Synchronet now requires the libarchive development package (e.g. libarchive-dev on Debian-based Linux distros, libarchive.org for more info) to build successfully.

Commit 9344a7d8 authored by Rob Swindell's avatar Rob Swindell 💬

Address more Coverity issues

Reverted the SAFECOPY() NULL source-pointer magic "(null)" string thing as that caused a different Coverity issue. Explicitly check for NULL at the call-sites instead.
parent 454a05f0
Pipeline #1331 passed with stage
in 9 minutes and 24 seconds
/* Synchronet real-time chat functions */
// vi: tabstop=4
/* $Id: chat.cpp,v 1.84 2020/08/15 21:58:14 rswindell Exp $ */
/****************************************************************************
* @format.tab-size 4 (Plain Text/Source Code File Header) *
......@@ -16,21 +13,9 @@
* See the GNU General Public License for more details: gpl.txt or *
* http://www.fsf.org/copyleft/gpl.html *
* *
* Anonymous FTP access to the most recent released source is available at *
* ftp://vert.synchro.net, ftp://cvs.synchro.net and ftp://ftp.synchro.net *
* *
* Anonymous CVS access to the development source and modification history *
* is available at cvs.synchro.net:/cvsroot/sbbs, example: *
* cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs login *
* (just hit return, no password is necessary) *
* cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs checkout src *
* *
* For Synchronet coding style and modification guidelines, see *
* http://www.synchro.net/source.html *
* *
* You are encouraged to submit any modifications (preferably in Unix diff *
* format) via e-mail to mods@synchro.net *
* *
* Note: If this box doesn't appear square, then you need to fix your tabs. *
****************************************************************************/
......@@ -87,7 +72,7 @@ void sbbs_t::multinodechat(int channel)
errormsg(WHERE,ERR_ALLOC,str,(size_t)filelength(file)+1);
return;
}
read(file,gurubuf,(size_t)filelength(file));
(void)read(file,gurubuf,(size_t)filelength(file));
gurubuf[filelength(file)]=0;
close(file);
}
......@@ -242,7 +227,7 @@ void sbbs_t::multinodechat(int channel)
,(size_t)filelength(file)+1);
break;
}
read(file,gurubuf,(size_t)filelength(file));
(void)read(file,gurubuf,(size_t)filelength(file));
gurubuf[filelength(file)]=0;
close(file);
}
......@@ -584,7 +569,7 @@ bool sbbs_t::guru_page(void)
close(file);
return(false);
}
read(file,gurubuf,(size_t)filelength(file));
(void)read(file,gurubuf,(size_t)filelength(file));
gurubuf[filelength(file)]=0;
close(file);
localguru(gurubuf,i);
......@@ -1074,8 +1059,8 @@ void sbbs_t::privchat(bool forced, int node_num)
continue;
}
read(out,&c,1);
lseek(out,-1L,SEEK_CUR);
(void)read(out,&c,1);
(void)lseek(out,-1L,SEEK_CUR);
if(!c) /* hasn't wrapped */
write(out,&ch,1);
else {
......@@ -1097,8 +1082,8 @@ void sbbs_t::privchat(bool forced, int node_num)
lseek(in,0L,SEEK_SET);
ch=0;
utime(inpath,NULL);
read(in,&ch,1);
lseek(in,-1L,SEEK_CUR);
(void)read(in,&ch,1);
(void)lseek(in,-1L,SEEK_CUR);
if(!ch) break; /* char from other node */
activity=1;
if(sys_status&SS_SPLITP && !remote_activity) {
......
