openssh-9.9p1-5.fc42

List of Findings

Error: SHELLCHECK_WARNING (CWE-758): [#def1]
/etc/profile.d/gnome-ssh-askpass.sh:1:1: error[SC2148]: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
#    1|-> SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
#    2|   export SSH_ASKPASS

Error: GCC_ANALYZER_WARNING: [#def2]
openssh-9.9p1-build/openssh-9.9p1/addr.c: scope_hint: In function ‘addr_or’
openssh-9.9p1-build/openssh-9.9p1/addr.c:239:9: warning[-Wanalyzer-overlapping-buffers]: overlapping buffers passed as arguments to ‘memcpy’
openssh-9.9p1-build/openssh-9.9p1/addr.c:27: included_from: Included from here.
/usr/include/string.h:43:14: note: the behavior of ‘memcpy’ is undefined for overlapping buffers
#  237|   		return (-1);
#  238|   
#  239|-> 	memcpy(dst, a, sizeof(*dst));
#  240|   	switch (a->af) {
#  241|   	case AF_INET:

Error: GCC_ANALYZER_WARNING (CWE-476): [#def3]
openssh-9.9p1-build/openssh-9.9p1/auth-krb5.c: scope_hint: In function ‘krb5_cleanup_proc’
openssh-9.9p1-build/openssh-9.9p1/auth-krb5.c:268:50: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  266|   			strncpy(krb5_ccname, authctxt->krb5_ccname, sizeof(krb5_ccname) - 10);
#  267|   			krb5_ccname_dir_start = strchr(krb5_ccname, ':') + 1;
#  268|-> 			*krb5_ccname_dir_start++ = '\0';
#  269|   			if (strcmp(krb5_ccname, "DIR") == 0) {
#  270|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def4]
openssh-9.9p1-build/openssh-9.9p1/auth-krb5.c: scope_hint: In function ‘ssh_krb5_expand_template’
openssh-9.9p1-build/openssh-9.9p1/auth-krb5.c:360:30: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  358|   		} else {
#  359|   			p_o = strchr(p_n, '}') + 1;
#  360|-> 			*p_o = '\0';
#  361|   			debug_f("unsupported token %s in %s", p_n, template);
#  362|   			/* unknown token, fallback to the default */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
openssh-9.9p1-build/openssh-9.9p1/auth-pam.c: scope_hint: In function ‘sshpam_respond’
openssh-9.9p1-build/openssh-9.9p1/auth-pam.c:979:15: warning[-Wanalyzer-malloc-leak]: leak of ‘fake_password(*resp)’
#  977|   		fatal("%s: password length too long: %zu", __func__, l);
#  978|   
#  979|-> 	ret = malloc(l + 1);
#  980|   	if (ret == NULL)
#  981|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def6]
openssh-9.9p1-build/openssh-9.9p1/auth2-chall.c: scope_hint: In function ‘input_userauth_info_response’
openssh-9.9p1-build/openssh-9.9p1/auth2-chall.c:328:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘response’
#  326|   
#  327|   	for (i = 0; i < nresp; i++) {
#  328|-> 		explicit_bzero(response[i], strlen(response[i]));
#  329|   		free(response[i]);
#  330|   	}

Error: CPPCHECK_WARNING (CWE-457): [#def7]
openssh-9.9p1-build/openssh-9.9p1/channels.c:5081: warning[uninitvar]: Uninitialized variable: port
# 5079|   			break;
# 5080|   	}
# 5081|-> 	if (display_number >= x11_max_displays || port < X11_PORT_MIN ) {
# 5082|   		error("Failed to allocate internet-domain X11 display socket.");
# 5083|   		return -1;

Error: COMPILER_WARNING (CWE-195): [#def8]
openssh-9.9p1-build/openssh-9.9p1/channels.c: scope_hint: In function ‘connect_local_xsocket_path’
openssh-9.9p1-build/openssh-9.9p1/channels.c:5128:17: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’
# 5128 |         if (len > sizeof addr.sun_path)
#      |                 ^
# 5126|   	memset(&addr, 0, sizeof(addr));
# 5127|   	addr.sun_family = AF_UNIX;
# 5128|-> 	if (len > sizeof addr.sun_path)
# 5129|   		len = sizeof addr.sun_path;
# 5130|   	memcpy(addr.sun_path, pathname, len);

Error: COMPILER_WARNING: [#def9]
openssh-9.9p1-build/openssh-9.9p1/includes.h:19: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_pam.c:36: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/config.h:1934:9: warning: "SUPERUSER_PATH" redefined
# 1934 | #define SUPERUSER_PATH "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
#      |         ^~~~~~~~~~~~~~
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_pam.c:35: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/defines.h:337:10: note: this is the location of the previous definition
#  337 | # define SUPERUSER_PATH _PATH_STDPATH
#      |          ^~~~~~~~~~~~~~
# 1932|   
# 1933|   /* Define if you want a different $PATH for the superuser */
# 1934|-> #define SUPERUSER_PATH "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
# 1935|   
# 1936|   /* syslog_r function is safe to use in in a signal handler */

Error: COMPILER_WARNING: [#def10]
openssh-9.9p1-build/openssh-9.9p1/includes.h:19: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_pam.c:36: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/config.h:1934:9: warning: ‘SUPERUSER_PATH’ redefined
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_pam.c:35: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/defines.h:337:10: note: this is the location of the previous definition
# 1932|   
# 1933|   /* Define if you want a different $PATH for the superuser */
# 1934|-> #define SUPERUSER_PATH "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
# 1935|   
# 1936|   /* syslog_r function is safe to use in in a signal handler */

Error: COMPILER_WARNING (CWE-563): [#def11]
openssh-9.9p1-build/openssh-9.9p1/contrib/gnome-ssh-askpass3.c:136:21: warning[-Wunused-variable]: unused variable ‘failed’
#  136 |         const char *failed;
#      |                     ^~~~~~
#  134|   passphrase_dialog(char *message, int prompt_type)
#  135|   {
#  136|-> 	const char *failed;
#  137|   	char *passphrase, *local;
#  138|   	int result, grab_tries, grab_server, grab_pointer;

Error: COMPILER_WARNING (CWE-477): [#def12]
openssh-9.9p1-build/openssh-9.9p1/contrib/gnome-ssh-askpass3.c: scope_hint: In function ‘passphrase_dialog’
openssh-9.9p1-build/openssh-9.9p1/contrib/gnome-ssh-askpass3.c:184:17: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_fg’ is deprecated: Use 'gtk_widget_override_color' instead
#  184 |                 gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
#      |                 ^~~~~~~~~~~~~~~~~~~~
/usr/include/gtk-3.0/gtk/gtk.h:277: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/contrib/gnome-ssh-askpass3.c:61: included_from: Included from here.
/usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:749:13: note: declared here
#  749 | void        gtk_widget_modify_fg          (GtkWidget            *widget,
#      |             ^~~~~~~~~~~~~~~~~~~~
#  182|   
#  183|   	if (fg_set)
#  184|-> 		gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
#  185|   	if (bg_set)
#  186|   		gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);

Error: COMPILER_WARNING (CWE-477): [#def13]
openssh-9.9p1-build/openssh-9.9p1/contrib/gnome-ssh-askpass3.c:186:17: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_bg’ is deprecated: Use 'gtk_widget_override_background_color' instead
#  186 |                 gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);
#      |                 ^~~~~~~~~~~~~~~~~~~~
/usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:753:13: note: declared here
#  753 | void        gtk_widget_modify_bg          (GtkWidget            *widget,
#      |             ^~~~~~~~~~~~~~~~~~~~
#  184|   		gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
#  185|   	if (bg_set)
#  186|-> 		gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);
#  187|   
#  188|   	if (prompt_type == PROMPT_ENTRY || prompt_type == PROMPT_NONE) {

Error: COMPILER_WARNING (CWE-477): [#def14]
openssh-9.9p1-build/openssh-9.9p1/contrib/gnome-ssh-askpass3.c:191:25: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_fg’ is deprecated: Use 'gtk_widget_override_color' instead
#  191 |                         gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
#      |                         ^~~~~~~~~~~~~~~~~~~~
/usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:749:13: note: declared here
#  749 | void        gtk_widget_modify_fg          (GtkWidget            *widget,
#      |             ^~~~~~~~~~~~~~~~~~~~
#  189|   		entry = gtk_entry_new();
#  190|   		if (fg_set)
#  191|-> 			gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
#  192|   		if (bg_set)
#  193|   			gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);

Error: COMPILER_WARNING (CWE-477): [#def15]
openssh-9.9p1-build/openssh-9.9p1/contrib/gnome-ssh-askpass3.c:193:25: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_bg’ is deprecated: Use 'gtk_widget_override_background_color' instead
#  193 |                         gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);
#      |                         ^~~~~~~~~~~~~~~~~~~~
/usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:753:13: note: declared here
#  753 | void        gtk_widget_modify_bg          (GtkWidget            *widget,
#      |             ^~~~~~~~~~~~~~~~~~~~
#  191|   			gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
#  192|   		if (bg_set)
#  193|-> 			gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);
#  194|   		gtk_box_pack_start(
#  195|   		    GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),

