Subj : New Defects reported by Coverity Scan for Synchronet
To   : cov-scan@synchro.net
From : scan-admin@coverity.com
Date : Mon Jan 03 2022 01:53 pm

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 345193:  Security best practices violations  (STRING_OVERFLOW)
/js_system.c: 1742 in js_new_user()


________________________________________________________________________________________________________
*** CID 345193:  Security best practices violations  (STRING_OVERFLOW)
/js_system.c: 1742 in js_new_user()
1736     		user.expire=0;
1737
1738     	/* settings */
1739     	if(cfg->total_fcomps)
1740     		strcpy(user.tmpext,cfg->fcomp[0]->ext);
1741     	else
>>>     CID 345193:  Security best practices violations  (STRING_OVERFLOW)
>>>     You might overrun the 4-character fixed-size string "user.tmpext" by copying "supported_archive_formats[0]" without checking the length.
1742     		strcpy(user.tmpext,supported_archive_formats[0]);
1743
1744     	user.shell=cfg->new_shell;
1745     	user.misc=cfg->new_misc|(AUTOTERM|COLOR);
1746     	user.prot=cfg->new_prot;
1747     	user.qwk=QWK_DEFAULT;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DLHqT_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrASNRMrjmtERpNIdQUnJSJsKnAEJXIhAxYXn8Wsbe-2FZLcOyNTvGzTXSVf3pSFMNPtPlIb534EHtx-2FbVt-2FfWmb57n4Bq9KDPi7f788OCM9cJpzKEEOL9D4Rv1Q811tuCjU09XGZwjBhiJvxCsLDf07Au06lrQrx64u7WGcNazjKonw-3D-3D



.