Subj : New Defects reported by Coverity Scan for Synchronet To : cov-scan@synchro.net From : scan-admin@coverity.com Date : Wed Jan 24 2024 13:43:19 Hi, Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan. 40 new defect(s) introduced to Synchronet found with Coverity Scan. 65 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 20 of 40 defect(s) ** CID 479110: Program hangs (LOCK) /pack_qwk.cpp: 753 in sbbs_t::pack_qwk(char *, unsigned int *, bool)() ________________________________________________________________________________________________________ *** CID 479110: Program hangs (LOCK) /pack_qwk.cpp: 753 in sbbs_t::pack_qwk(char *, unsigned int *, bool)() 747 if(flength(packet) < 1) { 748 remove(packet); 749 if((i = external(cmdstr(temp_cmd(),packet,path,NULL), ex|EX_WILDCARD)) != 0) 750 errormsg(WHERE,ERR_EXEC,cmdstr(temp_cmd(),packet,path,NULL),i); 751 if(flength(packet) < 1) { 752 bputs(text[QWKCompressionFailed]); >>> CID 479110: Program hangs (LOCK) >>> Returning without unlocking "this->input_thread_mutex". 753 return(false); 754 } 755 } 756 757 if(!prepack && useron.rest&FLAG('Q')) { 758 dir=opendir(cfg.temp_dir); ** CID 479109: (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 349 in readPkiStatusInfo() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 364 in readPkiStatusInfo() ________________________________________________________________________________________________________ *** CID 479109: (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 349 in readPkiStatusInfo() 343 ( status, errorInfo, 344 "Invalid PKI status string" ) ); 345 } 346 hasErrorMessage = TRUE; 347 } 348 if( cryptStatusError( status ) ) >>> CID 479109: (DEADCODE) >>> Execution cannot reach this statement: "return status;". 349 return( status ); /* Residual error from peekTag() */ 350 351 /* Read the failure information */ 352 if( checkStatusLimitsPeekTag( stream, status, tag, endPos ) && \ 353 tag == BER_BITSTRING ) 354 { /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_err.c: 364 in readPkiStatusInfo() 358 retExt( status, 359 ( status, errorInfo, 360 "Invalid PKI failure information" ) ); 361 } 362 } 363 if( cryptStatusError( status ) ) >>> CID 479109: (DEADCODE) >>> Execution cannot reach this statement: "return status;". 364 return( status ); /* Residual error from peekTag() */ 365 366 /* If everything's OK, we're done */ 367 if( cmpStatusOK( errorCode ) ) 368 return( CRYPT_OK ); 369 ** CID 479108: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/context/ctx_attr.c: 425 in getContextAttributeS() ________________________________________________________________________________________________________ *** CID 479108: Control flow issues (MISSING_BREAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/context/ctx_attr.c: 425 in getContextAttributeS() 419 out */ 420 return( attributeCopy( msgData, contextInfoPtr->ctxPKC->publicKeyInfo, 421 contextInfoPtr->ctxPKC->publicKeyInfoSize ) ); 422 } 423 STDC_FALLTHROUGH; 424 >>> CID 479108: Control flow issues (MISSING_BREAK) >>> The case for value "CRYPT_CTXINFO_SSH_PUBLIC_KEY" is not terminated by a "break" statement. 425 case CRYPT_CTXINFO_SSH_PUBLIC_KEY: 426 if ( needsKey( contextInfoPtr ) ) 427 return CRYPT_ERROR_NOTFOUND; 428 if (contextType != CONTEXT_PKC) 429 return CRYPT_ERROR_NOTFOUND; 430 case CRYPT_IATTRIBUTE_KEY_PGP: ** CID 479107: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 857 in activateSession() ________________________________________________________________________________________________________ *** CID 479107: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 857 in activateSession() 851 { 852 const SES_ACTIVATESUBPROTOCOL_FUNCTION activateSubprotocolFunction = \ 853 ( SES_ACTIVATESUBPROTOCOL_FUNCTION ) \ 854 FNPTR_GET( sessionInfoPtr->activateInnerSubprotocolFunction ); 855 REQUIRES( activateSubprotocolFunction != NULL ); 856 >>> CID 479107: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "status = activateSubprotoco...". 