Subj : New Defects reported by Coverity Scan for Synchronet
To   : cov-scan@synchro.net
From : scan-admin@coverity.com
Date : Tue Mar 21 2023 12:39 pm

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

3 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 451020:  Resource leaks  (RESOURCE_LEAK)
/pack_qwk.cpp: 130 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()


________________________________________________________________________________________________________
*** CID 451020:  Resource leaks  (RESOURCE_LEAK)
/pack_qwk.cpp: 130 in sbbs_t::pack_qwk(char *, unsigned int *, bool)()
124     			return(false);
125     		}
126
127     		now=time(NULL);
128     		if(localtime_r(&now,&tm)==NULL) {
129     			errormsg(WHERE, ERR_CHK, "time", (uint)now);
>>>     CID 451020:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "stream" going out of scope leaks the storage it points to.
130     			return(false);
131     		}
132
133     		fprintf(stream,"%s\r\n%s\r\n%s\r\n%s, Sysop\r\n0000,%s\r\n"
134     			"%02u-%02u-%u,%02u:%02u:%02u\r\n"
135     			,cfg.sys_name

** CID 451019:    (NEGATIVE_RETURNS)


________________________________________________________________________________________________________
*** CID 451019:    (NEGATIVE_RETURNS)
/main.cpp: 3434 in sbbs_t::init()()
3428     	}
3429
3430     	/* Shared NODE files */
3431     	SAFEPRINTF2(str,"%s%s",cfg.ctrl_dir,"node.dab");
3432     	pthread_mutex_lock(&nodefile_mutex);
3433     	if((nodefile=nopen(str,O_DENYNONE|O_RDWR|O_CREAT))==-1) {
>>>     CID 451019:    (NEGATIVE_RETURNS)
>>>     "this->client_socket" is passed to a parameter that cannot be negative.
3434     		errormsg(WHERE, ERR_OPEN, str, cfg.node_num);
3435     		pthread_mutex_unlock(&nodefile_mutex);
3436     		return(false);
3437     	}
3438     	memset(&node,0,sizeof(node_t));  /* write NULL to node struct */
3439     	node.status=NODE_OFFLINE;
/main.cpp: 3443 in sbbs_t::init()()
3437     	}
3438     	memset(&node,0,sizeof(node_t));  /* write NULL to node struct */
3439     	node.status=NODE_OFFLINE;
3440     	while(filelength(nodefile)<(int)(cfg.sys_nodes*sizeof(node_t))) {
3441     		lseek(nodefile,0L,SEEK_END);
3442     		if(write(nodefile,&node,sizeof(node_t))!=sizeof(node_t)) {
>>>     CID 451019:    (NEGATIVE_RETURNS)
>>>     "this->client_socket" is passed to a parameter that cannot be negative.
3443     			errormsg(WHERE,ERR_WRITE,str,sizeof(node_t));
3444     			break;
3445     		}
3446     	}
3447     	if(chsize(nodefile, (off_t)(cfg.sys_nodes*sizeof(node_t))) != 0)
3448     		errormsg(WHERE, ERR_LEN, str, cfg.sys_nodes*sizeof(node_t));

** CID 451018:    (LOCK)
/xtrn_sec.cpp: 1437 in sbbs_t::exec_xtrn(unsigned int, bool)()
/xtrn_sec.cpp: 1437 in sbbs_t::exec_xtrn(unsigned int, bool)()


________________________________________________________________________________________________________
*** CID 451018:    (LOCK)
/xtrn_sec.cpp: 1437 in sbbs_t::exec_xtrn(unsigned int, bool)()
1431     		,cfg.xtrn[xtrnnum]->path);
1432     	end=time(NULL);
1433
1434     	if(cfg.xtrn[xtrnnum]->misc&FREETIME)
1435     		starttime+=end-start;
1436     	if(cfg.xtrn[xtrnnum]->clean[0]) {
>>>     CID 451018:    (LOCK)
>>>     "external" locks "this->input_thread_mutex" while it is locked.
1437     		external(cmdstr(cfg.xtrn[xtrnnum]->clean, drop_file, startup_dir, NULL, mode)
1438     			,mode&~(EX_STDIN|EX_CONIO), cfg.xtrn[xtrnnum]->path);
1439     	}
1440     	max_socket_inactivity = startup->max_session_inactivity;
1441     	/* Re-open the logfile */
1442     	if(logfile_fp==NULL) {
/xtrn_sec.cpp: 1437 in sbbs_t::exec_xtrn(unsigned int, bool)()
1431     		,cfg.xtrn[xtrnnum]->path);
1432     	end=time(NULL);
1433
1434     	if(cfg.xtrn[xtrnnum]->misc&FREETIME)
1435     		starttime+=end-start;
1436     	if(cfg.xtrn[xtrnnum]->clean[0]) {
>>>     CID 451018:    (LOCK)
>>>     "external" unlocks "this->input_thread_mutex" while it is unlocked.
1437     		external(cmdstr(cfg.xtrn[xtrnnum]->clean, drop_file, startup_dir, NULL, mode)
1438     			,mode&~(EX_STDIN|EX_CONIO), cfg.xtrn[xtrnnum]->path);
1439     	}
1440     	max_socket_inactivity = startup->max_session_inactivity;
1441     	/* Re-open the logfile */
1442     	if(logfile_fp==NULL) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DwQj4_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDdlFiTOYvOJ3q-2BXCmV5b82oIz6FZIN1OLfaOQTbpP8Gh-2F1BFBTVkQlZPmP-2FlpwdRVEElckq3ePaiX56HFlC4oTk3mo4UgkSGq0kVxPTfv2czS2IOfkwROgSnRu-2B3z34jIHguj-2BgdMQEhL57e4KO1qNvBjyCV-2FH1A5pF0aNBb218Q-3D-3D



.