----==_mimepart_698f2d096fc4c_11e62b0ff68619ac1976e
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi,
Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.
18 new defect(s) introduced to Synchronet found with Coverity Scan.
12 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 18 of 18 defect(s)
** CID 643146: Program hangs (SLEEP)
_____________________________________________________________________________________________
*** CID 643146: Program hangs (SLEEP)
/filterfile.hpp: 56 in filterFile::listed(const char *, const char *, trash *)()
50 const std::lock_guard<std::mutex> lock(mutex); 51 if ((now - lastftime_check) >= fchk_interval) { 52 lastftime_check = now;
53 time_t latest = fdate(fname);
54 if (latest > timestamp) {
55 strListFree(&list);
CID 643146: Program hangs (SLEEP)
Call to "findstr_list" might sleep while holding lock "lock._M_device". 56 list = findstr_list(fname);
57 timestamp = latest;
58 ++fread_count;
59 }
60 }
61 result = trash_in_list(str1, str2, list, details);
** CID 643145: Security best practices violations (DC.WEAK_CRYPTO) /ftpsrvr.cpp: 1844 in ftp_tmpfname(char *, const char *, int)()
_____________________________________________________________________________________________
*** CID 643145: Security best practices violations (DC.WEAK_CRYPTO) /ftpsrvr.cpp: 1844 in ftp_tmpfname(char *, const char *, int)() 1838 return FALSE;
1839 }
1840
1841 static char* ftp_tmpfname(char* fname, const char* ext, SOCKET sock) 1842 {
1843 safe_snprintf(fname, MAX_PATH, "%sSBBS_FTP.%x%x%x%lx.%s"
CID 643145: Security best practices violations (DC.WEAK_CRYPTO)
"rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
1844 , scfg.temp_dir, getpid(), sock, rand(), (ulong)clock(), ext);
1845 return fname;
1846 }
1847
1848 #if defined(__GNUC__) // Catch printf-format errors
1849 static BOOL send_mlsx(FILE *fp, SOCKET sock, CRYPT_SESSION sess, const char *format, ...) __attribute__ ((format (printf, 4, 5)));
** CID 643144: Memory - corruptions (OVERRUN)
/ftpsrvr.cpp: 1359 in filexfer(xp_sockaddr *, int, int, int, int, int *, int *, char *, long, volatile int *, volatile int *, int, int, long *, user_t *, client_t *, int, int, int, int, char *, int)()
_____________________________________________________________________________________________
*** CID 643144: Memory - corruptions (OVERRUN)
/ftpsrvr.cpp: 1359 in filexfer(xp_sockaddr *, int, int, int, int, int *, int *, char *, long, volatile int *, volatile int *, int, int, long *, user_t *, client_t *, int, int, int, int, char *, int)()
1353 }
1354
1355 addr_len = sizeof(*addr);
1356 #ifdef SOCKET_DEBUG_ACCEPT
1357 socket_debug[ctrl_sock] |= SOCKET_DEBUG_ACCEPT;
1358 #endif
CID 643144: Memory - corruptions (OVERRUN)
Overrunning struct type sockaddr of 16 bytes by passing it to a function which accesses it at byte offset 127 using argument "addr_len" (which evaluates to 128).
1359 *data_sock = accept(pasv_sock, &addr->addr, &addr_len); 1360 #ifdef SOCKET_DEBUG_ACCEPT
1361 socket_debug[ctrl_sock] &= ~SOCKET_DEBUG_ACCEPT;
1362 #endif
1363 if (*data_sock == INVALID_SOCKET) {
1364 lprintf(LOG_WARNING, "%04d <%s> PASV !DATA ERROR %d accepting connection on socket %d"
** CID 643143: Error handling issues (CHECKED_RETURN)
/ftpsrvr.cpp: 450 in sock_recvbyte(int, int, char *, long *)()
_____________________________________________________________________________________________
*** CID 643143: Error handling issues (CHECKED_RETURN)
/ftpsrvr.cpp: 450 in sock_recvbyte(int, int, char *, long *)()
444 /* Try a read with no timeout first. */
445 if ((ret = cryptSetAttribute(sess, CRYPT_OPTION_NET_READTIMEOUT, 0)) != CRYPT_OK)
446 GCES(ret, sock, sess, estr, "setting read timeout");
447 while (1) {
448 ret = cryptPopData(sess, buf, 1, &len);
449 /* Successive reads will be with the full timeout after a socket_readable() */
CID 643143: Error handling issues (CHECKED_RETURN)
Calling "cryptSetAttribute" without checking return value (as is done elsewhere 55 out of 68 times).
450 cryptSetAttribute(sess, CRYPT_OPTION_NET_READTIMEOUT, startup->max_inactivity);
451 switch (ret) {
452 case CRYPT_OK:
453 break;
454 case CRYPT_ERROR_TIMEOUT:
455 if (!first) {
** CID 643142: (CHECKED_RETURN)
/ftpsrvr.cpp: 663 in send_thread(void *)()
/ftpsrvr.cpp: 700 in send_thread(void *)()
_____________________________________________________________________________________________
*** CID 643142: (CHECKED_RETURN)
/ftpsrvr.cpp: 663 in send_thread(void *)()
657 if (xfer.filepos < 0)
658 xfer.filepos = 0;
659 if (startup->options & FTP_OPT_DEBUG_DATA || xfer.filepos)
660 lprintf(LOG_DEBUG, "%04d <%s> DATA socket %d sending %s from offset %" PRIdOFF
661 , xfer.ctrl_sock, xfer.user->alias, *xfer.data_sock, xfer.filename, xfer.filepos);
662
CID 643142: (CHECKED_RETURN)
Calling "fseeko(fp, xfer.filepos, 0)" without checking return value. This library function may fail and return an error code.
663 fseeko(fp, xfer.filepos, SEEK_SET);
664 last_report = start = time(NULL);
665 while ((xfer.filepos + total) < length) {
666
667 now = time(NULL);
668
/ftpsrvr.cpp: 700 in send_thread(void *)()
694 }
695
696 /* Check socket for writability */
697 if (!socket_writable(*xfer.data_sock, 1000))
698 continue;
699
CID 643142: (CHECKED_RETURN)
Calling "fseeko(fp, xfer.filepos + total, 0)" without checking return value. This library function may fail and return an error code.
700 fseeko(fp, xfer.filepos + total, SEEK_SET);
701 rd = fread(buf, sizeof(char), sizeof(buf), fp);
702 if (rd < 1) /* EOF or READ error */
703 break;
704
705 #ifdef SOCKET_DEBUG_SEND
** CID 643141: (Y2K38_SAFETY)
/websrvr.cpp: 7719 in web_server()
/websrvr.cpp: 7721 in web_server()
_____________________________________________________________________________________________
*** CID 643141: (Y2K38_SAFETY)
/websrvr.cpp: 7719 in web_server()
7713 std::string most_active = request_rate_limiter->most_active(&most_active_count);
7714 char str[sizeof rate_limit_report]; 7715 char tmp[128];
7716 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
7717 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
7718 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
CID 643141: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t".
7719 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, logstr)
7720 , request_rate_limiter->disallowed.load()
7721 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp)
7722 , request_rate_limiter->repeat.load());
7723 if (strcmp(str, rate_limit_report) != 0) {
7724 SAFECOPY(rate_limit_report, str);
/websrvr.cpp: 7721 in web_server()
7715 char tmp[128];
7716 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
7717 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
7718 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
7719 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, logstr)
7720 , request_rate_limiter->disallowed.load()
CID 643141: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t".
7721 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp)
7722 , request_rate_limiter->repeat.load());
7723 if (strcmp(str, rate_limit_report) != 0) {
7724 SAFECOPY(rate_limit_report, str);
7725 lprintf(LOG_DEBUG, "%s", rate_limit_report);
7726 }
** CID 643140: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3431 in ctrl_thread(void *)()
/ftpsrvr.cpp: 2847 in ctrl_thread(void *)()
/ftpsrvr.cpp: 2557 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3214 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3490 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3242 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3174 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3204 in ctrl_thread(void *)()
/ftpsrvr.cpp: 2885 in ctrl_thread(void *)()
/ftpsrvr.cpp: 2540 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3192 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3363 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3366 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3367 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3283 in ctrl_thread(void *)()
_____________________________________________________________________________________________
*** CID 643140: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3431 in ctrl_thread(void *)()
3425
3426 if (!strnicmp(cmd, "CWD ", 4) || !strnicmp(cmd, "XCWD ", 5)) {
3427 if (!strnicmp(cmd, "CWD ", 4))
3428 p = cmd + 4;
3429 else
3430 p = cmd + 5;
CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3431 SKIP_WHITESPACE(p);
3432 tp = p;
3433 if (*tp == '/' || *tp == '\\') /* /local: and /bbs: are valid */
3434 tp++;
3435 if (!strnicmp(tp, BBS_FSYS_DIR, strlen(BBS_FSYS_DIR))) {
3436 local_fsys = FALSE; /ftpsrvr.cpp: 2847 in ctrl_thread(void *)()
2841 refresh_cfg(&scfg);
2842 sockprintf(sock, sess, "211 ALL servers/nodes will recycle when not in-use");
2843 continue;
2844 }
2845 if (!strnicmp(cmd, "SITE EXEC ", 10) && sysop) {
2846 p = cmd + 10;
CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2847 SKIP_WHITESPACE(p);
2848 #ifdef __unix__
2849 fp = popen(p, "r");
2850 if (fp == NULL)
2851 sockprintf(sock, sess, "500 Error %d opening pipe to: %s", errno, p);
2852 else {
/ftpsrvr.cpp: 2557 in ctrl_thread(void *)()
2551 continue;
2552 }
2553 if (!strnicmp(cmd, "PASS ", 5) && user.alias[0]) {
2554 user.number = 0;
2555 fmutex_close(&mutex_file);
2556 p = cmd + 5;
CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2557 SKIP_WHITESPACE(p);
2558
2559 SAFECOPY(password, p);
2560 uint usernum = find_login_id(&scfg, user.alias);
2561 if (usernum == 0) {
2562 if (scfg.sys_misc & SM_ECHO_PW) /ftpsrvr.cpp: 3214 in ctrl_thread(void *)()
3208 sockprintf(sock, sess, "200 STREAM mode.");
3209 continue;
3210 }
3211
3212 if (!strnicmp(cmd, "STRU ", 5)) {
3213 p = cmd + 5;
CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3214 SKIP_WHITESPACE(p);
3215 if (toupper(*p) != 'F')
3216 sockprintf(sock, sess, "504 Only FILE structure supported.");
3217 else
3218 sockprintf(sock, sess, "200 FILE structure.");
3219 continue;
/ftpsrvr.cpp: 3490 in ctrl_thread(void *)()
3484 , local_dir);
3485 continue;
3486 } /* Local PWD */
3487
3488 if (!strnicmp(cmd, "MKD ", 4) || !strnicmp(cmd, "XMKD", 4)) {
3489 p = cmd + 4;
CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3490 SKIP_WHITESPACE(p);
3491 if (*p == '/') /* absolute */
3492 SAFEPRINTF2(fname, "%s%s", root_dir(local_dir), p + 1);
3493 else /* relative */
3494 SAFEPRINTF2(fname, "%s%s", local_dir, p);
3495
/ftpsrvr.cpp: 3242 in ctrl_thread(void *)()
3236 }
3237 continue;
3238 }
3239
3240 if (!strnicmp(cmd, "SMNT ", 5) && sysop && !(startup->options & FTP_OPT_NO_LOCAL_FSYS)) {
3241 p = cmd + 5;
CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3242 SKIP_WHITESPACE(p);
3243 if (!stricmp(p, BBS_FSYS_DIR))
3244 local_fsys = FALSE;
3245 else {
3246 if (!direxist(p)) {
3247 sockprintf(sock, sess, "550 Directory does not exist.");
/ftpsrvr.cpp: 3174 in ctrl_thread(void *)()
3168 sockprintf(sock, sess, "200 All files sent in BINARY mode.");
3169 continue;
3170 }
3171
3172 if (!strnicmp(cmd, "ALLO", 4)) {
3173 p = cmd + 5;
CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3174 SKIP_WHITESPACE(p);
3175 if (*p)
3176 l = atol(p);
3177 else
3178 l = 0;
3179 if (local_fsys)
/ftpsrvr.cpp: 3204 in ctrl_thread(void *)()
3198 , filepos);
3199 continue;
3200 }
3201
3202 if (!strnicmp(cmd, "MODE ", 5)) {
3203 p = cmd + 5;
CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3204 SKIP_WHITESPACE(p);
3205 if (toupper(*p) != 'S')
3206 sockprintf(sock, sess, "504 Only STREAM mode supported.");
3207 else
3208 sockprintf(sock, sess, "200 STREAM mode.");
3209 continue;
/ftpsrvr.cpp: 2885 in ctrl_thread(void *)()
2879
2880 if (pasv_sock != INVALID_SOCKET) {
2881 ftp_close_socket(&pasv_sock, &pasv_sess, __LINE__);
2882 }
2883 memcpy(&data_addr, &ftp.client_addr, ftp.client_addr_len);
2884 p = cmd + 5;
CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2885 SKIP_WHITESPACE(p);
2886 if (strnicmp(cmd, "PORT ", 5) == 0 && sscanf(p, "%u,%u,%u,%u,%hd,%hd", &h1, &h2, &h3, &h4, &p1, &p2) == 6) {
2887 data_addr.in.sin_family = AF_INET;
2888 data_addr.in.sin_addr.s_addr = htonl((h1 << 24) | (h2 << 16) | (h3 << 8) | h4);
2889 data_port = (p1 << 8) | p2;
2890 } else if (strnicmp(cmd, "EPRT ", 5) == 0) { /* EPRT */
/ftpsrvr.cpp: 2540 in ctrl_thread(void *)()
2534 }
2535 if (!strnicmp(cmd, "USER ", 5)) {
2536 sysop = FALSE;
2537 user.number = 0;
2538 fmutex_close(&mutex_file);
2539 p = cmd + 5;
CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2540 SKIP_WHITESPACE(p);
2541 truncsp(p);
2542 SAFECOPY(user.alias, p);
2543 user.number = find_login_id(&scfg, user.alias); 2544 if (!user.number && (stricmp(user.alias, "anonymous") == 0 || stricmp(user.alias, "ftp") == 0))
2545 user.number = matchuser(&scfg, "guest", FALSE);
/ftpsrvr.cpp: 3192 in ctrl_thread(void *)()
3186 sockprintf(sock, sess, "200 %" PRIu64 " bytes available.", avail);
3187 continue;
3188 }
3189
3190 if (!strnicmp(cmd, "REST", 4)) {
3191 p = cmd + 4;
CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3192 SKIP_WHITESPACE(p);
3193 if (*p)
3194 filepos = atol(p);
3195 else
3196 filepos = 0;
3197 sockprintf(sock, sess, "350 Restarting at %ld. Send STORE or RETRIEVE to initiate transfer."
/ftpsrvr.cpp: 3363 in ctrl_thread(void *)()
3357 , sock, user.alias, errno, safe_strerror(errno, error, sizeof error), __LINE__, fname);
3358 sockprintf(sock, sess, "451 Insufficient system storage");
3359 continue;
3360 }
3361
3362 p = cmd + 4;
CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3363 SKIP_WHITESPACE(p);
3364
3365 if (*p == '-') { /* -Letc */
3366 FIND_WHITESPACE(p);
3367 SKIP_WHITESPACE(p);
3368 }
/ftpsrvr.cpp: 3366 in ctrl_thread(void *)()
3360 }
3361
3362 p = cmd + 4;
3363 SKIP_WHITESPACE(p);
3364
3365 if (*p == '-') { /* -Letc */
CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3366 FIND_WHITESPACE(p);
3367 SKIP_WHITESPACE(p);
3368 }
3369
3370 filespec = p;
3371 if (*filespec == 0)
/ftpsrvr.cpp: 3367 in ctrl_thread(void *)()
3361
3362 p = cmd + 4;
3363 SKIP_WHITESPACE(p);
3364
3365 if (*p == '-') { /* -Letc */
3366 FIND_WHITESPACE(p);
CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3367 SKIP_WHITESPACE(p);
3368 }
3369
3370 filespec = p;
3371 if (*filespec == 0)
3372 filespec = "*";
/ftpsrvr.cpp: 3283 in ctrl_thread(void *)()
3277 sockprintf(sock, sess, "451 Insufficient system storage");
3278 continue;
3279 }
3280 }
3281
3282 p = cmd + 4;
CID 643140: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3283 SKIP_WHITESPACE(p);
3284
3285 filespec = p;
3286 if (!local_dir[0])
3287 strcpy(local_dir, "/"); 3288 SAFEPRINTF2(path, "%s%s", local_dir, filespec);
** CID 643139: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1557 in ftpalias(char *, char *, user_t *, client_t *, int *)()
/ftpsrvr.cpp: 1544 in ftpalias(char *, char *, user_t *, client_t *, int *)()
_____________________________________________________________________________________________
*** CID 643139: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1557 in ftpalias(char *, char *, user_t *, client_t *, int *)()
1551 *tp = 0;
1552
1553 if (stricmp(p, alias)) /* Not a match */
1554 continue;
1555
1556 p = tp + 1; /* filename */
CID 643139: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1557 SKIP_WHITESPACE(p);
1558
1559 tp = p; /* terminator */
1560 FIND_WHITESPACE(tp);
1561 if (*tp)
1562 *tp = 0;
/ftpsrvr.cpp: 1544 in ftpalias(char *, char *, user_t *, client_t *, int *)()
1538
1539 while (!feof(fp)) {
1540 if (!fgets(line, sizeof(line), fp))
1541 break;
1542
1543 p = line; /* alias */
CID 643139: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1544 SKIP_WHITESPACE(p);
1545 if (*p == ';') /* comment */
1546 continue;
1547
1548 tp = p; /* terminator */
1549 FIND_WHITESPACE(tp);
** CID 643138: (Y2K38_SAFETY)
/services.cpp: 2230 in services_thread()
/services.cpp: 2232 in services_thread()
_____________________________________________________________________________________________
*** CID 643138: (Y2K38_SAFETY)
/services.cpp: 2230 in services_thread()
2224 std::string most_active = connect_rate_limiter->most_active(&most_active_count);
2225 char str[sizeof rate_limit_report]; 2226 char tmp[128], tmp2[128];
2227 snprintf(str, sizeof str, "Connect limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
2228 , connect_rate_limiter->client_count(), connect_rate_limiter->total(), most_active.c_str(), most_active_count
2229 , connect_rate_limiter->currHighwater.client.c_str(), connect_rate_limiter->currHighwater.count
CID 643138: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "connect_rate_limiter->currHighwater.time" is cast to "time32_t".
2230 , timestr(&scfg, (time32_t)connect_rate_limiter->currHighwater.time, tmp)
2231 , connect_rate_limiter->disallowed.load()
2232 , connect_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)connect_rate_limiter->lastLimited.time, tmp2)
2233 , connect_rate_limiter->repeat.load());
2234 if (strcmp(str, rate_limit_report) != 0) {
2235 SAFECOPY(rate_limit_report, str);
/services.cpp: 2232 in services_thread()
2226 char tmp[128], tmp2[128];
2227 snprintf(str, sizeof str, "Connect limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
2228 , connect_rate_limiter->client_count(), connect_rate_limiter->total(), most_active.c_str(), most_active_count
2229 , connect_rate_limiter->currHighwater.client.c_str(), connect_rate_limiter->currHighwater.count
2230 , timestr(&scfg, (time32_t)connect_rate_limiter->currHighwater.time, tmp)
2231 , connect_rate_limiter->disallowed.load()
CID 643138: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "connect_rate_limiter->lastLimited.time" is cast to "time32_t".
2232 , connect_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)connect_rate_limiter->lastLimited.time, tmp2)
2233 , connect_rate_limiter->repeat.load());
2234 if (strcmp(str, rate_limit_report) != 0) {
2235 SAFECOPY(rate_limit_report, str);
2236 lprintf(LOG_DEBUG, "%s", rate_limit_report);
2237 }
** CID 643137: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4105 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3782 in ctrl_thread(void *)()
_____________________________________________________________________________________________
*** CID 643137: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4105 in ctrl_thread(void *)()
4099 tp = np; /* terminator pointer */
4100 FIND_WHITESPACE(tp); 4101 if (*tp)
4102 *tp = 0;
4103
4104 dp = tp + 1; /* description pointer */
CID 643137: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4105 SKIP_WHITESPACE(dp); 4106 truncsp(dp);
4107
4108 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
4109 continue;
4110
/ftpsrvr.cpp: 3782 in ctrl_thread(void *)()
3776 tp = np; /* terminator pointer */
3777 FIND_WHITESPACE(tp);
3778 if (*tp)
3779 *tp = 0;
3780
3781 dp = tp + 1; /* description pointer */
CID 643137: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3782 SKIP_WHITESPACE(dp);
3783 truncsp(dp);
3784
3785 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
3786 continue;
3787
** CID 643136: (Y2K38_SAFETY)
/ftpsrvr.cpp: 5417 in ftp_server()
/ftpsrvr.cpp: 5416 in ftp_server()
_____________________________________________________________________________________________
*** CID 643136: (Y2K38_SAFETY)
/ftpsrvr.cpp: 5417 in ftp_server()
5411 std::string most_active = request_rate_limiter->most_active(&most_active_count);
5412 char tmp[128], tmp2[128];
5413 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
5414 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
5415 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
5416 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()
CID 643136: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t".
5417 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
5418 if (strcmp(str, rate_limit_report) != 0) {
5419 SAFECOPY(rate_limit_report, str);
5420 lprintf(LOG_DEBUG, "%s", rate_limit_report);
5421 }
5422 }
/ftpsrvr.cpp: 5416 in ftp_server()
5410 size_t most_active_count = 0;
5411 std::string most_active = request_rate_limiter->most_active(&most_active_count);
5412 char tmp[128], tmp2[128];
5413 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
5414 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
5415 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
CID 643136: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t".
5416 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()
5417 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
5418 if (strcmp(str, rate_limit_report) != 0) {
5419 SAFECOPY(rate_limit_report, str);
5420 lprintf(LOG_DEBUG, "%s", rate_limit_report);
5421 }
** CID 643135: Program hangs (LOCK)
/services.cpp: 2476 in services_thread()
_____________________________________________________________________________________________
*** CID 643135: Program hangs (LOCK)
/services.cpp: 2476 in services_thread()
2470 close_socket(client_socket);
2471 continue;
2472 }
2473
2474 if (!host_exempt->listed(host_ip, nullptr)) {
2475 login_attempt_t attempted;
CID 643135: Program hangs (LOCK)
"loginBanned" locks "startup->login_attempt_list->mutex" while it is locked.
2476 ulong banned = loginBanned(&scfg, startup->login_attempt_list, client_socket, /* host_name: */ NULL, startup->login_attempt, &attempted);
2477 if (banned) {
2478 char ban_duration[128];
2479 lprintf(LOG_NOTICE, "%04d [%s] !TEMPORARY BAN (%lu login attempts, last: %s) - remaining: %s"
2480 , client_socket, host_ip, attempted.count - attempted.dupes, attempted.user
2481 , duration_estimate_to_str(banned, ban_duration, sizeof ban_duration, 1, 1));
** CID 643134: Uninitialized members (UNINIT_CTOR)
/filterfile.hpp: 44 in filterFile::filterFile()()
_____________________________________________________________________________________________
*** CID 643134: Uninitialized members (UNINIT_CTOR)
/filterfile.hpp: 44 in filterFile::filterFile()()
38 filterFile() = default;
39 ~filterFile() {
40 strListFree(&list);
41 }
42 std::atomic<uint> fread_count{};
43 std::atomic<uint> total_found{};
CID 643134: Uninitialized members (UNINIT_CTOR)
The compiler-generated constructor for this class does not initialize "fchk_interval".
44 time_t fchk_interval; // seconds
45 char fname[MAX_PATH + 1];
46 bool listed(const char* str1, const char* str2 = nullptr, struct trash* details = nullptr) {
47 bool result;
48 time_t now = time(nullptr);
49 if (fchk_interval) {
** CID 643133: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4476 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4473 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4097 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3774 in ctrl_thread(void *)()
_____________________________________________________________________________________________
*** CID 643133: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4476 in ctrl_thread(void *)()
4470 *tp = 0;
4471
4472 np = tp + 1; /* filename pointer */
4473 SKIP_WHITESPACE(np);
4474
4475 np++; /* description pointer */
CID 643133: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4476 FIND_WHITESPACE(np);
4477
4478 while (*np && *np < ' ') np++;
4479
4480 truncsp(np);
4481
/ftpsrvr.cpp: 4473 in ctrl_thread(void *)()
4467 tp = p; /* terminator pointer */
4468 FIND_WHITESPACE(tp);
4469 if (*tp)
4470 *tp = 0;
4471
4472 np = tp + 1; /* filename pointer */
CID 643133: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4473 SKIP_WHITESPACE(np);
4474
4475 np++; /* description pointer */
4476 FIND_WHITESPACE(np);
4477
4478 while (*np && *np < ' ') np++;
/ftpsrvr.cpp: 4097 in ctrl_thread(void *)()
4091 tp = p; /* terminator pointer */
4092 FIND_WHITESPACE(tp); 4093 if (*tp)
4094 *tp = 0;
4095
4096 np = tp + 1; /* filename pointer */
CID 643133: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4097 SKIP_WHITESPACE(np); 4098
4099 tp = np; /* terminator pointer */
4100 FIND_WHITESPACE(tp); 4101 if (*tp)
4102 *tp = 0; /ftpsrvr.cpp: 3774 in ctrl_thread(void *)()
3768 tp = p; /* terminator pointer */
3769 FIND_WHITESPACE(tp);
3770 if (*tp)
3771 *tp = 0;
3772
3773 np = tp + 1; /* filename pointer */
CID 643133: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3774 SKIP_WHITESPACE(np);
3775
3776 tp = np; /* terminator pointer */
3777 FIND_WHITESPACE(tp);
3778 if (*tp)
3779 *tp = 0;
** CID 643132: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1560 in ftpalias(char *, char *, user_t *, client_t *, int *)()
/ftpsrvr.cpp: 1549 in ftpalias(char *, char *, user_t *, client_t *, int *)()
_____________________________________________________________________________________________
*** CID 643132: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1560 in ftpalias(char *, char *, user_t *, client_t *, int *)()
1554 continue;
1555
1556 p = tp + 1; /* filename */
1557 SKIP_WHITESPACE(p);
1558
1559 tp = p; /* terminator */
CID 643132: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1560 FIND_WHITESPACE(tp);
1561 if (*tp)
1562 *tp = 0;
1563
1564 if (filename == NULL /* CWD? */ && (*lastchar(p) != '/' || (*fname != 0 && strcmp(fname, alias)))) {
1565 fclose(fp);
/ftpsrvr.cpp: 1549 in ftpalias(char *, char *, user_t *, client_t *, int *)()
1543 p = line; /* alias */
1544 SKIP_WHITESPACE(p);
1545 if (*p == ';') /* comment */
1546 continue;
1547
1548 tp = p; /* terminator */
CID 643132: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1549 FIND_WHITESPACE(tp);
1550 if (*tp)
1551 *tp = 0;
1552
1553 if (stricmp(p, alias)) /* Not a match */
1554 continue;
** CID 643131: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3769 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3777 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4100 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4092 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4468 in ctrl_thread(void *)()
_____________________________________________________________________________________________
*** CID 643131: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3769 in ctrl_thread(void *)()
3763 SKIP_WHITESPACE(p);
3764
3765 if (*p == ';') /* comment */
3766 continue;
3767
3768 tp = p; /* terminator pointer */
CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3769 FIND_WHITESPACE(tp);
3770 if (*tp)
3771 *tp = 0;
3772
3773 np = tp + 1; /* filename pointer */
3774 SKIP_WHITESPACE(np);
/ftpsrvr.cpp: 3777 in ctrl_thread(void *)()
3771 *tp = 0;
3772
3773 np = tp + 1; /* filename pointer */
3774 SKIP_WHITESPACE(np);
3775
3776 tp = np; /* terminator pointer */
CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3777 FIND_WHITESPACE(tp);
3778 if (*tp)
3779 *tp = 0;
3780
3781 dp = tp + 1; /* description pointer */
3782 SKIP_WHITESPACE(dp);
/ftpsrvr.cpp: 4100 in ctrl_thread(void *)()
4094 *tp = 0;
4095
4096 np = tp + 1; /* filename pointer */
4097 SKIP_WHITESPACE(np); 4098
4099 tp = np; /* terminator pointer */
CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4100 FIND_WHITESPACE(tp); 4101 if (*tp)
4102 *tp = 0;
4103
4104 dp = tp + 1; /* description pointer */
4105 SKIP_WHITESPACE(dp); /ftpsrvr.cpp: 4092 in ctrl_thread(void *)()
4086 SKIP_WHITESPACE(p); 4087
4088 if (*p == ';') /* comment */
4089 continue;
4090
4091 tp = p; /* terminator pointer */
CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4092 FIND_WHITESPACE(tp); 4093 if (*tp)
4094 *tp = 0;
4095
4096 np = tp + 1; /* filename pointer */
4097 SKIP_WHITESPACE(np); /ftpsrvr.cpp: 4468 in ctrl_thread(void *)()
4462 SKIP_WHITESPACE(p);
4463
4464 if (*p == ';') /* comment */
4465 continue;
4466
4467 tp = p; /* terminator pointer */
CID 643131: (CONSTANT_EXPRESSION_RESULT)
"(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4468 FIND_WHITESPACE(tp);
4469 if (*tp)
4470 *tp = 0;
4471
4472 np = tp + 1; /* filename pointer */
4473 SKIP_WHITESPACE(np);
** CID 643130: Error handling issues (CHECKED_RETURN)
/ftpsrvr.cpp: 929 in receive_thread(void *)()
_____________________________________________________________________________________________
*** CID 643130: Error handling issues (CHECKED_RETURN)
/ftpsrvr.cpp: 929 in receive_thread(void *)()
923
924 *xfer.aborted = FALSE;
925 if (xfer.filepos || startup->options & FTP_OPT_DEBUG_DATA)
926 lprintf(LOG_DEBUG, "%04d <%s> DATA socket %d receiving %s from offset %" PRIdOFF
927 , xfer.ctrl_sock, xfer.user->alias, *xfer.data_sock, xfer.filename, xfer.filepos);
928
CID 643130: Error handling issues (CHECKED_RETURN)
Calling "fseeko(fp, xfer.filepos, 0)" without checking return value. This library function may fail and return an error code.
929 fseeko(fp, xfer.filepos, SEEK_SET);
930
931 // Determine the maximum file size to allow, accounting for minimum free space
932 char path[MAX_PATH + 1];
933 SAFECOPY(path, xfer.filename);
934 *getfname(path) = '\0';
** CID 643129: (Y2K38_SAFETY)
/mailsrvr.cpp: 6497 in mail_server()
/mailsrvr.cpp: 6496 in mail_server()
_____________________________________________________________________________________________
*** CID 643129: (Y2K38_SAFETY)
/mailsrvr.cpp: 6497 in mail_server()
6491 std::string most_active = request_rate_limiter->most_active(&most_active_count);
6492 char tmp[128], tmp2[128];
6493 snprintf(str, sizeof str, "Rate limiting current; clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
6494 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
6495 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
6496 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()
CID 643129: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t".
6497 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
6498 if (strcmp(str, rate_limit_report) != 0) {
6499 SAFECOPY(rate_limit_report, str);
6500 lprintf(LOG_DEBUG, "%s", rate_limit_report);
6501 }
6502 }
/mailsrvr.cpp: 6496 in mail_server()
6490 size_t most_active_count = 0;
6491 std::string most_active = request_rate_limiter->most_active(&most_active_count);
6492 char tmp[128], tmp2[128];
6493 snprintf(str, sizeof str, "Rate limiting current; clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
6494 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
6495 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
CID 643129: (Y2K38_SAFETY)
A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t".
6496 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()
6497 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
6498 if (strcmp(str, rate_limit_report) != 0) {
6499 SAFECOPY(rate_limit_report, str);
6500 lprintf(LOG_DEBUG, "%s", rate_limit_report);
6501 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://scan.coverity.com/projects/synchronet?tab=overview
----==_mimepart_698f2d096fc4c_11e62b0ff68619ac1976e
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - Synchronet</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>
<p>
Please find the latest report on new defect(s) introduced to <strong>Synchronet</strong>
found with Coverity Scan.
</p>
<ul>
<li><strong>New Defects Found:</strong> 18</li>
<li>
12 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 18 of 18 defect(s)</li>
</ul>
<h3>Defect Details</h3>
<pre>
** CID 643146: Program hangs (SLEEP)
_____________________________________________________________________________________________
*** CID 643146: Program hangs (SLEEP)
/filterfile.hpp: 56 in filterFile::listed(const char *, const char *, trash *)()
50 const std::lock_guard<std::mutex> lock(mutex);
51 if ((now - lastftime_check) >= fchk_interval) {
52 lastftime_check = now;
53 time_t latest = fdate(fname);
54 if (latest > timestamp) {
55 strListFree(&list); >>> CID 643146: Program hangs (SLEEP)
>>> Call to "findstr_list" might sleep while holding lock "lock._M_device".
56 list = findstr_list(fname);
57 timestamp = latest;
58 ++fread_count;
59 }
60 }
61 result = trash_in_list(str1, str2, list, details);
** CID 643145: Security best practices violations (DC.WEAK_CRYPTO) /ftpsrvr.cpp: 1844 in ftp_tmpfname(char *, const char *, int)()
_____________________________________________________________________________________________
*** CID 643145: Security best practices violations (DC.WEAK_CRYPTO) /ftpsrvr.cpp: 1844 in ftp_tmpfname(char *, const char *, int)() 1838 return FALSE;
1839 }
1840
1841 static char* ftp_tmpfname(char* fname, const char* ext, SOCKET sock) 1842 {
1843 safe_snprintf(fname, MAX_PATH, "%sSBBS_FTP.%x%x%x%lx.%s"
>>> CID 643145: Security best practices violations (DC.WEAK_CRYPTO)
>>> "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
1844 , scfg.temp_dir, getpid(), sock, rand(), (ulong)clock(), ext);
1845 return fname;
1846 }
1847
1848 #if defined(__GNUC__) // Catch printf-format errors
1849 static BOOL send_mlsx(FILE *fp, SOCKET sock, CRYPT_SESSION sess, const char *format, ...) __attribute__ ((format (printf, 4, 5)));
** CID 643144: Memory - corruptions (OVERRUN)
/ftpsrvr.cpp: 1359 in filexfer(xp_sockaddr *, int, int, int, int, int *, int *, char *, long, volatile int *, volatile int *, int, int, long *, user_t *, client_t *, int, int, int, int, char *, int)()
_____________________________________________________________________________________________
*** CID 643144: Memory - corruptions (OVERRUN)
/ftpsrvr.cpp: 1359 in filexfer(xp_sockaddr *, int, int, int, int, int *, int *, char *, long, volatile int *, volatile int *, int, int, long *, user_t *, client_t *, int, int, int, int, char *, int)()
1353 }
1354
1355 addr_len = sizeof(*addr);
1356 #ifdef SOCKET_DEBUG_ACCEPT
1357 socket_debug[ctrl_sock] |= SOCKET_DEBUG_ACCEPT;
1358 #endif
>>> CID 643144: Memory - corruptions (OVERRUN) >>> Overrunning struct type sockaddr of 16 bytes by passing it to a function which accesses it at byte offset 127 using argument "addr_len" (which evaluates to 128).
1359 *data_sock = accept(pasv_sock, &addr->addr, &addr_len);
1360 #ifdef SOCKET_DEBUG_ACCEPT
1361 socket_debug[ctrl_sock] &= ~SOCKET_DEBUG_ACCEPT; 1362 #endif
1363 if (*data_sock == INVALID_SOCKET) {
1364 lprintf(LOG_WARNING, "%04d <%s> PASV !DATA ERROR %d accepting connection on socket %d"
** CID 643143: Error handling issues (CHECKED_RETURN)
/ftpsrvr.cpp: 450 in sock_recvbyte(int, int, char *, long *)()
_____________________________________________________________________________________________
*** CID 643143: Error handling issues (CHECKED_RETURN)
/ftpsrvr.cpp: 450 in sock_recvbyte(int, int, char *, long *)()
444 /* Try a read with no timeout first. */
445 if ((ret = cryptSetAttribute(sess, CRYPT_OPTION_NET_READTIMEOUT, 0)) != CRYPT_OK)
446 GCES(ret, sock, sess, estr, "setting read timeout");
447 while (1) {
448 ret = cryptPopData(sess, buf, 1, &len);
449 /* Successive reads will be with the full timeout after a socket_readable() */
>>> CID 643143: Error handling issues (CHECKED_RETURN) >>> Calling "cryptSetAttribute" without checking return value (as is done elsewhere 55 out of 68 times).
450 cryptSetAttribute(sess, CRYPT_OPTION_NET_READTIMEOUT, startup->max_inactivity);
451 switch (ret) {
452 case CRYPT_OK:
453 break;
454 case CRYPT_ERROR_TIMEOUT:
455 if (!first) {
** CID 643142: (CHECKED_RETURN)
/ftpsrvr.cpp: 663 in send_thread(void *)()
/ftpsrvr.cpp: 700 in send_thread(void *)()
_____________________________________________________________________________________________
*** CID 643142: (CHECKED_RETURN)
/ftpsrvr.cpp: 663 in send_thread(void *)()
657 if (xfer.filepos < 0)
658 xfer.filepos = 0;
659 if (startup->options & FTP_OPT_DEBUG_DATA || xfer.filepos)
660 lprintf(LOG_DEBUG, "%04d <%s> DATA socket %d sending %s from offset %" PRIdOFF
661 , xfer.ctrl_sock, xfer.user->alias, *xfer.data_sock, xfer.filename, xfer.filepos);
662
>>> CID 643142: (CHECKED_RETURN)
>>> Calling "fseeko(fp, xfer.filepos, 0)" without checking return value. This library function may fail and return an error code.
663 fseeko(fp, xfer.filepos, SEEK_SET);
664 last_report = start = time(NULL);
665 while ((xfer.filepos + total) < length) {
666
667 now = time(NULL);
668
/ftpsrvr.cpp: 700 in send_thread(void *)()
694 }
695
696 /* Check socket for writability */
697 if (!socket_writable(*xfer.data_sock, 1000))
698 continue;
699
>>> CID 643142: (CHECKED_RETURN)
>>> Calling "fseeko(fp, xfer.filepos + total, 0)" without checking return value. This library function may fail and return an error code.
700 fseeko(fp, xfer.filepos + total, SEEK_SET);
701 rd = fread(buf, sizeof(char), sizeof(buf), fp);
702 if (rd < 1) /* EOF or READ error */
703 break;
704
705 #ifdef SOCKET_DEBUG_SEND
** CID 643141: (Y2K38_SAFETY)
/websrvr.cpp: 7719 in web_server()
/websrvr.cpp: 7721 in web_server()
_____________________________________________________________________________________________
*** CID 643141: (Y2K38_SAFETY)
/websrvr.cpp: 7719 in web_server()
7713 std::string most_active = request_rate_limiter->most_active(&most_active_count);
7714 char str[sizeof rate_limit_report]; 7715 char tmp[128];
7716 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
7717 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
7718 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
>>> CID 643141: (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t".
7719 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, logstr)
7720 , request_rate_limiter->disallowed.load()
7721 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp)
7722 , request_rate_limiter->repeat.load());
7723 if (strcmp(str, rate_limit_report) != 0) {
7724 SAFECOPY(rate_limit_report, str);
/websrvr.cpp: 7721 in web_server()
7715 char tmp[128];
7716 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
7717 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
7718 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
7719 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, logstr)
7720 , request_rate_limiter->disallowed.load()
>>> CID 643141: (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t".
