Subj : New Defects reported by Coverity Scan for Synchronet
To   : cov-scan@synchro.net
From : scan-admin@coverity.com
Date : Thu Dec 14 2023 01:44 pm

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

5 new defect(s) introduced to Synchronet found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 470557:  Resource leaks  (RESOURCE_LEAK)
/mailsrvr.c: 3122 in smtp_client_thread()


________________________________________________________________________________________________________
*** CID 470557:  Resource leaks  (RESOURCE_LEAK)
/mailsrvr.c: 3122 in smtp_client_thread()
3116     	}
3117
3118     	BOOL* mailproc_to_match = calloc(sizeof(*mailproc_to_match), mailproc_count);
3119     	if(mailproc_to_match == NULL) {
3120     		lprintf(LOG_CRIT,"%04d %s !ERROR allocating memory for mailproc_to_match", socket, client.protocol);
3121     		sockprintf(socket,client.protocol,session,smtp_error, "malloc failure");
>>>     CID 470557:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "spy" going out of scope leaks the storage it points to.
3122     		return false;
3123     	}
3124
3125     	/* SMTP session active: */
3126
3127     	sockprintf(socket,client.protocol,session,"220 %s Synchronet %s Server %s%c-%s Ready"

** CID 470556:    (DC.WEAK_CRYPTO)
/mailsrvr.c: 1157 in pop3_client_thread()
/mailsrvr.c: 1159 in pop3_client_thread()


________________________________________________________________________________________________________
*** CID 470556:    (DC.WEAK_CRYPTO)
/mailsrvr.c: 1157 in pop3_client_thread()
1151     		memset(&smb,0,sizeof(smb));
1152     		memset(&msg,0,sizeof(msg));
1153     		memset(&user,0,sizeof(user));
1154     		password[0]=0;
1155
1156     		srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId()));	/* seed random number generator */
>>>     CID 470556:    (DC.WEAK_CRYPTO)
>>>     "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
1157     		rand();	/* throw-away first result */
1158     		safe_snprintf(challenge,sizeof(challenge),"<%x%x%lx%lx@%.128s>"
1159     			,rand(),socket,(ulong)time(NULL),(ulong)clock(), server_host_name());
1160
1161     		sockprintf(socket,client.protocol,session,"+OK Synchronet %s Server %s%c-%s Ready %s"
1162     			,client.protocol, VERSION, REVISION, PLATFORM_DESC, challenge);
/mailsrvr.c: 1159 in pop3_client_thread()
1153     		memset(&user,0,sizeof(user));
1154     		password[0]=0;
1155
1156     		srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId()));	/* seed random number generator */
1157     		rand();	/* throw-away first result */
1158     		safe_snprintf(challenge,sizeof(challenge),"<%x%x%lx%lx@%.128s>"
>>>     CID 470556:    (DC.WEAK_CRYPTO)
>>>     "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
1159     			,rand(),socket,(ulong)time(NULL),(ulong)clock(), server_host_name());
1160
1161     		sockprintf(socket,client.protocol,session,"+OK Synchronet %s Server %s%c-%s Ready %s"
1162     			,client.protocol, VERSION, REVISION, PLATFORM_DESC, challenge);
1163
1164     		/* Requires USER or APOP command first */

** CID 470555:  Error handling issues  (CHECKED_RETURN)
/mailsrvr.c: 1089 in pop3_client_thread()


________________________________________________________________________________________________________
*** CID 470555:  Error handling issues  (CHECKED_RETURN)
/mailsrvr.c: 1089 in pop3_client_thread()
1083     		if ((stat=cryptSetAttribute(session, CRYPT_SESSINFO_PRIVATEKEY, scfg.tls_certificate)) != CRYPT_OK) {
1084     			unlock_ssl_cert();
1085     			GCESH(stat, client.protocol, socket, host_ip, session, "setting private key");
1086     			return false;
1087     		}
1088     		nodelay = TRUE;
>>>     CID 470555:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "setsockopt(socket, IPPROTO_TCP, 1, (char *)&nodelay, 4U)" without checking return value. This library function may fail and return an error code.
1089     		setsockopt(socket,IPPROTO_TCP,TCP_NODELAY,(char*)&nodelay,sizeof(nodelay));
1090     		nb=0;
1091     		ioctlsocket(socket,FIONBIO,&nb);
1092     		if ((stat = cryptSetAttribute(session, CRYPT_SESSINFO_NETWORKSOCKET, socket)) != CRYPT_OK) {
1093     			unlock_ssl_cert();
1094     			GCESH(stat, client.protocol, socket, host_ip, session, "setting session socket");

** CID 470554:  Resource leaks  (RESOURCE_LEAK)
/mailsrvr.c: 3122 in smtp_client_thread()


________________________________________________________________________________________________________
*** CID 470554:  Resource leaks  (RESOURCE_LEAK)
/mailsrvr.c: 3122 in smtp_client_thread()
3116     	}
3117
3118     	BOOL* mailproc_to_match = calloc(sizeof(*mailproc_to_match), mailproc_count);
3119     	if(mailproc_to_match == NULL) {
3120     		lprintf(LOG_CRIT,"%04d %s !ERROR allocating memory for mailproc_to_match", socket, client.protocol);
3121     		sockprintf(socket,client.protocol,session,smtp_error, "malloc failure");
>>>     CID 470554:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "rcptlst" going out of scope leaks the storage it points to.
3122     		return false;
3123     	}
3124
3125     	/* SMTP session active: */
3126
3127     	sockprintf(socket,client.protocol,session,"220 %s Synchronet %s Server %s%c-%s Ready"

** CID 470553:    (DC.WEAK_CRYPTO)
/mailsrvr.c: 4204 in smtp_client_thread()
/mailsrvr.c: 3078 in smtp_client_thread()
/mailsrvr.c: 3079 in smtp_client_thread()


________________________________________________________________________________________________________
*** CID 470553:    (DC.WEAK_CRYPTO)
/mailsrvr.c: 4204 in smtp_client_thread()
4198     		}
4199     		if(!stricmp(buf,"AUTH CRAM-MD5")) {
4200     			ZERO_VAR(relay_user);
4201     			listRemoveTaggedNode(&current_logins, socket, /* free_data */TRUE);
4202
4203     			safe_snprintf(challenge,sizeof(challenge),"<%x%x%lx%lx@%s>"
>>>     CID 470553:    (DC.WEAK_CRYPTO)
>>>     "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
4204     				,rand(),socket,(ulong)time(NULL),(ulong)clock(),server_host_name());
4205     #if 0
4206     			lprintf(LOG_DEBUG,"%04d SMTP CRAM-MD5 challenge: %s"
4207     				,socket,challenge);
4208     #endif
4209     			b64_encode(str,sizeof(str),challenge,strlen(challenge));
/mailsrvr.c: 3078 in smtp_client_thread()
3072     	}
3073     	SAFEPRINTF(spam.file,"%sspam",scfg.data_dir);
3074     	spam.retry_time=scfg.smb_retry_time;
3075     	spam.subnum=INVALID_SUB;
3076
3077     	srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId()));	/* seed random number generator */
>>>     CID 470553:    (DC.WEAK_CRYPTO)
>>>     "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
3078     	rand();	/* throw-away first result */
3079     	SAFEPRINTF4(session_id,"%x%x%x%lx",getpid(),socket,rand(),(long)clock());
3080     	lprintf(LOG_DEBUG,"%04d %s [%s] Session ID=%s", socket, client.protocol, host_ip, session_id);
3081     	SAFEPRINTF3(msgtxt_fname,"%sSBBS_%s.%s.msg", scfg.temp_dir, client.protocol, session_id);
3082     	SAFEPRINTF3(newtxt_fname,"%sSBBS_%s.%s.new", scfg.temp_dir, client.protocol, session_id);
3083     	SAFEPRINTF3(logtxt_fname,"%sSBBS_%s.%s.log", scfg.temp_dir, client.protocol, session_id);
/mailsrvr.c: 3079 in smtp_client_thread()
3073     	SAFEPRINTF(spam.file,"%sspam",scfg.data_dir);
3074     	spam.retry_time=scfg.smb_retry_time;
3075     	spam.subnum=INVALID_SUB;
3076
3077     	srand((unsigned int)(time(NULL) ^ (time_t)GetCurrentThreadId()));	/* seed random number generator */
3078     	rand();	/* throw-away first result */
>>>     CID 470553:    (DC.WEAK_CRYPTO)
>>>     "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
3079     	SAFEPRINTF4(session_id,"%x%x%x%lx",getpid(),socket,rand(),(long)clock());
3080     	lprintf(LOG_DEBUG,"%04d %s [%s] Session ID=%s", socket, client.protocol, host_ip, session_id);
3081     	SAFEPRINTF3(msgtxt_fname,"%sSBBS_%s.%s.msg", scfg.temp_dir, client.protocol, session_id);
3082     	SAFEPRINTF3(newtxt_fname,"%sSBBS_%s.%s.new", scfg.temp_dir, client.protocol, session_id);
3083     	SAFEPRINTF3(logtxt_fname,"%sSBBS_%s.%s.log", scfg.temp_dir, client.protocol, session_id);
3084     	SAFEPRINTF3(rcptlst_fname,"%sSBBS_%s.%s.lst", scfg.temp_dir, client.protocol, session_id);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DMQd3_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCHTmGHVnVaZLqSbII6djd5LCfNN4WsVVM-2FraC40TFEmwnFiU15BSJwMmbqsO51yAB8H1Xj6zJDPHok6MSfH6DLipAvEvqiECGEj92Ja08CPuUfomEyNGrm6oICWjy04z9LEXD-2FV3t10gYjDHAgXUzBxC2US2YfoE3y-2FXo4-2F5AMeg-3D-3D



.