Subj : New Defects reported by Coverity Scan for Synchronet
To   : cov-scan@synchro.net
From : scan-admin@coverity.com
Date : Tue Dec 17 2024 13:48:21

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

9 new defect(s) introduced to Synchronet found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 9 of 9 defect(s)


** CID 516415:  Error handling issues  (CHECKED_RETURN)
/userdat.c: 1472 in node_activity()


________________________________________________________________________________________________________
*** CID 516415:  Error handling issues  (CHECKED_RETURN)
/userdat.c: 1472 in node_activity()
1466     		case NODE_AMSG:
1467     			return cfg->text != NULL ? cfg->text[NodeActivityAutoMsg] : "posting auto-message";
1468     		case NODE_XTRN:
1469     			if(node->aux == 0)
1470     				return cfg->text != NULL ? cfg->text[NodeActivityXtrnMenu] : "at external program menu";
1471     			user.number = node->useron;
>>>     CID 516415:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
1472     			getuserdat(cfg, &user);
1473     			xtrnnum = getxtrnnum(cfg, user.curxtrn);
1474     			if(is_valid_xtrnnum(cfg, xtrnnum))
1475     				snprintf(str, size, "%s %s"
1476     					,cfg->text != NULL ? cfg->text[NodeActivityRunningXtrn] : "running"
1477     					,cfg->xtrn[xtrnnum]->name);

** CID 516414:  Error handling issues  (CHECKED_RETURN)
/useredit.cpp: 65 in sbbs_t::useredit(int)()


________________________________________________________________________________________________________
*** CID 516414:  Error handling issues  (CHECKED_RETURN)
/useredit.cpp: 65 in sbbs_t::useredit(int)()
59     	if(sys_status&SS_INUEDIT)
60     		return;
61     	sys_status|=SS_INUEDIT;
62     	while(online) {
63     		CLS;
64     		attr(LIGHTGRAY);
>>>     CID 516414:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
65     		getuserdat(&cfg,&user);
66     		if(!user.number) {
67     			user.number=1;
68     			getuserdat(&cfg,&user);
69     			if(!user.number) {
70     				bputs(text[NoUserData]);

** CID 516413:  Error handling issues  (CHECKED_RETURN)
/answer.cpp: 168 in sbbs_t::answer()()


________________________________________________________________________________________________________
*** CID 516413:  Error handling issues  (CHECKED_RETURN)
/answer.cpp: 168 in sbbs_t::answer()()
162     			   (but keep full terminal type/speed string in rlogin_term): */
163     			truncstr(terminal,"/");
164     			useron.number = 0;
165     			if(rlogin_name[0])
166     				useron.number = find_login_id(&cfg, rlogin_name);
167     			if(useron.number) {
>>>     CID 516413:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
168     				getuserdat(&cfg,&useron);
169     				SAFEPRINTF(path,"%srlogin.cfg",cfg.ctrl_dir);
170     				if(!findstr(client.addr,path)) {
171     					SAFECOPY(tmp, rlogin_pass);
172     					for(i=0;i<3 && online;i++) {
173     						if(stricmp(tmp,useron.pass)) {

** CID 516412:  Error handling issues  (CHECKED_RETURN)
/login.cpp: 51 in sbbs_t::login(const char *, const char *, const char *, const char *)()


________________________________________________________________________________________________________
*** CID 516412:  Error handling issues  (CHECKED_RETURN)
/login.cpp: 51 in sbbs_t::login(const char *, const char *, const char *, const char *)()
45     	long	useron_misc=useron.misc;
46
47     	username = parse_login(username);
48
49     	useron.number = find_login_id(&cfg, username);
50     	if(useron.number) {
>>>     CID 516412:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
51     		getuserdat(&cfg,&useron);
52     		if(useron.number && useron.misc&(DELETED|INACTIVE))
53     			useron.number=0;
54     	}
55
56     	if(!useron.number) {

** CID 516411:    (CHECKED_RETURN)
/useredit.cpp: 733 in sbbs_t::maindflts(user_t *)()
/useredit.cpp: 738 in sbbs_t::maindflts(user_t *)()


________________________________________________________________________________________________________
*** CID 516411:    (CHECKED_RETURN)
/useredit.cpp: 733 in sbbs_t::maindflts(user_t *)()
727
728     	action=NODE_DFLT;
729     	if (cfg.usercfg_mod[0]) {
730     		char cmdline[256];
731     		snprintf(cmdline, sizeof(cmdline), "%s %u", cfg.usercfg_mod, user->number);
732     		exec_bin(cmdline, &main_csi);
>>>     CID 516411:    (CHECKED_RETURN)
>>>     Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
733     		getuserdat(&cfg, user);
734     		return;
735     	}
736     	while(online) {
737     		CLS;
738     		getuserdat(&cfg,user);
/useredit.cpp: 738 in sbbs_t::maindflts(user_t *)()
732     		exec_bin(cmdline, &main_csi);
733     		getuserdat(&cfg, user);
734     		return;
735     	}
736     	while(online) {
737     		CLS;
>>>     CID 516411:    (CHECKED_RETURN)
>>>     Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
738     		getuserdat(&cfg,user);
739     		bprintf(text[UserDefaultsHdr],user->alias,user->number);
740     		if(user == &useron) {
741     			update_nodeterm();
742     			load_user_text();
743     		}

