Subj : New Defects reported by C To : cov-scan@synchro.net From : scan-admin@coverity.com Date : Thu Nov 21 2024 13:54:00 Hi, Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan. 1 new defect(s) introduced to Synchronet found with Coverity Scan. 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 515063: Security best practices violations (SECURE_TEMP) /sbbsecho.c: 2142 in areamgr_command() ________________________________________________________________________________________________________ *** CID 515063: Security best practices violations (SECURE_TEMP) /sbbsecho.c: 2142 in areamgr_command() 2136 nodecfg->archive = SBBSECHO_ARCHIVE_NONE; 2137 else { 2138 for(u=0;u>> CID 515063: Security best practices violations (SECURE_TEMP) >>> "tmpfile" creates files with predictable names, which is unsafe. 2142 if((tmpf=tmpfile())==NULL) { 2143 lprintf(LOG_ERR,"ERROR line %d opening tmpfile()",__LINE__); 2144 return false; 2145 } 2146 SAFEPRINTF(str, "Compression type unavailable: %s", p); 2147 lprintf(LOG_INFO, "AreaMgr (for %s) %s", faddrtoa(&addr), str); ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DGoz1_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQYHiJRuOAYx4mtSc3Rs7eY9P2HGERsO3Ui1TozxvEl3HSa54-2BxmZuyJa4rdPvK8KqeFliWPJD252StMkW9mo-2B6uT2KWq9YxJqegr2CCurq6i8coJamUQEMyVcyknmxOhR1KJArkVSLfkYq8-2BmPn9fVdieJLgwrSG692S4HB3dKfZQ-3D-3D --- þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net .