......@@ -174,14 +174,13 @@ void sbbs_t::show_msghdr(smb_t* smb, smbmsg_t* msg, const char* subject, const c
if(smb != NULL)
this->smb = *smb; // Needed for @-codes and JS bbs.smb_* properties
if(msg != NULL) {
current_msg = msg; // Needed for @-codes and JS bbs.msg_* properties
current_msg_subj = msg->subj;
current_msg_from = msg->from;
current_msg_to = msg->to;
if(msg->hdr.auxattr & MSG_HFIELDS_UTF8)
pmode |= P_UTF8;
}
current_msg = msg; // Needed for @-codes and JS bbs.msg_* properties
current_msg_subj = msg->subj;
current_msg_from = msg->from;
current_msg_to = msg->to;
if(msg->hdr.auxattr & MSG_HFIELDS_UTF8)
pmode |= P_UTF8;
if(subject != NULL)
current_msg_subj = subject;
if(from != NULL)
......@@ -392,7 +391,11 @@ void sbbs_t::download_msg_attachments(smb_t* smb, smbmsg_t* msg, bool del)
if(msg->hdr.auxattr&MSG_FILEATTACH) { /* Attached file */
char subj[FIDO_SUBJ_LEN];
smb_getmsgidx(smb, msg);
int result = smb_getmsgidx(smb, msg);
if(result != SMB_SUCCESS) {
errormsg(WHERE, ERR_READ, "index", result, smb->last_error);
return;
}
SAFECOPY(subj, msg->subj); /* filenames (multiple?) in title */
char *p,*tp,ch;
tp=subj;
......@@ -439,7 +442,7 @@ void sbbs_t::download_msg_attachments(smb_t* smb, smbmsg_t* msg, bool del)
int error = protocol(cfg.prot[i], XFER_DOWNLOAD, fpath, nulstr, false);
if(checkprotresult(cfg.prot[i],error,&fd)) {
if(del)
remove(fpath);
(void)remove(fpath);
logon_dlb+=length; /* Update stats */
logon_dls++;
useron.dls=(ushort)adjustuserrec(&cfg,useron.number
......
......@@ -92,19 +92,19 @@ BOOL inc_sys_upload_stats(scfg_t* cfg, ulong files, ulong bytes)
int file;
uint32_t val;
sprintf(str,"%sdsts.dab",cfg->ctrl_dir);
SAFEPRINTF(str,"%sdsts.dab",cfg->ctrl_dir);
if((file=nopen(str,O_RDWR))==-1)
return(FALSE);
lseek(file,20L,SEEK_SET); /* Skip timestamp, logons and logons today */
read(file,&val,4); /* Uploads today */
(void)lseek(file,20L,SEEK_SET); /* Skip timestamp, logons and logons today */
(void)read(file,&val,4); /* Uploads today */
val+=files;
lseek(file,-4L,SEEK_CUR);
write(file,&val,4);
read(file,&val,4); /* Upload bytes today */
(void)lseek(file,-4L,SEEK_CUR);
(void)write(file,&val,4);
(void)read(file,&val,4); /* Upload bytes today */
val+=bytes;
lseek(file,-4L,SEEK_CUR);
write(file,&val,4);
(void)lseek(file,-4L,SEEK_CUR);
(void)write(file,&val,4);
close(file);
return(TRUE);
}
......@@ -115,19 +115,19 @@ BOOL inc_sys_download_stats(scfg_t* cfg, ulong files, ulong bytes)
int file;
uint32_t val;
sprintf(str,"%sdsts.dab",cfg->ctrl_dir);
SAFEPRINTF(str,"%sdsts.dab",cfg->ctrl_dir);
if((file=nopen(str,O_RDWR))==-1)
return(FALSE);
lseek(file,28L,SEEK_SET); /* Skip timestamp, logons and logons today */
read(file,&val,4); /* Downloads today */
(void)lseek(file,28L,SEEK_SET); /* Skip timestamp, logons and logons today */
(void)read(file,&val,4); /* Downloads today */
val+=files;
lseek(file,-4L,SEEK_CUR);
write(file,&val,4);
read(file,&val,4); /* Download bytes today */
(void)lseek(file,-4L,SEEK_CUR);
(void)write(file,&val,4);
(void)read(file,&val,4); /* Download bytes today */
val+=bytes;
lseek(file,-4L,SEEK_CUR);
write(file,&val,4);
(void)lseek(file,-4L,SEEK_CUR);
(void)write(file,&val,4);
close(file);
return(TRUE);
}
......@@ -866,10 +866,12 @@ static JSBool js_bbs_set(JSContext *cx, JSObject *obj, jsid id, JSBool strict, j
sbbs->posts_read=val;
break;
case BBS_PROP_MENU_DIR:
SAFECOPY(sbbs->menu_dir,p);
if(p != NULL)
SAFECOPY(sbbs->menu_dir,p);
break;
case BBS_PROP_MENU_FILE:
SAFECOPY(sbbs->menu_file,p);
if(p != NULL)
SAFECOPY(sbbs->menu_file,p);
break;
case BBS_PROP_MAIN_CMDS:
sbbs->main_cmds=val;
......@@ -936,16 +938,20 @@ static JSBool js_bbs_set(JSContext *cx, JSObject *obj, jsid id, JSBool strict, j
break;
case BBS_PROP_RLOGIN_NAME:
SAFECOPY(sbbs->rlogin_name,p);
if(p != NULL)
SAFECOPY(sbbs->rlogin_name,p);
break;
case BBS_PROP_RLOGIN_PASS:
SAFECOPY(sbbs->rlogin_pass,p);
if(p != NULL)
SAFECOPY(sbbs->rlogin_pass,p);
break;
case BBS_PROP_RLOGIN_TERM:
SAFECOPY(sbbs->rlogin_term,p);
if(p != NULL)
SAFECOPY(sbbs->rlogin_term,p);
break;
case BBS_PROP_CLIENT_NAME:
SAFECOPY(sbbs->client_name,p);
if(p != NULL)
SAFECOPY(sbbs->client_name,p);
break;
case BBS_PROP_ALTUL:
......@@ -954,7 +960,8 @@ static JSBool js_bbs_set(JSContext *cx, JSObject *obj, jsid id, JSBool strict, j
break;
case BBS_PROP_COMMAND_STR:
sprintf(sbbs->main_csi.str, "%.*s", 1024, p);
if(p != NULL)
sprintf(sbbs->main_csi.str, "%.*s", 1024, p);
break;
default:
......
......@@ -1483,8 +1483,11 @@ js_iniSetAllObjects(JSContext *cx, uintN argc, jsval *arglist)
return(JS_FALSE);
}
if(p->fp==NULL)
if(p->fp==NULL) {
if(name != name_def)
free(name);
return(JS_TRUE);
}
rc=JS_SUSPENDREQUEST(cx);
if((list=iniReadFile(p->fp))==NULL) {
......
/* js_internal.c */
/* Synchronet "js" object, for internal JavaScript callback and GC control */
/* $Id: js_internal.c,v 1.99 2020/03/29 23:40:57 rswindell Exp $ */
/****************************************************************************
* @format.tab-size 4 (Plain Text/Source Code File Header) *
* @format.use-tabs true (see http://www.synchro.net/ptsc_hdr.html) *
......@@ -17,21 +13,9 @@
* See the GNU General Public License for more details: gpl.txt or *
* http://www.fsf.org/copyleft/gpl.html *
* *
* Anonymous FTP access to the most recent released source is available at *
* ftp://vert.synchro.net, ftp://cvs.synchro.net and ftp://ftp.synchro.net *
* *
* Anonymous CVS access to the development source and modification history *
* is available at cvs.synchro.net:/cvsroot/sbbs, example: *
* cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs login *
* (just hit return, no password is necessary) *
* cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs checkout src *
* *
* For Synchronet coding style and modification guidelines, see *
* http://www.synchro.net/source.html *
* *
* You are encouraged to submit any modifications (preferably in Unix diff *
* format) via e-mail to mods@synchro.net *
* *
* Note: If this box doesn't appear square, then you need to fix your tabs. *
****************************************************************************/
......@@ -431,11 +415,11 @@ js_execfile(JSContext *cx, uintN argc, jsval *arglist)
}
val = OBJECT_TO_JSVAL(load_path_list);
JS_SetProperty(cx, js_obj, JAVASCRIPT_LOAD_PATH_LIST, &val);
JS_GetArrayLength(cx, pload_path_list, &plen);
for (pcnt = 0; pcnt < plen; pcnt++) {
JS_GetElement(cx, pload_path_list, pcnt, &val);
JS_SetElement(cx, load_path_list, pcnt, &val);
}
if(JS_GetArrayLength(cx, pload_path_list, &plen))
for (pcnt = 0; pcnt < plen; pcnt++) {
if(JS_GetElement(cx, pload_path_list, pcnt, &val))
JS_SetElement(cx, load_path_list, pcnt, &val);
}
}
else {
JS_ReportError(cx, "Unable to get parent js."JAVASCRIPT_LOAD_PATH_LIST" array.");
......
......@@ -2817,6 +2817,7 @@ js_listening_socket_constructor(JSContext *cx, uintN argc, jsval *arglist)
JS_ReportError(cx, "Unable to create socket set");
goto fail;
}
// Q for Deuce: what calls xpms_destroy or otherwise free()'s this set (once assigned to p->set)?
if (obj == NULL) {
JSVALUE_TO_MSTRING(cx, argv[0], interface, NULL);
HANDLE_PENDING(cx, interface);
......@@ -2874,11 +2875,15 @@ js_listening_socket_constructor(JSContext *cx, uintN argc, jsval *arglist)
if(!JS_SetPrivate(cx, obj, p)) {
JS_ReportError(cx,"JS_SetPrivate failed");
free(p);
free(set);
return(JS_FALSE);
}
if(!js_DefineSocketOptionsArray(cx, obj, type))
if(!js_DefineSocketOptionsArray(cx, obj, type)) {
free(p);
free(set);
return(JS_FALSE);
}
#ifdef BUILD_JSDOCS
js_DescribeSyncObject(cx,obj,"Class used for incoming TCP/IP socket communications",317);
......@@ -2903,6 +2908,7 @@ js_listening_socket_constructor(JSContext *cx, uintN argc, jsval *arglist)
fail:
if (protocol)
free(protocol);
free(set);
return JS_FALSE;
}
......
......@@ -865,8 +865,10 @@ js_uifc_list(JSContext *cx, uintN argc, jsval *arglist)
return(JS_FALSE);
}
if(JS_IsArrayObject(cx, objarg)) {
if(!JS_GetArrayLength(cx, objarg, &numopts))
if(!JS_GetArrayLength(cx, objarg, &numopts)) {
free(title);
return(JS_TRUE);
}
if(opts == NULL)
opts=strListInit();
for(i=0;i<numopts;i++) {
......
......@@ -3495,6 +3495,33 @@ sbbs_t::sbbs_t(ushort node_num, union xp_sockaddr *addr, size_t addr_len, const
/* used by update_qwkroute(): */
qwknode=NULL;
total_qwknodes=0;
qwkmail_last = 0;
logon_ulb = 0;
logon_dlb = 0;
logon_uls = 0;
logon_dls = 0;
logon_posts = 0;
logon_emails = 0;
logon_fbacks = 0;
logon_ml = 0;
main_cmds = 0;
xfer_cmds = 0;
posts_read = 0;
temp_cdt = 0;
autohang = 0;
curgrp = 0;
curlib = 0;
usrgrps = 0;
usrlibs = 0;
comspec = 0;
altul = 0;
noaccess_str = 0;
noaccess_val = 0;
cur_output_rate = output_rate_unlimited;
getstr_offset = 0;
lastnodemsg = 0;
xtrn_mode = 0;
}
//****************************************************************************
......
......@@ -377,6 +377,7 @@ void sbbs_t::qwktonetmail(FILE *rep, char *block, char *into, uchar fromhub)
memcpy((char *)qwkbuf,block,QWK_BLOCK_LEN);
if(fread(qwkbuf+QWK_BLOCK_LEN, QWK_BLOCK_LEN, n-1, rep) != (size_t)n-1) {
errormsg(WHERE, ERR_READ, "QWK block", n-1);
free(qwkbuf);
return;
}
......
......@@ -200,7 +200,7 @@ bool sbbs_t::printtail(const char* fname, int lines, long mode, long org_cols, J
}
if(length > lines * PRINTFILE_MAX_LINE_LEN) {
length = lines * PRINTFILE_MAX_LINE_LEN;
fseek(fp, -length, SEEK_END);
(void)fseek(fp, -length, SEEK_END);
}
if((buf=(char*)malloc(length+1L))==NULL) {
fclose(fp);
......
No preview for this file type
......@@ -3140,7 +3140,7 @@ BOOL is_download_free(scfg_t* cfg, uint dirnum, user_t* user, client_t* client)
if(user->exempt&FLAG('D'))
return(TRUE);
if(cfg->dir[dirnum]->ex_ar==NULL || cfg->dir[dirnum]->ex_ar[0]==0)
if(cfg->dir[dirnum]->ex_ar[0]==0)
return(FALSE);
return(chk_ar(cfg,cfg->dir[dirnum]->ex_ar,user,client));
......
......@@ -3319,7 +3319,7 @@ static BOOL check_extra_path(http_session_t * session)
if(isdir(rpath) && !isdir(session->req.physical_path)) {
for(i=0; startup->index_file_name!=NULL && startup->index_file_name[i]!=NULL ;i++) {
*end=0;
strcat(rpath,startup->index_file_name[i]);
SAFECAT(rpath,startup->index_file_name[i]);
if(!stat(rpath,&sb)) {
sprintf(vp_slash, "/%s", startup->index_file_name[i]);
SAFECOPY(session->req.extra_path_info,epath);
......@@ -3535,13 +3535,13 @@ static BOOL check_request(http_session_t * session)
last_ch=*lastchar(path);
if(!IS_PATH_DELIM(last_ch)) {
session->req.send_location=MOVED_PERM;
strcat(path,"/");
strcat(session->req.physical_path,"/");
SAFECAT(path,"/");
SAFECAT(session->req.physical_path,"/");
}
last_ch=*lastchar(session->req.virtual_path);
if(!IS_PATH_DELIM(last_ch)) {
session->req.send_location=MOVED_PERM;
strcat(session->req.virtual_path,"/");
SAFECAT(session->req.virtual_path,"/");
}
last_slash=find_last_slash(path);
if(last_slash==NULL) {
......@@ -3551,7 +3551,7 @@ static BOOL check_request(http_session_t * session)
last_slash++;
for(i=0; startup->index_file_name!=NULL && startup->index_file_name[i]!=NULL ;i++) {
*last_slash=0;
strcat(path,startup->index_file_name[i]);
SAFECAT(path,startup->index_file_name[i]);
if(startup->options&WEB_OPT_DEBUG_TX)
lprintf(LOG_DEBUG,"%04d Checking for %s",session->socket,path);
if(!stat(path,&sb))
......@@ -3563,7 +3563,7 @@ static BOOL check_request(http_session_t * session)
if(startup->index_file_name==NULL || startup->index_file_name[i] == NULL)
send404=1;
else {
strcat(session->req.virtual_path,startup->index_file_name[i]);
SAFECAT(session->req.virtual_path,startup->index_file_name[i]);
if(session->req.send_location != MOVED_PERM)
session->req.send_location=MOVED_STAT;
}
......@@ -3723,8 +3723,8 @@ static BOOL check_request(http_session_t * session)
if(session->req.method!=HTTP_OPTIONS) {
if(startup->options&WEB_OPT_DEBUG_TX)
lprintf(LOG_DEBUG,"%04d 404 - %s does not exist",session->socket,path);
strcat(session->req.physical_path,session->req.extra_path_info);
strcat(session->req.virtual_path,session->req.extra_path_info);
SAFECAT(session->req.physical_path,session->req.extra_path_info);
SAFECAT(session->req.virtual_path,session->req.extra_path_info);
send_error(session,__LINE__,error_404);
return(FALSE);
}
......@@ -4009,7 +4009,7 @@ struct fastcgi_data {
static struct fastcgi_body * fastcgi_read_body(SOCKET sock)
{
char padding[255];
struct fastcgi_header header;
struct fastcgi_header header = {0};
struct fastcgi_body *body;
if (recv(sock, (char*)&header.len
......@@ -5262,10 +5262,11 @@ js_writefunc(JSContext *cx, uintN argc, jsval *arglist, BOOL writeln)
else {
/* "Fast Mode" requested? */
jsval val;
JSObject* reply;
JSObject* reply = NULL;
if(JS_GetProperty(cx, session->js_glob, "http_reply", &val))
reply=JSVAL_TO_OBJECT(val);
if(JS_GetProperty(cx, reply, "fast", &val)
if(reply != NULL
&& JS_GetProperty(cx, reply, "fast", &val)
&& JSVAL_IS_BOOLEAN(val) && JSVAL_TO_BOOLEAN(val)) {
session->req.keep_alive=FALSE;
rc=JS_SUSPENDREQUEST(cx);
......@@ -5410,7 +5411,7 @@ js_log(JSContext *cx, uintN argc, jsval *arglist)
for(;i<argc && strlen(str)<(sizeof(str)/2);i++) {
char* tp=strchr(str, 0);
JSVALUE_TO_STRBUF(cx, argv[i], tp, sizeof(str)/2, NULL);
strcat(str," ");
SAFECAT(str," ");
}
rc=JS_SUSPENDREQUEST(cx);
lprintf(level,"%04d %s",session->socket,str);
......@@ -6821,9 +6822,9 @@ void http_logging_thread(void* arg)
}
SAFECOPY(newfilename,base);
if((startup->options&WEB_OPT_VIRTUAL_HOSTS) && ld->vhost!=NULL) {
strcat(newfilename,ld->vhost);
SAFECAT(newfilename,ld->vhost);
if(ld->vhost[0])
strcat(newfilename,"-");
SAFECAT(newfilename,"-");
}
strftime(strchr(newfilename,0),15,"%Y-%m-%d.log",&ld->completed);
if(logfile==NULL || strcmp(newfilename,filename)) {
......
......@@ -420,7 +420,7 @@ typedef struct {
#ifdef SAFECOPY_USES_SPRINTF
#define SAFECOPY(dst,src) sprintf(dst,"%.*s",(int)sizeof(dst)-1,src)
#else /* strncpy is faster */
#define SAFECOPY(dst,src) (strncpy(dst,(src)==NULL?"(null)":(src),sizeof(dst)), TERMINATE(dst))
#define SAFECOPY(dst,src) (strncpy(dst,src,sizeof(dst)), TERMINATE(dst))
#endif
#define SAFECAT(dst, src) do { \
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment