Subj : New Defects reported by Coverity Scan for Synchronet To : All From : scan-admin@coverity.com Date : Fri Feb 13 2026 01:54 pm ----==_mimepart_698f2d096fc4c_11e62b0ff68619ac1976e Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi, Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan. 18 new defect(s) introduced to Synchronet found with Coverity Scan. 12 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 18 of 18 defect(s) ** CID 643146: Program hangs (SLEEP) _____________________________________________________________________________________________ *** CID 643146: Program hangs (SLEEP) /filterfile.hpp: 56 in filterFile::listed(const char *, const char *, trash *)() 50 const std::lock_guard lock(mutex); 51 if ((now - lastftime_check) >= fchk_interval) { 52 lastftime_check = now; 53 time_t latest = fdate(fname); 54 if (latest > timestamp) { 55 strListFree(&list); >>> CID 643146: Program hangs (SLEEP) >>> Call to "findstr_list" might sleep while holding lock "lock._M_device". 56 list = findstr_list(fname); 57 timestamp = latest; 58 ++fread_count; 59 } 60 } 61 result = trash_in_list(str1, str2, list, details); ** CID 643145: Security best practices violations (DC.WEAK_CRYPTO) /ftpsrvr.cpp: 1844 in ftp_tmpfname(char *, const char *, int)() _____________________________________________________________________________________________ *** CID 643145: Security best practices violations (DC.WEAK_CRYPTO) /ftpsrvr.cpp: 1844 in ftp_tmpfname(char *, const char *, int)() 1838 return FALSE; 1839 } 1840 1841 static char* ftp_tmpfname(char* fname, const char* ext, SOCKET sock) 1842 { 1843 safe_snprintf(fname, MAX_PATH, "%sSBBS_FTP.%x%x%x%lx.%s" >>> CID 643145: Security best practices violations (DC.WEAK_CRYPTO) >>> "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break. 1844 , scfg.temp_dir, getpid(), sock, rand(), (ulong)clock(), ext); 1845 return fname; 1846 } 1847 1848 #if defined(__GNUC__) // Catch printf-format errors 1849 static BOOL send_mlsx(FILE *fp, SOCKET sock, CRYPT_SESSION sess, const char *format, ...) __attribute__ ((format (printf, 4, 5))); ** CID 643144: Memory - corruptions (OVERRUN) /ftpsrvr.cpp: 1359 in filexfer(xp_sockaddr *, int, int, int, int, int *, int *, char *, long, volatile int *, volatile int *, int, int, long *, user_t *, client_t *, int, int, int, int, char *, int)() _____________________________________________________________________________________________ *** CID 643144: Memory - corruptions (OVERRUN) /ftpsrvr.cpp: 1359 in filexfer(xp_sockaddr *, int, int, int, int, int *, int *, char *, long, volatile int *, volatile int *, int, int, long *, user_t *, client_t *, int, int, int, int, char *, int)() 1353 } 1354 1355 addr_len = sizeof(*addr); 1356 #ifdef SOCKET_DEBUG_ACCEPT 1357 socket_debug[ctrl_sock] |= SOCKET_DEBUG_ACCEPT; 1358 #endif >>> CID 643144: Memory - corruptions (OVERRUN) >>> Overrunning struct type sockaddr of 16 bytes by passing it to a function which accesses it at byte offset 127 using argument "addr_len" (which evaluates to 128). 1359 *data_sock = accept(pasv_sock, &addr->addr, &addr_len); 1360 #ifdef SOCKET_DEBUG_ACCEPT 1361 socket_debug[ctrl_sock] &= ~SOCKET_DEBUG_ACCEPT; 1362 #endif 1363 if (*data_sock == INVALID_SOCKET) { 1364 lprintf(LOG_WARNING, "%04d <%s> PASV !DATA ERROR %d accepting connection on socket %d" ** CID 643143: Error handling issues (CHECKED_RETURN) /ftpsrvr.cpp: 450 in sock_recvbyte(int, int, char *, long *)() _____________________________________________________________________________________________ *** CID 643143: Error handling issues (CHECKED_RETURN) /ftpsrvr.cpp: 450 in sock_recvbyte(int, int, char *, long *)() 444 /* Try a read with no timeout first. */ 445 if ((ret = cryptSetAttribute(sess, CRYPT_OPTION_NET_READTIMEOUT, 0)) != CRYPT_OK) 446 GCES(ret, sock, sess, estr, "setting read timeout"); 447 while (1) { 448 ret = cryptPopData(sess, buf, 1, &len); 449 /* Successive reads will be with the full timeout after a socket_readable() */ >>> CID 643143: Error handling issues (CHECKED_RETURN) >>> Calling "cryptSetAttribute" without checking return value (as is done elsewhere 55 out of 68 times). 450 cryptSetAttribute(sess, CRYPT_OPTION_NET_READTIMEOUT, startup->max_inactivity); 451 switch (ret) { 452 case CRYPT_OK: 453 break; 454 case CRYPT_ERROR_TIMEOUT: 455 if (!first) { ** CID 643142: (CHECKED_RETURN) /ftpsrvr.cpp: 663 in send_thread(void *)() /ftpsrvr.cpp: 700 in send_thread(void *)() _____________________________________________________________________________________________ *** CID 643142: (CHECKED_RETURN) /ftpsrvr.cpp: 663 in send_thread(void *)() 657 if (xfer.filepos < 0) 658 xfer.filepos = 0; 659 if (startup->options & FTP_OPT_DEBUG_DATA || xfer.filepos) 660 lprintf(LOG_DEBUG, "%04d <%s> DATA socket %d sending %s from offset %" PRIdOFF 661 , xfer.ctrl_sock, xfer.user->alias, *xfer.data_sock, xfer.filename, xfer.filepos); 662 >>> CID 643142: (CHECKED_RETURN) >>> Calling "fseeko(fp, xfer.filepos, 0)" without checking return value. This library function may fail and return an error code. 663 fseeko(fp, xfer.filepos, SEEK_SET); 664 last_report = start = time(NULL); 665 while ((xfer.filepos + total) < length) { 666 667 now = time(NULL); 668 /ftpsrvr.cpp: 700 in send_thread(void *)() 694 } 695 696 /* Check socket for writability */ 697 if (!socket_writable(*xfer.data_sock, 1000)) 698 continue; 699 >>> CID 643142: (CHECKED_RETURN) >>> Calling "fseeko(fp, xfer.filepos + total, 0)" without checking return value. This library function may fail and return an error code. 700 fseeko(fp, xfer.filepos + total, SEEK_SET); 701 rd = fread(buf, sizeof(char), sizeof(buf), fp); 702 if (rd < 1) /* EOF or READ error */ 703 break; 704 705 #ifdef SOCKET_DEBUG_SEND ** CID 643141: (Y2K38_SAFETY) /websrvr.cpp: 7719 in web_server() /websrvr.cpp: 7721 in web_server() _____________________________________________________________________________________________ *** CID 643141: (Y2K38_SAFETY) /websrvr.cpp: 7719 in web_server() 7713 std::string most_active = request_rate_limiter->most_active(&most_active_count); 7714 char str[sizeof rate_limit_report]; 7715 char tmp[128]; 7716 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)" 7717 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count 7718 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count >>> CID 643141: (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t". 7719 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, logstr) 7720 , request_rate_limiter->disallowed.load() 7721 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp) 7722 , request_rate_limiter->repeat.load()); 7723 if (strcmp(str, rate_limit_report) != 0) { 7724 SAFECOPY(rate_limit_report, str); /websrvr.cpp: 7721 in web_server() 7715 char tmp[128]; 7716 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)" 7717 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count 7718 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count 7719 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, logstr) 7720 , request_rate_limiter->disallowed.load() >>> CID 643141: (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t". 7721 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp) 7722 , request_rate_limiter->repeat.load()); 7723 if (strcmp(str, rate_limit_report) != 0) { 7724 SAFECOPY(rate_limit_report, str); 7725 lprintf(LOG_DEBUG, "%s", rate_limit_report); 7726 } ** CID 643140: (CONSTANT_EXPRESSION_RESULT) /ftpsrvr.cpp: 3431 in ctrl_thread(void *)() /ftpsrvr.cpp: 2847 in ctrl_thread(void *)() /ftpsrvr.cpp: 2557 in ctrl_thread(void *)() /ftpsrvr.cpp: 3214 in ctrl_thread(void *)() /ftpsrvr.cpp: 3490 in ctrl_thread(void *)() /ftpsrvr.cpp: 3242 in ctrl_thread(void *)() /ftpsrvr.cpp: 3174 in ctrl_thread(void *)() /ftpsrvr.cpp: 3204 in ctrl_thread(void *)() /ftpsrvr.cpp: 2885 in ctrl_thread(void *)() /ftpsrvr.cpp: 2540 in ctrl_thread(void *)() /ftpsrvr.cpp: 3192 in ctrl_thread(void *)() /ftpsrvr.cpp: 3363 in ctrl_thread(void *)() /ftpsrvr.cpp: 3366 in ctrl_thread(void *)() /ftpsrvr.cpp: 3367 in ctrl_thread(void *)() /ftpsrvr.cpp: 3283 in ctrl_thread(void *)() _____________________________________________________________________________________________ *** CID 643140: (CONSTANT_EXPRESSION_RESULT) /ftpsrvr.cpp: 3431 in ctrl_thread(void *)() 3425 3426 if (!strnicmp(cmd, "CWD ", 4) || !strnicmp(cmd, "XCWD ", 5)) { 3427 if (!strnicmp(cmd, "CWD ", 4)) 3428 p = cmd + 4; 3429 else 3430 p = cmd + 5; >>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 3431 SKIP_WHITESPACE(p); 3432 tp = p; 3433 if (*tp == '/' || *tp == '\\') /* /local: and /bbs: are valid */ 3434 tp++; 3435 if (!strnicmp(tp, BBS_FSYS_DIR, strlen(BBS_FSYS_DIR))) { 3436 local_fsys = FALSE; /ftpsrvr.cpp: 2847 in ctrl_thread(void *)() 2841 refresh_cfg(&scfg); 2842 sockprintf(sock, sess, "211 ALL servers/nodes will recycle when not in-use"); 2843 continue; 2844 } 2845 if (!strnicmp(cmd, "SITE EXEC ", 10) && sysop) { 2846 p = cmd + 10; >>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 2847 SKIP_WHITESPACE(p); 2848 #ifdef __unix__ 2849 fp = popen(p, "r"); 2850 if (fp == NULL) 2851 sockprintf(sock, sess, "500 Error %d opening pipe to: %s", errno, p); 2852 else { /ftpsrvr.cpp: 2557 in ctrl_thread(void *)() 2551 continue; 2552 } 2553 if (!strnicmp(cmd, "PASS ", 5) && user.alias[0]) { 2554 user.number = 0; 2555 fmutex_close(&mutex_file); 2556 p = cmd + 5; >>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 2557 SKIP_WHITESPACE(p); 2558 2559 SAFECOPY(password, p); 2560 uint usernum = find_login_id(&scfg, user.alias); 2561 if (usernum == 0) { 2562 if (scfg.sys_misc & SM_ECHO_PW) /ftpsrvr.cpp: 3214 in ctrl_thread(void *)() 3208 sockprintf(sock, sess, "200 STREAM mode."); 3209 continue; 3210 } 3211 3212 if (!strnicmp(cmd, "STRU ", 5)) { 3213 p = cmd + 5; >>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 3214 SKIP_WHITESPACE(p); 3215 if (toupper(*p) != 'F') 3216 sockprintf(sock, sess, "504 Only FILE structure supported."); 3217 else 3218 sockprintf(sock, sess, "200 FILE structure."); 3219 continue; /ftpsrvr.cpp: 3490 in ctrl_thread(void *)() 3484 , local_dir); 3485 continue; 3486 } /* Local PWD */ 3487 3488 if (!strnicmp(cmd, "MKD ", 4) || !strnicmp(cmd, "XMKD", 4)) { 3489 p = cmd + 4; >>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 3490 SKIP_WHITESPACE(p); 3491 if (*p == '/') /* absolute */ 3492 SAFEPRINTF2(fname, "%s%s", root_dir(local_dir), p + 1); 3493 else /* relative */ 3494 SAFEPRINTF2(fname, "%s%s", local_dir, p); 3495 /ftpsrvr.cpp: 3242 in ctrl_thread(void *)() 3236 } 3237 continue; 3238 } 3239 3240 if (!strnicmp(cmd, "SMNT ", 5) && sysop && !(startup->options & FTP_OPT_NO_LOCAL_FSYS)) { 3241 p = cmd + 5; >>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 3242 SKIP_WHITESPACE(p); 3243 if (!stricmp(p, BBS_FSYS_DIR)) 3244 local_fsys = FALSE; 3245 else { 3246 if (!direxist(p)) { 3247 sockprintf(sock, sess, "550 Directory does not exist."); /ftpsrvr.cpp: 3174 in ctrl_thread(void *)() 3168 sockprintf(sock, sess, "200 All files sent in BINARY mode."); 3169 continue; 3170 } 3171 3172 if (!strnicmp(cmd, "ALLO", 4)) { 3173 p = cmd + 5; >>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 3174 SKIP_WHITESPACE(p); 3175 if (*p) 3176 l = atol(p); 3177 else 3178 l = 0; 3179 if (local_fsys) /ftpsrvr.cpp: 3204 in ctrl_thread(void *)() 3198 , filepos); 3199 continue; 3200 } 3201 3202 if (!strnicmp(cmd, "MODE ", 5)) { 3203 p = cmd + 5; >>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 3204 SKIP_WHITESPACE(p); 3205 if (toupper(*p) != 'S') 3206 sockprintf(sock, sess, "504 Only STREAM mode supported."); 3207 else 3208 sockprintf(sock, sess, "200 STREAM mode."); 3209 continue; /ftpsrvr.cpp: 2885 in ctrl_thread(void *)() 2879 2880 if (pasv_sock != INVALID_SOCKET) { 2881 ftp_close_socket(&pasv_sock, &pasv_sess, __LINE__); 2882 } 2883 memcpy(&data_addr, &ftp.client_addr, ftp.client_addr_len); 2884 p = cmd + 5; >>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 2885 SKIP_WHITESPACE(p); 2886 if (strnicmp(cmd, "PORT ", 5) == 0 && sscanf(p, "%u,%u,%u,%u,%hd,%hd", &h1, &h2, &h3, &h4, &p1, &p2) == 6) { 2887 data_addr.in.sin_family = AF_INET; 2888 data_addr.in.sin_addr.s_addr = htonl((h1 << 24) | (h2 << 16) | (h3 << 8) | h4); 2889 data_port = (p1 << 8) | p2; 2890 } else if (strnicmp(cmd, "EPRT ", 5) == 0) { /* EPRT */ /ftpsrvr.cpp: 2540 in ctrl_thread(void *)() 2534 } 2535 if (!strnicmp(cmd, "USER ", 5)) { 2536 sysop = FALSE; 2537 user.number = 0; 2538 fmutex_close(&mutex_file); 2539 p = cmd + 5; >>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 2540 SKIP_WHITESPACE(p); 2541 truncsp(p); 2542 SAFECOPY(user.alias, p); 2543 user.number = find_login_id(&scfg, user.alias); 2544 if (!user.number && (stricmp(user.alias, "anonymous") == 0 || stricmp(user.alias, "ftp") == 0)) 2545 user.number = matchuser(&scfg, "guest", FALSE); /ftpsrvr.cpp: 3192 in ctrl_thread(void *)() 3186 sockprintf(sock, sess, "200 %" PRIu64 " bytes available.", avail); 3187 continue; 3188 } 3189 3190 if (!strnicmp(cmd, "REST", 4)) { 3191 p = cmd + 4; >>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 3192 SKIP_WHITESPACE(p); 3193 if (*p) 3194 filepos = atol(p); 3195 else 3196 filepos = 0; 3197 sockprintf(sock, sess, "350 Restarting at %ld. Send STORE or RETRIEVE to initiate transfer." /ftpsrvr.cpp: 3363 in ctrl_thread(void *)() 3357 , sock, user.alias, errno, safe_strerror(errno, error, sizeof error), __LINE__, fname); 3358 sockprintf(sock, sess, "451 Insufficient system storage"); 3359 continue; 3360 } 3361 3362 p = cmd + 4; >>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 3363 SKIP_WHITESPACE(p); 3364 3365 if (*p == '-') { /* -Letc */ 3366 FIND_WHITESPACE(p); 3367 SKIP_WHITESPACE(p); 3368 } /ftpsrvr.cpp: 3366 in ctrl_thread(void *)() 3360 } 3361 3362 p = cmd + 4; 3363 SKIP_WHITESPACE(p); 3364 3365 if (*p == '-') { /* -Letc */ >>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 3366 FIND_WHITESPACE(p); 3367 SKIP_WHITESPACE(p); 3368 } 3369 3370 filespec = p; 3371 if (*filespec == 0) /ftpsrvr.cpp: 3367 in ctrl_thread(void *)() 3361 3362 p = cmd + 4; 3363 SKIP_WHITESPACE(p); 3364 3365 if (*p == '-') { /* -Letc */ 3366 FIND_WHITESPACE(p); >>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 3367 SKIP_WHITESPACE(p); 3368 } 3369 3370 filespec = p; 3371 if (*filespec == 0) 3372 filespec = "*"; /ftpsrvr.cpp: 3283 in ctrl_thread(void *)() 3277 sockprintf(sock, sess, "451 Insufficient system storage"); 3278 continue; 3279 } 3280 } 3281 3282 p = cmd + 4; >>> CID 643140: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 3283 SKIP_WHITESPACE(p); 3284 3285 filespec = p; 3286 if (!local_dir[0]) 3287 strcpy(local_dir, "/"); 3288 SAFEPRINTF2(path, "%s%s", local_dir, filespec); ** CID 643139: (CONSTANT_EXPRESSION_RESULT) /ftpsrvr.cpp: 1557 in ftpalias(char *, char *, user_t *, client_t *, int *)() /ftpsrvr.cpp: 1544 in ftpalias(char *, char *, user_t *, client_t *, int *)() _____________________________________________________________________________________________ *** CID 643139: (CONSTANT_EXPRESSION_RESULT) /ftpsrvr.cpp: 1557 in ftpalias(char *, char *, user_t *, client_t *, int *)() 1551 *tp = 0; 1552 1553 if (stricmp(p, alias)) /* Not a match */ 1554 continue; 1555 1556 p = tp + 1; /* filename */ >>> CID 643139: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 1557 SKIP_WHITESPACE(p); 1558 1559 tp = p; /* terminator */ 1560 