7721 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp)
7722 , request_rate_limiter->repeat.load());
7723 if (strcmp(str, rate_limit_report) != 0) {
7724 SAFECOPY(rate_limit_report, str);
7725 lprintf(LOG_DEBUG, "%s", rate_limit_report);
7726 }
** CID 643140: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3431 in ctrl_thread(void *)()
/ftpsrvr.cpp: 2847 in ctrl_thread(void *)()
/ftpsrvr.cpp: 2557 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3214 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3490 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3242 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3174 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3204 in ctrl_thread(void *)()
/ftpsrvr.cpp: 2885 in ctrl_thread(void *)()
/ftpsrvr.cpp: 2540 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3192 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3363 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3366 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3367 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3283 in ctrl_thread(void *)()
_____________________________________________________________________________________________
*** CID 643140: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3431 in ctrl_thread(void *)()
3425
3426 if (!strnicmp(cmd, "CWD ", 4) || !strnicmp(cmd, "XCWD ", 5)) {
3427 if (!strnicmp(cmd, "CWD ", 4))
3428 p = cmd + 4;
3429 else
3430 p = cmd + 5;
>>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3431 SKIP_WHITESPACE(p);
3432 tp = p;
3433 if (*tp == '/' || *tp == '\\') /* /local: and /bbs: are valid */
3434 tp++;
3435 if (!strnicmp(tp, BBS_FSYS_DIR, strlen(BBS_FSYS_DIR))) {
3436 local_fsys = FALSE; /ftpsrvr.cpp: 2847 in ctrl_thread(void *)()
2841 refresh_cfg(&scfg);
2842 sockprintf(sock, sess, "211 ALL servers/nodes will recycle when not in-use");
2843 continue;
2844 }
2845 if (!strnicmp(cmd, "SITE EXEC ", 10) && sysop) {
2846 p = cmd + 10;
>>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2847 SKIP_WHITESPACE(p);
2848 #ifdef __unix__
2849 fp = popen(p, "r");
2850 if (fp == NULL)
2851 sockprintf(sock, sess, "500 Error %d opening pipe to: %s", errno, p);
2852 else {
/ftpsrvr.cpp: 2557 in ctrl_thread(void *)()
2551 continue;
2552 }
2553 if (!strnicmp(cmd, "PASS ", 5) && user.alias[0]) {
2554 user.number = 0;
2555 fmutex_close(&mutex_file);
2556 p = cmd + 5;
>>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2557 SKIP_WHITESPACE(p);
2558
2559 SAFECOPY(password, p);
2560 uint usernum = find_login_id(&scfg, user.alias);
2561 if (usernum == 0) {
2562 if (scfg.sys_misc & SM_ECHO_PW) /ftpsrvr.cpp: 3214 in ctrl_thread(void *)()
3208 sockprintf(sock, sess, "200 STREAM mode.");
3209 continue;
3210 }
3211
3212 if (!strnicmp(cmd, "STRU ", 5)) {
3213 p = cmd + 5;
>>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3214 SKIP_WHITESPACE(p);
3215 if (toupper(*p) != 'F')
3216 sockprintf(sock, sess, "504 Only FILE structure supported.");
3217 else
3218 sockprintf(sock, sess, "200 FILE structure.");
3219 continue;
/ftpsrvr.cpp: 3490 in ctrl_thread(void *)()
3484 , local_dir);
3485 continue;
3486 } /* Local PWD */
3487
3488 if (!strnicmp(cmd, "MKD ", 4) || !strnicmp(cmd, "XMKD", 4)) {
3489 p = cmd + 4;
>>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3490 SKIP_WHITESPACE(p);
3491 if (*p == '/') /* absolute */ 3492 SAFEPRINTF2(fname, "%s%s", root_dir(local_dir), p + 1);
3493 else /* relative */
3494 SAFEPRINTF2(fname, "%s%s", local_dir, p);
3495
/ftpsrvr.cpp: 3242 in ctrl_thread(void *)()
3236 }
3237 continue;
3238 }
3239
3240 if (!strnicmp(cmd, "SMNT ", 5) && sysop && !(startup->options & FTP_OPT_NO_LOCAL_FSYS)) {
3241 p = cmd + 5;
>>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3242 SKIP_WHITESPACE(p);
3243 if (!stricmp(p, BBS_FSYS_DIR))
3244 local_fsys = FALSE;
3245 else {
3246 if (!direxist(p)) {
3247 sockprintf(sock, sess, "550 Directory does not exist.");
/ftpsrvr.cpp: 3174 in ctrl_thread(void *)()
3168 sockprintf(sock, sess, "200 All files sent in BINARY mode.");
3169 continue;
3170 }
3171
3172 if (!strnicmp(cmd, "ALLO", 4)) {
3173 p = cmd + 5;
>>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3174 SKIP_WHITESPACE(p);
3175 if (*p)
3176 l = atol(p);
3177 else
3178 l = 0;
3179 if (local_fsys)
/ftpsrvr.cpp: 3204 in ctrl_thread(void *)()
3198 , filepos);
3199 continue;
3200 }
3201
3202 if (!strnicmp(cmd, "MODE ", 5)) {
3203 p = cmd + 5;
>>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3204 SKIP_WHITESPACE(p);
3205 if (toupper(*p) != 'S')
3206 sockprintf(sock, sess, "504 Only STREAM mode supported.");
3207 else
3208 sockprintf(sock, sess, "200 STREAM mode.");
3209 continue;
/ftpsrvr.cpp: 2885 in ctrl_thread(void *)()
2879
2880 if (pasv_sock != INVALID_SOCKET) {
2881 ftp_close_socket(&pasv_sock, &pasv_sess, __LINE__);
2882 }
2883 memcpy(&data_addr, &ftp.client_addr, ftp.client_addr_len);
2884 p = cmd + 5;
>>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2885 SKIP_WHITESPACE(p);
2886 if (strnicmp(cmd, "PORT ", 5) == 0 && sscanf(p, "%u,%u,%u,%u,%hd,%hd", &h1, &h2, &h3, &h4, &p1, &p2) == 6) {
2887 data_addr.in.sin_family = AF_INET;
2888 data_addr.in.sin_addr.s_addr = htonl((h1 << 24) | (h2 << 16) | (h3 << 8) | h4);
2889 data_port = (p1 << 8) | p2;
2890 } else if (strnicmp(cmd, "EPRT ", 5) == 0) { /* EPRT */
/ftpsrvr.cpp: 2540 in ctrl_thread(void *)()
2534 }
2535 if (!strnicmp(cmd, "USER ", 5)) {
2536 sysop = FALSE;
2537 user.number = 0;
2538 fmutex_close(&mutex_file);
2539 p = cmd + 5;
>>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2540 SKIP_WHITESPACE(p);
2541 truncsp(p);
2542 SAFECOPY(user.alias, p);
2543 user.number = find_login_id(&scfg, user.alias);
2544 if (!user.number && (stricmp(user.alias, "anonymous") == 0 || stricmp(user.alias, "ftp") == 0))
2545 user.number = matchuser(&scfg, "guest", FALSE);
/ftpsrvr.cpp: 3192 in ctrl_thread(void *)()
3186 sockprintf(sock, sess, "200 %" PRIu64 " bytes available.", avail);
3187 continue;
3188 }
3189
3190 if (!strnicmp(cmd, "REST", 4)) {
3191 p = cmd + 4;
>>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3192 SKIP_WHITESPACE(p);
3193 if (*p)
3194 filepos = atol(p);
3195 else
3196 filepos = 0;
3197 sockprintf(sock, sess, "350 Restarting at %ld. Send STORE or RETRIEVE to initiate transfer."