857 status = activateSubprotocolFunction( sessionInfoPtr ); 858 if( cryptStatusError( status ) ) 859 return( status ); 860 861 /* Record the fact that the layered protocol has been 862 activated */ ** CID 479106: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/scvp_cli.c: 621 in readScvpResponse() ________________________________________________________________________________________________________ *** CID 479106: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/scvp_cli.c: 621 in readScvpResponse() 615 assert( isWritePtr( stream, sizeof( STREAM ) ) ); 616 assert( isWritePtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) ); 617 assert( isWritePtr( protocolInfo, sizeof( SCVP_PROTOCOL_INFO ) ) ); 618 619 /* Skip the wrapper, version, and server configuration ID */ 620 readSequence( stream, NULL ); >>> CID 479106: Error handling issues (CHECKED_RETURN) >>> Calling "readShortIntegerTag" without checking return value (as is done elsewhere 36 out of 45 times). 621 readShortInteger( stream, &value ); 622 status = readShortInteger( stream, &value ); 623 if( cryptStatusError( status ) ) 624 { 625 retExt( status, 626 ( status, SESSION_ERRINFO, ** CID 479105: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1030 in closeSession() ________________________________________________________________________________________________________ *** CID 479105: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1030 in closeSession() 1024 #if defined( USE_WEBSOCKETS ) || defined( USE_EAP ) 1025 if( sessionInfoPtr->subProtocol != CRYPT_SUBPROTOCOL_NONE ) 1026 { 1027 /* If there's an inner protocol present, shut that down as well */ 1028 if( FNPTR_ISSET( sessionInfoPtr->closeInnerSubprotocolFunction ) ) 1029 { >>> CID 479105: Control flow issues (DEADCODE) >>> Execution cannot reach the expression "sessionInfoPtr->closeInnerSubprotocolFunction.fnPtr" inside this statement: "closeSubprotocolFunction = ...". 1030 const SES_CLOSESUBPROTOCOL_FUNCTION closeSubprotocolFunction = \ 1031 ( SES_CLOSESUBPROTOCOL_FUNCTION ) \ 1032 FNPTR_GET( sessionInfoPtr->closeInnerSubprotocolFunction ); 1033 REQUIRES( closeSubprotocolFunction != NULL ); 1034 1035 ( void ) closeSubprotocolFunction( sessionInfoPtr ); ** CID 479104: (BAD_SHIFT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar() ________________________________________________________________________________________________________ *** CID 479104: (BAD_SHIFT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar() 214 non-char values can only be accessed on word-aligned boundaries */ 215 LOOP_SMALL( i = 0, i < WCHAR_SIZE, i++ ) 216 { 217 ENSURES_EXT( LOOP_INVARIANT_SMALL( i, 0, WCHAR_SIZE - 1 ), 0 ); 218 219 #ifdef DATA_LITTLEENDIAN >>> CID 479104: (BAD_SHIFT) >>> In expression "string[i] << shiftAmt", left shifting by more than 31 bits has undefined behavior. The shift amount, "shiftAmt", is at least 72. 220 ch |= string[ i ] << shiftAmt; 221 shiftAmt += 8; 222 #else 223 ch = ( ch << 8 ) | string[ i ]; 224 #endif /* DATA_LITTLEENDIAN */ 225 } /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/dn_string.c: 220 in getWidechar() 214 non-char values can only be accessed on word-aligned boundaries */ 215 LOOP_SMALL( i = 0, i < WCHAR_SIZE, i++ ) 216 { 217 ENSURES_EXT( LOOP_INVARIANT_SMALL( i, 0, WCHAR_SIZE - 1 ), 0 ); 218 219 #ifdef DATA_LITTLEENDIAN >>> CID 479104: (BAD_SHIFT) >>> In expression "string[i] << shiftAmt", left shifting by more than 31 bits has undefined behavior. The shift amount, "shiftAmt", is at least 72. 220 ch |= string[ i ] << shiftAmt; 221 shiftAmt += 8; 222 #else 223 ch = ( ch << 8 ) | string[ i ]; 224 #endif /* DATA_LITTLEENDIAN */ 225 } ** CID 479103: (SLEEP) ________________________________________________________________________________________________________ *** CID 479103: (SLEEP) /pack_rep.cpp: 120 in sbbs_t::pack_rep(unsigned int)() 114 /*********************/ 115 /* Pack new messages */ 116 /*********************/ 117 SAFEPRINTF(smb.file,"%smail",cfg.data_dir); 118 smb.retry_time=cfg.smb_retry_time; 119 smb.subnum=INVALID_SUB; >>> CID 479103: (SLEEP) >>> Call to "smb_open" might sleep while holding lock "this->input_thread_mutex". 120 if((i=smb_open(&smb))!=0) { 121 fclose(rep); 122 if(hdrs!=NULL) 123 fclose(hdrs); 124 if(voting!=NULL) 125 fclose(voting); /pack_rep.cpp: 112 in sbbs_t::pack_rep(unsigned int)() 106 errormsg(WHERE,ERR_CREATE,str,0); 107 } 108 if(!(cfg.qhub[hubnum]->misc&QHUB_NOVOTING)) { 109 SAFEPRINTF(str,"%sVOTING.DAT",cfg.temp_dir); 110 fexistcase(str); 111 if((voting=fopen(str,"a"))==NULL) >>> CID 479103: (SLEEP) >>> Call to "errormsg" might sleep while holding lock "this->input_thread_mutex". 112 errormsg(WHERE,ERR_CREATE,str,0); 113 } 114 /*********************/ 115 /* Pack new messages */ 116 /*********************/ 117 SAFEPRINTF(smb.file,"%smail",cfg.data_dir); /pack_rep.cpp: 106 in sbbs_t::pack_rep(unsigned int)() 100 ,QWK_BLOCK_LEN, hubid_upper); /* So write header */ 101 } 102 if(!(cfg.qhub[hubnum]->misc&QHUB_NOHEADERS)) { 103 SAFEPRINTF(str,"%sHEADERS.DAT",cfg.temp_dir); 104 fexistcase(str); 105 if((hdrs=fopen(str,"a"))==NULL) >>> CID 479103: (SLEEP) >>> Call to "errormsg" might sleep while holding lock "this->input_thread_mutex". 106 errormsg(WHERE,ERR_CREATE,str,0); 107 } 108 if(!(cfg.qhub[hubnum]->misc&QHUB_NOVOTING)) { 109 SAFEPRINTF(str,"%sVOTING.DAT",cfg.temp_dir); 110 fexistcase(str); 111 if((voting=fopen(str,"a"))==NULL) ** CID 479102: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/enc_dec/asn1_algoenc.c: 662 in readCryptAlgoParams() ________________________________________________________________________________________________________ *** CID 479102: Error handling issues (CHECKED_RETURN) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/enc_dec/asn1_algoenc.c: 662 in readCryptAlgoParams() 656 RC2_KEYSIZE_MAGIC (corresponding to a 128-bit key) but in 657 practice this doesn't really matter, we just use whatever we 658 find inside the PKCS #1 padding */ 659 readSequence( stream, NULL ); 660 if( queryInfo->cryptMode != CRYPT_MODE_CBC ) 661 return( readShortInteger( stream, NULL ) ); >>> CID 479102: Error handling issues (CHECKED_RETURN) >>> Calling "readShortIntegerTag" without checking return value (as is done elsewhere 36 out of 45 times). 662 readShortInteger( stream, NULL ); 663 return( readOctetString( stream, queryInfo->iv, 664 &queryInfo->ivLength, 665 MIN_IVSIZE, CRYPT_MAX_IVSIZE ) ); 666 #endif /* USE_RC2 */ 667 ** CID 479101: (CHECKED_RETURN) /ssl.c: 353 in internal_do_cryptInit() /ssl.c: 345 in internal_do_cryptInit() ________________________________________________________________________________________________________ *** CID 479101: (CHECKED_RETURN) /ssl.c: 353 in internal_do_cryptInit() 347 } 348 ret = cryptGetAttributeString(CRYPT_UNUSED, CRYPT_OPTION_INFO_PATCHES, patches, &stp); 349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) { 350 cryptInit_error = ret; 351 cryptlib_initialized = false; 352 cryptEnd(); >>> CID 479101: (CHECKED_RETURN) >>> Calling "asprintf" without checking return value (as is done elsewhere 19 out of 21 times). 353 asprintf(&cryptfail, "Incorrect cryptlib patch set %.32s (expected %s)", patches, CRYPTLIB_PATCHES); 354 return; 355 } 356 return; 357 } 358 /ssl.c: 345 in internal_do_cryptInit() 339 } 340 tmp = (maj * 100) + (min * 10) + stp; 341 if (tmp != CRYPTLIB_VERSION) { 342 cryptInit_error = CRYPT_ERROR_INVALID; 343 cryptlib_initialized = false; 344 cryptEnd(); >>> CID 479101: (CHECKED_RETURN) >>> Calling "asprintf" without checking return value (as is done elsewhere 19 out of 21 times). 345 asprintf(&cryptfail, "Incorrect cryptlib version %d (expected %d)", tmp, CRYPTLIB_VERSION); 346 return; 347 } 348 ret = cryptGetAttributeString(CRYPT_UNUSED, CRYPT_OPTION_INFO_PATCHES, patches, &stp); 349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) { 350 cryptInit_error = ret; ** CID 479100: (ATOMICITY) /ssl.c: 659 in destroy_session() /ssl.c: 659 in destroy_session() ________________________________________________________________________________________________________ *** CID 479100: (ATOMICITY) /ssl.c: 659 in destroy_session() 653 lprintf(LOG_ERR, "Unable to unlock cert_epoch_lock for write at %d", __LINE__); 654 return CRYPT_ERROR_INTERNAL; 655 } 656 sess->sess = -1; 657 pthread_mutex_lock(&ssl_cert_list_mutex); 658 sess->next = cert_list; >>> CID 479100: (ATOMICITY) >>> Using an unreliable value of "sess" inside the second locked section. If the data that "sess" depends on was changed by another thread, this use might be incorrect. 659 cert_list = sess; 660 pthread_mutex_unlock(&ssl_cert_list_mutex); 661 ret = cryptDestroySession(csess); 662 } 663 else { 664 if (!rwlock_unlock(&cert_epoch_lock)) { /ssl.c: 659 in destroy_session() 653 lprintf(LOG_ERR, "Unable to unlock cert_epoch_lock for write at %d", __LINE__); 654 return CRYPT_ERROR_INTERNAL; 655 } 656 sess->sess = -1; 657 pthread_mutex_lock(&ssl_cert_list_mutex); 658 sess->next = cert_list; >>> CID 479100: (ATOMICITY) >>> Using an unreliable value of "sess" inside the second locked section. If the data that "sess" depends on was changed by another thread, this use might be incorrect. 659 cert_list = sess; 660 pthread_mutex_unlock(&ssl_cert_list_mutex); 661 ret = cryptDestroySession(csess); 662 } 663 else { 664 if (!rwlock_unlock(&cert_epoch_lock)) { ** CID 479099: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_rdmsg.c: 495 in readResponseBody() ________________________________________________________________________________________________________ *** CID 479099: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/cmp_rdmsg.c: 495 in readResponseBody() 489 ( status, SESSION_ERRINFO, 490 "Invalid caPubs field in %s", 491 getCMPMessageName( messageType ) ) ); 492 } 493 } 494 if( cryptStatusError( status ) ) >>> CID 479099: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "return status;". 495 return( status ); /* Residual error from checkStatusPeekTag() */ 496 497 /* If it's a revocation response then the only returned data is the 498 status value */ 499 if( protocolInfo->operation == CTAG_PB_RR ) 500 { ** CID 479098: Program hangs (LOCK) /pack_rep.cpp: 95 in sbbs_t::pack_rep(unsigned int)() ________________________________________________________________________________________________________ *** CID 479098: Program hangs (LOCK) /pack_rep.cpp: 95 in sbbs_t::pack_rep(unsigned int)() 89 if(fexistcase(str)) 90 fmode="r+b"; 91 else 92 fmode="w+b"; 93 if((rep=fopen(str, fmode))==NULL) { 94 errormsg(WHERE, ERR_CREATE, str, 0, fmode); >>> CID 479098: Program hangs (LOCK) >>> Returning without unlocking "this->input_thread_mutex". 95 return false; 96 } 97 fseek(rep, 0, SEEK_END); 98 if(ftell(rep) < 1) { /* New REP packet */ 99 fprintf(rep, "%-*s" 100 ,QWK_BLOCK_LEN, hubid_upper); /* So write header */ ** CID 479097: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1035 in closeSession() ________________________________________________________________________________________________________ *** CID 479097: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 1035 in closeSession() 1029 { 1030 const SES_CLOSESUBPROTOCOL_FUNCTION closeSubprotocolFunction = \ 1031 ( SES_CLOSESUBPROTOCOL_FUNCTION ) \ 1032 FNPTR_GET( sessionInfoPtr->closeInnerSubprotocolFunction ); 1033 REQUIRES( closeSubprotocolFunction != NULL ); 1034 >>> CID 479097: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "(void)closeSubprotocolFunct...". 1035 ( void ) closeSubprotocolFunction( sessionInfoPtr ); 1036 } 1037 1038 /* If protocol management is handled by an outer protocol, don't 1039 perform a session shutdown. This is in theory rather nasty in 1040 that an attacker who can spoof an unsecured outer protocol packet ** CID 479096: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 685 in activateConnection() ________________________________________________________________________________________________________ *** CID 479096: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/session.c: 685 in activateConnection() 679 680 /* If there's sub-protocol selected, activate that as well */ 681 #if defined( USE_WEBSOCKETS ) || defined( USE_EAP ) 682 if( sessionInfoPtr->subProtocol != CRYPT_SUBPROTOCOL_NONE && \ 683 FNPTR_ISSET( sessionInfoPtr->activateOuterSubprotocolFunction ) ) 684 { >>> CID 479096: Control flow issues (DEADCODE) >>> Execution cannot reach the expression "sessionInfoPtr->activateOuterSubprotocolFunction.fnPtr" inside this statement: "activateSubprotocolFunction...". 685 const SES_ACTIVATESUBPROTOCOL_FUNCTION activateSubprotocolFunction = \ 686 ( SES_ACTIVATESUBPROTOCOL_FUNCTION ) \ 687 FNPTR_GET( sessionInfoPtr->activateOuterSubprotocolFunction ); 688 REQUIRES( activateSubprotocolFunction != NULL ); 689 690 status = activateSubprotocolFunction( sessionInfoPtr ); ** CID 479095: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/kernel/selftest.c: 130 in testSafetyMechanisms() ________________________________________________________________________________________________________ *** CID 479095: Control flow issues (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/kernel/selftest.c: 130 in testSafetyMechanisms() 124 tmrIntB |= 0x800; 125 tmrIntC |= 0x01; 126 if( TMR_VALID( tmrInt ) || TMR_GET( tmrInt ) != 20 ) 127 return( FALSE ); 128 TMR_SCRUB( tmrInt ); 129 if( tmrIntA != 20 || tmrIntB != 20 || tmrIntC != 20 ) >>> CID 479095: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "return 0;". 130 return( FALSE ); 131 CFI_CHECK_UPDATE( "TMR" ); 132 133 /* Test the overflow-checking mechanisms. These checks will probably 134 fall prey to optimiser inlining but it'll still statically check that 135 they work as expected. ** CID 479094: (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 720 in readAttributeCertInfo() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 668 in readAttributeCertInfo() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 641 in readAttributeCertInfo() ________________________________________________________________________________________________________ *** CID 479094: (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 720 in readAttributeCertInfo() 714 { 715 return( certErrorReturn( certInfoPtr, "issuer unique ID", 716 status ) ); 717 } 718 } 719 if( cryptStatusError( status ) ) >>> CID 479094: (DEADCODE) >>> Execution cannot reach this statement: "return status;". 720 return( status ); /* Residual error from peekTag() */ 721 722 /* If there are no extensions present, we're done */ 723 if( stell( stream ) >= endPos ) 724 return( CRYPT_OK ); 725 /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 668 in readAttributeCertInfo() 662 if( cryptStatusOK( status ) ) 663 status = readIssuerDN( stream, certInfoPtr ); 664 if( cryptStatusError( status ) ) 665 return( certErrorReturn( certInfoPtr, "issuer name", status ) ); 666 } 667 if( cryptStatusError( status ) ) >>> CID 479094: (DEADCODE) >>> Execution cannot reach this statement: "return status;". 668 return( status ); /* Residual error from peekTag() */ 669 if( checkStatusLimitsPeekTag( stream, status, tag, innerEndPos ) && \ 670 tag == MAKE_CTAG( CTAG_AC_ISSUER_BASECERTIFICATEID ) ) 671 { 672 status = readUniversal( stream ); 673 } /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/read.c: 641 in readAttributeCertInfo() 635 if( cryptStatusOK( status ) ) 636 status = readSubjectDN( stream, certInfoPtr ); 637 if( cryptStatusError( status ) ) 638 return( certErrorReturn( certInfoPtr, "holder name", status ) ); 639 } 640 if( cryptStatusError( status ) ) >>> CID 479094: (DEADCODE) >>> Execution cannot reach this statement: "return status;". 641 return( status ); /* Residual error from peekTag() */ 642 if( checkStatusLimitsPeekTag( stream, status, tag, innerEndPos ) && \ 643 tag == MAKE_CTAG( CTAG_AC_HOLDER_OBJECTDIGESTINFO ) ) 644 { 645 /* This is a complicated structure that in effect encodes a generic 646 hole reference to "other", for now we just skip it until we can ** CID 479093: (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1779 in openKeyset() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1770 in openKeyset() /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1771 in openKeyset() ________________________________________________________________________________________________________ *** CID 479093: (DEADCODE) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1779 in openKeyset() 1773 break; 1774 1775 case CRYPT_KEYSET_HTTP: 1776 status = setAccessMethodHTTP( keysetInfoPtr ); 1777 break; 1778 >>> CID 479093: (DEADCODE) >>> Execution cannot reach this statement: "case CRYPT_KEYSET_LDAP:". 