FIND_WHITESPACE(tp); 1561 if (*tp) 1562 *tp = 0; /ftpsrvr.cpp: 1544 in ftpalias(char *, char *, user_t *, client_t *, int *)() 1538 1539 while (!feof(fp)) { 1540 if (!fgets(line, sizeof(line), fp)) 1541 break; 1542 1543 p = line; /* alias */ >>> CID 643139: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 1544 SKIP_WHITESPACE(p); 1545 if (*p == ';') /* comment */ 1546 continue; 1547 1548 tp = p; /* terminator */ 1549 FIND_WHITESPACE(tp); ** CID 643138: (Y2K38_SAFETY) /services.cpp: 2230 in services_thread() /services.cpp: 2232 in services_thread() _____________________________________________________________________________________________ *** CID 643138: (Y2K38_SAFETY) /services.cpp: 2230 in services_thread() 2224 std::string most_active = connect_rate_limiter->most_active(&most_active_count); 2225 char str[sizeof rate_limit_report]; 2226 char tmp[128], tmp2[128]; 2227 snprintf(str, sizeof str, "Connect limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)" 2228 , connect_rate_limiter->client_count(), connect_rate_limiter->total(), most_active.c_str(), most_active_count 2229 , connect_rate_limiter->currHighwater.client.c_str(), connect_rate_limiter->currHighwater.count >>> CID 643138: (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "connect_rate_limiter->currHighwater.time" is cast to "time32_t". 2230 , timestr(&scfg, (time32_t)connect_rate_limiter->currHighwater.time, tmp) 2231 , connect_rate_limiter->disallowed.load() 2232 , connect_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)connect_rate_limiter->lastLimited.time, tmp2) 2233 , connect_rate_limiter->repeat.load()); 2234 if (strcmp(str, rate_limit_report) != 0) { 2235 SAFECOPY(rate_limit_report, str); /services.cpp: 2232 in services_thread() 2226 char tmp[128], tmp2[128]; 2227 snprintf(str, sizeof str, "Connect limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)" 2228 , connect_rate_limiter->client_count(), connect_rate_limiter->total(), most_active.c_str(), most_active_count 2229 , connect_rate_limiter->currHighwater.client.c_str(), connect_rate_limiter->currHighwater.count 2230 , timestr(&scfg, (time32_t)connect_rate_limiter->currHighwater.time, tmp) 2231 , connect_rate_limiter->disallowed.load() >>> CID 643138: (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "connect_rate_limiter->lastLimited.time" is cast to "time32_t". 2232 , connect_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)connect_rate_limiter->lastLimited.time, tmp2) 2233 , connect_rate_limiter->repeat.load()); 2234 if (strcmp(str, rate_limit_report) != 0) { 2235 SAFECOPY(rate_limit_report, str); 2236 lprintf(LOG_DEBUG, "%s", rate_limit_report); 2237 } ** CID 643137: (CONSTANT_EXPRESSION_RESULT) /ftpsrvr.cpp: 4105 in ctrl_thread(void *)() /ftpsrvr.cpp: 3782 in ctrl_thread(void *)() _____________________________________________________________________________________________ *** CID 643137: (CONSTANT_EXPRESSION_RESULT) /ftpsrvr.cpp: 4105 in ctrl_thread(void *)() 4099 tp = np; /* terminator pointer */ 4100 FIND_WHITESPACE(tp); 4101 if (*tp) 4102 *tp = 0; 4103 4104 dp = tp + 1; /* description pointer */ >>> CID 643137: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 4105 SKIP_WHITESPACE(dp); 4106 truncsp(dp); 4107 4108 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0) 4109 continue; 4110 /ftpsrvr.cpp: 3782 in ctrl_thread(void *)() 3776 tp = np; /* terminator pointer */ 3777 FIND_WHITESPACE(tp); 3778 if (*tp) 3779 *tp = 0; 3780 3781 dp = tp + 1; /* description pointer */ >>> CID 643137: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 3782 SKIP_WHITESPACE(dp); 3783 truncsp(dp); 3784 3785 if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0) 3786 continue; 3787 ** CID 643136: (Y2K38_SAFETY) /ftpsrvr.cpp: 5417 in ftp_server() /ftpsrvr.cpp: 5416 in ftp_server() _____________________________________________________________________________________________ *** CID 643136: (Y2K38_SAFETY) /ftpsrvr.cpp: 5417 in ftp_server() 5411 std::string most_active = request_rate_limiter->most_active(&most_active_count); 5412 char tmp[128], tmp2[128]; 5413 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s" 5414 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count 5415 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count 5416 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load() >>> CID 643136: (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t". 5417 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2)); 5418 if (strcmp(str, rate_limit_report) != 0) { 5419 SAFECOPY(rate_limit_report, str); 5420 lprintf(LOG_DEBUG, "%s", rate_limit_report); 5421 } 5422 } /ftpsrvr.cpp: 5416 in ftp_server() 5410 size_t most_active_count = 0; 5411 std::string most_active = request_rate_limiter->most_active(&most_active_count); 5412 char tmp[128], tmp2[128]; 5413 snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s" 5414 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count 5415 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count >>> CID 643136: (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t". 5416 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load() 5417 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2)); 5418 if (strcmp(str, rate_limit_report) != 0) { 5419 SAFECOPY(rate_limit_report, str); 5420 lprintf(LOG_DEBUG, "%s", rate_limit_report); 5421 } ** CID 643135: Program hangs (LOCK) /services.cpp: 2476 in services_thread() _____________________________________________________________________________________________ *** CID 643135: Program hangs (LOCK) /services.cpp: 2476 in services_thread() 2470 close_socket(client_socket); 2471 continue; 2472 } 2473 2474 if (!host_exempt->listed(host_ip, nullptr)) { 2475 login_attempt_t attempted; >>> CID 643135: Program hangs (LOCK) >>> "loginBanned" locks "startup->login_attempt_list->mutex" while it is locked. 2476 ulong banned = loginBanned(&scfg, startup->login_attempt_list, client_socket, /* host_name: */ NULL, startup->login_attempt, &attempted); 2477 if (banned) { 2478 char ban_duration[128]; 2479 lprintf(LOG_NOTICE, "%04d [%s] !TEMPORARY BAN (%lu login attempts, last: %s) - remaining: %s" 2480 , client_socket, host_ip, attempted.count - attempted.dupes, attempted.user 2481 , duration_estimate_to_str(banned, ban_duration, sizeof ban_duration, 1, 1)); ** CID 643134: Uninitialized members (UNINIT_CTOR) /filterfile.hpp: 44 in filterFile::filterFile()() _____________________________________________________________________________________________ *** CID 643134: Uninitialized members (UNINIT_CTOR) /filterfile.hpp: 44 in filterFile::filterFile()() 38 filterFile() = default; 39 ~filterFile() { 40 strListFree(&list); 41 } 42 std::atomic fread_count{}; 43 std::atomic total_found{}; >>> CID 643134: Uninitialized members (UNINIT_CTOR) >>> The compiler-generated constructor for this class does not initialize "fchk_interval". 44 time_t fchk_interval; // seconds 45 char fname[MAX_PATH + 1]; 46 bool listed(const char* str1, const char* str2 = nullptr, struct trash* details = nullptr) { 47 bool result; 48 time_t now = time(nullptr); 49 if (fchk_interval) { ** CID 643133: (CONSTANT_EXPRESSION_RESULT) /ftpsrvr.cpp: 4476 in ctrl_thread(void *)() /ftpsrvr.cpp: 4473 in ctrl_thread(void *)() /ftpsrvr.cpp: 4097 in ctrl_thread(void *)() /ftpsrvr.cpp: 3774 in ctrl_thread(void *)() _____________________________________________________________________________________________ *** CID 643133: (CONSTANT_EXPRESSION_RESULT) /ftpsrvr.cpp: 4476 in ctrl_thread(void *)() 4470 *tp = 0; 4471 4472 np = tp + 1; /* filename pointer */ 4473 SKIP_WHITESPACE(np); 4474 4475 np++; /* description pointer */ >>> CID 643133: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 4476 FIND_WHITESPACE(np); 4477 4478 while (*np && *np < ' ') np++; 4479 4480 truncsp(np); 4481 /ftpsrvr.cpp: 4473 in ctrl_thread(void *)() 4467 tp = p; /* terminator pointer */ 4468 FIND_WHITESPACE(tp); 4469 if (*tp) 4470 *tp = 0; 4471 4472 np = tp + 1; /* filename pointer */ >>> CID 643133: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 4473 SKIP_WHITESPACE(np); 4474 4475 np++; /* description pointer */ 4476 FIND_WHITESPACE(np); 4477 4478 while (*np && *np < ' ') np++; /ftpsrvr.cpp: 4097 in ctrl_thread(void *)() 4091 tp = p; /* terminator pointer */ 4092 FIND_WHITESPACE(tp); 4093 if (*tp) 4094 *tp = 0; 4095 4096 np = tp + 1; /* filename pointer */ >>> CID 643133: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 4097 SKIP_WHITESPACE(np); 4098 4099 tp = np; /* terminator pointer */ 4100 FIND_WHITESPACE(tp); 4101 if (*tp) 4102 *tp = 0; /ftpsrvr.cpp: 3774 in ctrl_thread(void *)() 3768 tp = p; /* terminator pointer */ 3769 FIND_WHITESPACE(tp); 3770 if (*tp) 3771 *tp = 0; 3772 3773 np = tp + 1; /* filename pointer */ >>> CID 643133: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 3774 SKIP_WHITESPACE(np); 3775 3776 tp = np; /* terminator pointer */ 3777 FIND_WHITESPACE(tp); 3778 if (*tp) 3779 *tp = 0; ** CID 643132: (CONSTANT_EXPRESSION_RESULT) /ftpsrvr.cpp: 1560 in ftpalias(char *, char *, user_t *, client_t *, int *)() /ftpsrvr.cpp: 1549 in ftpalias(char *, char *, user_t *, client_t *, int *)() _____________________________________________________________________________________________ *** CID 643132: (CONSTANT_EXPRESSION_RESULT) /ftpsrvr.cpp: 1560 in ftpalias(char *, char *, user_t *, client_t *, int *)() 1554 continue; 1555 1556 p = tp + 1; /* filename */ 1557 SKIP_WHITESPACE(p); 1558 1559 tp = p; /* terminator */ >>> CID 643132: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 1560 FIND_WHITESPACE(tp); 1561 if (*tp) 1562 *tp = 0; 1563 1564 if (filename == NULL /* CWD? */ && (*lastchar(p) != '/' || (*fname != 0 && strcmp(fname, alias)))) { 1565 fclose(fp); /ftpsrvr.cpp: 1549 in ftpalias(char *, char *, user_t *, client_t *, int *)() 1543 p = line; /* alias */ 1544 SKIP_WHITESPACE(p); 1545 if (*p == ';') /* comment */ 1546 continue; 1547 1548 tp = p; /* terminator */ >>> CID 643132: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 1549 FIND_WHITESPACE(tp); 1550 if (*tp) 1551 *tp = 0; 1552 1553 if (stricmp(p, alias)) /* Not a match */ 1554 continue; ** CID 643131: (CONSTANT_EXPRESSION_RESULT) /ftpsrvr.cpp: 3769 in ctrl_thread(void *)() /ftpsrvr.cpp: 3777 in ctrl_thread(void *)() /ftpsrvr.cpp: 4100 in ctrl_thread(void *)() /ftpsrvr.cpp: 4092 in ctrl_thread(void *)() /ftpsrvr.cpp: 4468 in ctrl_thread(void *)() _____________________________________________________________________________________________ *** CID 643131: (CONSTANT_EXPRESSION_RESULT) /ftpsrvr.cpp: 3769 in ctrl_thread(void *)() 3763 SKIP_WHITESPACE(p); 3764 3765 if (*p == ';') /* comment */ 3766 continue; 3767 3768 tp = p; /* terminator pointer */ >>> CID 643131: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 3769 FIND_WHITESPACE(tp); 3770 if (*tp) 3771 *tp = 0; 3772 3773 np = tp + 1; /* filename pointer */ 3774 SKIP_WHITESPACE(np); /ftpsrvr.cpp: 3777 in ctrl_thread(void *)() 3771 *tp = 0; 3772 3773 np = tp + 1; /* filename pointer */ 3774 SKIP_WHITESPACE(np); 3775 3776 tp = np; /* terminator pointer */ >>> CID 643131: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 3777 FIND_WHITESPACE(tp); 3778 if (*tp) 3779 *tp = 0; 3780 3781 dp = tp + 1; /* description pointer */ 3782 SKIP_WHITESPACE(dp); /ftpsrvr.cpp: 4100 in ctrl_thread(void *)() 4094 *tp = 0; 4095 4096 np = tp + 1; /* filename pointer */ 4097 SKIP_WHITESPACE(np); 4098 4099 tp = np; /* terminator pointer */ >>> CID 643131: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 4100 FIND_WHITESPACE(tp); 4101 if (*tp) 4102 *tp = 0; 4103 4104 dp = tp + 1; /* description pointer */ 4105 SKIP_WHITESPACE(dp); /ftpsrvr.cpp: 4092 in ctrl_thread(void *)() 4086 SKIP_WHITESPACE(p); 4087 4088 if (*p == ';') /* comment */ 4089 continue; 4090 4091 tp = p; /* terminator pointer */ >>> CID 643131: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 4092 FIND_WHITESPACE(tp); 4093 if (*tp) 4094 *tp = 0; 4095 4096 np = tp + 1; /* filename pointer */ 4097 SKIP_WHITESPACE(np); /ftpsrvr.cpp: 4468 in ctrl_thread(void *)() 4462 SKIP_WHITESPACE(p); 4463 4464 if (*p == ';') /* comment */ 4465 continue; 4466 4467 tp = p; /* terminator pointer */ >>> CID 643131: (CONSTANT_EXPRESSION_RESULT) >>> "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". 4468 FIND_WHITESPACE(tp); 4469 if (*tp) 4470 *tp = 0; 4471 4472 np = tp + 1; /* filename pointer */ 4473 SKIP_WHITESPACE(np); ** CID 643130: Error handling issues (CHECKED_RETURN) /ftpsrvr.cpp: 929 in receive_thread(void *)() _____________________________________________________________________________________________ *** CID 643130: Error handling issues (CHECKED_RETURN) /ftpsrvr.cpp: 929 in receive_thread(void *)() 923 924 *xfer.aborted = FALSE; 925 if (xfer.filepos || startup->options & FTP_OPT_DEBUG_DATA) 926 lprintf(LOG_DEBUG, "%04d <%s> DATA socket %d receiving %s from offset %" PRIdOFF 927 , xfer.ctrl_sock, xfer.user->alias, *xfer.data_sock, xfer.filename, xfer.filepos); 928 >>> CID 643130: Error handling issues (CHECKED_RETURN) >>> Calling "fseeko(fp, xfer.filepos, 0)" without checking return value. This library function may fail and return an error code. 929 fseeko(fp, xfer.filepos, SEEK_SET); 930 931 // Determine the maximum file size to allow, accounting for minimum free space 932 char path[MAX_PATH + 1]; 933 SAFECOPY(path, xfer.filename); 934 *getfname(path) = '\0'; ** CID 643129: (Y2K38_SAFETY) /mailsrvr.cpp: 6497 in mail_server() /mailsrvr.cpp: 6496 in mail_server() _____________________________________________________________________________________________ *** CID 643129: (Y2K38_SAFETY) /mailsrvr.cpp: 6497 in mail_server() 6491 std::string most_active = request_rate_limiter->most_active(&most_active_count); 6492 char tmp[128], tmp2[128]; 6493 snprintf(str, sizeof str, "Rate limiting current; clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s" 6494 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count 6495 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count 6496 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load() >>> CID 643129: (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t". 6497 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2)); 6498 if (strcmp(str, rate_limit_report) != 0) { 6499 SAFECOPY(rate_limit_report, str); 6500 lprintf(LOG_DEBUG, "%s", rate_limit_report); 6501 } 6502 } /mailsrvr.cpp: 6496 in mail_server() 6490 size_t most_active_count = 0; 6491 std::string most_active = request_rate_limiter->most_active(&most_active_count); 6492 char tmp[128], tmp2[128]; 6493 snprintf(str, sizeof str, "Rate limiting current; clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s" 6494 , request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count 6495 , request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count >>> CID 643129: (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t". 6496 , timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load() 6497 , request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2)); 6498 if (strcmp(str, rate_limit_report) != 0) { 6499 SAFECOPY(rate_limit_report, str); 6500 lprintf(LOG_DEBUG, "%s", rate_limit_report); 6501 } ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/synchronet?tab=overview ----==_mimepart_698f2d096fc4c_11e62b0ff68619ac1976e Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit New Defects Reported - Synchronet

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

  • New Defects Found: 18
  • 12 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
  • Defects Shown: Showing 18 of 18 defect(s)

Defect Details

** CID 643146:       Program hangs  (SLEEP)


_____________________________________________________________________________________________
*** CID 643146:         Program hangs  (SLEEP)
/filterfile.hpp: 56             in filterFile::listed(const char *, const char *, trash *)()
50     				const std::lock_guard<std::mutex> lock(mutex);
51     				if ((now - lastftime_check) >= fchk_interval) {
52     					lastftime_check = now;
53     					time_t latest = fdate(fname);
54     					if (latest > timestamp) {
55     						strListFree(&list);
>>>     CID 643146:         Program hangs  (SLEEP)
>>>     Call to "findstr_list" might sleep while holding lock "lock._M_device".
56     						list = findstr_list(fname);
57     						timestamp = latest;
58     						++fread_count;
59     					}
60     				}
61     				result = trash_in_list(str1, str2, list, details);

** CID 643145:       Security best practices violations  (DC.WEAK_CRYPTO)
/ftpsrvr.cpp: 1844           in ftp_tmpfname(char *, const char *, int)()


_____________________________________________________________________________________________
*** CID 643145:         Security best practices violations  (DC.WEAK_CRYPTO)
/ftpsrvr.cpp: 1844             in ftp_tmpfname(char *, const char *, int)()
1838     	return FALSE;
1839     }
1840
1841     static char* ftp_tmpfname(char* fname, const char* ext, SOCKET sock)
1842     {
1843     	safe_snprintf(fname, MAX_PATH, "%sSBBS_FTP.%x%x%x%lx.%s"
>>>     CID 643145:         Security best practices violations  (DC.WEAK_CRYPTO)
>>>     "rand" should not be used for security-related applications, because linear congruential algorithms are too easy to break.
1844     	              , scfg.temp_dir, getpid(), sock, rand(), (ulong)clock(), ext);
1845     	return fname;
1846     }
1847
1848     #if defined(__GNUC__)   // Catch printf-format errors
1849     static BOOL send_mlsx(FILE *fp, SOCKET sock, CRYPT_SESSION sess, const char *format, ...) __attribute__ ((format (printf, 4, 5)));

** CID 643144:       Memory - corruptions  (OVERRUN)
/ftpsrvr.cpp: 1359           in filexfer(xp_sockaddr *, int, int, int, int, int *, int *, char *, long, volatile int *, volatile int *, int, int, long *, user_t *, client_t *, int, int, int, int, char *, int)()


_____________________________________________________________________________________________
*** CID 643144:         Memory - corruptions  (OVERRUN)
/ftpsrvr.cpp: 1359             in filexfer(xp_sockaddr *, int, int, int, int, int *, int *, char *, long, volatile int *, volatile int *, int, int, long *, user_t *, client_t *, int, int, int, int, char *, int)()
1353     		}
1354
1355     		addr_len = sizeof(*addr);
1356     #ifdef SOCKET_DEBUG_ACCEPT
1357     		socket_debug[ctrl_sock] |= SOCKET_DEBUG_ACCEPT;
1358     #endif
>>>     CID 643144:         Memory - corruptions  (OVERRUN)
>>>     Overrunning struct type sockaddr of 16 bytes by passing it to a function which accesses it at byte offset 127 using argument "addr_len" (which evaluates to 128).
1359     		*data_sock = accept(pasv_sock, &addr->addr, &addr_len);
1360     #ifdef SOCKET_DEBUG_ACCEPT
1361     		socket_debug[ctrl_sock] &= ~SOCKET_DEBUG_ACCEPT;
1362     #endif
1363     		if (*data_sock == INVALID_SOCKET) {
1364     			lprintf(LOG_WARNING, "%04d <%s> PASV !DATA ERROR %d accepting connection on socket %d"

** CID 643143:       Error handling issues  (CHECKED_RETURN)
/ftpsrvr.cpp: 450           in sock_recvbyte(int, int, char *, long *)()


_____________________________________________________________________________________________
*** CID 643143:         Error handling issues  (CHECKED_RETURN)
/ftpsrvr.cpp: 450             in sock_recvbyte(int, int, char *, long *)()
444     		/* Try a read with no timeout first. */
445     		if ((ret = cryptSetAttribute(sess, CRYPT_OPTION_NET_READTIMEOUT, 0)) != CRYPT_OK)
446     			GCES(ret, sock, sess, estr, "setting read timeout");
447     		while (1) {
448     			ret = cryptPopData(sess, buf, 1, &len);
449     			/* Successive reads will be with the full timeout after a socket_readable() */
>>>     CID 643143:         Error handling issues  (CHECKED_RETURN)
>>>     Calling "cryptSetAttribute" without checking return value (as is done elsewhere 55 out of 68 times).
450     			cryptSetAttribute(sess, CRYPT_OPTION_NET_READTIMEOUT, startup->max_inactivity);
451     			switch (ret) {
452     				case CRYPT_OK:
453     					break;
454     				case CRYPT_ERROR_TIMEOUT:
455     					if (!first) {

** CID 643142:         (CHECKED_RETURN)
/ftpsrvr.cpp: 663           in send_thread(void *)()
/ftpsrvr.cpp: 700           in send_thread(void *)()


_____________________________________________________________________________________________
*** CID 643142:           (CHECKED_RETURN)
/ftpsrvr.cpp: 663             in send_thread(void *)()
657     	if (xfer.filepos < 0)
658     		xfer.filepos = 0;
659     	if (startup->options & FTP_OPT_DEBUG_DATA || xfer.filepos)
660     		lprintf(LOG_DEBUG, "%04d <%s> DATA socket %d sending %s from offset %" PRIdOFF
661     		        , xfer.ctrl_sock, xfer.user->alias, *xfer.data_sock, xfer.filename, xfer.filepos);
662
>>>     CID 643142:           (CHECKED_RETURN)
>>>     Calling "fseeko(fp, xfer.filepos, 0)" without checking return value. This library function may fail and return an error code.
663     	fseeko(fp, xfer.filepos, SEEK_SET);
664     	last_report = start = time(NULL);
665     	while ((xfer.filepos + total) < length) {
666
667     		now = time(NULL);
668
/ftpsrvr.cpp: 700             in send_thread(void *)()
694     		}
695
696     		/* Check socket for writability */
697     		if (!socket_writable(*xfer.data_sock, 1000))
698     			continue;
699
>>>     CID 643142:           (CHECKED_RETURN)
>>>     Calling "fseeko(fp, xfer.filepos + total, 0)" without checking return value. This library function may fail and return an error code.
700     		fseeko(fp, xfer.filepos + total, SEEK_SET);
701     		rd = fread(buf, sizeof(char), sizeof(buf), fp);
702     		if (rd < 1) /* EOF or READ error */
703     			break;
704
705     #ifdef SOCKET_DEBUG_SEND

** CID 643141:         (Y2K38_SAFETY)
/websrvr.cpp: 7719           in web_server()
/websrvr.cpp: 7721           in web_server()


_____________________________________________________________________________________________
*** CID 643141:           (Y2K38_SAFETY)
/websrvr.cpp: 7719             in web_server()
7713     				std::string most_active = request_rate_limiter->most_active(&most_active_count);
7714     				char str[sizeof rate_limit_report];
7715     				char tmp[128];
7716     				snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
7717     					, request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
7718     					, request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
>>>     CID 643141:           (Y2K38_SAFETY)
>>>     A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t".
7719     					, timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, logstr)
7720     					, request_rate_limiter->disallowed.load()
7721     					, request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp)
7722     					, request_rate_limiter->repeat.load());
7723     				if (strcmp(str, rate_limit_report) != 0) {
7724     					SAFECOPY(rate_limit_report, str);
/websrvr.cpp: 7721             in web_server()
7715     				char tmp[128];
7716     				snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
7717     					, request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
7718     					, request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
7719     					, timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, logstr)
7720     					, request_rate_limiter->disallowed.load()
>>>     CID 643141:           (Y2K38_SAFETY)
>>>     A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t".
7721     					, request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp)
7722     					, request_rate_limiter->repeat.load());
7723     				if (strcmp(str, rate_limit_report) != 0) {
7724     					SAFECOPY(rate_limit_report, str);
7725     					lprintf(LOG_DEBUG, "%s", rate_limit_report);
7726     				}

** CID 643140:         (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3431           in ctrl_thread(void *)()
/ftpsrvr.cpp: 2847           in ctrl_thread(void *)()
/ftpsrvr.cpp: 2557           in ctrl_thread(void *)()
/ftpsrvr.cpp: 3214           in ctrl_thread(void *)()
/ftpsrvr.cpp: 3490           in ctrl_thread(void *)()
/ftpsrvr.cpp: 3242           in ctrl_thread(void *)()
/ftpsrvr.cpp: 3174           in ctrl_thread(void *)()
/ftpsrvr.cpp: 3204           in ctrl_thread(void *)()
/ftpsrvr.cpp: 2885           in ctrl_thread(void *)()
/ftpsrvr.cpp: 2540           in ctrl_thread(void *)()
/ftpsrvr.cpp: 3192           in ctrl_thread(void *)()
/ftpsrvr.cpp: 3363           in ctrl_thread(void *)()
/ftpsrvr.cpp: 3366           in ctrl_thread(void *)()
/ftpsrvr.cpp: 3367           in ctrl_thread(void *)()
/ftpsrvr.cpp: 3283           in ctrl_thread(void *)()


_____________________________________________________________________________________________
*** CID 643140:           (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3431             in ctrl_thread(void *)()
3425
3426     			if (!strnicmp(cmd, "CWD ", 4) || !strnicmp(cmd, "XCWD ", 5)) {
3427     				if (!strnicmp(cmd, "CWD ", 4))
3428     					p = cmd + 4;
3429     				else
3430     					p = cmd + 5;
>>>     CID 643140:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3431     				SKIP_WHITESPACE(p);
3432     				tp = p;
3433     				if (*tp == '/' || *tp == '\\') /* /local: and /bbs: are valid */
3434     					tp++;
3435     				if (!strnicmp(tp, BBS_FSYS_DIR, strlen(BBS_FSYS_DIR))) {
3436     					local_fsys = FALSE;
/ftpsrvr.cpp: 2847             in ctrl_thread(void *)()
2841     			refresh_cfg(&scfg);
2842     			sockprintf(sock, sess, "211 ALL servers/nodes will recycle when not in-use");
2843     			continue;
2844     		}
2845     		if (!strnicmp(cmd, "SITE EXEC ", 10) && sysop) {
2846     			p = cmd + 10;
>>>     CID 643140:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2847     			SKIP_WHITESPACE(p);
2848     #ifdef __unix__
2849     			fp = popen(p, "r");
2850     			if (fp == NULL)
2851     				sockprintf(sock, sess, "500 Error %d opening pipe to: %s", errno, p);
2852     			else {
/ftpsrvr.cpp: 2557             in ctrl_thread(void *)()
2551     			continue;
2552     		}
2553     		if (!strnicmp(cmd, "PASS ", 5) && user.alias[0]) {
2554     			user.number = 0;
2555     			fmutex_close(&mutex_file);
2556     			p = cmd + 5;
>>>     CID 643140:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2557     			SKIP_WHITESPACE(p);
2558
2559     			SAFECOPY(password, p);
2560     			uint usernum = find_login_id(&scfg, user.alias);
2561     			if (usernum == 0) {
2562     				if (scfg.sys_misc & SM_ECHO_PW)
/ftpsrvr.cpp: 3214             in ctrl_thread(void *)()
3208     				sockprintf(sock, sess, "200 STREAM mode.");
3209     			continue;
3210     		}
3211
3212     		if (!strnicmp(cmd, "STRU ", 5)) {
3213     			p = cmd + 5;
>>>     CID 643140:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3214     			SKIP_WHITESPACE(p);
3215     			if (toupper(*p) != 'F')
3216     				sockprintf(sock, sess, "504 Only FILE structure supported.");
3217     			else
3218     				sockprintf(sock, sess, "200 FILE structure.");
3219     			continue;
/ftpsrvr.cpp: 3490             in ctrl_thread(void *)()
3484     				           , local_dir);
3485     				continue;
3486     			} /* Local PWD */
3487
3488     			if (!strnicmp(cmd, "MKD ", 4) || !strnicmp(cmd, "XMKD", 4)) {
3489     				p = cmd + 4;
>>>     CID 643140:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3490     				SKIP_WHITESPACE(p);
3491     				if (*p == '/') /* absolute */
3492     					SAFEPRINTF2(fname, "%s%s", root_dir(local_dir), p + 1);
3493     				else        /* relative */
3494     					SAFEPRINTF2(fname, "%s%s", local_dir, p);
3495
/ftpsrvr.cpp: 3242             in ctrl_thread(void *)()
3236     			}
3237     			continue;
3238     		}
3239
3240     		if (!strnicmp(cmd, "SMNT ", 5) && sysop && !(startup->options & FTP_OPT_NO_LOCAL_FSYS)) {
3241     			p = cmd + 5;
>>>     CID 643140:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3242     			SKIP_WHITESPACE(p);
3243     			if (!stricmp(p, BBS_FSYS_DIR))
3244     				local_fsys = FALSE;
3245     			else {
3246     				if (!direxist(p)) {
3247     					sockprintf(sock, sess, "550 Directory does not exist.");
/ftpsrvr.cpp: 3174             in ctrl_thread(void *)()
3168     			sockprintf(sock, sess, "200 All files sent in BINARY mode.");
3169     			continue;
3170     		}
3171
3172     		if (!strnicmp(cmd, "ALLO", 4)) {
3173     			p = cmd + 5;
>>>     CID 643140:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3174     			SKIP_WHITESPACE(p);
3175     			if (*p)
3176     				l = atol(p);
3177     			else
3178     				l = 0;
3179     			if (local_fsys)
/ftpsrvr.cpp: 3204             in ctrl_thread(void *)()
3198     			           , filepos);
3199     			continue;
3200     		}
3201
3202     		if (!strnicmp(cmd, "MODE ", 5)) {
3203     			p = cmd + 5;
>>>     CID 643140:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3204     			SKIP_WHITESPACE(p);
3205     			if (toupper(*p) != 'S')
3206     				sockprintf(sock, sess, "504 Only STREAM mode supported.");
3207     			else
3208     				sockprintf(sock, sess, "200 STREAM mode.");
3209     			continue;
/ftpsrvr.cpp: 2885             in ctrl_thread(void *)()
2879
2880     			if (pasv_sock != INVALID_SOCKET)  {
2881     				ftp_close_socket(&pasv_sock, &pasv_sess, __LINE__);
2882     			}
2883     			memcpy(&data_addr, &ftp.client_addr, ftp.client_addr_len);
2884     			p = cmd + 5;
>>>     CID 643140:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2885     			SKIP_WHITESPACE(p);
2886     			if (strnicmp(cmd, "PORT ", 5) == 0 && sscanf(p, "%u,%u,%u,%u,%hd,%hd", &h1, &h2, &h3, &h4, &p1, &p2) == 6) {
2887     				data_addr.in.sin_family = AF_INET;
2888     				data_addr.in.sin_addr.s_addr = htonl((h1 << 24) | (h2 << 16) | (h3 << 8) | h4);
2889     				data_port = (p1 << 8) | p2;
2890     			} else if (strnicmp(cmd, "EPRT ", 5) == 0) { /* EPRT */
/ftpsrvr.cpp: 2540             in ctrl_thread(void *)()
2534     		}
2535     		if (!strnicmp(cmd, "USER ", 5)) {
2536     			sysop = FALSE;
2537     			user.number = 0;
2538     			fmutex_close(&mutex_file);
2539     			p = cmd + 5;
>>>     CID 643140:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
2540     			SKIP_WHITESPACE(p);
2541     			truncsp(p);
2542     			SAFECOPY(user.alias, p);
2543     			user.number = find_login_id(&scfg, user.alias);
2544     			if (!user.number && (stricmp(user.alias, "anonymous") == 0 || stricmp(user.alias, "ftp") == 0))
2545     				user.number = matchuser(&scfg, "guest", FALSE);
/ftpsrvr.cpp: 3192             in ctrl_thread(void *)()
3186     				sockprintf(sock, sess, "200 %" PRIu64 " bytes available.", avail);
3187     			continue;
3188     		}
3189
3190     		if (!strnicmp(cmd, "REST", 4)) {
3191     			p = cmd + 4;
>>>     CID 643140:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3192     			SKIP_WHITESPACE(p);
3193     			if (*p)
3194     				filepos = atol(p);
3195     			else
3196     				filepos = 0;
3197     			sockprintf(sock, sess, "350 Restarting at %ld. Send STORE or RETRIEVE to initiate transfer."
/ftpsrvr.cpp: 3363             in ctrl_thread(void *)()
3357     					        , sock, user.alias, errno, safe_strerror(errno, error, sizeof error), __LINE__, fname);
3358     					sockprintf(sock, sess, "451 Insufficient system storage");
3359     					continue;
3360     				}
3361
3362     				p = cmd + 4;
>>>     CID 643140:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3363     				SKIP_WHITESPACE(p);
3364
3365     				if (*p == '-') {   /* -Letc */
3366     					FIND_WHITESPACE(p);
3367     					SKIP_WHITESPACE(p);
3368     				}
/ftpsrvr.cpp: 3366             in ctrl_thread(void *)()
3360     				}
3361
3362     				p = cmd + 4;
3363     				SKIP_WHITESPACE(p);
3364
3365     				if (*p == '-') {   /* -Letc */
>>>     CID 643140:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3366     					FIND_WHITESPACE(p);
3367     					SKIP_WHITESPACE(p);
3368     				}
3369
3370     				filespec = p;
3371     				if (*filespec == 0)
/ftpsrvr.cpp: 3367             in ctrl_thread(void *)()
3361
3362     				p = cmd + 4;
3363     				SKIP_WHITESPACE(p);
3364
3365     				if (*p == '-') {   /* -Letc */
3366     					FIND_WHITESPACE(p);
>>>     CID 643140:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3367     					SKIP_WHITESPACE(p);
3368     				}
3369
3370     				filespec = p;
3371     				if (*filespec == 0)
3372     					filespec = "*";
/ftpsrvr.cpp: 3283             in ctrl_thread(void *)()
3277     							sockprintf(sock, sess, "451 Insufficient system storage");
3278     							continue;
3279     						}
3280     					}
3281
3282     					p = cmd + 4;
>>>     CID 643140:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3283     					SKIP_WHITESPACE(p);
3284
3285     					filespec = p;
3286     					if (!local_dir[0])
3287     						strcpy(local_dir, "/");
3288     					SAFEPRINTF2(path, "%s%s", local_dir, filespec);

** CID 643139:         (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1557           in ftpalias(char *, char *, user_t *, client_t *, int *)()
/ftpsrvr.cpp: 1544           in ftpalias(char *, char *, user_t *, client_t *, int *)()


_____________________________________________________________________________________________
*** CID 643139:           (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1557             in ftpalias(char *, char *, user_t *, client_t *, int *)()
1551     			*tp = 0;
1552
1553     		if (stricmp(p, alias))   /* Not a match */
1554     			continue;
1555
1556     		p = tp + 1;     /* filename */
>>>     CID 643139:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1557     		SKIP_WHITESPACE(p);
1558
1559     		tp = p;       /* terminator */
1560     		FIND_WHITESPACE(tp);
1561     		if (*tp)
1562     			*tp = 0;
/ftpsrvr.cpp: 1544             in ftpalias(char *, char *, user_t *, client_t *, int *)()
1538
1539     	while (!feof(fp)) {
1540     		if (!fgets(line, sizeof(line), fp))
1541     			break;
1542
1543     		p = line; /* alias */
>>>     CID 643139:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*p == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1544     		SKIP_WHITESPACE(p);
1545     		if (*p == ';') /* comment */
1546     			continue;
1547
1548     		tp = p;       /* terminator */
1549     		FIND_WHITESPACE(tp);

** CID 643138:         (Y2K38_SAFETY)
/services.cpp: 2230           in services_thread()
/services.cpp: 2232           in services_thread()


_____________________________________________________________________________________________
*** CID 643138:           (Y2K38_SAFETY)
/services.cpp: 2230             in services_thread()
2224     				std::string most_active = connect_rate_limiter->most_active(&most_active_count);
2225     				char str[sizeof rate_limit_report];
2226     				char tmp[128], tmp2[128];
2227     				snprintf(str, sizeof str, "Connect limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
2228     					, connect_rate_limiter->client_count(), connect_rate_limiter->total(), most_active.c_str(), most_active_count
2229     					, connect_rate_limiter->currHighwater.client.c_str(), connect_rate_limiter->currHighwater.count
>>>     CID 643138:           (Y2K38_SAFETY)
>>>     A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "connect_rate_limiter->currHighwater.time" is cast to "time32_t".
2230     					, timestr(&scfg, (time32_t)connect_rate_limiter->currHighwater.time, tmp)
2231     					, connect_rate_limiter->disallowed.load()
2232     					, connect_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)connect_rate_limiter->lastLimited.time, tmp2)
2233     					, connect_rate_limiter->repeat.load());
2234     				if (strcmp(str, rate_limit_report) != 0) {
2235     					SAFECOPY(rate_limit_report, str);
/services.cpp: 2232             in services_thread()
2226     				char tmp[128], tmp2[128];
2227     				snprintf(str, sizeof str, "Connect limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s (repeat: %u)"
2228     					, connect_rate_limiter->client_count(), connect_rate_limiter->total(), most_active.c_str(), most_active_count
2229     					, connect_rate_limiter->currHighwater.client.c_str(), connect_rate_limiter->currHighwater.count
2230     					, timestr(&scfg, (time32_t)connect_rate_limiter->currHighwater.time, tmp)
2231     					, connect_rate_limiter->disallowed.load()
>>>     CID 643138:           (Y2K38_SAFETY)
>>>     A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "connect_rate_limiter->lastLimited.time" is cast to "time32_t".
2232     					, connect_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)connect_rate_limiter->lastLimited.time, tmp2)
2233     					, connect_rate_limiter->repeat.load());
2234     				if (strcmp(str, rate_limit_report) != 0) {
2235     					SAFECOPY(rate_limit_report, str);
2236     					lprintf(LOG_DEBUG, "%s", rate_limit_report);
2237     				}

** CID 643137:         (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4105           in ctrl_thread(void *)()
/ftpsrvr.cpp: 3782           in ctrl_thread(void *)()


_____________________________________________________________________________________________
*** CID 643137:           (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4105             in ctrl_thread(void *)()
4099     						tp = np;      /* terminator pointer */
4100     						FIND_WHITESPACE(tp);
4101     						if (*tp)
4102     							*tp = 0;
4103
4104     						dp = tp + 1;    /* description pointer */
>>>     CID 643137:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4105     						SKIP_WHITESPACE(dp);
4106     						truncsp(dp);
4107
4108     						if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
4109     							continue;
4110
/ftpsrvr.cpp: 3782             in ctrl_thread(void *)()
3776     								tp = np;      /* terminator pointer */
3777     								FIND_WHITESPACE(tp);
3778     								if (*tp)
3779     									*tp = 0;
3780
3781     								dp = tp + 1;    /* description pointer */
>>>     CID 643137:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*dp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3782     								SKIP_WHITESPACE(dp);
3783     								truncsp(dp);
3784
3785     								if (stricmp(dp, BBS_HIDDEN_ALIAS) == 0)
3786     									continue;
3787

** CID 643136:         (Y2K38_SAFETY)
/ftpsrvr.cpp: 5417           in ftp_server()
/ftpsrvr.cpp: 5416           in ftp_server()


_____________________________________________________________________________________________
*** CID 643136:           (Y2K38_SAFETY)
/ftpsrvr.cpp: 5417             in ftp_server()
5411     				std::string most_active = request_rate_limiter->most_active(&most_active_count);
5412     				char tmp[128], tmp2[128];
5413     				snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
5414     					, request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
5415     					, request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
5416     					, timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()
>>>     CID 643136:           (Y2K38_SAFETY)
>>>     A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t".
5417     					, request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
5418     				if (strcmp(str, rate_limit_report) != 0) {
5419     					SAFECOPY(rate_limit_report, str);
5420     					lprintf(LOG_DEBUG, "%s", rate_limit_report);
5421     				}
5422     			}
/ftpsrvr.cpp: 5416             in ftp_server()
5410     				size_t most_active_count = 0;
5411     				std::string most_active = request_rate_limiter->most_active(&most_active_count);
5412     				char tmp[128], tmp2[128];
5413     				snprintf(str, sizeof str, "Rate limiting current: clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
5414     					, request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
5415     					, request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
>>>     CID 643136:           (Y2K38_SAFETY)
>>>     A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t".
5416     					, timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()
5417     					, request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
5418     				if (strcmp(str, rate_limit_report) != 0) {
5419     					SAFECOPY(rate_limit_report, str);
5420     					lprintf(LOG_DEBUG, "%s", rate_limit_report);
5421     				}

** CID 643135:       Program hangs  (LOCK)
/services.cpp: 2476           in services_thread()


_____________________________________________________________________________________________
*** CID 643135:         Program hangs  (LOCK)
/services.cpp: 2476             in services_thread()
2470     						close_socket(client_socket);
2471     						continue;
2472     					}
2473
2474     					if (!host_exempt->listed(host_ip, nullptr)) {
2475     						login_attempt_t attempted;
>>>     CID 643135:         Program hangs  (LOCK)
>>>     "loginBanned" locks "startup->login_attempt_list->mutex" while it is locked.
2476     						ulong           banned = loginBanned(&scfg, startup->login_attempt_list, client_socket, /* host_name: */ NULL, startup->login_attempt, &attempted);
2477     						if (banned) {
2478     							char ban_duration[128];
2479     							lprintf(LOG_NOTICE, "%04d [%s] !TEMPORARY BAN (%lu login attempts, last: %s) - remaining: %s"
2480     									, client_socket, host_ip, attempted.count - attempted.dupes, attempted.user
2481     									, duration_estimate_to_str(banned, ban_duration, sizeof ban_duration, 1, 1));

** CID 643134:       Uninitialized members  (UNINIT_CTOR)
/filterfile.hpp: 44           in filterFile::filterFile()()


_____________________________________________________________________________________________
*** CID 643134:         Uninitialized members  (UNINIT_CTOR)
/filterfile.hpp: 44             in filterFile::filterFile()()
38     		filterFile() = default;
39     		~filterFile() {
40     			strListFree(&list);
41     		}
42     		std::atomic<uint> fread_count{};
43     		std::atomic<uint> total_found{};
>>>     CID 643134:         Uninitialized members  (UNINIT_CTOR)
>>>     The compiler-generated constructor for this class does not initialize "fchk_interval".
44     		time_t fchk_interval; // seconds
45     		char fname[MAX_PATH + 1];
46     		bool listed(const char* str1, const char* str2 = nullptr, struct trash* details = nullptr) {
47     			bool result;
48     			time_t now = time(nullptr);
49     			if (fchk_interval) {

** CID 643133:         (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4476           in ctrl_thread(void *)()
/ftpsrvr.cpp: 4473           in ctrl_thread(void *)()
/ftpsrvr.cpp: 4097           in ctrl_thread(void *)()
/ftpsrvr.cpp: 3774           in ctrl_thread(void *)()


_____________________________________________________________________________________________
*** CID 643133:           (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 4476             in ctrl_thread(void *)()
4470     									*tp = 0;
4471
4472     								np = tp + 1;    /* filename pointer */
4473     								SKIP_WHITESPACE(np);
4474
4475     								np++;       /* description pointer */
>>>     CID 643133:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4476     								FIND_WHITESPACE(np);
4477
4478     								while (*np && *np < ' ') np++;
4479
4480     								truncsp(np);
4481
/ftpsrvr.cpp: 4473             in ctrl_thread(void *)()
4467     								tp = p;       /* terminator pointer */
4468     								FIND_WHITESPACE(tp);
4469     								if (*tp)
4470     									*tp = 0;
4471
4472     								np = tp + 1;    /* filename pointer */
>>>     CID 643133:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4473     								SKIP_WHITESPACE(np);
4474
4475     								np++;       /* description pointer */
4476     								FIND_WHITESPACE(np);
4477
4478     								while (*np && *np < ' ') np++;
/ftpsrvr.cpp: 4097             in ctrl_thread(void *)()
4091     						tp = p;       /* terminator pointer */
4092     						FIND_WHITESPACE(tp);
4093     						if (*tp)
4094     							*tp = 0;
4095
4096     						np = tp + 1;    /* filename pointer */
>>>     CID 643133:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4097     						SKIP_WHITESPACE(np);
4098
4099     						tp = np;      /* terminator pointer */
4100     						FIND_WHITESPACE(tp);
4101     						if (*tp)
4102     							*tp = 0;
/ftpsrvr.cpp: 3774             in ctrl_thread(void *)()
3768     								tp = p;       /* terminator pointer */
3769     								FIND_WHITESPACE(tp);
3770     								if (*tp)
3771     									*tp = 0;
3772
3773     								np = tp + 1;    /* filename pointer */
>>>     CID 643133:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*np == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3774     								SKIP_WHITESPACE(np);
3775
3776     								tp = np;      /* terminator pointer */
3777     								FIND_WHITESPACE(tp);
3778     								if (*tp)
3779     									*tp = 0;