** CID 516410:  Error handling issues  (CHECKED_RETURN)
/websrvr.c: 1662 in http_logon()


________________________________________________________________________________________________________
*** CID 516410:  Error handling issues  (CHECKED_RETURN)
/websrvr.c: 1662 in http_logon()
1656     	session->req.finished=true;
1657     }
1658
1659     void http_logon(http_session_t * session, user_t *usr)
1660     {
1661     	if(usr==NULL)
>>>     CID 516410:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
1662     		getuserdat(&scfg, &session->user);
1663     	else
1664     		session->user=*usr;
1665
1666     	if(session->user.number==session->last_user_num)
1667     		return;

** CID 516409:  Error handling issues  (CHECKED_RETURN)
/str.cpp: 1388 in sbbs_t::change_user()()


________________________________________________________________________________________________________
*** CID 516409:  Error handling issues  (CHECKED_RETURN)
/str.cpp: 1388 in sbbs_t::change_user()()
1382     	putmsgptrs();
1383     	putuserstr(useron.number, USER_CURSUB
1384     		,cfg.sub[usrsub[curgrp][cursub[curgrp]]]->code);
1385     	putuserstr(useron.number, USER_CURDIR
1386     		,cfg.dir[usrdir[curlib][curdir[curlib]]]->code);
1387     	useron.number=i;
>>>     CID 516409:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
1388     	getuserdat(&cfg,&useron);
1389     	if(getnodedat(cfg.node_num,&thisnode, true)) {
1390     		thisnode.useron=useron.number;
1391     		putnodedat(cfg.node_num,&thisnode);
1392     	}
1393     	getmsgptrs();

** CID 516408:  Error handling issues  (CHECKED_RETURN)
/useredit.cpp: 1166 in sbbs_t::purgeuser(int)()


________________________________________________________________________________________________________
*** CID 516408:  Error handling issues  (CHECKED_RETURN)
/useredit.cpp: 1166 in sbbs_t::purgeuser(int)()
1160
1161     void sbbs_t::purgeuser(int usernumber)
1162     { 	char str[128];
1163     	user_t user;
1164
1165     	user.number=usernumber;
>>>     CID 516408:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
1166     	getuserdat(&cfg,&user);
1167     	SAFEPRINTF2(str,"Purged %s #%u",user.alias,usernumber);
1168     	logentry("!*",str);
1169     	delallmail(usernumber, MAIL_ANY);
1170     	putusername(&cfg,usernumber,nulstr);
1171     	putusermisc(usernumber, user.misc | DELETED);

** CID 516407:  Error handling issues  (CHECKED_RETURN)
/websrvr.c: 2037 in check_ars()


________________________________________________________________________________________________________
*** CID 516407:  Error handling issues  (CHECKED_RETURN)
/websrvr.c: 2037 in check_ars()
2031     		else
2032     			lprintf(LOG_NOTICE,"%04d !UNKNOWN USER: '%s'"
2033     				,session->socket,session->req.auth.username);
2034     		return(false);
2035     	}
2036     	thisuser.number=i;
>>>     CID 516407:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "getuserdat" without checking return value (as is done elsewhere 83 out of 98 times).
2037     	getuserdat(&scfg, &thisuser);
2038     	switch(session->req.auth.type) {
2039     		case AUTHENTICATION_TLS_PSK:
2040     			if((auth_allowed & (1<<AUTHENTICATION_TLS_PSK))==0)
2041     				return(false);
2042     			if(session->last_user_num!=0) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu4gdQbQRNsarCbK0jIoVQSWT2zCPijRqaed4AhLiEI9Z7MR9SJQ09ot5XPbn9SW-2F14-3DQyWe_7FYjIqE8olEh4k02KWtt1r1LGSyuXVEtCuKuJCXgAQZaRdcpKH1DbVbWKil-2BYXbuPo6Nlz2IWCRH2bHbIl-2BZWutyiZLTcraL5FS1iiZSM0cIaa70yw-2BvQnYvTFtY90cnRY6AunfTZ3TOchBhkmrNG5r6R9YGJilsgu5Suh4msrRA-2BqV-2BHoo-2B29c88W6IVBSZdgQoHyw-2Bn9zmKTgeEHvaqQ-3D-3D



---
 þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

.