BBS: TELESC.NET.BR
Assunto: New Defects reported by Coverity Scan for Synchronet
De: scan-admin@coverity.com
Data: Mon, 27 Apr 2026 14:33:50 +0000
-----------------------------------------------------------
Hi,
Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.
3 new defect(s) introduced to Synchronet found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 645832: Memory - illegal accesses (STRING_NULL)
/netmail.cpp: 417 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned int)()
_____________________________________________________________________________________________
*** CID 645832: Memory - illegal accesses (STRING_NULL)
/netmail.cpp: 417 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned int)()
411
412 size_t kludge_hdrlen = 0;
413 char* beg = qwkbuf + QWK_BLOCK_LEN;
414 char* end = qwkbuf + (n * QWK_BLOCK_LEN);
415 p = beg;
416 if (into == NULL) {
>>> CID 645832: Memory - illegal accesses (STRING_NULL)
>>> Passing unterminated string "p" to "strlcpy", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
417 SAFECOPY(to, p); /* To user on first line */
418 char* tp = strchr(to, QWK_NEWLINE); /* chop off at first CR */
419 if (tp != NULL)
420 *tp = 0;
421 p += strlen(to) + 1;
422 }
** CID 645831: (TAINTED_SCALAR)
/netmail.cpp: 512 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned int)()
/netmail.cpp: 544 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned int)()
_____________________________________________________________________________________________
*** CID 645831: (TAINTED_SCALAR)
/netmail.cpp: 512 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned int)()
506 snprintf(str, sizeof str, "%.128s", qwkbuf + l + 5);
507 cp = strchr(str, QWK_NEWLINE);
508 if (cp)
509 *cp = 0;
510 l += strlen(str) + 1;
511 cp = str;
>>> CID 645831: (TAINTED_SCALAR)
>>> Using tainted variable "*cp" as a loop boundary.
512 while (*cp && *cp <= ' ') cp++;
513 safe_snprintf(senderaddr, sizeof(senderaddr), "%s/%s", sender_id, cp);
514 strupr(senderaddr);
515 smb_hfield(&msg, SENDERNETADDR, strlen(senderaddr), senderaddr);
516 }
517 else {
/netmail.cpp: 544 in sbbs_t::qwktonetmail(_IO_FILE *, char *, char *, unsigned int)()
538 snprintf(str, sizeof str, "%.128s", qwkbuf + l);
539 cp = strchr(str, QWK_NEWLINE);
540 if (cp)
541 *cp = 0;
542 l += strlen(str) + 1;
543 cp = str + 4;
>>> CID 645831: (TAINTED_SCALAR)
>>> Using tainted variable "*cp" as a loop boundary.
544 while (*cp && *cp <= ' ') cp++;
545 msg.hdr.when_written.zone = (short)ahtoul(cp);
546 }
547 else
548 msg.hdr.when_written.zone = sys_timezone(&cfg);
549 memset(&tm, 0, sizeof(tm));
** CID 645830: (STRING_NULL)
/qwktomsg.cpp: 340 in sbbs_t::qwk_import_msg(_IO_FILE *, char *, unsigned int, unsigned int, smb_t *, unsigned int, smbmsg_t *, bool *)()
/qwktomsg.cpp: 333 in sbbs_t::qwk_import_msg(_IO_FILE *, char *, unsigned int, unsigned int, smb_t *, unsigned int, smbmsg_t *, bool *)()
_____________________________________________________________________________________________
*** CID 645830: (STRING_NULL)
/qwktomsg.cpp: 339 in sbbs_t::qwk_import_msg(_IO_FILE *, char *, unsigned int, unsigned int, smb_t *, unsigned int, smbmsg_t *, bool *)()
333 if ((p = strchr(qwkbuf + k, '\r')) == NULL
334 && (p = strchr(qwkbuf + k, qwk_newline)) == NULL) {
335 body[bodylen++] = qwkbuf[k];
336 continue;
337 }
338 *p = 0; /* Converts QWK_NEWLINE to NUL */
>>> CID 645830: (STRING_NULL)
>>> Passing unterminated string "qwkbuf + k" to "strListAppend", which expects a null-terminated string.
339 strListPush(&kludges, qwkbuf + k);
340 k += strlen(qwkbuf + k);
341 continue;
342 }
343 if (!taillen && qwkbuf[k] == ' ' && col == 3 && bodylen >= 3
344 && body[bodylen - 3] == '-' && body[bodylen - 2] == '-'
/qwktomsg.cpp: 340 in sbbs_t::qwk_import_msg(_IO_FILE *, char *, unsigned int, unsigned int, smb_t *, unsigned int, smbmsg_t *, bool *)()
334 && (p = strchr(qwkbuf + k, qwk_newline)) == NULL) {
335 body[bodylen++] = qwkbuf[k];
336 continue;
337 }
338 *p = 0; /* Converts QWK_NEWLINE to NUL */
339 strListPush(&kludges, qwkbuf + k);
>>> CID 645830: (STRING_NULL)
>>> Passing unterminated string "qwkbuf + k" to "strlen", which expects a null-terminated string.
340 k += strlen(qwkbuf + k);
341 continue;
342 }
343 if (!taillen && qwkbuf[k] == ' ' && col == 3 && bodylen >= 3
344 && body[bodylen - 3] == '-' && body[bodylen - 2] == '-'
345 && body[bodylen - 1] == '-') {
/qwktomsg.cpp: 333 in sbbs_t::qwk_import_msg(_IO_FILE *, char *, unsigned int, unsigned int, smb_t *, unsigned int, smbmsg_t *, bool *)()
327 if (bodylen == 0
328 && (qwkbuf[k] == '@'
329 || ((fromhub || (useron.qwk & QWK_EXT) || subnum == INVALID_SUB)
330 && (strnicmp(qwkbuf + k, "To:", 3) == 0
331 || strnicmp(qwkbuf + k, "From:", 5) == 0
332 || strnicmp(qwkbuf + k, "Subject:", 8) == 0)))) {
>>> CID 645830: (STRING_NULL)
>>> Passing unterminated string "qwkbuf + k" to "strchr", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
333 if ((p = strchr(qwkbuf + k, '\r')) == NULL
334 && (p = strchr(qwkbuf + k, qwk_newline)) == NULL) {
335 body[bodylen++] = qwkbuf[k];
336 continue;
337 }
338 *p = 0; /* Converts QWK_NEWLINE to NUL */
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview
n
---
* mSynchronetn * hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net
-----------------------------------------------------------
[Voltar]