** CID 643132:         (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1560           in ftpalias(char *, char *, user_t *, client_t *, int *)()
/ftpsrvr.cpp: 1549           in ftpalias(char *, char *, user_t *, client_t *, int *)()


_____________________________________________________________________________________________
*** CID 643132:           (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 1560             in ftpalias(char *, char *, user_t *, client_t *, int *)()
1554     			continue;
1555
1556     		p = tp + 1;     /* filename */
1557     		SKIP_WHITESPACE(p);
1558
1559     		tp = p;       /* terminator */
>>>     CID 643132:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1560     		FIND_WHITESPACE(tp);
1561     		if (*tp)
1562     			*tp = 0;
1563
1564     		if (filename == NULL /* CWD? */ && (*lastchar(p) != '/' || (*fname != 0 && strcmp(fname, alias)))) {
1565     			fclose(fp);
/ftpsrvr.cpp: 1549             in ftpalias(char *, char *, user_t *, client_t *, int *)()
1543     		p = line; /* alias */
1544     		SKIP_WHITESPACE(p);
1545     		if (*p == ';') /* comment */
1546     			continue;
1547
1548     		tp = p;       /* terminator */
>>>     CID 643132:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
1549     		FIND_WHITESPACE(tp);
1550     		if (*tp)
1551     			*tp = 0;
1552
1553     		if (stricmp(p, alias))   /* Not a match */
1554     			continue;

** CID 643131:         (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3769           in ctrl_thread(void *)()
/ftpsrvr.cpp: 3777           in ctrl_thread(void *)()
/ftpsrvr.cpp: 4100           in ctrl_thread(void *)()
/ftpsrvr.cpp: 4092           in ctrl_thread(void *)()
/ftpsrvr.cpp: 4468           in ctrl_thread(void *)()


_____________________________________________________________________________________________
*** CID 643131:           (CONSTANT_EXPRESSION_RESULT)
/ftpsrvr.cpp: 3769             in ctrl_thread(void *)()
3763     								SKIP_WHITESPACE(p);
3764
3765     								if (*p == ';') /* comment */
3766     									continue;
3767
3768     								tp = p;       /* terminator pointer */
>>>     CID 643131:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3769     								FIND_WHITESPACE(tp);
3770     								if (*tp)
3771     									*tp = 0;
3772
3773     								np = tp + 1;    /* filename pointer */
3774     								SKIP_WHITESPACE(np);
/ftpsrvr.cpp: 3777             in ctrl_thread(void *)()
3771     									*tp = 0;
3772
3773     								np = tp + 1;    /* filename pointer */
3774     								SKIP_WHITESPACE(np);
3775
3776     								tp = np;      /* terminator pointer */
>>>     CID 643131:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
3777     								FIND_WHITESPACE(tp);
3778     								if (*tp)
3779     									*tp = 0;
3780
3781     								dp = tp + 1;    /* description pointer */
3782     								SKIP_WHITESPACE(dp);
/ftpsrvr.cpp: 4100             in ctrl_thread(void *)()
4094     							*tp = 0;
4095
4096     						np = tp + 1;    /* filename pointer */
4097     						SKIP_WHITESPACE(np);
4098
4099     						tp = np;      /* terminator pointer */
>>>     CID 643131:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4100     						FIND_WHITESPACE(tp);
4101     						if (*tp)
4102     							*tp = 0;
4103
4104     						dp = tp + 1;    /* description pointer */
4105     						SKIP_WHITESPACE(dp);
/ftpsrvr.cpp: 4092             in ctrl_thread(void *)()
4086     						SKIP_WHITESPACE(p);
4087
4088     						if (*p == ';') /* comment */
4089     							continue;
4090
4091     						tp = p;       /* terminator pointer */
>>>     CID 643131:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4092     						FIND_WHITESPACE(tp);
4093     						if (*tp)
4094     							*tp = 0;
4095
4096     						np = tp + 1;    /* filename pointer */
4097     						SKIP_WHITESPACE(np);
/ftpsrvr.cpp: 4468             in ctrl_thread(void *)()
4462     								SKIP_WHITESPACE(p);
4463
4464     								if (*p == ';') /* comment */
4465     									continue;
4466
4467     								tp = p;       /* terminator pointer */
>>>     CID 643131:           (CONSTANT_EXPRESSION_RESULT)
>>>     "(unsigned char)*tp == CP437_NO_BREAK_SPACE" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
4468     								FIND_WHITESPACE(tp);
4469     								if (*tp)
4470     									*tp = 0;
4471
4472     								np = tp + 1;    /* filename pointer */
4473     								SKIP_WHITESPACE(np);

** CID 643130:       Error handling issues  (CHECKED_RETURN)
/ftpsrvr.cpp: 929           in receive_thread(void *)()


_____________________________________________________________________________________________
*** CID 643130:         Error handling issues  (CHECKED_RETURN)
/ftpsrvr.cpp: 929             in receive_thread(void *)()
923
924     	*xfer.aborted = FALSE;
925     	if (xfer.filepos || startup->options & FTP_OPT_DEBUG_DATA)
926     		lprintf(LOG_DEBUG, "%04d <%s> DATA socket %d receiving %s from offset %" PRIdOFF
927     		        , xfer.ctrl_sock, xfer.user->alias, *xfer.data_sock, xfer.filename, xfer.filepos);
928
>>>     CID 643130:         Error handling issues  (CHECKED_RETURN)
>>>     Calling "fseeko(fp, xfer.filepos, 0)" without checking return value. This library function may fail and return an error code.
929     	fseeko(fp, xfer.filepos, SEEK_SET);
930
931     	// Determine the maximum file size to allow, accounting for minimum free space
932     	char    path[MAX_PATH + 1];
933     	SAFECOPY(path, xfer.filename);
934     	*getfname(path) = '\0';

** CID 643129:         (Y2K38_SAFETY)
/mailsrvr.cpp: 6497           in mail_server()
/mailsrvr.cpp: 6496           in mail_server()


_____________________________________________________________________________________________
*** CID 643129:           (Y2K38_SAFETY)
/mailsrvr.cpp: 6497             in mail_server()
6491     				std::string most_active = request_rate_limiter->most_active(&most_active_count);
6492     				char tmp[128], tmp2[128];
6493     				snprintf(str, sizeof str, "Rate limiting current; clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
6494     					, request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
6495     					, request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
6496     					, timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()
>>>     CID 643129:           (Y2K38_SAFETY)
>>>     A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "request_rate_limiter->lastLimited.time" is cast to "time32_t".
6497     					, request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
6498     				if (strcmp(str, rate_limit_report) != 0) {
6499     					SAFECOPY(rate_limit_report, str);
6500     					lprintf(LOG_DEBUG, "%s", rate_limit_report);
6501     				}
6502     			}
/mailsrvr.cpp: 6496             in mail_server()
6490     				size_t most_active_count = 0;
6491     				std::string most_active = request_rate_limiter->most_active(&most_active_count);
6492     				char tmp[128], tmp2[128];
6493     				snprintf(str, sizeof str, "Rate limiting current; clients=%zu, requests=%zu, most-active=%s (%zu), highest: %s (%u) on %s, limited: %u, last: %s on %s"
6494     					, request_rate_limiter->client_count(), request_rate_limiter->total(), most_active.c_str(), most_active_count
6495     					, request_rate_limiter->currHighwater.client.c_str(), request_rate_limiter->currHighwater.count
>>>     CID 643129:           (Y2K38_SAFETY)
>>>     A "time_t" value is stored in an integer with too few bits to accommodate it.  The expression "request_rate_limiter->currHighwater.time" is cast to "time32_t".
6496     					, timestr(&scfg, (time32_t)request_rate_limiter->currHighwater.time, tmp), request_rate_limiter->disallowed.load()
6497     					, request_rate_limiter->lastLimited.client.c_str(), timestr(&scfg, (time32_t)request_rate_limiter->lastLimited.time, tmp2));
6498     				if (strcmp(str, rate_limit_report) != 0) {
6499     					SAFECOPY(rate_limit_report, str);
6500     					lprintf(LOG_DEBUG, "%s", rate_limit_report);
6501     				}

View Defects in Coverity Scan

Best regards,

The Coverity Scan Admin Team

----==_mimepart_698f2d096fc4c_11e62b0ff68619ac1976e-- .