/ftpsrvr.cpp: 3363 in ctrl_thread(void *)()
3357 , sock, user.alias, errno, safe_strerror(errno, error, sizeof error), __LINE__, fname);
3358 sockprintf(sock, sess, "451 Insufficient system storage");
3359 continue;
3360 }
3361
3362 p = cmd + 4;
>>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3363 SKIP_WHITESPACE(p);
3364
3365 if (*p == '-') { /* -Letc */ 3366 FIND_WHITESPACE(p);
3367 SKIP_WHITESPACE(p);
3368 }
/ftpsrvr.cpp: 3366 in ctrl_thread(void *)()
3360 }
3361
3362 p = cmd + 4;
3363 SKIP_WHITESPACE(p);
3364
3365 if (*p == '-') { /* -Letc */ >>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3366 FIND_WHITESPACE(p);
3367 SKIP_WHITESPACE(p);
3368 }
3369
3370 filespec = p;
3371 if (*filespec == 0)
/ftpsrvr.cpp: 3367 in ctrl_thread(void *)()
3361
3362 p = cmd + 4;
3363 SKIP_WHITESPACE(p);
3364
3365 if (*p == '-') { /* -Letc */ 3366 FIND_WHITESPACE(p); >>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3367 SKIP_WHITESPACE(p);
3368 }
3369
3370 filespec = p;
3371 if (*filespec == 0)
3372 filespec = "*"; /ftpsrvr.cpp: 3283 in ctrl_thread(void *)()
3277 sockprintf(sock, sess, "451 Insufficient system storage");
3278 continue;
3279 }
3280 }
3281
3282 p = cmd + 4;
>>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3283 SKIP_WHITESPACE(p);
3284
3285 filespec = p;
3286 if (!local_dir[0])
3287 strcpy(local_dir, "/");
3288 SAFEPRINTF2(path, "%s%s", local_dir, filespec);
** CID 643139: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1557 in ftpalias(char *, char *, user_t *, client_t *, int *)()
/ftpsrvr.cpp: 1544 in ftpalias(char *, char *, user_t *, client_t *, int *)()
_____________________________________________________________________________________________
*** CID 643139: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1557 in ftpalias(char *, char *, user_t *, client_t *, int *)()
1551 *tp = 0;
1552
1553 if (stricmp(p, alias)) /* Not a match */
1554 continue;
1555
1556 p = tp + 1; /* filename */
>>> CID 643139: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1557 SKIP_WHITESPACE(p);
1558
1559 tp = p; /* terminator */
1560 FIND_WHITESPACE(tp);
1561 if (*tp)
1562 *tp = 0;
/ftpsrvr.cpp: 1544 in ftpalias(char *, char *, user_t *, client_t *, int *)()
1538
1539 while (!feof(fp)) {
1540 if (!fgets(line, sizeof(line), fp))
1541 break;
1542
1543 p = line; /* alias */
>>> CID 643139: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1544 SKIP_WHITESPACE(p);
1545 if (*p == ';') /* comment */
1546 continue;
1547
1548 tp = p; /* terminator */
1549 FIND_WHITESPACE(tp);
** CID 643138: (Y2K38_SAFETY)
/services.cpp: 2230 in services_thread()
/services.cpp: 2232 in services_thread()
_____________________________________________________________________________________________
*** CID 643138: (Y2K38_SAFETY)
/services.cpp: 2230 in services_thread()
2224 std::string most_active = connect_rate_limiter->most_active(&most_active_count);
2225 char str[sizeof rate_limit_report]; 2226 char tmp[128], tmp2[128];
2227 snprintf(str, sizeof str, "Connect limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
2228 , connect_rate_limiter->client_count(), connect_rate_limiter->total(), most_active.c_str(), most_active_count
2229 , connect_rate_limiter->currHighwater.client.c_str(), connect_rate_limiter->currHighwater.count
>>> CID 643138: (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "connect_rate_limiter->currHighwater.time" is cast to "time32_t".
2230 , timestr(&scfg, (time32_t)connect_rate_limiter->currHighwater.time, tmp)
2231 , connect_rate_limiter->disallowed.load()
2232 , connect_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)connect_rate_limiter->lastLimited.time, tmp2)
2233 , connect_rate_limiter->repeat.load());
2234 if (strcmp(str, rate_limit_report) != 0) {
2235 SAFECOPY(rate_limit_report, str);
/services.cpp: 2232 in services_thread()
2226 char tmp[128], tmp2[128];
2227 snprintf(str, sizeof str, "Connect limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
2228 , connect_rate_limiter->client_count(), connect_rate_limiter->total(), most_active.c_str(), most_active_count
2229 , connect_rate_limiter->currHighwater.client.c_str(), connect_rate_limiter->currHighwater.count
2230 , timestr(&scfg, (time32_t)connect_rate_limiter->currHighwater.time, tmp)
2231 , connect_rate_limiter->disallowed.load()
>>> CID 643138: (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "connect_rate_limiter->lastLimited.time" is cast to "time32_t".
2232 , connect_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)connect_rate_limiter->lastLimited.time, tmp2)
2233 , connect_rate_limiter->repeat.load());
2234 if (strcmp(str, rate_limit_report) != 0) {
2235 SAFECOPY(rate_limit_report, str);
2236 lprintf(LOG_DEBUG, "%s", rate_limit_report);
2237 }
** CID 643137: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4105 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3782 in ctrl_thread(void *)()
_____________________________________________________________________________________________
*** CID 643137: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4105 in ctrl_thread(void *)()
4099 tp = np; /* terminator pointer */
4100 FIND_WHITESPACE(tp); 4101 if (*tp)
4102 *tp = 0;
4103
4104 dp = tp + 1; /* description pointer */
>>> CID 643137: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4105 SKIP_WHITESPACE(dp); 4106 truncsp(dp);
4107
4108 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
4109 continue;
4110
/ftpsrvr.cpp: 3782 in ctrl_thread(void *)()
3776 tp = np; /* terminator pointer */
3777 FIND_WHITESPACE(tp);
3778 if (*tp)
3779 *tp = 0;
3780
3781 dp = tp + 1; /* description pointer */
>>> CID 643137: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3782 SKIP_WHITESPACE(dp);
3783 truncsp(dp);
3784
3785 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
3786 continue;
3787
** CID 643136: (Y2K38_SAFETY)
/ftpsrvr.cpp: 5417 in ftp_server()
/ftpsrvr.cpp: 5416 in ftp_server()
_____________________________________________________________________________________________
*** CID 643136: (Y2K38_SAFETY)
/ftpsrvr.cpp: 5417 in ftp_server()
5411 std::string most_active = request_rate_limiter->most_active(&most_active_count);
5412 char tmp[128], tmp2[128];
5413 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
5414 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
5415 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
5416 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()
>>> CID 643136: (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t".
5417 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
5418 if (strcmp(str, rate_limit_report) != 0) {
5419 SAFECOPY(rate_limit_report, str);
5420 lprintf(LOG_DEBUG, "%s", rate_limit_report);
5421 }
5422 }
/ftpsrvr.cpp: 5416 in ftp_server()
5410 size_t most_active_count = 0;
5411 std::string most_active = request_rate_limiter->most_active(&most_active_count);
5412 char tmp[128], tmp2[128];
5413 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
5414 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
5415 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
>>> CID 643136: (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t".
5416 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()
5417 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
5418 if (strcmp(str, rate_limit_report) != 0) {
5419 SAFECOPY(rate_limit_report, str);
5420 lprintf(LOG_DEBUG, "%s", rate_limit_report);
5421 }
** CID 643135: Program hangs (LOCK)
/services.cpp: 2476 in services_thread()
_____________________________________________________________________________________________
*** CID 643135: Program hangs (LOCK)
/services.cpp: 2476 in services_thread()
2470 close_socket(client_socket);
2471 continue;
2472 }
2473
2474 if (!host_exempt->listed(host_ip, nullptr)) {
2475 login_attempt_t attempted;
>>> CID 643135: Program hangs (LOCK)
>>> "loginBanned" locks "startup->login_attempt_list->mutex" while it is locked.
2476 ulong banned = loginBanned(&scfg, startup->login_attempt_list, client_socket, /* host_name: */ NULL, startup->login_attempt, &attempted);
2477 if (banned) {
2478 char ban_duration[128];
2479 lprintf(LOG_NOTICE, "%04d [%s] !TEMPORARY BAN (%lu login attempts, last: %s) - remaining: %s"
2480 , client_socket, host_ip, attempted.count - attempted.dupes, attempted.user
2481 , duration_estimate_to_str(banned, ban_duration, sizeof ban_duration, 1, 1));
** CID 643134: Uninitialized members (UNINIT_CTOR)
/filterfile.hpp: 44 in filterFile::filterFile()()
_____________________________________________________________________________________________
*** CID 643134: Uninitialized members (UNINIT_CTOR)
/filterfile.hpp: 44 in filterFile::filterFile()()
38 filterFile() = default;
39 ~filterFile() {
40 strListFree(&list);
41 }
42 std::atomic<uint> fread_count{};
43 std::atomic<uint> total_found{};
>>> CID 643134: Uninitialized members (UNINIT_CTOR) >>> The compiler-generated constructor for this class does not initialize "fchk_interval".
