ppp-2.5.1-5.fc43

List of Findings

Error: SHELLCHECK_WARNING: [#def1]
/etc/ppp/ip-down.ipv6to4:35:9: warning[SC3004]: In POSIX sh, $".." is undefined.
#   33|   
#   34|   if [ -z "$1" ]; then
#   35|->   	echo $"Argument 1 is empty but should contain interface name - skip IPv6to4 initialization"
#   36|   	exit 1
#   37|   fi

Error: SHELLCHECK_WARNING (CWE-252): [#def2]
/etc/ppp/ip-down.ipv6to4:43:1: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
#   41|   
#   42|   # Source IPv4 helper functions
#   43|-> cd /etc/sysconfig/network-scripts
#   44|   . ./network-functions
#   45|   

Error: SHELLCHECK_WARNING (CWE-477): [#def3]
/etc/ppp/ip-down.ipv6to4:66:14: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
#   64|   # Test status of ppp device
#   65|   ipv6_test_device_status $DEVICE
#   66|-> if [ $? != 0 -a $? != 11 ]; then
#   67|           # device doesn't exist or other problem occurs
#   68|           exit 1

Error: SHELLCHECK_WARNING (CWE-477): [#def4]
/etc/ppp/ip-down.ipv6to4:73:13: warning[SC2166]: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined.
#   71|   # Test status of tun6to4 device
#   72|   ipv6_test_device_status tun6to4
#   73|-> if [ $? = 0 -o $? = 11 ]; then
#   74|   	# Device exists
#   75|   	valid6to4config="yes"

Error: SHELLCHECK_WARNING: [#def5]
/etc/ppp/ip-up.ipv6to4:41:7: warning[SC3004]: In POSIX sh, $".." is undefined.
#   39|   
#   40|   if [ -z "$1" ]; then
#   41|-> 	echo $"Argument 1 is empty but should contain interface name - skip IPv6to4 initialization"
#   42|   	exit 1
#   43|   fi

Error: SHELLCHECK_WARNING (CWE-252): [#def6]
/etc/ppp/ip-up.ipv6to4:49:1: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
#   47|   
#   48|   # Source IPv4 helper functions
#   49|-> cd /etc/sysconfig/network-scripts
#   50|   . ./network-functions
#   51|   

Error: SHELLCHECK_WARNING: [#def7]
/etc/ppp/ip-up.ipv6to4:87:26: warning[SC3004]: In POSIX sh, $".." is undefined.
#   85|   		# Test for non-global IPv4 address
#   86|   		if ! ipv6_test_ipv4_addr_global_usable $ipv4addr; then
#   87|->                 	net_log $"Given IPv4 address '$ipv4addr' is not globally usable" info
#   88|   			valid6to4config="no"
#   89|   		fi

Error: SHELLCHECK_WARNING: [#def8]
/etc/ppp/ip-up.ipv6to4:91:11: warning[SC3004]: In POSIX sh, $".." is undefined.
#   89|   		fi
#   90|   	else
#   91|-> 		net_log $"IPv6to4 configuration needs an IPv4 address on related interface or otherwise specified" info
#   92|   		valid6to4config="no"
#   93|   	fi

Error: SHELLCHECK_WARNING: [#def9]
/etc/ppp/ip-up.ipv6to4:118:14: warning[SC3007]: In POSIX sh, $[..] in place of $((..)) is undefined.
#  116|   		if [ -n "$ipv4mtu" ]; then
#  117|   			# IPv6 tunnel MTU is IPv4 MTU minus 20 for IPv4 header
#  118|-> 			tunnelmtu=$[ $ipv4mtu - 20 ]
#  119|   		fi
#  120|   

Error: SHELLCHECK_WARNING: [#def10]
/etc/ppp/ip-up.ipv6to4:123:13: warning[SC3004]: In POSIX sh, $".." is undefined.
#  121|   		if [ -n "$IPV6TO4_MTU" ]; then
#  122|   			if [ $IPV6TO4_MTU -gt $tunnelmtu ]; then
#  123|-> 				net_log $"Warning: configured MTU '$IPV6TO4_MTU' for 6to4 exceeds maximum limit of '$tunnelmtu', ignored" warning
#  124|   			else
#  125|   				tunnelmtu=$IPV6TO4_MTU

Error: SHELLCHECK_WARNING: [#def11]
/etc/ppp/ip-up.ipv6to4:138:13: warning[SC3004]: In POSIX sh, $".." is undefined.
#  136|   		if [ "$IPV6_DEFAULTDEV" = "tun6to4" ]; then
#  137|   			if [ -n "$IPV6_DEFAULTGW" ]; then
#  138|-> 				net_log $"Warning: interface 'tun6to4' does not support 'IPV6_DEFAULTGW', ignored" warning
#  139|   			fi
#  140|   			ipv6_set_default_route $ipv6to4_relay tun6to4

Error: SHELLCHECK_WARNING (CWE-563): [#def12]
/etc/ppp/ip-up.ipv6to4:145:79: warning[SC2034]: device appears unused. Verify use (or export if used externally).
#  143|   		# Add static routes
#  144|   		if [ -f /etc/sysconfig/static-routes-ipv6 ]; then
#  145|-> 			LC_ALL=C grep -w "^tun6to4" /etc/sysconfig/static-routes-ipv6 | while read device network gateway; do
#  146|   				if [ -z "$network" ]; then
#  147|   					continue

Error: SHELLCHECK_WARNING: [#def13]
/etc/ppp/ip-up.ipv6to4:186:14: warning[SC3004]: In POSIX sh, $".." is undefined.
#  184|   					done
#  185|   				else
#  186|-> 					net_log $"Error occurred while calculating the IPv6to4 prefix"
#  187|   				fi
#  188|   			else

Error: SHELLCHECK_WARNING: [#def14]
/etc/ppp/ip-up.ipv6to4:189:13: warning[SC3004]: In POSIX sh, $".." is undefined.
#  187|   				fi
#  188|   			else
#  189|-> 				net_log $"radvd control enabled, but config is not complete"
#  190|   			fi
#  191|   		fi

Error: SHELLCHECK_WARNING (CWE-252): [#def15]
/etc/ppp/ipv6-down.initscripts:36:1: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
#   34|   . /etc/sysconfig/network
#   35|   
#   36|-> cd /etc/sysconfig/network-scripts
#   37|   . ./network-functions
#   38|   . ./network-functions-ipv6

Error: SHELLCHECK_WARNING: [#def16]
/etc/ppp/ipv6-down.initscripts:45:1: warning[SC3010]: In POSIX sh, [[ ]] is undefined.
#   43|   
#   44|   # Test whether IPv6 configuration is disabled for this interface
#   45|-> [[ "$IPV6INIT" = [nN0]* ]] && exit 0
#   46|   
#   47|   [ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] || exit 1

Error: SHELLCHECK_WARNING (CWE-477): [#def17]
/etc/ppp/ipv6-down.initscripts:55:14: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
#   53|   # Test device status
#   54|   ipv6_test_device_status $REALDEVICE
#   55|-> if [ $? != 0 -a $? != 11 ]; then
#   56|   	# device doesn't exist or other problem occurs
#   57|   	exit 1

Error: SHELLCHECK_WARNING (CWE-563): [#def18]
/etc/ppp/ipv6-down.initscripts:84:80: warning[SC2034]: device appears unused. Verify use (or export if used externally).
#   82|   # Setup additional static IPv6 routes on specified interface, if given
#   83|   if [ -f /etc/sysconfig/static-routes-ipv6 ]; then
#   84|-> 	LC_ALL=C grep -w "^$LOGDEVICE" /etc/sysconfig/static-routes-ipv6 | while read device args; do
#   85|   		ipv6_add_route $args $REALDEVICE
#   86|   	done

Error: SHELLCHECK_WARNING (CWE-252): [#def19]
/etc/ppp/ipv6-up.initscripts:30:1: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
#   28|   . /etc/sysconfig/network
#   29|   
#   30|-> cd /etc/sysconfig/network-scripts
#   31|   . ./network-functions
#   32|   

Error: SHELLCHECK_WARNING (CWE-477): [#def20]
/etc/ppp/ipv6-up.initscripts:50:14: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
#   48|   # Test device status
#   49|   ipv6_test_device_status $REALDEVICE
#   50|-> if [ $? != 0 -a $? != 11 ]; then
#   51|   	# device doesn't exist or other problem occurs
#   52|   	exit 1

Error: COMPILER_WARNING (CWE-563): [#def21]
ppp-ppp-2.5.1/chat/chat.c: scope_hint: In function ‘main’
ppp-ppp-2.5.1/chat/chat.c:154:63: warning[-Wunused-value]: value computed is not used
#  154 | #define OPTION(c,v)     (_O&2&&**v?*(*v)++:!c||_O&4?0:(!(_O&1)&& \
#      |                                                               ^~
ppp-ppp-2.5.1/chat/chat.c:291:22: note: in expansion of macro ‘OPTION’
#  291 |     while ((option = OPTION(argc, argv)) != 0) {
#      |                      ^~~~~~
#  152|   
#  153|   /*************** Micro getopt() *********************************************/
#  154|-> #define	OPTION(c,v)	(_O&2&&**v?*(*v)++:!c||_O&4?0:(!(_O&1)&& \
#  155|   				(--c,++v),_O=4,c&&**v=='-'&&v[0][1]?*++*v=='-'\
#  156|   				&&!v[0][1]?(--c,++v,0):(_O=2,*(*v)++):0))

Error: CPPCHECK_WARNING (CWE-476): [#def22]
ppp-ppp-2.5.1/chat/chat.c:254: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ans
#  252|   	fatal(2, "memory error!");
#  253|   
#  254|->     memcpy (ans, b, c);
#  255|       return ans;
#  256|   }

Error: CPPCHECK_WARNING (CWE-476): [#def23]
ppp-ppp-2.5.1/chat/chat.c:421: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: cfp
#  419|       sendflg = 0;
#  420|   
#  421|->     while (fgets(buf, STR_LEN, cfp) != NULL) {
#  422|   	sp = strchr (buf, '\n');
#  423|   	if (sp)

Error: COMPILER_WARNING (CWE-563): [#def24]
ppp-ppp-2.5.1/chat/chat.c: scope_hint: In function ‘sigalrm’
ppp-ppp-2.5.1/chat/chat.c:528:9: warning[-Wunused-variable]: unused variable ‘flags’
#  528 |     int flags;
#      |         ^~~~~
#  526|   SIGTYPE sigalrm(int signo)
#  527|   {
#  528|->     int flags;
#  529|   
#  530|       alarm(1);

Error: CPPCHECK_WARNING (CWE-476): [#def25]
ppp-ppp-2.5.1/chat/chat.c:1183: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: f
# 1181|   		fatal(1, "%s -- open failed: %m", fn);
# 1182|   	    while (n < STR_LEN - 1) {
# 1183|-> 		int nr = fread(&file_data[n], 1, STR_LEN - 1 - n, f);
# 1184|   		if (nr < 0)
# 1185|   		    fatal(1, "%s -- read error", fn);

Error: CPPCHECK_WARNING (CWE-476): [#def26]
ppp-ppp-2.5.1/chat/chat.c:1190: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: f
# 1188|   		n += nr;
# 1189|   	    }
# 1190|-> 	    fclose(f);
# 1191|   
# 1192|   	    /* use the string we got as the string to send,

Error: GCC_ANALYZER_WARNING (CWE-685): [#def27]
ppp-ppp-2.5.1/chat/chat.c:1624:13: warning[-Wanalyzer-va-list-exhausted]: ‘args’ has no more arguments (0 consumed)
ppp-ppp-2.5.1/chat/chat.c:908:6: enter_function: entry to ‘chat_expect’
ppp-ppp-2.5.1/chat/chat.c:923:8: branch_false: following ‘false’ branch (when the strings are non-equal)...
ppp-ppp-2.5.1/chat/chat.c:928:9: branch_false: ...to here
ppp-ppp-2.5.1/chat/chat.c:928:8: branch_false: following ‘false’ branch (when the strings are non-equal)...
ppp-ppp-2.5.1/chat/chat.c:933:9: branch_false: ...to here
ppp-ppp-2.5.1/chat/chat.c:933:8: branch_false: following ‘false’ branch (when the strings are non-equal)...
ppp-ppp-2.5.1/chat/chat.c:938:9: branch_false: ...to here
ppp-ppp-2.5.1/chat/chat.c:938:8: branch_false: following ‘false’ branch (when the strings are non-equal)...
ppp-ppp-2.5.1/chat/chat.c:943:9: branch_false: ...to here
ppp-ppp-2.5.1/chat/chat.c:943:8: branch_false: following ‘false’ branch (when the strings are non-equal)...
ppp-ppp-2.5.1/chat/chat.c:948:9: branch_false: ...to here
ppp-ppp-2.5.1/chat/chat.c:948:8: branch_false: following ‘false’ branch (when the strings are non-equal)...
 branch_false: ...to here
ppp-ppp-2.5.1/chat/chat.c:957:18: call_function: calling ‘expect_strtok’ from ‘chat_expect’
ppp-ppp-2.5.1/chat/chat.c:957:18: return_function: returning to ‘chat_expect’ from ‘expect_strtok’
ppp-ppp-2.5.1/chat/chat.c:960:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/chat/chat.c:963:17: branch_false: ...to here
ppp-ppp-2.5.1/chat/chat.c:963:17: call_function: calling ‘expect_strtok’ from ‘chat_expect’
ppp-ppp-2.5.1/chat/chat.c:963:17: return_function: returning to ‘chat_expect’ from ‘expect_strtok’
ppp-ppp-2.5.1/chat/chat.c:968:13: call_function: calling ‘get_string’ from ‘chat_expect’
# 1622|   	}
# 1623|   	if (c == '*') {
# 1624|-> 	    width = va_arg(args, int);
# 1625|   	    c = *++fmt;
# 1626|   	} else {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def28]
ppp-ppp-2.5.1/contrib/pppgetpass/pppgetpass.vt.c:36:3: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/console", 2)’
ppp-ppp-2.5.1/contrib/pppgetpass/pppgetpass.vt.c:30:11: acquire_resource: opened here
ppp-ppp-2.5.1/contrib/pppgetpass/pppgetpass.vt.c:36:3: danger: ‘open("/dev/console", 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   34|     seteuid(uid);
#   35|   
#   36|->   openlog(argv[0], LOG_PID, LOG_DAEMON);
#   37|   
#   38|     if(argc!=4) {

Error: GCC_ANALYZER_WARNING: [#def29]
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:247:5: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘open("/dev/null", 0)’
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:121:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:124:16: branch_false: ...to here
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:125:8: branch_false: following ‘false’ branch (when ‘childpid != -1’)...
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:128:8: branch_false: ...to here
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:128:8: branch_false: following ‘false’ branch (when ‘childpid == 0’)...
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:240:5: branch_false: ...to here
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:246:10: acquire_resource: opened here
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:247:5: danger: ‘open("/dev/null", 0)’ could be invalid: unchecked value from [(8)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/7)
#  245|       /* Redirect stdio to /dev/null. */
#  246|       fd = open("/dev/null", O_RDONLY);
#  247|->     dup2(fd, STDIN_FILENO);
#  248|       close(fd);
#  249|   

Error: GCC_ANALYZER_WARNING: [#def30]
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:251:5: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘open("/dev/null", 1)’
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:121:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:124:16: branch_false: ...to here
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:125:8: branch_false: following ‘false’ branch (when ‘childpid != -1’)...
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:128:8: branch_false: ...to here
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:128:8: branch_false: following ‘false’ branch (when ‘childpid == 0’)...
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:240:5: branch_false: ...to here
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:250:10: acquire_resource: opened here
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:251:5: danger: ‘open("/dev/null", 1)’ could be invalid: unchecked value from [(8)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/7)
#  249|   
#  250|       fd = open("/dev/null", O_WRONLY);
#  251|->     dup2(fd, STDOUT_FILENO);
#  252|       dup2(fd, STDERR_FILENO);
#  253|       close(fd);

Error: GCC_ANALYZER_WARNING: [#def31]
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:252:5: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘open("/dev/null", 1)’
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:121:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:124:16: branch_false: ...to here
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:125:8: branch_false: following ‘false’ branch (when ‘childpid != -1’)...
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:128:8: branch_false: ...to here
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:128:8: branch_false: following ‘false’ branch (when ‘childpid == 0’)...
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:240:5: branch_false: ...to here
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:250:10: acquire_resource: opened here
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:252:5: danger: ‘open("/dev/null", 1)’ could be invalid: unchecked value from [(8)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/7)
#  250|       fd = open("/dev/null", O_WRONLY);
#  251|       dup2(fd, STDOUT_FILENO);
#  252|->     dup2(fd, STDERR_FILENO);
#  253|       close(fd);
#  254|   

Error: COMPILER_WARNING (CWE-252): [#def32]
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c: scope_hint: In function ‘doPidFile’
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:302:17: warning[-Wunused-result]: ignoring return value of ‘fscanf’ declared with attribute ‘warn_unused_result’
#  302 |                 fscanf(f, "%d", &pid);
#      |                 ^~~~~~~~~~~~~~~~~~~~~
#  300|   
#  301|   		pid = 0;
#  302|-> 	        fscanf(f, "%d", &pid);
#  303|   	        fclose(f);
#  304|   

Error: COMPILER_WARNING (CWE-252): [#def33]
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c: scope_hint: In function ‘relay_exitcode’
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:378:5: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  378 |     write(pipeArray[1], &exitCode, 1);
#      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  376|       unsigned char exitCode;
#  377|       exitCode = code;
#  378|->     write(pipeArray[1], &exitCode, 1);
#  379|       close(pipeArray[1]);
#  380|   }

Error: COMPILER_WARNING (CWE-252): [#def34]
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c: scope_hint: In function ‘hangup’
ppp-ppp-2.5.1/ppp-watch/ppp-watch.c:544:13: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  544 |             write(fd, "\r", 1); /* tickle modems that do not like dropped DTR */
#      |             ^~~~~~~~~~~~~~~~~~
#  542|           if (tcgetattr(fd, &ts) != -1) {
#  543|               original_ts = ts;
#  544|->             write(fd, "\r", 1); /* tickle modems that do not like dropped DTR */
#  545|               usleep(1000);
#  546|               cfsetospeed(&ts, B0);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def35]
ppp-ppp-2.5.1/ppp-watch/shvar.c:361:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘f’ where non-null expected
ppp-ppp-2.5.1/ppp-watch/shvar.c:351:8: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/ppp-watch/shvar.c:352:13: branch_true: ...to here
ppp-ppp-2.5.1/ppp-watch/shvar.c:354:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/ppp-watch/shvar.c:356:13: branch_false: ...to here
ppp-ppp-2.5.1/ppp-watch/shvar.c:356:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/ppp-watch/shvar.c:359:17: branch_false: ...to here
ppp-ppp-2.5.1/ppp-watch/shvar.c:360:13: acquire_memory: this call could return NULL
ppp-ppp-2.5.1/ppp-watch/shvar.c:361:9: danger: argument 1 (‘f’) from [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6) could be NULL where non-null expected
#  359|   	tmpfd = dup(s->fd);
#  360|   	f = fdopen(tmpfd, "w");
#  361|-> 	fseek(f, 0, SEEK_SET);
#  362|   	for (s->current = s->lineList; s->current; s->current = s->current->next) {
#  363|   	    char *line = s->current->data;

