 cryptSetAttribute(sess, CRYPT_OPTION_NET_READTIMEOUT, startup->max_inactivity);
451 switch (ret) {
452 case CRYPT_OK:
453 break;
454 case CRYPT_ERROR_TIMEOUT:
455 if (!first) {

** CID 643142: (CHECKED_RETURN)
/ftpsrvr.cpp: 663 in send_thread(void *)()
/ftpsrvr.cpp: 700 in send_thread(void *)()


_____________________________________________________________________________________________
*** CID 643142: (CHECKED_RETURN)
/ftpsrvr.cpp: 663 in send_thread(void *)()
657 if (xfer.filepos < 0)
658 xfer.filepos = 0;
659 if (startup->options & FTP_OPT_DEBUG_DATA || xfer.filepos)
660 lprintf(LOG_DEBUG, "%04d <%s> DATA socket %d sending %s from offset %" PRIdOFF
661 , xfer.ctrl_sock, xfer.user->alias, *xfer.data_sock, xfer.filename, xfer.filepos);
662

CID 643142: (CHECKED_RETURN)
Calling "fseeko(fp, xfer.filepos, 0)" without checking return value. This library function may fail and return an error code.

663 fseeko(fp, xfer.filepos, SEEK_SET);
664 last_report = start = time(NULL);
665 while ((xfer.filepos + total) < length) {
666
667 now = time(NULL);
668
/ftpsrvr.cpp: 700 in send_thread(void *)()
694 }
695
696 /* Check socket for writability */
697 if (!socket_writable(*xfer.data_sock, 1000))
698 continue;
699

CID 643142: (CHECKED_RETURN)
Calling "fseeko(fp, xfer.filepos + total, 0)" without checking return value. This library function may fail and return an error code.

700 fseeko(fp, xfer.filepos + total, SEEK_SET);
701 rd = fread(buf, sizeof(char), sizeof(buf), fp);
702 if (rd < 1) /* EOF or READ error */
703 break;
704
705 #ifdef SOCKET_DEBUG_SEND

** CID 643141: (Y2K38_SAFETY)
/websrvr.cpp: 7719 in web_server()
/websrvr.cpp: 7721 in web_server()


_____________________________________________________________________________________________
*** CID 643141: (Y2K38_SAFETY)
/websrvr.cpp: 7719 in web_server()
7713 std::string most_active = request_rate_limiter->most_active(&most_active_count);
7714 char str[sizeof rate_limit_report]; 7715 char tmp[128];
7716 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
7717 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
7718 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count

CID 643141: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t".

7719 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, logstr)
7720 , request_rate_limiter->disallowed.load()
7721 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp)
7722 , request_rate_limiter->repeat.load());
7723 if (strcmp(str, rate_limit_report) != 0) {
7724 SAFECOPY(rate_limit_report, str);
/websrvr.cpp: 7721 in web_server()
7715 char tmp[128];
7716 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
7717 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
7718 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
7719 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, logstr)
7720 , request_rate_limiter->disallowed.load()

CID 643141: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t".

7721 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp)
7722 , request_rate_limiter->repeat.load());
7723 if (strcmp(str, rate_limit_report) != 0) {
7724 SAFECOPY(rate_limit_report, str);
7725 lprintf(LOG_DEBUG, "%s", rate_limit_report);
7726 }

** CID 643140: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3431 in ctrl_thread(void *)()
/ftpsrvr.cpp: 2847 in ctrl_thread(void *)()
/ftpsrvr.cpp: 2557 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3214 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3490 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3242 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3174 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3204 in ctrl_thread(void *)()
/ftpsrvr.cpp: 2885 in ctrl_thread(void *)()
/ftpsrvr.cpp: 2540 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3192 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3363 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3366 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3367 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3283 in ctrl_thread(void *)()