44 time_t fchk_interval; // seconds
45 char fname[MAX_PATH + 1];
46 bool listed(const char* str1, const char* str2 = nullptr, struct trash* details = nullptr) {
47 bool result;
48 time_t now = time(nullptr);
49 if (fchk_interval) {
** CID 643133: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4476 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4473 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4097 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3774 in ctrl_thread(void *)()
_____________________________________________________________________________________________
*** CID 643133: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4476 in ctrl_thread(void *)()
4470 *tp = 0;
4471
4472 np = tp + 1; /* filename pointer */
4473 SKIP_WHITESPACE(np);
4474
4475 np++; /* description pointer */
>>> CID 643133: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4476 FIND_WHITESPACE(np);
4477
4478 while (*np && *np < ' ') np++;
4479
4480 truncsp(np);
4481
/ftpsrvr.cpp: 4473 in ctrl_thread(void *)()
4467 tp = p; /* terminator pointer */
4468 FIND_WHITESPACE(tp);
4469 if (*tp)
4470 *tp = 0;
4471
4472 np = tp + 1; /* filename pointer */
>>> CID 643133: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4473 SKIP_WHITESPACE(np);
4474
4475 np++; /* description pointer */
4476 FIND_WHITESPACE(np);
4477
4478 while (*np && *np < ' ') np++;
/ftpsrvr.cpp: 4097 in ctrl_thread(void *)()
4091 tp = p; /* terminator pointer */
4092 FIND_WHITESPACE(tp); 4093 if (*tp)
4094 *tp = 0;
4095
4096 np = tp + 1; /* filename pointer */
>>> CID 643133: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4097 SKIP_WHITESPACE(np); 4098
4099 tp = np; /* terminator pointer */
4100 FIND_WHITESPACE(tp); 4101 if (*tp)
4102 *tp = 0; /ftpsrvr.cpp: 3774 in ctrl_thread(void *)()
3768 tp = p; /* terminator pointer */
3769 FIND_WHITESPACE(tp);
3770 if (*tp)
3771 *tp = 0;
3772
3773 np = tp + 1; /* filename pointer */
>>> CID 643133: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3774 SKIP_WHITESPACE(np);
3775
3776 tp = np; /* terminator pointer */
3777 FIND_WHITESPACE(tp);
3778 if (*tp)
3779 *tp = 0;
** CID 643132: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1560 in ftpalias(char *, char *, user_t *, client_t *, int *)()
/ftpsrvr.cpp: 1549 in ftpalias(char *, char *, user_t *, client_t *, int *)()
_____________________________________________________________________________________________
*** CID 643132: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1560 in ftpalias(char *, char *, user_t *, client_t *, int *)()
1554 continue;
1555
1556 p = tp + 1; /* filename */
1557 SKIP_WHITESPACE(p);
1558
1559 tp = p; /* terminator */
>>> CID 643132: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1560 FIND_WHITESPACE(tp);
1561 if (*tp)
1562 *tp = 0;
1563
1564 if (filename == NULL /* CWD? */ && (*lastchar(p) != '/' || (*fname != 0 && strcmp(fname, alias)))) {
1565 fclose(fp);
/ftpsrvr.cpp: 1549 in ftpalias(char *, char *, user_t *, client_t *, int *)()
1543 p = line; /* alias */
1544 SKIP_WHITESPACE(p);
1545 if (*p == ';') /* comment */
1546 continue;
1547
1548 tp = p; /* terminator */
>>> CID 643132: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1549 FIND_WHITESPACE(tp);
1550 if (*tp)
1551 *tp = 0;
1552
1553 if (stricmp(p, alias)) /* Not a match */
1554 continue;
** CID 643131: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3769 in ctrl_thread(void *)()
/ftpsrvr.cpp: 3777 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4100 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4092 in ctrl_thread(void *)()
/ftpsrvr.cpp: 4468 in ctrl_thread(void *)()
_____________________________________________________________________________________________
*** CID 643131: (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3769 in ctrl_thread(void *)()
3763 SKIP_WHITESPACE(p);
3764
3765 if (*p == ';') /* comment */
3766 continue;
3767
3768 tp = p; /* terminator pointer */
>>> CID 643131: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3769 FIND_WHITESPACE(tp);
3770 if (*tp)
3771 *tp = 0;
3772
3773 np = tp + 1; /* filename pointer */
3774 SKIP_WHITESPACE(np);
/ftpsrvr.cpp: 3777 in ctrl_thread(void *)()
3771 *tp = 0;
3772
3773 np = tp + 1; /* filename pointer */
3774 SKIP_WHITESPACE(np);
3775
3776 tp = np; /* terminator pointer */
>>> CID 643131: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3777 FIND_WHITESPACE(tp);
3778 if (*tp)
3779 *tp = 0;
3780
3781 dp = tp + 1; /* description pointer */
3782 SKIP_WHITESPACE(dp);
/ftpsrvr.cpp: 4100 in ctrl_thread(void *)()
4094 *tp = 0;
4095
4096 np = tp + 1; /* filename pointer */
4097 SKIP_WHITESPACE(np); 4098
4099 tp = np; /* terminator pointer */
>>> CID 643131: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4100 FIND_WHITESPACE(tp); 4101 if (*tp)
4102 *tp = 0;
4103
4104 dp = tp + 1; /* description pointer */
4105 SKIP_WHITESPACE(dp); /ftpsrvr.cpp: 4092 in ctrl_thread(void *)()
4086 SKIP_WHITESPACE(p); 4087
4088 if (*p == ';') /* comment */
4089 continue;
4090
4091 tp = p; /* terminator pointer */
>>> CID 643131: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4092 FIND_WHITESPACE(tp); 4093 if (*tp)
4094 *tp = 0;
4095
4096 np = tp + 1; /* filename pointer */
4097 SKIP_WHITESPACE(np); /ftpsrvr.cpp: 4468 in ctrl_thread(void *)()
4462 SKIP_WHITESPACE(p);
4463
4464 if (*p == ';') /* comment */
4465 continue;
4466
4467 tp = p; /* terminator pointer */
>>> CID 643131: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4468 FIND_WHITESPACE(tp);
4469 if (*tp)
4470 *tp = 0;
4471
4472 np = tp + 1; /* filename pointer */
4473 SKIP_WHITESPACE(np);
** CID 643130: Error handling issues (CHECKED_RETURN)
/ftpsrvr.cpp: 929 in receive_thread(void *)()
_____________________________________________________________________________________________
*** CID 643130: Error handling issues (CHECKED_RETURN)
/ftpsrvr.cpp: 929 in receive_thread(void *)()
923
924 *xfer.aborted = FALSE;
925 if (xfer.filepos || startup->options & FTP_OPT_DEBUG_DATA)
926 lprintf(LOG_DEBUG, "%04d <%s> DATA socket %d receiving %s from offset %" PRIdOFF
927 , xfer.ctrl_sock, xfer.user->alias, *xfer.data_sock, xfer.filename, xfer.filepos);
928
>>> CID 643130: Error handling issues (CHECKED_RETURN) >>> Calling "fseeko(fp, xfer.filepos, 0)" without checking return value. This library function may fail and return an error code.
929 fseeko(fp, xfer.filepos, SEEK_SET);
930
931 // Determine the maximum file size to allow, accounting for minimum free space
932 char path[MAX_PATH + 1];
933 SAFECOPY(path, xfer.filename);
934 *getfname(path) = '\0';
** CID 643129: (Y2K38_SAFETY)
/mailsrvr.cpp: 6497 in mail_server()
/mailsrvr.cpp: 6496 in mail_server()
_____________________________________________________________________________________________
*** CID 643129: (Y2K38_SAFETY)
/mailsrvr.cpp: 6497 in mail_server()
6491 std::string most_active = request_rate_limiter->most_active(&most_active_count);
6492 char tmp[128], tmp2[128];
6493 snprintf(str, sizeof str, "Rate limiting current; clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
6494 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
6495 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
6496 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()
>>> CID 643129: (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t".
6497 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
6498 if (strcmp(str, rate_limit_report) != 0) {
6499 SAFECOPY(rate_limit_report, str);
6500 lprintf(LOG_DEBUG, "%s", rate_limit_report);
6501 }
6502 }
/mailsrvr.cpp: 6496 in mail_server()
6490 size_t most_active_count = 0;
6491 std::string most_active = request_rate_limiter->most_active(&most_active_count);
6492 char tmp[128], tmp2[128];
6493 snprintf(str, sizeof str, "Rate limiting current; clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
6494 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
6495 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
>>> CID 643129: (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t".
6496 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()
6497 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
6498 if (strcmp(str, rate_limit_report) != 0) {
6499 SAFECOPY(rate_limit_report, str);
6500 lprintf(LOG_DEBUG, "%s", rate_limit_report);
6501 }
</pre>
<p>
<a href="
https://scan.coverity.com/projects/synchronet?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>
<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="
https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>
----==_mimepart_698f2d096fc4c_11e62b0ff68619ac1976e--
--- SBBSecho 3.37-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
![https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg"](https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg"){kind=link}