Error: COMPILER_WARNING (CWE-457): [#def16]
openssh-9.9p1-build/openssh-9.9p1/contrib/gnome-ssh-askpass3.c:243:39: warning[-Wmaybe-uninitialized]: ‘entry’ may be used uninitialized
#  243 |                 passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
#      |                                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
openssh-9.9p1-build/openssh-9.9p1/contrib/gnome-ssh-askpass3.c: scope_hint: In function ‘main’
openssh-9.9p1-build/openssh-9.9p1/contrib/gnome-ssh-askpass3.c:140:45: note: ‘entry’ was declared here
#  140 |         GtkWidget *parent_window, *dialog, *entry, *err;
#      |                                             ^~~~~
#  241|   	/* Report passphrase if user selected OK */
#  242|   	if (prompt_type == PROMPT_ENTRY) {
#  243|-> 		passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
#  244|   		if (result == GTK_RESPONSE_OK) {
#  245|   			local = g_locale_from_utf8(passphrase,

Error: GCC_ANALYZER_WARNING (CWE-688): [#def17]
openssh-9.9p1-build/openssh-9.9p1/contrib/gnome-ssh-askpass3.c:246:29: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
/usr/include/glib-2.0/glib/gstring.h:37: included_from: Included from here.
/usr/include/glib-2.0/glib/giochannel.h:36: included_from: Included from here.
/usr/include/glib-2.0/glib.h:56: included_from: Included from here.
/usr/include/gtk-3.0/gdk/gdkconfig.h:8: included_from: Included from here.
/usr/include/gtk-3.0/gdk/gdk.h:30: included_from: Included from here.
/usr/include/gtk-3.0/gtk/gtk.h:30: included_from: Included from here.
/usr/include/glib-2.0/glib/gstrfuncs.h:324:38: note: in definition of macro ‘g_strdup’
openssh-9.9p1-build/openssh-9.9p1/contrib/gnome-ssh-askpass3.c:243:30: note: in expansion of macro ‘g_strdup’
openssh-9.9p1-build/openssh-9.9p1/contrib/gnome-ssh-askpass3.c: scope_hint: In function ‘passphrase_dialog’
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
#  244|   		if (result == GTK_RESPONSE_OK) {
#  245|   			local = g_locale_from_utf8(passphrase,
#  246|-> 			    strlen(passphrase), NULL, NULL, NULL);
#  247|   			if (local != NULL) {
#  248|   				puts(local);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def18]
openssh-9.9p1-build/openssh-9.9p1/contrib/gnome-ssh-askpass3.c:256:17: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
/usr/include/glib-2.0/glib/gstrfuncs.h:324:38: note: in definition of macro ‘g_strdup’
openssh-9.9p1-build/openssh-9.9p1/contrib/gnome-ssh-askpass3.c:243:30: note: in expansion of macro ‘g_strdup’
openssh-9.9p1-build/openssh-9.9p1/contrib/gnome-ssh-askpass3.c: scope_hint: In function ‘passphrase_dialog’
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
#  254|   		}
#  255|   		/* Zero passphrase in memory */
#  256|-> 		memset(passphrase, '\b', strlen(passphrase));
#  257|   		gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
#  258|   		memset(passphrase, '\0', strlen(passphrase));

Error: COMPILER_WARNING: [#def19]
openssh-9.9p1-build/openssh-9.9p1/gss-genr.c: scope_hint: In function ‘ssh_gssapi_kex_mechs’
openssh-9.9p1-build/openssh-9.9p1/gss-genr.c:172:30: warning[-Wstringop-truncation]: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length
#  172 |                         cp = strncpy(s, kex, strlen(kex));
#      |                              ^
openssh-9.9p1-build/openssh-9.9p1/gss-genr.c:172:30: note: length computed here
#  172 |                         cp = strncpy(s, kex, strlen(kex));
#      |                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  170|   			    ssh_digest_bytes(SSH_DIGEST_MD5) * 2);
#  171|   #pragma GCC diagnostic ignored "-Wstringop-overflow"
#  172|-> 			cp = strncpy(s, kex, strlen(kex));
#  173|   #pragma GCC diagnostic pop
#  174|   			for ((p = strsep(&cp, ",")); p && *p != '\0';

Error: GCC_ANALYZER_WARNING (CWE-457): [#def20]
openssh-9.9p1-build/openssh-9.9p1/kex.c: scope_hint: In function ‘kex_derive_keys’
openssh-9.9p1-build/openssh-9.9p1/kex.c:1304:51: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘keys[<unknown>]’
openssh-9.9p1-build/openssh-9.9p1/kex.c:63: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/kex.c:1155:19: note: in expansion of macro ‘ROUNDUP’
# 1302|   		    (kex->server && mode == MODE_IN);
# 1303|   		kex->newkeys[mode]->enc.iv  = keys[ctos ? 0 : 1];
# 1304|-> 		kex->newkeys[mode]->enc.key = keys[ctos ? 2 : 3];
# 1305|   		kex->newkeys[mode]->mac.key = keys[ctos ? 4 : 5];
# 1306|   	}

Error: GCC_ANALYZER_WARNING (CWE-457): [#def21]
openssh-9.9p1-build/openssh-9.9p1/kexecdh.c: scope_hint: In function ‘kex_ecdh_dec_key_group’
openssh-9.9p1-build/openssh-9.9p1/kexecdh.c:273:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘publen’
#  271|   	BN_clear_free(shared_secret);
#  272|   	freezero(kbuf, klen);
#  273|-> 	freezero(pub, publen);
#  274|   	sshbuf_free(buf);
#  275|   	return r;

Error: COMPILER_WARNING (CWE-195): [#def22]
openssh-9.9p1-build/openssh-9.9p1/kexgssc.c: scope_hint: In function ‘input_kexgssgex_group’
openssh-9.9p1-build/openssh-9.9p1/kexgssc.c:618:28: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘int’ and ‘u_int’ {aka ‘unsigned int’}
#  618 |         if (BN_num_bits(p) < kex->min || BN_num_bits(p) > kex->max)
#      |                            ^
#  616|   		fatal("shpkt_get_bignum2 failed: %s", ssh_err(r));
#  617|   
#  618|-> 	if (BN_num_bits(p) < kex->min || BN_num_bits(p) > kex->max)
#  619|   		fatal("GSSGRP_GEX group out of range: %d !< %d !< %d",
#  620|   		    kex->min, BN_num_bits(p), kex->max);

Error: COMPILER_WARNING (CWE-195): [#def23]
openssh-9.9p1-build/openssh-9.9p1/kexgssc.c:618:57: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘int’ and ‘u_int’ {aka ‘unsigned int’}
#  618 |         if (BN_num_bits(p) < kex->min || BN_num_bits(p) > kex->max)
#      |                                                         ^
#  616|   		fatal("shpkt_get_bignum2 failed: %s", ssh_err(r));
#  617|   
#  618|-> 	if (BN_num_bits(p) < kex->min || BN_num_bits(p) > kex->max)
#  619|   		fatal("GSSGRP_GEX group out of range: %d !< %d !< %d",
#  620|   		    kex->min, BN_num_bits(p), kex->max);

Error: COMPILER_WARNING: [#def24]
openssh-9.9p1-build/openssh-9.9p1/log.c: scope_hint: In function ‘do_log’
openssh-9.9p1-build/openssh-9.9p1/log.c:402:53: warning[-Wformat-truncation=]: ‘: ’ directive output may be truncated writing 2 bytes into a region of size between 1 and 1024
#  402 |                 snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", msgbuf, suffix);
#      |                                                     ^~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output 3 or more bytes (assuming 1026) into a destination of size 1024
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  400|   	}
#  401|   	if (suffix != NULL) {
#  402|-> 		snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", msgbuf, suffix);
#  403|   		strlcpy(msgbuf, fmtbuf, sizeof(msgbuf));
#  404|   	}

Error: COMPILER_WARNING: [#def25]
openssh-9.9p1-build/openssh-9.9p1/log.c: scope_hint: In function ‘do_log’
openssh-9.9p1-build/openssh-9.9p1/log.c:414:58: warning: ‘
#   ’ directive output may be truncated writing 2 bytes into a region of size between 1 and 1024 [-Wformat-truncation=]
#  414 |                 snprintf(msgbuf, sizeof msgbuf, "%s%s%.*s\r\n",
#      |                                                          ^~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 3 and 1026 bytes into a destination of size 1024
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  412|   		log_handler = tmp_handler;
#  413|   	} else if (log_on_stderr) {
#  414|-> 		snprintf(msgbuf, sizeof msgbuf, "%s%s%.*s\r\n",
#  415|   		    (log_on_stderr > 1) ? progname : "",
#  416|   		    (log_on_stderr > 1) ? ": " : "",

Error: COMPILER_WARNING: [#def26]
openssh-9.9p1-build/openssh-9.9p1/misc.c: scope_hint: In function ‘fmt_timeframe’
openssh-9.9p1-build/openssh-9.9p1/misc.c:691:40: warning[-Wformat-truncation=]: ‘%02llu’ directive output may be truncated writing between 2 and 14 bytes into a region of size 9
#  691 |                 snprintf(buf, TF_LEN, "%02lluw%01ud%02uh", week, day, hrs);
#      |                                        ^~~~~~
openssh-9.9p1-build/openssh-9.9p1/misc.c:691:39: note: directive argument in the range [1, 30500568904943]
#  691 |                 snprintf(buf, TF_LEN, "%02lluw%01ud%02uh", week, day, hrs);
#      |                                       ^~~~~~~~~~~~~~~~~~~
openssh-9.9p1-build/openssh-9.9p1/misc.c:691:39: note: directive argument in the range [0, 6]
openssh-9.9p1-build/openssh-9.9p1/misc.c:691:39: note: directive argument in the range [0, 23]
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 9 and 21 bytes into a destination of size 9
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  689|   
#  690|   	if (week > 0)
#  691|-> 		snprintf(buf, TF_LEN, "%02lluw%01ud%02uh", week, day, hrs);
#  692|   	else if (day > 0)
#  693|   		snprintf(buf, TF_LEN, "%01ud%02uh%02um", day, hrs, min);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def27]
openssh-9.9p1-build/openssh-9.9p1/misc.c: scope_hint: In function ‘sanitise_stdfd’
openssh-9.9p1-build/openssh-9.9p1/misc.c:1530:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), dupfd)’
# 1528|   		/* Only populate closed fds. */
# 1529|   		if (fcntl(dupfd, F_GETFL) == -1 && errno == EBADF) {
# 1530|-> 			if (dup2(nullfd, dupfd) == -1) {
# 1531|   				fprintf(stderr, "dup2: %s\n", strerror(errno));
# 1532|   				exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def28]
openssh-9.9p1-build/openssh-9.9p1/misc.c:1530:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
# 1528|   		/* Only populate closed fds. */
# 1529|   		if (fcntl(dupfd, F_GETFL) == -1 && errno == EBADF) {
# 1530|-> 			if (dup2(nullfd, dupfd) == -1) {
# 1531|   				fprintf(stderr, "dup2: %s\n", strerror(errno));
# 1532|   				exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def29]
openssh-9.9p1-build/openssh-9.9p1/misc.c:1536:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
# 1534|   		}
# 1535|   	}
# 1536|-> 	if (nullfd > STDERR_FILENO)
# 1537|   		close(nullfd);
# 1538|   	/* coverity[leaked_handle : FALSE]*/

Error: GCC_ANALYZER_WARNING (CWE-775): [#def30]
openssh-9.9p1-build/openssh-9.9p1/misc.c:1540:1: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dupfd’
# 1538|   	/* coverity[leaked_handle : FALSE]*/
# 1539|   	/* coverity[leaked_handle : FALSE]*/
# 1540|-> }
# 1541|   
# 1542|   char *

Error: GCC_ANALYZER_WARNING (CWE-775): [#def31]
openssh-9.9p1-build/openssh-9.9p1/misc.c: scope_hint: In function ‘stdfd_devnull’
openssh-9.9p1-build/openssh-9.9p1/misc.c:2724:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 0)’
# 2722|   		return -1;
# 2723|   	}
# 2724|-> 	if ((do_stdin && dup2(devnull, STDIN_FILENO) == -1) ||
# 2725|   	    (do_stdout && dup2(devnull, STDOUT_FILENO) == -1) ||
# 2726|   	    (do_stderr && dup2(devnull, STDERR_FILENO) == -1)) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def32]
openssh-9.9p1-build/openssh-9.9p1/misc.c:2725:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 1)’
# 2723|   	}
# 2724|   	if ((do_stdin && dup2(devnull, STDIN_FILENO) == -1) ||
# 2725|-> 	    (do_stdout && dup2(devnull, STDOUT_FILENO) == -1) ||
# 2726|   	    (do_stderr && dup2(devnull, STDERR_FILENO) == -1)) {
# 2727|   		error_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def33]
openssh-9.9p1-build/openssh-9.9p1/misc.c:2726:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 2)’
# 2724|   	if ((do_stdin && dup2(devnull, STDIN_FILENO) == -1) ||
# 2725|   	    (do_stdout && dup2(devnull, STDOUT_FILENO) == -1) ||
# 2726|-> 	    (do_stderr && dup2(devnull, STDERR_FILENO) == -1)) {
# 2727|   		error_f("dup2: %s", strerror(errno));
# 2728|   		ret = -1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def34]
openssh-9.9p1-build/openssh-9.9p1/misc.c:2730:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
# 2728|   		ret = -1;
# 2729|   	}
# 2730|-> 	if (devnull > STDERR_FILENO)
# 2731|   		close(devnull);
# 2732|   	/* coverity[leaked_handle : FALSE]*/

Error: GCC_ANALYZER_WARNING (CWE-401): [#def35]
openssh-9.9p1-build/openssh-9.9p1/misc.c: scope_hint: In function ‘subprocess’
openssh-9.9p1-build/openssh-9.9p1/misc.c:2762:24: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-9.9p1-build/openssh-9.9p1/misc.c:74: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/misc.c:2913:9: note: in expansion of macro ‘debug3_f’
# 2760|   	if (drop_privs != NULL && (pw == NULL || restore_privs == NULL)) {
# 2761|   		error("%s: inconsistent arguments", tag); /* XXX fatal? */
# 2762|-> 		return 0;
# 2763|   	}
# 2764|   	if (pw == NULL && (pw = getpwuid(getuid())) == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def36]
openssh-9.9p1-build/openssh-9.9p1/misc.c:2843:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 0)’
# 2841|   			_exit(1);
# 2842|   		}
# 2843|-> 		if (dup2(devnull, STDIN_FILENO) == -1) {
# 2844|   			error("%s: dup2: %s", tag, strerror(errno));
# 2845|   			_exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def37]
openssh-9.9p1-build/openssh-9.9p1/misc.c:2843:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
# 2841|   			_exit(1);
# 2842|   		}
# 2843|-> 		if (dup2(devnull, STDIN_FILENO) == -1) {
# 2844|   			error("%s: dup2: %s", tag, strerror(errno));
# 2845|   			_exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def38]
openssh-9.9p1-build/openssh-9.9p1/misc.c:2850:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
# 2848|   		/* Set up stdout as requested; leave stderr in place for now. */
# 2849|   		fd = -1;
# 2850|-> 		if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0)
# 2851|   			fd = p[1];
# 2852|   		else if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def39]
openssh-9.9p1-build/openssh-9.9p1/misc.c:2852:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
# 2850|   		if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0)
# 2851|   			fd = p[1];
# 2852|-> 		else if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0)
# 2853|   			fd = devnull;
# 2854|   		if (fd != -1 && dup2(fd, STDOUT_FILENO) == -1) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def40]
openssh-9.9p1-build/openssh-9.9p1/misc.c:2854:30: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(fd, 1)’
# 2852|   		else if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0)
# 2853|   			fd = devnull;
# 2854|-> 		if (fd != -1 && dup2(fd, STDOUT_FILENO) == -1) {
# 2855|   			error("%s: dup2: %s", tag, strerror(errno));
# 2856|   			_exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def41]
openssh-9.9p1-build/openssh-9.9p1/misc.c:2877:66: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(0, 2)’
# 2875|   		}
# 2876|   		/* stdin is pointed to /dev/null at this point */
# 2877|-> 		if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 &&
# 2878|   		    dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
# 2879|   			error("%s: dup2: %s", tag, strerror(errno));

Error: COMPILER_WARNING (CWE-9001): [#def42]
openssh-9.9p1-build/openssh-9.9p1/ssh-keycat.c:57: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/misc.h:156:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  156 |     __attribute__((__bounded__( __minbytes__, 1, 8)));
#      |     ^~~~~~~~~~~~~
#  154|   /* Functions to extract or store big-endian words of various sizes */
#  155|   u_int64_t	get_u64(const void *)
#  156|->     __attribute__((__bounded__( __minbytes__, 1, 8)));
#  157|   u_int32_t	get_u32(const void *)
#  158|       __attribute__((__bounded__( __minbytes__, 1, 4)));

Error: COMPILER_WARNING (CWE-9001): [#def43]
openssh-9.9p1-build/openssh-9.9p1/misc.h:158:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  158 |     __attribute__((__bounded__( __minbytes__, 1, 4)));
#      |     ^~~~~~~~~~~~~
#  156|       __attribute__((__bounded__( __minbytes__, 1, 8)));
#  157|   u_int32_t	get_u32(const void *)
#  158|->     __attribute__((__bounded__( __minbytes__, 1, 4)));
#  159|   u_int16_t	get_u16(const void *)
#  160|       __attribute__((__bounded__( __minbytes__, 1, 2)));

Error: COMPILER_WARNING (CWE-9001): [#def44]
openssh-9.9p1-build/openssh-9.9p1/misc.h:160:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  160 |     __attribute__((__bounded__( __minbytes__, 1, 2)));
#      |     ^~~~~~~~~~~~~
#  158|       __attribute__((__bounded__( __minbytes__, 1, 4)));
#  159|   u_int16_t	get_u16(const void *)
#  160|->     __attribute__((__bounded__( __minbytes__, 1, 2)));
#  161|   void		put_u64(void *, u_int64_t)
#  162|       __attribute__((__bounded__( __minbytes__, 1, 8)));

Error: COMPILER_WARNING (CWE-9001): [#def45]
openssh-9.9p1-build/openssh-9.9p1/misc.h:162:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  162 |     __attribute__((__bounded__( __minbytes__, 1, 8)));
#      |     ^~~~~~~~~~~~~
#  160|       __attribute__((__bounded__( __minbytes__, 1, 2)));
#  161|   void		put_u64(void *, u_int64_t)
#  162|->     __attribute__((__bounded__( __minbytes__, 1, 8)));
#  163|   void		put_u32(void *, u_int32_t)
#  164|       __attribute__((__bounded__( __minbytes__, 1, 4)));

Error: COMPILER_WARNING (CWE-9001): [#def46]
openssh-9.9p1-build/openssh-9.9p1/misc.h:164:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  164 |     __attribute__((__bounded__( __minbytes__, 1, 4)));
#      |     ^~~~~~~~~~~~~
#  162|       __attribute__((__bounded__( __minbytes__, 1, 8)));
#  163|   void		put_u32(void *, u_int32_t)
#  164|->     __attribute__((__bounded__( __minbytes__, 1, 4)));
#  165|   void		put_u16(void *, u_int16_t)
#  166|       __attribute__((__bounded__( __minbytes__, 1, 2)));

Error: COMPILER_WARNING (CWE-9001): [#def47]
openssh-9.9p1-build/openssh-9.9p1/misc.h:166:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  166 |     __attribute__((__bounded__( __minbytes__, 1, 2)));
#      |     ^~~~~~~~~~~~~
#  164|       __attribute__((__bounded__( __minbytes__, 1, 4)));
#  165|   void		put_u16(void *, u_int16_t)
#  166|->     __attribute__((__bounded__( __minbytes__, 1, 2)));
#  167|   
#  168|   /* Little-endian store/load, used by umac.c */

Error: COMPILER_WARNING (CWE-9001): [#def48]
openssh-9.9p1-build/openssh-9.9p1/misc.h:170:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  170 |     __attribute__((__bounded__(__minbytes__, 1, 4)));
#      |     ^~~~~~~~~~~~~
#  168|   /* Little-endian store/load, used by umac.c */
#  169|   u_int32_t	get_u32_le(const void *)
#  170|->     __attribute__((__bounded__(__minbytes__, 1, 4)));
#  171|   void		put_u32_le(void *, u_int32_t)
#  172|       __attribute__((__bounded__(__minbytes__, 1, 4)));

Error: COMPILER_WARNING (CWE-9001): [#def49]
openssh-9.9p1-build/openssh-9.9p1/misc.h:172:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  172 |     __attribute__((__bounded__(__minbytes__, 1, 4)));
#      |     ^~~~~~~~~~~~~
#  170|       __attribute__((__bounded__(__minbytes__, 1, 4)));
#  171|   void		put_u32_le(void *, u_int32_t)
#  172|->     __attribute__((__bounded__(__minbytes__, 1, 4)));
#  173|   
#  174|   struct bwlimit {

Error: COMPILER_WARNING (CWE-704): [#def50]
openssh-9.9p1-build/openssh-9.9p1/monitor.c: scope_hint: In function ‘mm_answer_sign’
openssh-9.9p1-build/openssh-9.9p1/monitor.c:732:39: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  732 |                         effective_alg = safe_rsa;
#      |                                       ^
#  730|   		if (ssh->compat & SSH_RH_RSASIGSHA && strcmp(alg, "ssh-rsa") == 0
#  731|   				&& (sshkey_type_plain(key->type) == KEY_RSA)) {
#  732|-> 			effective_alg = safe_rsa;
#  733|   		} else {
#  734|   			effective_alg = alg;

Error: COMPILER_WARNING (CWE-704): [#def51]
openssh-9.9p1-build/openssh-9.9p1/monitor.c:743:39: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  743 |                         effective_alg = safe_rsa;
#      |                                       ^
#  741|   		if (ssh->compat & SSH_RH_RSASIGSHA && strcmp(alg, "ssh-rsa") == 0
#  742|   				&& (sshkey_type_plain(key->type) == KEY_RSA)) {
#  743|-> 			effective_alg = safe_rsa;
#  744|   		} else {
#  745|   			effective_alg = alg;

Error: COMPILER_WARNING (CWE-195): [#def52]
openssh-9.9p1-build/openssh-9.9p1/monitor.c: scope_hint: In function ‘mm_answer_keyverify’
openssh-9.9p1-build/openssh-9.9p1/monitor.c:1531:18: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘int’ and ‘u_int’ {aka ‘unsigned int’}
# 1531 |         if (type != key_blobtype)
#      |                  ^~
# 1529|   	  !monitor_allowed_key(blob, bloblen))
# 1530|   		fatal_f("bad key, not previously allowed");
# 1531|-> 	if (type != key_blobtype)
# 1532|   		fatal_f("bad key type");
# 1533|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def53]
openssh-9.9p1-build/openssh-9.9p1/monitor.c: scope_hint: In function ‘mm_answer_pty’
openssh-9.9p1-build/openssh-9.9p1/monitor.c:1701:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(*<unknown>.ttyfd, 0)’
# 1699|   
# 1700|   	/* We need to trick ttyslot */
# 1701|-> 	if (dup2(s->ttyfd, 0) == -1)
# 1702|   		fatal_f("dup2");
# 1703|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def54]
openssh-9.9p1-build/openssh-9.9p1/monitor.c:1723:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 0)’
# 1721|   	if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) == -1)
# 1722|   		fatal_f("open(/dev/null): %s", strerror(errno));
# 1723|-> 	if (fd0 != 0)
# 1724|   		error_f("fd0 %d != 0", fd0);
# 1725|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def55]
openssh-9.9p1-build/openssh-9.9p1/monitor_wrap.c: scope_hint: In function ‘mm_pty_allocate’
openssh-9.9p1-build/openssh-9.9p1/monitor_wrap.c:674:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘tmp1’
openssh-9.9p1-build/openssh-9.9p1/monitor_wrap.c:63: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/monitor_wrap.c:671:17: note: in expansion of macro ‘error_f’
#  672|   		if (tmp1 >= 0)
#  673|   			close(tmp1);
#  674|-> 		return 0;
#  675|   	}
#  676|   	close(tmp1);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def56]
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/glob.c: scope_hint: In function ‘globextend’
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/glob.c:835:23: warning[-Wanalyzer-malloc-leak]: leak of ‘pathv’
#  833|   	if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
#  834|   		/* first time around -- clear initial gl_offs items */
#  835|-> 		pathv += pglob->gl_offs;
#  836|   		for (i = pglob->gl_offs; i > 0; i--)
#  837|   			*--pathv = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def57]
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/glob.c:847:31: warning[-Wanalyzer-malloc-leak]: leak of ‘statv’
openssh-9.9p1-build/openssh-9.9p1/includes.h:154: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/glob.c:61: included_from: Included from here.
#  845|   		if (pglob->gl_statv == NULL && pglob->gl_offs > 0) {
#  846|   			/* first time around -- clear initial gl_offs items */
#  847|-> 			statv += pglob->gl_offs;
#  848|   			for (i = pglob->gl_offs; i > 0; i--)
#  849|   				*--statv = NULL;

Error: COMPILER_WARNING (CWE-477): [#def58]
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/port-linux-sshd.c:68:1: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#   66|   /* Send audit message */
#   67|   static int
#   68|-> sshd_selinux_send_audit_message(int success, security_context_t default_context,
#   69|   		       security_context_t selected_context)
#   70|   {

Error: COMPILER_WARNING (CWE-477): [#def59]
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/port-linux-sshd.c:69:24: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#   67|   static int
#   68|   sshd_selinux_send_audit_message(int success, security_context_t default_context,
#   69|-> 		       security_context_t selected_context)
#   70|   {
#   71|   	int rc=0;

Error: COMPILER_WARNING (CWE-477): [#def60]
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/port-linux-sshd.c:115:1: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  113|   
#  114|   static int
#  115|-> mls_range_allowed(security_context_t src, security_context_t dst)
#  116|   {
#  117|   	struct av_decision avd;

Error: COMPILER_WARNING (CWE-477): [#def61]
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/port-linux-sshd.c:142:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  140|   static int
#  141|   get_user_context(const char *sename, const char *role, const char *lvl,
#  142|-> 	security_context_t *sc) {
#  143|   #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
#  144|   	if (lvl == NULL || lvl[0] == '\0' || get_default_context_with_level(sename, lvl, NULL, sc) != 0) {

Error: COMPILER_WARNING (CWE-477): [#def62]
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/port-linux-sshd.c: scope_hint: In function ‘get_user_context’
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/port-linux-sshd.c:180:17: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  178|   		/* verify that the requested range is obtained */
#  179|   		context_t con;
#  180|-> 		security_context_t obtained_raw;
#  181|   		security_context_t requested_raw;
#  182|   		con = context_new(*sc);

Error: COMPILER_WARNING (CWE-477): [#def63]
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/port-linux-sshd.c:181:17: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  179|   		context_t con;
#  180|   		security_context_t obtained_raw;
#  181|-> 		security_context_t requested_raw;
#  182|   		con = context_new(*sc);
#  183|   		if (!con) {

Error: COMPILER_WARNING (CWE-477): [#def64]
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/port-linux-sshd.c: scope_hint: At top level
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/port-linux-sshd.c:240:1: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  238|   /* Return the default security context for the given username */
#  239|   static int
#  240|-> sshd_selinux_getctxbyname(char *pwname, security_context_t *default_sc,
#  241|       security_context_t *user_sc, int inetd, Authctxt *the_authctxt)
#  242|   {

Error: COMPILER_WARNING (CWE-477): [#def65]
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/port-linux-sshd.c:241:5: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  239|   static int
#  240|   sshd_selinux_getctxbyname(char *pwname, security_context_t *default_sc,
#  241|->     security_context_t *user_sc, int inetd, Authctxt *the_authctxt)
#  242|   {
#  243|   	char *sename, *lvl;

Error: COMPILER_WARNING (CWE-477): [#def66]
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/port-linux-sshd.c: scope_hint: In function ‘sshd_selinux_getctxbyname’
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/port-linux-sshd.c:272:25: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  270|   		/* If launched from xinetd, we must use current level */
#  271|   		if (inetd) {
#  272|-> 			security_context_t sshdsc=NULL;
#  273|   
#  274|   			if (getcon_raw(&sshdsc) < 0)

Error: COMPILER_WARNING (CWE-477): [#def67]
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/port-linux-sshd.c:293:33: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  291|   
#  292|   			if (r == 0 && reqlvl != NULL && reqlvl[0]) {
#  293|-> 				security_context_t default_level_sc = *default_sc;
#  294|   				if (role != NULL && role[0]) {
#  295|   					if (get_user_context(sename, role, lvl, &default_level_sc) < 0)

Error: COMPILER_WARNING (CWE-477): [#def68]
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/port-linux-sshd.c: scope_hint: In function ‘sshd_selinux_setup_exec_context’
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/port-linux-sshd.c:386:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  384|       int(pam_setenv)(char *, const char *), void *the_authctxt, int use_pam)
#  385|   {
#  386|-> 	security_context_t user_ctx = NULL;
#  387|   	int r = 0;
#  388|   	security_context_t default_ctx = NULL;

Error: COMPILER_WARNING (CWE-477): [#def69]
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/port-linux-sshd.c:388:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  386|   	security_context_t user_ctx = NULL;
#  387|   	int r = 0;
#  388|-> 	security_context_t default_ctx = NULL;
#  389|   	Authctxt *authctxt = (Authctxt *) the_authctxt;
#  390|   

Error: COMPILER_WARNING (CWE-477): [#def70]
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/port-linux-sshd.c: scope_hint: In function ‘sshd_selinux_copy_context’
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/port-linux-sshd.c:461:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  459|   		return;
#  460|   
#  461|-> 	if (getexeccon((security_context_t *)&ctx) != 0) {
#  462|   		logit_f("getexeccon failed with %s", strerror(errno));
#  463|   		return;

Error: COMPILER_WARNING (CWE-1164): [#def71]
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/port-linux.c:68:1: warning[-Wunused-function]: ‘ssh_selinux_getctxbyname’ defined but not used
#   68 | ssh_selinux_getctxbyname(char *pwname)
#      | ^~~~~~~~~~~~~~~~~~~~~~~~
#   66|   /* Return the default security context for the given username */
#   67|   static char *
#   68|-> ssh_selinux_getctxbyname(char *pwname)
#   69|   {
#   70|   	char *sc = NULL, *sename = NULL, *lvl = NULL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def72]
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/readpassphrase.c: scope_hint: In function ‘readpassphrase’
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/readpassphrase.c:94:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 2)’
#   92|   	 * generate SIGTTOU, so do it *before* installing the signal handlers.
#   93|   	 */
#   94|-> 	if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
#   95|   		memcpy(&term, &oterm, sizeof(term));
#   96|   		if (!(flags & RPP_ECHO_ON))

Error: COMPILER_WARNING: [#def73]
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/vis.c: scope_hint: In function ‘stravis’
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/vis.c:229:23: warning[-Wuse-after-free]: pointer ‘buf_15’ may be used after ‘realloc’
#  229 |                 *outp = buf;
#      |                 ~~~~~~^~~~~
openssh-9.9p1-build/openssh-9.9p1/openbsd-compat/vis.c:227:17: note: call to ‘realloc’ here
#  227 |         *outp = realloc(buf, len + 1);
#      |                 ^~~~~~~~~~~~~~~~~~~~~
#  227|   	*outp = realloc(buf, len + 1);
#  228|   	if (*outp == NULL) {
#  229|-> 		*outp = buf;
#  230|   		errno = serrno;
#  231|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def74]
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:244:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 0)’
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:219:5: note: in expansion of macro ‘debug’
#  242|               _exit(1);
#  243|           }
#  244|->         if(dup2(devnull, STDIN_FILENO) == -1 || dup2(p[1], STDOUT_FILENO) == -1
#  245|              || dup2(devnull, STDERR_FILENO) == -1) {
#  246|               error("%s: dup2: %s", __func__, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def75]
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c: scope_hint: In function ‘pamsshagentauth_user_key_command_allowed2’
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:244:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:49: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:219:5: note: in expansion of macro ‘debug’
#  242|               _exit(1);
#  243|           }
#  244|->         if(dup2(devnull, STDIN_FILENO) == -1 || dup2(p[1], STDOUT_FILENO) == -1
#  245|              || dup2(devnull, STDERR_FILENO) == -1) {
#  246|               error("%s: dup2: %s", __func__, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def76]
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:244:46: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(p[1], 1)’
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:219:5: note: in expansion of macro ‘debug’
#  242|               _exit(1);
#  243|           }
#  244|->         if(dup2(devnull, STDIN_FILENO) == -1 || dup2(p[1], STDOUT_FILENO) == -1
#  245|              || dup2(devnull, STDERR_FILENO) == -1) {
#  246|               error("%s: dup2: %s", __func__, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def77]
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:244:49: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:219:5: note: in expansion of macro ‘debug’
#  242|               _exit(1);
#  243|           }
#  244|->         if(dup2(devnull, STDIN_FILENO) == -1 || dup2(p[1], STDOUT_FILENO) == -1
#  245|              || dup2(devnull, STDERR_FILENO) == -1) {
#  246|               error("%s: dup2: %s", __func__, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def78]
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:245:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 2)’
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:219:5: note: in expansion of macro ‘debug’
#  243|           }
#  244|           if(dup2(devnull, STDIN_FILENO) == -1 || dup2(p[1], STDOUT_FILENO) == -1
#  245|->            || dup2(devnull, STDERR_FILENO) == -1) {
#  246|               error("%s: dup2: %s", __func__, strerror(errno));
#  247|               _exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def79]
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:245:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-9.9p1-build/openssh-9.9p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c:219:5: note: in expansion of macro ‘debug’
#  243|           }
#  244|           if(dup2(devnull, STDIN_FILENO) == -1 || dup2(p[1], STDOUT_FILENO) == -1
#  245|->            || dup2(devnull, STDERR_FILENO) == -1) {
#  246|               error("%s: dup2: %s", __func__, strerror(errno));
#  247|               _exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def80]
openssh-9.9p1-build/openssh-9.9p1/readconf.c: scope_hint: In function ‘read_config_file_depth’
openssh-9.9p1-build/openssh-9.9p1/readconf.c:2543:19: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "r")’
# 2541|   		return 0;
# 2542|   
# 2543|-> 	if (flags & SSHCONF_CHECKPERM) {
# 2544|   		struct stat sb;
# 2545|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def81]
openssh-9.9p1-build/openssh-9.9p1/readconf.c:2543:19: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "r")’
# 2541|   		return 0;
# 2542|   
# 2543|-> 	if (flags & SSHCONF_CHECKPERM) {
# 2544|   		struct stat sb;
# 2545|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def82]
openssh-9.9p1-build/openssh-9.9p1/readpass.c: scope_hint: In function ‘ssh_askpass’
openssh-9.9p1-build/openssh-9.9p1/readpass.c:76:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(p[1], 1)’
#   74|   	if (pid == 0) {
#   75|   		close(p[0]);
#   76|-> 		if (dup2(p[1], STDOUT_FILENO) == -1)
#   77|   			fatal_f("dup2: %s", strerror(errno));
#   78|   		if (env_hint != NULL)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def83]
openssh-9.9p1-build/openssh-9.9p1/regress/misc/sk-dummy/sk-dummy.c: scope_hint: In function ‘sk_enroll’
openssh-9.9p1-build/openssh-9.9p1/regress/misc/sk-dummy/sk-dummy.c:255:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
#  253|   	}
#  254|   	response->flags = flags;
#  255|-> 	switch(alg) {
#  256|   	case SSH_SK_ECDSA:
#  257|   		if (pack_key_ecdsa(response) != 0)

Error: GCC_ANALYZER_WARNING (CWE-415): [#def84]
openssh-9.9p1-build/openssh-9.9p1/regress/misc/sk-dummy/sk-dummy.c:280:17: warning[-Wanalyzer-double-free]: double-‘free’ of ‘*response.public_key’
#  278|    out:
#  279|   	if (response != NULL) {
#  280|-> 		free(response->public_key);
#  281|   		free(response->key_handle);
#  282|   		free(response->signature);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def85]
openssh-9.9p1-build/openssh-9.9p1/regress/misc/sk-dummy/sk-dummy.c: scope_hint: In function ‘sk_sign’
openssh-9.9p1-build/openssh-9.9p1/regress/misc/sk-dummy/sk-dummy.c:523:24: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-9.9p1-build/openssh-9.9p1/regress/misc/sk-dummy/sk-dummy.c:503:9: note: in expansion of macro ‘SHA256Init’
#  521|   	default:
#  522|   		skdebug(__func__, "unsupported key type %d", alg);
#  523|-> 		return -1;
#  524|   	}
#  525|   	*sign_response = response;

Error: COMPILER_WARNING: [#def86]
openssh-9.9p1-build/openssh-9.9p1/scp.c: scope_hint: In function ‘rsource’
openssh-9.9p1-build/openssh-9.9p1/scp.c:1555:56: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 2 and 4095
# 1555 |                 (void) snprintf(path, sizeof path, "%s/%s", name, dp->d_name);
#      |                                                        ^~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 2 and 4350 bytes into a destination of size 4096
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
# 1553|   			continue;
# 1554|   		}
# 1555|-> 		(void) snprintf(path, sizeof path, "%s/%s", name, dp->d_name);
# 1556|   		vect[0] = path;
# 1557|   		source(1, vect);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def87]
openssh-9.9p1-build/openssh-9.9p1/session.c: scope_hint: In function ‘do_exec_no_pty’
openssh-9.9p1-build/openssh-9.9p1/session.c:489:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pin[0], 0)’
openssh-9.9p1-build/openssh-9.9p1/session.c:86: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/session.c:2309:9: note: in expansion of macro ‘debug_f’
openssh-9.9p1-build/openssh-9.9p1/session.c:757:9: note: in expansion of macro ‘verbose’
#  487|   		 */
#  488|   		close(pin[1]);
#  489|-> 		if (dup2(pin[0], 0) == -1)
#  490|   			perror("dup2 stdin");
#  491|   		close(pin[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def88]
openssh-9.9p1-build/openssh-9.9p1/session.c:495:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pout[1], 1)’
openssh-9.9p1-build/openssh-9.9p1/session.c:2309:9: note: in expansion of macro ‘debug_f’
openssh-9.9p1-build/openssh-9.9p1/session.c:757:9: note: in expansion of macro ‘verbose’
#  493|   		/* Redirect stdout. */
#  494|   		close(pout[0]);
#  495|-> 		if (dup2(pout[1], 1) == -1)
#  496|   			perror("dup2 stdout");
#  497|   		close(pout[1]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def89]
openssh-9.9p1-build/openssh-9.9p1/session.c:501:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(perr[1], 2)’
openssh-9.9p1-build/openssh-9.9p1/session.c:2309:9: note: in expansion of macro ‘debug_f’
openssh-9.9p1-build/openssh-9.9p1/session.c:757:9: note: in expansion of macro ‘verbose’
#  499|   		/* Redirect stderr. */
#  500|   		close(perr[0]);
#  501|-> 		if (dup2(perr[1], 2) == -1)
#  502|   			perror("dup2 stderr");
#  503|   		close(perr[1]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def90]
openssh-9.9p1-build/openssh-9.9p1/session.c: scope_hint: In function ‘do_exec_pty’
openssh-9.9p1-build/openssh-9.9p1/session.c:631:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(ttyfd, 0)’
openssh-9.9p1-build/openssh-9.9p1/session.c:2309:9: note: in expansion of macro ‘debug_f’
openssh-9.9p1-build/openssh-9.9p1/session.c:757:9: note: in expansion of macro ‘verbose’
#  629|   
#  630|   		/* Redirect stdin/stdout/stderr from the pseudo tty. */
#  631|-> 		if (dup2(ttyfd, 0) == -1)
#  632|   			error("dup2 stdin: %s", strerror(errno));
#  633|   		if (dup2(ttyfd, 1) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def91]
openssh-9.9p1-build/openssh-9.9p1/session.c:633:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(ttyfd, 1)’
openssh-9.9p1-build/openssh-9.9p1/session.c:2309:9: note: in expansion of macro ‘debug_f’
openssh-9.9p1-build/openssh-9.9p1/session.c:757:9: note: in expansion of macro ‘verbose’
#  631|   		if (dup2(ttyfd, 0) == -1)
#  632|   			error("dup2 stdin: %s", strerror(errno));
#  633|-> 		if (dup2(ttyfd, 1) == -1)
#  634|   			error("dup2 stdout: %s", strerror(errno));
#  635|   		if (dup2(ttyfd, 2) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def92]
openssh-9.9p1-build/openssh-9.9p1/session.c:635:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(ttyfd, 2)’
openssh-9.9p1-build/openssh-9.9p1/session.c:2309:9: note: in expansion of macro ‘debug_f’
openssh-9.9p1-build/openssh-9.9p1/session.c:757:9: note: in expansion of macro ‘verbose’
#  633|   		if (dup2(ttyfd, 1) == -1)
#  634|   			error("dup2 stdout: %s", strerror(errno));
#  635|-> 		if (dup2(ttyfd, 2) == -1)
#  636|   			error("dup2 stderr: %s", strerror(errno));
#  637|   

Error: GCC_ANALYZER_WARNING (CWE-121): [#def93]
openssh-9.9p1-build/openssh-9.9p1/session.c: scope_hint: In function ‘do_child’
openssh-9.9p1-build/openssh-9.9p1/session.c:1770:21: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssh-9.9p1-build/openssh-9.9p1/session.c:2309:9: note: in expansion of macro ‘debug_f’
openssh-9.9p1-build/openssh-9.9p1/session.c:757:9: note: in expansion of macro ‘verbose’
openssh-9.9p1-build/openssh-9.9p1/session.c:1770:21: note: write of 1 byte to beyond the end of ‘argv0’
openssh-9.9p1-build/openssh-9.9p1/session.c:1770:21: note: valid subscripts for ‘argv0’ are ‘[0]’ to ‘[255]’
/usr/include/sys/un.h:38: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/session.c:43: included_from: Included from here.
/usr/include/string.h:506:15: note: parameter 1 of ‘strlcpy’ marked with attribute ‘access (write_only, 1, 3)’
# 1768|   		argv0[0] = '-';
# 1769|   
# 1770|-> 		if (strlcpy(argv0 + 1, shell0, sizeof(argv0) - 1)
# 1771|   		    >= sizeof(argv0) - 1) {
# 1772|   			errno = EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def94]
openssh-9.9p1-build/openssh-9.9p1/sftp-glob.c: scope_hint: In function ‘sftp_glob’
openssh-9.9p1-build/openssh-9.9p1/sftp-glob.c:155:24: warning[-Wanalyzer-malloc-leak]: leak of ‘s’
#  153|   
#  154|   	if ((r = glob(pattern, flags | GLOB_ALTDIRFUNC, errfunc, pglob)) != 0)
#  155|-> 		return r;
#  156|   	/*
#  157|   	 * When both GLOB_NOCHECK and GLOB_MARK are active, a single gl_pathv

Error: CPPCHECK_WARNING (CWE-401): [#def95]
openssh-9.9p1-build/openssh-9.9p1/sftp-glob.c:173: error[memleakOnRealloc]: Common realloc mistake: 's' nulled but not freed upon failure
#  171|   		if (fudge_stat(s, &sb) == 0 && S_ISDIR(sb.st_mode)) {
#  172|   			/* NOCHECK on a directory; annotate */
#  173|-> 			if ((s = realloc(s, l + 2)) != NULL) {
#  174|   				memcpy(s + l, "/", 2);
#  175|   				pglob->gl_pathv[0] = s;

Error: CPPCHECK_WARNING (CWE-401): [#def96]
openssh-9.9p1-build/openssh-9.9p1/sftp-server.c:833: error[memleakOnRealloc]: Common realloc mistake: 'buf' nulled but not freed upon failure
#  831|   	if (len > buflen) {
#  832|   		debug3_f("allocate %zu => %u", buflen, len);
#  833|-> 		if ((buf = realloc(buf, len)) == NULL)
#  834|   			fatal_f("realloc failed");
#  835|   		buflen = len;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def97]
openssh-9.9p1-build/openssh-9.9p1/sftp.c: scope_hint: In function ‘parse_args’
openssh-9.9p1-build/openssh-9.9p1/sftp.c:1497:27: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
openssh-9.9p1-build/openssh-9.9p1/sftp.c:31: included_from: Included from here.
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 1495|   	case I_LLS:
# 1496|   		/* Skip ls command and following whitespace */
# 1497|-> 		cp = cp + strlen(cmd) + strspn(cp, WHITESPACE);
# 1498|   	case I_SHELL:
# 1499|   		/* Uses the rest of the line */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def98]
openssh-9.9p1-build/openssh-9.9p1/sftp.c: scope_hint: In function ‘connect_to_server’
openssh-9.9p1-build/openssh-9.9p1/sftp.c:2387:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(c_out, 0)’
# 2385|   		fatal("fork: %s", strerror(errno));
# 2386|   	else if (sshpid == 0) {
# 2387|-> 		if ((dup2(c_in, STDIN_FILENO) == -1) ||
# 2388|   		    (dup2(c_out, STDOUT_FILENO) == -1)) {
# 2389|   			fprintf(stderr, "dup2: %s\n", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def99]
openssh-9.9p1-build/openssh-9.9p1/sftp.c:2387:54: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(c_out, 1)’
# 2385|   		fatal("fork: %s", strerror(errno));
# 2386|   	else if (sshpid == 0) {
# 2387|-> 		if ((dup2(c_in, STDIN_FILENO) == -1) ||
# 2388|   		    (dup2(c_out, STDOUT_FILENO) == -1)) {
# 2389|   			fprintf(stderr, "dup2: %s\n", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def100]
openssh-9.9p1-build/openssh-9.9p1/sftp.c:2393:17: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘in’
# 2391|   		}
# 2392|   		close(*in);
# 2393|-> 		close(*out);
# 2394|   		close(c_in);
# 2395|   		close(c_out);

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def101]
openssh-9.9p1-build/openssh-9.9p1/sftp.c:2395:17: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘c_out’
# 2393|   		close(*out);
# 2394|   		close(c_in);
# 2395|-> 		close(c_out);
# 2396|   
# 2397|   		/*

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def102]
openssh-9.9p1-build/openssh-9.9p1/sftp.c:2419:9: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘c_out’
# 2417|   	ssh_signal(SIGCHLD, sigchld_handler);
# 2418|   	close(c_in);
# 2419|-> 	close(c_out);
# 2420|   }
# 2421|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def103]
openssh-9.9p1-build/openssh-9.9p1/ssh-add.c: scope_hint: In function ‘add_file’
openssh-9.9p1-build/openssh-9.9p1/ssh-add.c:305:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(filename, 0)’
#  303|   	 * will occur multiple times, so check perms first and bail if wrong.
#  304|   	 */
#  305|-> 	if (fd != STDIN_FILENO) {
#  306|   		if (sshkey_perm_ok(fd, filename) != 0) {
#  307|   			close(fd);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def104]
openssh-9.9p1-build/openssh-9.9p1/ssh-agent.c: scope_hint: In function ‘dup_dest_constraint_hop’
openssh-9.9p1-build/openssh-9.9p1/ssh-agent.c:276:35: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  274|   		    &(out->keys[i]))) != 0)
#  275|   			fatal_fr(r, "copy key");
#  276|-> 		out->key_is_ca[i] = dch->key_is_ca[i];
#  277|   	}
#  278|   }

Error: COMPILER_WARNING: [#def105]
openssh-9.9p1-build/openssh-9.9p1/ssh-keycat.c:39:9: warning: "_GNU_SOURCE" redefined
#   39 | #define _GNU_SOURCE
#      |         ^~~~~~~~~~~
<command-line>: note: this is the location of the previous definition
#   37|   */
#   38|   
#   39|-> #define _GNU_SOURCE
#   40|   
#   41|   #include "config.h"

Error: COMPILER_WARNING: [#def106]
openssh-9.9p1-build/openssh-9.9p1/ssh-keycat.c:39:9: warning: ‘_GNU_SOURCE’ redefined
<command-line>: note: this is the location of the previous definition
#   37|   */
#   38|   
#   39|-> #define _GNU_SOURCE
#   40|   
#   41|   #include "config.h"

Error: COMPILER_WARNING: [#def107]
openssh-9.9p1-build/openssh-9.9p1/ssh-keygen.c: scope_hint: In function ‘do_convert_to’
openssh-9.9p1-build/openssh-9.9p1/ssh-keygen.c:370:41: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 1024 bytes into a region of size 39
#  370 |             "%u-bit %s, converted by %s@%s from OpenSSH",
#      |                                         ^~
#  371 |             sshkey_size(k), sshkey_type(k),
#  372 |             pw->pw_name, hostname);
#      |                          ~~~~~~~~        
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output 36 or more bytes (assuming 1060) into a destination of size 61
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  368|   	/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
#  369|   	snprintf(comment, sizeof(comment),
#  370|-> 	    "%u-bit %s, converted by %s@%s from OpenSSH",
#  371|   	    sshkey_size(k), sshkey_type(k),
#  372|   	    pw->pw_name, hostname);

Error: COMPILER_WARNING: [#def108]
openssh-9.9p1-build/openssh-9.9p1/ssh-keygen.c: scope_hint: In function ‘do_gen_all_hostkeys’
openssh-9.9p1-build/openssh-9.9p1/ssh-keygen.c:1180:55: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 1024 bytes into a region of size 1023
# 1180 |                 snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
#      |                                                       ^~
# 1181 |                     hostname);
#      |                     ~~~~~~~~                           
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output 2 or more bytes (assuming 1026) into a destination of size 1024
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
# 1178|   		if ((r = sshkey_from_private(private, &public)) != 0)
# 1179|   			fatal_fr(r, "sshkey_from_private");
# 1180|-> 		snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
# 1181|   		    hostname);
# 1182|   		if ((r = sshkey_save_private(private, prv_tmp, "",

Error: COMPILER_WARNING: [#def109]
openssh-9.9p1-build/openssh-9.9p1/ssh-keygen.c: scope_hint: In function ‘main’
openssh-9.9p1-build/openssh-9.9p1/ssh-keygen.c:3976:55: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 1024 bytes into a region of size 1023
# 3976 |                 snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname);
#      |                                                       ^~                ~~~~~~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output 2 or more bytes (assuming 1026) into a destination of size 1024
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
# 3974|   	} else {
# 3975|   		/* Create default comment field for the passphrase. */
# 3976|-> 		snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname);
# 3977|   	}
# 3978|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def110]
openssh-9.9p1-build/openssh-9.9p1/ssh-pkcs11-client.c: scope_hint: In function ‘pkcs11_start_helper’
openssh-9.9p1-build/openssh-9.9p1/ssh-pkcs11-client.c:595:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pair[1], 0)’
openssh-9.9p1-build/openssh-9.9p1/ssh-pkcs11-client.c:41: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/ssh-pkcs11-client.c:573:9: note: in expansion of macro ‘debug3_f’
#  593|   		return NULL;
#  594|   	} else if (pid == 0) {
#  595|-> 		if ((dup2(pair[1], STDIN_FILENO) == -1) ||
#  596|   		    (dup2(pair[1], STDOUT_FILENO) == -1)) {
#  597|   			fprintf(stderr, "dup2: %s\n", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def111]
openssh-9.9p1-build/openssh-9.9p1/ssh-pkcs11-client.c:595:57: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pair[1], 1)’
openssh-9.9p1-build/openssh-9.9p1/ssh-pkcs11-client.c:573:9: note: in expansion of macro ‘debug3_f’
#  593|   		return NULL;
#  594|   	} else if (pid == 0) {
#  595|-> 		if ((dup2(pair[1], STDIN_FILENO) == -1) ||
#  596|   		    (dup2(pair[1], STDOUT_FILENO) == -1)) {
#  597|   			fprintf(stderr, "dup2: %s\n", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-688): [#def112]
openssh-9.9p1-build/openssh-9.9p1/ssh-pkcs11.c: scope_hint: In function ‘pkcs11_provider_lookup_module’
openssh-9.9p1-build/openssh-9.9p1/ssh-pkcs11.c:212:22: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘module_path’ where non-null expected
openssh-9.9p1-build/openssh-9.9p1/ssh-pkcs11.c:35: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/ssh-pkcs11.c:210:9: note: in expansion of macro ‘TAILQ_FOREACH’
openssh-9.9p1-build/openssh-9.9p1/ssh-pkcs11.c:46: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/log.h:88:100: note: in definition of macro ‘debug’
openssh-9.9p1-build/openssh-9.9p1/ssh-pkcs11.c:32: included_from: Included from here.
/usr/include/string.h:156:12: note: argument 1 of ‘strcmp’ must be non-null
#  210|   	TAILQ_FOREACH(p, &pkcs11_providers, next) {
#  211|   		debug("check %p %s (%s)", p, p->name, p->module->module_path);
#  212|-> 		if (!strcmp(module_path, p->module->module_path))
#  213|   			return (p->module);
#  214|   	}

Error: COMPILER_WARNING (CWE-1164): [#def113]
openssh-9.9p1-build/openssh-9.9p1/ssh-pkcs11.c:2011:1: warning[-Wunused-function]: ‘pkcs11_register_provider’ defined but not used
# 2011 | pkcs11_register_provider(char *provider_id, char *pin, struct sshkey ***keyp,
#      | ^~~~~~~~~~~~~~~~~~~~~~~~
# 2009|   
# 2010|   static int
# 2011|-> pkcs11_register_provider(char *provider_id, char *pin, struct sshkey ***keyp,
# 2012|       char ***labelsp, struct pkcs11_provider **providerp, CK_ULONG user)
# 2013|   {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def114]
openssh-9.9p1-build/openssh-9.9p1/ssh-sk-client.c: scope_hint: In function ‘start_helper’
openssh-9.9p1-build/openssh-9.9p1/ssh-sk-client.c:87:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pair[1], 0)’
#   85|   	}
#   86|   	if (pid == 0) {
#   87|-> 		if ((dup2(pair[1], STDIN_FILENO) == -1) ||
#   88|   		    (dup2(pair[1], STDOUT_FILENO) == -1)) {
#   89|   			error_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def115]
openssh-9.9p1-build/openssh-9.9p1/ssh-sk-client.c:87:57: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pair[1], 1)’
#   85|   	}
#   86|   	if (pid == 0) {
#   87|-> 		if ((dup2(pair[1], STDIN_FILENO) == -1) ||
#   88|   		    (dup2(pair[1], STDOUT_FILENO) == -1)) {
#   89|   			error_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def116]
openssh-9.9p1-build/openssh-9.9p1/sshbuf-io.c: scope_hint: In function ‘sshbuf_write_file’
openssh-9.9p1-build/openssh-9.9p1/sshbuf-io.c:110:17: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘open(path, 577, 420)’
openssh-9.9p1-build/openssh-9.9p1/includes.h:154: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/sshbuf-io.c:18: included_from: Included from here.
#  108|   	    sshbuf_len(buf)) != sshbuf_len(buf) || close(fd) != 0) {
#  109|   		oerrno = errno;
#  110|-> 		close(fd);
#  111|   		unlink(path);
#  112|   		errno = oerrno;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def117]
openssh-9.9p1-build/openssh-9.9p1/sshconnect.c: scope_hint: In function ‘hostkey_accepted_by_hostkeyalgs’
openssh-9.9p1-build/openssh-9.9p1/sshconnect.c:731:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘key’
openssh-9.9p1-build/openssh-9.9p1/sshconnect.c:59: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/sshconnect.c:1507:17: note: in expansion of macro ‘debug’
#  729|   	const char *hostkeyalgs = options.hostkeyalgorithms;
#  730|   
#  731|-> 	if (key->type == KEY_UNSPEC)
#  732|   		return 0;
#  733|   	if (key->type == KEY_RSA &&

Error: GCC_ANALYZER_WARNING (CWE-775): [#def118]
openssh-9.9p1-build/openssh-9.9p1/sshconnect2.c:2203:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-9.9p1-build/openssh-9.9p1/log.h:102:99: note: in definition of macro ‘error_f’
# 2201|   	if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
# 2202|   		error_f("not installed: %s", strerror(errno));
# 2203|-> 		return -1;
# 2204|   	}
# 2205|   	if (fflush(stdout) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def119]
openssh-9.9p1-build/openssh-9.9p1/sshconnect2.c:2203:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-9.9p1-build/openssh-9.9p1/log.h:102:99: note: in definition of macro ‘error_f’
# 2201|   	if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
# 2202|   		error_f("not installed: %s", strerror(errno));
# 2203|-> 		return -1;
# 2204|   	}
# 2205|   	if (fflush(stdout) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def120]
openssh-9.9p1-build/openssh-9.9p1/sshconnect2.c:2203:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-9.9p1-build/openssh-9.9p1/log.h:102:99: note: in definition of macro ‘error_f’
# 2201|   	if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
# 2202|   		error_f("not installed: %s", strerror(errno));
# 2203|-> 		return -1;
# 2204|   	}
# 2205|   	if (fflush(stdout) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def121]
openssh-9.9p1-build/openssh-9.9p1/sshconnect2.c: scope_hint: In function ‘ssh_keysign’
openssh-9.9p1-build/openssh-9.9p1/sshconnect2.c:2203:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-9.9p1-build/openssh-9.9p1/sshconnect2.c:65: included_from: Included from here.
openssh-9.9p1-build/openssh-9.9p1/log.h:102:99: note: in definition of macro ‘error_f’
# 2201|   	if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
# 2202|   		error_f("not installed: %s", strerror(errno));
# 2203|-> 		return -1;
# 2204|   	}
# 2205|   	if (fflush(stdout) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def122]
openssh-9.9p1-build/openssh-9.9p1/sshconnect2.c:2224:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(from[1], 1)’
# 2222|   	if (pid == 0) {
# 2223|   		close(from[0]);
# 2224|-> 		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2225|   			fatal_f("dup2: %s", strerror(errno));
# 2226|   		close(to[1]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def123]
openssh-9.9p1-build/openssh-9.9p1/sshconnect2.c:2227:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(to[0], 0)’
# 2225|   			fatal_f("dup2: %s", strerror(errno));
# 2226|   		close(to[1]);
# 2227|-> 		if (dup2(to[0], STDIN_FILENO) == -1)
# 2228|   			fatal_f("dup2: %s", strerror(errno));
# 2229|   		close(from[1]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def124]
openssh-9.9p1-build/openssh-9.9p1/sshconnect2.c:2232:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(ssh_packet_get_connection_in(ssh), 3)’
# 2230|   		close(to[0]);
# 2231|   
# 2232|-> 		if (dup2(sock, STDERR_FILENO + 1) == -1)
# 2233|   			fatal_f("dup2: %s", strerror(errno));
# 2234|   		sock = STDERR_FILENO + 1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def125]
openssh-9.9p1-build/openssh-9.9p1/sshd.c: scope_hint: In function ‘main’
openssh-9.9p1-build/openssh-9.9p1/sshd.c:1372:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
# 1370|   		fatal("open %s: %s", _PATH_DEVNULL, strerror(errno));
# 1371|   	while (devnull < REEXEC_MIN_FREE_FD) {
# 1372|-> 		if ((devnull = dup(devnull)) == -1)
# 1373|   			fatal("dup %s: %s", _PATH_DEVNULL, strerror(errno));
# 1374|   	}
Scan Properties

analyzer-version-clippy	1.82.0
analyzer-version-cppcheck	2.16.0
analyzer-version-gcc	14.2.1
analyzer-version-gcc-analyzer	15.0.0
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-105.us-west-2.compute.internal
mock-config	fedora-rawhide-gcc-latest-x86_64
project-name	openssh-9.9p1-5.fc42
store-results-to	/tmp/tmp_5laaykv/openssh-9.9p1-5.fc42.tar.xz
time-created	2024-11-13 02:11:31
time-finished	2024-11-13 02:15:31
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmp_5laaykv/openssh-9.9p1-5.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmp_5laaykv/openssh-9.9p1-5.fc42.src.rpm'
tool-version	csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9