Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

"You tweachewous miscweant!" -- Elmer Fudd

dovenet / Synchronet Programming / New Defects reported by Coverity Scan for Synchronet

SubjectAuthor
o New Defects reported by Coverity Scan for Synchronetscan-admin@coverity.com

1
New Defects reported by Coverity Scan for Synchronet

<65bfa89493e0d_10f5cd2b68d5ba79a898529@prd-scan-dashboard-0.mail>

  copy mid

https://www.rocksolidbbs.com/dovenet/article-flat.php?id=2564&group=DOVE-Net.Synchronet_Programming#2564

  copy link   Newsgroups: DOVE-Net.Synchronet_Programming
From: scan-admin@coverity.com@VERT (scan-admin@coverity.com)
To: cov-scan@synchro.net
Subject: New Defects reported by Coverity Scan for Synchronet
Message-ID: <65bfa89493e0d_10f5cd2b68d5ba79a898529@prd-scan-dashboard-0.mail>
Date: Sun, 4 Feb 2024 15:09:08 +0000
X-Comment-To: cov-scan@synchro.net
Path: rocksolidbbs.com!not-for-mail
Newsgroups: DOVE-Net.Synchronet_Programming
X-FTN-PID: Synchronet 3.20a-Linux master/76cda3434 Feb 2 2024 GCC 12.2.0
X-FTN-MSGID: 48545.syncprog@1:103/705 2a259c37
X-FTN-CHRS: CP437 2
WhenImported: 20240204070910-0800 41e0
WhenExported: 20240204094816-0800 41e0
ExportedFrom: VERT syncprog 48545
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on git.synchro.net
X-Spam-Level:
X-Spam-Status: No, score=1.0 required=4.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,NO_RELAYS,SENDGRID_REDIR,T_SCC_BODY_TEXT_LINE,
WEIRD_QUOTING autolearn=no autolearn_force=no version=4.0.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coverity.com;
h=from:subject:mime-version:to:content-type:content-transfer-encoding:
cc:content-type:from:subject:to;
s=sc; bh=13Um2bD+ulka5ZRUnZ4FhbTEricgCxT/SC4WJfjsEUI=;
b=HlnbD4SNFr742ujwXo86gLsJadivl4e3YPaPEAJA052ChGHWMnJ8k3aFRRLagS6grnx/
7uP0yLsXLL45gqwpXJdJVqO6aoIT2XR5T0kRTtkPEM19L+oPI92He4/yAe12kbCDPT3e+j
ioN3Ij4Mz3ENiOMzQdJxzQUI3x68ocE2jq8fNFRVAOVum7hlE5e6fDKohkTqnRMRadYgPI
FZ3coDjEK8Qx7H2gkUNbpBS+IuIys8W7nwwkhQ9r0Lk1LTb61EYi2s8Eoc5j+BtoTqNxrK
xe7FG3VSIAyVas2xWqvft+ghK8YmUSJJ9uddHCDv+H5whBnMvgyU+BWQVY02qeuQ==
Mime-Version: 1.0
X-SG-EID:
HBOmY/E5MTYb8Mhr7ulQJIaFxcZEWpCD/7YwgOg+H8sogiT9TYDemPofSWUoSA
ikX4sDaBrV/jm/FYGyKFI6nJHhgIIHhJSDSziAO
6Jf6fuPmb0oK2x65wmXSNFmVgvGKvXRvW0pJq5m
/5g+qFZMmPDus8ifmxL55bEdPX8N8DXiZo5/qer
C0CEa7kf5+WqxqDxlBoi5Vq7ro5utCFUu/g==
X-Entity-ID: S2cgcZKcMUFZg9Mweglhkg==
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
 by: scan-admin@coverity. - Sun, 4 Feb 2024 15:09 UTC

Hi,

Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.

1 new defect(s) introduced to Synchronet found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 483188: Memory - corruptions (OVERRUN)
/ssl.c: 349 in internal_do_cryptInit()

________________________________________________________________________________________________________
*** CID 483188: Memory - corruptions (OVERRUN)
/ssl.c: 349 in internal_do_cryptInit()
343 cryptlib_initialized = false;
344 cryptEnd();
345 asprintf(&cryptfail, "Incorrect cryptlib version %d (expected %d)", tmp, CRYPTLIB_VERSION);
346 return;
347 }
348 ret = cryptGetAttributeString(CRYPT_UNUSED, CRYPT_OPTION_INFO_PATCHES, patches, &stp);
>>> CID 483188: Memory - corruptions (OVERRUN)
>>> Overrunning array """" of 1 bytes by passing it to a function which accesses it at byte offset 31 using argument "32UL".
349 if (cryptStatusError(ret) || stp != 32 || memcmp(patches, CRYPTLIB_PATCHES, 32) != 0) {
350 cryptInit_error = ret;
351 cryptlib_initialized = false;
352 cryptEnd();
353 asprintf(&cryptfail, "Incorrect cryptlib patch set %.32s (expected %s)", patches, CRYPTLIB_PATCHES);
354 return;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4E6fW2ok94RcmG1J20ETIf4-3DoE8P_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrCgaHhvhfxqmGN-2F2MOiNHiXAXmmE5-2BoMir72-2FKS-2B4CChPr-2B6DUEcHFnW2fJcB9K-2BLqjLkG6SOds2KKoiOogAgt4kivLp-2Bbv0MawXscaXZ6U3zKSU8zPaw8llzmAMgAx1EcIlUZ9-2Faak-2B54E1Z-2BGSHEscOAt6ClVWnKMr9zoYGJFvw-3D-3D

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor