openssh-9.6p1-1.fc41.7
List of Defects
Error: SHELLCHECK_WARNING (CWE-758): [#def1]
/etc/profile.d/gnome-ssh-askpass.sh:1:1: error[SC2148]: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
# 1|-> SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
# 2| export SSH_ASKPASS
Error: GCC_ANALYZER_WARNING: [#def2]
openssh-9.6p1/addr.c: scope_hint: In function ‘addr_or’
openssh-9.6p1/addr.c:238:9: warning[-Wanalyzer-overlapping-buffers]: overlapping buffers passed as arguments to ‘memcpy’
openssh-9.6p1/addr.c:27: included_from: Included from here.
/usr/include/string.h:43:14: note: the behavior of ‘memcpy’ is undefined for overlapping buffers
# 236| return (-1);
# 237|
# 238|-> memcpy(dst, a, sizeof(*dst));
# 239| switch (a->af) {
# 240| case AF_INET:
Error: COMPILER_WARNING: [#def3]
openssh-9.6p1/audit-linux.c: scope_hint: In function ‘audit_event’
openssh-9.6p1/audit-linux.c:274:20: warning[-Wimplicit-fallthrough=]: this statement may fall through
# 274 | if (options.use_pam)
# | ^
openssh-9.6p1/audit-linux.c:276:9: note: here
# 276 | case SSH_LOGIN_EXCEED_MAXTRIES:
# | ^~~~
# 272| break;
# 273| case SSH_AUTH_FAIL_PASSWD:
# 274|-> if (options.use_pam)
# 275| break;
# 276| case SSH_LOGIN_EXCEED_MAXTRIES:
Error: COMPILER_WARNING: [#def4]
openssh-9.6p1/audit-linux.c: scope_hint: In function ‘audit_unsupported_body’
openssh-9.6p1/audit-linux.c:313:9: warning[-Wold-style-declaration]: ‘static’ is not at beginning of declaration
# 313 | const static char *name[] = { "cipher", "mac", "comp" };
# | ^~~~~
# 311| #ifdef AUDIT_CRYPTO_SESSION
# 312| char buf[AUDIT_LOG_SIZE];
# 313|-> const static char *name[] = { "cipher", "mac", "comp" };
# 314| char *s;
# 315| int audit_fd;
Error: COMPILER_WARNING: [#def5]
openssh-9.6p1/audit-linux.c: scope_hint: At top level
openssh-9.6p1/audit-linux.c:331:1: warning[-Wold-style-declaration]: ‘static’ is not at beginning of declaration
# 331 | const static char *direction[] = { "from-server", "from-client", "both" };
# | ^~~~~
# 329| }
# 330|
# 331|-> const static char *direction[] = { "from-server", "from-client", "both" };
# 332|
# 333| void
Error: GCC_ANALYZER_WARNING (CWE-476): [#def6]
openssh-9.6p1/auth-krb5.c: scope_hint: In function ‘krb5_cleanup_proc’
openssh-9.6p1/auth-krb5.c:268:50: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 266| strncpy(krb5_ccname, authctxt->krb5_ccname, sizeof(krb5_ccname) - 10);
# 267| krb5_ccname_dir_start = strchr(krb5_ccname, ':') + 1;
# 268|-> *krb5_ccname_dir_start++ = '\0';
# 269| if (strcmp(krb5_ccname, "DIR") == 0) {
# 270|
Error: CLANG_WARNING: [#def7]
openssh-9.6p1/auth-krb5.c:337:17: warning[deadcode.DeadStores]: Although the value stored to 'p_n' is used in the enclosing expression, the value is never actually read from 'p_n'
# 335| return -1;
# 336|
# 337|-> tmp_template = p_n = p_o = xstrdup(template);
# 338| r = xstrdup("");
# 339|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def8]
openssh-9.6p1/auth-krb5.c: scope_hint: In function ‘ssh_krb5_expand_template’
openssh-9.6p1/auth-krb5.c:360:30: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 358| } else {
# 359| p_o = strchr(p_n, '}') + 1;
# 360|-> *p_o = '\0';
# 361| debug_f("unsupported token %s in %s", p_n, template);
# 362| /* unknown token, fallback to the default */
Error: CLANG_WARNING: [#def9]
openssh-9.6p1/auth-options.c:343:8: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 341| while (*opts && *opts != ' ' && *opts != '\t') {
# 342| /* flag options */
# 343|-> if ((r = opt_flag("restrict", 0, &opts)) != -1) {
# 344| ret->restricted = 1;
# 345| ret->permit_port_forwarding_flag = 0;
Error: CLANG_WARNING: [#def10]
openssh-9.6p1/auth-options.c:538:14: warning[deadcode.DeadStores]: Value stored to 'errstr' during its initialization is never read
# 536| {
# 537| struct sshauthopt *ret;
# 538|-> const char *errstr = "internal error";
# 539| const char *tmp;
# 540|
Error: CLANG_WARNING: [#def11]
openssh-9.6p1/auth-pam.c:882:4: warning[deadcode.DeadStores]: Value stored to 'plen' is never read
# 880| **prompts = xreallocarray(**prompts, 1, len);
# 881| strlcpy(**prompts + plen, msg, len - plen);
# 882|-> plen += mlen;
# 883| **echo_on = (type == PAM_PROMPT_ECHO_ON);
# 884| free(msg);
Error: GCC_ANALYZER_WARNING (CWE-401): [#def12]
openssh-9.6p1/auth-pam.c: scope_hint: In function ‘sshpam_respond’
openssh-9.6p1/auth-pam.c:979:15: warning[-Wanalyzer-malloc-leak]: leak of ‘fake_password(*resp)’
# 977| fatal("%s: password length too long: %zu", __func__, l);
# 978|
# 979|-> ret = malloc(l + 1);
# 980| if (ret == NULL)
# 981| return NULL;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def13]
openssh-9.6p1/auth2-chall.c: scope_hint: In function ‘input_userauth_info_response’
openssh-9.6p1/auth2-chall.c:328:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘response’
# 326|
# 327| for (i = 0; i < nresp; i++) {
# 328|-> explicit_bzero(response[i], strlen(response[i]));
# 329| free(response[i]);
# 330| }
Error: CPPCHECK_WARNING (CWE-457): [#def14]
openssh-9.6p1/channels.c:5060: warning[uninitvar]: Uninitialized variable: port
# 5058| break;
# 5059| }
# 5060|-> if (display_number >= x11_max_displays || port < X11_PORT_MIN ) {
# 5061| error("Failed to allocate internet-domain X11 display socket.");
# 5062| return -1;
Error: COMPILER_WARNING (CWE-483): [#def15]
openssh-9.6p1/channels.c: scope_hint: In function ‘connect_local_xsocket_path’
openssh-9.6p1/channels.c:5098:5: warning[-Wmisleading-indentation]: this ‘if’ clause does not guard...
# 5098 | if (len <= 0)
# | ^~
openssh-9.6p1/channels.c:5100:9: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the ‘if’
# 5100 | sock = socket(AF_UNIX, SOCK_STREAM, 0);
# | ^~~~
# 5096| struct sockaddr_un addr;
# 5097|
# 5098|-> if (len <= 0)
# 5099| return -1;
# 5100| sock = socket(AF_UNIX, SOCK_STREAM, 0);
Error: COMPILER_WARNING (CWE-195): [#def16]
openssh-9.6p1/channels.c:5107:17: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’
# 5107 | if (len > sizeof addr.sun_path)
# | ^
# 5105| memset(&addr, 0, sizeof(addr));
# 5106| addr.sun_family = AF_UNIX;
# 5107|-> if (len > sizeof addr.sun_path)
# 5108| len = sizeof addr.sun_path;
# 5109| memcpy(addr.sun_path, pathname, len);
Error: COMPILER_WARNING: [#def17]
openssh-9.6p1/cipher.c: scope_hint: In function ‘cipher_init’
openssh-9.6p1/cipher.c:239:32: warning[-Wcalloc-transposed-args]: ‘calloc’ sizes specified with ‘sizeof’ in the earlier argument and not in the later argument
# 239 | if ((cc = calloc(sizeof(*cc), 1)) == NULL)
# | ^
openssh-9.6p1/cipher.c:239:32: note: earlier argument should specify number of elements, later size of each element
# 237|
# 238| *ccp = NULL;
# 239|-> if ((cc = calloc(sizeof(*cc), 1)) == NULL)
# 240| return SSH_ERR_ALLOC_FAIL;
# 241|
Error: CLANG_WARNING: [#def18]
openssh-9.6p1/clientloop.c:2443:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 2441| if (ndone != ctx->nnew)
# 2442| fatal_f("ndone != ctx->nnew (%zu / %zu)", ndone, ctx->nnew);
# 2443|-> if ((r = sshpkt_get_end(ssh)) != 0) {
# 2444| error_f("protocol error");
# 2445| goto out;
Error: COMPILER_WARNING: [#def19]
openssh-9.6p1/includes.h:19: included_from: Included from here.
openssh-9.6p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_pam.c:36: included_from: Included from here.
openssh-9.6p1/config.h:1914:9: warning: "SUPERUSER_PATH" redefined
# 1914 | #define SUPERUSER_PATH "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
# | ^~~~~~~~~~~~~~
openssh-9.6p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_pam.c:35: included_from: Included from here.
openssh-9.6p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/defines.h:337:10: note: this is the location of the previous definition
# 337 | # define SUPERUSER_PATH _PATH_STDPATH
# | ^~~~~~~~~~~~~~
# 1912|
# 1913| /* Define if you want a different $PATH for the superuser */
# 1914|-> #define SUPERUSER_PATH "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
# 1915|
# 1916| /* syslog_r function is safe to use in in a signal handler */
Error: COMPILER_WARNING (CWE-563): [#def20]
openssh-9.6p1/contrib/gnome-ssh-askpass3.c:136:21: warning[-Wunused-variable]: unused variable ‘failed’
# 136 | const char *failed;
# | ^~~~~~
# 134| passphrase_dialog(char *message, int prompt_type)
# 135| {
# 136|-> const char *failed;
# 137| char *passphrase, *local;
# 138| int result, grab_tries, grab_server, grab_pointer;
Error: COMPILER_WARNING (CWE-477): [#def21]
openssh-9.6p1/contrib/gnome-ssh-askpass3.c: scope_hint: In function ‘passphrase_dialog’
openssh-9.6p1/contrib/gnome-ssh-askpass3.c:184:17: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_fg’ is deprecated: Use 'gtk_widget_override_color' instead
/usr/include/gtk-3.0/gtk/gtk.h:277: included_from: Included from here.
openssh-9.6p1/contrib/gnome-ssh-askpass3.c:61: included_from: Included from here.
/usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:749:13: note: declared here
# 182|
# 183| if (fg_set)
# 184|-> gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
# 185| if (bg_set)
# 186| gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);
Error: COMPILER_WARNING (CWE-477): [#def22]
openssh-9.6p1/contrib/gnome-ssh-askpass3.c:186:17: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_bg’ is deprecated: Use 'gtk_widget_override_background_color' instead
/usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:753:13: note: declared here
# 184| gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
# 185| if (bg_set)
# 186|-> gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);
# 187|
# 188| if (prompt_type == PROMPT_ENTRY || prompt_type == PROMPT_NONE) {
Error: COMPILER_WARNING (CWE-477): [#def23]
openssh-9.6p1/contrib/gnome-ssh-askpass3.c:191:25: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_fg’ is deprecated: Use 'gtk_widget_override_color' instead
/usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:749:13: note: declared here
# 189| entry = gtk_entry_new();
# 190| if (fg_set)
# 191|-> gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
# 192| if (bg_set)
# 193| gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);
Error: COMPILER_WARNING (CWE-477): [#def24]
openssh-9.6p1/contrib/gnome-ssh-askpass3.c:193:25: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_bg’ is deprecated: Use 'gtk_widget_override_background_color' instead
/usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:753:13: note: declared here
# 191| gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
# 192| if (bg_set)
# 193|-> gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);
# 194| gtk_box_pack_start(
# 195| GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),
Error: COMPILER_WARNING (CWE-457): [#def25]
openssh-9.6p1/contrib/gnome-ssh-askpass3.c:243:39: warning[-Wmaybe-uninitialized]: ‘entry’ may be used uninitialized
# 243 | passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
openssh-9.6p1/contrib/gnome-ssh-askpass3.c: scope_hint: In function ‘main’
openssh-9.6p1/contrib/gnome-ssh-askpass3.c:140:45: note: ‘entry’ was declared here
# 140 | GtkWidget *parent_window, *dialog, *entry, *err;
# | ^~~~~
# 241| /* Report passphrase if user selected OK */
# 242| if (prompt_type == PROMPT_ENTRY) {
# 243|-> passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
# 244| if (result == GTK_RESPONSE_OK) {
# 245| local = g_locale_from_utf8(passphrase,
Error: GCC_ANALYZER_WARNING (CWE-688): [#def26]
openssh-9.6p1/contrib/gnome-ssh-askpass3.c:246:29: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
/usr/include/glib-2.0/glib/gstring.h:37: included_from: Included from here.
/usr/include/glib-2.0/glib/giochannel.h:36: included_from: Included from here.
/usr/include/glib-2.0/glib.h:56: included_from: Included from here.
/usr/include/gtk-3.0/gdk/gdkconfig.h:8: included_from: Included from here.
/usr/include/gtk-3.0/gdk/gdk.h:30: included_from: Included from here.
/usr/include/gtk-3.0/gtk/gtk.h:30: included_from: Included from here.
/usr/include/glib-2.0/glib/gstrfuncs.h:324:38: note: in definition of macro ‘g_strdup’
openssh-9.6p1/contrib/gnome-ssh-askpass3.c:243:30: note: in expansion of macro ‘g_strdup’
openssh-9.6p1/contrib/gnome-ssh-askpass3.c: scope_hint: In function ‘passphrase_dialog’
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 244| if (result == GTK_RESPONSE_OK) {
# 245| local = g_locale_from_utf8(passphrase,
# 246|-> strlen(passphrase), NULL, NULL, NULL);
# 247| if (local != NULL) {
# 248| puts(local);
Error: GCC_ANALYZER_WARNING (CWE-688): [#def27]
openssh-9.6p1/contrib/gnome-ssh-askpass3.c:256:17: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
/usr/include/glib-2.0/glib/gstrfuncs.h:324:38: note: in definition of macro ‘g_strdup’
openssh-9.6p1/contrib/gnome-ssh-askpass3.c:243:30: note: in expansion of macro ‘g_strdup’
openssh-9.6p1/contrib/gnome-ssh-askpass3.c: scope_hint: In function ‘passphrase_dialog’
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 254| }
# 255| /* Zero passphrase in memory */
# 256|-> memset(passphrase, '\b', strlen(passphrase));
# 257| gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
# 258| memset(passphrase, '\0', strlen(passphrase));
Error: COMPILER_WARNING: [#def28]
openssh-9.6p1/gss-genr.c: scope_hint: In function ‘ssh_gssapi_kex_mechs’
openssh-9.6p1/gss-genr.c:172:30: warning[-Wstringop-truncation]: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length
# 172 | cp = strncpy(s, kex, strlen(kex));
# | ^
openssh-9.6p1/gss-genr.c:172:30: note: length computed here
# 172 | cp = strncpy(s, kex, strlen(kex));
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 170| ssh_digest_bytes(SSH_DIGEST_MD5) * 2);
# 171| #pragma GCC diagnostic ignored "-Wstringop-overflow"
# 172|-> cp = strncpy(s, kex, strlen(kex));
# 173| #pragma pop
# 174| for ((p = strsep(&cp, ",")); p && *p != '\0';
Error: CLANG_WARNING: [#def29]
openssh-9.6p1/gss-serv-krb5.c:447:7: warning[deadcode.DeadStores]: Although the value stored to 'maj_status' is used in the enclosing expression, the value is never actually read from 'maj_status'
# 445| krb5_free_principal(krb_context, princ);
# 446|
# 447|-> if ((maj_status = gss_krb5_copy_ccache(&min_status,
# 448| client->creds, ccache))) {
# 449| logit("gss_krb5_copy_ccache() failed");
Error: CLANG_WARNING: [#def30]
openssh-9.6p1/gss-serv-krb5.c:531:7: warning[deadcode.DeadStores]: Although the value stored to 'maj_status' is used in the enclosing expression, the value is never actually read from 'maj_status'
# 529| krb5_free_principal(krb_context, principal);
# 530|
# 531|-> if ((maj_status = gss_krb5_copy_ccache(&min_status, client->creds,
# 532| ccache))) {
# 533| logit("gss_krb5_copy_ccache() failed. Sorry!");
Error: CLANG_WARNING: [#def31]
openssh-9.6p1/hostfile.c:623:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 621| * Prepare temporary file for in-place deletion.
