New Defects reported by Coverity Scan for Synchronet

BBS:      TELESC.NET.BR
Assunto:  New Defects reported by Coverity Scan for Synchronet
De:       scan-admin@coverity.com
Data:     Tue, 5 May 2026 17:44:15 +0000
-----------------------------------------------------------
Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

4 new defect(s) introduced to Synchronet found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)


** CID 645973:       Error handling issues  (NEGATIVE_RETURNS)
/prntfile.cpp: 447           in sbbs_t::printfile(const char *, int, int, JSObject *)()


_____________________________________________________________________________________________
*** CID 645973:         Error handling issues  (NEGATIVE_RETURNS)
/prntfile.cpp: 447             in sbbs_t::printfile(const char *, int, int, JSObject *)()
441     									last_match = i;
442     									break;
443     								}
444     							}
445     							bputs(text[SeekingFileDone]);
446     							if (!found) {
>>>     CID 645973:         Error handling issues  (NEGATIVE_RETURNS)
>>>     "saved_pos" is passed to a parameter that cannot be negative.
447     								(void)fseeko(stream, saved_pos, SEEK_SET);
448     								clearerr(stream);
449     								bputs(text[FindStringNotFound]);
450     								reprompt = true;
451     							}
452     							break;

** CID 645972:       Memory - illegal accesses  (OVERRUN)
/tmp/sbbs-May-04-2026/src/hash/sha256.c: 141           in SHA256Final()


_____________________________________________________________________________________________
*** CID 645972:         Memory - illegal accesses  (OVERRUN)
/tmp/sbbs-May-04-2026/src/hash/sha256.c: 141             in SHA256Final()
135     	size_t   buf_off   = (size_t)(ctx->count % SHA256_BLOCK_SIZE);
136     	int      i;
137
138     	/* Append 0x80, pad with zeros to leave 8 bytes for the length. */
139     	ctx->buffer[buf_off++] = 0x80;
140     	if (buf_off > SHA256_BLOCK_SIZE - 8) {
>>>     CID 645972:         Memory - illegal accesses  (OVERRUN)
>>>     Overrunning array of 64 bytes at byte offset 64 by dereferencing pointer "ctx->buffer + buf_off".
141     		memset(ctx->buffer + buf_off, 0, SHA256_BLOCK_SIZE - buf_off);
142     		SHA256Transform(ctx->state, ctx->buffer);
143     		buf_off = 0;
144     	}
145     	memset(ctx->buffer + buf_off, 0, (SHA256_BLOCK_SIZE - 8) - buf_off);
146     	/* 64-bit BE bit count. */

** CID 645971:       Memory - corruptions  (OVERRUN)
/ftpsrvr.cpp: 1360           in filexfer(xp_sockaddr *, int, int, int, int, int *, int *, char *, long, volatile bool *, volatile bool *, bool, bool, long *, user_t *, client_t *, int, bool, bool, bool, char *, bool)()


_____________________________________________________________________________________________
*** CID 645971:         Memory - corruptions  (OVERRUN)
/ftpsrvr.cpp: 1360             in filexfer(xp_sockaddr *, int, int, int, int, int *, int *, char *, long, volatile bool *, volatile bool *, bool, bool, long *, user_t *, client_t *, int, bool, bool, bool, char *, bool)()
1354     		}
1355
1356     		addr_len = sizeof(*addr);
1357     #ifdef SOCKET_DEBUG_ACCEPT
1358     		socket_debug[ctrl_sock] |= SOCKET_DEBUG_ACCEPT;
1359     #endif
>>>     CID 645971:         Memory - corruptions  (OVERRUN)
>>>     Overrunning struct type sockaddr of 16 bytes by passing it to a function which accesses it at byte offset 127 using argument "addr_len" (which evaluates to 128).
1360     		*data_sock = accept(pasv_sock, &addr->addr, &addr_len);
1361     #ifdef SOCKET_DEBUG_ACCEPT
1362     		socket_debug[ctrl_sock] &= ~SOCKET_DEBUG_ACCEPT;
1363     #endif
1364     		if (*data_sock == INVALID_SOCKET) {
1365     			lprintf(LOG_WARNING, "%04d <%s> PASV !DATA ERROR %d accepting connection on socket %d"

** CID 645970:       Program hangs  (NEGATIVE_RETURNS)
/main.cpp: 4476           in node_thread(void *)()


_____________________________________________________________________________________________
*** CID 645970:         Program hangs  (NEGATIVE_RETURNS)
/main.cpp: 4476             in node_thread(void *)()
4470     #endif
4471
4472     	if (startup->login_attempt.throttle
4473     	    && (login_attempts = loginAttempts(startup->login_attempt_list, &sbbs->client_addr)) > 1) {
4474     		lprintf(LOG_DEBUG, "Node %d Throttling suspicious connection from: %s (%u login attempts)"
4475     		        , sbbs->cfg.node_num, sbbs->client_ipaddr, login_attempts);
>>>     CID 645970:         Program hangs  (NEGATIVE_RETURNS)
>>>     Using unsigned variable "login_attempts" in a loop exit condition.
4476     		for (uint i = 0; i < login_attempts; ++i) {
4477     			mswait(startup->login_attempt.throttle);
4478     			sbbs->socket_inactive = 0;
4479     		}
4480     	}
4481


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview


n
---
 * mSynchronetn * hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]