Error: CPPCHECK_WARNING (CWE-476): [#def36]
ppp-ppp-2.5.1/pppd/auth.c:532: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: fname
#  530|   	return 0;
#  531|       }
#  532|->     ufile = fopen(fname, "r");
#  533|       if (seteuid(euid) == -1)
#  534|   	fatal("unable to regain privileges: %m");

Error: CPPCHECK_WARNING (CWE-682): [#def37]
ppp-ppp-2.5.1/pppd/auth.c:613: error[nullPointerArithmeticOutOfMemory]: If memory allocation fail: pointer addition with NULL pointer.
#  611|       if (wp == NULL)
#  612|   	novm("allow-ip argument");
#  613|->     wp->word = (char *) (wp + 1);
#  614|       wp->next = noauth_addrs;
#  615|       BCOPY(addr, wp->word, l);

Error: CPPCHECK_WARNING (CWE-476): [#def38]
ppp-ppp-2.5.1/pppd/auth.c:613: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: wp
#  611|       if (wp == NULL)
#  612|   	novm("allow-ip argument");
#  613|->     wp->word = (char *) (wp + 1);
#  614|       wp->next = noauth_addrs;
#  615|       BCOPY(addr, wp->word, l);

Error: CPPCHECK_WARNING (CWE-476): [#def39]
ppp-ppp-2.5.1/pppd/auth.c:614: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: wp
#  612|   	novm("allow-ip argument");
#  613|       wp->word = (char *) (wp + 1);
#  614|->     wp->next = noauth_addrs;
#  615|       BCOPY(addr, wp->word, l);
#  616|       noauth_addrs = wp;

Error: CPPCHECK_WARNING (CWE-476): [#def40]
ppp-ppp-2.5.1/pppd/auth.c:615: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: wp
#  613|       wp->word = (char *) (wp + 1);
#  614|       wp->next = noauth_addrs;
#  615|->     BCOPY(addr, wp->word, l);
#  616|       noauth_addrs = wp;
#  617|       return 1;

Error: CPPCHECK_WARNING (CWE-682): [#def41]
ppp-ppp-2.5.1/pppd/auth.c:634: error[nullPointerArithmeticOutOfMemory]: If memory allocation fail: pointer addition with NULL pointer.
#  632|       if (wp == NULL)
#  633|   	novm("allow-number argument");
#  634|->     wp->word = (char *) (wp + 1);
#  635|       wp->next = permitted_numbers;
#  636|       BCOPY(number, wp->word, l);

Error: CPPCHECK_WARNING (CWE-476): [#def42]
ppp-ppp-2.5.1/pppd/auth.c:634: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: wp
#  632|       if (wp == NULL)
#  633|   	novm("allow-number argument");
#  634|->     wp->word = (char *) (wp + 1);
#  635|       wp->next = permitted_numbers;
#  636|       BCOPY(number, wp->word, l);

Error: CPPCHECK_WARNING (CWE-476): [#def43]
ppp-ppp-2.5.1/pppd/auth.c:635: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: wp
#  633|   	novm("allow-number argument");
#  634|       wp->word = (char *) (wp + 1);
#  635|->     wp->next = permitted_numbers;
#  636|       BCOPY(number, wp->word, l);
#  637|       permitted_numbers = wp;

Error: CPPCHECK_WARNING (CWE-476): [#def44]
ppp-ppp-2.5.1/pppd/auth.c:636: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: wp
#  634|       wp->word = (char *) (wp + 1);
#  635|       wp->next = permitted_numbers;
#  636|->     BCOPY(number, wp->word, l);
#  637|       permitted_numbers = wp;
#  638|       return 1;

Error: CPPCHECK_WARNING (CWE-682): [#def45]
ppp-ppp-2.5.1/pppd/auth.c:2338: error[nullPointerArithmeticOutOfMemory]: If memory allocation fail: pointer addition with NULL pointer.
# 2336|   	    if (ap == NULL)
# 2337|   		novm("authorized addresses");
# 2338|-> 	    ap->word = (char *) (ap + 1);
# 2339|   	    strcpy(ap->word, word);
# 2340|   	    *app = ap;

Error: CPPCHECK_WARNING (CWE-476): [#def46]
ppp-ppp-2.5.1/pppd/auth.c:2338: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ap
# 2336|   	    if (ap == NULL)
# 2337|   		novm("authorized addresses");
# 2338|-> 	    ap->word = (char *) (ap + 1);
# 2339|   	    strcpy(ap->word, word);
# 2340|   	    *app = ap;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def47]
ppp-ppp-2.5.1/pppd/auth.c:2338:13: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ap’
ppp-ppp-2.5.1/pppd/auth.c:2241:8: branch_false: following ‘false’ branch (when ‘addrs’ is NULL)...
ppp-ppp-2.5.1/pppd/auth.c:2243:8: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2243:8: branch_false: following ‘false’ branch (when ‘opts’ is NULL)...
ppp-ppp-2.5.1/pppd/auth.c:2245:5: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2246:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2248:5: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2254:16: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2256:13: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2256:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2263:12: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2273:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2275:13: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2275:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2277:14: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2287:12: branch_false: following ‘false’ branch (when ‘got_flag > best_flag’)...
ppp-ppp-2.5.1/pppd/auth.c:2293:14: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2293:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2295:13: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2295:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2302:12: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2332:16: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2335:21: acquire_memory: allocated here
ppp-ppp-2.5.1/pppd/auth.c:2336:16: release_memory: assuming ‘ap’ is NULL
ppp-ppp-2.5.1/pppd/auth.c:2336:16: branch_true: following ‘true’ branch (when ‘ap’ is NULL)...
ppp-ppp-2.5.1/pppd/auth.c:2337:17: branch_true: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2338:13: danger: dereference of NULL ‘ap’
# 2336|   	    if (ap == NULL)
# 2337|   		novm("authorized addresses");
# 2338|-> 	    ap->word = (char *) (ap + 1);
# 2339|   	    strcpy(ap->word, word);
# 2340|   	    *app = ap;

Error: CPPCHECK_WARNING (CWE-476): [#def48]
ppp-ppp-2.5.1/pppd/auth.c:2339: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ap
# 2337|   		novm("authorized addresses");
# 2338|   	    ap->word = (char *) (ap + 1);
# 2339|-> 	    strcpy(ap->word, word);
# 2340|   	    *app = ap;
# 2341|   	    app = &ap->next;

Error: CPPCHECK_WARNING (CWE-682): [#def49]
ppp-ppp-2.5.1/pppd/auth.c:2676: error[nullPointerArithmeticOutOfMemory]: If memory allocation fail: pointer addition with NULL pointer.
# 2674|   	    if (ap == NULL)
# 2675|   		novm("authorized addresses");
# 2676|-> 	    ap->word = (char *) (ap + 1);
# 2677|   	    strcpy(ap->word, word);
# 2678|   	    *app = ap;

Error: CPPCHECK_WARNING (CWE-476): [#def50]
ppp-ppp-2.5.1/pppd/auth.c:2676: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ap
# 2674|   	    if (ap == NULL)
# 2675|   		novm("authorized addresses");
# 2676|-> 	    ap->word = (char *) (ap + 1);
# 2677|   	    strcpy(ap->word, word);
# 2678|   	    *app = ap;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def51]
ppp-ppp-2.5.1/pppd/auth.c:2676:13: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ap’
ppp-ppp-2.5.1/pppd/auth.c:2574:8: branch_false: following ‘false’ branch (when ‘addrs’ is NULL)...
ppp-ppp-2.5.1/pppd/auth.c:2576:8: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2576:8: branch_false: following ‘false’ branch (when ‘opts’ is NULL)...
ppp-ppp-2.5.1/pppd/auth.c:2578:5: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2579:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2581:5: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2587:16: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2588:13: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2588:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2595:12: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2605:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2607:13: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2607:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2609:14: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2619:12: branch_false: following ‘false’ branch (when ‘got_flag > best_flag’)...
ppp-ppp-2.5.1/pppd/auth.c:2625:14: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2625:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2627:13: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2627:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2629:13: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2637:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2639:13: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2639:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2641:13: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2649:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2651:13: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2651:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2653:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2658:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2660:13: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2660:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2662:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2670:16: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/auth.c:2673:17: acquire_memory: allocated here
ppp-ppp-2.5.1/pppd/auth.c:2674:16: release_memory: assuming ‘ap’ is NULL
ppp-ppp-2.5.1/pppd/auth.c:2674:16: branch_true: following ‘true’ branch (when ‘ap’ is NULL)...
ppp-ppp-2.5.1/pppd/auth.c:2675:17: branch_true: ...to here
ppp-ppp-2.5.1/pppd/auth.c:2676:13: danger: dereference of NULL ‘ap’
# 2674|   	    if (ap == NULL)
# 2675|   		novm("authorized addresses");
# 2676|-> 	    ap->word = (char *) (ap + 1);
# 2677|   	    strcpy(ap->word, word);
# 2678|   	    *app = ap;

Error: CPPCHECK_WARNING (CWE-476): [#def52]
ppp-ppp-2.5.1/pppd/auth.c:2677: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ap
# 2675|   		novm("authorized addresses");
# 2676|   	    ap->word = (char *) (ap + 1);
# 2677|-> 	    strcpy(ap->word, word);
# 2678|   	    *app = ap;
# 2679|   	    app = &ap->next;

Error: COMPILER_WARNING (CWE-563): [#def53]
ppp-ppp-2.5.1/pppd/cbcp.c: scope_hint: In function ‘cbcp_printpkt’
ppp-ppp-2.5.1/pppd/cbcp.c:270:21: warning[-Wunused-but-set-variable]: variable ‘addrt’ set but not used
#  270 |                 int addrt;
#      |                     ^~~~~
#  268|   
#  269|   	    if (olen > 3) {
#  270|-> 	        int addrt;
#  271|   		char str[256];
#  272|   

Error: COMPILER_WARNING (CWE-563): [#def54]
ppp-ppp-2.5.1/pppd/cbcp.c:298:27: warning[-Wunused-but-set-variable]: variable ‘delay’ set but not used
#  298 |     u_char type, opt_len, delay, addr_type;
#      |                           ^~~~~
#  296|   cbcp_recvreq(cbcp_state *us, u_char *pckt, int pcktlen)
#  297|   {
#  298|->     u_char type, opt_len, delay, addr_type;
#  299|       char address[256];
#  300|       int len = pcktlen;

Error: COMPILER_WARNING (CWE-563): [#def55]
ppp-ppp-2.5.1/pppd/cbcp.c: scope_hint: In function ‘cbcp_recvreq’
ppp-ppp-2.5.1/pppd/cbcp.c:298:34: warning[-Wunused-but-set-variable]: variable ‘addr_type’ set but not used
#  298 |     u_char type, opt_len, delay, addr_type;
#      |                                  ^~~~~~~~~
#  296|   cbcp_recvreq(cbcp_state *us, u_char *pckt, int pcktlen)
#  297|   {
#  298|->     u_char type, opt_len, delay, addr_type;
#  299|       char address[256];
#  300|       int len = pcktlen;

Error: COMPILER_WARNING (CWE-563): [#def56]
ppp-ppp-2.5.1/pppd/cbcp.c:431:18: warning[-Wunused-but-set-variable]: variable ‘delay’ set but not used
#  431 |     u_char type, delay, addr_type;
#      |                  ^~~~~
#  429|   cbcp_recvack(cbcp_state *us, u_char *pckt, int len)
#  430|   {
#  431|->     u_char type, delay, addr_type;
#  432|       int opt_len;
#  433|       char address[256];

Error: COMPILER_WARNING (CWE-563): [#def57]
ppp-ppp-2.5.1/pppd/cbcp.c: scope_hint: In function ‘cbcp_recvack’
ppp-ppp-2.5.1/pppd/cbcp.c:431:25: warning[-Wunused-but-set-variable]: variable ‘addr_type’ set but not used
#  431 |     u_char type, delay, addr_type;
#      |                         ^~~~~~~~~
#  429|   cbcp_recvack(cbcp_state *us, u_char *pckt, int len)
#  430|   {
#  431|->     u_char type, delay, addr_type;
#  432|       int opt_len;
#  433|       char address[256];

Error: COMPILER_WARNING (CWE-681): [#def58]
ppp-ppp-2.5.1/pppd/chap-md5.c: scope_hint: In function ‘chap_md5_make_response’
ppp-ppp-2.5.1/pppd/chap-md5.c:127:88: warning[-Wpointer-sign]: pointer targets in passing argument 3 of ‘PPP_DigestFinal’ differ in signedness
#  127 |                                                 if (PPP_DigestFinal(ctx, &response[1], &hash_len)) {
#      |                                                                                        ^~~~~~~~~
#      |                                                                                        |
#      |                                                                                        int *
ppp-ppp-2.5.1/pppd/chap-md5.c:43: included_from: Included from here.
ppp-ppp-2.5.1/pppd/crypto.h:96:43: note: expected ‘unsigned int *’ but argument is of type ‘int *’
#   96 |         unsigned char *out, unsigned int *outlen);
#      |                             ~~~~~~~~~~~~~~^~~~~~
#  125|   					if (PPP_DigestUpdate(ctx, challenge, challenge_len)) {
#  126|   
#  127|-> 						if (PPP_DigestFinal(ctx, &response[1], &hash_len)) {
#  128|   
#  129|   							response[0] = hash_len;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def59]
ppp-ppp-2.5.1/pppd/chap.c:431:57: warning[-Wanalyzer-null-argument]: use of NULL ‘name’ where non-null expected
ppp-ppp-2.5.1/pppd/chap.c:347:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/chap.c:349:19: branch_false: ...to here
ppp-ppp-2.5.1/pppd/chap.c:349:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/chap.c:351:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/chap.c:391:20: branch_false: ...to here
ppp-ppp-2.5.1/pppd/chap.c:391:19: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/chap.c:396:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/chap.c:407:12: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/chap.c:408:27: branch_true: ...to here
ppp-ppp-2.5.1/pppd/chap.c:425:20: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/chap.c:428:29: branch_false: ...to here
ppp-ppp-2.5.1/pppd/chap.c:428:28: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/chap.c:431:57: branch_true: ...to here
ppp-ppp-2.5.1/pppd/chap.c:431:57: danger: argument 1 (‘name’) NULL where non-null expected
#argument 1 of ‘__builtin_strlen’ must be non-null
#  429|   				auth_peer_success(0, PPP_CHAP,
#  430|   						  ss->digest->code,
#  431|-> 						  name, strlen(name));
#  432|   			if (chap_rechallenge_time) {
#  433|   				ss->flags |= TIMEOUT_PENDING;

Error: COMPILER_WARNING (CWE-563): [#def60]
ppp-ppp-2.5.1/pppd/chap_ms.c: scope_hint: In function ‘ChallengeResponse’
ppp-ppp-2.5.1/pppd/chap_ms.c:513:21: warning[-Wunused-variable]: unused variable ‘ctx’
#  513 |     PPP_CIPHER_CTX *ctx;
#      |                     ^~~
#  511|   {
#  512|       u_char ZPasswordHash[24];
#  513|->     PPP_CIPHER_CTX *ctx;
#  514|   
#  515|       BZERO(ZPasswordHash, sizeof(ZPasswordHash));

Error: COMPILER_WARNING (CWE-681): [#def61]
ppp-ppp-2.5.1/pppd/chap_ms.c: scope_hint: In function ‘ChallengeHash’
ppp-ppp-2.5.1/pppd/chap_ms.c:562:56: warning[-Wpointer-sign]: pointer targets in passing argument 3 of ‘PPP_DigestFinal’ differ in signedness
#  562 |                         if (PPP_DigestFinal(ctx, hash, &hash_len)) {
#      |                                                        ^~~~~~~~~
#      |                                                        |
#      |                                                        int *
ppp-ppp-2.5.1/pppd/chap_ms.c:102: included_from: Included from here.
ppp-ppp-2.5.1/pppd/crypto.h:96:43: note: expected ‘unsigned int *’ but argument is of type ‘int *’
#   96 |         unsigned char *out, unsigned int *outlen);
#      |                             ~~~~~~~~~~~~~~^~~~~~
#  560|                           
#  561|                           hash_len = SHA_DIGEST_LENGTH;
#  562|->                         if (PPP_DigestFinal(ctx, hash, &hash_len)) {
#  563|   
#  564|                               BCOPY(hash, Challenge, 8);

Error: COMPILER_WARNING (CWE-681): [#def62]
ppp-ppp-2.5.1/pppd/chap_ms.c: scope_hint: In function ‘NTPasswordHash’
ppp-ppp-2.5.1/pppd/chap_ms.c:603:44: warning[-Wpointer-sign]: pointer targets in passing argument 3 of ‘PPP_DigestFinal’ differ in signedness
#  603 |                 PPP_DigestFinal(ctx, hash, &hash_len);
#      |                                            ^~~~~~~~~
#      |                                            |
#      |                                            int *
ppp-ppp-2.5.1/pppd/crypto.h:96:43: note: expected ‘unsigned int *’ but argument is of type ‘int *’
#   96 |         unsigned char *out, unsigned int *outlen);
#      |                             ~~~~~~~~~~~~~~^~~~~~
#  601|   
#  602|                   int hash_len = MD4_DIGEST_LENGTH;
#  603|->                 PPP_DigestFinal(ctx, hash, &hash_len);
#  604|               }
#  605|           }

Error: COMPILER_WARNING (CWE-681): [#def63]
ppp-ppp-2.5.1/pppd/chap_ms.c: scope_hint: In function ‘GenerateAuthenticatorResponse’
ppp-ppp-2.5.1/pppd/chap_ms.c:706:54: warning[-Wpointer-sign]: pointer targets in passing argument 3 of ‘PPP_DigestFinal’ differ in signedness
#  706 |                         PPP_DigestFinal(ctx, Digest, &hash_len);
#      |                                                      ^~~~~~~~~
#      |                                                      |
#      |                                                      int *
ppp-ppp-2.5.1/pppd/crypto.h:96:43: note: expected ‘unsigned int *’ but argument is of type ‘int *’
#   96 |         unsigned char *out, unsigned int *outlen);
#      |                             ~~~~~~~~~~~~~~^~~~~~
#  704|                           
#  705|                           hash_len = sizeof(Digest);
#  706|->                         PPP_DigestFinal(ctx, Digest, &hash_len);
#  707|                       }
#  708|                   }