1779 case CRYPT_KEYSET_LDAP: 1780 status = setAccessMethodLDAP( keysetInfoPtr ); 1781 break; 1782 1783 default: 1784 retIntError(); /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1770 in openKeyset() 1764 } 1765 1766 /* It's a specific type of keyset, set up the access information for it 1767 and connect to it */ 1768 switch( keysetType ) 1769 { >>> CID 479093: (DEADCODE) >>> Execution cannot reach this statement: "case CRYPT_KEYSET_DATABASE:". 1770 case CRYPT_KEYSET_DATABASE: 1771 case CRYPT_KEYSET_DATABASE_STORE: 1772 status = setAccessMethodDBMS( keysetInfoPtr, keysetType ); 1773 break; 1774 1775 case CRYPT_KEYSET_HTTP: /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cryptkey.c: 1771 in openKeyset() 1765 1766 /* It's a specific type of keyset, set up the access information for it 1767 and connect to it */ 1768 switch( keysetType ) 1769 { 1770 case CRYPT_KEYSET_DATABASE: >>> CID 479093: (DEADCODE) >>> Execution cannot reach this statement: "case CRYPT_KEYSET_DATABASE_...". 1771 case CRYPT_KEYSET_DATABASE_STORE: 1772 status = setAccessMethodDBMS( keysetInfoPtr, keysetType ); 1773 break; 1774 1775 case CRYPT_KEYSET_HTTP: 1776 status = setAccessMethodHTTP( keysetInfoPtr ); ** CID 479092: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/ext_copy.c: 285 in copyAttribute() ________________________________________________________________________________________________________ *** CID 479092: Resource leaks (RESOURCE_LEAK) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/cert/ext_copy.c: 285 in copyAttribute() 279 if( DATAPTR_ISSET_PTR( newAttributeHeadPtr ) ) 280 deleteAttributes( newAttributeHeadPtr ); 281 return( status ); 282 } 283 284 /* Append the new field to the new attribute list */ >>> CID 479092: Resource leaks (RESOURCE_LEAK) >>> Variable "newAttributeField" going out of scope leaks the storage it points to. 285 insertDoubleListElement( newAttributeHeadPtr, newAttributeListTail, 286 newAttributeField, ATTRIBUTE_LIST ); 287 newAttributeListTail = newAttributeField; 288 } 289 ENSURES( LOOP_BOUND_OK ); 290 ENSURES( DATAPTR_ISSET_PTR( newAttributeHeadPtr ) ); ** CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/ssh2_msgcli.c: 707 in processChannelOpenConfirmation() ________________________________________________________________________________________________________ *** CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /tmp/sbbs-Jan-24-2024/3rdp/src/cl/session/ssh2_msgcli.c: 707 in processChannelOpenConfirmation() 701 done */ 702 if( serviceType == SERVICE_PORTFORWARD ) { 703 selectChannel( sessionInfoPtr, origWriteChannelNo, CHANNEL_WRITE ); 704 return( CRYPT_OK ); 705 } 706 >>> CID 479091: Integer handling issues (CONSTANT_EXPRESSION_RESULT) >>> "255612575 || channelNo == 0 || !waitforWindow" is always true regardless of the values of its operands. This occurs as the logical operand of "if". 707 if ( TRUE || channelNo == 0 || !waitforWindow ) 708 { 709 /* It's a session open request that requires additional messages to do 710 anything useful, create and send the extra packets. Unlike the 711 overall open request, we can't wrap and send the packets in one go 712 because serviceType == SERVICE_SHELL has to send multiple packets, ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3D_Ob8_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrDXsFtzU0G-2FWPcCSE76ga65FpTOVnlTg2HlohxKy4ePNmfAvcTgQHzRuwjEUPYcoNsjv51yTcWgn-2B5ZoKEZbHKDuJHZyg4oYm-2B85r0HAuyVfWOvaujD7HGzC-2Bi-2BJJr4c31Rz-2B5noR-2FnEcQw4pO0lSZx8Qbg6Ydb9v-2FQISXmWX5vnA-3D-3D --- SBBSecho 3.20-Linux * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705) .