_____________________________________________________________________________________________
*** CID 643140: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3431 in ctrl_thread(void *)()
3425
3426 if (!strnicmp(cmd, "CWD ", 4) || !strnicmp(cmd, "XCWD ", 5)) {
3427 if (!strnicmp(cmd, "CWD ", 4))
3428 p = cmd + 4;
3429 else
3430 p = cmd + 5;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3431 SKIP_WHITESPACE(p);
3432 tp = p;
3433 if (*tp == '/' || *tp == '\\') /* /local: and /bbs: are valid */
3434 tp++;
3435 if (!strnicmp(tp, BBS_FSYS_DIR, strlen(BBS_FSYS_DIR))) {
3436 local_fsys = FALSE; /ftpsrvr.cpp: 2847 in ctrl_thread(void *)()
2841 refresh_cfg(&scfg);
2842 sockprintf(sock, sess, "211 ALL servers/nodes will recycle when not in-use");
2843 continue;
2844 }
2845 if (!strnicmp(cmd, "SITE EXEC ", 10) && sysop) {
2846 p = cmd + 10;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2847 SKIP_WHITESPACE(p);
2848 #ifdef __unix__
2849 fp = popen(p, "r");
2850 if (fp == NULL)
2851 sockprintf(sock, sess, "500 Error %d opening pipe to: %s", errno, p);
2852 else {
/ftpsrvr.cpp: 2557 in ctrl_thread(void *)()
2551 continue;
2552 }
2553 if (!strnicmp(cmd, "PASS ", 5) && user.alias[0]) {
2554 user.number = 0;
2555 fmutex_close(&mutex_file);
2556 p = cmd + 5;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2557 SKIP_WHITESPACE(p);
2558
2559 SAFECOPY(password, p);
2560 uint usernum = find_login_id(&scfg, user.alias);
2561 if (usernum == 0) {
2562 if (scfg.sys_misc & SM_ECHO_PW) /ftpsrvr.cpp: 3214 in ctrl_thread(void *)()
3208 sockprintf(sock, sess, "200 STREAM mode.");
3209 continue;
3210 }
3211
3212 if (!strnicmp(cmd, "STRU ", 5)) {
3213 p = cmd + 5;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3214 SKIP_WHITESPACE(p);
3215 if (toupper(*p) != 'F')
3216 sockprintf(sock, sess, "504 Only FILE structure supported.");
3217 else
3218 sockprintf(sock, sess, "200 FILE structure.");
3219 continue;
/ftpsrvr.cpp: 3490 in ctrl_thread(void *)()
3484 , local_dir);
3485 continue;
3486 } /* Local PWD */
3487
3488 if (!strnicmp(cmd, "MKD ", 4) || !strnicmp(cmd, "XMKD", 4)) {
3489 p = cmd + 4;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3490 SKIP_WHITESPACE(p);
3491 if (*p == '/') /* absolute */
3492 SAFEPRINTF2(fname, "%s%s", root_dir(local_dir), p + 1);
3493 else /* relative */
3494 SAFEPRINTF2(fname, "%s%s", local_dir, p);
3495
/ftpsrvr.cpp: 3242 in ctrl_thread(void *)()
3236 }
3237 continue;
3238 }
3239
3240 if (!strnicmp(cmd, "SMNT ", 5) && sysop && !(startup->options & FTP_OPT_NO_LOCAL_FSYS)) {
3241 p = cmd + 5;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3242 SKIP_WHITESPACE(p);
3243 if (!stricmp(p, BBS_FSYS_DIR))
3244 local_fsys = FALSE;
3245 else {
3246 if (!direxist(p)) {
3247 sockprintf(sock, sess, "550 Directory does not exist.");
/ftpsrvr.cpp: 3174 in ctrl_thread(void *)()
3168 sockprintf(sock, sess, "200 All files sent in BINARY mode.");
3169 continue;
3170 }
3171
3172 if (!strnicmp(cmd, "ALLO", 4)) {
3173 p = cmd + 5;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3174 SKIP_WHITESPACE(p);
3175 if (*p)
3176 l = atol(p);
3177 else
3178 l = 0;
3179 if (local_fsys)
/ftpsrvr.cpp: 3204 in ctrl_thread(void *)()
3198 , filepos);
3199 continue;
3200 }
3201
3202 if (!strnicmp(cmd, "MODE ", 5)) {
3203 p = cmd + 5;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3204 SKIP_WHITESPACE(p);
3205 if (toupper(*p) != 'S')
3206 sockprintf(sock, sess, "504 Only STREAM mode supported.");
3207 else
3208 sockprintf(sock, sess, "200 STREAM mode.");
3209 continue;
/ftpsrvr.cpp: 2885 in ctrl_thread(void *)()
2879
2880 if (pasv_sock != INVALID_SOCKET) {
2881 ftp_close_socket(&pasv_sock, &pasv_sess, __LINE__);
2882 }
2883 memcpy(&data_addr, &ftp.client_addr, ftp.client_addr_len);
2884 p = cmd + 5;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2885 SKIP_WHITESPACE(p);
2886 if (strnicmp(cmd, "PORT ", 5) == 0 && sscanf(p, "%u,%u,%u,%u,%hd,%hd", &h1, &h2, &h3, &h4, &p1, &p2) == 6) {
2887 data_addr.in.sin_family = AF_INET;
2888 data_addr.in.sin_addr.s_addr = htonl((h1 << 24) | (h2 << 16) | (h3 << 8) | h4);
2889 data_port = (p1 << 8) | p2;
2890 } else if (strnicmp(cmd, "EPRT ", 5) == 0) { /* EPRT */
/ftpsrvr.cpp: 2540 in ctrl_thread(void *)()
2534 }
2535 if (!strnicmp(cmd, "USER ", 5)) {
2536 sysop = FALSE;
2537 user.number = 0;
2538 fmutex_close(&mutex_file);
2539 p = cmd + 5;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

2540 SKIP_WHITESPACE(p);
2541 truncsp(p);
2542 SAFECOPY(user.alias, p);
2543 user.number = find_login_id(&scfg, user.alias); 2544 if (!user.number && (stricmp(user.alias, "anonymous") == 0 || stricmp(user.alias, "ftp") == 0))
2545 user.number = matchuser(&scfg, "guest", FALSE);
/ftpsrvr.cpp: 3192 in ctrl_thread(void *)()
3186 sockprintf(sock, sess, "200 %" PRIu64 " bytes available.", avail);
3187 continue;
3188 }
3189
3190 if (!strnicmp(cmd, "REST", 4)) {
3191 p = cmd + 4;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3192 SKIP_WHITESPACE(p);
3193 if (*p)
3194 filepos = atol(p);
3195 else
3196 filepos = 0;
3197 sockprintf(sock, sess, "350 Restarting at %ld. Send STORE or RETRIEVE to initiate transfer."
/ftpsrvr.cpp: 3363 in ctrl_thread(void *)()
3357 , sock, user.alias, errno, safe_strerror(errno, error, sizeof error), __LINE__, fname);
3358 sockprintf(sock, sess, "451 Insufficient system storage");
3359 continue;
3360 }
3361
3362 p = cmd + 4;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3363 SKIP_WHITESPACE(p);
3364
3365 if (*p == '-') { /* -Letc */
3366 FIND_WHITESPACE(p);
3367 SKIP_WHITESPACE(p);
3368 }
/ftpsrvr.cpp: 3366 in ctrl_thread(void *)()
3360 }
3361
3362 p = cmd + 4;
3363 SKIP_WHITESPACE(p);
3364
3365 if (*p == '-') { /* -Letc */

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3366 FIND_WHITESPACE(p);
3367 SKIP_WHITESPACE(p);
3368 }
3369
3370 filespec = p;
3371 if (*filespec == 0)
/ftpsrvr.cpp: 3367 in ctrl_thread(void *)()
3361
3362 p = cmd + 4;
3363 SKIP_WHITESPACE(p);
3364
3365 if (*p == '-') { /* -Letc */
3366 FIND_WHITESPACE(p);

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3367 SKIP_WHITESPACE(p);
3368 }
3369
3370 filespec = p;
3371 if (*filespec == 0)
3372 filespec = "*";
/ftpsrvr.cpp: 3283 in ctrl_thread(void *)()
3277 sockprintf(sock, sess, "451 Insufficient system storage");
3278 continue;
3279 }
3280 }
3281
3282 p = cmd + 4;

CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3283 SKIP_WHITESPACE(p);
3284
3285 filespec = p;
3286 if (!local_dir[0])
3287 strcpy(local_dir, "/"); 3288 SAFEPRINTF2(path, "%s%s", local_dir, filespec);

** CID 643139: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1557 in ftpalias(char *, char *, user_t *, client_t *, int *)()
/ftpsrvr.cpp: 1544 in ftpalias(char *, char *, user_t *, client_t *, int *)()


_____________________________________________________________________________________________
*** CID 643139: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1557 in ftpalias(char *, char *, user_t *, client_t *, int *)()
1551 *tp = 0;
1552
1553 if (stricmp(p, alias)) /* Not a match */
1554 continue;
1555
1556 p = tp + 1; /* filename */

CID 643139: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1557 SKIP_WHITESPACE(p);
1558
1559 tp = p; /* terminator */
1560 FIND_WHITESPACE(tp);
1561 if (*tp)
1562 *tp = 0;
/ftpsrvr.cpp: 1544 in ftpalias(char *, char *, user_t *, client_t *, int *)()
1538
1539 while (!feof(fp)) {
1540 if (!fgets(line, sizeof(line), fp))
1541 break;
1542
1543 p = line; /* alias */

CID 643139: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1544 SKIP_WHITESPACE(p);
1545 if (*p == ';') /* comment */
1546 continue;
1547
1548 tp = p; /* terminator */
1549 FIND_WHITESPACE(tp);

** CID 643138: (Y2K38_SAFETY)
/services.cpp: 2230 in services_thread()
/services.cpp: 2232 in services_thread()


_____________________________________________________________________________________________
*** CID 643138: (Y2K38_SAFETY)
/services.cpp: 2230 in services_thread()
2224 std::string most_active = connect_rate_limiter->most_active(&most_active_count);
2225 char str[sizeof rate_limit_report]; 2226 char tmp[128], tmp2[128];
2227 snprintf(str, sizeof str, "Connect limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
2228 , connect_rate_limiter->client_count(), connect_rate_limiter->total(), most_active.c_str(), most_active_count
2229 , connect_rate_limiter->currHighwater.client.c_str(), connect_rate_limiter->currHighwater.count

CID 643138: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "connect_rate_limiter->currHighwater.time" is cast to "time32_t".

2230 , timestr(&scfg, (time32_t)connect_rate_limiter->currHighwater.time, tmp)
2231 , connect_rate_limiter->disallowed.load()
2232 , connect_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)connect_rate_limiter->lastLimited.time, tmp2)
2233 , connect_rate_limiter->repeat.load());
2234 if (strcmp(str, rate_limit_report) != 0) {
2235 SAFECOPY(rate_limit_report, str);
/services.cpp: 2232 in services_thread()
2226 char tmp[128], tmp2[128];
2227 snprintf(str, sizeof str, "Connect limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
2228 , connect_rate_limiter->client_count(), connect_rate_limiter->total(), most_active.c_str(), most_active_count
2229 , connect_rate_limiter->currHighwater.client.c_str(), connect_rate_limiter->currHighwater.count
2230 , timestr(&scfg, (time32_t)connect_rate_limiter->currHighwater.time, tmp)
2231 , connect_rate_limiter->disallowed.load()

CID 643138: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "connect_rate_limiter->lastLimited.time" is cast to "time32_t".

2232 , connect_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)connect_rate_limiter->lastLimited.time, tmp2)
2233 , connect_rate_limiter->repeat.load());
2234 if (strcmp(str, rate_limit_report) != 0) {
2235 SAFECOPY(rate_limit_report, str);
2236 lprintf(LOG_DEBUG, "%s", rate_limit_report);
2237 }

** CID 643137: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4105 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3782 in ctrl_thread(void *)()


_____________________________________________________________________________________________
*** CID 643137: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4105 in ctrl_thread(void *)()
4099 tp = np; /* terminator pointer */
4100 FIND_WHITESPACE(tp); 4101 if (*tp)
4102 *tp = 0;
4103
4104 dp = tp + 1; /* description pointer */

CID 643137: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

4105 SKIP_WHITESPACE(dp); 4106 truncsp(dp);
4107
4108 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
4109 continue;
4110
/ftpsrvr.cpp: 3782 in ctrl_thread(void *)()
3776 tp = np; /* terminator pointer */
3777 FIND_WHITESPACE(tp);
3778 if (*tp)
3779 *tp = 0;
3780
3781 dp = tp + 1; /* description pointer */

CID 643137: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3782 SKIP_WHITESPACE(dp);
3783 truncsp(dp);
3784
3785 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
3786 continue;
3787

** CID 643136: (Y2K38_SAFETY)
/ftpsrvr.cpp: 5417 in ftp_server()
/ftpsrvr.cpp: 5416 in ftp_server()


_____________________________________________________________________________________________
*** CID 643136: (Y2K38_SAFETY)
/ftpsrvr.cpp: 5417 in ftp_server()
5411 std::string most_active = request_rate_limiter->most_active(&most_active_count);
5412 char tmp[128], tmp2[128];
5413 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
5414 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
5415 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
5416 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()

CID 643136: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t".

5417 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
5418 if (strcmp(str, rate_limit_report) != 0) {
5419 SAFECOPY(rate_limit_report, str);
5420 lprintf(LOG_DEBUG, "%s", rate_limit_report);
5421 }
5422 }
/ftpsrvr.cpp: 5416 in ftp_server()
5410 size_t most_active_count = 0;
5411 std::string most_active = request_rate_limiter->most_active(&most_active_count);
5412 char tmp[128], tmp2[128];
5413 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
5414 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
5415 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count

CID 643136: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t".

5416 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()
5417 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
5418 if (strcmp(str, rate_limit_report) != 0) {
5419 SAFECOPY(rate_limit_report, str);
5420 lprintf(LOG_DEBUG, "%s", rate_limit_report);
5421 }

** CID 643135: Program hangs (LOCK)
/services.cpp: 2476 in services_thread()


_____________________________________________________________________________________________
*** CID 643135: Program hangs (LOCK)
/services.cpp: 2476 in services_thread()
2470 close_socket(client_socket);
2471 continue;
2472 }
2473
2474 if (!host_exempt->listed(host_ip, nullptr)) {
2475 login_attempt_t attempted;

CID 643135: Program hangs (LOCK)
"loginBanned" locks "startup->login_attempt_list->mutex" while it is locked.

2476 ulong banned = loginBanned(&scfg, startup->login_attempt_list, client_socket, /* host_name: */ NULL, startup->login_attempt, &attempted);
2477 if (banned) {
2478 char ban_duration[128];
2479 lprintf(LOG_NOTICE, "%04d [%s] !TEMPORARY BAN (%lu login attempts, last: %s) - remaining: %s"
2480 , client_socket, host_ip, attempted.count - attempted.dupes, attempted.user
2481 , duration_estimate_to_str(banned, ban_duration, sizeof ban_duration, 1, 1));

** CID 643134: Uninitialized members (UNINIT_CTOR)
/filterfile.hpp: 44 in filterFile::filterFile()()


_____________________________________________________________________________________________
*** CID 643134: Uninitialized members (UNINIT_CTOR)
/filterfile.hpp: 44 in filterFile::filterFile()()
38 filterFile() = default;
39 ~filterFile() {
40 strListFree(&list);
41 }
42 std::atomic<uint> fread_count{};
43 std::atomic<uint> total_found{};

CID 643134: Uninitialized members (UNINIT_CTOR)
The compiler-generated constructor for this class does not initialize "fchk_interval".

44 time_t fchk_interval; // seconds
45 char fname[MAX_PATH + 1];
46 bool listed(const char* str1, const char* str2 = nullptr, struct trash* details = nullptr) {
47 bool result;
48 time_t now = time(nullptr);
49 if (fchk_interval) {

** CID 643133: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4476 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4473 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4097 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3774 in ctrl_thread(void *)()


_____________________________________________________________________________________________
*** CID 643133: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4476 in ctrl_thread(void *)()
4470 *tp = 0;
4471
4472 np = tp + 1; /* filename pointer */
4473 SKIP_WHITESPACE(np);
4474
4475 np++; /* description pointer */

CID 643133: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

4476 FIND_WHITESPACE(np);
4477
4478 while (*np && *np < ' ') np++;
4479
4480 truncsp(np);
4481
/ftpsrvr.cpp: 4473 in ctrl_thread(void *)()
4467 tp = p; /* terminator pointer */
4468 FIND_WHITESPACE(tp);
4469 if (*tp)
4470 *tp = 0;
4471
4472 np = tp + 1; /* filename pointer */

CID 643133: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

4473 SKIP_WHITESPACE(np);
4474
4475 np++; /* description pointer */
4476 FIND_WHITESPACE(np);
4477
4478 while (*np && *np < ' ') np++;
/ftpsrvr.cpp: 4097 in ctrl_thread(void *)()
4091 tp = p; /* terminator pointer */
4092 FIND_WHITESPACE(tp); 4093 if (*tp)
4094 *tp = 0;
4095
4096 np = tp + 1; /* filename pointer */

CID 643133: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

4097 SKIP_WHITESPACE(np); 4098
4099 tp = np; /* terminator pointer */
4100 FIND_WHITESPACE(tp); 4101 if (*tp)
4102 *tp = 0; /ftpsrvr.cpp: 3774 in ctrl_thread(void *)()
3768 tp = p; /* terminator pointer */
3769 FIND_WHITESPACE(tp);
3770 if (*tp)
3771 *tp = 0;
3772
3773 np = tp + 1; /* filename pointer */

CID 643133: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3774 SKIP_WHITESPACE(np);
3775
3776 tp = np; /* terminator pointer */
3777 FIND_WHITESPACE(tp);
3778 if (*tp)
3779 *tp = 0;

** CID 643132: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1560 in ftpalias(char *, char *, user_t *, client_t *, int *)()
/ftpsrvr.cpp: 1549 in ftpalias(char *, char *, user_t *, client_t *, int *)()


_____________________________________________________________________________________________
*** CID 643132: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1560 in ftpalias(char *, char *, user_t *, client_t *, int *)()
1554 continue;
1555
1556 p = tp + 1; /* filename */
1557 SKIP_WHITESPACE(p);
1558
1559 tp = p; /* terminator */

CID 643132: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1560 FIND_WHITESPACE(tp);
1561 if (*tp)
1562 *tp = 0;
1563
1564 if (filename == NULL /* CWD? */ && (*lastchar(p) != '/' || (*fname != 0 && strcmp(fname, alias)))) {
1565 fclose(fp);
/ftpsrvr.cpp: 1549 in ftpalias(char *, char *, user_t *, client_t *, int *)()
1543 p = line; /* alias */
1544 SKIP_WHITESPACE(p);
1545 if (*p == ';') /* comment */
1546 continue;
1547
1548 tp = p; /* terminator */

CID 643132: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

1549 FIND_WHITESPACE(tp);
1550 if (*tp)
1551 *tp = 0;
1552
1553 if (stricmp(p, alias)) /* Not a match */
1554 continue;

** CID 643131: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3769 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3777 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4100 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4092 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4468 in ctrl_thread(void *)()


_____________________________________________________________________________________________
*** CID 643131: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3769 in ctrl_thread(void *)()
3763 SKIP_WHITESPACE(p);
3764
3765 if (*p == ';') /* comment */
3766 continue;
3767
3768 tp = p; /* terminator pointer */

CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3769 FIND_WHITESPACE(tp);
3770 if (*tp)
3771 *tp = 0;
3772
3773 np = tp + 1; /* filename pointer */
3774 SKIP_WHITESPACE(np);
/ftpsrvr.cpp: 3777 in ctrl_thread(void *)()
3771 *tp = 0;
3772
3773 np = tp + 1; /* filename pointer */
3774 SKIP_WHITESPACE(np);
3775
3776 tp = np; /* terminator pointer */

CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

3777 FIND_WHITESPACE(tp);
3778 if (*tp)
3779 *tp = 0;
3780
3781 dp = tp + 1; /* description pointer */
3782 SKIP_WHITESPACE(dp);
/ftpsrvr.cpp: 4100 in ctrl_thread(void *)()
4094 *tp = 0;
4095
4096 np = tp + 1; /* filename pointer */
4097 SKIP_WHITESPACE(np); 4098
4099 tp = np; /* terminator pointer */

CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

4100 FIND_WHITESPACE(tp); 4101 if (*tp)
4102 *tp = 0;
4103
4104 dp = tp + 1; /* description pointer */
4105 SKIP_WHITESPACE(dp); /ftpsrvr.cpp: 4092 in ctrl_thread(void *)()
4086 SKIP_WHITESPACE(p); 4087
4088 if (*p == ';') /* comment */
4089 continue;
4090
4091 tp = p; /* terminator pointer */

CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

4092 FIND_WHITESPACE(tp); 4093 if (*tp)
4094 *tp = 0;
4095
4096 np = tp + 1; /* filename pointer */
4097 SKIP_WHITESPACE(np); /ftpsrvr.cpp: 4468 in ctrl_thread(void *)()
4462 SKIP_WHITESPACE(p);
4463
4464 if (*p == ';') /* comment */
4465 continue;
4466
4467 tp = p; /* terminator pointer */

CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".

4468 FIND_WHITESPACE(tp);
4469 if (*tp)
4470 *tp = 0;
4471
4472 np = tp + 1; /* filename pointer */
4473 SKIP_WHITESPACE(np);

** CID 643130: Error handling issues (CHECKED_RETURN)
/ftpsrvr.cpp: 929 in receive_thread(void *)()


_____________________________________________________________________________________________
*** CID 643130: Error handling issues (CHECKED_RETURN)
/ftpsrvr.cpp: 929 in receive_thread(void *)()
923
924 *xfer.aborted = FALSE;
925 if (xfer.filepos || startup->options & FTP_OPT_DEBUG_DATA)
926 lprintf(LOG_DEBUG, "%04d <%s> DATA socket %d receiving %s from offset %" PRIdOFF
927 , xfer.ctrl_sock, xfer.user->alias, *xfer.data_sock, xfer.filename, xfer.filepos);
928

CID 643130: Error handling issues (CHECKED_RETURN)
Calling "fseeko(fp, xfer.filepos, 0)" without checking return value. This library function may fail and return an error code.

929 fseeko(fp, xfer.filepos, SEEK_SET);
930
931 // Determine the maximum file size to allow, accounting for minimum free space
932 char path[MAX_PATH + 1];
933 SAFECOPY(path, xfer.filename);
934 *getfname(path) = '\0';

** CID 643129: (Y2K38_SAFETY)
/mailsrvr.cpp: 6497 in mail_server()
/mailsrvr.cpp: 6496 in mail_server()


_____________________________________________________________________________________________
*** CID 643129: (Y2K38_SAFETY)
/mailsrvr.cpp: 6497 in mail_server()
6491 std::string most_active = request_rate_limiter->most_active(&most_active_count);
6492 char tmp[128], tmp2[128];
6493 snprintf(str, sizeof str, "Rate limiting current; clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
6494 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
6495 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
6496 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()

CID 643129: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t".

6497 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
6498 if (strcmp(str, rate_limit_report) != 0) {
6499 SAFECOPY(rate_limit_report, str);
6500 lprintf(LOG_DEBUG, "%s", rate_limit_report);
6501 }
6502 }
/mailsrvr.cpp: 6496 in mail_server()
6490 size_t most_active_count = 0;
6491 std::string most_active = request_rate_limiter->most_active(&most_active_count);
6492 char tmp[128], tmp2[128];
6493 snprintf(str, sizeof str, "Rate limiting current; clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
6494 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
6495 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count

CID 643129: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t".

6496 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()
6497 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
6498 if (strcmp(str, rate_limit_report) != 0) {
6499 SAFECOPY(rate_limit_report, str);
6500 lprintf(LOG_DEBUG, "%s", rate_limit_report);
6501 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
* Synchronet * Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 644193: Memory - corruptions (REVERSE_NEGATIVE)
/websrvr.cpp: 1186 in close_request(http_session_t *)()


_____________________________________________________________________________________________
*** CID 644193: Memory - corruptions (REVERSE_NEGATIVE)
/websrvr.cpp: 1186 in close_request(http_session_t *)()
1180 * This causes all active http_session_threads to terminate. 1181 */
1182 if ((!session->req.keep_alive) || terminate_server) {
1183 drain_outbuf(session);
1184 close_session_socket(session);
1185 }

CID 644193: Memory - corruptions (REVERSE_NEGATIVE)
You might be using variable "session->socket" before verifying that it is >= 0.

1186 if (session->socket == INVALID_SOCKET)
1187 session->finished = true;
1188
1189 if (session->js_cx != NULL && (session->req.dynamic == IS_SSJS)) {
1190 JS_BEGINREQUEST(session->js_cx);
1191 JS_GC(session->js_cx);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview



---
* Synchronet * Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net