Synchronet now requires the libarchive development package (e.g. libarchive-dev on Debian-based Linux distros, libarchive.org for more info) to build successfully.

Commit dd1f72b8 authored by rswindell's avatar rswindell

Address Coverity-reported issues.

parent fefbd96f
......@@ -1016,6 +1016,8 @@ long js_exec(const char *fname, char** args)
if((js_buf=realloc(js_buf,js_buflen+len))==NULL) {
lprintf(LOG_ERR,"!Error allocating %u bytes of memory"
,js_buflen+len);
if(fp!=stdin)
fclose(fp);
return(-1);
}
memcpy(js_buf+js_buflen,line,len);
......
......@@ -294,7 +294,7 @@ int sbbs_t::listfiles(uint dirnum, const char *filespec, int tofile, long mode)
if(tofile) {
write(tofile,crlf,2);
sprintf(hdr,"%*s",c,nulstr);
memset(hdr,'',c);
memset(hdr,0xC4,c);
strcat(hdr,crlf);
write(tofile,hdr,strlen(hdr));
}
......@@ -302,7 +302,7 @@ int sbbs_t::listfiles(uint dirnum, const char *filespec, int tofile, long mode)
CRLF;
attr(cfg.color[clr_filelstline]);
while(c--)
outchar('');
outchar('\xC4');
CRLF;
}
}
......@@ -1009,11 +1009,13 @@ int sbbs_t::listfileinfo(uint dirnum, char *filespec, long mode)
return(0);
l=(long)filelength(file);
if(!l) {
FREE_AND_NULL(usrxfrbuf);
close(file);
return(0);
}
if((ixbbuf=(uchar *)malloc(l))==NULL) {
close(file);
FREE_AND_NULL(usrxfrbuf);
errormsg(WHERE,ERR_ALLOC,str,l);
return(0);
}
......
......@@ -349,6 +349,7 @@ BOOL read_attr_cfg(scfg_t* cfg, char* error)
if((cfg->color=malloc(MIN_COLORS))==NULL) {
sprintf(error,"Error allocating memory (%u bytes) for colors"
,MIN_COLORS);
fclose(instream);
return(FALSE);
}
/* Setup default colors here: */
......
......@@ -150,7 +150,7 @@ void sbbs_t::logout()
if(usrlibs>0)
putuserrec(&cfg,useron.number,U_CURDIR,0,cfg.dir[usrdir[curlib][curdir[curlib]]]->code);
hhmmtostr(&cfg,&tm,str);
strcat(str," ");
SAFECAT(str," ");
if(sys_status&SS_USERON)
safe_snprintf(tmp,sizeof(tmp),"T:%3u R:%3lu P:%3lu E:%3lu F:%3lu "
"U:%3luk %lu D:%3luk %lu"
......@@ -159,8 +159,8 @@ void sbbs_t::logout()
,logon_dlb/1024UL,logon_dls);
else
SAFEPRINTF(tmp,"T:%3u sec",(uint)(now-answertime));
strcat(str,tmp);
strcat(str,"\r\n");
SAFECAT(str,tmp);
SAFECAT(str,"\r\n");
logline("@-",str);
sys_status&=~SS_USERON;
answertime=now; // Incase we're relogging on
......
......@@ -72,6 +72,7 @@ int sbbs_t::delmail(uint usernumber, int which)
}
smb_rewind(smb.sid_fp);
for(l=0;l<smb.status.total_msgs;) {
memset(&msg, 0, sizeof(msg));
if(smb_fread(&smb,&msg.idx,sizeof(idxrec_t),smb.sid_fp)!=sizeof(idxrec_t))
break;
if(!(msg.idx.attr&MSG_PERMANENT)
......
......@@ -2208,11 +2208,13 @@ static int chk_received_hdr(SOCKET socket,const char *buf,IN_ADDR *dnsbl_result,
ai.ai_flags = AI_NUMERICHOST|AI_NUMERICSERV|AI_PASSIVE;
if(getaddrinfo(p, NULL, &ai, &res)!=0)
break;
if(res->ai_family == AF_INET6)
if(res->ai_family == AF_INET6) {
memcpy(&addr, res->ai_addr, res->ai_addrlen);
else
freeaddrinfo(res);
} else {
freeaddrinfo(res);
break;
freeaddrinfo(res);
}
}
else {
strncpy(ip,p,16);
......
......@@ -726,8 +726,10 @@ js_log(JSContext *cx, uintN argc, jsval *arglist)
}
for(; i<argc; i++) {
if((str=JS_ValueToString(cx, argv[i]))==NULL)
if((str=JS_ValueToString(cx, argv[i]))==NULL) {
FREE_AND_NULL(line);
return(JS_FALSE);
}
JSSTRING_TO_RASTRING(cx, str, line, &line_sz, NULL);
if(line==NULL)
return(JS_FALSE);
......@@ -740,7 +742,8 @@ js_log(JSContext *cx, uintN argc, jsval *arglist)
lprintf(level,"Node %d %s", sbbs->cfg.node_num, line);
JS_RESUMEREQUEST(cx, rc);
}
free(line);
if(line != NULL)
free(line);
if(str==NULL)
JS_SET_RVAL(cx, arglist, JSVAL_VOID);
......@@ -844,6 +847,7 @@ js_write(JSContext *cx, uintN argc, jsval *arglist)
sbbs->bputs(cstr);
JS_RESUMEREQUEST(cx, rc);
}
FREE_AND_NULL(cstr);
if(str==NULL)
JS_SET_RVAL(cx, arglist, JSVAL_VOID);
......@@ -876,6 +880,8 @@ js_write_raw(JSContext *cx, uintN argc, jsval *arglist)
sbbs->putcom(str, len);
JS_RESUMEREQUEST(cx, rc);
}
if (str != NULL)
free(str);
return(JS_TRUE);
}
......
......@@ -8,7 +8,7 @@
* @format.tab-size 4 (Plain Text/Source Code File Header) *
* @format.use-tabs true (see http://www.synchro.net/ptsc_hdr.html) *
* *
* Copyright 2015 Rob Swindell - http://www.synchro.net/copyright.html *
* Copyright Rob Swindell - http://www.synchro.net/copyright.html *
* *
* This program is free software; you can redistribute it and/or *
* modify it under the terms of the GNU General Public License *
......@@ -118,7 +118,7 @@ bool sbbs_t::inetmail(const char *into, const char *subj, long mode)
for(x=0;x<cfg.total_prots;x++)
if(cfg.prot[x]->ulcmd[0] && chk_ar(cfg.prot[x]->ar,&useron,&client)) {
sprintf(tmp,"%c",cfg.prot[x]->mnemonic);
strcat(str,tmp);
SAFECAT(str,tmp);
}
ch=(char)getkeys(str,0);
if(ch==text[YNQP][2] || sys_status&SS_ABORT) {
......
......@@ -90,12 +90,12 @@ void sbbs_t::printfile(char *str, long mode)
length=(long)filelength(file);
if(length<0) {
close(file);
fclose(stream);
errormsg(WHERE,ERR_CHK,str,length);
return;
}
if((buf=(char*)malloc(length+1L))==NULL) {
close(file);
fclose(stream);
errormsg(WHERE,ERR_ALLOC,str,length+1L);
return;
}
......
......@@ -278,6 +278,7 @@ bool sbbs_t::qwk_import_msg(FILE *qwk_fp, char *hdrblk, ulong blocks
if(fread(qwkbuf,QWK_BLOCK_LEN,blocks-1,qwk_fp) != blocks-1) {
free(qwkbuf);
errormsg(WHERE,ERR_READ,"QWK msg blocks",(blocks-1)*QWK_BLOCK_LEN);
return false;
}
bodylen=0;
......
......@@ -307,8 +307,10 @@ bool sbbsecho_read_ini(sbbsecho_cfg_t* cfg)
/******************/
str_list_t archivelist = iniGetSectionList(ini, "archive:");
cfg->arcdefs = strListCount(archivelist);
if((cfg->arcdef = realloc(cfg->arcdef, sizeof(arcdef_t)*cfg->arcdefs)) == NULL)
if((cfg->arcdef = realloc(cfg->arcdef, sizeof(arcdef_t)*cfg->arcdefs)) == NULL) {
strListFree(&archivelist);
return false;
}
cfg->arcdefs = 0;
char* archive;
while((archive=strListRemove(&archivelist, 0)) != NULL) {
......@@ -327,8 +329,10 @@ bool sbbsecho_read_ini(sbbsecho_cfg_t* cfg)
/****************/
str_list_t nodelist = iniGetSectionList(ini, "node:");
cfg->nodecfgs = strListCount(nodelist);
if((cfg->nodecfg = realloc(cfg->nodecfg, sizeof(nodecfg_t)*cfg->nodecfgs)) == NULL)
if((cfg->nodecfg = realloc(cfg->nodecfg, sizeof(nodecfg_t)*cfg->nodecfgs)) == NULL) {
strListFree(&nodelist);
return false;
}
cfg->nodecfgs = 0;
char* node;
while((node=strListRemove(&nodelist, 0)) != NULL) {
......@@ -383,8 +387,10 @@ bool sbbsecho_read_ini(sbbsecho_cfg_t* cfg)
/**************/
str_list_t echolists = iniGetSectionList(ini, "echolist:");
cfg->listcfgs = strListCount(echolists);
if((cfg->listcfg = realloc(cfg->listcfg, sizeof(echolist_t)*cfg->listcfgs)) == NULL)
if((cfg->listcfg = realloc(cfg->listcfg, sizeof(echolist_t)*cfg->listcfgs)) == NULL) {
strListFree(&echolists);
return false;
}
cfg->listcfgs = 0;
char* echolist;
while((echolist=strListRemove(&echolists, 0)) != NULL) {
......
......@@ -5941,7 +5941,8 @@ int main(int argc, char **argv)
cmdline[0]=0;
for(i=1;i<argc;i++) {
sprintf(cmdline+strlen(cmdline), "%s ", argv[i]);
SAFECAT(cmdline, argv[i]);
SAFECAT(cmdline, " ");
if(argv[i][0]=='-'
#if !defined(__unix__)
|| argv[i][0]=='/'
......
......@@ -660,6 +660,7 @@ BOOL DLLCALL write_file_cfg(scfg_t* cfg, int backup_level)
put_int(cfg->cdt_up_pct,stream);
put_int(cfg->cdt_dn_pct,stream);
put_int(l,stream); /* unused */
memset(cmd, 0, sizeof(cmd));
put_str(cmd,stream);
put_int(cfg->leech_pct,stream);
put_int(cfg->leech_sec,stream);
......
......@@ -1577,6 +1577,7 @@ static service_t* read_services_ini(const char* services_ini, service_t* service
fclose(fp);
lprintf(LOG_CRIT,"!MALLOC FAILURE");
free(default_interfaces);
iniFreeStringList(sec_list);
return(service);
}
service=np;
......
......@@ -159,6 +159,7 @@ void sbbs_t::sif(char *fname, char *answers, long len)
}
if(lread(file,buf,length)!=length) {
close(file);
free(buf);
errormsg(WHERE,ERR_READ,str,length);
answers[0]=0;
return;
......@@ -328,6 +329,7 @@ void sbbs_t::sof(char *fname, char *answers, long len)
close(file);
errormsg(WHERE,ERR_READ,str,length);
answers[0]=0;
free(buf);
return;
}
close(file);
......
......@@ -150,7 +150,7 @@ void sbbs_t::telnet_gate(char* destaddr, ulong mode, char* client_user_name, cha
while(online) {
if(!(mode&TG_NOCHKTIME))
gettimeleft();
rd=RingBufRead(&inbuf,buf,sizeof(buf));
rd=RingBufRead(&inbuf,buf,sizeof(buf)-1);
if(rd) {
#if 0
if(memchr(buf,TELNET_IAC,rd)) {
......
......@@ -8,7 +8,7 @@
* @format.tab-size 4 (Plain Text/Source Code File Header) *
* @format.use-tabs true (see http://www.synchro.net/ptsc_hdr.html) *
* *
* Copyright 2011 Rob Swindell - http://www.synchro.net/copyright.html *
* Copyright Rob Swindell - http://www.synchro.net/copyright.html *
* *
* This program is free software; you can redistribute it and/or *
* modify it under the terms of the GNU General Public License *
......@@ -171,7 +171,7 @@ void sbbs_t::temp_xfer()
for(i=0;i<cfg.total_prots;i++)
if(cfg.prot[i]->dlcmd[0] && chk_ar(cfg.prot[i]->ar,&useron,&client)) {
sprintf(tmp,"%c",cfg.prot[i]->mnemonic);
strcat(tmp2,tmp);
SAFECAT(tmp2,tmp);
}
ungetkey(useron.prot);
ch=(char)getkeys(tmp2,0);
......
......@@ -2039,8 +2039,13 @@ int DLLCALL putuserrec(scfg_t* cfg, int usernumber,int start, uint length, const
return(-4);
}
if(length==0) /* auto-length */
if(length==0) { /* auto-length */
length=user_rec_len(start);
if((long)length < 0) {
close(file);
return -2;
}
}
strcpy(str2,str);
if(strlen(str2)<length) {
......@@ -2058,8 +2063,10 @@ int DLLCALL putuserrec(scfg_t* cfg, int usernumber,int start, uint length, const
i++;
}
if(i>=LOOP_NODEDAB)
if(i>=LOOP_NODEDAB) {
close(file);
return(-3);
}
write(file,str2,length);
unlock(file,(long)((long)(usernumber-1)*U_LEN)+start,length);
......
......@@ -1407,6 +1407,7 @@ static int sock_sendfile(http_session_t *session,char *path,unsigned long start,
if(start || end) {
if(lseek(file, start, SEEK_SET)==-1) {
lprintf(LOG_WARNING,"%04d !ERROR %d seeking to position %lu in %s",session->socket,ERROR_VALUE,start,path);
close(file);
return(0);
}
remain=end-start+1;
......@@ -1417,6 +1418,7 @@ static int sock_sendfile(http_session_t *session,char *path,unsigned long start,
while((i=read(file, buf, remain>sizeof(buf)?sizeof(buf):remain))>0) {
if(writebuf(session,buf,i)!=i) {
lprintf(LOG_WARNING,"%04d !ERROR sending %s",session->socket,path);
close(file);
return(0);
}
ret+=i;
......@@ -2328,6 +2330,7 @@ static void js_add_header(http_session_t * session, char *key, char *value)
return;
strlwr(lckey);
if((js_str=JS_NewStringCopyZ(session->js_cx, value))==NULL) {
free(lckey);
return;
}
JS_DefineProperty(session->js_cx, session->js_header, lckey, STRING_TO_JSVAL(js_str)
......@@ -3710,6 +3713,7 @@ static SOCKET fastcgi_connect(const char *orig_path, SOCKET client_sock)
// TODO: UNIX-domain sockets...
if (strncmp(path, "unix:", 5) == 0) {
lprintf(LOG_ERR, "%04d UNIX-domain FastCGI sockets not supported (yet)", client_sock);
free(path);
return INVALID_SOCKET;
}
......@@ -3720,6 +3724,7 @@ static SOCKET fastcgi_connect(const char *orig_path, SOCKET client_sock)
result = getaddrinfo(path, port, &hints, &res);
if(result != 0) {
lprintf(LOG_ERR, "%04d ERROR resolving FastCGI address %s port %s", client_sock, path, port);
free(path);
return INVALID_SOCKET;
}
for(cur=res,result=1; result && cur; cur=cur->ai_next) {
......@@ -3750,11 +3755,13 @@ static SOCKET fastcgi_connect(const char *orig_path, SOCKET client_sock)
freeaddrinfo(res);
if(sock == INVALID_SOCKET) {
lprintf(LOG_ERR, "%04d ERROR unable to make FastCGI connection to %s", client_sock, orig_path);
free(path);
return sock;
}
val = 0;
ioctlsocket(sock,FIONBIO,&val);
free(path);
return sock;
}
......@@ -3841,6 +3848,7 @@ static BOOL fastcgi_send_params(SOCKET sock, http_session_t *session)
for(i=0; env[i]; i++) {
if (!fastcgi_add_param(&msg, &end, &size, env[i])) {
free(msg);
strListFree(&env);
return FALSE;
}
if (end > 32000) {
......@@ -3848,11 +3856,13 @@ static BOOL fastcgi_send_params(SOCKET sock, http_session_t *session)
if (sendsocket(sock, (void *)msg, sizeof(struct fastcgi_header) + end) != (sizeof(struct fastcgi_header) + end)) {
lprintf(LOG_ERR, "%04d ERROR sending FastCGI params", session->socket);
free(msg);
strListFree(&env);
return FALSE;
}
end = 0;
}
}
strListFree(&env);
if (end) {
msg->head.len = htons(end);
if (sendsocket(sock, (void *)msg, sizeof(struct fastcgi_header) + end) != (sizeof(struct fastcgi_header) + end)) {
......@@ -5152,7 +5162,7 @@ js_set_cookie(JSContext *cx, uintN argc, jsval *arglist)
if(!p)
return(JS_FALSE);
header+=sprintf(header,"%s",p);
free(p);
FREE_AND_NULL(p);
if(argc>2) {
if(!JS_ValueToInt32(cx,argv[2],&i))
return JS_FALSE;
......@@ -5164,15 +5174,15 @@ js_set_cookie(JSContext *cx, uintN argc, jsval *arglist)
JSVALUE_TO_MSTRING(cx, argv[3], p, NULL);
if(p!=NULL && *p) {
header += sprintf(header,"; domain=%s",p);
free(p);
}
FREE_AND_NULL(p);
}
if(argc>4) {
JSVALUE_TO_MSTRING(cx, argv[4], p, NULL);
if(p!=NULL && *p) {
header += sprintf(header,"; path=%s",p);
free(p);
}
FREE_AND_NULL(p);
}
if(argc>5) {
JS_ValueToBoolean(cx, argv[5], &b);
......
......@@ -174,8 +174,10 @@ int sbbs_t::process_edited_file(const char* src, const char* dest, long mode, un
if((buf=(char*)malloc(len+1))==NULL)
return -2;
if((fp=fopen(src,"rb"))==NULL)
if((fp=fopen(src,"rb"))==NULL) {
free(buf);
return -3;
}
memset(buf,0,len+1);
fread(buf,len,sizeof(char),fp);
......@@ -220,10 +222,10 @@ bool sbbs_t::writemsg(const char *fname, const char *top, char *subj, long mode,
if(editor!=NULL)
*editor=NULL;
if((buf=(char*)malloc(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN))
if((buf=(char*)malloc((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) + 1))
==NULL) {
errormsg(WHERE,ERR_ALLOC,fname
,cfg.level_linespermsg[useron_level]*MAX_LINE_LEN);
,(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) +1);
return(false);
}
......
......@@ -2065,7 +2065,7 @@ char* sbbs_t::cmdstr(const char *instr, const char *fpath, const char *fspec, ch
else
cmd=outstr;
len=strlen(instr);
for(i=j=0;i<len && j<(int)sizeof(cmdstr_output);i++) {
for(i=j=0; i<len && j < (int)sizeof(cmdstr_output)-1; i++) {
if(instr[i]=='%') {
i++;
cmd[j]=0;
......@@ -2229,7 +2229,7 @@ char* DLLCALL cmdstr(scfg_t* cfg, user_t* user, const char* instr, const char* f
if(cmd==NULL) cmd=buf;
len=strlen(instr);
for(i=j=0;i<len && j<MAX_PATH;i++) {
for(i=j=0; i<len && j < sizeof(buf)-1; i++) {
if(instr[i]=='%') {
i++;
cmd[j]=0;
......
......@@ -275,7 +275,7 @@ static void lfexpand(char *str, ulong misc)
if(misc&XTRN_NATIVE)
return;
for(p=str;*p && len < sizeof(newstr)-1;p++) {
for(p=str;*p && len < sizeof(newstr)-2;p++) {
if(*p=='\n')
newstr[len++]='\r';
newstr[len++]=*p;
......@@ -403,7 +403,7 @@ void sbbs_t::xtrndat(const char *name, const char *dropdir, uchar type, ulong tl
strcpy(str,cfg.xtrn[i]->name);
else
str[0]=0; /* Blank if no access */
strcat(str,"\n");
SAFECAT(str,"\n");
lfexpand(str,misc);
write(file,str,strlen(str));
}
......@@ -794,6 +794,7 @@ void sbbs_t::xtrndat(const char *name, const char *dropdir, uchar type, ulong tl
write(file,&logontime,sizeof(logontime)); /* LoginSec */
write(file,&useron.cdt,sizeof(useron.cdt)); /* Credit */
write(file,&useron.number,sizeof(useron.number)); /* UserRecNum */
i=0;
write(file,&i,2); /* ReadThru */
write(file,&i,2); /* PageTimes */
write(file,&i,2); /* DownLimit */
......@@ -1076,9 +1077,14 @@ void sbbs_t::xtrndat(const char *name, const char *dropdir, uchar type, ulong tl
write(file,name,26); /* Name */
sprintf(str,"%.24s",useron.location);
write(file,str,25); /* Location */
write(file,useron.pass,13); /* Password */
write(file,useron.phone,14); /* Business or Data Phone */
write(file,useron.phone,14); /* Home or Voice Phone */
write(file,useron.pass, 9); /* Password */
l=0;
write(file, &l, 4); /* more password bytes */
c=0;
write(file,useron.phone, 13); /* Business or Data Phone */
write(file, &c, 1); /* more phone number bytes */
write(file,useron.phone, 13); /* Home or Voice Phone */
write(file, &c, 1); /* more phone number bytes */
i=unixtojulian(useron.laston);
write(file,&i,2); /* Date last on */
localtime32(&useron.laston,&tm);
......@@ -1467,8 +1473,8 @@ void sbbs_t::moduserdat(uint xtrnnum)
ultoac(mod>0L ? mod : -mod,tmp); /* put commas in the # */
strcpy(str,"Credit Adjustment: ");
if(mod<0L)
strcat(str,"-"); /* negative, put '-' */
strcat(str,tmp);
SAFECAT(str,"-"); /* negative, put '-' */
SAFECAT(str,tmp);
if(mod>0L)
strcpy(tmp,"$+");
else
......@@ -1670,7 +1676,7 @@ bool sbbs_t::exec_xtrn(uint xtrnnum)
}
if(cfg.xtrn[xtrnnum]->misc&XTRN_LWRCASE)
strlwr(name);
strcat(path,name);
SAFECAT(path,name);
if(action!=NODE_PCHT) {
getnodedat(cfg.node_num,&thisnode,1);
thisnode.action=NODE_XTRN;
......
......@@ -2014,6 +2014,7 @@ int zmodem_recv_files(zmodem_t* zm, const char* download_dir, uint64_t* bytes_re
}
start_bytes=filelength(fileno(fp));
if(start_bytes < 0) {
fclose(fp);
lprintf(zm,LOG_ERR,"Invalid file length %"PRId64": %s", start_bytes, fpath);
break;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment