Subj : New Defects reported by Coverity Scan for Synchronet To : cov-scan@synchro.net From : scan-admin@coverity.com Date : Sat Dec 30 2023 13:39:01 Hi, Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan. 2 new defect(s) introduced to Synchronet found with Coverity Scan. 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 476254: (NULL_RETURNS) /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 505 in getChannelAttribute() /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 517 in getChannelAttribute() /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 511 in getChannelAttribute() /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 525 in getChannelAttribute() ________________________________________________________________________________________________________ *** CID 476254: (NULL_RETURNS) /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 505 in getChannelAttribute() 499 if( isNullChannel( channelInfoPtr ) ) 500 return( CRYPT_ERROR_NOTFOUND ); 501 *value = channelInfoPtr->channelID; 502 return( CRYPT_OK ); 503 504 case CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE: >>> CID 476254: (NULL_RETURNS) >>> Dereferencing "writeChannelInfoPtr", which is known to be "NULL". 505 if( isNullChannel( writeChannelInfoPtr ) ) 506 return( CRYPT_ERROR_NOTFOUND ); 507 *value = isActiveChannel( writeChannelInfoPtr ) ? TRUE : FALSE; 508 return( CRYPT_OK ); 509 510 case CRYPT_SESSINFO_SSH_CHANNEL_OPEN: /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 517 in getChannelAttribute() 511 if( isNullChannel( writeChannelInfoPtr ) ) 512 return( CRYPT_ERROR_NOTFOUND ); 513 *value = ( writeChannelInfoPtr->flags & CHANNEL_FLAG_READCLOSED ) ? FALSE : TRUE; 514 return( CRYPT_OK ); 515 516 case CRYPT_SESSINFO_SSH_CHANNEL_WIDTH: >>> CID 476254: (NULL_RETURNS) >>> Dereferencing "writeChannelInfoPtr", which is known to be "NULL". 517 if( isNullChannel( writeChannelInfoPtr ) ) 518 return( CRYPT_ERROR_NOTFOUND ); 519 if (writeChannelInfoPtr->width == 0) 520 return CRYPT_ERROR_NOTFOUND; 521 *value = channelInfoPtr->width; 522 return( CRYPT_OK ); /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 511 in getChannelAttribute() 505 if( isNullChannel( writeChannelInfoPtr ) ) 506 return( CRYPT_ERROR_NOTFOUND ); 507 *value = isActiveChannel( writeChannelInfoPtr ) ? TRUE : FALSE; 508 return( CRYPT_OK ); 509 510 case CRYPT_SESSINFO_SSH_CHANNEL_OPEN: >>> CID 476254: (NULL_RETURNS) >>> Dereferencing "writeChannelInfoPtr", which is known to be "NULL". 511 if( isNullChannel( writeChannelInfoPtr ) ) 512 return( CRYPT_ERROR_NOTFOUND ); 513 *value = ( writeChannelInfoPtr->flags & CHANNEL_FLAG_READCLOSED ) ? FALSE : TRUE; 514 return( CRYPT_OK ); 515 516 case CRYPT_SESSINFO_SSH_CHANNEL_WIDTH: /tmp/sbbs-Dec-30-2023/3rdp/src/cl/session/ssh2_chn.c: 525 in getChannelAttribute() 519 if (writeChannelInfoPtr->width == 0) 520 return CRYPT_ERROR_NOTFOUND; 521 *value = channelInfoPtr->width; 522 return( CRYPT_OK ); 523 524 case CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT: >>> CID 476254: (NULL_RETURNS) >>> Dereferencing "writeChannelInfoPtr", which is known to be "NULL". 525 if( isNullChannel( writeChannelInfoPtr ) ) 526 return( CRYPT_ERROR_NOTFOUND ); 527 if (writeChannelInfoPtr->height == 0) 528 return CRYPT_ERROR_NOTFOUND; 529 *value = channelInfoPtr->height; 530 return( CRYPT_OK ); ** CID 476253: Resource leaks (RESOURCE_LEAK) /jsdebug.c: 335 in script_debug_prompt() ________________________________________________________________________________________________________ *** CID 476253: Resource leaks (RESOURCE_LEAK) /jsdebug.c: 335 in script_debug_prompt() 329 JS_SetInterrupt(JS_GetRuntime(dbg->cx), finish_handler, NULL); 330 return DEBUG_CONTINUE; 331 } 332 if(strncmp(line, "quit\n", 5)==0 || 333 strncmp(line, "q\n", 2)==0 334 ) { >>> CID 476253: Resource leaks (RESOURCE_LEAK) >>> Variable "line" going out of scope leaks the storage it points to. 335 return (DEBUG_EXIT); 336 } 337 if(strncmp(line, "eval ", 5)==0 || 338 strncmp(line, "e ", 2)==0 339 ) { 340 jsval ret; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3Dk6EJ_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrA-2FX8i-2FapdB1BvZRHSxZvnvG9Gt4EGgnMOyOKJdrt0Ow7WO8U9rY3qdLrGQhhG9KhbgCqQ-2BdjF-2FCZbP8g3Gc1r4QsbMjorELhC-2FfCV8hEXjaVc-2BoAqZ2-2FQeAkDjxFrK3m04is-2FE5aOQcl1hrivcYLiwVEHyHlsUWiqdJNrqtFX4OA-3D-3D --- SBBSecho 3.20-Linux * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705) .