# 622| */
# 623|-> if ((r = asprintf(&temp, "%s.XXXXXXXXXXX", filename)) == -1 ||
# 624| (r = asprintf(&back, "%s.old", filename)) == -1) {
# 625| r = SSH_ERR_ALLOC_FAIL;
Error: CLANG_WARNING: [#def32]
openssh-9.6p1/hostfile.c:624:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 622| */
# 623| if ((r = asprintf(&temp, "%s.XXXXXXXXXXX", filename)) == -1 ||
# 624|-> (r = asprintf(&back, "%s.old", filename)) == -1) {
# 625| r = SSH_ERR_ALLOC_FAIL;
# 626| goto fail;
Error: GCC_ANALYZER_WARNING (CWE-457): [#def33]
openssh-9.6p1/kex.c: scope_hint: In function ‘kex_derive_keys’
openssh-9.6p1/kex.c:1557:51: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘keys[<unknown>]’
openssh-9.6p1/kex.c:61: included_from: Included from here.
openssh-9.6p1/kex.c:1473:33: note: in expansion of macro ‘ROUNDUP’
# 1555| ctos = (!kex->server && mode == MODE_OUT) ||
# 1556| (kex->server && mode == MODE_IN);
# 1557|-> kex->newkeys[mode]->enc.iv = keys[ctos ? 0 : 1];
# 1558| kex->newkeys[mode]->enc.key = keys[ctos ? 2 : 3];
# 1559| kex->newkeys[mode]->mac.key = keys[ctos ? 4 : 5];
Error: GCC_ANALYZER_WARNING (CWE-457): [#def34]
openssh-9.6p1/kex.c:1558:51: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘keys[<unknown>]’
openssh-9.6p1/kex.c:1473:33: note: in expansion of macro ‘ROUNDUP’
# 1556| (kex->server && mode == MODE_IN);
# 1557| kex->newkeys[mode]->enc.iv = keys[ctos ? 0 : 1];
# 1558|-> kex->newkeys[mode]->enc.key = keys[ctos ? 2 : 3];
# 1559| kex->newkeys[mode]->mac.key = keys[ctos ? 4 : 5];
# 1560| }
Error: COMPILER_WARNING (CWE-563): [#def35]
openssh-9.6p1/kexdh.c: scope_hint: In function ‘kex_dh_compute_key’
openssh-9.6p1/kexdh.c:95:13: warning[-Wunused-variable]: unused variable ‘kout’
# 95 | int kout, r = 0;
# | ^~~~
# 93| u_char *kbuf = NULL;
# 94| size_t klen = 0;
# 95|-> int kout, r = 0;
# 96|
# 97| #ifdef DEBUG_KEXDH
Error: CLANG_WARNING: [#def36]
openssh-9.6p1/kexecdh.c:273:2: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
# 271| BN_clear_free(shared_secret);
# 272| freezero(kbuf, klen);
# 273|-> freezero(pub, publen);
# 274| sshbuf_free(buf);
# 275| return r;
Error: GCC_ANALYZER_WARNING (CWE-457): [#def37]
openssh-9.6p1/kexecdh.c: scope_hint: In function ‘kex_ecdh_dec_key_group’
openssh-9.6p1/kexecdh.c:273:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘publen’
# 271| BN_clear_free(shared_secret);
# 272| freezero(kbuf, klen);
# 273|-> freezero(pub, publen);
# 274| sshbuf_free(buf);
# 275| return r;
Error: CLANG_WARNING: [#def38]
openssh-9.6p1/kexgssc.c:214:10: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 212| sshpkt_disconnect(ssh, "Protocol error: did not receive final token");
# 213| }
# 214|-> if ((r = sshpkt_get_end(ssh)) != 0) {
# 215| fatal("Expecting end of packet.");
# 216| }
Error: CLANG_WARNING: [#def39]
openssh-9.6p1/kexgssc.c:283:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 281|
# 282| hashlen = sizeof(hash);
# 283|-> if ((r = kex_gen_hash(
# 284| kex->hash_alg,
# 285| kex->client_version,
Error: COMPILER_WARNING: [#def40]
openssh-9.6p1/log.c: scope_hint: In function ‘do_log’
openssh-9.6p1/log.c:402:53: warning[-Wformat-truncation=]: ‘: ’ directive output may be truncated writing 2 bytes into a region of size between 1 and 1024
# 402 | snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", msgbuf, suffix);
# | ^~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output 3 or more bytes (assuming 1026) into a destination of size 1024
# 68 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 69 | __glibc_objsize (__s), __fmt,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 70 | __va_arg_pack ());
# | ~~~~~~~~~~~~~~~~~
# 400| }
# 401| if (suffix != NULL) {
# 402|-> snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", msgbuf, suffix);
# 403| strlcpy(msgbuf, fmtbuf, sizeof(msgbuf));
# 404| }
Error: COMPILER_WARNING: [#def41]
openssh-9.6p1/log.c: scope_hint: In function ‘do_log’
openssh-9.6p1/log.c:414:58: warning: ‘
# ’ directive output may be truncated writing 2 bytes into a region of size between 1 and 1024 [-Wformat-truncation=]
# 414 | snprintf(msgbuf, sizeof msgbuf, "%s%s%.*s\r\n",
# | ^~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 3 and 1026 bytes into a destination of size 1024
# 68 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 69 | __glibc_objsize (__s), __fmt,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 70 | __va_arg_pack ());
# | ~~~~~~~~~~~~~~~~~
# 412| log_handler = tmp_handler;
# 413| } else if (log_on_stderr) {
# 414|-> snprintf(msgbuf, sizeof msgbuf, "%s%s%.*s\r\n",
# 415| (log_on_stderr > 1) ? progname : "",
# 416| (log_on_stderr > 1) ? ": " : "",
Error: CLANG_WARNING: [#def42]
openssh-9.6p1/match.c:253:7: warning[deadcode.DeadStores]: Although the value stored to 'p' is used in the enclosing expression, the value is never actually read from 'p'
# 251| return 0; /* shouldn't happen */
# 252|
# 253|-> if ((p = strchr(pattern, '@')) == NULL)
# 254| return match_pattern(user, pattern);
# 255|
Error: CPPCHECK_WARNING (CWE-457): [#def43]
openssh-9.6p1/match.c:295: warning[uninitvar]: Uninitialized variable: sproposals
# 293| (p = strsep(&cp, SEP)), i++) {
# 294| for (j = 0; j < nproposals; j++) {
# 295|-> if (strcmp(p, sproposals[j]) == 0) {
# 296| ret = xstrdup(p);
# 297| if (next != NULL)
Error: CLANG_WARNING: [#def44]
openssh-9.6p1/match.c:307:11: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 305| }
# 306| if (next != NULL)
# 307|-> *next = strlen(c);
# 308| free(c);
# 309| free(s);
Error: COMPILER_WARNING: [#def45]
openssh-9.6p1/misc.c: scope_hint: In function ‘fmt_timeframe’
openssh-9.6p1/misc.c:677:40: warning[-Wformat-truncation=]: ‘%02llu’ directive output may be truncated writing between 2 and 14 bytes into a region of size 9
# 677 | snprintf(buf, TF_LEN, "%02lluw%01ud%02uh", week, day, hrs);
# | ^~~~~~
openssh-9.6p1/misc.c:677:39: note: directive argument in the range [1, 30500568904943]
# 677 | snprintf(buf, TF_LEN, "%02lluw%01ud%02uh", week, day, hrs);
# | ^~~~~~~~~~~~~~~~~~~
openssh-9.6p1/misc.c:677:39: note: directive argument in the range [0, 6]
openssh-9.6p1/misc.c:677:39: note: directive argument in the range [0, 23]
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 9 and 21 bytes into a destination of size 9
# 68 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 69 | __glibc_objsize (__s), __fmt,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 70 | __va_arg_pack ());
# | ~~~~~~~~~~~~~~~~~
# 675|
# 676| if (week > 0)
# 677|-> snprintf(buf, TF_LEN, "%02lluw%01ud%02uh", week, day, hrs);
# 678| else if (day > 0)
# 679| snprintf(buf, TF_LEN, "%01ud%02uh%02um", day, hrs, min);
Error: CLANG_WARNING: [#def46]
openssh-9.6p1/misc.c:1296:7: warning[deadcode.DeadStores]: Value stored to 'i' is never read
# 1294|
# 1295| /* Expand string */
# 1296|-> for (i = 0; *string != '\0'; string++) {
# 1297| /* Optionally process ${ENVIRONMENT} expansions. */
# 1298| if (dollar && string[0] == '$' && string[1] == '{') {
Error: GCC_ANALYZER_WARNING (CWE-775): [#def47]
openssh-9.6p1/misc.c: scope_hint: In function ‘sanitise_stdfd’
openssh-9.6p1/misc.c:1516:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), dupfd)’
# 1514| /* Only populate closed fds. */
# 1515| if (fcntl(dupfd, F_GETFL) == -1 && errno == EBADF) {
# 1516|-> if (dup2(nullfd, dupfd) == -1) {
# 1517| fprintf(stderr, "dup2: %s\n", strerror(errno));
# 1518| exit(1);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def48]
openssh-9.6p1/misc.c:1516:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
# 1514| /* Only populate closed fds. */
# 1515| if (fcntl(dupfd, F_GETFL) == -1 && errno == EBADF) {
# 1516|-> if (dup2(nullfd, dupfd) == -1) {
# 1517| fprintf(stderr, "dup2: %s\n", strerror(errno));
# 1518| exit(1);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def49]
openssh-9.6p1/misc.c:1522:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
# 1520| }
# 1521| }
# 1522|-> if (nullfd > STDERR_FILENO)
# 1523| close(nullfd);
# 1524| /* coverity[leaked_handle : FALSE]*/
Error: GCC_ANALYZER_WARNING (CWE-775): [#def50]
openssh-9.6p1/misc.c:1526:1: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dupfd’
# 1524| /* coverity[leaked_handle : FALSE]*/
# 1525| /* coverity[leaked_handle : FALSE]*/
# 1526|-> }
# 1527|
# 1528| char *
Error: CLANG_WARNING: [#def51]
openssh-9.6p1/misc.c:2113:4: warning[deadcode.DeadStores]: Value stored to 'r' is never read
# 2111| sshbuf_reset(arg);
# 2112| for (j = 0; argv[i][j] != '\0'; j++) {
# 2113|-> r = 0;
# 2114| c = argv[i][j];
# 2115| switch (c) {
Error: GCC_ANALYZER_WARNING (CWE-775): [#def52]
openssh-9.6p1/misc.c: scope_hint: In function ‘stdfd_devnull’
openssh-9.6p1/misc.c:2687:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 0)’
# 2685| return -1;
# 2686| }
# 2687|-> if ((do_stdin && dup2(devnull, STDIN_FILENO) == -1) ||
# 2688| (do_stdout && dup2(devnull, STDOUT_FILENO) == -1) ||
# 2689| (do_stderr && dup2(devnull, STDERR_FILENO) == -1)) {
Error: GCC_ANALYZER_WARNING (CWE-775): [#def53]
openssh-9.6p1/misc.c:2688:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 1)’
# 2686| }
# 2687| if ((do_stdin && dup2(devnull, STDIN_FILENO) == -1) ||
# 2688|-> (do_stdout && dup2(devnull, STDOUT_FILENO) == -1) ||
# 2689| (do_stderr && dup2(devnull, STDERR_FILENO) == -1)) {
# 2690| error_f("dup2: %s", strerror(errno));
Error: GCC_ANALYZER_WARNING (CWE-775): [#def54]
openssh-9.6p1/misc.c:2689:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 2)’
# 2687| if ((do_stdin && dup2(devnull, STDIN_FILENO) == -1) ||
# 2688| (do_stdout && dup2(devnull, STDOUT_FILENO) == -1) ||
# 2689|-> (do_stderr && dup2(devnull, STDERR_FILENO) == -1)) {
# 2690| error_f("dup2: %s", strerror(errno));
# 2691| ret = -1;
Error: GCC_ANALYZER_WARNING (CWE-775): [#def55]
openssh-9.6p1/misc.c:2693:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
# 2691| ret = -1;
# 2692| }
# 2693|-> if (devnull > STDERR_FILENO)
# 2694| close(devnull);
# 2695| /* coverity[leaked_handle : FALSE]*/
Error: GCC_ANALYZER_WARNING (CWE-401): [#def56]
openssh-9.6p1/misc.c: scope_hint: In function ‘subprocess’
openssh-9.6p1/misc.c:2725:24: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-9.6p1/misc.c:74: included_from: Included from here.
openssh-9.6p1/misc.c:2876:9: note: in expansion of macro ‘debug3_f’
# 2723| if (drop_privs != NULL && (pw == NULL || restore_privs == NULL)) {
# 2724| error("%s: inconsistent arguments", tag); /* XXX fatal? */
# 2725|-> return 0;
# 2726| }
# 2727| if (pw == NULL && (pw = getpwuid(getuid())) == NULL) {
Error: GCC_ANALYZER_WARNING (CWE-775): [#def57]
openssh-9.6p1/misc.c:2806:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 0)’
# 2804| _exit(1);
# 2805| }
# 2806|-> if (dup2(devnull, STDIN_FILENO) == -1) {
# 2807| error("%s: dup2: %s", tag, strerror(errno));
# 2808| _exit(1);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def58]
openssh-9.6p1/misc.c:2806:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
# 2804| _exit(1);
# 2805| }
# 2806|-> if (dup2(devnull, STDIN_FILENO) == -1) {
# 2807| error("%s: dup2: %s", tag, strerror(errno));
# 2808| _exit(1);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def59]
openssh-9.6p1/misc.c:2813:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
# 2811| /* Set up stdout as requested; leave stderr in place for now. */
# 2812| fd = -1;
# 2813|-> if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0)
# 2814| fd = p[1];
# 2815| else if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0)
Error: GCC_ANALYZER_WARNING (CWE-775): [#def60]
openssh-9.6p1/misc.c:2815:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
# 2813| if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0)
# 2814| fd = p[1];
# 2815|-> else if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0)
# 2816| fd = devnull;
# 2817| if (fd != -1 && dup2(fd, STDOUT_FILENO) == -1) {
Error: GCC_ANALYZER_WARNING (CWE-775): [#def61]
openssh-9.6p1/misc.c:2817:30: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(fd, 1)’
# 2815| else if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0)
# 2816| fd = devnull;
# 2817|-> if (fd != -1 && dup2(fd, STDOUT_FILENO) == -1) {
# 2818| error("%s: dup2: %s", tag, strerror(errno));
# 2819| _exit(1);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def62]
openssh-9.6p1/misc.c:2840:66: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(0, 2)’
# 2838| }
# 2839| /* stdin is pointed to /dev/null at this point */
# 2840|-> if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 &&
# 2841| dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
# 2842| error("%s: dup2: %s", tag, strerror(errno));
Error: COMPILER_WARNING (CWE-9001): [#def63]
openssh-9.6p1/ssh-keycat.c:57: included_from: Included from here.
openssh-9.6p1/misc.h:148:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
# 148 | __attribute__((__bounded__( __minbytes__, 1, 8)));
# | ^~~~~~~~~~~~~
# 146| /* Functions to extract or store big-endian words of various sizes */
# 147| u_int64_t get_u64(const void *)
# 148|-> __attribute__((__bounded__( __minbytes__, 1, 8)));
# 149| u_int32_t get_u32(const void *)
# 150| __attribute__((__bounded__( __minbytes__, 1, 4)));
Error: COMPILER_WARNING (CWE-9001): [#def64]
openssh-9.6p1/misc.h:150:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
# 150 | __attribute__((__bounded__( __minbytes__, 1, 4)));
# | ^~~~~~~~~~~~~
# 148| __attribute__((__bounded__( __minbytes__, 1, 8)));
# 149| u_int32_t get_u32(const void *)
# 150|-> __attribute__((__bounded__( __minbytes__, 1, 4)));
# 151| u_int16_t get_u16(const void *)
# 152| __attribute__((__bounded__( __minbytes__, 1, 2)));
Error: COMPILER_WARNING (CWE-9001): [#def65]
openssh-9.6p1/misc.h:152:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
# 152 | __attribute__((__bounded__( __minbytes__, 1, 2)));
# | ^~~~~~~~~~~~~
# 150| __attribute__((__bounded__( __minbytes__, 1, 4)));
# 151| u_int16_t get_u16(const void *)
# 152|-> __attribute__((__bounded__( __minbytes__, 1, 2)));
# 153| void put_u64(void *, u_int64_t)
# 154| __attribute__((__bounded__( __minbytes__, 1, 8)));
Error: COMPILER_WARNING (CWE-9001): [#def66]
openssh-9.6p1/misc.h:154:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
# 154 | __attribute__((__bounded__( __minbytes__, 1, 8)));
# | ^~~~~~~~~~~~~
# 152| __attribute__((__bounded__( __minbytes__, 1, 2)));
# 153| void put_u64(void *, u_int64_t)
# 154|-> __attribute__((__bounded__( __minbytes__, 1, 8)));
# 155| void put_u32(void *, u_int32_t)
# 156| __attribute__((__bounded__( __minbytes__, 1, 4)));
Error: COMPILER_WARNING (CWE-9001): [#def67]
openssh-9.6p1/misc.h:156:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
# 156 | __attribute__((__bounded__( __minbytes__, 1, 4)));
# | ^~~~~~~~~~~~~
# 154| __attribute__((__bounded__( __minbytes__, 1, 8)));
# 155| void put_u32(void *, u_int32_t)
# 156|-> __attribute__((__bounded__( __minbytes__, 1, 4)));
# 157| void put_u16(void *, u_int16_t)
# 158| __attribute__((__bounded__( __minbytes__, 1, 2)));
Error: COMPILER_WARNING (CWE-9001): [#def68]
openssh-9.6p1/misc.h:158:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
# 158 | __attribute__((__bounded__( __minbytes__, 1, 2)));
# | ^~~~~~~~~~~~~
# 156| __attribute__((__bounded__( __minbytes__, 1, 4)));
# 157| void put_u16(void *, u_int16_t)
# 158|-> __attribute__((__bounded__( __minbytes__, 1, 2)));
# 159|
# 160| /* Little-endian store/load, used by umac.c */
Error: COMPILER_WARNING (CWE-9001): [#def69]
openssh-9.6p1/misc.h:162:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
# 162 | __attribute__((__bounded__(__minbytes__, 1, 4)));
# | ^~~~~~~~~~~~~
# 160| /* Little-endian store/load, used by umac.c */
# 161| u_int32_t get_u32_le(const void *)
# 162|-> __attribute__((__bounded__(__minbytes__, 1, 4)));
# 163| void put_u32_le(void *, u_int32_t)
# 164| __attribute__((__bounded__(__minbytes__, 1, 4)));
Error: COMPILER_WARNING (CWE-9001): [#def70]
openssh-9.6p1/misc.h:164:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
# 164 | __attribute__((__bounded__(__minbytes__, 1, 4)));
# | ^~~~~~~~~~~~~
# 162| __attribute__((__bounded__(__minbytes__, 1, 4)));
# 163| void put_u32_le(void *, u_int32_t)
# 164|-> __attribute__((__bounded__(__minbytes__, 1, 4)));
# 165|
# 166| struct bwlimit {
Error: COMPILER_WARNING (CWE-704): [#def71]
openssh-9.6p1/monitor.c: scope_hint: In function ‘mm_answer_sign’
openssh-9.6p1/monitor.c:727:39: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 725| if (ssh->compat & SSH_RH_RSASIGSHA && strcmp(alg, "ssh-rsa") == 0
# 726| && (sshkey_type_plain(key->type) == KEY_RSA)) {
# 727|-> effective_alg = safe_rsa;
# 728| } else {
# 729| effective_alg = alg;
Error: COMPILER_WARNING (CWE-704): [#def72]
openssh-9.6p1/monitor.c:738:39: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 736| if (ssh->compat & SSH_RH_RSASIGSHA && strcmp(alg, "ssh-rsa") == 0
# 737| && (sshkey_type_plain(key->type) == KEY_RSA)) {
# 738|-> effective_alg = safe_rsa;
# 739| } else {
# 740| effective_alg = alg;
Error: COMPILER_WARNING (CWE-195): [#def73]
openssh-9.6p1/monitor.c: scope_hint: In function ‘mm_answer_keyverify’
openssh-9.6p1/monitor.c:1506:18: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘int’ and ‘u_int’ {aka ‘unsigned int’}
# 1506 | if (type != key_blobtype)
# | ^~
# 1504| !monitor_allowed_key(blob, bloblen))
# 1505| fatal_f("bad key, not previously allowed");
# 1506|-> if (type != key_blobtype)
# 1507| fatal_f("bad key type");
# 1508|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def74]
openssh-9.6p1/monitor.c: scope_hint: In function ‘mm_answer_pty’
openssh-9.6p1/monitor.c:1676:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(*<unknown>.ttyfd, 0)’
# 1674|
# 1675| /* We need to trick ttyslot */
# 1676|-> if (dup2(s->ttyfd, 0) == -1)
# 1677| fatal_f("dup2");
# 1678|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def75]
openssh-9.6p1/monitor.c:1698:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 0)’
# 1696| if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) == -1)
# 1697| fatal_f("open(/dev/null): %s", strerror(errno));
# 1698|-> if (fd0 != 0)
# 1699| error_f("fd0 %d != 0", fd0);
# 1700|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def76]
openssh-9.6p1/monitor_wrap.c: scope_hint: In function ‘mm_pty_allocate’
openssh-9.6p1/monitor_wrap.c:618:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘tmp1’
openssh-9.6p1/monitor_wrap.c:62: included_from: Included from here.
openssh-9.6p1/monitor_wrap.c:615:17: note: in expansion of macro ‘error_f’
# 616| if (tmp1 >= 0)
# 617| close(tmp1);
# 618|-> return 0;
# 619| }
# 620| close(tmp1);
Error: CLANG_WARNING: [#def77]
openssh-9.6p1/mux.c:349:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 347| cctx->env = NULL;
# 348| env_len = 0;
# 349|-> if ((r = sshbuf_skip_string(m)) != 0 || /* reserved */
# 350| (r = sshbuf_get_u32(m, &cctx->want_tty)) != 0 ||
# 351| (r = sshbuf_get_u32(m, &cctx->want_x_fwd)) != 0 ||
Error: CLANG_WARNING: [#def78]
openssh-9.6p1/mux.c:350:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 348| env_len = 0;
# 349| if ((r = sshbuf_skip_string(m)) != 0 || /* reserved */
# 350|-> (r = sshbuf_get_u32(m, &cctx->want_tty)) != 0 ||
# 351| (r = sshbuf_get_u32(m, &cctx->want_x_fwd)) != 0 ||
# 352| (r = sshbuf_get_u32(m, &cctx->want_agent_fwd)) != 0 ||
Error: CLANG_WARNING: [#def79]
openssh-9.6p1/mux.c:351:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 349| if ((r = sshbuf_skip_string(m)) != 0 || /* reserved */
# 350| (r = sshbuf_get_u32(m, &cctx->want_tty)) != 0 ||
# 351|-> (r = sshbuf_get_u32(m, &cctx->want_x_fwd)) != 0 ||
# 352| (r = sshbuf_get_u32(m, &cctx->want_agent_fwd)) != 0 ||
# 353| (r = sshbuf_get_u32(m, &cctx->want_subsys)) != 0 ||
Error: CLANG_WARNING: [#def80]
openssh-9.6p1/mux.c:352:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 350| (r = sshbuf_get_u32(m, &cctx->want_tty)) != 0 ||
# 351| (r = sshbuf_get_u32(m, &cctx->want_x_fwd)) != 0 ||
# 352|-> (r = sshbuf_get_u32(m, &cctx->want_agent_fwd)) != 0 ||
# 353| (r = sshbuf_get_u32(m, &cctx->want_subsys)) != 0 ||
# 354| (r = sshbuf_get_u32(m, &escape_char)) != 0 ||
Error: CLANG_WARNING: [#def81]
openssh-9.6p1/mux.c:353:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 351| (r = sshbuf_get_u32(m, &cctx->want_x_fwd)) != 0 ||
# 352| (r = sshbuf_get_u32(m, &cctx->want_agent_fwd)) != 0 ||
# 353|-> (r = sshbuf_get_u32(m, &cctx->want_subsys)) != 0 ||
# 354| (r = sshbuf_get_u32(m, &escape_char)) != 0 ||
# 355| (r = sshbuf_get_cstring(m, &cctx->term, NULL)) != 0 ||
Error: CLANG_WARNING: [#def82]
openssh-9.6p1/mux.c:354:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 352| (r = sshbuf_get_u32(m, &cctx->want_agent_fwd)) != 0 ||
# 353| (r = sshbuf_get_u32(m, &cctx->want_subsys)) != 0 ||
# 354|-> (r = sshbuf_get_u32(m, &escape_char)) != 0 ||
# 355| (r = sshbuf_get_cstring(m, &cctx->term, NULL)) != 0 ||
# 356| (r = sshbuf_get_cstring(m, &cmd, NULL)) != 0) {
Error: CLANG_WARNING: [#def83]
openssh-9.6p1/mux.c:355:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 353| (r = sshbuf_get_u32(m, &cctx->want_subsys)) != 0 ||
# 354| (r = sshbuf_get_u32(m, &escape_char)) != 0 ||
# 355|-> (r = sshbuf_get_cstring(m, &cctx->term, NULL)) != 0 ||
# 356| (r = sshbuf_get_cstring(m, &cmd, NULL)) != 0) {
# 357| malf:
Error: CLANG_WARNING: [#def84]
openssh-9.6p1/mux.c:356:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 354| (r = sshbuf_get_u32(m, &escape_char)) != 0 ||
# 355| (r = sshbuf_get_cstring(m, &cctx->term, NULL)) != 0 ||
# 356|-> (r = sshbuf_get_cstring(m, &cmd, NULL)) != 0) {
# 357| malf:
# 358| free(cmd);
Error: CLANG_WARNING: [#def85]
openssh-9.6p1/mux.c:370:8: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 368| #define MUX_MAX_ENV_VARS 4096
# 369| while (sshbuf_len(m) > 0) {
# 370|-> if ((r = sshbuf_get_cstring(m, &cp, NULL)) != 0)
# 371| goto malf;
# 372| if (!env_permitted(cp)) {
Error: CLANG_WARNING: [#def86]
openssh-9.6p1/mux.c:696:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 694|
# 695| /* XXX - lport/cport check redundant */
# 696|-> if ((r = sshbuf_get_u32(m, &ftype)) != 0 ||
# 697| (r = sshbuf_get_cstring(m, &listen_addr, NULL)) != 0 ||
# 698| (r = sshbuf_get_u32(m, &lport)) != 0 ||
Error: CLANG_WARNING: [#def87]
openssh-9.6p1/mux.c:697:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 695| /* XXX - lport/cport check redundant */
# 696| if ((r = sshbuf_get_u32(m, &ftype)) != 0 ||
# 697|-> (r = sshbuf_get_cstring(m, &listen_addr, NULL)) != 0 ||
# 698| (r = sshbuf_get_u32(m, &lport)) != 0 ||
# 699| (r = sshbuf_get_cstring(m, &connect_addr, NULL)) != 0 ||
Error: CLANG_WARNING: [#def88]
openssh-9.6p1/mux.c:698:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 696| if ((r = sshbuf_get_u32(m, &ftype)) != 0 ||
# 697| (r = sshbuf_get_cstring(m, &listen_addr, NULL)) != 0 ||
# 698|-> (r = sshbuf_get_u32(m, &lport)) != 0 ||
# 699| (r = sshbuf_get_cstring(m, &connect_addr, NULL)) != 0 ||
# 700| (r = sshbuf_get_u32(m, &cport)) != 0 ||
Error: CLANG_WARNING: [#def89]
openssh-9.6p1/mux.c:699:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 697| (r = sshbuf_get_cstring(m, &listen_addr, NULL)) != 0 ||
# 698| (r = sshbuf_get_u32(m, &lport)) != 0 ||
# 699|-> (r = sshbuf_get_cstring(m, &connect_addr, NULL)) != 0 ||
# 700| (r = sshbuf_get_u32(m, &cport)) != 0 ||
# 701| (lport != (u_int)PORT_STREAMLOCAL && lport > 65535) ||
Error: CLANG_WARNING: [#def90]
openssh-9.6p1/mux.c:700:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 698| (r = sshbuf_get_u32(m, &lport)) != 0 ||
# 699| (r = sshbuf_get_cstring(m, &connect_addr, NULL)) != 0 ||
# 700|-> (r = sshbuf_get_u32(m, &cport)) != 0 ||
# 701| (lport != (u_int)PORT_STREAMLOCAL && lport > 65535) ||
# 702| (cport != (u_int)PORT_STREAMLOCAL && cport > 65535)) {
Error: CLANG_WARNING: [#def91]
openssh-9.6p1/mux.c:861:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 859| memset(&fwd, 0, sizeof(fwd));
# 860|
# 861|-> if ((r = sshbuf_get_u32(m, &ftype)) != 0 ||
# 862| (r = sshbuf_get_cstring(m, &listen_addr, NULL)) != 0 ||
# 863| (r = sshbuf_get_u32(m, &lport)) != 0 ||
Error: CLANG_WARNING: [#def92]
openssh-9.6p1/mux.c:862:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 860|
# 861| if ((r = sshbuf_get_u32(m, &ftype)) != 0 ||
# 862|-> (r = sshbuf_get_cstring(m, &listen_addr, NULL)) != 0 ||
# 863| (r = sshbuf_get_u32(m, &lport)) != 0 ||
# 864| (r = sshbuf_get_cstring(m, &connect_addr, NULL)) != 0 ||
Error: CLANG_WARNING: [#def93]
openssh-9.6p1/mux.c:863:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 861| if ((r = sshbuf_get_u32(m, &ftype)) != 0 ||
# 862| (r = sshbuf_get_cstring(m, &listen_addr, NULL)) != 0 ||
# 863|-> (r = sshbuf_get_u32(m, &lport)) != 0 ||
# 864| (r = sshbuf_get_cstring(m, &connect_addr, NULL)) != 0 ||
# 865| (r = sshbuf_get_u32(m, &cport)) != 0 ||
Error: CLANG_WARNING: [#def94]
openssh-9.6p1/mux.c:864:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 862| (r = sshbuf_get_cstring(m, &listen_addr, NULL)) != 0 ||
# 863| (r = sshbuf_get_u32(m, &lport)) != 0 ||
# 864|-> (r = sshbuf_get_cstring(m, &connect_addr, NULL)) != 0 ||
# 865| (r = sshbuf_get_u32(m, &cport)) != 0 ||
# 866| (lport != (u_int)PORT_STREAMLOCAL && lport > 65535) ||
Error: CLANG_WARNING: [#def95]
openssh-9.6p1/mux.c:865:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 863| (r = sshbuf_get_u32(m, &lport)) != 0 ||
# 864| (r = sshbuf_get_cstring(m, &connect_addr, NULL)) != 0 ||
# 865|-> (r = sshbuf_get_u32(m, &cport)) != 0 ||
# 866| (lport != (u_int)PORT_STREAMLOCAL && lport > 65535) ||
# 867| (cport != (u_int)PORT_STREAMLOCAL && cport > 65535)) {
Error: CLANG_WARNING: [#def96]
openssh-9.6p1/mux.c:969:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 967| struct mux_stdio_confirm_ctx *cctx;
# 968|
# 969|-> if ((r = sshbuf_skip_string(m)) != 0 || /* reserved */
# 970| (r = sshbuf_get_cstring(m, &chost, NULL)) != 0 ||
# 971| (r = sshbuf_get_u32(m, &_cport)) != 0) {
Error: CLANG_WARNING: [#def97]
openssh-9.6p1/mux.c:970:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 968|
# 969| if ((r = sshbuf_skip_string(m)) != 0 || /* reserved */
# 970|-> (r = sshbuf_get_cstring(m, &chost, NULL)) != 0 ||
# 971| (r = sshbuf_get_u32(m, &_cport)) != 0) {
# 972| free(chost);
Error: CLANG_WARNING: [#def98]
openssh-9.6p1/mux.c:971:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 969| if ((r = sshbuf_skip_string(m)) != 0 || /* reserved */
# 970| (r = sshbuf_get_cstring(m, &chost, NULL)) != 0 ||
# 971|-> (r = sshbuf_get_u32(m, &_cport)) != 0) {
# 972| free(chost);
# 973| error_f("malformed message");
Error: CLANG_WARNING: [#def99]
openssh-9.6p1/mux.c:1180:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 1178|
# 1179| /* Channel code ensures that we receive whole packets */
# 1180|-> if ((r = sshbuf_froms(c->input, &in)) != 0) {
# 1181| malf:
# 1182| error_f("malformed message");
Error: CLANG_WARNING: [#def100]
openssh-9.6p1/mux.c:1186:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 1184| }
# 1185|
# 1186|-> if ((r = sshbuf_get_u32(in, &type)) != 0)
# 1187| goto malf;
# 1188| debug3_f("channel %d packet type 0x%08x len %zu", c->self,
Error: CLANG_WARNING: [#def101]
openssh-9.6p1/mux.c:1199:8: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 1197| goto out;
# 1198| }
# 1199|-> if ((r = sshbuf_get_u32(in, &rid)) != 0)
# 1200| goto malf;
# 1201| }
Error: CLANG_WARNING: [#def102]
openssh-9.6p1/openbsd-compat/glob.c:270:51: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 268|
# 269| /* copy part up to the brace */
# 270|-> for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++)
# 271| ;
# 272| *lm = EOS;
Error: CLANG_WARNING: [#def103]
openssh-9.6p1/openbsd-compat/glob.c:520:19: warning[core.UndefinedBinaryOperatorResult]: The left operand of '==' is a garbage value
# 518| }
# 519| *bufnext++ = CHAR(c);
# 520|-> if (*qpatnext == RANGE &&
# 521| (c = qpatnext[1]) != RBRACKET) {
# 522| *bufnext++ = M_RNG;
Error: GCC_ANALYZER_WARNING (CWE-401): [#def104]
openssh-9.6p1/openbsd-compat/glob.c: scope_hint: In function ‘globextend’
openssh-9.6p1/openbsd-compat/glob.c:835:23: warning[-Wanalyzer-malloc-leak]: leak of ‘pathv’
# 833| if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
# 834| /* first time around -- clear initial gl_offs items */
# 835|-> pathv += pglob->gl_offs;
# 836| for (i = pglob->gl_offs; i > 0; i--)
# 837| *--pathv = NULL;
Error: GCC_ANALYZER_WARNING (CWE-401): [#def105]
openssh-9.6p1/openbsd-compat/glob.c:847:31: warning[-Wanalyzer-malloc-leak]: leak of ‘statv’
openssh-9.6p1/includes.h:154: included_from: Included from here.
openssh-9.6p1/openbsd-compat/glob.c:61: included_from: Included from here.
# 845| if (pglob->gl_statv == NULL && pglob->gl_offs > 0) {
# 846| /* first time around -- clear initial gl_offs items */
# 847|-> statv += pglob->gl_offs;
# 848| for (i = pglob->gl_offs; i > 0; i--)
# 849| *--statv = NULL;
Error: COMPILER_WARNING (CWE-477): [#def106]
openssh-9.6p1/openbsd-compat/port-linux-sshd.c:68:1: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
# 66| /* Send audit message */
# 67| static int
# 68|-> sshd_selinux_send_audit_message(int success, security_context_t default_context,
# 69| security_context_t selected_context)
# 70| {
Error: COMPILER_WARNING (CWE-477): [#def107]
openssh-9.6p1/openbsd-compat/port-linux-sshd.c:69:24: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
# 67| static int
# 68| sshd_selinux_send_audit_message(int success, security_context_t default_context,
# 69|-> security_context_t selected_context)
# 70| {
# 71| int rc=0;
Error: COMPILER_WARNING (CWE-477): [#def108]
openssh-9.6p1/openbsd-compat/port-linux-sshd.c:115:1: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
# 113|
# 114| static int
# 115|-> mls_range_allowed(security_context_t src, security_context_t dst)
# 116| {
# 117| struct av_decision avd;
Error: COMPILER_WARNING (CWE-477): [#def109]
openssh-9.6p1/openbsd-compat/port-linux-sshd.c:142:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
# 140| static int
# 141| get_user_context(const char *sename, const char *role, const char *lvl,
# 142|-> security_context_t *sc) {
# 143| #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
# 144| if (lvl == NULL || lvl[0] == '\0' || get_default_context_with_level(sename, lvl, NULL, sc) != 0) {
Error: COMPILER_WARNING (CWE-477): [#def110]
openssh-9.6p1/openbsd-compat/port-linux-sshd.c: scope_hint: In function ‘get_user_context’
openssh-9.6p1/openbsd-compat/port-linux-sshd.c:180:17: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
# 178| /* verify that the requested range is obtained */
# 179| context_t con;
# 180|-> security_context_t obtained_raw;
# 181| security_context_t requested_raw;
# 182| con = context_new(*sc);
Error: COMPILER_WARNING (CWE-477): [#def111]
openssh-9.6p1/openbsd-compat/port-linux-sshd.c:181:17: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
# 179| context_t con;
# 180| security_context_t obtained_raw;
# 181|-> security_context_t requested_raw;
# 182| con = context_new(*sc);
# 183| if (!con) {
Error: CLANG_WARNING: [#def112]
openssh-9.6p1/openbsd-compat/port-linux-sshd.c:217:2: warning[unix.Malloc]: Potential memory leak
# 215| freecon(*sc);
# 216| *sc = NULL;
# 217|-> return -1;
# 218| }
# 219|
Error: COMPILER_WARNING (CWE-477): [#def113]
openssh-9.6p1/openbsd-compat/port-linux-sshd.c: scope_hint: At top level
openssh-9.6p1/openbsd-compat/port-linux-sshd.c:240:1: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
# 238| /* Return the default security context for the given username */
# 239| static int
# 240|-> sshd_selinux_getctxbyname(char *pwname, security_context_t *default_sc,
# 241| security_context_t *user_sc, int inetd, Authctxt *the_authctxt)
# 242| {
Error: COMPILER_WARNING (CWE-477): [#def114]
openssh-9.6p1/openbsd-compat/port-linux-sshd.c:241:5: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
# 239| static int
# 240| sshd_selinux_getctxbyname(char *pwname, security_context_t *default_sc,
# 241|-> security_context_t *user_sc, int inetd, Authctxt *the_authctxt)
# 242| {
# 243| char *sename, *lvl;
Error: COMPILER_WARNING (CWE-477): [#def115]
openssh-9.6p1/openbsd-compat/port-linux-sshd.c: scope_hint: In function ‘sshd_selinux_getctxbyname’
openssh-9.6p1/openbsd-compat/port-linux-sshd.c:272:25: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
# 270| /* If launched from xinetd, we must use current level */
# 271| if (inetd) {
# 272|-> security_context_t sshdsc=NULL;
# 273|
# 274| if (getcon_raw(&sshdsc) < 0)
Error: COMPILER_WARNING (CWE-477): [#def116]
openssh-9.6p1/openbsd-compat/port-linux-sshd.c:293:33: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
# 291|
# 292| if (r == 0 && reqlvl != NULL && reqlvl[0]) {
# 293|-> security_context_t default_level_sc = *default_sc;
# 294| if (role != NULL && role[0]) {
# 295| if (get_user_context(sename, role, lvl, &default_level_sc) < 0)
Error: CLANG_WARNING: [#def117]
openssh-9.6p1/openbsd-compat/port-linux-sshd.c:299:9: warning[unix.Malloc]: Potential leak of memory pointed to by 'default_level_sc'
# 297| }
# 298| /* verify that the requested range is contained in the user range */
# 299|-> if (mls_range_allowed(default_level_sc, *user_sc)) {
# 300| logit("permit MLS level %s (user range %s)", reqlvl, lvl);
# 301| } else {
Error: COMPILER_WARNING (CWE-477): [#def118]
openssh-9.6p1/openbsd-compat/port-linux-sshd.c: scope_hint: In function ‘sshd_selinux_setup_exec_context’
openssh-9.6p1/openbsd-compat/port-linux-sshd.c:386:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
# 384| int(pam_setenv)(char *, const char *), void *the_authctxt, int use_pam)
# 385| {
# 386|-> security_context_t user_ctx = NULL;
# 387| int r = 0;
# 388| security_context_t default_ctx = NULL;
Error: COMPILER_WARNING (CWE-477): [#def119]
openssh-9.6p1/openbsd-compat/port-linux-sshd.c:388:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
# 386| security_context_t user_ctx = NULL;
# 387| int r = 0;
# 388|-> security_context_t default_ctx = NULL;
# 389| Authctxt *authctxt = (Authctxt *) the_authctxt;
# 390|
Error: CLANG_WARNING: [#def120]
openssh-9.6p1/openbsd-compat/port-linux-sshd.c:447:6: warning[unix.Malloc]: Potential leak of memory pointed to by 'user_ctx'
# 445| if (user_ctx != NULL && user_ctx != default_ctx)
# 446| freecon(user_ctx);
# 447|-> if (default_ctx != NULL)
# 448| freecon(default_ctx);
# 449|
Error: COMPILER_WARNING (CWE-477): [#def121]
openssh-9.6p1/openbsd-compat/port-linux-sshd.c: scope_hint: In function ‘sshd_selinux_copy_context’
openssh-9.6p1/openbsd-compat/port-linux-sshd.c:461:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
# 459| return;
# 460|
# 461|-> if (getexeccon((security_context_t *)&ctx) != 0) {
# 462| logit_f("getexeccon failed with %s", strerror(errno));
# 463| return;
Error: COMPILER_WARNING (CWE-1164): [#def122]
openssh-9.6p1/openbsd-compat/port-linux.c:67:1: warning[-Wunused-function]: ‘ssh_selinux_getctxbyname’ defined but not used
# 67 | ssh_selinux_getctxbyname(char *pwname)
# | ^~~~~~~~~~~~~~~~~~~~~~~~
# 65| /* Return the default security context for the given username */
# 66| static char *
# 67|-> ssh_selinux_getctxbyname(char *pwname)
# 68| {
# 69| char *sc = NULL, *sename = NULL, *lvl = NULL;
Error: CLANG_WARNING: [#def123]
openssh-9.6p1/openbsd-compat/port-net.c:365:2: warning[deadcode.DeadStores]: Value stored to 'buf' is never read
# 363| if (*dlen < sizeof(af))
# 364| return (NULL);
# 365|-> buf = *data;
# 366|
# 367| #if defined(SSH_TUN_PREPEND_AF)
Error: CLANG_WARNING: [#def124]
openssh-9.6p1/openbsd-compat/readpassphrase.c:72:2: warning[deadcode.DeadStores]: Value stored to 'nr' is never read
# 70| for (i = 0; i < _NSIG; i++)
# 71| signo[i] = 0;
# 72|-> nr = -1;
# 73| save_errno = 0;
# 74| need_restart = 0;
Error: CLANG_WARNING: [#def125]
openssh-9.6p1/openbsd-compat/readpassphrase.c:73:2: warning[deadcode.DeadStores]: Value stored to 'save_errno' is never read
# 71| signo[i] = 0;
# 72| nr = -1;
# 73|-> save_errno = 0;
# 74| need_restart = 0;
# 75| /*
Error: GCC_ANALYZER_WARNING (CWE-775): [#def126]
openssh-9.6p1/openbsd-compat/readpassphrase.c: scope_hint: In function ‘readpassphrase’
openssh-9.6p1/openbsd-compat/readpassphrase.c:94:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 2)’
# 92| * generate SIGTTOU, so do it *before* installing the signal handlers.
# 93| */
# 94|-> if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
# 95| memcpy(&term, &oterm, sizeof(term));
# 96| if (!(flags & RPP_ECHO_ON))
Error: CLANG_WARNING: [#def127]
openssh-9.6p1/openbsd-compat/sha2.c:441:2: warning[deadcode.DeadStores]: Value stored to 'a' is never read
# 439|
# 440| /* Clean up */
# 441|-> a = b = c = d = e = f = g = h = T1 = 0;
# 442| }
# 443|
Error: CLANG_WARNING: [#def128]
openssh-9.6p1/openbsd-compat/sha2.c:441:6: warning[deadcode.DeadStores]: Although the value stored to 'b' is used in the enclosing expression, the value is never actually read from 'b'
# 439|
# 440| /* Clean up */
# 441|-> a = b = c = d = e = f = g = h = T1 = 0;
# 442| }
# 443|
Error: CLANG_WARNING: [#def129]
openssh-9.6p1/openbsd-compat/sha2.c:441:10: warning[deadcode.DeadStores]: Although the value stored to 'c' is used in the enclosing expression, the value is never actually read from 'c'
# 439|
# 440| /* Clean up */
# 441|-> a = b = c = d = e = f = g = h = T1 = 0;
# 442| }
# 443|
Error: CLANG_WARNING: [#def130]
openssh-9.6p1/openbsd-compat/sha2.c:441:14: warning[deadcode.DeadStores]: Although the value stored to 'd' is used in the enclosing expression, the value is never actually read from 'd'
# 439|
# 440| /* Clean up */
# 441|-> a = b = c = d = e = f = g = h = T1 = 0;
# 442| }
# 443|
Error: CLANG_WARNING: [#def131]
openssh-9.6p1/openbsd-compat/sha2.c:441:18: warning[deadcode.DeadStores]: Although the value stored to 'e' is used in the enclosing expression, the value is never actually read from 'e'
# 439|
# 440| /* Clean up */
# 441|-> a = b = c = d = e = f = g = h = T1 = 0;
# 442| }
# 443|
Error: CLANG_WARNING: [#def132]
openssh-9.6p1/openbsd-compat/sha2.c:441:22: warning[deadcode.DeadStores]: Although the value stored to 'f' is used in the enclosing expression, the value is never actually read from 'f'
# 439|
# 440| /* Clean up */
# 441|-> a = b = c = d = e = f = g = h = T1 = 0;
# 442| }
# 443|
Error: CLANG_WARNING: [#def133]
openssh-9.6p1/openbsd-compat/sha2.c:441:26: warning[deadcode.DeadStores]: Although the value stored to 'g' is used in the enclosing expression, the value is never actually read from 'g'
# 439|
# 440| /* Clean up */
# 441|-> a = b = c = d = e = f = g = h = T1 = 0;
# 442| }
# 443|
Error: CLANG_WARNING: [#def134]
openssh-9.6p1/openbsd-compat/sha2.c:441:30: warning[deadcode.DeadStores]: Although the value stored to 'h' is used in the enclosing expression, the value is never actually read from 'h'
# 439|
# 440| /* Clean up */
# 441|-> a = b = c = d = e = f = g = h = T1 = 0;
# 442| }
# 443|
Error: CLANG_WARNING: [#def135]
openssh-9.6p1/openbsd-compat/sha2.c:441:34: warning[deadcode.DeadStores]: Although the value stored to 'T1' is used in the enclosing expression, the value is never actually read from 'T1'
# 439|
# 440| /* Clean up */
# 441|-> a = b = c = d = e = f = g = h = T1 = 0;
# 442| }
# 443|
Error: CLANG_WARNING: [#def136]
openssh-9.6p1/openbsd-compat/sha2.c:548:4: warning[deadcode.DeadStores]: Value stored to 'usedspace' is never read
# 546| context->bitcount[0] += (u_int64_t)len << 3;
# 547| /* Clean up: */
# 548|-> usedspace = freespace = 0;
# 549| return;
# 550| }
Error: CLANG_WARNING: [#def137]
openssh-9.6p1/openbsd-compat/sha2.c:548:16: warning[deadcode.DeadStores]: Although the value stored to 'freespace' is used in the enclosing expression, the value is never actually read from 'freespace'
# 546| context->bitcount[0] += (u_int64_t)len << 3;
# 547| /* Clean up: */
# 548|-> usedspace = freespace = 0;
# 549| return;
# 550| }
Error: CLANG_WARNING: [#def138]
openssh-9.6p1/openbsd-compat/sha2.c:565:2: warning[deadcode.DeadStores]: Value stored to 'usedspace' is never read
# 563| }
# 564| /* Clean up: */
# 565|-> usedspace = freespace = 0;
# 566| }
# 567| DEF_WEAK(SHA256Update);
Error: CLANG_WARNING: [#def139]
openssh-9.6p1/openbsd-compat/sha2.c:565:14: warning[deadcode.DeadStores]: Although the value stored to 'freespace' is used in the enclosing expression, the value is never actually read from 'freespace'
# 563| }
# 564| /* Clean up: */
# 565|-> usedspace = freespace = 0;
# 566| }
# 567| DEF_WEAK(SHA256Update);
Error: CLANG_WARNING: [#def140]
openssh-9.6p1/openbsd-compat/sha2.c:609:2: warning[deadcode.DeadStores]: Value stored to 'usedspace' is never read
# 607|
# 608| /* Clean up: */
# 609|-> usedspace = 0;
# 610| }
# 611| DEF_WEAK(SHA256Pad);
Error: CLANG_WARNING: [#def141]
openssh-9.6p1/openbsd-compat/sha2.c:722:2: warning[deadcode.DeadStores]: Value stored to 'a' is never read
# 720|
# 721| /* Clean up */
# 722|-> a = b = c = d = e = f = g = h = T1 = 0;
# 723| }
# 724|
Error: CLANG_WARNING: [#def142]
openssh-9.6p1/openbsd-compat/sha2.c:722:6: warning[deadcode.DeadStores]: Although the value stored to 'b' is used in the enclosing expression, the value is never actually read from 'b'
# 720|
# 721| /* Clean up */
# 722|-> a = b = c = d = e = f = g = h = T1 = 0;
# 723| }
# 724|
Error: CLANG_WARNING: [#def143]
openssh-9.6p1/openbsd-compat/sha2.c:722:10: warning[deadcode.DeadStores]: Although the value stored to 'c' is used in the enclosing expression, the value is never actually read from 'c'
# 720|
# 721| /* Clean up */
# 722|-> a = b = c = d = e = f = g = h = T1 = 0;
# 723| }
# 724|
Error: CLANG_WARNING: [#def144]
openssh-9.6p1/openbsd-compat/sha2.c:722:14: warning[deadcode.DeadStores]: Although the value stored to 'd' is used in the enclosing expression, the value is never actually read from 'd'
# 720|
# 721| /* Clean up */
# 722|-> a = b = c = d = e = f = g = h = T1 = 0;
# 723| }
# 724|
Error: CLANG_WARNING: [#def145]
openssh-9.6p1/openbsd-compat/sha2.c:722:18: warning[deadcode.DeadStores]: Although the value stored to 'e' is used in the enclosing expression, the value is never actually read from 'e'
# 720|
# 721| /* Clean up */
# 722|-> a = b = c = d = e = f = g = h = T1 = 0;
# 723| }
# 724|
Error: CLANG_WARNING: [#def146]
openssh-9.6p1/openbsd-compat/sha2.c:722:22: warning[deadcode.DeadStores]: Although the value stored to 'f' is used in the enclosing expression, the value is never actually read from 'f'
# 720|
# 721| /* Clean up */
# 722|-> a = b = c = d = e = f = g = h = T1 = 0;
# 723| }
# 724|
Error: CLANG_WARNING: [#def147]
openssh-9.6p1/openbsd-compat/sha2.c:722:26: warning[deadcode.DeadStores]: Although the value stored to 'g' is used in the enclosing expression, the value is never actually read from 'g'
# 720|
# 721| /* Clean up */
# 722|-> a = b = c = d = e = f = g = h = T1 = 0;
# 723| }
# 724|
Error: CLANG_WARNING: [#def148]
openssh-9.6p1/openbsd-compat/sha2.c:722:30: warning[deadcode.DeadStores]: Although the value stored to 'h' is used in the enclosing expression, the value is never actually read from 'h'
# 720|
# 721| /* Clean up */
# 722|-> a = b = c = d = e = f = g = h = T1 = 0;
# 723| }
# 724|
Error: CLANG_WARNING: [#def149]
openssh-9.6p1/openbsd-compat/sha2.c:722:34: warning[deadcode.DeadStores]: Although the value stored to 'T1' is used in the enclosing expression, the value is never actually read from 'T1'
# 720|
# 721| /* Clean up */
# 722|-> a = b = c = d = e = f = g = h = T1 = 0;
# 723| }
# 724|
Error: CLANG_WARNING: [#def150]
openssh-9.6p1/openbsd-compat/sha2.c:829:4: warning[deadcode.DeadStores]: Value stored to 'usedspace' is never read
# 827| ADDINC128(context->bitcount, len << 3);
# 828| /* Clean up: */
# 829|-> usedspace = freespace = 0;
# 830| return;
# 831| }
Error: CLANG_WARNING: [#def151]
openssh-9.6p1/openbsd-compat/sha2.c:829:16: warning[deadcode.DeadStores]: Although the value stored to 'freespace' is used in the enclosing expression, the value is never actually read from 'freespace'
# 827| ADDINC128(context->bitcount, len << 3);
# 828| /* Clean up: */
# 829|-> usedspace = freespace = 0;
# 830| return;
# 831| }
Error: CLANG_WARNING: [#def152]
openssh-9.6p1/openbsd-compat/sha2.c:846:2: warning[deadcode.DeadStores]: Value stored to 'usedspace' is never read
# 844| }
# 845| /* Clean up: */
# 846|-> usedspace = freespace = 0;
# 847| }
# 848| DEF_WEAK(SHA512Update);
Error: CLANG_WARNING: [#def153]
openssh-9.6p1/openbsd-compat/sha2.c:846:14: warning[deadcode.DeadStores]: Although the value stored to 'freespace' is used in the enclosing expression, the value is never actually read from 'freespace'
# 844| }
# 845| /* Clean up: */
# 846|-> usedspace = freespace = 0;
# 847| }
# 848| DEF_WEAK(SHA512Update);
Error: CLANG_WARNING: [#def154]
openssh-9.6p1/openbsd-compat/sha2.c:890:2: warning[deadcode.DeadStores]: Value stored to 'usedspace' is never read
# 888|
# 889| /* Clean up: */
# 890|-> usedspace = 0;
# 891| }
# 892| DEF_WEAK(SHA512Pad);
Error: COMPILER_WARNING: [#def155]
openssh-9.6p1/openbsd-compat/vis.c: scope_hint: In function ‘stravis’
openssh-9.6p1/openbsd-compat/vis.c:229:23: warning[-Wuse-after-free]: pointer ‘buf_15’ may be used after ‘realloc’
# 229 | *outp = buf;
# | ~~~~~~^~~~~
openssh-9.6p1/openbsd-compat/vis.c:227:17: note: call to ‘realloc’ here
# 227 | *outp = realloc(buf, len + 1);
# | ^~~~~~~~~~~~~~~~~~~~~
# 227| *outp = realloc(buf, len + 1);
# 228| if (*outp == NULL) {
# 229|-> *outp = buf;
# 230| errno = serrno;
# 231| }
Error: CLANG_WARNING: [#def156]
openssh-9.6p1/packet.c:1120:3: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 1118|
# 1119| if (comp && comp->enabled) {
# 1120|-> len = sshbuf_len(state->outgoing_packet);
# 1121| /* skip header, compress only payload */
# 1122| if ((r = sshbuf_consume(state->outgoing_packet, 5)) != 0)
Error: CLANG_WARNING: [#def157]
openssh-9.6p1/packet.c:1321:11: warning[unix.Malloc]: Use of memory after it is freed
# 1319| state->rekey_time = monotime();
# 1320| while ((p = TAILQ_FIRST(&state->outgoing))) {
# 1321|-> type = p->type;
# 1322| /*
# 1323| * If this packet triggers a rekex, then skip the
Error: CLANG_WARNING: [#def158]
openssh-9.6p1/packet.c:1723:3: warning[deadcode.DeadStores]: Value stored to 'r' is never read
# 1721| return r;
# 1722| if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side)
# 1723|-> r = ssh_packet_enable_delayed_compress(ssh);
# 1724| else
# 1725| r = 0;
Error: CLANG_WARNING: [#def159]
openssh-9.6p1/packet.c:1725:3: warning[deadcode.DeadStores]: Value stored to 'r' is never read
# 1723| r = ssh_packet_enable_delayed_compress(ssh);
# 1724| else
# 1725|-> r = 0;
# 1726| #ifdef PACKET_DEBUG
# 1727| fprintf(stderr, "read/plain[%d]:\r\n", *typep);
Error: CLANG_WARNING: [#def160]
openssh-9.6p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_ssh_agent_auth.c:153:13: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 151| #ifdef ENABLE_SUDO_HACK
# 152| if( (strlen(sudo_service_name) > 0) && strncasecmp(servicename, sudo_service_name, sizeof(sudo_service_name) - 1) == 0 && getenv("SUDO_USER") ) {
# 153|-> strncpy(ruser, getenv("SUDO_USER"), sizeof(ruser) - 1 );
# 154| verbose( "Using environment variable SUDO_USER (%s)", ruser );
# 155| } else
Error: CLANG_WARNING: [#def161]
openssh-9.6p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_authorized_keys.c:108:13: warning[unix.cstring.BadSizeArg]: Potential buffer overflow. Replace with 'sizeof(auth_keys_file_buf) - strlen(auth_keys_file_buf) - 1' or use a safer 'strlcat' API
# 106| */
# 107| strncat(auth_keys_file_buf, authorized_keys_file_input,
# 108|-> sizeof(auth_keys_file_buf) - 1);
# 109|
# 110| if(allow_user_owned_authorized_keys_file)
Error: GCC_ANALYZER_WARNING (CWE-775): [#def162]
openssh-9.6p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:244:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 0)’
openssh-9.6p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:219:5: note: in expansion of macro ‘debug’
# 242| _exit(1);
# 243| }
# 244|-> if(dup2(devnull, STDIN_FILENO) == -1 || dup2(p[1], STDOUT_FILENO) == -1
# 245| || dup2(devnull, STDERR_FILENO) == -1) {
# 246| error("%s: dup2: %s", __func__, strerror(errno));
Error: GCC_ANALYZER_WARNING (CWE-775): [#def163]
openssh-9.6p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c: scope_hint: In function ‘pamsshagentauth_user_key_command_allowed2’
openssh-9.6p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:244:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-9.6p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:49: included_from: Included from here.
openssh-9.6p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:219:5: note: in expansion of macro ‘debug’
# 242| _exit(1);
# 243| }
# 244|-> if(dup2(devnull, STDIN_FILENO) == -1 || dup2(p[1], STDOUT_FILENO) == -1
# 245| || dup2(devnull, STDERR_FILENO) == -1) {
# 246| error("%s: dup2: %s", __func__, strerror(errno));
Error: GCC_ANALYZER_WARNING (CWE-775): [#def164]
openssh-9.6p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:244:46: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(p[1], 1)’
openssh-9.6p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:219:5: note: in expansion of macro ‘debug’
# 242| _exit(1);
# 243| }
# 244|-> if(dup2(devnull, STDIN_FILENO) == -1 || dup2(p[1], STDOUT_FILENO) == -1
# 245| || dup2(devnull, STDERR_FILENO) == -1) {
# 246| error("%s: dup2: %s", __func__, strerror(errno));
Error: GCC_ANALYZER_WARNING (CWE-775): [#def165]
openssh-9.6p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:244:49: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-9.6p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:219:5: note: in expansion of macro ‘debug’
# 242| _exit(1);
# 243| }
# 244|-> if(dup2(devnull, STDIN_FILENO) == -1 || dup2(p[1], STDOUT_FILENO) == -1
# 245| || dup2(devnull, STDERR_FILENO) == -1) {
# 246| error("%s: dup2: %s", __func__, strerror(errno));
Error: GCC_ANALYZER_WARNING (CWE-775): [#def166]
openssh-9.6p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:245:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 2)’
openssh-9.6p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:219:5: note: in expansion of macro ‘debug’
# 243| }
# 244| if(dup2(devnull, STDIN_FILENO) == -1 || dup2(p[1], STDOUT_FILENO) == -1
# 245|-> || dup2(devnull, STDERR_FILENO) == -1) {
# 246| error("%s: dup2: %s", __func__, strerror(errno));
# 247| _exit(1);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def167]
openssh-9.6p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:245:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-9.6p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:219:5: note: in expansion of macro ‘debug’
# 243| }
# 244| if(dup2(devnull, STDIN_FILENO) == -1 || dup2(p[1], STDOUT_FILENO) == -1
# 245|-> || dup2(devnull, STDERR_FILENO) == -1) {
# 246| error("%s: dup2: %s", __func__, strerror(errno));
# 247| _exit(1);
Error: CLANG_WARNING: [#def168]
openssh-9.6p1/readconf.c:1735:5: warning[deadcode.DeadStores]: Value stored to 'p' is never read
# 1733| lookup_opcode_name(opcode));
# 1734| }
# 1735|-> p = cleanhostname(p);
# 1736| /*
# 1737| * don't want to use permitopen_port to avoid
Error: GCC_ANALYZER_WARNING (CWE-775): [#def169]
openssh-9.6p1/readconf.c: scope_hint: In function ‘read_config_file_depth’
openssh-9.6p1/readconf.c:2472:19: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "r")’
# 2470| return 0;
# 2471|
# 2472|-> if (flags & SSHCONF_CHECKPERM) {
# 2473| struct stat sb;
# 2474|
Error: GCC_ANALYZER_WARNING (CWE-401): [#def170]
openssh-9.6p1/readconf.c:2472:19: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "r")’
# 2470| return 0;
# 2471|
# 2472|-> if (flags & SSHCONF_CHECKPERM) {
# 2473| struct stat sb;
# 2474|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def171]
openssh-9.6p1/readpass.c: scope_hint: In function ‘ssh_askpass’
openssh-9.6p1/readpass.c:76:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(p[1], 1)’
# 74| if (pid == 0) {
# 75| close(p[0]);
# 76|-> if (dup2(p[1], STDOUT_FILENO) == -1)
# 77| fatal_f("dup2: %s", strerror(errno));
# 78| if (env_hint != NULL)
Error: GCC_ANALYZER_WARNING (CWE-401): [#def172]
openssh-9.6p1/regress/misc/sk-dummy/sk-dummy.c: scope_hint: In function ‘sk_enroll’
openssh-9.6p1/regress/misc/sk-dummy/sk-dummy.c:255:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
# 253| }
# 254| response->flags = flags;
# 255|-> switch(alg) {
# 256| case SSH_SK_ECDSA:
# 257| if (pack_key_ecdsa(response) != 0)
Error: CLANG_WARNING: [#def173]
openssh-9.6p1/regress/misc/sk-dummy/sk-dummy.c:265:3: warning[unix.Malloc]: Potential leak of memory pointed to by 'response'
# 263| break;
# 264| default:
# 265|-> skdebug(__func__, "unsupported key type %d", alg);
# 266| return -1;
# 267| }
Error: CLANG_WARNING: [#def174]
openssh-9.6p1/regress/misc/sk-dummy/sk-dummy.c:280:3: warning[unix.Malloc]: Attempt to free released memory
# 278| out:
# 279| if (response != NULL) {
# 280|-> free(response->public_key);
# 281| free(response->key_handle);
# 282| free(response->signature);
Error: GCC_ANALYZER_WARNING (CWE-415): [#def175]
openssh-9.6p1/regress/misc/sk-dummy/sk-dummy.c:280:17: warning[-Wanalyzer-double-free]: double-‘free’ of ‘*response.public_key’
# 278| out:
# 279| if (response != NULL) {
# 280|-> free(response->public_key);
# 281| free(response->key_handle);
# 282| free(response->signature);
Error: CLANG_WARNING: [#def176]
openssh-9.6p1/regress/misc/sk-dummy/sk-dummy.c:522:3: warning[unix.Malloc]: Potential leak of memory pointed to by 'response'
# 520| break;
# 521| default:
# 522|-> skdebug(__func__, "unsupported key type %d", alg);
# 523| return -1;
# 524| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def177]
openssh-9.6p1/regress/misc/sk-dummy/sk-dummy.c: scope_hint: In function ‘sk_sign’
openssh-9.6p1/regress/misc/sk-dummy/sk-dummy.c:523:24: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-9.6p1/regress/misc/sk-dummy/sk-dummy.c:503:9: note: in expansion of macro ‘SHA256Init’
# 521| default:
# 522| skdebug(__func__, "unsupported key type %d", alg);
# 523|-> return -1;
# 524| }
# 525| *sign_response = response;
Error: CPPCHECK_WARNING (CWE-476): [#def178]
openssh-9.6p1/scp.c:1018: warning[nullPointer]: Possible null pointer dereference: done
# 1016| free(active);
# 1017| for (i = 0; i < ndone; i++)
# 1018|-> free(done[i]);
# 1019| free(done);
# 1020| return ret;
Error: CLANG_WARNING: [#def179]
openssh-9.6p1/scp.c:1468:5: warning[deadcode.DeadStores]: Value stored to 'fd' is never read
# 1466| next: if (fd != -1) {
# 1467| (void) close(fd);
# 1468|-> fd = -1;
# 1469| }
# 1470| continue;
Error: CLANG_WARNING: [#def180]
openssh-9.6p1/scp.c:1501:4: warning[deadcode.DeadStores]: Value stored to 'fd' is never read
# 1499| if (close(fd) == -1 && !haderr)
# 1500| haderr = errno;
# 1501|-> fd = -1;
# 1502| }
# 1503| if (!haderr)
Error: COMPILER_WARNING: [#def181]
openssh-9.6p1/scp.c: scope_hint: In function ‘rsource’
openssh-9.6p1/scp.c:1553:56: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 2 and 4095
# 1553 | (void) snprintf(path, sizeof path, "%s/%s", name, dp->d_name);
# | ^~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 2 and 4350 bytes into a destination of size 4096
# 68 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 69 | __glibc_objsize (__s), __fmt,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 70 | __va_arg_pack ());
# | ~~~~~~~~~~~~~~~~~
# 1551| continue;
# 1552| }
# 1553|-> (void) snprintf(path, sizeof path, "%s/%s", name, dp->d_name);
# 1554| vect[0] = path;
# 1555| source(1, vect);
Error: CLANG_WARNING: [#def182]
openssh-9.6p1/scp.c:2013:7: warning[deadcode.DeadStores]: Although the value stored to 'filename' is used in the enclosing expression, the value is never actually read from 'filename'
# 2011| int i, r, targetisdir, err = 0;
# 2012|
# 2013|-> if ((filename = basename(src)) == NULL)
# 2014| fatal("basename %s: %s", src, strerror(errno));
# 2015|
Error: CLANG_WARNING: [#def183]
openssh-9.6p1/servconf.c:1620:3: warning[deadcode.DeadStores]: Value stored to 'ca_only' is never read
# 1618| case sPubkeyAuthentication:
# 1619| intptr = &options->pubkey_authentication;
# 1620|-> ca_only = 0;
# 1621| goto parse_flag;
# 1622|
Error: CLANG_WARNING: [#def184]
openssh-9.6p1/servconf.c:2374:10: warning[deadcode.DeadStores]: Although the value stored to 'port' is used in the enclosing expression, the value is never actually read from 'port'
# 2372| }
# 2373| if (arg == NULL ||
# 2374|-> ((port = permitopen_port(arg)) < 0)) {
# 2375| fatal("%s line %d: %s bad port number",
# 2376| filename, linenum, keyword);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def185]
openssh-9.6p1/session.c: scope_hint: In function ‘do_exec_no_pty’
openssh-9.6p1/session.c:478:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pin[0], 0)’
openssh-9.6p1/session.c:86: included_from: Included from here.
openssh-9.6p1/session.c:2325:9: note: in expansion of macro ‘debug_f’
openssh-9.6p1/session.c:746:9: note: in expansion of macro ‘verbose’
# 476| */
# 477| close(pin[1]);
# 478|-> if (dup2(pin[0], 0) == -1)
# 479| perror("dup2 stdin");
# 480| close(pin[0]);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def186]
openssh-9.6p1/session.c:484:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pout[1], 1)’
openssh-9.6p1/session.c:2325:9: note: in expansion of macro ‘debug_f’
openssh-9.6p1/session.c:746:9: note: in expansion of macro ‘verbose’
# 482| /* Redirect stdout. */
# 483| close(pout[0]);
# 484|-> if (dup2(pout[1], 1) == -1)
# 485| perror("dup2 stdout");
# 486| close(pout[1]);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def187]
openssh-9.6p1/session.c:490:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(perr[1], 2)’
openssh-9.6p1/session.c:2325:9: note: in expansion of macro ‘debug_f’
openssh-9.6p1/session.c:746:9: note: in expansion of macro ‘verbose’
# 488| /* Redirect stderr. */
# 489| close(perr[0]);
# 490|-> if (dup2(perr[1], 2) == -1)
# 491| perror("dup2 stderr");
# 492| close(perr[1]);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def188]
openssh-9.6p1/session.c: scope_hint: In function ‘do_exec_pty’
openssh-9.6p1/session.c:620:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(ttyfd, 0)’
openssh-9.6p1/session.c:2325:9: note: in expansion of macro ‘debug_f’
openssh-9.6p1/session.c:746:9: note: in expansion of macro ‘verbose’
# 618|
# 619| /* Redirect stdin/stdout/stderr from the pseudo tty. */
# 620|-> if (dup2(ttyfd, 0) == -1)
# 621| error("dup2 stdin: %s", strerror(errno));
# 622| if (dup2(ttyfd, 1) == -1)
Error: GCC_ANALYZER_WARNING (CWE-775): [#def189]
openssh-9.6p1/session.c:622:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(ttyfd, 1)’
openssh-9.6p1/session.c:2325:9: note: in expansion of macro ‘debug_f’
openssh-9.6p1/session.c:746:9: note: in expansion of macro ‘verbose’
# 620| if (dup2(ttyfd, 0) == -1)
# 621| error("dup2 stdin: %s", strerror(errno));
# 622|-> if (dup2(ttyfd, 1) == -1)
# 623| error("dup2 stdout: %s", strerror(errno));
# 624| if (dup2(ttyfd, 2) == -1)
Error: GCC_ANALYZER_WARNING (CWE-775): [#def190]
openssh-9.6p1/session.c:624:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(ttyfd, 2)’
openssh-9.6p1/session.c:2325:9: note: in expansion of macro ‘debug_f’
openssh-9.6p1/session.c:746:9: note: in expansion of macro ‘verbose’
# 622| if (dup2(ttyfd, 1) == -1)
# 623| error("dup2 stdout: %s", strerror(errno));
# 624|-> if (dup2(ttyfd, 2) == -1)
# 625| error("dup2 stderr: %s", strerror(errno));
# 626|
Error: CLANG_WARNING: [#def191]
openssh-9.6p1/sftp-client.c:1054:9: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 1052| if ((status == SSH2_FX_NO_SUCH_FILE) && create_dir) {
# 1053| memset(&a, '\0', sizeof(a));
# 1054|-> if ((r = sftp_mkdir(conn, path, &a, 0)) != 0) {
# 1055| sshbuf_free(msg);
# 1056| return NULL;
Error: GCC_ANALYZER_WARNING (CWE-401): [#def192]
openssh-9.6p1/sftp-glob.c: scope_hint: In function ‘sftp_glob’
openssh-9.6p1/sftp-glob.c:155:24: warning[-Wanalyzer-malloc-leak]: leak of ‘s’
# 153|
# 154| if ((r = glob(pattern, flags | GLOB_ALTDIRFUNC, errfunc, pglob)) != 0)
# 155|-> return r;
# 156| /*
# 157| * When both GLOB_NOCHECK and GLOB_MARK are active, a single gl_pathv
Error: CPPCHECK_WARNING (CWE-401): [#def193]
openssh-9.6p1/sftp-glob.c:173: error[memleakOnRealloc]: Common realloc mistake: 's' nulled but not freed upon failure
# 171| if (fudge_stat(s, &sb) == 0 && S_ISDIR(sb.st_mode)) {
# 172| /* NOCHECK on a directory; annotate */
# 173|-> if ((s = realloc(s, l + 2)) != NULL) {
# 174| memcpy(s + l, "/", 2);
# 175| pglob->gl_pathv[0] = s;
Error: CPPCHECK_WARNING (CWE-401): [#def194]
openssh-9.6p1/sftp-server.c:833: error[memleakOnRealloc]: Common realloc mistake: 'buf' nulled but not freed upon failure
# 831| if (len > buflen) {
# 832| debug3_f("allocate %zu => %u", buflen, len);
# 833|-> if ((buf = realloc(buf, len)) == NULL)
# 834| fatal_f("realloc failed");
# 835| buflen = len;
Error: CLANG_WARNING: [#def195]
openssh-9.6p1/sftp-server.c:1720:7: warning[deadcode.DeadStores]: Although the value stored to 'user_pw' is used in the enclosing expression, the value is never actually read from 'user_pw'
# 1718|
# 1719| debug3("request %u: home-directory \"%s\"", id, username);
# 1720|-> if ((user_pw = getpwnam(username)) == NULL) {
# 1721| send_status(id, SSH2_FX_FAILURE);
# 1722| goto out;
Error: CLANG_WARNING: [#def196]
openssh-9.6p1/sftp.c:1401:2: warning[deadcode.DeadStores]: Value stored to 'optidx' is never read
# 1399| *rflag = *sflag = 0;
# 1400| *path1 = *path2 = NULL;
# 1401|-> optidx = 1;
# 1402| switch (cmdnum) {
# 1403| case I_GET:
Error: CLANG_WARNING: [#def197]
openssh-9.6p1/sftp.c:1495:13: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 1493| case I_LLS:
# 1494| /* Skip ls command and following whitespace */
# 1495|-> cp = cp + strlen(cmd) + strspn(cp, WHITESPACE);
# 1496| case I_SHELL:
# 1497| /* Uses the rest of the line */
Error: GCC_ANALYZER_WARNING (CWE-688): [#def198]
openssh-9.6p1/sftp.c: scope_hint: In function ‘parse_args’
openssh-9.6p1/sftp.c:1495:27: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
openssh-9.6p1/sftp.c:31: included_from: Included from here.
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 1493| case I_LLS:
# 1494| /* Skip ls command and following whitespace */
# 1495|-> cp = cp + strlen(cmd) + strspn(cp, WHITESPACE);
# 1496| case I_SHELL:
# 1497| /* Uses the rest of the line */
Error: CLANG_WARNING: [#def199]
openssh-9.6p1/sftp.c:1537:8: warning[deadcode.DeadStores]: Although the value stored to 'optidx' is used in the enclosing expression, the value is never actually read from 'optidx'
# 1535| case I_VERSION:
# 1536| case I_PROGRESS:
# 1537|-> if ((optidx = parse_no_flags(cmd, argv, argc)) == -1)
# 1538| return -1;
# 1539| break;
Error: CLANG_WARNING: [#def200]
openssh-9.6p1/sftp.c:2143:2: warning[deadcode.DeadStores]: Value stored to 'argv' is never read
# 2141| memcpy(line, lf->buffer, cursor);
# 2142| line[cursor] = '\0';
# 2143|-> argv = makeargv(line, &carg, 1, "e, &terminated);
# 2144| free(line);
# 2145|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def201]
openssh-9.6p1/sftp.c: scope_hint: In function ‘connect_to_server’
openssh-9.6p1/sftp.c:2383:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(c_out, 0)’
# 2381| fatal("fork: %s", strerror(errno));
# 2382| else if (sshpid == 0) {
# 2383|-> if ((dup2(c_in, STDIN_FILENO) == -1) ||
# 2384| (dup2(c_out, STDOUT_FILENO) == -1)) {
# 2385| fprintf(stderr, "dup2: %s\n", strerror(errno));
Error: GCC_ANALYZER_WARNING (CWE-775): [#def202]
openssh-9.6p1/sftp.c:2383:54: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(c_out, 1)’
# 2381| fatal("fork: %s", strerror(errno));
# 2382| else if (sshpid == 0) {
# 2383|-> if ((dup2(c_in, STDIN_FILENO) == -1) ||
# 2384| (dup2(c_out, STDOUT_FILENO) == -1)) {
# 2385| fprintf(stderr, "dup2: %s\n", strerror(errno));
Error: GCC_ANALYZER_WARNING (CWE-1341): [#def203]
openssh-9.6p1/sftp.c:2389:17: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘in’
# 2387| }
# 2388| close(*in);
# 2389|-> close(*out);
# 2390| close(c_in);
# 2391| close(c_out);
Error: GCC_ANALYZER_WARNING (CWE-1341): [#def204]
openssh-9.6p1/sftp.c:2391:17: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘c_out’
# 2389| close(*out);
# 2390| close(c_in);
# 2391|-> close(c_out);
# 2392|
# 2393| /*
Error: GCC_ANALYZER_WARNING (CWE-1341): [#def205]
openssh-9.6p1/sftp.c:2415:9: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘c_out’
# 2413| ssh_signal(SIGCHLD, sigchld_handler);
# 2414| close(c_in);
# 2415|-> close(c_out);
# 2416| }
# 2417|
Error: CLANG_WARNING: [#def206]
openssh-9.6p1/sk-usbhid.c:1394:9: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 1392| srk->flags |= SSH_SK_USER_VERIFICATION_REQD;
# 1393|
# 1394|-> if ((r = pack_public_key(srk->alg, cred,
# 1395| &srk->key)) != 0) {
# 1396| skdebug(__func__, "pack public key failed");
Error: GCC_ANALYZER_WARNING (CWE-775): [#def207]
openssh-9.6p1/ssh-add.c: scope_hint: In function ‘add_file’
openssh-9.6p1/ssh-add.c:303:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(filename, 0)’
# 301| * will occur multiple times, so check perms first and bail if wrong.
# 302| */
# 303|-> if (fd != STDIN_FILENO) {
# 304| if (sshkey_perm_ok(fd, filename) != 0) {
# 305| close(fd);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def208]
openssh-9.6p1/ssh-agent.c: scope_hint: In function ‘dup_dest_constraint_hop’
openssh-9.6p1/ssh-agent.c:273:35: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 271| &(out->keys[i]))) != 0)
# 272| fatal_fr(r, "copy key");
# 273|-> out->key_is_ca[i] = dch->key_is_ca[i];
# 274| }
# 275| }
Error: CLANG_WARNING: [#def209]
openssh-9.6p1/ssh-ed25519.c:176:7: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 174| return SSH_ERR_ALLOC_FAIL;
# 175|
# 176|-> if ((ret = crypto_sign_ed25519(sig, &smlen, data, datalen,
# 177| key->ed25519_sk)) != 0 || smlen <= datalen) {
# 178| r = SSH_ERR_INVALID_ARGUMENT; /* XXX better error? */
Error: COMPILER_WARNING: [#def210]
openssh-9.6p1/ssh-keycat.c:39:9: warning: "_GNU_SOURCE" redefined
# 39 | #define _GNU_SOURCE
# | ^~~~~~~~~~~
<command-line>: note: this is the location of the previous definition
# 37| */
# 38|
# 39|-> #define _GNU_SOURCE
# 40|
# 41| #include "config.h"
Error: COMPILER_WARNING: [#def211]
openssh-9.6p1/ssh-keygen.c: scope_hint: In function ‘do_convert_to_ssh2’
openssh-9.6p1/ssh-keygen.c:364:41: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 1024 bytes into a region of size 39
# 364 | "%u-bit %s, converted by %s@%s from OpenSSH",
# | ^~
# 365 | sshkey_size(k), sshkey_type(k),
# 366 | pw->pw_name, hostname);
# | ~~~~~~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output 36 or more bytes (assuming 1060) into a destination of size 61
# 68 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 69 | __glibc_objsize (__s), __fmt,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 70 | __va_arg_pack ());
# | ~~~~~~~~~~~~~~~~~
# 362| /* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
# 363| snprintf(comment, sizeof(comment),
# 364|-> "%u-bit %s, converted by %s@%s from OpenSSH",
# 365| sshkey_size(k), sshkey_type(k),
# 366| pw->pw_name, hostname);
Error: CLANG_WARNING: [#def212]
openssh-9.6p1/ssh-keygen.c:437:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 435| if (stat(identity_file, &st) == -1)
# 436| fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
# 437|-> if ((r = sshkey_load_public(identity_file, &k, NULL)) != 0)
# 438| k = load_identity(identity_file, NULL);
# 439| switch (convert_format) {
Error: CLANG_WARNING: [#def213]
openssh-9.6p1/ssh-keygen.c:781:8: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 779|
# 780| if (!private) {
# 781|-> if ((r = sshkey_write(k, stdout)) == 0)
# 782| ok = 1;
# 783| if (ok)
Error: CLANG_WARNING: [#def214]
openssh-9.6p1/ssh-keygen.c:898:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 896| if ((ret = sshkey_new(KEY_UNSPEC)) == NULL)
# 897| fatal("sshkey_new failed");
# 898|-> if ((r = sshkey_read(ret, cpp)) == 0)
# 899| return ret;
# 900| /* Not a key */
Error: COMPILER_WARNING: [#def215]
openssh-9.6p1/ssh-keygen.c: scope_hint: In function ‘do_gen_all_hostkeys’
openssh-9.6p1/ssh-keygen.c:1135:55: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 1024 bytes into a region of size 1023
# 1135 | snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
# | ^~
# 1136 | hostname);
# | ~~~~~~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output 2 or more bytes (assuming 1026) into a destination of size 1024
# 68 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 69 | __glibc_objsize (__s), __fmt,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 70 | __va_arg_pack ());
# | ~~~~~~~~~~~~~~~~~
# 1133| if ((r = sshkey_from_private(private, &public)) != 0)
# 1134| fatal_fr(r, "sshkey_from_private");
# 1135|-> snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
# 1136| hostname);
# 1137| if ((r = sshkey_save_private(private, prv_tmp, "",
Error: CLANG_WARNING: [#def216]
openssh-9.6p1/ssh-keygen.c:2311:46: warning[deadcode.DeadStores]: Although the value stored to 'was_hash' is used in the enclosing expression, the value is never actually read from 'was_hash'
# 2309| }
# 2310| lnum++;
# 2311|-> was_explicit_key = was_sha1 = was_sha256 = was_hash = 0;
# 2312| cp = line + strspn(line, " \t");
# 2313| /* Trim trailing space, comments and strip \n */
Error: CLANG_WARNING: [#def217]
openssh-9.6p1/ssh-keygen.c:2488:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 2486| if (ssh_krl_to_blob(krl, kbuf) != 0)
# 2487| fatal("Couldn't generate KRL");
# 2488|-> if ((r = sshbuf_write_file(identity_file, kbuf)) != 0)
# 2489| fatal("write %s: %s", identity_file, strerror(errno));
# 2490| sshbuf_free(kbuf);
Error: CLANG_WARNING: [#def218]
openssh-9.6p1/ssh-keygen.c:2773:8: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 2771|
# 2772| if (argc == 0) {
# 2773|-> if ((r = sign_one(signkey, "(stdin)", STDIN_FILENO,
# 2774| sig_namespace, hashalg, signer, &agent_fd)) != 0)
# 2775| goto done;
Error: CLANG_WARNING: [#def219]
openssh-9.6p1/ssh-keygen.c:2785:9: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 2783| goto done;
# 2784| }
# 2785|-> if ((r = sign_one(signkey, argv[i], fd, sig_namespace,
# 2786| hashalg, signer, &agent_fd)) != 0)
# 2787| goto done;
Error: CLANG_WARNING: [#def220]
openssh-9.6p1/ssh-keygen.c:2831:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 2829| goto done;
# 2830| }
# 2831|-> if ((r = sshsig_verify_fd(sigbuf, STDIN_FILENO, sig_namespace,
# 2832| &sign_key, &sig_details)) != 0)
# 2833| goto done; /* sshsig_verify() prints error */
Error: CLANG_WARNING: [#def221]
openssh-9.6p1/ssh-keygen.c:3901:8: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 3899| break;
# 3900| default:
# 3901|-> if ((r = sshkey_generate(type, bits, &private)) != 0)
# 3902| fatal("sshkey_generate failed");
# 3903| break;
Error: COMPILER_WARNING: [#def222]
openssh-9.6p1/ssh-keygen.c: scope_hint: In function ‘main’
openssh-9.6p1/ssh-keygen.c:3924:55: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 1024 bytes into a region of size 1023
# 3924 | snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname);
# | ^~ ~~~~~~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output 2 or more bytes (assuming 1026) into a destination of size 1024
# 68 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 69 | __glibc_objsize (__s), __fmt,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 70 | __va_arg_pack ());
# | ~~~~~~~~~~~~~~~~~
# 3922| } else {
# 3923| /* Create default comment field for the passphrase. */
# 3924|-> snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname);
# 3925| }
# 3926|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def223]
openssh-9.6p1/ssh-pkcs11-client.c: scope_hint: In function ‘pkcs11_start_helper’
openssh-9.6p1/ssh-pkcs11-client.c:580:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pair[1], 0)’
openssh-9.6p1/ssh-pkcs11-client.c:41: included_from: Included from here.
openssh-9.6p1/ssh-pkcs11-client.c:558:9: note: in expansion of macro ‘debug3_f’
# 578| return NULL;
# 579| } else if (pid == 0) {
# 580|-> if ((dup2(pair[1], STDIN_FILENO) == -1) ||
# 581| (dup2(pair[1], STDOUT_FILENO) == -1)) {
# 582| fprintf(stderr, "dup2: %s\n", strerror(errno));
Error: GCC_ANALYZER_WARNING (CWE-775): [#def224]
openssh-9.6p1/ssh-pkcs11-client.c:580:57: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pair[1], 1)’
openssh-9.6p1/ssh-pkcs11-client.c:558:9: note: in expansion of macro ‘debug3_f’
# 578| return NULL;
# 579| } else if (pid == 0) {
# 580|-> if ((dup2(pair[1], STDIN_FILENO) == -1) ||
# 581| (dup2(pair[1], STDOUT_FILENO) == -1)) {
# 582| fprintf(stderr, "dup2: %s\n", strerror(errno));
Error: CLANG_WARNING: [#def225]
openssh-9.6p1/ssh-pkcs11-client.c:662:8: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 660| }
# 661| } else if (type == SSH2_AGENT_FAILURE) {
# 662|-> if ((r = sshbuf_get_u32(msg, &nkeys)) != 0)
# 663| nkeys = -1;
# 664| } else {
Error: GCC_ANALYZER_WARNING (CWE-688): [#def226]
openssh-9.6p1/ssh-pkcs11.c: scope_hint: In function ‘pkcs11_provider_lookup_module’
openssh-9.6p1/ssh-pkcs11.c:211:22: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘module_path’ where non-null expected
openssh-9.6p1/ssh-pkcs11.c:35: included_from: Included from here.
openssh-9.6p1/ssh-pkcs11.c:209:9: note: in expansion of macro ‘TAILQ_FOREACH’
openssh-9.6p1/ssh-pkcs11.c:45: included_from: Included from here.
openssh-9.6p1/log.h:91:100: note: in definition of macro ‘debug’
openssh-9.6p1/ssh-pkcs11.c:32: included_from: Included from here.
/usr/include/string.h:156:12: note: argument 1 of ‘strcmp’ must be non-null
# 209| TAILQ_FOREACH(p, &pkcs11_providers, next) {
# 210| debug("check %p %s (%s)", p, p->name, p->module->module_path);
# 211|-> if (!strcmp(module_path, p->module->module_path))
# 212| return (p->module);
# 213| }
Error: CLANG_WARNING: [#def227]
openssh-9.6p1/ssh-pkcs11.c:1378:28: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'keysp')
# 1376| } else {
# 1377| /* expand key array and add key */
# 1378|-> *keysp = xrecallocarray(*keysp, *nkeys,
# 1379| *nkeys + 1, sizeof(struct sshkey *));
# 1380| (*keysp)[*nkeys] = key;
Error: CLANG_WARNING: [#def228]
openssh-9.6p1/ssh-pkcs11.c:1506:28: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'keysp')
# 1504| } else {
# 1505| /* expand key array and add key */
# 1506|-> *keysp = xrecallocarray(*keysp, *nkeys,
# 1507| *nkeys + 1, sizeof(struct sshkey *));
# 1508| (*keysp)[*nkeys] = key;
Error: CLANG_WARNING: [#def229]
openssh-9.6p1/ssh-pkcs11.c:1944:8: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 1942| */
# 1943| if ((p->module->slotinfo[i].session != 0 ||
# 1944|-> (ret = pkcs11_open_session(p, i, pin, user)) != 0) && /* ??? */
# 1945| keyp == NULL)
# 1946| continue;
Error: COMPILER_WARNING (CWE-1164): [#def230]
openssh-9.6p1/ssh-pkcs11.c:1993:1: warning[-Wunused-function]: ‘pkcs11_register_provider’ defined but not used
# 1993 | pkcs11_register_provider(char *provider_id, char *pin, struct sshkey ***keyp,
# | ^~~~~~~~~~~~~~~~~~~~~~~~
# 1991|
# 1992| static int
# 1993|-> pkcs11_register_provider(char *provider_id, char *pin, struct sshkey ***keyp,
# 1994| char ***labelsp, struct pkcs11_provider **providerp, CK_ULONG user)
# 1995| {
Error: GCC_ANALYZER_WARNING (CWE-775): [#def231]
openssh-9.6p1/ssh-sk-client.c: scope_hint: In function ‘start_helper’
openssh-9.6p1/ssh-sk-client.c:87:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pair[1], 0)’
# 85| }
# 86| if (pid == 0) {
# 87|-> if ((dup2(pair[1], STDIN_FILENO) == -1) ||
# 88| (dup2(pair[1], STDOUT_FILENO) == -1)) {
# 89| error_f("dup2: %s", strerror(errno));
Error: GCC_ANALYZER_WARNING (CWE-775): [#def232]
openssh-9.6p1/ssh-sk-client.c:87:57: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pair[1], 1)’
# 85| }
# 86| if (pid == 0) {
# 87|-> if ((dup2(pair[1], STDIN_FILENO) == -1) ||
# 88| (dup2(pair[1], STDOUT_FILENO) == -1)) {
# 89| error_f("dup2: %s", strerror(errno));
Error: CLANG_WARNING: [#def233]
openssh-9.6p1/ssh_api.c:159:3: warning[unix.Malloc]: Use of memory after it is freed
# 157| */
# 158| while ((k = TAILQ_FIRST(&ssh->public_keys)) != NULL) {
# 159|-> TAILQ_REMOVE(&ssh->public_keys, k, next);
# 160| if (ssh->kex && ssh->kex->server)
# 161| sshkey_free(k->key);
Error: CLANG_WARNING: [#def234]
openssh-9.6p1/ssh_api.c:165:3: warning[unix.Malloc]: Use of memory after it is freed
# 163| }
# 164| while ((k = TAILQ_FIRST(&ssh->private_keys)) != NULL) {
# 165|-> TAILQ_REMOVE(&ssh->private_keys, k, next);
# 166| free(k);
# 167| }
Error: CLANG_WARNING: [#def235]
openssh-9.6p1/sshbuf-getput-basic.c:289:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 287| return SSH_ERR_INVALID_FORMAT;
# 288| }
# 289|-> if ((r = sshbuf_skip_string(buf)) != 0)
# 290| return -1;
# 291| if (valp != NULL) {
Error: CLANG_WARNING: [#def236]
openssh-9.6p1/sshbuf-getput-basic.c:378:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 376| if ((r = sshbuf_reserve(buf, (size_t)len + 1, &p)) < 0)
# 377| goto out;
# 378|-> if ((r = vsnprintf((char *)p, len + 1, fmt, ap2)) != len) {
# 379| r = SSH_ERR_INTERNAL_ERROR;
# 380| goto out; /* Shouldn't happen */
Error: GCC_ANALYZER_WARNING (CWE-1341): [#def237]
openssh-9.6p1/sshbuf-io.c: scope_hint: In function ‘sshbuf_write_file’
openssh-9.6p1/sshbuf-io.c:110:17: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘open(path, 577, 420)’
openssh-9.6p1/includes.h:154: included_from: Included from here.
openssh-9.6p1/sshbuf-io.c:18: included_from: Included from here.
# 108| sshbuf_len(buf)) != sshbuf_len(buf) || close(fd) != 0) {
# 109| oerrno = errno;
# 110|-> close(fd);
# 111| unlink(path);
# 112| errno = oerrno;
Error: CLANG_WARNING: [#def238]
openssh-9.6p1/sshbuf-misc.c:291:8: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 289| /* Adjust the buffer to include only what was actually read */
# 290| if ((adjust = maxlen - (rr > 0 ? rr : 0)) != 0) {
# 291|-> if ((r = sshbuf_consume_end(buf, adjust)) != 0) {
# 292| /* avoid returning uninitialised data to caller */
# 293| memset(d + rr, '\0', adjust);
Error: COMPILER_WARNING: [#def239]
openssh-9.6p1/sshbuf.c: scope_hint: In function ‘sshbuf_new’
openssh-9.6p1/sshbuf.c:96:33: warning[-Wcalloc-transposed-args]: ‘calloc’ sizes specified with ‘sizeof’ in the earlier argument and not in the later argument
# 96 | if ((ret = calloc(sizeof(*ret), 1)) == NULL)
# | ^
openssh-9.6p1/sshbuf.c:96:33: note: earlier argument should specify number of elements, later size of each element
# 94| struct sshbuf *ret;
# 95|
# 96|-> if ((ret = calloc(sizeof(*ret), 1)) == NULL)
# 97| return NULL;
# 98| ret->alloc = SSHBUF_SIZE_INIT;
Error: COMPILER_WARNING: [#def240]
openssh-9.6p1/sshbuf.c: scope_hint: In function ‘sshbuf_from’
openssh-9.6p1/sshbuf.c:116:33: warning[-Wcalloc-transposed-args]: ‘calloc’ sizes specified with ‘sizeof’ in the earlier argument and not in the later argument
# 116 | (ret = calloc(sizeof(*ret), 1)) == NULL)
# | ^
openssh-9.6p1/sshbuf.c:116:33: note: earlier argument should specify number of elements, later size of each element
# 114|
# 115| if (blob == NULL || len > SSHBUF_SIZE_MAX ||
# 116|-> (ret = calloc(sizeof(*ret), 1)) == NULL)
# 117| return NULL;
# 118| ret->alloc = ret->size = ret->max_size = len;
Error: CLANG_WARNING: [#def241]
openssh-9.6p1/sshbuf.c:153:3: warning[unix.Malloc]: Potential leak of memory pointed to by 'ret'
# 151| if (sshbuf_set_parent(ret, buf) != 0) {
# 152| sshbuf_free(ret);
# 153|-> return NULL;
# 154| }
# 155| return ret;
Error: CLANG_WARNING: [#def242]
openssh-9.6p1/sshconnect.c:396:8: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 394| } else if (options.bind_interface != NULL) {
# 395| #ifdef HAVE_IFADDRS_H
# 396|-> if ((r = getifaddrs(&ifaddrs)) != 0) {
# 397| error("getifaddrs: %s: %s", options.bind_interface,
# 398| strerror(errno));
Error: CLANG_WARNING: [#def243]
openssh-9.6p1/sshconnect.c:1050:36: warning[core.NullDereference]: Access to field 'key' results in a dereference of a null pointer (loaded from variable 'host_found')
# 1048| (ip_status != HOST_CHANGED ||
# 1049| (ip_found != NULL &&
# 1050|-> !sshkey_equal(ip_found->key, host_found->key))))
# 1051| host_ip_differ = 1;
# 1052| } else
Error: CLANG_WARNING: [#def244]
openssh-9.6p1/sshconnect.c:1061:7: warning[core.NullDereference]: Access to field 'file' results in a dereference of a null pointer (loaded from variable 'host_found')
# 1059| host, type, want_cert ? "certificate" : "key");
# 1060| debug("Found %s in %s:%lu", want_cert ? "CA key" : "key",
# 1061|-> host_found->file, host_found->line);
# 1062| if (want_cert) {
# 1063| if (sshkey_cert_check_host(host_key,
Error: CLANG_WARNING: [#def245]
openssh-9.6p1/sshconnect.c:1259:8: warning[core.NullDereference]: Access to field 'file' results in a dereference of a null pointer (loaded from variable 'host_found')
# 1257| debug("Host certificate authority does not "
# 1258| "match %s in %s:%lu", CA_MARKER,
# 1259|-> host_found->file, host_found->line);
# 1260| goto fail;
# 1261| }
Error: CLANG_WARNING: [#def246]
openssh-9.6p1/sshconnect.c:1292:19: warning[core.NullDereference]: Access to field 'key' results in a dereference of a null pointer (loaded from variable 'host_found')
# 1290| }
# 1291| error("Offending %s key in %s:%lu",
# 1292|-> sshkey_type(host_found->key),
# 1293| host_found->file, host_found->line);
# 1294|
Error: CLANG_WARNING: [#def247]
openssh-9.6p1/sshconnect.c:1708:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 1706| return;
# 1707|
# 1708|-> if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) {
# 1709| debug3("no authentication agent, not adding key");
# 1710| return;
Error: CLANG_WARNING: [#def248]
openssh-9.6p1/sshconnect2.c:1677:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 1675| }
# 1676|
# 1677|-> if ((r = sshkey_to_blob(id->key, &blob, &bloblen)) != 0) {
# 1678| /* we cannot handle this key */
# 1679| debug3_f("cannot handle key");
Error: CLANG_WARNING: [#def249]
openssh-9.6p1/sshconnect2.c:1912:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 1910| }
# 1911| /* list of keys supported by the agent */
# 1912|-> if ((r = get_agent_identities(ssh, &agent_fd, &idlist)) == 0) {
# 1913| for (j = 0; j < idlist->nkeys; j++) {
# 1914| if ((r = sshkey_check_rsa_length(idlist->keys[j],
Error: CLANG_WARNING: [#def250]
openssh-9.6p1/sshconnect2.c:2022:3: warning[unix.Malloc]: Use of memory after it is freed
# 2020| for (id = TAILQ_FIRST(&authctxt->keys); id;
# 2021| id = TAILQ_FIRST(&authctxt->keys)) {
# 2022|-> TAILQ_REMOVE(&authctxt->keys, id, next);
# 2023| sshkey_free(id->key);
# 2024| free(id->filename);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def251]
openssh-9.6p1/sshconnect2.c:2211:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-9.6p1/log.h:106:99: note: in definition of macro ‘error_f’
# 2209| if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
# 2210| error_f("not installed: %s", strerror(errno));
# 2211|-> return -1;
# 2212| }
# 2213| if (fflush(stdout) != 0) {
Error: GCC_ANALYZER_WARNING (CWE-775): [#def252]
openssh-9.6p1/sshconnect2.c:2211:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-9.6p1/log.h:106:99: note: in definition of macro ‘error_f’
# 2209| if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
# 2210| error_f("not installed: %s", strerror(errno));
# 2211|-> return -1;
# 2212| }
# 2213| if (fflush(stdout) != 0) {
Error: GCC_ANALYZER_WARNING (CWE-775): [#def253]
openssh-9.6p1/sshconnect2.c:2211:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-9.6p1/log.h:106:99: note: in definition of macro ‘error_f’
# 2209| if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
# 2210| error_f("not installed: %s", strerror(errno));
# 2211|-> return -1;
# 2212| }
# 2213| if (fflush(stdout) != 0) {
Error: GCC_ANALYZER_WARNING (CWE-775): [#def254]
openssh-9.6p1/sshconnect2.c: scope_hint: In function ‘ssh_keysign’
openssh-9.6p1/sshconnect2.c:2211:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-9.6p1/sshconnect2.c:65: included_from: Included from here.
openssh-9.6p1/log.h:106:99: note: in definition of macro ‘error_f’
# 2209| if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
# 2210| error_f("not installed: %s", strerror(errno));
# 2211|-> return -1;
# 2212| }
# 2213| if (fflush(stdout) != 0) {
Error: GCC_ANALYZER_WARNING (CWE-775): [#def255]
openssh-9.6p1/sshconnect2.c:2232:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(from[1], 1)’
# 2230| if (pid == 0) {
# 2231| close(from[0]);
# 2232|-> if (dup2(from[1], STDOUT_FILENO) == -1)
# 2233| fatal_f("dup2: %s", strerror(errno));
# 2234| close(to[1]);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def256]
openssh-9.6p1/sshconnect2.c:2235:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(to[0], 0)’
# 2233| fatal_f("dup2: %s", strerror(errno));
# 2234| close(to[1]);
# 2235|-> if (dup2(to[0], STDIN_FILENO) == -1)
# 2236| fatal_f("dup2: %s", strerror(errno));
# 2237| close(from[1]);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def257]
openssh-9.6p1/sshconnect2.c:2240:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(ssh_packet_get_connection_in(ssh), 3)’
# 2238| close(to[0]);
# 2239|
# 2240|-> if (dup2(sock, STDERR_FILENO + 1) == -1)
# 2241| fatal_f("dup2: %s", strerror(errno));
# 2242| sock = STDERR_FILENO + 1;
Error: CLANG_WARNING: [#def258]
openssh-9.6p1/sshconnect2.c:2411:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 2409| sshbuf_dump(b, stderr);
# 2410| #endif
# 2411|-> if ((r = ssh_keysign(ssh, private, &sig, &siglen,
# 2412| sshbuf_ptr(b), sshbuf_len(b))) != 0) {
# 2413| error("sign using hostkey %s %s failed",
Error: CLANG_WARNING: [#def259]
openssh-9.6p1/sshd.c:1380:5: warning[deadcode.DeadStores]: Value stored to 'pid' is never read
# 1378| close(startup_p[1]);
# 1379| startup_pipe = -1;
# 1380|-> pid = getpid();
# 1381| if (rexec_flag) {
# 1382| send_rexec_state(config_s[0], cfg);
Error: CLANG_WARNING: [#def260]
openssh-9.6p1/sshd.c:1924:25: warning[core.NullDereference]: Access to field 'pw_passwd' results in a dereference of a null pointer (loaded from variable 'privsep_pw')
# 1922| privsep_pw = pwcopy(privsep_pw);
# 1923| freezero(privsep_pw->pw_passwd, strlen(privsep_pw->pw_passwd));
# 1924|-> privsep_pw->pw_passwd = xstrdup("*");
# 1925| }
# 1926| endpwent();
Error: CLANG_WARNING: [#def261]
openssh-9.6p1/sshd.c:1990:7: warning[core.NullDereference]: Access to field 'sk_flags' results in a dereference of a null pointer (loaded from variable 'key')
# 1988| }
# 1989| if (sshkey_is_sk(key) &&
# 1990|-> key->sk_flags & SSH_SK_USER_PRESENCE_REQD) {
# 1991| debug("host key %s requires user presence, ignoring",
# 1992| options.host_key_files[i]);
Error: CLANG_WARNING: [#def262]
openssh-9.6p1/sshkey.c:1983:7: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 1981|
# 1982| /* Parse body of certificate up to signature */
# 1983|-> if ((ret = sshbuf_get_u64(b, &key->cert->serial)) != 0 ||
# 1984| (ret = sshbuf_get_u32(b, &key->cert->type)) != 0 ||
# 1985| (ret = sshbuf_get_cstring(b, &key->cert->key_id, &kidlen)) != 0 ||
Error: CLANG_WARNING: [#def263]
openssh-9.6p1/sshkey.c:1984:7: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 1982| /* Parse body of certificate up to signature */
# 1983| if ((ret = sshbuf_get_u64(b, &key->cert->serial)) != 0 ||
# 1984|-> (ret = sshbuf_get_u32(b, &key->cert->type)) != 0 ||
# 1985| (ret = sshbuf_get_cstring(b, &key->cert->key_id, &kidlen)) != 0 ||
# 1986| (ret = sshbuf_froms(b, &principals)) != 0 ||
Error: CLANG_WARNING: [#def264]
openssh-9.6p1/sshkey.c:1985:7: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 1983| if ((ret = sshbuf_get_u64(b, &key->cert->serial)) != 0 ||
# 1984| (ret = sshbuf_get_u32(b, &key->cert->type)) != 0 ||
# 1985|-> (ret = sshbuf_get_cstring(b, &key->cert->key_id, &kidlen)) != 0 ||
# 1986| (ret = sshbuf_froms(b, &principals)) != 0 ||
# 1987| (ret = sshbuf_get_u64(b, &key->cert->valid_after)) != 0 ||
Error: CLANG_WARNING: [#def265]
openssh-9.6p1/sshkey.c:1986:7: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 1984| (ret = sshbuf_get_u32(b, &key->cert->type)) != 0 ||
# 1985| (ret = sshbuf_get_cstring(b, &key->cert->key_id, &kidlen)) != 0 ||
# 1986|-> (ret = sshbuf_froms(b, &principals)) != 0 ||
# 1987| (ret = sshbuf_get_u64(b, &key->cert->valid_after)) != 0 ||
# 1988| (ret = sshbuf_get_u64(b, &key->cert->valid_before)) != 0 ||
Error: CLANG_WARNING: [#def266]
openssh-9.6p1/sshkey.c:1987:7: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 1985| (ret = sshbuf_get_cstring(b, &key->cert->key_id, &kidlen)) != 0 ||
# 1986| (ret = sshbuf_froms(b, &principals)) != 0 ||
# 1987|-> (ret = sshbuf_get_u64(b, &key->cert->valid_after)) != 0 ||
# 1988| (ret = sshbuf_get_u64(b, &key->cert->valid_before)) != 0 ||
# 1989| (ret = sshbuf_froms(b, &crit)) != 0 ||
Error: CLANG_WARNING: [#def267]
openssh-9.6p1/sshkey.c:1988:7: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 1986| (ret = sshbuf_froms(b, &principals)) != 0 ||
# 1987| (ret = sshbuf_get_u64(b, &key->cert->valid_after)) != 0 ||
# 1988|-> (ret = sshbuf_get_u64(b, &key->cert->valid_before)) != 0 ||
# 1989| (ret = sshbuf_froms(b, &crit)) != 0 ||
# 1990| (ret = sshbuf_froms(b, &exts)) != 0 ||
Error: CLANG_WARNING: [#def268]
openssh-9.6p1/sshkey.c:1989:7: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 1987| (ret = sshbuf_get_u64(b, &key->cert->valid_after)) != 0 ||
# 1988| (ret = sshbuf_get_u64(b, &key->cert->valid_before)) != 0 ||
# 1989|-> (ret = sshbuf_froms(b, &crit)) != 0 ||
# 1990| (ret = sshbuf_froms(b, &exts)) != 0 ||
# 1991| (ret = sshbuf_get_string_direct(b, NULL, NULL)) != 0 ||
Error: CLANG_WARNING: [#def269]
openssh-9.6p1/sshkey.c:1990:7: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 1988| (ret = sshbuf_get_u64(b, &key->cert->valid_before)) != 0 ||
# 1989| (ret = sshbuf_froms(b, &crit)) != 0 ||
# 1990|-> (ret = sshbuf_froms(b, &exts)) != 0 ||
# 1991| (ret = sshbuf_get_string_direct(b, NULL, NULL)) != 0 ||
# 1992| (ret = sshbuf_froms(b, &ca)) != 0) {
Error: CLANG_WARNING: [#def270]
openssh-9.6p1/sshkey.c:1991:7: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 1989| (ret = sshbuf_froms(b, &crit)) != 0 ||
# 1990| (ret = sshbuf_froms(b, &exts)) != 0 ||
# 1991|-> (ret = sshbuf_get_string_direct(b, NULL, NULL)) != 0 ||
# 1992| (ret = sshbuf_froms(b, &ca)) != 0) {
# 1993| /* XXX debug print error for ret */
Error: CLANG_WARNING: [#def271]
openssh-9.6p1/sshkey.c:1992:7: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 1990| (ret = sshbuf_froms(b, &exts)) != 0 ||
# 1991| (ret = sshbuf_get_string_direct(b, NULL, NULL)) != 0 ||
# 1992|-> (ret = sshbuf_froms(b, &ca)) != 0) {
# 1993| /* XXX debug print error for ret */
# 1994| ret = SSH_ERR_INVALID_FORMAT;
Error: CLANG_WARNING: [#def272]
openssh-9.6p1/sshkey.c:2001:7: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 1999| signed_len = sshbuf_len(key->cert->certblob) - sshbuf_len(b);
# 2000|
# 2001|-> if ((ret = sshbuf_get_string(b, &sig, &slen)) != 0) {
# 2002| ret = SSH_ERR_INVALID_FORMAT;
# 2003| goto out;
Error: CLANG_WARNING: [#def273]
openssh-9.6p1/sshkey.c:2021:8: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 2019| goto out;
# 2020| }
# 2021|-> if ((ret = sshbuf_get_cstring(principals, &principal,
# 2022| NULL)) != 0) {
# 2023| ret = SSH_ERR_INVALID_FORMAT;
Error: CLANG_WARNING: [#def274]
openssh-9.6p1/sshkey.c:2052:8: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 2050| */
# 2051| while (sshbuf_len(crit) != 0) {
# 2052|-> if ((ret = sshbuf_get_string_direct(crit, NULL, NULL)) != 0 ||
# 2053| (ret = sshbuf_get_string_direct(crit, NULL, NULL)) != 0) {
# 2054| sshbuf_reset(key->cert->critical);
Error: CLANG_WARNING: [#def275]
openssh-9.6p1/sshkey.c:2053:8: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 2051| while (sshbuf_len(crit) != 0) {
# 2052| if ((ret = sshbuf_get_string_direct(crit, NULL, NULL)) != 0 ||
# 2053|-> (ret = sshbuf_get_string_direct(crit, NULL, NULL)) != 0) {
# 2054| sshbuf_reset(key->cert->critical);
# 2055| ret = SSH_ERR_INVALID_FORMAT;
Error: CLANG_WARNING: [#def276]
openssh-9.6p1/sshkey.c:2060:8: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 2058| }
# 2059| while (exts != NULL && sshbuf_len(exts) != 0) {
# 2060|-> if ((ret = sshbuf_get_string_direct(exts, NULL, NULL)) != 0 ||
# 2061| (ret = sshbuf_get_string_direct(exts, NULL, NULL)) != 0) {
# 2062| sshbuf_reset(key->cert->extensions);
Error: CLANG_WARNING: [#def277]
openssh-9.6p1/sshkey.c:2061:8: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 2059| while (exts != NULL && sshbuf_len(exts) != 0) {
# 2060| if ((ret = sshbuf_get_string_direct(exts, NULL, NULL)) != 0 ||
# 2061|-> (ret = sshbuf_get_string_direct(exts, NULL, NULL)) != 0) {
# 2062| sshbuf_reset(key->cert->extensions);
# 2063| ret = SSH_ERR_INVALID_FORMAT;
Error: COMPILER_WARNING (CWE-483): [#def278]
openssh-9.6p1/sshkey.c: scope_hint: In function ‘sshkey_sign’
openssh-9.6p1/sshkey.c:2309:9: warning[-Wmisleading-indentation]: this ‘if’ clause does not guard...
# 2309 | if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE)
# | ^~
openssh-9.6p1/sshkey.c:2311:17: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the ‘if’
# 2311 | if (FIPS_mode() && ((key->type == KEY_ED25519_SK) || (key->type == KEY_ED25519_SK_CERT))) {
# | ^~
# 2307| if (lenp != NULL)
# 2308| *lenp = 0;
# 2309|-> if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE)
# 2310| return SSH_ERR_INVALID_ARGUMENT;
# 2311| if (FIPS_mode() && ((key->type == KEY_ED25519_SK) || (key->type == KEY_ED25519_SK_CERT))) {
Error: COMPILER_WARNING (CWE-483): [#def279]
openssh-9.6p1/sshkey.c: scope_hint: In function ‘sshkey_verify’
openssh-9.6p1/sshkey.c:2350:9: warning[-Wmisleading-indentation]: this ‘if’ clause does not guard...
# 2350 | if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE)
# | ^~
openssh-9.6p1/sshkey.c:2352:17: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the ‘if’
# 2352 | if (FIPS_mode() && ((key->type == KEY_ED25519_SK) || (key->type == KEY_ED25519_SK_CERT))) {
# | ^~
# 2348| if (detailsp != NULL)
# 2349| *detailsp = NULL;
# 2350|-> if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE)
# 2351| return SSH_ERR_INVALID_ARGUMENT;
# 2352| if (FIPS_mode() && ((key->type == KEY_ED25519_SK) || (key->type == KEY_ED25519_SK_CERT))) {
Error: CLANG_WARNING: [#def280]
openssh-9.6p1/sshkey.c:2429:7: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 2427| alg = "rsa-sha2-512";
# 2428|
# 2429|-> if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0)
# 2430| return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;
# 2431|
Error: CLANG_WARNING: [#def281]
openssh-9.6p1/sshkey.c:2611:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 2609| }
# 2610| if (ca_sign_algorithms != NULL &&
# 2611|-> (r = sshkey_check_cert_sigtype(key, ca_sign_algorithms)) != 0) {
# 2612| *reason = "Certificate signed with disallowed algorithm";
# 2613| return SSH_ERR_KEY_CERT_INVALID;
Error: CLANG_WARNING: [#def282]
openssh-9.6p1/sshkey.c:2956:7: warning[deadcode.DeadStores]: Although the value stored to 'exponent' is used in the enclosing expression, the value is never actually read from 'exponent'
# 2954| EC_KEY_get0_public_key(key));
# 2955| fputs("exponent=", stderr);
# 2956|-> if ((exponent = EC_KEY_get0_private_key(key)) == NULL)
# 2957| fputs("(NULL)", stderr);
# 2958| else
Error: CLANG_WARNING: [#def283]
openssh-9.6p1/sshkey.c:3246:32: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 3244| (r = sshbuf_get_u32(kdf, &rounds)) != 0)
# 3245| goto out;
# 3246|-> if (bcrypt_pbkdf(passphrase, strlen(passphrase), salt, slen,
# 3247| key, keylen + ivlen, rounds) < 0) {
# 3248| r = SSH_ERR_INVALID_FORMAT;
Error: CLANG_WARNING: [#def284]
openssh-9.6p1/sshkey.c:3489:8: warning[deadcode.DeadStores]: Although the value stored to 'success' is used in the enclosing expression, the value is never actually read from 'success'
# 3487| }
# 3488| if (format == SSHKEY_PRIVATE_PKCS8) {
# 3489|-> if ((success = PEM_write_bio_PrivateKey(bio, pkey, cipher,
# 3490| passphrase, len, NULL, NULL)) == 0) {
# 3491| r = SSH_ERR_LIBCRYPTO_ERROR;
Error: CLANG_WARNING: [#def285]
openssh-9.6p1/sshsig.c:111:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 109| goto done;
# 110| }
# 111|-> if ((r = sshbuf_cmp(sbuf, 0, "\r\n", 2)) == 0)
# 112| eoffset = 2;
# 113| else if ((r = sshbuf_cmp(sbuf, 0, "\n", 1)) == 0)
Error: CLANG_WARNING: [#def286]
openssh-9.6p1/sshsig.c:113:12: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 111| if ((r = sshbuf_cmp(sbuf, 0, "\r\n", 2)) == 0)
# 112| eoffset = 2;
# 113|-> else if ((r = sshbuf_cmp(sbuf, 0, "\n", 1)) == 0)
# 114| eoffset = 1;
# 115| else {
Error: CLANG_WARNING: [#def287]
openssh-9.6p1/sshsig.c:650:8: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 648| while (*opts && *opts != ' ' && *opts != '\t') {
# 649| /* flag options */
# 650|-> if ((r = opt_flag("cert-authority", 0, &opts)) != -1) {
# 651| ret->ca = 1;
# 652| } else if (opt_match(&opts, "namespaces")) {
Error: CLANG_WARNING: [#def288]
openssh-9.6p1/sshsig.c:904:7: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 902|
# 903| /* Parse the line */
# 904|-> if ((r = parse_principals_key_and_options(path, linenum, line,
# 905| principal, &principals, &found_key, &sigopts)) != 0) {
# 906| /* error already logged */
Error: CLANG_WARNING: [#def289]
openssh-9.6p1/sshsig.c:917:9: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 915| if (principal) {
# 916| /* Match certificate CA key with specified principal */
# 917|-> if ((r = sshkey_cert_check_authority(sign_key, 0, 1, 0,
# 918| verify_time, principal, &reason)) != 0) {
# 919| error("%s:%lu: certificate not authorized: %s",
Error: CLANG_WARNING: [#def290]
openssh-9.6p1/umac128.c:10: included_from: Included from here.
openssh-9.6p1/umac.c:520:9: warning[deadcode.DeadStores]: Value stored to 'k8' is never read
# 518| k0 = k8; k1 = k9; k2 = k10; k3 = k11;
# 519| k4 = k12; k5 = k13; k6 = k14; k7 = k15;
# 520|-> k8 = k16; k9 = k17; k10 = k18; k11 = k19;
# 521|
# 522| d += 8;
Error: CLANG_WARNING: [#def291]
openssh-9.6p1/umac.c:520:19: warning[deadcode.DeadStores]: Value stored to 'k9' is never read
# 518| k0 = k8; k1 = k9; k2 = k10; k3 = k11;
# 519| k4 = k12; k5 = k13; k6 = k14; k7 = k15;
# 520|-> k8 = k16; k9 = k17; k10 = k18; k11 = k19;
# 521|
# 522| d += 8;
Error: CLANG_WARNING: [#def292]
openssh-9.6p1/umac.c:520:29: warning[deadcode.DeadStores]: Value stored to 'k10' is never read
# 518| k0 = k8; k1 = k9; k2 = k10; k3 = k11;
# 519| k4 = k12; k5 = k13; k6 = k14; k7 = k15;
# 520|-> k8 = k16; k9 = k17; k10 = k18; k11 = k19;
# 521|
# 522| d += 8;
Error: CLANG_WARNING: [#def293]
openssh-9.6p1/umac.c:520:40: warning[deadcode.DeadStores]: Value stored to 'k11' is never read
# 518| k0 = k8; k1 = k9; k2 = k10; k3 = k11;
# 519| k4 = k12; k5 = k13; k6 = k14; k7 = k15;
# 520|-> k8 = k16; k9 = k17; k10 = k18; k11 = k19;
# 521|
# 522| d += 8;
Scan Properties
| analyzer-version-clang | 18.1.3 |
| analyzer-version-cppcheck | 2.13.0 |
| analyzer-version-gcc | 14.0.1 |
| analyzer-version-gcc-analyzer | 14.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| enabled-plugins | clang, cppcheck, gcc, shellcheck |
| exit-code | 0 |
| host | ip-172-16-1-82.us-west-2.compute.internal |
| mock-config | fedora-41-x86_64 |
| project-name | openssh-9.6p1-1.fc41.7 |
| store-results-to | /tmp/tmps_lx8vi0/openssh-9.6p1-1.fc41.7.tar.xz |
| time-created | 2024-04-22 14:19:15 |
| time-finished | 2024-04-22 14:23:33 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmps_lx8vi0/openssh-9.6p1-1.fc41.7.tar.xz' '--gcc-analyze' '/tmp/tmps_lx8vi0/openssh-9.6p1-1.fc41.7.src.rpm' |
| tool-version | csmock-3.5.3-1.el9 |