Error: COMPILER_WARNING (CWE-681): [#def64]
ppp-ppp-2.5.1/pppd/chap_ms.c:728:54: warning[-Wpointer-sign]: pointer targets in passing argument 3 of ‘PPP_DigestFinal’ differ in signedness
#  728 |                         PPP_DigestFinal(ctx, Digest, &hash_len);
#      |                                                      ^~~~~~~~~
#      |                                                      |
#      |                                                      int *
ppp-ppp-2.5.1/pppd/crypto.h:96:43: note: expected ‘unsigned int *’ but argument is of type ‘int *’
#   96 |         unsigned char *out, unsigned int *outlen);
#      |                             ~~~~~~~~~~~~~~^~~~~~
#  726|                           
#  727|                           hash_len = sizeof(Digest);
#  728|->                         PPP_DigestFinal(ctx, Digest, &hash_len);
#  729|                       }
#  730|                   }

Error: COMPILER_WARNING: [#def65]
ppp-ppp-2.5.1/pppd/chap_ms.c: scope_hint: At top level
ppp-ppp-2.5.1/pppd/chap_ms.c:842:16: warning[-Warray-parameter=]: argument 7 of type ‘u_char[]’ {aka ‘unsigned char[]’} with mismatched bound
#  842 |         u_char authResponse[], int authenticator)
#      |         ~~~~~~~^~~~~~~~~~~~~~
ppp-ppp-2.5.1/pppd/chap_ms.c:99: included_from: Included from here.
ppp-ppp-2.5.1/pppd/chap_ms.h:83:25: note: previously declared as ‘u_char[41]’ {aka ‘unsigned char[41]’}
#   83 |               u_char *, u_char[MS_AUTH_RESPONSE_LENGTH+1], int);
#      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  840|   ChapMS2(unsigned char *rchallenge, unsigned char *PeerChallenge,
#  841|   	char *user, char *secret, int secret_len, unsigned char *response,
#  842|-> 	u_char authResponse[], int authenticator)
#  843|   {
#  844|       /* ARGSUSED */

Error: COMPILER_WARNING (CWE-681): [#def66]
ppp-ppp-2.5.1/pppd/crypto_ms.c: scope_hint: In function ‘DesEncrypt’
ppp-ppp-2.5.1/pppd/crypto_ms.c:139:47: warning[-Wpointer-sign]: pointer targets in passing argument 3 of ‘PPP_CipherUpdate’ differ in signedness
#  139 |             if (PPP_CipherUpdate(ctx, cipher, &clen, clear, 8)) {
#      |                                               ^~~~~
#      |                                               |
#      |                                               unsigned int *
ppp-ppp-2.5.1/pppd/crypto_ms.c:41: included_from: Included from here.
ppp-ppp-2.5.1/pppd/crypto.h:140:34: note: expected ‘int *’ but argument is of type ‘unsigned int *’
#  140 |         unsigned char *out, int *outl,
#      |                             ~~~~~^~~~
#  137|           if (PPP_CipherInit(ctx, PPP_des_ecb(), des_key, NULL, 1)) {
#  138|   
#  139|->             if (PPP_CipherUpdate(ctx, cipher, &clen, clear, 8)) {
#  140|   
#  141|                   if (PPP_CipherFinal(ctx, cipher + clen, &clen)) {

Error: COMPILER_WARNING (CWE-681): [#def67]
ppp-ppp-2.5.1/pppd/crypto_ms.c:141:57: warning[-Wpointer-sign]: pointer targets in passing argument 3 of ‘PPP_CipherFinal’ differ in signedness
#  141 |                 if (PPP_CipherFinal(ctx, cipher + clen, &clen)) {
#      |                                                         ^~~~~
#      |                                                         |
#      |                                                         unsigned int *
ppp-ppp-2.5.1/pppd/crypto.h:147:34: note: expected ‘int *’ but argument is of type ‘unsigned int *’
#  147 |         unsigned char *out, int *outl);
#      |                             ~~~~~^~~~
#  139|               if (PPP_CipherUpdate(ctx, cipher, &clen, clear, 8)) {
#  140|   
#  141|->                 if (PPP_CipherFinal(ctx, cipher + clen, &clen)) {
#  142|   
#  143|                       retval = 1;

Error: COMPILER_WARNING (CWE-681): [#def68]
ppp-ppp-2.5.1/pppd/crypto_ms.c: scope_hint: In function ‘DesDecrypt’
ppp-ppp-2.5.1/pppd/crypto_ms.c:168:46: warning[-Wpointer-sign]: pointer targets in passing argument 3 of ‘PPP_CipherUpdate’ differ in signedness
#  168 |             if (PPP_CipherUpdate(ctx, clear, &clen, cipher, 8)) {
#      |                                              ^~~~~
#      |                                              |
#      |                                              unsigned int *
ppp-ppp-2.5.1/pppd/crypto.h:140:34: note: expected ‘int *’ but argument is of type ‘unsigned int *’
#  140 |         unsigned char *out, int *outl,
#      |                             ~~~~~^~~~
#  166|           if (PPP_CipherInit(ctx, PPP_des_ecb(), des_key, NULL, 0)) {
#  167|   
#  168|->             if (PPP_CipherUpdate(ctx, clear, &clen, cipher, 8)) {
#  169|   
#  170|                   if (PPP_CipherFinal(ctx, clear + clen, &clen)) {

Error: COMPILER_WARNING (CWE-681): [#def69]
ppp-ppp-2.5.1/pppd/crypto_ms.c:170:56: warning[-Wpointer-sign]: pointer targets in passing argument 3 of ‘PPP_CipherFinal’ differ in signedness
#  170 |                 if (PPP_CipherFinal(ctx, clear + clen, &clen)) {
#      |                                                        ^~~~~
#      |                                                        |
#      |                                                        unsigned int *
ppp-ppp-2.5.1/pppd/crypto.h:147:34: note: expected ‘int *’ but argument is of type ‘unsigned int *’
#  147 |         unsigned char *out, int *outl);
#      |                             ~~~~~^~~~
#  168|               if (PPP_CipherUpdate(ctx, clear, &clen, cipher, 8)) {
#  169|   
#  170|->                 if (PPP_CipherFinal(ctx, clear + clen, &clen)) {
#  171|   
#  172|                       retval = 1;

Error: COMPILER_WARNING (CWE-563): [#def70]
ppp-ppp-2.5.1/pppd/eap-tls.c: scope_hint: In function ‘eaptls_gen_mppe_keys’
ppp-ppp-2.5.1/pppd/eap-tls.c:102:20: warning[-Wunused-variable]: unused variable ‘p’
#  102 |     unsigned char *p;
#      |                    ^
#  100|       unsigned char *context = NULL;
#  101|       size_t         context_len = 0;
#  102|->     unsigned char *p;
#  103|   
#  104|       dbglog("EAP-TLS generating MPPE keys");

Error: COMPILER_WARNING (CWE-563): [#def71]
ppp-ppp-2.5.1/pppd/eap-tls.c: scope_hint: In function ‘eaptls_init_ssl’
ppp-ppp-2.5.1/pppd/eap-tls.c:273:18: warning[-Wunused-variable]: unused variable ‘reason’
#  273 |     int          reason;
#      |                  ^~~~~~
#  271|       BIO         *input;
#  272|       int          ret;
#  273|->     int          reason;
#  274|   
#  275|       /*

Error: CPPCHECK_WARNING (CWE-476): [#def72]
ppp-ppp-2.5.1/pppd/eap-tls.c:741: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ets
#  739|           fatal("Allocation error");
#  740|       ets = esp->es_client.ea_session;
#  741|->     ets->mtu = eaptls_get_mtu(esp->es_unit);
#  742|   
#  743|       dbglog( "calling get_eaptls_secret" );

Error: COMPILER_WARNING (CWE-681): [#def73]
ppp-ppp-2.5.1/pppd/eap.c: scope_hint: In function ‘eap_request’
ppp-ppp-2.5.1/pppd/eap.c:1820:90: warning[-Wpointer-sign]: pointer targets in passing argument 3 of ‘PPP_DigestFinal’ differ in signedness
# 1820 |                                                         if (PPP_DigestFinal(mdctx, hash, &hashlen)) {
#      |                                                                                          ^~~~~~~~
#      |                                                                                          |
#      |                                                                                          int *
ppp-ppp-2.5.1/pppd/eap.c:69: included_from: Included from here.
ppp-ppp-2.5.1/pppd/crypto.h:96:43: note: expected ‘unsigned int *’ but argument is of type ‘int *’
#   96 |         unsigned char *out, unsigned int *outlen);
#      |                             ~~~~~~~~~~~~~~^~~~~~
# 1818|   						BZERO(secret, sizeof(secret));
# 1819|   						if (PPP_DigestUpdate(mdctx, inp, vallen)) {
# 1820|-> 							if (PPP_DigestFinal(mdctx, hash, &hashlen)) {
# 1821|   								eap_chap_response(esp, id, hash, esp->es_client.ea_name,
# 1822|   										esp->es_client.ea_namelen);

Error: GCC_ANALYZER_WARNING (CWE-122): [#def74]
ppp-ppp-2.5.1/pppd/eap.c:2392:17: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
ppp-ppp-2.5.1/pppd/eap.c:2927:1: enter_function: entry to ‘eap_input’
ppp-ppp-2.5.1/pppd/eap.c:2937:12: branch_false: following ‘false’ branch (when ‘inlen > 3’)...
ppp-ppp-2.5.1/pppd/eap.c:2941:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/eap.c:2944:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/eap.c:2949:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/eap.c:2958:17: call_function: calling ‘eap_response’ from ‘eap_input’
# 2390|   		}
# 2391|   		BCOPY(inp, esp->es_server.ea_peer, len);
# 2392|-> 		esp->es_server.ea_peer[len] = '\0';
# 2393|   		esp->es_server.ea_peerlen = len;
# 2394|   		eap_figure_next_state(esp, 0);

Error: COMPILER_WARNING (CWE-681): [#def75]
ppp-ppp-2.5.1/pppd/eap.c: scope_hint: In function ‘eap_response’
ppp-ppp-2.5.1/pppd/eap.c:2583:90: warning[-Wpointer-sign]: pointer targets in passing argument 3 of ‘PPP_DigestFinal’ differ in signedness
# 2583 |                                                         if (PPP_DigestFinal(mdctx, hash, &hashlen)) {
#      |                                                                                          ^~~~~~~~
#      |                                                                                          |
#      |                                                                                          int *
ppp-ppp-2.5.1/pppd/crypto.h:96:43: note: expected ‘unsigned int *’ but argument is of type ‘int *’
#   96 |         unsigned char *out, unsigned int *outlen);
#      |                             ~~~~~~~~~~~~~~^~~~~~
# 2581|   						if (PPP_DigestUpdate(mdctx, esp->es_challenge, esp->es_challen)) {
# 2582|   
# 2583|-> 							if (PPP_DigestFinal(mdctx, hash, &hashlen)) {
# 2584|   
# 2585|   								if (BCMP(hash, inp, MD5_DIGEST_LENGTH) == 0) {

Error: COMPILER_WARNING (CWE-563): [#def76]
ppp-ppp-2.5.1/pppd/eap.c: scope_hint: In function ‘eap_printpkt’
ppp-ppp-2.5.1/pppd/eap.c:2999:19: warning[-Wunused-variable]: unused variable ‘uval’
# 2999 |         u_int32_t uval;
#      |                   ^~~~
# 2997|   	int code, id, len, rtype, vallen;
# 2998|   	u_char *pstart;
# 2999|-> 	u_int32_t uval;
# 3000|   #ifdef PPP_WITH_EAPTLS
# 3001|   	u_char flags;

Error: COMPILER_WARNING (CWE-1023): [#def77]
ppp-ppp-2.5.1/pppd/main.c:1258:5: warning[-Wswitch]: enumeration value ‘PHASE_AUTHENTICATE’ not handled in switch
# 1256|   new_phase(ppp_phase_t p)
# 1257|   {
# 1258|->     switch (p) {
# 1259|       case PHASE_NETWORK:
# 1260|   	if (phase <= PHASE_NETWORK) {

Error: COMPILER_WARNING (CWE-1023): [#def78]
ppp-ppp-2.5.1/pppd/main.c:1258:5: warning[-Wswitch]: enumeration value ‘PHASE_CALLBACK’ not handled in switch
# 1256|   new_phase(ppp_phase_t p)
# 1257|   {
# 1258|->     switch (p) {
# 1259|       case PHASE_NETWORK:
# 1260|   	if (phase <= PHASE_NETWORK) {

Error: COMPILER_WARNING (CWE-1023): [#def79]
ppp-ppp-2.5.1/pppd/main.c: scope_hint: In function ‘new_phase’
ppp-ppp-2.5.1/pppd/main.c:1258:5: warning[-Wswitch]: enumeration value ‘PHASE_DEAD’ not handled in switch
# 1258 |     switch (p) {
#      |     ^~~~~~
# 1256|   new_phase(ppp_phase_t p)
# 1257|   {
# 1258|->     switch (p) {
# 1259|       case PHASE_NETWORK:
# 1260|   	if (phase <= PHASE_NETWORK) {

Error: COMPILER_WARNING (CWE-1023): [#def80]
ppp-ppp-2.5.1/pppd/main.c:1258:5: warning[-Wswitch]: enumeration value ‘PHASE_DORMANT’ not handled in switch
# 1256|   new_phase(ppp_phase_t p)
# 1257|   {
# 1258|->     switch (p) {
# 1259|       case PHASE_NETWORK:
# 1260|   	if (phase <= PHASE_NETWORK) {

Error: COMPILER_WARNING (CWE-1023): [#def81]
ppp-ppp-2.5.1/pppd/main.c:1258:5: warning[-Wswitch]: enumeration value ‘PHASE_ESTABLISH’ not handled in switch
# 1256|   new_phase(ppp_phase_t p)
# 1257|   {
# 1258|->     switch (p) {
# 1259|       case PHASE_NETWORK:
# 1260|   	if (phase <= PHASE_NETWORK) {

Error: COMPILER_WARNING (CWE-1023): [#def82]
ppp-ppp-2.5.1/pppd/main.c:1258:5: warning[-Wswitch]: enumeration value ‘PHASE_HOLDOFF’ not handled in switch
# 1256|   new_phase(ppp_phase_t p)
# 1257|   {
# 1258|->     switch (p) {
# 1259|       case PHASE_NETWORK:
# 1260|   	if (phase <= PHASE_NETWORK) {

Error: COMPILER_WARNING (CWE-1023): [#def83]
ppp-ppp-2.5.1/pppd/main.c:1258:5: warning[-Wswitch]: enumeration value ‘PHASE_INITIALIZE’ not handled in switch
# 1256|   new_phase(ppp_phase_t p)
# 1257|   {
# 1258|->     switch (p) {
# 1259|       case PHASE_NETWORK:
# 1260|   	if (phase <= PHASE_NETWORK) {

Error: COMPILER_WARNING (CWE-1023): [#def84]
ppp-ppp-2.5.1/pppd/main.c:1258:5: warning[-Wswitch]: enumeration value ‘PHASE_MASTER’ not handled in switch
# 1256|   new_phase(ppp_phase_t p)
# 1257|   {
# 1258|->     switch (p) {
# 1259|       case PHASE_NETWORK:
# 1260|   	if (phase <= PHASE_NETWORK) {

Error: COMPILER_WARNING (CWE-1023): [#def85]
ppp-ppp-2.5.1/pppd/main.c:1258:5: warning[-Wswitch]: enumeration value ‘PHASE_RUNNING’ not handled in switch
# 1256|   new_phase(ppp_phase_t p)
# 1257|   {
# 1258|->     switch (p) {
# 1259|       case PHASE_NETWORK:
# 1260|   	if (phase <= PHASE_NETWORK) {

Error: COMPILER_WARNING (CWE-1023): [#def86]
ppp-ppp-2.5.1/pppd/main.c:1258:5: warning[-Wswitch]: enumeration value ‘PHASE_SERIALCONN’ not handled in switch
# 1256|   new_phase(ppp_phase_t p)
# 1257|   {
# 1258|->     switch (p) {
# 1259|       case PHASE_NETWORK:
# 1260|   	if (phase <= PHASE_NETWORK) {

Error: COMPILER_WARNING (CWE-1023): [#def87]
ppp-ppp-2.5.1/pppd/main.c:1258:5: warning[-Wswitch]: enumeration value ‘PHASE_TERMINATE’ not handled in switch
# 1256|   new_phase(ppp_phase_t p)
# 1257|   {
# 1258|->     switch (p) {
# 1259|       case PHASE_NETWORK:
# 1260|   	if (phase <= PHASE_NETWORK) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def88]
ppp-ppp-2.5.1/pppd/main.c:1415:5: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘newp’
ppp-ppp-2.5.1/pppd/main.c:1413:36: acquire_memory: allocated here
ppp-ppp-2.5.1/pppd/main.c:1413:8: release_memory: assuming ‘newp’ is NULL
ppp-ppp-2.5.1/pppd/main.c:1413:8: branch_true: following ‘true’ branch (when ‘newp’ is NULL)...
ppp-ppp-2.5.1/pppd/main.c:1414:9: branch_true: ...to here
ppp-ppp-2.5.1/pppd/main.c:1415:5: danger: dereference of NULL ‘newp’
# 1413|       if ((newp = (struct callout *) malloc(sizeof(struct callout))) == NULL)
# 1414|   	fatal("Out of memory in timeout()!");
# 1415|->     newp->c_arg = arg;
# 1416|       newp->c_func = func;
# 1417|       ppp_get_time(&timenow);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def89]
ppp-ppp-2.5.1/pppd/main.c:1698:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘infd’
ppp-ppp-2.5.1/pppd/main.c:1693:12: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/main.c:1694:29: branch_true: ...to here
ppp-ppp-2.5.1/pppd/main.c:1696:12: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
ppp-ppp-2.5.1/pppd/main.c:1700:12: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1700:12: branch_false: following ‘false’ branch (when ‘pid == 0’)...
ppp-ppp-2.5.1/pppd/main.c:1710:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1717:12: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/main.c:1718:24: branch_true: ...to here
ppp-ppp-2.5.1/pppd/main.c:1718:24: acquire_resource: opened here
ppp-ppp-2.5.1/pppd/main.c:1721:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/main.c:1724:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1742:12: branch_false: following ‘false’ branch (when ‘infd == 0’)...
ppp-ppp-2.5.1/pppd/main.c:1744:12: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1744:12: branch_false: following ‘false’ branch (when ‘outfd == 1’)...
ppp-ppp-2.5.1/pppd/main.c:1746:12: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1746:12: branch_false: following ‘false’ branch (when ‘errfd == 2’)...
ppp-ppp-2.5.1/pppd/main.c:1749:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1698:24: danger: ‘infd’ leaks here; was opened at [(10)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/9)
# 1696|   	if (pid < 0) {
# 1697|   		error("fork failed: %m");
# 1698|-> 		return -1;
# 1699|   	}
# 1700|   	if (pid > 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def90]
ppp-ppp-2.5.1/pppd/main.c:1698:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘outfd’
ppp-ppp-2.5.1/pppd/main.c:1693:12: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/main.c:1694:29: branch_true: ...to here
ppp-ppp-2.5.1/pppd/main.c:1696:12: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
ppp-ppp-2.5.1/pppd/main.c:1700:12: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1700:12: branch_false: following ‘false’ branch (when ‘pid == 0’)...
ppp-ppp-2.5.1/pppd/main.c:1710:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1719:12: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/main.c:1720:25: branch_true: ...to here
ppp-ppp-2.5.1/pppd/main.c:1720:25: acquire_resource: opened here
ppp-ppp-2.5.1/pppd/main.c:1721:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/main.c:1724:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1742:12: branch_false: following ‘false’ branch (when ‘infd == 0’)...
ppp-ppp-2.5.1/pppd/main.c:1744:12: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1744:12: branch_false: following ‘false’ branch (when ‘outfd == 1’)...
ppp-ppp-2.5.1/pppd/main.c:1746:12: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1746:12: branch_false: following ‘false’ branch (when ‘errfd == 2’)...
ppp-ppp-2.5.1/pppd/main.c:1749:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1698:24: danger: ‘outfd’ leaks here; was opened at [(10)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/9)
# 1696|   	if (pid < 0) {
# 1697|   		error("fork failed: %m");
# 1698|-> 		return -1;
# 1699|   	}
# 1700|   	if (pid > 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def91]
ppp-ppp-2.5.1/pppd/main.c:1698:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[0]’
ppp-ppp-2.5.1/pppd/main.c:1693:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/main.c:1695:15: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1696:12: branch_true: following ‘true’ branch (when ‘pid < 0’)...
ppp-ppp-2.5.1/pppd/main.c:1697:17: branch_true: ...to here
ppp-ppp-2.5.1/pppd/main.c:1698:24: danger: ‘pipefd[0]’ leaks here
# 1696|   	if (pid < 0) {
# 1697|   		error("fork failed: %m");
# 1698|-> 		return -1;
# 1699|   	}
# 1700|   	if (pid > 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def92]
ppp-ppp-2.5.1/pppd/main.c:1698:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[1]’
ppp-ppp-2.5.1/pppd/main.c:1693:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/main.c:1695:15: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1696:12: branch_true: following ‘true’ branch (when ‘pid < 0’)...
ppp-ppp-2.5.1/pppd/main.c:1697:17: branch_true: ...to here
ppp-ppp-2.5.1/pppd/main.c:1698:24: danger: ‘pipefd[1]’ leaks here
# 1696|   	if (pid < 0) {
# 1697|   		error("fork failed: %m");
# 1698|-> 		return -1;
# 1699|   	}
# 1700|   	if (pid > 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def93]
ppp-ppp-2.5.1/pppd/main.c:1698:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[must_exist]’
ppp-ppp-2.5.1/pppd/main.c:1256:1: enter_function: entry to ‘new_phase’
ppp-ppp-2.5.1/pppd/main.c:1260:12: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/main.c:1262:27: branch_true: ...to here
ppp-ppp-2.5.1/pppd/main.c:1263:13: call_function: calling ‘run_net_script’ from ‘new_phase’
# 1696|   	if (pid < 0) {
# 1697|   		error("fork failed: %m");
# 1698|-> 		return -1;
# 1699|   	}
# 1700|   	if (pid > 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def94]
ppp-ppp-2.5.1/pppd/main.c:1698:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[wait]’
ppp-ppp-2.5.1/pppd/main.c:1256:1: enter_function: entry to ‘new_phase’
ppp-ppp-2.5.1/pppd/main.c:1260:12: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/main.c:1262:27: branch_true: ...to here
ppp-ppp-2.5.1/pppd/main.c:1263:13: call_function: calling ‘run_net_script’ from ‘new_phase’
# 1696|   	if (pid < 0) {
# 1697|   		error("fork failed: %m");
# 1698|-> 		return -1;
# 1699|   	}
# 1700|   	if (pid > 0) {

Error: GCC_ANALYZER_WARNING: [#def95]
ppp-ppp-2.5.1/pppd/main.c:1728:17: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘infd’
ppp-ppp-2.5.1/pppd/main.c:1693:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/main.c:1695:15: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1696:12: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
ppp-ppp-2.5.1/pppd/main.c:1700:12: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1700:12: branch_false: following ‘false’ branch (when ‘pid == 0’)...
ppp-ppp-2.5.1/pppd/main.c:1710:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1717:12: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/main.c:1718:24: branch_true: ...to here
ppp-ppp-2.5.1/pppd/main.c:1718:24: acquire_resource: opened here
ppp-ppp-2.5.1/pppd/main.c:1719:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/main.c:1721:13: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1721:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/main.c:1724:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1727:12: branch_true: following ‘true’ branch (when ‘infd != 0’)...
ppp-ppp-2.5.1/pppd/main.c:1728:17: branch_true: ...to here
ppp-ppp-2.5.1/pppd/main.c:1728:17: danger: ‘infd’ could be invalid: unchecked value from [(10)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/9)
# 1726|   	/* dup the in, out, err fds to 0, 1, 2 */
# 1727|   	if (infd != 0)
# 1728|-> 		dup2(infd, 0);
# 1729|   	if (outfd != 1)
# 1730|   		dup2(outfd, 1);

Error: GCC_ANALYZER_WARNING: [#def96]
ppp-ppp-2.5.1/pppd/main.c:1730:17: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘outfd’
ppp-ppp-2.5.1/pppd/main.c:1693:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/main.c:1695:15: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1696:12: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
ppp-ppp-2.5.1/pppd/main.c:1700:12: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1700:12: branch_false: following ‘false’ branch (when ‘pid == 0’)...
ppp-ppp-2.5.1/pppd/main.c:1710:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1717:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/main.c:1719:13: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1719:12: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/main.c:1720:25: branch_true: ...to here
ppp-ppp-2.5.1/pppd/main.c:1720:25: acquire_resource: opened here
ppp-ppp-2.5.1/pppd/main.c:1721:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/main.c:1724:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/main.c:1729:12: branch_true: following ‘true’ branch (when ‘outfd != 1’)...
ppp-ppp-2.5.1/pppd/main.c:1730:17: branch_true: ...to here
ppp-ppp-2.5.1/pppd/main.c:1730:17: danger: ‘outfd’ could be invalid: unchecked value from [(12)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/11)
# 1728|   		dup2(infd, 0);
# 1729|   	if (outfd != 1)
# 1730|-> 		dup2(outfd, 1);
# 1731|   	if (errfd != 2)
# 1732|   		dup2(errfd, 2);

Error: CPPCHECK_WARNING (CWE-476): [#def97]
ppp-ppp-2.5.1/pppd/main.c:2114: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: np
# 2112|   	if (np == 0)
# 2113|   	    novm("notifier struct");
# 2114|-> 	np->next = *notif;
# 2115|   	np->func = func;
# 2116|   	np->arg = arg;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def98]
ppp-ppp-2.5.1/pppd/main.c:2114:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘np’
ppp-ppp-2.5.1/pppd/main.c:2106:1: enter_function: entry to ‘ppp_add_notify’
ppp-ppp-2.5.1/pppd/main.c:2109:8: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/main.c:2111:31: branch_true: ...to here
ppp-ppp-2.5.1/pppd/main.c:2111:31: acquire_memory: allocated here
ppp-ppp-2.5.1/pppd/main.c:2112:12: release_memory: assuming ‘np’ is NULL
ppp-ppp-2.5.1/pppd/main.c:2112:12: branch_true: following ‘true’ branch (when ‘np’ is NULL)...
ppp-ppp-2.5.1/pppd/main.c:2113:13: call_function: inlined call to ‘novm’ from ‘ppp_add_notify’
ppp-ppp-2.5.1/pppd/main.c:2114:9: danger: dereference of NULL ‘np’
# 2112|   	if (np == 0)
# 2113|   	    novm("notifier struct");
# 2114|-> 	np->next = *notif;
# 2115|   	np->func = func;
# 2116|   	np->arg = arg;

Error: CPPCHECK_WARNING (CWE-476): [#def99]
ppp-ppp-2.5.1/pppd/main.c:2115: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: np
# 2113|   	    novm("notifier struct");
# 2114|   	np->next = *notif;
# 2115|-> 	np->func = func;
# 2116|   	np->arg = arg;
# 2117|   	*notif = np;

Error: CPPCHECK_WARNING (CWE-476): [#def100]
ppp-ppp-2.5.1/pppd/main.c:2116: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: np
# 2114|   	np->next = *notif;
# 2115|   	np->func = func;
# 2116|-> 	np->arg = arg;
# 2117|   	*notif = np;
# 2118|       } else {

Error: COMPILER_WARNING (CWE-681): [#def101]
ppp-ppp-2.5.1/pppd/mppe.c: scope_hint: In function ‘mppe_set_chapv1’
ppp-ppp-2.5.1/pppd/mppe.c:130:54: warning[-Wpointer-sign]: pointer targets in passing argument 3 of ‘PPP_DigestFinal’ differ in signedness
#  130 |                         PPP_DigestFinal(ctx, Digest, &DigestLen);
#      |                                                      ^~~~~~~~~~
#      |                                                      |
#      |                                                      int *
ppp-ppp-2.5.1/pppd/mppe.c:43: included_from: Included from here.
ppp-ppp-2.5.1/pppd/crypto.h:96:43: note: expected ‘unsigned int *’ but argument is of type ‘int *’
#   96 |         unsigned char *out, unsigned int *outlen);
#      |                             ~~~~~~~~~~~~~~^~~~~~
#  128|                           
#  129|                           DigestLen = SHA_DIGEST_LENGTH;
#  130|->                         PPP_DigestFinal(ctx, Digest, &DigestLen);
#  131|                       }
#  132|                   }

Error: COMPILER_WARNING (CWE-681): [#def102]
ppp-ppp-2.5.1/pppd/mppe.c: scope_hint: In function ‘mppe_set_chapv2’
ppp-ppp-2.5.1/pppd/mppe.c:215:57: warning[-Wpointer-sign]: pointer targets in passing argument 3 of ‘PPP_DigestFinal’ differ in signedness
#  215 |                         PPP_DigestFinal(ctx, MasterKey, &KeyLen);
#      |                                                         ^~~~~~~
#      |                                                         |
#      |                                                         int *
ppp-ppp-2.5.1/pppd/crypto.h:96:43: note: expected ‘unsigned int *’ but argument is of type ‘int *’
#   96 |         unsigned char *out, unsigned int *outlen);
#      |                             ~~~~~~~~~~~~~~^~~~~~
#  213|                           
#  214|                           KeyLen = SHA_DIGEST_LENGTH;
#  215|->                         PPP_DigestFinal(ctx, MasterKey, &KeyLen);
#  216|                       }
#  217|                   }

Error: COMPILER_WARNING (CWE-681): [#def103]
ppp-ppp-2.5.1/pppd/mppe.c:246:59: warning[-Wpointer-sign]: pointer targets in passing argument 3 of ‘PPP_DigestFinal’ differ in signedness
#  246 |                             PPP_DigestFinal(ctx, SendKey, &KeyLen);
#      |                                                           ^~~~~~~
#      |                                                           |
#      |                                                           int *
ppp-ppp-2.5.1/pppd/crypto.h:96:43: note: expected ‘unsigned int *’ but argument is of type ‘int *’
#   96 |         unsigned char *out, unsigned int *outlen);
#      |                             ~~~~~~~~~~~~~~^~~~~~
#  244|                           
#  245|                               KeyLen = SHA_DIGEST_LENGTH;
#  246|->                             PPP_DigestFinal(ctx, SendKey, &KeyLen);
#  247|                           }
#  248|                       }

Error: COMPILER_WARNING (CWE-681): [#def104]
ppp-ppp-2.5.1/pppd/mppe.c:279:59: warning[-Wpointer-sign]: pointer targets in passing argument 3 of ‘PPP_DigestFinal’ differ in signedness
#  279 |                             PPP_DigestFinal(ctx, RecvKey, &KeyLen);
#      |                                                           ^~~~~~~
#      |                                                           |
#      |                                                           int *
ppp-ppp-2.5.1/pppd/crypto.h:96:43: note: expected ‘unsigned int *’ but argument is of type ‘int *’
#   96 |         unsigned char *out, unsigned int *outlen);
#      |                             ~~~~~~~~~~~~~~^~~~~~
#  277|                           
#  278|                               KeyLen = SHA_DIGEST_LENGTH;
#  279|->                             PPP_DigestFinal(ctx, RecvKey, &KeyLen);
#  280|                           }
#  281|                       }

Error: COMPILER_WARNING (CWE-457): [#def105]
ppp-ppp-2.5.1/pppd/options.c: scope_hint: In function ‘ppp_get_filepath’
ppp-ppp-2.5.1/pppd/options.c:508:16: warning[-Wmaybe-uninitialized]: ‘path’ may be used uninitialized
#  508 |         return slprintf(buf, bufsz, "%s/%s", path, name);
#      |                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ppp-ppp-2.5.1/pppd/options.c:489:17: note: ‘path’ was declared here
#  489 |     const char *path;
#      |                 ^~~~
#  506|               break;
#  507|           }
#  508|->         return slprintf(buf, bufsz, "%s/%s", path, name);
#  509|       }
#  510|       return -1;

Error: CPPCHECK_WARNING (CWE-476): [#def106]
ppp-ppp-2.5.1/pppd/options.c:575: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: filename
#  573|   	return 0;
#  574|       }
#  575|->     f = fopen(filename, "r");
#  576|       err = errno;
#  577|       if (check_prot && seteuid(euid) == -1)

Error: CPPCHECK_WARNING (CWE-682): [#def107]
ppp-ppp-2.5.1/pppd/options.c:680: error[nullPointerArithmeticOutOfMemory]: If memory allocation fail: pointer addition with NULL pointer.
#  678|       slprintf(path, pl, "%s%s", PPP_PATH_TTYOPT, dev);
#  679|       /* Turn slashes into dots, for Solaris case (e.g. /dev/term/a) */
#  680|->     for (p = path + strlen(PPP_PATH_TTYOPT); *p != 0; ++p)
#  681|   	if (*p == '/')
#  682|   	    *p = '.';

Error: CPPCHECK_WARNING (CWE-476): [#def108]
ppp-ppp-2.5.1/pppd/options.c:1022: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: list
# 1020|       if (list == 0)
# 1021|   	novm("option list entry");
# 1022|->     list->options = opt;
# 1023|       list->next = extra_options;
# 1024|       extra_options = list;

Error: CPPCHECK_WARNING (CWE-476): [#def109]
ppp-ppp-2.5.1/pppd/options.c:1023: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: list
# 1021|   	novm("option list entry");
# 1022|       list->options = opt;
# 1023|->     list->next = extra_options;
# 1024|       extra_options = list;
# 1025|   }

Error: GCC_ANALYZER_WARNING (CWE-688): [#def110]
ppp-ppp-2.5.1/pppd/options.c:1793:9: warning[-Wanalyzer-null-argument]: use of NULL ‘path’ where non-null expected
ppp-ppp-2.5.1/pppd/options.c:1787:8: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/options.c:1789:32: branch_true: ...to here
ppp-ppp-2.5.1/pppd/options.c:1790:16: acquire_memory: allocated here
ppp-ppp-2.5.1/pppd/options.c:1791:12: release_memory: assuming ‘path’ is NULL
ppp-ppp-2.5.1/pppd/options.c:1791:12: branch_true: following ‘true’ branch (when ‘path’ is NULL)...
ppp-ppp-2.5.1/pppd/options.c:1792:13: branch_true: ...to here
ppp-ppp-2.5.1/pppd/options.c:1793:9: danger: argument 1 (‘path’) NULL where non-null expected
# 1791|   	if (path == 0)
# 1792|   	    novm("plugin file path");
# 1793|-> 	strlcpy(path, base, l);
# 1794|   	strlcat(path, "/", l);
# 1795|   	strlcat(path, arg, l);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def111]
ppp-ppp-2.5.1/pppd/options.c:1881:13: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
ppp-ppp-2.5.1/pppd/options.c:1837:1: enter_function: entry to ‘user_setenv’
ppp-ppp-2.5.1/pppd/options.c:1843:8: branch_false: following ‘false’ branch (when ‘eqp’ is non-NULL)...
ppp-ppp-2.5.1/pppd/options.c:1847:8: branch_false: ...to here
ppp-ppp-2.5.1/pppd/options.c:1847:8: branch_false: following ‘false’ branch (when ‘arg != eqp’)...
ppp-ppp-2.5.1/pppd/options.c:1851:10: branch_false: ...to here
ppp-ppp-2.5.1/pppd/options.c:1851:30: branch_true: following ‘true’ branch (when ‘uep’ is non-NULL)...
ppp-ppp-2.5.1/pppd/options.c:1852:27: branch_true: ...to here
ppp-ppp-2.5.1/pppd/options.c:1858:8: branch_true: following ‘true’ branch (when ‘uep’ is non-NULL)...
ppp-ppp-2.5.1/pppd/options.c:1858:24: branch_true: ...to here
ppp-ppp-2.5.1/pppd/options.c:1880:12: branch_true: following ‘true’ branch (when ‘uep2’ is NULL)...
ppp-ppp-2.5.1/pppd/options.c:1880:30: branch_true: ...to here
ppp-ppp-2.5.1/pppd/options.c:1880:13: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/options.c:1881:13: branch_false: ...to here
ppp-ppp-2.5.1/pppd/options.c:1881:13: call_function: calling ‘find_option’ from ‘user_setenv’
ppp-ppp-2.5.1/pppd/options.c:1881:13: return_function: returning to ‘user_setenv’ from ‘find_option’
ppp-ppp-2.5.1/pppd/options.c:1881:13: danger: dereference of NULL ‘find_option("unset")’
# 1879|   	}
# 1880|   	if (uep2 == NULL && !uep->ue_isset)
# 1881|-> 	    find_option("unset")->flags |= OPT_NOPRINT;
# 1882|   	free(uep->ue_value);
# 1883|       }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def112]
ppp-ppp-2.5.1/pppd/options.c:1953:13: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
ppp-ppp-2.5.1/pppd/options.c:1913:1: enter_function: entry to ‘user_unsetenv’
ppp-ppp-2.5.1/pppd/options.c:1918:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/options.c:1922:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/options.c:1922:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/options.c:1926:10: branch_false: ...to here
ppp-ppp-2.5.1/pppd/options.c:1926:30: branch_true: following ‘true’ branch (when ‘uep’ is non-NULL)...
ppp-ppp-2.5.1/pppd/options.c:1927:25: branch_true: ...to here
ppp-ppp-2.5.1/pppd/options.c:1931:8: branch_true: following ‘true’ branch (when ‘uep’ is non-NULL)...
ppp-ppp-2.5.1/pppd/options.c:1931:24: branch_true: ...to here
ppp-ppp-2.5.1/pppd/options.c:1952:12: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/options.c:1953:13: call_function: calling ‘find_option’ from ‘user_unsetenv’
ppp-ppp-2.5.1/pppd/options.c:1953:13: return_function: returning to ‘user_unsetenv’ from ‘find_option’
ppp-ppp-2.5.1/pppd/options.c:1953:13: danger: dereference of NULL ‘find_option("set")’
# 1951|   	}
# 1952|   	if (uep2 == NULL && uep->ue_isset)
# 1953|-> 	    find_option("set")->flags |= OPT_NOPRINT;
# 1954|   	free(uep->ue_value);
# 1955|       }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def113]
ppp-ppp-2.5.1/pppd/peap.c:129:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘buf’
ppp-ppp-2.5.1/pppd/peap.c:115:15: acquire_memory: allocated here
ppp-ppp-2.5.1/pppd/peap.c:116:12: release_memory: assuming ‘buf’ is NULL
ppp-ppp-2.5.1/pppd/peap.c:116:12: branch_true: following ‘true’ branch (when ‘buf’ is NULL)...
ppp-ppp-2.5.1/pppd/peap.c:117:17: branch_true: ...to here
ppp-ppp-2.5.1/pppd/peap.c:119:12: branch_false: following ‘false’ branch (when ‘hash’ is non-NULL)...
 branch_false: ...to here
ppp-ppp-2.5.1/pppd/peap.c:122:21: branch_true: following ‘true’ branch (when ‘i < max_iter’)...
ppp-ppp-2.5.1/pppd/peap.c:126:20: branch_true: ...to here
ppp-ppp-2.5.1/pppd/peap.c:126:20: branch_false: following ‘false’ branch (when ‘i == 0’)...
ppp-ppp-2.5.1/pppd/peap.c:128:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/peap.c:128:29: branch_true: following ‘true’ branch (when ‘k < seed_len’)...
ppp-ppp-2.5.1/pppd/peap.c:129:42: branch_true: ...to here
ppp-ppp-2.5.1/pppd/peap.c:129:25: danger: dereference of NULL ‘buf + (j + k)’
#  127|   			j = SHA_DIGEST_LENGTH;
#  128|   		for (k = 0; k < seed_len; k++)
#  129|-> 			buf[j + k] = seed[k];
#  130|   		pos = j + k;
#  131|   		buf[pos] = i + 1;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def114]
ppp-ppp-2.5.1/pppd/peap.c:131:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘buf’
ppp-ppp-2.5.1/pppd/peap.c:115:15: acquire_memory: allocated here
ppp-ppp-2.5.1/pppd/peap.c:116:12: release_memory: assuming ‘buf’ is NULL
ppp-ppp-2.5.1/pppd/peap.c:116:12: branch_true: following ‘true’ branch (when ‘buf’ is NULL)...
ppp-ppp-2.5.1/pppd/peap.c:117:17: branch_true: ...to here
ppp-ppp-2.5.1/pppd/peap.c:119:12: branch_false: following ‘false’ branch (when ‘hash’ is non-NULL)...
 branch_false: ...to here
ppp-ppp-2.5.1/pppd/peap.c:122:21: branch_true: following ‘true’ branch (when ‘i < max_iter’)...
ppp-ppp-2.5.1/pppd/peap.c:126:20: branch_true: ...to here
ppp-ppp-2.5.1/pppd/peap.c:126:20: branch_false: following ‘false’ branch (when ‘i == 0’)...
ppp-ppp-2.5.1/pppd/peap.c:128:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/peap.c:128:29: branch_false: following ‘false’ branch (when ‘k >= seed_len’)...
ppp-ppp-2.5.1/pppd/peap.c:130:23: branch_false: ...to here
ppp-ppp-2.5.1/pppd/peap.c:131:17: danger: dereference of NULL ‘buf + (sizetype)pos’
#  129|   			buf[j + k] = seed[k];
#  130|   		pos = j + k;
#  131|-> 		buf[pos] = i + 1;
#  132|   		pos++;
#  133|   		buf[pos] = 0x00;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def115]
ppp-ppp-2.5.1/pppd/peap.c:142:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘hash’
ppp-ppp-2.5.1/pppd/peap.c:116:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
ppp-ppp-2.5.1/pppd/peap.c:118:16: branch_false: ...to here
ppp-ppp-2.5.1/pppd/peap.c:119:12: branch_false: following ‘false’ branch (when ‘hash’ is non-NULL)...
 branch_false: ...to here
ppp-ppp-2.5.1/pppd/peap.c:122:21: branch_false: following ‘false’ branch (when ‘i >= max_iter’)...
ppp-ppp-2.5.1/pppd/peap.c:142:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/peap.c:142:9: danger: use of uninitialized value ‘hash’ here
#  140|   			buf[j] = hash[i * SHA_DIGEST_LENGTH + j];
#  141|   	}
#  142|-> 	BCOPY(hash, out_buf, pfr_len);
#  143|   	free(hash);
#  144|   	free(buf);

Error: CPPCHECK_WARNING (CWE-476): [#def116]
ppp-ppp-2.5.1/pppd/peap.c:481: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: psm
#  479|   	if (!psm)
#  480|   		novm("peap psm struct");
#  481|-> 	psm->in_buf = malloc(TLS_RECORD_MAX_SIZE);
#  482|   	if (!psm->in_buf)
#  483|   		novm("peap tls buffer");

Error: GCC_ANALYZER_WARNING (CWE-476): [#def117]
ppp-ppp-2.5.1/pppd/peap.c:481:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘psm’
ppp-ppp-2.5.1/pppd/peap.c:473:12: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
ppp-ppp-2.5.1/pppd/peap.c:476:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/peap.c:478:34: acquire_memory: allocated here
ppp-ppp-2.5.1/pppd/peap.c:479:12: release_memory: assuming ‘psm’ is NULL
ppp-ppp-2.5.1/pppd/peap.c:479:12: branch_true: following ‘true’ branch (when ‘psm’ is NULL)...
ppp-ppp-2.5.1/pppd/peap.c:480:17: branch_true: ...to here
ppp-ppp-2.5.1/pppd/peap.c:481:9: danger: dereference of NULL ‘psm’
#  479|   	if (!psm)
#  480|   		novm("peap psm struct");
#  481|-> 	psm->in_buf = malloc(TLS_RECORD_MAX_SIZE);
#  482|   	if (!psm->in_buf)
#  483|   		novm("peap tls buffer");

Error: CPPCHECK_WARNING (CWE-476): [#def118]
ppp-ppp-2.5.1/pppd/peap.c:482: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: psm
#  480|   		novm("peap psm struct");
#  481|   	psm->in_buf = malloc(TLS_RECORD_MAX_SIZE);
#  482|-> 	if (!psm->in_buf)
#  483|   		novm("peap tls buffer");
#  484|   	psm->out_buf = malloc(TLS_RECORD_MAX_SIZE);

Error: GCC_ANALYZER_WARNING: [#def119]
ppp-ppp-2.5.1/pppd/plugins/pppoatm/pppoatm.c:164:13: warning[-Wanalyzer-fd-use-without-check]: 'connect' on possibly invalid file descriptor 'fd'
ppp-ppp-2.5.1/pppd/plugins/pppoatm/pppoatm.c:150:12: branch_true: following 'true' branch (when 'fd < 0')...
ppp-ppp-2.5.1/pppd/plugins/pppoatm/pppoatm.c:151:17: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/pppoatm/pppoatm.c:164:13: danger: 'fd' could be invalid
#  162|   		fatal("setsockopt(SO_ATMQOS): %m");
#  163|   	/* TODO: accept on SVCs... */
#  164|-> 	if (connect(fd, (struct sockaddr *) &pvcaddr,
#  165|   	    sizeof(struct sockaddr_atmpvc)))
#  166|   		fatal("connect(%s): %m", devnam);

Error: COMPILER_WARNING: [#def120]
ppp-ppp-2.5.1/pppd/plugins/pppoe/common.c:16:19: warning[-Wunused-const-variable=]: 'RCSID' defined but not used
#   16 | static char const RCSID[] =
#      |                   ^~~~~
#   14|   ***********************************************************************/
#   15|   
#   16|-> static char const RCSID[] =
#   17|   "$Id: common.c,v 1.3 2008/06/09 08:34:23 paulus Exp $";
#   18|   

Error: COMPILER_WARNING: [#def121]
ppp-ppp-2.5.1/pppd/plugins/pppoe/common.c:16:19: warning[-Wunused-const-variable=]: ‘RCSID’ defined but not used
#   16 | static char const RCSID[] =
#      |                   ^~~~~
#   14|   ***********************************************************************/
#   15|   
#   16|-> static char const RCSID[] =
#   17|   "$Id: common.c,v 1.3 2008/06/09 08:34:23 paulus Exp $";
#   18|   

Error: COMPILER_WARNING: [#def122]
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c:11:19: warning[-Wunused-const-variable=]: 'RCSID' defined but not used
#   11 | static char const RCSID[] =
#      |                   ^~~~~
#    9|   ***********************************************************************/
#   10|   
#   11|-> static char const RCSID[] =
#   12|   "$Id: discovery.c,v 1.6 2008/06/15 04:35:50 paulus Exp $";
#   13|   

Error: COMPILER_WARNING: [#def123]
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c:11:19: warning[-Wunused-const-variable=]: ‘RCSID’ defined but not used
#   11 | static char const RCSID[] =
#      |                   ^~~~~
#    9|   ***********************************************************************/
#   10|   
#   11|-> static char const RCSID[] =
#   12|   "$Id: discovery.c,v 1.6 2008/06/15 04:35:50 paulus Exp $";
#   13|   

Error: COMPILER_WARNING: [#def124]
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c: scope_hint: In function 'sendPADI'
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c:337:12: warning[-Warray-bounds=]: array subscript 'struct PPPoETag[0]' is partly outside array bounds of 'struct PPPoEPacket[1]'
#  337 |         svc->type = TAG_SERVICE_NAME;
#      |            ^~
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c:310:17: note: at offset 20 into object 'packet' of size 1528
#  310 |     PPPoEPacket packet;
#      |                 ^~~~~~
#  335|   	CHECK_ROOM(cursor, packet.payload, plen);
#  336|   
#  337|-> 	svc->type = TAG_SERVICE_NAME;
#  338|   	svc->length = htons(namelen);
#  339|   

Error: COMPILER_WARNING: [#def125]
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c: scope_hint: In function ‘sendPADI’
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c:337:12: warning[-Warray-bounds=]: array subscript ‘struct PPPoETag[0]’ is partly outside array bounds of ‘struct PPPoEPacket[1]’
#  337 |         svc->type = TAG_SERVICE_NAME;
#      |            ^~
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c:310:17: note: at offset 20 into object ‘packet’ of size 1528
#  310 |     PPPoEPacket packet;
#      |                 ^~~~~~
#  335|   	CHECK_ROOM(cursor, packet.payload, plen);
#  336|   
#  337|-> 	svc->type = TAG_SERVICE_NAME;
#  338|   	svc->length = htons(namelen);
#  339|   

Error: COMPILER_WARNING: [#def126]
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c:338:12: warning[-Warray-bounds=]: array subscript 'struct PPPoETag[0]' is partly outside array bounds of 'struct PPPoEPacket[1]'
#  338 |         svc->length = htons(namelen);
#      |            ^~
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c:310:17: note: at offset 20 into object 'packet' of size 1528
#  310 |     PPPoEPacket packet;
#      |                 ^~~~~~
#  336|   
#  337|   	svc->type = TAG_SERVICE_NAME;
#  338|-> 	svc->length = htons(namelen);
#  339|   
#  340|   	if (conn->serviceName) {

Error: COMPILER_WARNING: [#def127]
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c:338:12: warning[-Warray-bounds=]: array subscript ‘struct PPPoETag[0]’ is partly outside array bounds of ‘struct PPPoEPacket[1]’
#  338 |         svc->length = htons(namelen);
#      |            ^~
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c:310:17: note: at offset 20 into object ‘packet’ of size 1528
#  310 |     PPPoEPacket packet;
#      |                 ^~~~~~
#  336|   
#  337|   	svc->type = TAG_SERVICE_NAME;
#  338|-> 	svc->length = htons(namelen);
#  339|   
#  340|   	if (conn->serviceName) {

Error: COMPILER_WARNING: [#def128]
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c: scope_hint: In function 'sendPADR'
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c:523:8: warning[-Warray-bounds=]: array subscript 'struct PPPoETag[0]' is partly outside array bounds of 'struct PPPoEPacket[1]'
#  523 |     svc->type = TAG_SERVICE_NAME;
#      |        ^~
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c:502:17: note: at offset 20 into object 'packet' of size 1528
#  502 |     PPPoEPacket packet;
#      |                 ^~~~~~
#  521|       packet.session = 0;
#  522|   
#  523|->     svc->type = TAG_SERVICE_NAME;
#  524|       svc->length = htons(namelen);
#  525|       if (conn->serviceName) {

Error: COMPILER_WARNING: [#def129]
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c: scope_hint: In function ‘sendPADR’
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c:523:8: warning[-Warray-bounds=]: array subscript ‘struct PPPoETag[0]’ is partly outside array bounds of ‘struct PPPoEPacket[1]’
#  523 |     svc->type = TAG_SERVICE_NAME;
#      |        ^~
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c:502:17: note: at offset 20 into object ‘packet’ of size 1528
#  502 |     PPPoEPacket packet;
#      |                 ^~~~~~
#  521|       packet.session = 0;
#  522|   
#  523|->     svc->type = TAG_SERVICE_NAME;
#  524|       svc->length = htons(namelen);
#  525|       if (conn->serviceName) {

Error: COMPILER_WARNING: [#def130]
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c:524:8: warning[-Warray-bounds=]: array subscript 'struct PPPoETag[0]' is partly outside array bounds of 'struct PPPoEPacket[1]'
#  524 |     svc->length = htons(namelen);
#      |        ^~
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c:502:17: note: at offset 20 into object 'packet' of size 1528
#  502 |     PPPoEPacket packet;
#      |                 ^~~~~~
#  522|   
#  523|       svc->type = TAG_SERVICE_NAME;
#  524|->     svc->length = htons(namelen);
#  525|       if (conn->serviceName) {
#  526|   	memcpy(svc->payload, conn->serviceName, namelen);

Error: COMPILER_WARNING: [#def131]
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c:524:8: warning[-Warray-bounds=]: array subscript ‘struct PPPoETag[0]’ is partly outside array bounds of ‘struct PPPoEPacket[1]’
#  524 |     svc->length = htons(namelen);
#      |        ^~
ppp-ppp-2.5.1/pppd/plugins/pppoe/discovery.c:502:17: note: at offset 20 into object ‘packet’ of size 1528
#  502 |     PPPoEPacket packet;
#      |                 ^~~~~~
#  522|   
#  523|       svc->type = TAG_SERVICE_NAME;
#  524|->     svc->length = htons(namelen);
#  525|       if (conn->serviceName) {
#  526|   	memcpy(svc->payload, conn->serviceName, namelen);

Error: COMPILER_WARNING: [#def132]
ppp-ppp-2.5.1/pppd/plugins/pppoe/if.c:16:19: warning[-Wunused-const-variable=]: 'RCSID' defined but not used
#   16 | static char const RCSID[] =
#      |                   ^~~~~
#   14|   ***********************************************************************/
#   15|   
#   16|-> static char const RCSID[] =
#   17|   "$Id: if.c,v 1.2 2008/06/09 08:34:23 paulus Exp $";
#   18|   

Error: COMPILER_WARNING: [#def133]
ppp-ppp-2.5.1/pppd/plugins/pppoe/if.c:16:19: warning[-Wunused-const-variable=]: ‘RCSID’ defined but not used
#   16 | static char const RCSID[] =
#      |                   ^~~~~
#   14|   ***********************************************************************/
#   15|   
#   16|-> static char const RCSID[] =
#   17|   "$Id: if.c,v 1.2 2008/06/09 08:34:23 paulus Exp $";
#   18|   

Error: COMPILER_WARNING: [#def134]
ppp-ppp-2.5.1/pppd/plugins/pppoe/plugin.c:25:19: warning[-Wunused-const-variable=]: 'RCSID' defined but not used
#   25 | static char const RCSID[] =
#      |                   ^~~~~
#   23|   ***********************************************************************/
#   24|   
#   25|-> static char const RCSID[] =
#   26|   "$Id: plugin.c,v 1.17 2008/06/15 04:35:50 paulus Exp $";
#   27|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def135]
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:171:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:148:5: enter_function: entry to ‘main’
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:157:8: branch_false: following ‘false’ branch (when ‘conn’ is non-NULL)...
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:162:5: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:168:12: branch_true: following ‘true’ branch (when ‘opt > 0’)...
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:169:9: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:171:33: call_function: calling ‘xstrdup’ from ‘main’
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:171:33: return_function: returning to ‘main’ from ‘xstrdup’
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:168:12: branch_true: following ‘true’ branch (when ‘opt > 0’)...
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:169:9: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:171:33: call_function: calling ‘xstrdup’ from ‘main’
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:171:33: return_function: returning to ‘main’ from ‘xstrdup’
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:171:13: danger: ‘<unknown>’ leaks here; was allocated at [(10)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/9)
#  169|   	switch(opt) {
#  170|   	case 'S':
#  171|-> 	    conn->serviceName = xstrdup(optarg);
#  172|   	    break;
#  173|   	case 'C':

Error: GCC_ANALYZER_WARNING (CWE-401): [#def136]
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:174:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:148:5: enter_function: entry to ‘main’
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:157:8: branch_false: following ‘false’ branch (when ‘conn’ is non-NULL)...
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:162:5: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:168:12: branch_true: following ‘true’ branch (when ‘opt > 0’)...
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:169:9: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:174:28: call_function: calling ‘xstrdup’ from ‘main’
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:174:28: return_function: returning to ‘main’ from ‘xstrdup’
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:168:12: branch_true: following ‘true’ branch (when ‘opt > 0’)...
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:169:9: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:174:28: call_function: calling ‘xstrdup’ from ‘main’
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:174:28: return_function: returning to ‘main’ from ‘xstrdup’
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:174:13: danger: ‘<unknown>’ leaks here; was allocated at [(10)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/9)
#  172|   	    break;
#  173|   	case 'C':
#  174|-> 	    conn->acName = xstrdup(optarg);
#  175|   	    break;
#  176|   	case 't':

Error: GCC_ANALYZER_WARNING (CWE-401): [#def137]
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:227:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:148:5: enter_function: entry to ‘main’
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:157:8: branch_false: following ‘false’ branch (when ‘conn’ is non-NULL)...
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:162:5: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:168:12: branch_true: following ‘true’ branch (when ‘opt > 0’)...
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:169:9: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:227:28: call_function: calling ‘xstrdup’ from ‘main’
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:227:28: return_function: returning to ‘main’ from ‘xstrdup’
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:168:12: branch_true: following ‘true’ branch (when ‘opt > 0’)...
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:169:9: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:227:28: call_function: calling ‘xstrdup’ from ‘main’
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:227:28: return_function: returning to ‘main’ from ‘xstrdup’
ppp-ppp-2.5.1/pppd/plugins/pppoe/pppoe-discovery.c:227:13: danger: ‘<unknown>’ leaks here; was allocated at [(10)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/9)
#  225|   	    break;
#  226|   	case 'I':
#  227|-> 	    conn->ifName = xstrdup(optarg);
#  228|   	    break;
#  229|   	case 'Q':

Error: COMPILER_WARNING (CWE-563): [#def138]
ppp-ppp-2.5.1/pppd/plugins/pppol2tp/pppol2tp.c: scope_hint: In function 'setdevname_pppol2tp'
ppp-ppp-2.5.1/pppd/plugins/pppol2tp/pppol2tp.c:135:16: warning[-Wunused-variable]: unused variable 'a'
#  135 |         char **a;
#      |                ^
#  133|   	} s;
#  134|   	socklen_t len = sizeof(s);
#  135|-> 	char **a;
#  136|   	int tmp;
#  137|   	socklen_t tmp_len = sizeof(tmp);

Error: COMPILER_WARNING (CWE-563): [#def139]
ppp-ppp-2.5.1/pppd/plugins/pppol2tp/pppol2tp.c:212:22: warning[-Wunused-variable]: unused variable 'ifr'
#  212 |         struct ifreq ifr;
#      |                      ^~~
#  210|   			      int accomp)
#  211|   {
#  212|-> 	struct ifreq ifr;
#  213|   	int on = 1;
#  214|   	int fd;

Error: COMPILER_WARNING (CWE-563): [#def140]
ppp-ppp-2.5.1/pppd/plugins/pppol2tp/pppol2tp.c: scope_hint: In function 'send_config_pppol2tp'
ppp-ppp-2.5.1/pppd/plugins/pppol2tp/pppol2tp.c:214:13: warning[-Wunused-variable]: unused variable 'fd'
#  214 |         int fd;
#      |             ^~
#  212|   	struct ifreq ifr;
#  213|   	int on = 1;
#  214|-> 	int fd;
#  215|   	char reorderto[16];
#  216|   	char tid[12];

Error: COMPILER_WARNING (CWE-563): [#def141]
ppp-ppp-2.5.1/pppd/plugins/pppol2tp/pppol2tp.c: scope_hint: In function 'pppol2tp_lcp_snoop'
ppp-ppp-2.5.1/pppd/plugins/pppol2tp/pppol2tp.c:314:21: warning[-Wunused-but-set-variable]: variable 'snooping' set but not used
#  314 |         static bool snooping = 1;
#      |                     ^~~~~~~~
#  312|   	static uint32_t recv_accm = 0xffffffff;
#  313|   	static uint32_t send_accm = 0xffffffff;
#  314|-> 	static bool snooping = 1;
#  315|   
#  316|   	uint16_t protocol;

Error: COMPILER_WARNING (CWE-1164): [#def142]
ppp-ppp-2.5.1/pppd/plugins/pppol2tp/pppol2tp.c: scope_hint: At top level
ppp-ppp-2.5.1/pppd/plugins/pppol2tp/pppol2tp.c:493:13: warning[-Wunused-function]: 'pppol2tp_cleanup' defined but not used
#  493 | static void pppol2tp_cleanup(void)
#      |             ^~~~~~~~~~~~~~~~
#  491|   /* Called just before pppd exits.
#  492|    */
#  493|-> static void pppol2tp_cleanup(void)
#  494|   {
#  495|   	if (pppol2tp_debug_mask & PPPOL2TP_MSG_DEBUG) {

Error: COMPILER_WARNING: [#def143]
ppp-ppp-2.5.1/pppd/plugins/radius/avpair.c: scope_hint: In function 'rc_avpair_tostr'
ppp-ppp-2.5.1/pppd/plugins/radius/avpair.c:729:33: warning[-Wstringop-truncation]: 'strncat' output may be truncated copying 1 byte from a string of length 253
#  729 |                                 strncat(value, (char*) ptr, 1);
#      |                                 ^
#  727|   			else
#  728|   			{
#  729|-> 				strncat(value, (char*) ptr, 1);
#  730|   				lv--;
#  731|   				if (lv < 0) break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def144]
ppp-ppp-2.5.1/pppd/plugins/radius/clientid.c:45:24: warning[-Wanalyzer-malloc-leak]: leak of 'p'
ppp-ppp-2.5.1/pppd/plugins/radius/clientid.c:42:12: branch_false: following 'false' branch...
 branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/clientid.c:50:16: branch_true: following 'true' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/clientid.c:52:17: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/clientid.c:69:53: acquire_memory: allocated here
ppp-ppp-2.5.1/pppd/plugins/radius/clientid.c:69:28: branch_false: following 'false' branch (when 'p' is non-NULL)...
ppp-ppp-2.5.1/pppd/plugins/radius/clientid.c:75:40: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/clientid.c:75:28: branch_true: following 'true' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/clientid.c:76:33: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/clientid.c:45:24: danger: 'p' leaks here; was allocated at [(6)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/5)
#   43|   	{
#   44|   		error("rc_read_mapfile: can't read %s: %s", filename, strerror(errno));
#   45|-> 		return (-1);
#   46|   	}
#   47|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def145]
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:219:18: warning[-Wanalyzer-file-leak]: leak of FILE 'fopen(filename, "r")'
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:188:5: enter_function: entry to 'rc_read_config'
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:195:25: acquire_resource: opened here
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:195:12: branch_false: following 'false' branch...
 branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:202:16: branch_true: following 'true' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:204:17: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:213:20: branch_false: following 'false' branch (when 'pos != 0')...
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:219:18: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:221:31: call_function: calling 'find_option' from 'rc_read_config'
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:221:31: return_function: returning to 'rc_read_config' from 'find_option'
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:221:20: branch_false: following 'false' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:226:21: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:226:20: branch_false: following 'false' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:232:19: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:219:18: danger: 'fopen(filename, "r")' leaks here; was opened at [(2)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/1)
#  217|   		}
#  218|   
#  219|-> 		p[pos] = '\0';
#  220|   
#  221|   		if ((option = find_option(p, OT_ANY)) == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def146]
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:219:18: warning[-Wanalyzer-malloc-leak]: leak of 'fopen(filename, "r")'
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:188:5: enter_function: entry to 'rc_read_config'
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:195:25: acquire_memory: allocated here
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:195:12: branch_false: following 'false' branch...
 branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:202:16: branch_true: following 'true' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:204:17: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:213:20: branch_false: following 'false' branch (when 'pos != 0')...
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:219:18: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:221:31: call_function: calling 'find_option' from 'rc_read_config'
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:221:31: return_function: returning to 'rc_read_config' from 'find_option'
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:221:20: branch_false: following 'false' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:226:21: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:226:20: branch_false: following 'false' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:232:19: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:219:18: danger: 'fopen(filename, "r")' leaks here; was allocated at [(2)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/1)
#  217|   		}
#  218|   
#  219|-> 		p[pos] = '\0';
#  220|   
#  221|   		if ((option = find_option(p, OT_ANY)) == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def147]
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:287:16: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:285:12: branch_true: following 'true' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:286:17: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:287:16: danger: dereference of NULL 'find_option(optname, 1)'
#  285|   	if (option == NULL)
#  286|   		fatal("rc_conf_str: unknown config option requested: %s", optname);
#  287|-> 	return (char *)option->val;
#  288|   }
#  289|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def148]
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:298:25: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:296:12: branch_true: following 'true' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:297:17: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:298:25: danger: dereference of NULL 'find_option(optname, 10)'
#  296|   	if (option == NULL)
#  297|   		fatal("rc_conf_int: unknown config option requested: %s", optname);
#  298|-> 	return *((int *)option->val);
#  299|   }
#  300|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def149]
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:309:16: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:307:12: branch_true: following 'true' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:308:17: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:309:16: danger: dereference of NULL 'find_option(optname, 4)'
#  307|   	if (option == NULL)
#  308|   		fatal("rc_conf_srv: unknown config option requested: %s", optname);
#  309|-> 	return (SERVER *)option->val;
#  310|   }
#  311|   

Error: COMPILER_WARNING (CWE-563): [#def150]
ppp-ppp-2.5.1/pppd/plugins/radius/config.c: scope_hint: In function 'rc_find_server'
ppp-ppp-2.5.1/pppd/plugins/radius/config.c:465:25: warning[-Wunused-variable]: unused variable 'len'
#  465 |         int             len;
#      |                         ^~~
#  463|   {
#  464|   	UINT4	myipaddr = 0;
#  465|-> 	int             len;
#  466|   	int             result;
#  467|   	FILE           *clientfd;

Error: COMPILER_WARNING (CWE-681): [#def151]
ppp-ppp-2.5.1/pppd/plugins/radius/md5.c: scope_hint: In function 'rc_md5_calc'
ppp-ppp-2.5.1/pppd/plugins/radius/md5.c:20:47: warning[-Wpointer-sign]: pointer targets in passing argument 3 of 'PPP_DigestFinal' differ in signedness
#   20 |                 if (PPP_DigestFinal(ctx, out, &outl)) {
#      |                                               ^~~~~
#      |                                               |
#      |                                               int *
ppp-ppp-2.5.1/pppd/plugins/radius/md5.c:6: included_from: Included from here.
ppp-ppp-2.5.1/pppd/crypto.h:96:43: note: expected 'unsigned int *' but argument is of type 'int *'
#   96 |         unsigned char *out, unsigned int *outlen);
#      |                             ~~~~~~~~~~~~~~^~~~~~
#   18|               if (PPP_DigestUpdate(ctx, in, inl)) {
#   19|   
#   20|->                 if (PPP_DigestFinal(ctx, out, &outl)) {
#   21|   
#   22|                       retval = 1;

Error: COMPILER_WARNING: [#def152]
ppp-ppp-2.5.1/pppd/plugins/radius/radattr.c:17:19: warning[-Wunused-const-variable=]: 'RCSID' defined but not used
#   17 | static char const RCSID[] =
#      |                   ^~~~~
#   15|   ***********************************************************************/
#   16|   
#   17|-> static char const RCSID[] =
#   18|   "$Id: radattr.c,v 1.2 2004/10/28 00:24:40 paulus Exp $";
#   19|   

Error: COMPILER_WARNING: [#def153]
ppp-ppp-2.5.1/pppd/plugins/radius/radius.c:26:19: warning[-Wunused-const-variable=]: 'RCSID' defined but not used
#   26 | static char const RCSID[] =
#      |                   ^~~~~
#   24|   *
#   25|   ***********************************************************************/
#   26|-> static char const RCSID[] =
#   27|   "$Id: radius.c,v 1.32 2008/05/26 09:18:08 paulus Exp $";
#   28|   

Error: CPPCHECK_WARNING (CWE-476): [#def154]
ppp-ppp-2.5.1/pppd/plugins/radius/radius.c:187: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: p
#  185|   
#  186|       /* Append to a list of vp's for later parsing */
#  187|->     p->vpstr = strdup(*argv);
#  188|       p->next = avpopt;
#  189|       avpopt = p;

Error: CPPCHECK_WARNING (CWE-476): [#def155]
ppp-ppp-2.5.1/pppd/plugins/radius/radius.c:188: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: p
#  186|       /* Append to a list of vp's for later parsing */
#  187|       p->vpstr = strdup(*argv);
#  188|->     p->next = avpopt;
#  189|       avpopt = p;
#  190|   

Error: COMPILER_WARNING: [#def156]
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:17:19: warning[-Wunused-const-variable=]: 'RCSID' defined but not used
#   17 | static char const RCSID[] =
#      |                   ^~~~~
#   15|   */
#   16|   
#   17|-> static char const RCSID[] =
#   18|       "$Id: radrealms.c,v 1.2 2004/11/14 07:26:26 paulus Exp $";
#   19|   

Error: CPPCHECK_WARNING (CWE-476): [#def157]
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:59: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: auths
#   57|       
#   58|       auths = (SERVER *) malloc(sizeof(SERVER));
#   59|->     auths->max = 0;
#   60|       accts = (SERVER *) malloc(sizeof(SERVER));
#   61|       accts->max = 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def158]
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:59:5: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'auths'
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:58:24: acquire_memory: this call could return NULL
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:59:5: danger: 'auths' could be NULL: unchecked value from [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   57|       
#   58|       auths = (SERVER *) malloc(sizeof(SERVER));
#   59|->     auths->max = 0;
#   60|       accts = (SERVER *) malloc(sizeof(SERVER));
#   61|       accts->max = 0;

Error: CPPCHECK_WARNING (CWE-476): [#def159]
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:61: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: accts
#   59|       auths->max = 0;
#   60|       accts = (SERVER *) malloc(sizeof(SERVER));
#   61|->     accts->max = 0;
#   62|       
#   63|       realm = strrchr(user, '@');

Error: GCC_ANALYZER_WARNING (CWE-476): [#def160]
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:61:5: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'accts'
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:60:24: acquire_memory: this call could return NULL
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:61:5: danger: 'accts' could be NULL: unchecked value from [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   59|       auths->max = 0;
#   60|       accts = (SERVER *) malloc(sizeof(SERVER));
#   61|->     accts->max = 0;
#   62|       
#   63|       realm = strrchr(user, '@');

Error: GCC_ANALYZER_WARNING (CWE-401): [#def161]
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:137:17: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:76:8: branch_false: following 'false' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:82:5: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:84:12: branch_true: following 'true' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:85:9: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:94:12: branch_false: following 'false' branch (when 'p' is non-NULL)...
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:94:27: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:105:12: branch_false: following 'false' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:108:13: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:108:12: branch_false: following 'false' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:111:18: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:111:12: branch_false: following 'false' branch (when 'p' is non-NULL)...
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:120:12: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:120:12: branch_false: following 'false' branch (when 'realm' is NULL)...
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:121:31: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:121:13: branch_true: following 'true' branch (when the strings are equal)...
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:122:13: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:123:16: branch_false: following 'false' branch (when 'p' is non-NULL)...
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:131:21: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:131:31: acquire_memory: allocated here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:133:16: branch_true: following 'true' branch (when 'p' is NULL)...
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:134:17: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:137:17: danger: '<unknown>' leaks here; was allocated at [(24)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/23)
#  135|   		ppp_option_error("%s: server port missing on line %d:  %s",
#  136|   			     radrealms_config, line, buffer);
#  137|-> 		free(auths);
#  138|   		free(accts);
#  139|   		return;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def162]
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:138:17: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:76:8: branch_false: following 'false' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:82:5: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:84:12: branch_true: following 'true' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:85:9: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:94:12: branch_false: following 'false' branch (when 'p' is non-NULL)...
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:94:27: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:105:12: branch_true: following 'true' branch...
 branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:108:12: branch_false: following 'false' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:111:18: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:111:12: branch_false: following 'false' branch (when 'p' is non-NULL)...
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:120:12: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:120:12: branch_false: following 'false' branch (when 'realm' is NULL)...
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:121:31: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:121:13: branch_true: following 'true' branch (when the strings are equal)...
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:122:13: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:123:16: branch_false: following 'false' branch (when 'p' is non-NULL)...
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:131:21: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:131:31: acquire_memory: allocated here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:133:16: branch_true: following 'true' branch (when 'p' is NULL)...
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:134:17: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/radrealms.c:138:17: danger: '<unknown>' leaks here; was allocated at [(24)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/23)
#  136|   			     radrealms_config, line, buffer);
#  137|   		free(auths);
#  138|-> 		free(accts);
#  139|   		return;
#  140|   	    }

Error: GCC_ANALYZER_WARNING (CWE-457): [#def163]
ppp-ppp-2.5.1/pppd/plugins/radius/sendserver.c:112:25: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*(__int128 unsigned *)vector'
ppp-ppp-2.5.1/pppd/plugins/radius/sendserver.c:193:5: enter_function: entry to 'rc_send_server'
ppp-ppp-2.5.1/pppd/plugins/radius/sendserver.c:218:12: branch_false: following 'false' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/sendserver.c:230:20: branch_false: following 'false' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/sendserver.c:237:18: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/sendserver.c:238:12: branch_false: following 'false' branch (when 'sockfd >= 0')...
ppp-ppp-2.5.1/pppd/plugins/radius/sendserver.c:245:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/sendserver.c:251:12: branch_false: following 'false' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/sendserver.c:252:20: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/sendserver.c:251:13: branch_false: following 'false' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/sendserver.c:260:9: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/sendserver.c:268:12: branch_true: following 'true' branch...
ppp-ppp-2.5.1/pppd/plugins/radius/sendserver.c:270:32: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/radius/sendserver.c:270:32: call_function: calling 'rc_pack_list' from 'rc_send_server'
#  110|   			/* Calculate the MD5 digest*/
#  111|   			strcpy ((char *) md5buf, secret);
#  112|-> 			memcpy ((char *) md5buf + secretlen, vector,
#  113|   				AUTH_VECTOR_LEN);
#  114|   			rc_md5_calc (buf, md5buf, secretlen + AUTH_VECTOR_LEN);

Error: CPPCHECK_WARNING (CWE-476): [#def164]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:218: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: result
#  216|   		bits = (ptr[0] << 16) + (ptr[1] << 8) + ptr[2];
#  217|   		ptr += 3;
#  218|-> 		result[out_cnt++] = b64[bits >> 18];
#  219|   		result[out_cnt++] = b64[(bits >> 12) & 0x3f];
#  220|   		result[out_cnt++] = b64[(bits >> 6) & 0x3f];

Error: GCC_ANALYZER_WARNING (CWE-476): [#def165]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:218:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'result'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:513:1: enter_function: entry to 'winbind_chap_verify'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:539:12: branch_false: following 'false' branch (when 'p' is NULL)...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:547:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:611:20: branch_false: following 'false' branch (when 'response_len == 49')...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:614:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:619:21: call_function: calling 'run_ntlm_auth' from 'winbind_chap_verify'
#  216|   		bits = (ptr[0] << 16) + (ptr[1] << 8) + ptr[2];
#  217|   		ptr += 3;
#  218|-> 		result[out_cnt++] = b64[bits >> 18];
#  219|   		result[out_cnt++] = b64[(bits >> 12) & 0x3f];
#  220|   		result[out_cnt++] = b64[(bits >> 6) & 0x3f];

Error: CPPCHECK_WARNING (CWE-476): [#def166]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:219: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: result
#  217|   		ptr += 3;
#  218|   		result[out_cnt++] = b64[bits >> 18];
#  219|-> 		result[out_cnt++] = b64[(bits >> 12) & 0x3f];
#  220|   		result[out_cnt++] = b64[(bits >> 6) & 0x3f];
#  221|   		result[out_cnt++] = b64[bits & 0x3f];

Error: CPPCHECK_WARNING (CWE-476): [#def167]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:220: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: result
#  218|   		result[out_cnt++] = b64[bits >> 18];
#  219|   		result[out_cnt++] = b64[(bits >> 12) & 0x3f];
#  220|-> 		result[out_cnt++] = b64[(bits >> 6) & 0x3f];
#  221|   		result[out_cnt++] = b64[bits & 0x3f];
#  222|   	}

Error: CPPCHECK_WARNING (CWE-476): [#def168]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:221: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: result
#  219|   		result[out_cnt++] = b64[(bits >> 12) & 0x3f];
#  220|   		result[out_cnt++] = b64[(bits >> 6) & 0x3f];
#  221|-> 		result[out_cnt++] = b64[bits & 0x3f];
#  222|   	}
#  223|   	if (len != 0) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def169]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:227:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'result'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:513:1: enter_function: entry to 'winbind_chap_verify'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:539:12: branch_false: following 'false' branch (when 'p' is NULL)...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:547:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:611:20: branch_false: following 'false' branch (when 'response_len == 49')...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:614:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:619:21: call_function: calling 'run_ntlm_auth' from 'winbind_chap_verify'
#  225|   		if (len > 1)
#  226|   			bits |= ptr[1] << 8;
#  227|-> 		result[out_cnt++] = b64[bits >> 18];
#  228|   		result[out_cnt++] = b64[(bits >> 12) & 0x3f];
#  229|   		result[out_cnt++] = (len > 1)? b64[(bits >> 6) & 0x3f]: '=';

Error: CPPCHECK_WARNING (CWE-476): [#def170]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:233: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: result
#  231|   	}
#  232|   
#  233|-> 	result[out_cnt] = '\0';	/* terminate */
#  234|   	return result;
#  235|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def171]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:233:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'result'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:513:1: enter_function: entry to 'winbind_chap_verify'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:539:12: branch_false: following 'false' branch (when 'p' is NULL)...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:547:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:611:20: branch_false: following 'false' branch (when 'response_len == 49')...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:614:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:619:21: call_function: calling 'run_ntlm_auth' from 'winbind_chap_verify'
#  231|   	}
#  232|   
#  233|-> 	result[out_cnt] = '\0';	/* terminate */
#  234|   	return result;
#  235|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def172]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:271:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'child_in[1]'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:513:1: enter_function: entry to 'winbind_chap_verify'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:539:12: branch_false: following 'false' branch (when 'p' is NULL)...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:547:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:558:20: branch_false: following 'false' branch (when 'response_len == 49')...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:562:21: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:562:20: branch_true: following 'true' branch...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:563:25: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:578:21: call_function: calling 'run_ntlm_auth' from 'winbind_chap_verify'
#  269|   	/* First see if we have a program to run... */
#  270|   	if (ntlm_auth == NULL)
#  271|-> 		return NOT_AUTHENTICATED;
#  272|   
#  273|           /* Make first child */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def173]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:271:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'child_out[0]'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:513:1: enter_function: entry to 'winbind_chap_verify'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:539:12: branch_false: following 'false' branch (when 'p' is NULL)...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:547:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:611:20: branch_false: following 'false' branch (when 'response_len == 49')...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:614:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:619:21: call_function: calling 'run_ntlm_auth' from 'winbind_chap_verify'
#  269|   	/* First see if we have a program to run... */
#  270|   	if (ntlm_auth == NULL)
#  271|-> 		return NOT_AUTHENTICATED;
#  272|   
#  273|           /* Make first child */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def174]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:271:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'child_out[1]'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:513:1: enter_function: entry to 'winbind_chap_verify'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:539:12: branch_false: following 'false' branch (when 'p' is NULL)...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:547:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:611:20: branch_false: following 'false' branch (when 'response_len == 49')...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:614:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:619:21: call_function: calling 'run_ntlm_auth' from 'winbind_chap_verify'
#  269|   	/* First see if we have a program to run... */
#  270|   	if (ntlm_auth == NULL)
#  271|-> 		return NOT_AUTHENTICATED;
#  272|   
#  273|           /* Make first child */

Error: GCC_ANALYZER_WARNING (CWE-688): [#def175]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:328:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'pipe_in' where non-null expected
ppp-ppp-2.5.1/pppd/plugins/winbind.c:513:1: enter_function: entry to 'winbind_chap_verify'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:539:12: branch_false: following 'false' branch (when 'p' is NULL)...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:547:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:611:20: branch_false: following 'false' branch (when 'response_len == 49')...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:614:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:619:21: call_function: calling 'run_ntlm_auth' from 'winbind_chap_verify'
#  326|   	if (username) {
#  327|   		char *b64_username = base64_encode(username);
#  328|-> 		fprintf(pipe_in, "Username:: %s\n", b64_username);
#  329|   		free(b64_username);
#  330|   	}

Error: GCC_ANALYZER_WARNING (CWE-688): [#def176]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:334:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'pipe_in' where non-null expected
ppp-ppp-2.5.1/pppd/plugins/winbind.c:513:1: enter_function: entry to 'winbind_chap_verify'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:539:12: branch_true: following 'true' branch (when 'p' is non-NULL)...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:540:17: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:558:20: branch_false: following 'false' branch (when 'response_len == 49')...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:562:21: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:562:20: branch_true: following 'true' branch...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:563:25: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:578:21: call_function: calling 'run_ntlm_auth' from 'winbind_chap_verify'
#  332|   	if (domain) {
#  333|   		char *b64_domain = base64_encode(domain);
#  334|-> 		fprintf(pipe_in, "NT-Domain:: %s\n", b64_domain);
#  335|   		free(b64_domain);
#  336|   	}

Error: GCC_ANALYZER_WARNING (CWE-688): [#def177]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:351:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'pipe_in' where non-null expected
ppp-ppp-2.5.1/pppd/plugins/winbind.c:513:1: enter_function: entry to 'winbind_chap_verify'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:539:12: branch_false: following 'false' branch (when 'p' is NULL)...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:547:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:611:20: branch_false: following 'false' branch (when 'response_len == 49')...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:614:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:619:21: call_function: calling 'run_ntlm_auth' from 'winbind_chap_verify'
#argument 4 of '__builtin_fwrite' must be non-null
#  349|   
#  350|   	if (challenge_length) {
#  351|-> 		fprintf(pipe_in, "Request-User-Session-Key: yes\n");
#  352|   
#  353|   		challenge_hex = malloc(challenge_length*2+1);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def178]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:356:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'challenge_hex' where non-null expected
ppp-ppp-2.5.1/pppd/plugins/winbind.c:513:1: enter_function: entry to 'winbind_chap_verify'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:539:12: branch_false: following 'false' branch (when 'p' is NULL)...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:547:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:611:20: branch_false: following 'false' branch (when 'response_len == 49')...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:614:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:619:21: call_function: calling 'run_ntlm_auth' from 'winbind_chap_verify'
#argument 1 of '__builtin_sprintf' must be non-null
#  354|   		
#  355|   		for (i = 0; i < challenge_length; i++)
#  356|-> 			sprintf(challenge_hex + i * 2, "%02X", challenge[i]);
#  357|   		
#  358|   		fprintf(pipe_in, "LANMAN-Challenge: %s\n", challenge_hex);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def179]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:376:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'nt_hex_hash' where non-null expected
ppp-ppp-2.5.1/pppd/plugins/winbind.c:513:1: enter_function: entry to 'winbind_chap_verify'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:539:12: branch_false: following 'false' branch (when 'p' is NULL)...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:547:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:558:20: branch_false: following 'false' branch (when 'response_len == 49')...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:562:21: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:562:20: branch_true: following 'true' branch...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:563:25: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:578:21: call_function: calling 'run_ntlm_auth' from 'winbind_chap_verify'
#argument 1 of '__builtin_sprintf' must be non-null
#  374|   		
#  375|   		for (i = 0; i < nt_response_length; i++)
#  376|-> 			sprintf(nt_hex_hash + i * 2, "%02X", nt_response[i]);
#  377|   		
#  378|   		fprintf(pipe_in, "NT-response: %s\n", nt_hex_hash);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def180]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:378:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'pipe_in' where non-null expected
ppp-ppp-2.5.1/pppd/plugins/winbind.c:513:1: enter_function: entry to 'winbind_chap_verify'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:539:12: branch_false: following 'false' branch (when 'p' is NULL)...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:547:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:558:20: branch_false: following 'false' branch (when 'response_len == 49')...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:562:21: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:562:20: branch_true: following 'true' branch...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:563:25: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:578:21: call_function: calling 'run_ntlm_auth' from 'winbind_chap_verify'
#  376|   			sprintf(nt_hex_hash + i * 2, "%02X", nt_response[i]);
#  377|   		
#  378|-> 		fprintf(pipe_in, "NT-response: %s\n", nt_hex_hash);
#  379|   		free(nt_hex_hash);
#  380|   	}

Error: GCC_ANALYZER_WARNING (CWE-688): [#def181]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:385:16: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'pipe_out' where non-null expected
ppp-ppp-2.5.1/pppd/plugins/winbind.c:513:1: enter_function: entry to 'winbind_chap_verify'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:539:12: branch_false: following 'false' branch (when 'p' is NULL)...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:547:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:558:20: branch_false: following 'false' branch (when 'response_len == 49')...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:562:21: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:562:20: branch_true: following 'true' branch...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:563:25: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:578:21: call_function: calling 'run_ntlm_auth' from 'winbind_chap_verify'
#  383|   	fflush(pipe_in);
#  384|   	
#  385|-> 	while (fgets(buffer, sizeof(buffer)-1, pipe_out) != NULL) {
#  386|   		char *message, *parameter;
#  387|   		if (buffer[strlen(buffer)-1] != '\n') {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def182]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:424:33: warning[-Wanalyzer-malloc-leak]: leak of 'error_string'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:513:1: enter_function: entry to 'winbind_chap_verify'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:539:12: branch_false: following 'false' branch (when 'p' is NULL)...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:547:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:558:20: branch_false: following 'false' branch (when 'response_len == 49')...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:562:21: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:562:20: branch_true: following 'true' branch...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:563:25: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:578:21: call_function: calling 'run_ntlm_auth' from 'winbind_chap_verify'
#  422|   			authenticated = NOT_AUTHENTICATED;
#  423|   			if (error_string)
#  424|-> 				*error_string = strdup(parameter);
#  425|   		} else if (strcasecmp(message, "Authentication-Error") == 0) {
#  426|   			authenticated = NOT_AUTHENTICATED;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def183]
ppp-ppp-2.5.1/pppd/plugins/winbind.c:428:33: warning[-Wanalyzer-malloc-leak]: leak of 'error_string'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:513:1: enter_function: entry to 'winbind_chap_verify'
ppp-ppp-2.5.1/pppd/plugins/winbind.c:539:12: branch_false: following 'false' branch (when 'p' is NULL)...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:547:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:558:20: branch_false: following 'false' branch (when 'response_len == 49')...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:562:21: branch_false: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:562:20: branch_true: following 'true' branch...
ppp-ppp-2.5.1/pppd/plugins/winbind.c:563:25: branch_true: ...to here
ppp-ppp-2.5.1/pppd/plugins/winbind.c:578:21: call_function: calling 'run_ntlm_auth' from 'winbind_chap_verify'
#  426|   			authenticated = NOT_AUTHENTICATED;
#  427|   			if (error_string)
#  428|-> 				*error_string = strdup(parameter);
#  429|   		} else {
#  430|   			notice("unrecognised input from ntlm_auth helper - %s: %s", message, parameter); 

Error: GCC_ANALYZER_WARNING (CWE-401): [#def184]
ppp-ppp-2.5.1/pppd/session.c:158:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
ppp-ppp-2.5.1/pppd/session.c:135:8: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
 branch_false: ...to here
ppp-ppp-2.5.1/pppd/session.c:137:23: branch_true: following ‘true’ branch (when ‘replies < num_msg’)...
ppp-ppp-2.5.1/pppd/session.c:138:20: branch_true: ...to here
ppp-ppp-2.5.1/pppd/session.c:146:39: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/session.c:146:39: branch_true: ...to here
ppp-ppp-2.5.1/pppd/session.c:146:39: acquire_memory: allocated here
ppp-ppp-2.5.1/pppd/session.c:137:23: branch_true: following ‘true’ branch (when ‘replies < num_msg’)...
ppp-ppp-2.5.1/pppd/session.c:138:20: branch_true: ...to here
ppp-ppp-2.5.1/pppd/session.c:158:17: danger: ‘<unknown>’ leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  156|               default:
#  157|                   /* Must be an error of some sort... */
#  158|->                 free (reply);
#  159|                   return PAM_CONV_ERR;
#  160|           }

Error: CPPCHECK_WARNING (CWE-457): [#def185]
ppp-ppp-2.5.1/pppd/sys-linux.c:1060: error[uninitvar]: Uninitialized variable: x
# 1058|   
# 1059|       if (still_ppp()) {
# 1060|-> 	if (ioctl(ppp_fd, PPPIOCGFLAGS, (caddr_t) &x) == 0) {
# 1061|   	    s = NULL;
# 1062|   	    switch (~x & (SC_RCV_B7_0|SC_RCV_B7_1|SC_RCV_EVNP|SC_RCV_ODDP)) {

Error: CPPCHECK_WARNING (CWE-457): [#def186]
ppp-ppp-2.5.1/pppd/sys-linux.c:1737: error[uninitvar]: Uninitialized variable: data
# 1735|       memset (&req, 0, sizeof (req));
# 1736|   
# 1737|->     req.ifr_data = (caddr_t) &data;
# 1738|       strlcpy(req.ifr_name, ifname, sizeof(req.ifr_name));
# 1739|       if (ioctl(sock_fd, SIOCGPPPSTATS, &req) < 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def187]
ppp-ppp-2.5.1/pppd/sys-linux.c:2053:16: warning[-Wanalyzer-file-leak]: leak of FILE
ppp-ppp-2.5.1/pppd/sys-linux.c:2033:16: acquire_resource: opened here
ppp-ppp-2.5.1/pppd/sys-linux.c:2034:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/sys-linux.c:2039:5: branch_false: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2048:8: branch_true: following ‘true’ branch...
 branch_true: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2051:23: branch_true: following ‘true’ branch (when ‘col != 12’)...
ppp-ppp-2.5.1/pppd/sys-linux.c:2053:22: branch_true: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2053:16: branch_false: following ‘false’ branch (when ‘q’ is non-NULL)...
ppp-ppp-2.5.1/pppd/sys-linux.c:2055:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2067:17: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/sys-linux.c:2051:45: branch_false: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2051:23: branch_true: following ‘true’ branch (when ‘col != 12’)...
ppp-ppp-2.5.1/pppd/sys-linux.c:2053:22: branch_true: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2053:16: branch_false: following ‘false’ branch (when ‘q’ is non-NULL)...
ppp-ppp-2.5.1/pppd/sys-linux.c:2055:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2067:17: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/sys-linux.c:2051:45: branch_false: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2051:23: branch_true: following ‘true’ branch (when ‘col != 12’)...
ppp-ppp-2.5.1/pppd/sys-linux.c:2053:22: branch_true: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2053:16: branch_false: following ‘false’ branch (when ‘q’ is non-NULL)...
ppp-ppp-2.5.1/pppd/sys-linux.c:2055:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2067:17: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/sys-linux.c:2051:45: branch_false: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2051:23: branch_true: following ‘true’ branch (when ‘col != 12’)...
ppp-ppp-2.5.1/pppd/sys-linux.c:2053:22: branch_true: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2053:16: danger: leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
# 2051|   	for (col = 0; col < ROUTE_MAX_COLS; ++col) {
# 2052|   	    int used = 1;
# 2053|-> 	    if ((q = strtok(p, route_delims)) == 0)
# 2054|   		break;
# 2055|   	    if (strcasecmp(q, "iface") == 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def188]
ppp-ppp-2.5.1/pppd/sys-linux.c:2053:16: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
ppp-ppp-2.5.1/pppd/sys-linux.c:2033:16: acquire_memory: allocated here
ppp-ppp-2.5.1/pppd/sys-linux.c:2034:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/sys-linux.c:2039:5: branch_false: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2048:8: branch_true: following ‘true’ branch...
 branch_true: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2051:23: branch_true: following ‘true’ branch (when ‘col != 12’)...
ppp-ppp-2.5.1/pppd/sys-linux.c:2053:22: branch_true: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2053:16: branch_false: following ‘false’ branch (when ‘q’ is non-NULL)...
ppp-ppp-2.5.1/pppd/sys-linux.c:2055:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2067:17: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/sys-linux.c:2051:45: branch_false: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2051:23: branch_true: following ‘true’ branch (when ‘col != 12’)...
ppp-ppp-2.5.1/pppd/sys-linux.c:2053:22: branch_true: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2053:16: branch_false: following ‘false’ branch (when ‘q’ is non-NULL)...
ppp-ppp-2.5.1/pppd/sys-linux.c:2055:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2067:17: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/sys-linux.c:2051:45: branch_false: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2051:23: branch_true: following ‘true’ branch (when ‘col != 12’)...
ppp-ppp-2.5.1/pppd/sys-linux.c:2053:22: branch_true: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2053:16: branch_false: following ‘false’ branch (when ‘q’ is non-NULL)...
ppp-ppp-2.5.1/pppd/sys-linux.c:2055:17: branch_false: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2067:17: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/sys-linux.c:2051:45: branch_false: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2051:23: branch_true: following ‘true’ branch (when ‘col != 12’)...
ppp-ppp-2.5.1/pppd/sys-linux.c:2053:22: branch_true: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2053:16: danger: ‘<unknown>’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
# 2051|   	for (col = 0; col < ROUTE_MAX_COLS; ++col) {
# 2052|   	    int used = 1;
# 2053|-> 	    if ((q = strtok(p, route_delims)) == 0)
# 2054|   		break;
# 2055|   	    if (strcasecmp(q, "iface") == 0)

Error: CPPCHECK_WARNING (CWE-457): [#def189]
ppp-ppp-2.5.1/pppd/sys-linux.c:2102: warning[uninitvar]: Uninitialized variable: cols
# 2100|       SET_SA_FAMILY (rt->rt_gateway, AF_INET);
# 2101|   
# 2102|->     SIN_ADDR(rt->rt_dst) = strtoul(cols[route_dest_col], NULL, 16);
# 2103|       SIN_ADDR(rt->rt_gateway) = strtoul(cols[route_gw_col], NULL, 16);
# 2104|       SIN_ADDR(rt->rt_genmask) = strtoul(cols[route_mask_col], NULL, 16);

Error: CPPCHECK_WARNING (CWE-476): [#def190]
ppp-ppp-2.5.1/pppd/sys-linux.c:2228: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: tmp_dev
# 2226|   		/* we need to copy rt_dev because we need it permanent too: */
# 2227|   		char * tmp_dev = malloc(strlen(old_def_rt.rt_dev)+1);
# 2228|-> 		strcpy(tmp_dev, old_def_rt.rt_dev);
# 2229|   		old_def_rt.rt_dev = tmp_dev;
# 2230|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def191]
ppp-ppp-2.5.1/pppd/sys-linux.c:2382:9: warning[-Wanalyzer-file-leak]: leak of FILE
ppp-ppp-2.5.1/pppd/sys-linux.c:2404:12: enter_function: entry to ‘defaultroute6_exists’
ppp-ppp-2.5.1/pppd/sys-linux.c:2408:10: call_function: calling ‘open_route6_table’ from ‘defaultroute6_exists’
ppp-ppp-2.5.1/pppd/sys-linux.c:2408:10: return_function: returning to ‘defaultroute6_exists’ from ‘open_route6_table’
ppp-ppp-2.5.1/pppd/sys-linux.c:2408:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2411:12: call_function: calling ‘read_route6_table’ from ‘defaultroute6_exists’
# 2380|       p = route_buffer;
# 2381|       for (col = 0; col < route_num_cols; ++col) {
# 2382|-> 	cols[col] = strtok(p, route_delims);
# 2383|   	if (cols[col] == NULL)
# 2384|   	    return 0;		/* didn't get enough columns */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def192]
ppp-ppp-2.5.1/pppd/sys-linux.c:2382:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
ppp-ppp-2.5.1/pppd/sys-linux.c:2404:12: enter_function: entry to ‘defaultroute6_exists’
ppp-ppp-2.5.1/pppd/sys-linux.c:2408:10: call_function: calling ‘open_route6_table’ from ‘defaultroute6_exists’
ppp-ppp-2.5.1/pppd/sys-linux.c:2408:10: return_function: returning to ‘defaultroute6_exists’ from ‘open_route6_table’
ppp-ppp-2.5.1/pppd/sys-linux.c:2408:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
ppp-ppp-2.5.1/pppd/sys-linux.c:2411:12: call_function: calling ‘read_route6_table’ from ‘defaultroute6_exists’
# 2380|       p = route_buffer;
# 2381|       for (col = 0; col < route_num_cols; ++col) {
# 2382|-> 	cols[col] = strtok(p, route_delims);
# 2383|   	if (cols[col] == NULL)
# 2384|   	    return 0;		/* didn't get enough columns */

Error: CPPCHECK_WARNING (CWE-457): [#def193]
ppp-ppp-2.5.1/pppd/sys-linux.c:2388: warning[uninitvar]: Uninitialized variable: cols
# 2386|       }
# 2387|   
# 2388|->     hex_to_in6_addr(&rt->rtmsg_dst, cols[route_dest_col]);
# 2389|       rt->rtmsg_dst_len = strtoul(cols[route_dest_plen_col], NULL, 16);
# 2390|       hex_to_in6_addr(&rt->rtmsg_gateway, cols[route_gw_col]);

Error: CPPCHECK_WARNING (CWE-457): [#def194]
ppp-ppp-2.5.1/pppd/sys-linux.c:2817: warning[uninitvar]: Uninitialized variable: buf
# 2815|       char *endp;
# 2816|   
# 2817|->     *version      = (int) strtoul (buf, &endp, 10);
# 2818|       *modification = 0;
# 2819|       *patch        = 0;

Error: CPPCHECK_WARNING (CWE-457): [#def195]
ppp-ppp-2.5.1/pppd/sys-linux.c:2931: error[uninitvar]: Uninitialized variable: ifr
# 2929|   
# 2930|       strlcpy (ifr.ifr_name, "ppp0", sizeof (ifr.ifr_name));
# 2931|->     ok = ioctl(s, SIOCGIFFLAGS, (caddr_t) &ifr) >= 0;
# 2932|   /*
# 2933|    * If the device did not exist then attempt to create one by putting the

Error: COMPILER_WARNING (CWE-1164): [#def196]
ppp-ppp-2.5.1/pppd/sys-linux.c:176: included_from: Included from here.
ppp-ppp-2.5.1/pppd/termios_linux.h:186:13: warning[-Wunused-function]: ‘cfmakeraw’ defined but not used
#  186 | static void cfmakeraw(struct termios *t)
#      |             ^~~~~~~~~
#  184|   }
#  185|   
#  186|-> static void cfmakeraw(struct termios *t)
#  187|   {
#  188|   	t->c_iflag &= ~(IGNBRK | BRKINT | PARMRK | ISTRIP | INLCR | IGNCR |

Error: GCC_ANALYZER_WARNING (CWE-688): [#def197]
ppp-ppp-2.5.1/pppd/tls.c:197:13: warning[-Wanalyzer-null-argument]: use of NULL ‘ptr2’ where non-null expected
ppp-ppp-2.5.1/pppd/tls.c:129:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/tls.c:134:5: branch_false: ...to here
ppp-ppp-2.5.1/pppd/tls.c:136:8: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/tls.c:139:13: branch_true: ...to here
ppp-ppp-2.5.1/pppd/tls.c:163:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/tls.c:177:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
ppp-ppp-2.5.1/pppd/tls.c:182:13: branch_false: ...to here
ppp-ppp-2.5.1/pppd/tls.c:182:12: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/tls.c:183:14: branch_false: ...to here
ppp-ppp-2.5.1/pppd/tls.c:182:13: branch_false: following ‘false’ branch (when the strings are non-equal)...
ppp-ppp-2.5.1/pppd/tls.c:188:14: branch_false: ...to here
ppp-ppp-2.5.1/pppd/tls.c:188:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
ppp-ppp-2.5.1/pppd/tls.c:197:13: branch_false: ...to here
ppp-ppp-2.5.1/pppd/tls.c:197:13: danger: argument 2 (‘ptr2’) NULL where non-null expected
#  195|           }
#  196|   
#  197|->         if (strcmp(ptr1, ptr2)) {
#  198|               error("Certificate verification error: CN (%s) != %s", ptr1, ptr2);
#  199|               return 0;

Error: CPPCHECK_WARNING (CWE-476): [#def198]
ppp-ppp-2.5.1/pppd/tls.c:243: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: tmp
#  241|           }
#  242|   
#  243|->         tmp->client = client;
#  244|           if (peer_name) {
#  245|               tmp->peer_name = strdup(peer_name);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def199]
ppp-ppp-2.5.1/pppd/tls.c:243:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘tmp’
ppp-ppp-2.5.1/pppd/tls.c:237:8: branch_true: following ‘true’ branch (when ‘out’ is non-NULL)...
ppp-ppp-2.5.1/pppd/tls.c:238:32: branch_true: ...to here
ppp-ppp-2.5.1/pppd/tls.c:238:32: acquire_memory: allocated here
ppp-ppp-2.5.1/pppd/tls.c:239:12: release_memory: assuming ‘tmp’ is NULL
ppp-ppp-2.5.1/pppd/tls.c:239:12: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/tls.c:240:13: branch_true: ...to here
ppp-ppp-2.5.1/pppd/tls.c:243:9: danger: dereference of NULL ‘calloc(1, 24)’
#  241|           }
#  242|   
#  243|->         tmp->client = client;
#  244|           if (peer_name) {
#  245|               tmp->peer_name = strdup(peer_name);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def200]
ppp-ppp-2.5.1/pppd/tty.c:685:32: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘ipipe[0]’
ppp-ppp-2.5.1/pppd/tty.c:677:12: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/tty.c:678:21: branch_true: ...to here
ppp-ppp-2.5.1/pppd/tty.c:678:20: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/tty.c:681:29: branch_true: ...to here
ppp-ppp-2.5.1/pppd/tty.c:681:28: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/tty.c:682:33: branch_true: ...to here
ppp-ppp-2.5.1/pppd/tty.c:685:32: danger: use of uninitialized value ‘ipipe[0]’ here
#  683|   
#  684|   			/* don't leak these to the ptycommand */
#  685|-> 			(void) fcntl(ipipe[0], F_SETFD, FD_CLOEXEC);
#  686|   			(void) fcntl(opipe[1], F_SETFD, FD_CLOEXEC);
#  687|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def201]
ppp-ppp-2.5.1/pppd/tty.c:686:32: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘opipe[1]’
ppp-ppp-2.5.1/pppd/tty.c:677:12: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/tty.c:678:21: branch_true: ...to here
ppp-ppp-2.5.1/pppd/tty.c:678:20: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/tty.c:681:29: branch_true: ...to here
ppp-ppp-2.5.1/pppd/tty.c:681:28: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/tty.c:681:48: branch_false: ...to here
ppp-ppp-2.5.1/pppd/tty.c:681:29: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/tty.c:682:33: branch_true: ...to here
ppp-ppp-2.5.1/pppd/tty.c:686:32: danger: use of uninitialized value ‘opipe[1]’ here
#  684|   			/* don't leak these to the ptycommand */
#  685|   			(void) fcntl(ipipe[0], F_SETFD, FD_CLOEXEC);
#  686|-> 			(void) fcntl(opipe[1], F_SETFD, FD_CLOEXEC);
#  687|   
#  688|   			ok = device_script(ptycommand, opipe[0], ipipe[1], 1) == 0

Error: GCC_ANALYZER_WARNING (CWE-686): [#def202]
ppp-ppp-2.5.1/pppd/utils.c:182:13: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘int’ but received ‘char (*)[4096]’ for variadic argument 1 of ‘args’
ppp-ppp-2.5.1/pppd/utils.c:1007:1: enter_function: entry to ‘relock’
ppp-ppp-2.5.1/pppd/utils.c:1017:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1019:10: branch_false: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1020:8: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1021:9: branch_true: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1021:9: call_function: calling ‘error’ from ‘relock’ with 1 variadic argument
#  180|   	}
#  181|   	if (c == '*') {
#  182|-> 	    width = va_arg(args, int);
#  183|   	    c = *++fmt;
#  184|   	} else {

Error: GCC_ANALYZER_WARNING (CWE-686): [#def203]
ppp-ppp-2.5.1/pppd/utils.c:193:17: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘int’ but received ‘char (*)[4096]’ for variadic argument 1 of ‘args’
ppp-ppp-2.5.1/pppd/utils.c:1007:1: enter_function: entry to ‘relock’
ppp-ppp-2.5.1/pppd/utils.c:1017:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1019:10: branch_false: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1020:8: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1021:9: branch_true: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1021:9: call_function: calling ‘error’ from ‘relock’ with 1 variadic argument
#  191|   	    c = *++fmt;
#  192|   	    if (c == '*') {
#  193|-> 		prec = va_arg(args, int);
#  194|   		c = *++fmt;
#  195|   	    } else {

Error: GCC_ANALYZER_WARNING (CWE-686): [#def204]
ppp-ppp-2.5.1/pppd/utils.c:212:17: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘long int’ but received ‘char (*)[4096]’ for variadic argument 1 of ‘args’
ppp-ppp-2.5.1/pppd/utils.c:1007:1: enter_function: entry to ‘relock’
ppp-ppp-2.5.1/pppd/utils.c:1017:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1019:10: branch_false: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1020:8: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1021:9: branch_true: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1021:9: call_function: calling ‘error’ from ‘relock’ with 1 variadic argument
#  210|   	    switch (c) {
#  211|   	    case 'd':
#  212|-> 		lval = va_arg(args, long);
#  213|   		if (lval < 0) {
#  214|   		    neg = 1;

Error: GCC_ANALYZER_WARNING (CWE-686): [#def205]
ppp-ppp-2.5.1/pppd/utils.c:221:17: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘long unsigned int’ but received ‘char (*)[4096]’ for variadic argument 1 of ‘args’
ppp-ppp-2.5.1/pppd/utils.c:1007:1: enter_function: entry to ‘relock’
ppp-ppp-2.5.1/pppd/utils.c:1017:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1019:10: branch_false: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1020:8: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1021:9: branch_true: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1021:9: call_function: calling ‘error’ from ‘relock’ with 1 variadic argument
#  219|   		break;
#  220|   	    case 'u':
#  221|-> 		val = va_arg(args, unsigned long);
#  222|   		base = 10;
#  223|   		break;

Error: GCC_ANALYZER_WARNING (CWE-686): [#def206]
ppp-ppp-2.5.1/pppd/utils.c:232:13: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘int’ but received ‘char (*)[4096]’ for variadic argument 1 of ‘args’
ppp-ppp-2.5.1/pppd/utils.c:1007:1: enter_function: entry to ‘relock’
ppp-ppp-2.5.1/pppd/utils.c:1017:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1019:10: branch_false: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1020:8: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1021:9: branch_true: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1021:9: call_function: calling ‘error’ from ‘relock’ with 1 variadic argument
#  230|   	    break;
#  231|   	case 'd':
#  232|-> 	    i = va_arg(args, int);
#  233|   	    if (i < 0) {
#  234|   		neg = 1;

Error: GCC_ANALYZER_WARNING (CWE-686): [#def207]
ppp-ppp-2.5.1/pppd/utils.c:241:19: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘unsigned int’ but received ‘char (*)[4096]’ for variadic argument 1 of ‘args’
ppp-ppp-2.5.1/pppd/utils.c:1007:1: enter_function: entry to ‘relock’
ppp-ppp-2.5.1/pppd/utils.c:1017:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1019:10: branch_false: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1020:8: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1021:9: branch_true: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1021:9: call_function: calling ‘error’ from ‘relock’ with 1 variadic argument
#  239|   	    break;
#  240|   	case 'u':
#  241|-> 	    val = va_arg(args, unsigned int);
#  242|   	    base = 10;
#  243|   	    break;

Error: GCC_ANALYZER_WARNING (CWE-686): [#def208]
ppp-ppp-2.5.1/pppd/utils.c:245:19: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘unsigned int’ but received ‘char (*)[4096]’ for variadic argument 1 of ‘args’
ppp-ppp-2.5.1/pppd/utils.c:1007:1: enter_function: entry to ‘relock’
ppp-ppp-2.5.1/pppd/utils.c:1017:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1019:10: branch_false: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1020:8: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1021:9: branch_true: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1021:9: call_function: calling ‘error’ from ‘relock’ with 1 variadic argument
#  243|   	    break;
#  244|   	case 'o':
#  245|-> 	    val = va_arg(args, unsigned int);
#  246|   	    base = 8;
#  247|   	    break;

Error: GCC_ANALYZER_WARNING (CWE-686): [#def209]
ppp-ppp-2.5.1/pppd/utils.c:250:19: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘unsigned int’ but received ‘char (*)[4096]’ for variadic argument 1 of ‘args’
ppp-ppp-2.5.1/pppd/utils.c:1007:1: enter_function: entry to ‘relock’
ppp-ppp-2.5.1/pppd/utils.c:1017:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1019:10: branch_false: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1020:8: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1021:9: branch_true: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1021:9: call_function: calling ‘error’ from ‘relock’ with 1 variadic argument
#  248|   	case 'x':
#  249|   	case 'X':
#  250|-> 	    val = va_arg(args, unsigned int);
#  251|   	    base = 16;
#  252|   	    break;

Error: GCC_ANALYZER_WARNING (CWE-686): [#def210]
ppp-ppp-2.5.1/pppd/utils.c:262:22: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘int’ but received ‘char (*)[4096]’ for variadic argument 1 of ‘args’
ppp-ppp-2.5.1/pppd/utils.c:1007:1: enter_function: entry to ‘relock’
ppp-ppp-2.5.1/pppd/utils.c:1017:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1019:10: branch_false: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1020:8: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1021:9: branch_true: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1021:9: call_function: calling ‘error’ from ‘relock’ with 1 variadic argument
#  260|   	    break;
#  261|   	case 'c':
#  262|-> 	    num[0] = va_arg(args, int);
#  263|   	    num[1] = 0;
#  264|   	    str = num;

Error: GCC_ANALYZER_WARNING (CWE-686): [#def211]
ppp-ppp-2.5.1/pppd/utils.c:270:13: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘u_int32_t’ {{aka ‘unsigned int’}} but received ‘char (*)[4096]’ for variadic argument 1 of ‘args’
ppp-ppp-2.5.1/pppd/utils.c:1007:1: enter_function: entry to ‘relock’
ppp-ppp-2.5.1/pppd/utils.c:1017:8: branch_false: following ‘false’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1019:10: branch_false: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1020:8: branch_true: following ‘true’ branch...
ppp-ppp-2.5.1/pppd/utils.c:1021:9: branch_true: ...to here
ppp-ppp-2.5.1/pppd/utils.c:1021:9: call_function: calling ‘error’ from ‘relock’ with 1 variadic argument
#  268|   	    break;
#  269|   	case 'I':
#  270|-> 	    ip = va_arg(args, u_int32_t);
#  271|   	    ip = ntohl(ip);
#  272|   	    slprintf(num, sizeof(num), "%d.%d.%d.%d", (ip >> 24) & 0xff,

Error: COMPILER_WARNING (CWE-563): [#def212]
ppp-ppp-2.5.1/pppd/utils.c: scope_hint: In function ‘mkdir_parent’
ppp-ppp-2.5.1/pppd/utils.c:823:9: warning[-Wunused-variable]: unused variable ‘rc’
#  823 |     int rc;
#      |         ^~
#  821|   {
#  822|       char *slash;
#  823|->     int rc;
#  824|   
#  825|       slash = strrchr(path, '/');

Error: COMPILER_WARNING (CWE-563): [#def213]
ppp-ppp-2.5.1/pppdump/pppdump.c:253:17: warning[-Wunused-variable]: unused variable ‘dn’
#  253 |     int nb, nl, dn, proto, rv;
#      |                 ^~
#  251|   {
#  252|       int c, n, k;
#  253|->     int nb, nl, dn, proto, rv;
#  254|       char *dir, *q;
#  255|       unsigned char *p, *r, *endp;

Error: COMPILER_WARNING (CWE-563): [#def214]
ppp-ppp-2.5.1/pppdump/pppdump.c:253:21: warning[-Wunused-variable]: unused variable ‘proto’
#  253 |     int nb, nl, dn, proto, rv;
#      |                     ^~~~~
#  251|   {
#  252|       int c, n, k;
#  253|->     int nb, nl, dn, proto, rv;
#  254|       char *dir, *q;
#  255|       unsigned char *p, *r, *endp;

Error: COMPILER_WARNING (CWE-563): [#def215]
ppp-ppp-2.5.1/pppdump/pppdump.c:253:28: warning[-Wunused-variable]: unused variable ‘rv’
#  253 |     int nb, nl, dn, proto, rv;
#      |                            ^~
#  251|   {
#  252|       int c, n, k;
#  253|->     int nb, nl, dn, proto, rv;
#  254|       char *dir, *q;
#  255|       unsigned char *p, *r, *endp;

Error: COMPILER_WARNING (CWE-563): [#def216]
ppp-ppp-2.5.1/pppdump/pppdump.c: scope_hint: In function ‘dumpppp’
ppp-ppp-2.5.1/pppdump/pppdump.c:256:20: warning[-Wunused-variable]: unused variable ‘d’
#  256 |     unsigned char *d;
#      |                    ^
#  254|       char *dir, *q;
#  255|       unsigned char *p, *r, *endp;
#  256|->     unsigned char *d;
#  257|       unsigned short fcs;
#  258|       struct pkt *pkt;

Error: COMPILER_WARNING: [#def217]
ppp-ppp-2.5.1/pppstats/pppstats.c:39:19: warning[-Wunused-const-variable=]: ‘rcsid’ defined but not used
#   39 | static const char rcsid[] = "$Id: pppstats.c,v 1.29 2002/10/27 12:56:26 fcusack Exp $";
#      |                   ^~~~~
#   37|   
#   38|   #ifndef lint
#   39|-> static const char rcsid[] = "$Id: pppstats.c,v 1.29 2002/10/27 12:56:26 fcusack Exp $";
#   40|   #endif
#   41|   

Error: CPPCHECK_WARNING (CWE-457): [#def218]
ppp-ppp-2.5.1/pppstats/pppstats.c:166: error[uninitvar]: Uninitialized variable: stats
#  164|       memset (&req, 0, sizeof (req));
#  165|   
#  166|->     req.ifr_data = (caddr_t) &stats;
#  167|   
#  168|       strncpy(req.ifr_name, interface, IFNAMSIZ);

Scan Properties