Error: GCC_ANALYZER_WARNING (CWE-476): [#def1] sssd-2.10.2/src/db/sysdb.c:511:12: warning[-Wanalyzer-null-dereference]: dereference of NULL 'el' sssd-2.10.2/src/db/sysdb.c:737:5: enter_function: entry to 'sysdb_attrs_copy_values' sssd-2.10.2/src/db/sysdb.c:745:11: call_function: calling 'sysdb_attrs_get_el' from 'sysdb_attrs_copy_values' sssd-2.10.2/src/db/sysdb.c:745:11: return_function: returning to 'sysdb_attrs_copy_values' from 'sysdb_attrs_get_el' sssd-2.10.2/src/db/sysdb.c:746:8: branch_false: following 'false' branch... branch_false: ...to here sssd-2.10.2/src/db/sysdb.c:750:17: branch_true: following 'true' branch... sssd-2.10.2/src/db/sysdb.c:751:47: branch_true: ...to here sssd-2.10.2/src/db/sysdb.c:751:15: call_function: calling 'sysdb_attrs_add_val' from 'sysdb_attrs_copy_values' # 509| } # 510| # 511|-> vals = talloc_realloc(attrs->a, el->values, # 512| struct ldb_val, el->num_values+1); # 513| if (!vals) return ENOMEM; Error: CPPCHECK_WARNING (CWE-457): [#def2] sssd-2.10.2/src/db/sysdb_ops.c:5823: error[legacyUninitvar]: Uninitialized variable: ldb_ret # 5821| ERROR_OUT(ret, EINVAL, done); # 5822| } # 5823|-> if (ldb_ret != LDB_SUCCESS) { # 5824| ERROR_OUT(ret, EIO, done); # 5825| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def3] sssd-2.10.2/src/db/sysdb_search.c:392:34: warning[-Wanalyzer-null-dereference]: dereference of NULL 'orig_obj' sssd-2.10.2/src/db/sysdb_search.c:1822:5: enter_function: entry to 'sysdb_initgroups_with_views' sssd-2.10.2/src/db/sysdb_search.c:1838:8: branch_false: following 'false' branch... sssd-2.10.2/src/db/sysdb_search.c:1842:11: branch_false: ...to here sssd-2.10.2/src/db/sysdb_search.c:1842:11: call_function: calling 'sysdb_getpwnam_with_views' from 'sysdb_initgroups_with_views' # 390| /* If there are views we have to check if override values must be added to # 391| * the original object. */ # 392|-> if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) { # 393| ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0], # 394| override_obj == NULL ? NULL : override_obj->msgs[0], Error: GCC_ANALYZER_WARNING (CWE-476): [#def4] sssd-2.10.2/src/db/sysdb_search.c:1060:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 'val' sssd-2.10.2/src/db/sysdb_search.c:1592:5: enter_function: entry to 'sysdb_enumgrent' sssd-2.10.2/src/db/sysdb_search.c:1596:12: call_function: calling 'sysdb_enumgrent_filter' from 'sysdb_enumgrent' # 1058| # 1059| /* yes, convert */ # 1060|-> val->data = (uint8_t *)talloc_strdup(msg, SYSDB_GROUP_CLASS); # 1061| if (val->data == NULL) return ENOMEM; # 1062| val->length = strlen(SYSDB_GROUP_CLASS); Error: GCC_ANALYZER_WARNING (CWE-476): [#def5] sssd-2.10.2/src/db/sysdb_search.c:2043:34: warning[-Wanalyzer-null-dereference]: dereference of NULL 'orig_obj' sssd-2.10.2/src/db/sysdb_search.c:1990:5: enter_function: entry to 'sysdb_get_user_attr_with_views' sssd-2.10.2/src/db/sysdb_search.c:1997:24: release_memory: 'orig_obj' is NULL sssd-2.10.2/src/db/sysdb_search.c:1998:24: release_memory: 'orig_obj' is NULL sssd-2.10.2/src/db/sysdb_search.c:2006:8: branch_false: following 'false' branch... sssd-2.10.2/src/db/sysdb_search.c:2011:5: branch_false: ...to here sssd-2.10.2/src/db/sysdb_search.c:2014:8: branch_false: following 'false' branch... sssd-2.10.2/src/db/sysdb_search.c:2033:9: branch_false: ...to here sssd-2.10.2/src/db/sysdb_search.c:2033:9: release_memory: 'orig_obj' is NULL sssd-2.10.2/src/db/sysdb_search.c:2033:8: branch_true: following 'true' branch... sssd-2.10.2/src/db/sysdb_search.c:2034:15: branch_true: ...to here sssd-2.10.2/src/db/sysdb_search.c:2034:15: call_function: calling 'sysdb_get_user_attr' from 'sysdb_get_user_attr_with_views' sssd-2.10.2/src/db/sysdb_search.c:2034:15: return_function: returning to 'sysdb_get_user_attr_with_views' from 'sysdb_get_user_attr' sssd-2.10.2/src/db/sysdb_search.c:2035:12: branch_false: following 'false' branch... sssd-2.10.2/src/db/sysdb_search.c:2043:9: branch_false: ...to here sssd-2.10.2/src/db/sysdb_search.c:2043:8: branch_true: following 'true' branch... sssd-2.10.2/src/db/sysdb_search.c:2043:42: branch_true: ...to here sssd-2.10.2/src/db/sysdb_search.c:2043:42: release_memory: 'orig_obj' is NULL sssd-2.10.2/src/db/sysdb_search.c:2043:34: danger: dereference of NULL 'orig_obj' # 2041| /* If there are views we have to check if override values must be added to # 2042| * the original object. */ # 2043|-> if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) { # 2044| ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0], # 2045| override_obj == NULL ? NULL : override_obj ->msgs[0], Error: GCC_ANALYZER_WARNING (CWE-775): [#def6] sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:173:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_child[0]' sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)... sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')... sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_true: following 'true' branch (when 'ret == -1')... sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:202:9: branch_true: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:173:16: danger: 'pipe_to_child[0]' leaks here # 171| if (buf == NULL) { # 172| ret = ENOMEM; # 173|-> return ret; # 174| } # 175| Error: GCC_ANALYZER_WARNING (CWE-775): [#def7] sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:173:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_child[1]' sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)... sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')... sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_true: following 'true' branch (when 'ret == -1')... sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:202:9: branch_true: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:173:16: danger: 'pipe_to_child[1]' leaks here # 171| if (buf == NULL) { # 172| ret = ENOMEM; # 173|-> return ret; # 174| } # 175| Error: GCC_ANALYZER_WARNING (CWE-775): [#def8] sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:173:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_parent[0]' sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)... sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')... sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')... sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')... sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:226:12: branch_true: following 'true' branch (when 'size == -1')... sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:228:13: branch_true: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:173:16: danger: 'pipe_to_parent[0]' leaks here # 171| if (buf == NULL) { # 172| ret = ENOMEM; # 173|-> return ret; # 174| } # 175| Error: COMPILER_WARNING (CWE-252): [#def9] sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c: scope_hint: In function 'sss_passkeycl_exec_child' sssd-2.10.2/src/krb5_plugin/passkey/passkey_clpreauth.c:222:9: warning[-Wunused-result]: ignoring return value of 'write' declared with attribute 'warn_unused_result' # 222 | write(pipe_to_child[1], pin, strlen(pin)); # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 220| close(pipe_to_parent[1]); # 221| # 222|-> write(pipe_to_child[1], pin, strlen(pin)); # 223| close(pipe_to_child[1]); # 224| Error: GCC_ANALYZER_WARNING (CWE-416): [#def10] sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:111:10: warning[-Wanalyzer-use-after-free]: use after 'free' of 'data' sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:417:1: enter_function: entry to 'sss_passkey_message_from_json' sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:429:8: branch_false: following 'false' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:433:11: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:437:8: branch_false: following 'false' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:441:5: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:446:16: call_function: calling 'sss_passkey_challenge_from_json_object' from 'sss_passkey_message_from_json' sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:446:16: return_function: returning to 'sss_passkey_message_from_json' from 'sss_passkey_challenge_from_json_object' sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:447:12: branch_false: following 'false' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:461:15: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:461:15: call_function: calling 'sss_passkey_message_init' from 'sss_passkey_message_from_json' sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:461:15: return_function: returning to 'sss_passkey_message_from_json' from 'sss_passkey_message_init' sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:462:8: branch_true: following 'true' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:463:9: call_function: calling 'sss_passkey_challenge_free' from 'sss_passkey_message_from_json' # 109| } # 110| # 111|-> free(data->domain); # 112| free(data->cryptographic_challenge); # 113| sss_string_array_free(data->credential_id_list); Error: GCC_ANALYZER_WARNING (CWE-416): [#def11] sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:111:10: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘data’ sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:417:1: enter_function: entry to ‘sss_passkey_message_from_json’ sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:429:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:433:11: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:437:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:441:5: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:446:16: call_function: calling ‘sss_passkey_challenge_from_json_object’ from ‘sss_passkey_message_from_json’ sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:446:16: return_function: returning to ‘sss_passkey_message_from_json’ from ‘sss_passkey_challenge_from_json_object’ sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:447:12: branch_false: following ‘false’ branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:461:15: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:461:15: call_function: calling ‘sss_passkey_message_init’ from ‘sss_passkey_message_from_json’ sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:461:15: return_function: returning to ‘sss_passkey_message_from_json’ from ‘sss_passkey_message_init’ sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:462:8: branch_true: following ‘true’ branch... branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:463:9: call_function: inlined call to ‘sss_passkey_challenge_free’ from ‘sss_passkey_message_from_json’ # 109| } # 110| # 111|-> free(data->domain); # 112| free(data->cryptographic_challenge); # 113| sss_string_array_free(data->credential_id_list); Error: GCC_ANALYZER_WARNING (CWE-401): [#def12] sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:115:5: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>' sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:417:1: enter_function: entry to 'sss_passkey_message_from_json' sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:429:8: branch_false: following 'false' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:433:11: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:437:8: branch_false: following 'false' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:441:5: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:452:16: call_function: calling 'sss_passkey_reply_from_json_object' from 'sss_passkey_message_from_json' sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:452:16: return_function: returning to 'sss_passkey_message_from_json' from 'sss_passkey_reply_from_json_object' sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:453:12: branch_false: following 'false' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:461:15: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:462:8: branch_true: following 'true' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:463:9: call_function: calling 'sss_passkey_challenge_free' from 'sss_passkey_message_from_json' # 113| sss_string_array_free(data->credential_id_list); # 114| # 115|-> free(data); # 116| } # 117| Error: GCC_ANALYZER_WARNING (CWE-401): [#def13] sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:115:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:417:1: enter_function: entry to ‘sss_passkey_message_from_json’ sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:429:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:433:11: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:437:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:441:5: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:452:16: call_function: calling ‘sss_passkey_reply_from_json_object’ from ‘sss_passkey_message_from_json’ sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:452:16: return_function: returning to ‘sss_passkey_message_from_json’ from ‘sss_passkey_reply_from_json_object’ sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:453:12: branch_false: following ‘false’ branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:461:15: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:462:8: branch_true: following ‘true’ branch... branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:463:9: call_function: inlined call to ‘sss_passkey_challenge_free’ from ‘sss_passkey_message_from_json’ # 113| sss_string_array_free(data->credential_id_list); # 114| # 115|-> free(data); # 116| } # 117| Error: GCC_ANALYZER_WARNING (CWE-416): [#def14] sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:243:10: warning[-Wanalyzer-use-after-free]: use after 'free' of 'data' sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:531:1: enter_function: entry to 'sss_passkey_message_from_reply_json' sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:540:8: branch_false: following 'false' branch (when 'json_str' is non-NULL)... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:544:13: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:545:8: branch_false: following 'false' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:549:12: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:549:12: call_function: calling 'sss_passkey_reply_from_json_object' from 'sss_passkey_message_from_reply_json' sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:549:12: return_function: returning to 'sss_passkey_message_from_reply_json' from 'sss_passkey_reply_from_json_object' sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:550:8: branch_false: following 'false' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:555:15: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:555:15: call_function: calling 'sss_passkey_message_init' from 'sss_passkey_message_from_reply_json' sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:555:15: return_function: returning to 'sss_passkey_message_from_reply_json' from 'sss_passkey_message_init' sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:556:8: branch_true: following 'true' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:557:9: branch_true: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:557:9: call_function: calling 'sss_passkey_reply_free' from 'sss_passkey_message_from_reply_json' # 241| } # 242| # 243|-> free(data->credential_id); # 244| free(data->cryptographic_challenge); # 245| free(data->authenticator_data); Error: GCC_ANALYZER_WARNING (CWE-416): [#def15] sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:243:10: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘data’ sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:531:1: enter_function: entry to ‘sss_passkey_message_from_reply_json’ sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:540:8: branch_false: following ‘false’ branch (when ‘json_str’ is non-NULL)... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:544:13: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:545:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:549:12: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:549:12: call_function: calling ‘sss_passkey_reply_from_json_object’ from ‘sss_passkey_message_from_reply_json’ sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:549:12: return_function: returning to ‘sss_passkey_message_from_reply_json’ from ‘sss_passkey_reply_from_json_object’ sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:550:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:555:15: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:555:15: call_function: calling ‘sss_passkey_message_init’ from ‘sss_passkey_message_from_reply_json’ sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:555:15: return_function: returning to ‘sss_passkey_message_from_reply_json’ from ‘sss_passkey_message_init’ sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:556:8: branch_true: following ‘true’ branch... branch_true: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:557:9: call_function: inlined call to ‘sss_passkey_reply_free’ from ‘sss_passkey_message_from_reply_json’ # 241| } # 242| # 243|-> free(data->credential_id); # 244| free(data->cryptographic_challenge); # 245| free(data->authenticator_data); Error: GCC_ANALYZER_WARNING (CWE-126): [#def16] sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:247:10: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:417:1: enter_function: entry to 'sss_passkey_message_from_json' sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:429:8: branch_false: following 'false' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:433:11: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:437:8: branch_false: following 'false' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:441:5: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:446:16: call_function: calling 'sss_passkey_challenge_from_json_object' from 'sss_passkey_message_from_json' sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:446:16: return_function: returning to 'sss_passkey_message_from_json' from 'sss_passkey_challenge_from_json_object' sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:447:12: branch_false: following 'false' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:461:15: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:462:8: branch_true: following 'true' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:462:28: branch_true: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:462:9: branch_false: following 'false' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:464:16: branch_false: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:464:16: branch_true: following 'true' branch... sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:465:9: branch_true: ...to here sssd-2.10.2/src/krb5_plugin/passkey/passkey_utils.c:465:9: call_function: calling 'sss_passkey_reply_free' from 'sss_passkey_message_from_json' # 245| free(data->authenticator_data); # 246| free(data->assertion_signature); # 247|-> free(data->user_id); # 248| free(data); # 249| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def17] sssd-2.10.2/src/ldb_modules/memberof.c:376:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'lastop' sssd-2.10.2/src/ldb_modules/memberof.c:3627:12: enter_function: entry to 'mbof_mod_add' sssd-2.10.2/src/ldb_modules/memberof.c:3645:8: branch_false: following 'false' branch... sssd-2.10.2/src/ldb_modules/memberof.c:3649:15: branch_false: ...to here sssd-2.10.2/src/ldb_modules/memberof.c:3650:8: branch_false: following 'false' branch... sssd-2.10.2/src/ldb_modules/memberof.c:3653:5: branch_false: ...to here sssd-2.10.2/src/ldb_modules/memberof.c:3665:8: branch_true: following 'true' branch... sssd-2.10.2/src/ldb_modules/memberof.c:3669:12: branch_false: following 'false' branch... sssd-2.10.2/src/ldb_modules/memberof.c:3672:38: branch_false: ...to here sssd-2.10.2/src/ldb_modules/memberof.c:3676:21: branch_true: following 'true' branch... sssd-2.10.2/src/ldb_modules/memberof.c:3677:55: branch_true: ...to here sssd-2.10.2/src/ldb_modules/memberof.c:3677:19: call_function: calling 'mbof_append_addop' from 'mbof_mod_add' # 374| # 375| if (add_ctx->add_list) { # 376|-> lastop->next = addop; # 377| } else { # 378| add_ctx->add_list = addop; Error: GCC_ANALYZER_WARNING (CWE-476): [#def18] sssd-2.10.2/src/providers/ad/ad_subdomains.c:1157:19: warning[-Wanalyzer-null-dereference]: dereference of NULL 'root_id_ctx' sssd-2.10.2/src/providers/ad/ad_subdomains.c:2281:13: enter_function: entry to 'ad_subdomains_refresh_root_done' sssd-2.10.2/src/providers/ad/ad_subdomains.c:2298:8: branch_true: following 'true' branch... sssd-2.10.2/src/providers/ad/ad_subdomains.c:2299:9: branch_true: ...to here sssd-2.10.2/src/providers/ad/ad_subdomains.c:2302:9: release_memory: 'root_id_ctx' is NULL sssd-2.10.2/src/providers/ad/ad_subdomains.c:2316:15: branch_false: following 'false' branch... sssd-2.10.2/src/providers/ad/ad_subdomains.c:2319:15: branch_false: ...to here sssd-2.10.2/src/providers/ad/ad_subdomains.c:2319:15: branch_false: following 'false' branch... sssd-2.10.2/src/providers/ad/ad_subdomains.c:2324:14: branch_false: ...to here sssd-2.10.2/src/providers/ad/ad_subdomains.c:2324:14: release_memory: 'root_id_ctx' is NULL sssd-2.10.2/src/providers/ad/ad_subdomains.c:2324:14: call_function: calling 'ad_get_slave_domain_send' from 'ad_subdomains_refresh_root_done' # 1155| state->sd_ctx = sd_ctx; # 1156| state->be_ctx = sd_ctx->be_ctx; # 1157|-> state->opts = root_id_ctx->sdap_id_ctx->opts; # 1158| state->idmap_ctx = root_id_ctx->sdap_id_ctx->opts->idmap_ctx; # 1159| state->root_attrs = root_attrs; Error: GCC_ANALYZER_WARNING (CWE-688): [#def19] sssd-2.10.2/src/providers/be_dyndns.c:194:13: warning[-Wanalyzer-null-argument]: use of NULL ‘ifname’ where non-null expected sssd-2.10.2/src/providers/be_dyndns.c:1478:9: enter_function: entry to ‘sss_get_dualstack_addresses’ sssd-2.10.2/src/providers/be_dyndns.c:1483:17: release_memory: ‘iface_name’ is NULL sssd-2.10.2/src/providers/be_dyndns.c:1488:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/providers/be_dyndns.c:1493:11: branch_false: ...to here sssd-2.10.2/src/providers/be_dyndns.c:1494:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/providers/be_dyndns.c:1500:11: branch_false: ...to here sssd-2.10.2/src/providers/be_dyndns.c:1500:11: release_memory: ‘iface_name’ is NULL sssd-2.10.2/src/providers/be_dyndns.c:1500:11: call_function: calling ‘sss_iface_addr_list_get’ from ‘sss_get_dualstack_addresses’ # 192| static bool matching_name(const char *ifname, const char *ifname2) # 193| { # 194|-> return (strcmp(MASK, ifname) == 0) || (strcasecmp(ifname, ifname2) == 0); # 195| } # 196| Error: GCC_ANALYZER_WARNING (CWE-1341): [#def20] sssd-2.10.2/src/providers/be_dyndns.c:1133:9: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘pipefd_to_child[1]’ sssd-2.10.2/src/providers/be_dyndns.c:1054:20: enter_function: entry to ‘be_nsupdate_send’ sssd-2.10.2/src/providers/be_dyndns.c:1074:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/providers/be_dyndns.c:1077:10: branch_false: ...to here sssd-2.10.2/src/providers/be_dyndns.c:1080:8: branch_false: following ‘false’ branch (when ‘ret != -1’)... sssd-2.10.2/src/providers/be_dyndns.c:1086:11: branch_false: ...to here sssd-2.10.2/src/providers/be_dyndns.c:1087:8: branch_false: following ‘false’ branch (when ‘ret != -1’)... sssd-2.10.2/src/providers/be_dyndns.c:1094:12: branch_false: ...to here sssd-2.10.2/src/providers/be_dyndns.c:1094:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’ sssd-2.10.2/src/providers/be_dyndns.c:1094:12: return_function: returning to ‘be_nsupdate_send’ from ‘be_nsupdate_args’ sssd-2.10.2/src/providers/be_dyndns.c:1096:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/providers/be_dyndns.c:1101:17: branch_false: ...to here sssd-2.10.2/src/providers/be_dyndns.c:1103:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)... sssd-2.10.2/src/providers/be_dyndns.c:1108:15: branch_false: ...to here sssd-2.10.2/src/providers/be_dyndns.c:1108:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)... sssd-2.10.2/src/providers/be_dyndns.c:1109:9: branch_true: ...to here sssd-2.10.2/src/providers/be_dyndns.c:1109:9: branch_false: following ‘false’ branch... sssd-2.10.2/src/providers/be_dyndns.c:1110:9: branch_false: ...to here sssd-2.10.2/src/providers/be_dyndns.c:1110:9: branch_true: following ‘true’ branch... sssd-2.10.2/src/providers/be_dyndns.c:1110:9: branch_true: ...to here sssd-2.10.2/src/providers/be_dyndns.c:1115:18: call_function: calling ‘nsupdate_child_send’ from ‘be_nsupdate_send’ sssd-2.10.2/src/providers/be_dyndns.c:1115:18: return_function: returning to ‘be_nsupdate_send’ from ‘nsupdate_child_send’ sssd-2.10.2/src/providers/be_dyndns.c:1118:12: branch_true: following ‘true’ branch... sssd-2.10.2/src/providers/be_dyndns.c:1120:13: branch_true: ...to here sssd-2.10.2/src/providers/be_dyndns.c:1133:9: branch_false: following ‘false’ branch... sssd-2.10.2/src/providers/be_dyndns.c:1133:9: branch_false: ...to here sssd-2.10.2/src/providers/be_dyndns.c:1133:9: branch_true: following ‘true’ branch... sssd-2.10.2/src/providers/be_dyndns.c:1133:9: branch_true: ...to here sssd-2.10.2/src/providers/be_dyndns.c:1133:9: danger: second ‘close’ here; first ‘close’ was at [(40)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/39) # 1131| done: # 1132| if (ret != EOK) { # 1133|-> PIPE_CLOSE(pipefd_to_child); # 1134| tevent_req_error(req, ret); # 1135| tevent_req_post(req, ev); Error: GCC_ANALYZER_WARNING (CWE-476): [#def21] sssd-2.10.2/src/providers/data_provider_fo.c:160:11: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘*ctx.be_fo’ sssd-2.10.2/src/providers/data_provider_fo.c:142:5: enter_function: entry to ‘be_fo_add_service’ sssd-2.10.2/src/providers/data_provider_fo.c:149:11: call_function: calling ‘be_fo_find_svc_data’ from ‘be_fo_add_service’ sssd-2.10.2/src/providers/data_provider_fo.c:149:11: return_function: returning to ‘be_fo_add_service’ from ‘be_fo_find_svc_data’ sssd-2.10.2/src/providers/data_provider_fo.c:150:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/providers/data_provider_fo.c:160:26: branch_false: ...to here sssd-2.10.2/src/providers/data_provider_fo.c:160:11: danger: dereference of NULL ‘*ctx.be_fo’ # 158| /* if not in the be service list, try to create new one */ # 159| # 160|-> ret = fo_new_service(ctx->be_fo->fo_ctx, service_name, user_data_cmp, # 161| &service); # 162| if (ret != EOK && ret != EEXIST) { Error: GCC_ANALYZER_WARNING (CWE-476): [#def22] sssd-2.10.2/src/providers/data_provider_fo.c:160:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ctx’ sssd-2.10.2/src/providers/data_provider_fo.c:142:5: enter_function: entry to ‘be_fo_add_service’ sssd-2.10.2/src/providers/data_provider_fo.c:149:11: call_function: calling ‘be_fo_find_svc_data’ from ‘be_fo_add_service’ sssd-2.10.2/src/providers/data_provider_fo.c:149:11: return_function: returning to ‘be_fo_add_service’ from ‘be_fo_find_svc_data’ sssd-2.10.2/src/providers/data_provider_fo.c:150:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/providers/data_provider_fo.c:160:26: branch_false: ...to here sssd-2.10.2/src/providers/data_provider_fo.c:160:26: danger: dereference of NULL ‘ctx’ # 158| /* if not in the be service list, try to create new one */ # 159| # 160|-> ret = fo_new_service(ctx->be_fo->fo_ctx, service_name, user_data_cmp, # 161| &service); # 162| if (ret != EOK && ret != EEXIST) { Error: GCC_ANALYZER_WARNING (CWE-775): [#def23] sssd-2.10.2/src/providers/ipa/ipa_selinux.c:689:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]' sssd-2.10.2/src/providers/ipa/ipa_selinux.c:686:8: branch_false: following 'false' branch... sssd-2.10.2/src/providers/ipa/ipa_selinux.c:693:5: branch_false: ...to here sssd-2.10.2/src/providers/ipa/ipa_selinux.c:696:8: branch_false: following 'false' branch (when 'ret != -1')... sssd-2.10.2/src/providers/ipa/ipa_selinux.c:703:11: branch_false: ...to here sssd-2.10.2/src/providers/ipa/ipa_selinux.c:705:8: branch_false: following 'false' branch (when 'pid != 0')... sssd-2.10.2/src/providers/ipa/ipa_selinux.c:712:15: branch_false: ...to here sssd-2.10.2/src/providers/ipa/ipa_selinux.c:712:15: branch_false: following 'false' branch (when 'pid <= 0')... sssd-2.10.2/src/providers/ipa/ipa_selinux.c:726:15: branch_false: ...to here sssd-2.10.2/src/providers/ipa/ipa_selinux.c:689:16: danger: 'pipefd_to_child[0]' leaks here # 687| DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n"); # 688| ret = ENOMEM; # 689|-> return ret; # 690| } # 691| c++; Error: GCC_ANALYZER_WARNING (CWE-775): [#def24] sssd-2.10.2/src/providers/ipa/ipa_selinux.c:689:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]' sssd-2.10.2/src/providers/ipa/ipa_selinux.c:686:8: branch_false: following 'false' branch... sssd-2.10.2/src/providers/ipa/ipa_selinux.c:693:5: branch_false: ...to here sssd-2.10.2/src/providers/ipa/ipa_selinux.c:696:8: branch_false: following 'false' branch (when 'ret != -1')... sssd-2.10.2/src/providers/ipa/ipa_selinux.c:703:11: branch_false: ...to here sssd-2.10.2/src/providers/ipa/ipa_selinux.c:705:8: branch_false: following 'false' branch (when 'pid != 0')... sssd-2.10.2/src/providers/ipa/ipa_selinux.c:712:15: branch_false: ...to here sssd-2.10.2/src/providers/ipa/ipa_selinux.c:712:15: branch_false: following 'false' branch (when 'pid <= 0')... sssd-2.10.2/src/providers/ipa/ipa_selinux.c:726:15: branch_false: ...to here sssd-2.10.2/src/providers/ipa/ipa_selinux.c:689:16: danger: 'pipefd_to_child[1]' leaks here # 687| DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n"); # 688| ret = ENOMEM; # 689|-> return ret; # 690| } # 691| c++; Error: CPPCHECK_WARNING (CWE-457): [#def25] sssd-2.10.2/src/providers/ipa/selinux_child.c:202: error[uninitvar]: Uninitialized variable: &chain_id # 200| {"debug-fd", 0, POPT_ARG_INT, &debug_fd, 0, # 201| _("An open file descriptor for the debug logs"), NULL}, # 202|-> {"chain-id", 0, POPT_ARG_LONG, &chain_id, # 203| 0, _("Tevent chain ID used for logging purposes"), NULL}, # 204| SSSD_LOGGER_OPTS Error: COMPILER_WARNING (CWE-252): [#def26] sssd-2.10.2/src/providers/ipa/selinux_child.c: scope_hint: In function ‘main’ sssd-2.10.2/src/providers/ipa/selinux_child.c:359:9: warning[-Wunused-result]: ignoring return value of ‘setresuid’ declared with attribute ‘warn_unused_result’ # 359 | setresuid(suid, suid, suid); # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ # 357| # 358| if (getresuid(&ruid, &euid, &suid) == 0) { # 359|-> setresuid(suid, suid, suid); # 360| } # 361| if (getresgid(&rgid, &egid, &sgid) == 0) { Error: COMPILER_WARNING (CWE-252): [#def27] sssd-2.10.2/src/providers/ipa/selinux_child.c:362:9: warning[-Wunused-result]: ignoring return value of ‘setresgid’ declared with attribute ‘warn_unused_result’ # 362 | setresgid(sgid, sgid, sgid); # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ # 360| } # 361| if (getresgid(&rgid, &egid, &sgid) == 0) { # 362|-> setresgid(sgid, sgid, sgid); # 363| } # 364| Error: COMPILER_WARNING (CWE-252): [#def28] sssd-2.10.2/src/providers/krb5/krb5_ccache.c: scope_hint: In function 'switch_to_user' sssd-2.10.2/src/providers/krb5/krb5_ccache.c:64:9: warning[-Wunused-result]: ignoring return value of 'setresuid' declared with attribute 'warn_unused_result' # 64 | setresuid(-1, suid, -1); # | ^~~~~~~~~~~~~~~~~~~~~~~ # 62| ret = setresgid(-1, rgid, -1); # 63| if (ret != 0) { # 64|-> setresuid(-1, suid, -1); # 65| return errno; # 66| } Error: COMPILER_WARNING (CWE-252): [#def29] sssd-2.10.2/src/providers/krb5/krb5_ccache.c: scope_hint: In function ‘switch_to_user’ sssd-2.10.2/src/providers/krb5/krb5_ccache.c:64:9: warning[-Wunused-result]: ignoring return value of ‘setresuid’ declared with attribute ‘warn_unused_result’ # 64 | setresuid(-1, suid, -1); # | ^~~~~~~~~~~~~~~~~~~~~~~ # 62| ret = setresgid(-1, rgid, -1); # 63| if (ret != 0) { # 64|-> setresuid(-1, suid, -1); # 65| return errno; # 66| } Error: COMPILER_WARNING (CWE-252): [#def30] sssd-2.10.2/src/providers/krb5/krb5_ccache.c: scope_hint: In function 'switch_to_service' sssd-2.10.2/src/providers/krb5/krb5_ccache.c:94:9: warning[-Wunused-result]: ignoring return value of 'setresuid' declared with attribute 'warn_unused_result' # 94 | setresuid(-1, ruid, -1); # | ^~~~~~~~~~~~~~~~~~~~~~~ # 92| ret = setresgid(-1, sgid, -1); # 93| if (ret != 0) { # 94|-> setresuid(-1, ruid, -1); # 95| return errno; # 96| } Error: COMPILER_WARNING (CWE-252): [#def31] sssd-2.10.2/src/providers/krb5/krb5_ccache.c: scope_hint: In function ‘switch_to_service’ sssd-2.10.2/src/providers/krb5/krb5_ccache.c:94:9: warning[-Wunused-result]: ignoring return value of ‘setresuid’ declared with attribute ‘warn_unused_result’ # 94 | setresuid(-1, ruid, -1); # | ^~~~~~~~~~~~~~~~~~~~~~~ # 92| ret = setresgid(-1, sgid, -1); # 93| if (ret != 0) { # 94|-> setresuid(-1, ruid, -1); # 95| return errno; # 96| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def32] sssd-2.10.2/src/providers/ldap/sdap_async.c:1598:33: warning[-Wanalyzer-null-dereference]: dereference of NULL 'serverctrls' sssd-2.10.2/src/providers/ldap/sdap_async.c:2139:20: enter_function: entry to 'sdap_get_generic_send' sssd-2.10.2/src/providers/ldap/sdap_async.c:2157:8: branch_false: following 'false' branch... sssd-2.10.2/src/providers/ldap/sdap_async.c:2159:14: branch_false: ...to here sssd-2.10.2/src/providers/ldap/sdap_async.c:2159:14: call_function: calling 'sdap_get_and_parse_generic_send' from 'sdap_get_generic_send' # 1596| # 1597| for (i=0; i < state->nserverctrls; i++) { # 1598|-> state->serverctrls[i] = serverctrls[i]; # 1599| } # 1600| state->serverctrls[i] = NULL; Error: GCC_ANALYZER_WARNING (CWE-476): [#def33] sssd-2.10.2/src/providers/ldap/sdap_async_initgroups.c:71:15: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sysdb_groupnames' sssd-2.10.2/src/providers/ldap/sdap_async_initgroups.c:1167:1: enter_function: entry to 'sdap_initgr_store_groups' sssd-2.10.2/src/providers/ldap/sdap_async_initgroups.c:1169:12: call_function: calling 'sdap_nested_groups_store' from 'sdap_initgr_store_groups' # 69| mi = 0; # 70| # 71|-> for (i=0; sysdb_groupnames[i]; i++) { # 72| subdomain = find_domain_by_object_name(domain, sysdb_groupnames[i]); # 73| if (subdomain == NULL) { Error: GCC_ANALYZER_WARNING (CWE-775): [#def34] sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:137:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]' sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:98:8: branch_true: following 'true' branch (when 'ret == -1')... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:99:15: branch_true: ...to here sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:140:5: branch_false: following 'false' branch... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:141:5: branch_false: following 'false' branch... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:137:12: danger: 'pipefd_from_child[0]' leaks here # 135| } # 136| # 137|-> return EOK; # 138| # 139| fail: Error: GCC_ANALYZER_WARNING (CWE-775): [#def35] sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:137:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]' sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:98:8: branch_true: following 'true' branch (when 'ret == -1')... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:99:15: branch_true: ...to here sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:140:5: branch_false: following 'false' branch... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:141:5: branch_false: following 'false' branch... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:137:12: danger: 'pipefd_from_child[1]' leaks here # 135| } # 136| # 137|-> return EOK; # 138| # 139| fail: Error: GCC_ANALYZER_WARNING (CWE-775): [#def36] sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:137:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]' sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:98:8: branch_false: following 'false' branch (when 'ret != -1')... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:105:11: branch_false: ...to here sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:107:8: branch_false: following 'false' branch (when 'pid != 0')... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: ...to here sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: following 'false' branch (when 'pid <= 0')... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:131:15: branch_false: ...to here sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:140:5: branch_false: following 'false' branch... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:141:5: branch_false: following 'false' branch... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:137:12: danger: 'pipefd_to_child[0]' leaks here # 135| } # 136| # 137|-> return EOK; # 138| # 139| fail: Error: GCC_ANALYZER_WARNING (CWE-775): [#def37] sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:137:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]' sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:98:8: branch_false: following 'false' branch (when 'ret != -1')... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:105:11: branch_false: ...to here sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:107:8: branch_false: following 'false' branch (when 'pid != 0')... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: ...to here sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: following 'false' branch (when 'pid <= 0')... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:131:15: branch_false: ...to here sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:140:5: branch_false: following 'false' branch... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:141:5: branch_false: following 'false' branch... sssd-2.10.2/src/providers/ldap/sdap_child_helpers.c:137:12: danger: 'pipefd_to_child[1]' leaks here # 135| } # 136| # 137|-> return EOK; # 138| # 139| fail: Error: GCC_ANALYZER_WARNING (CWE-401): [#def38] sssd-2.10.2/src/providers/proxy/proxy_child.c:108:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ sssd-2.10.2/src/providers/proxy/proxy_child.c:73:8: branch_false: following ‘false’ branch (when ‘num_msg > 0’)... sssd-2.10.2/src/providers/proxy/proxy_child.c:75:37: branch_false: ...to here sssd-2.10.2/src/providers/proxy/proxy_child.c:77:8: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)... branch_false: ...to here sssd-2.10.2/src/providers/proxy/proxy_child.c:79:15: branch_true: following ‘true’ branch (when ‘i < num_msg’)... sssd-2.10.2/src/providers/proxy/proxy_child.c:80:21: branch_true: ...to here sssd-2.10.2/src/providers/proxy/proxy_child.c:80:9: branch_true: following ‘true’ branch... sssd-2.10.2/src/providers/proxy/proxy_child.c:81:13: branch_true: ...to here sssd-2.10.2/src/providers/proxy/proxy_child.c:88:20: branch_false: following ‘false’ branch... sssd-2.10.2/src/providers/proxy/proxy_child.c:89:33: branch_false: ...to here sssd-2.10.2/src/providers/proxy/proxy_child.c:89:33: acquire_memory: allocated here sssd-2.10.2/src/providers/proxy/proxy_child.c:90:20: branch_false: following ‘false’ branch... sssd-2.10.2/src/providers/proxy/proxy_child.c:91:17: branch_false: ...to here sssd-2.10.2/src/providers/proxy/proxy_child.c:79:15: branch_true: following ‘true’ branch (when ‘i < num_msg’)... sssd-2.10.2/src/providers/proxy/proxy_child.c:80:21: branch_true: ...to here sssd-2.10.2/src/providers/proxy/proxy_child.c:80:9: branch_true: following ‘true’ branch... sssd-2.10.2/src/providers/proxy/proxy_child.c:81:13: branch_true: ...to here sssd-2.10.2/src/providers/proxy/proxy_child.c:88:20: branch_true: following ‘true’ branch... sssd-2.10.2/src/providers/proxy/proxy_child.c:88:17: branch_true: ...to here sssd-2.10.2/src/providers/proxy/proxy_child.c:108:5: danger: ‘<unknown>’ leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10) # 106| # 107| failed: # 108|-> free(reply); # 109| return PAM_CONV_ERR; # 110| } Error: CPPCHECK_WARNING (CWE-457): [#def39] sssd-2.10.2/src/providers/proxy/proxy_child.c:481: error[uninitvar]: Uninitialized variable: &chain_id # 479| {"id", 0, POPT_ARG_LONG, &id, 0, # 480| _("Child identifier (mandatory)"), NULL }, # 481|-> {"chain-id", 0, POPT_ARG_LONG, &chain_id, 0, # 482| _("Tevent chain ID used for logging purposes"), NULL }, # 483| POPT_TABLEEND Error: CPPCHECK_WARNING (CWE-562): [#def40] sssd-2.10.2/src/python/pyhbac.c:61: error[returnDanglingLifetime]: Returning pointer to local variable 'copy' that will be invalid when returning. # 59| } # 60| # 61|-> return strcpy(copy, string); # 62| } # 63| Error: GCC_ANALYZER_WARNING (CWE-775): [#def41] sssd-2.10.2/src/responder/ifp/ifp_users.c:1196:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’ sssd-2.10.2/src/responder/ifp/ifp_users.c:1174:8: branch_false: following ‘false’ branch (when ‘ret != -1’)... sssd-2.10.2/src/responder/ifp/ifp_users.c:1180:11: branch_false: ...to here sssd-2.10.2/src/responder/ifp/ifp_users.c:1181:8: branch_true: following ‘true’ branch (when ‘ret == -1’)... sssd-2.10.2/src/responder/ifp/ifp_users.c:1182:15: branch_true: ...to here sssd-2.10.2/src/responder/ifp/ifp_users.c:1235:8: branch_false: following ‘false’ branch (when ‘ret == 0’)... sssd-2.10.2/src/responder/ifp/ifp_users.c:1196:16: branch_false: ...to here sssd-2.10.2/src/responder/ifp/ifp_users.c:1196:16: danger: ‘pipefd_from_child[0]’ leaks here # 1194| ret = errno; # 1195| DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec p11 child\n"); # 1196|-> return ret; # 1197| } else if (child_pid > 0) { /* parent */ # 1198| state->io->read_from_child_fd = pipefd_from_child[0]; Error: GCC_ANALYZER_WARNING (CWE-775): [#def42] sssd-2.10.2/src/responder/ifp/ifp_users.c:1196:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’ sssd-2.10.2/src/responder/ifp/ifp_users.c:1174:8: branch_false: following ‘false’ branch (when ‘ret != -1’)... sssd-2.10.2/src/responder/ifp/ifp_users.c:1180:11: branch_false: ...to here sssd-2.10.2/src/responder/ifp/ifp_users.c:1181:8: branch_true: following ‘true’ branch (when ‘ret == -1’)... sssd-2.10.2/src/responder/ifp/ifp_users.c:1182:15: branch_true: ...to here sssd-2.10.2/src/responder/ifp/ifp_users.c:1235:8: branch_false: following ‘false’ branch (when ‘ret == 0’)... sssd-2.10.2/src/responder/ifp/ifp_users.c:1196:16: branch_false: ...to here sssd-2.10.2/src/responder/ifp/ifp_users.c:1196:16: danger: ‘pipefd_from_child[1]’ leaks here # 1194| ret = errno; # 1195| DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec p11 child\n"); # 1196|-> return ret; # 1197| } else if (child_pid > 0) { /* parent */ # 1198| state->io->read_from_child_fd = pipefd_from_child[0]; Error: GCC_ANALYZER_WARNING (CWE-775): [#def43] sssd-2.10.2/src/responder/ifp/ifp_users.c:1196:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’ sssd-2.10.2/src/responder/ifp/ifp_users.c:1174:8: branch_false: following ‘false’ branch (when ‘ret != -1’)... sssd-2.10.2/src/responder/ifp/ifp_users.c:1180:11: branch_false: ...to here sssd-2.10.2/src/responder/ifp/ifp_users.c:1181:8: branch_false: following ‘false’ branch (when ‘ret != -1’)... sssd-2.10.2/src/responder/ifp/ifp_users.c:1188:17: branch_false: ...to here sssd-2.10.2/src/responder/ifp/ifp_users.c:1189:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)... sssd-2.10.2/src/responder/ifp/ifp_users.c:1197:15: branch_false: ...to here sssd-2.10.2/src/responder/ifp/ifp_users.c:1197:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)... sssd-2.10.2/src/responder/ifp/ifp_users.c:1226:15: branch_false: ...to here sssd-2.10.2/src/responder/ifp/ifp_users.c:1235:8: branch_false: following ‘false’ branch (when ‘ret == 0’)... sssd-2.10.2/src/responder/ifp/ifp_users.c:1196:16: branch_false: ...to here sssd-2.10.2/src/responder/ifp/ifp_users.c:1196:16: danger: ‘pipefd_to_child[0]’ leaks here # 1194| ret = errno; # 1195| DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec p11 child\n"); # 1196|-> return ret; # 1197| } else if (child_pid > 0) { /* parent */ # 1198| state->io->read_from_child_fd = pipefd_from_child[0]; Error: GCC_ANALYZER_WARNING (CWE-775): [#def44] sssd-2.10.2/src/responder/ifp/ifp_users.c:1196:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’ sssd-2.10.2/src/responder/ifp/ifp_users.c:1174:8: branch_false: following ‘false’ branch (when ‘ret != -1’)... sssd-2.10.2/src/responder/ifp/ifp_users.c:1180:11: branch_false: ...to here sssd-2.10.2/src/responder/ifp/ifp_users.c:1181:8: branch_false: following ‘false’ branch (when ‘ret != -1’)... sssd-2.10.2/src/responder/ifp/ifp_users.c:1188:17: branch_false: ...to here sssd-2.10.2/src/responder/ifp/ifp_users.c:1189:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)... sssd-2.10.2/src/responder/ifp/ifp_users.c:1197:15: branch_false: ...to here sssd-2.10.2/src/responder/ifp/ifp_users.c:1197:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)... sssd-2.10.2/src/responder/ifp/ifp_users.c:1226:15: branch_false: ...to here sssd-2.10.2/src/responder/ifp/ifp_users.c:1235:8: branch_false: following ‘false’ branch (when ‘ret == 0’)... sssd-2.10.2/src/responder/ifp/ifp_users.c:1196:16: branch_false: ...to here sssd-2.10.2/src/responder/ifp/ifp_users.c:1196:16: danger: ‘pipefd_to_child[1]’ leaks here # 1194| ret = errno; # 1195| DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec p11 child\n"); # 1196|-> return ret; # 1197| } else if (child_pid > 0) { /* parent */ # 1198| state->io->read_from_child_fd = pipefd_from_child[0]; Error: CPPCHECK_WARNING (CWE-457): [#def45] sssd-2.10.2/src/responder/kcm/kcmsrv_ccache_binary.c:238: error[uninitvar]: Uninitialized variable: uuid # 236| # 237| for (uint32_t i = 0; i < count; i++) { # 238|-> ret = sss_iobuf_read_len(buf, sizeof(uuid_t), (uint8_t*)uuid); # 239| if (ret != EOK) { # 240| return ret; Error: CPPCHECK_WARNING (CWE-457): [#def46] sssd-2.10.2/src/responder/kcm/kcmsrv_ops.c:1113: error[uninitvar]: Uninitialized variable: uuid # 1111| crd != NULL; # 1112| crd = kcm_cc_next_cred(crd)) { # 1113|-> ret = kcm_cred_get_uuid(crd, uuid); # 1114| if (ret != EOK) { # 1115| DEBUG(SSSDBG_MINOR_FAILURE, "Credential has no UUID, skipping\n"); Error: CPPCHECK_WARNING (CWE-457): [#def47] sssd-2.10.2/src/responder/kcm/kcmsrv_ops.c:1230: error[legacyUninitvar]: Uninitialized variable: uuid # 1228| crd != NULL; # 1229| crd = kcm_cc_next_cred(crd)) { # 1230|-> ret = kcm_cred_get_uuid(crd, uuid); # 1231| if (ret != EOK) { # 1232| DEBUG(SSSDBG_MINOR_FAILURE, "Credential has no UUID, skipping\n"); Error: CPPCHECK_WARNING (CWE-457): [#def48] sssd-2.10.2/src/responder/kcm/kcmsrv_ops.c:1551: error[uninitvar]: Uninitialized variable: uuid_in # 1549| # 1550| ret = sss_iobuf_read_len(op_ctx->input, # 1551|-> UUID_BYTES, uuid_in); # 1552| if (ret != EOK) { # 1553| DEBUG(SSSDBG_OP_FAILURE, Error: GCC_ANALYZER_WARNING (CWE-688): [#def49] sssd-2.10.2/src/responder/pam/pamsrv_p11.c:1164:17: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected sssd-2.10.2/src/responder/pam/pamsrv_p11.c:1122:16: enter_function: entry to ‘pack_cert_data’ sssd-2.10.2/src/responder/pam/pamsrv_p11.c:1152:14: call_function: calling ‘get_cert_prompt’ from ‘pack_cert_data’ sssd-2.10.2/src/responder/pam/pamsrv_p11.c:1152:14: return_function: returning to ‘pack_cert_data’ from ‘get_cert_prompt’ sssd-2.10.2/src/responder/pam/pamsrv_p11.c:1153:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/responder/pam/pamsrv_p11.c:1158:18: call_function: inlined call to ‘sss_cai_get_token_name’ from ‘pack_cert_data’ sssd-2.10.2/src/responder/pam/pamsrv_p11.c:1163:16: branch_false: ...to here sssd-2.10.2/src/responder/pam/pamsrv_p11.c:1164:17: danger: argument 1 (‘<unknown>’) NULL where non-null expected #argument 1 of ‘__builtin_strlen’ must be non-null # 1162| # 1163| user_len = strlen(username) + 1; # 1164|-> token_len = strlen(token_name) + 1; # 1165| module_len = strlen(module_name) + 1; # 1166| key_id_len = strlen(key_id) + 1; Error: GCC_ANALYZER_WARNING (CWE-775): [#def50] sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:185:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’ sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:184:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:188:28: branch_false: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)... sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:197:11: branch_false: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:198:8: branch_true: following ‘true’ branch (when ‘ret == -1’)... sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:199:15: branch_true: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:252:8: branch_false: following ‘false’ branch (when ‘ret == 0’)... branch_false: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:185:16: danger: ‘pipefd_from_child[0]’ leaks here # 183| # 184| if (state->iter >= state->cert_count) { # 185|-> return EOK; # 186| } # 187| Error: GCC_ANALYZER_WARNING (CWE-775): [#def51] sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:185:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’ sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:184:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:188:28: branch_false: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)... sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:197:11: branch_false: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:198:8: branch_true: following ‘true’ branch (when ‘ret == -1’)... sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:199:15: branch_true: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:252:8: branch_false: following ‘false’ branch (when ‘ret == 0’)... branch_false: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:185:16: danger: ‘pipefd_from_child[1]’ leaks here # 183| # 184| if (state->iter >= state->cert_count) { # 185|-> return EOK; # 186| } # 187| Error: GCC_ANALYZER_WARNING (CWE-775): [#def52] sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:185:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’ sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:184:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:188:28: branch_false: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)... sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:197:11: branch_false: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:198:8: branch_false: following ‘false’ branch (when ‘ret != -1’)... sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:205:17: branch_false: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)... sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:212:15: branch_false: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:212:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)... sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:243:15: branch_false: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:252:8: branch_false: following ‘false’ branch (when ‘ret == 0’)... branch_false: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:185:16: danger: ‘pipefd_to_child[0]’ leaks here # 183| # 184| if (state->iter >= state->cert_count) { # 185|-> return EOK; # 186| } # 187| Error: GCC_ANALYZER_WARNING (CWE-775): [#def53] sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:185:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’ sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:184:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:188:28: branch_false: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)... sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:197:11: branch_false: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:198:8: branch_false: following ‘false’ branch (when ‘ret != -1’)... sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:205:17: branch_false: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)... sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:212:15: branch_false: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:212:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)... sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:243:15: branch_false: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:252:8: branch_false: following ‘false’ branch (when ‘ret == 0’)... branch_false: ...to here sssd-2.10.2/src/responder/ssh/ssh_cert_to_ssh_key.c:185:16: danger: ‘pipefd_to_child[1]’ leaks here # 183| # 184| if (state->iter >= state->cert_count) { # 185|-> return EOK; # 186| } # 187| Error: GCC_ANALYZER_WARNING (CWE-401): [#def54] sssd-2.10.2/src/sss_client/common.c:739:16: warning[-Wanalyzer-malloc-leak]: leak of ‘descriptor’ sssd-2.10.2/src/sss_client/common.c:1111:1: enter_function: entry to ‘sss_cli_make_request_with_checks’ sssd-2.10.2/src/sss_client/common.c:1123:11: call_function: calling ‘sss_cli_check_socket’ from ‘sss_cli_make_request_with_checks’ # 737| if (ret != 0) { # 738| *errnop = EFAULT; # 739|-> return SSS_STATUS_UNAVAIL; # 740| } # 741| if (!sss_sd_key_initialized) { Error: GCC_ANALYZER_WARNING (CWE-476): [#def55] sssd-2.10.2/src/sss_client/nss_mc_common.c:356:30: warning[-Wanalyzer-null-dereference]: dereference of NULL 'copy_rec' sssd-2.10.2/src/sss_client/nss_mc_common.c:322:21: branch_true: following 'true' branch (when 'count != 0')... sssd-2.10.2/src/sss_client/nss_mc_common.c:323:15: branch_true: ...to here sssd-2.10.2/src/sss_client/nss_mc_common.c:331:12: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/nss_mc_common.c:336:12: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/nss_mc_common.c:342:12: branch_false: following 'false' branch (when 'buf_size >= rec_len')... sssd-2.10.2/src/sss_client/nss_mc_common.c:353:9: branch_false: ...to here sssd-2.10.2/src/sss_client/nss_mc_common.c:353:9: branch_true: following 'true' branch... sssd-2.10.2/src/sss_client/nss_mc_common.c:356:30: danger: dereference of NULL 'copy_rec' # 354| # 355| /* we must check data is consistent again after the copy */ # 356|-> if (copy_ok && b1 == copy_rec->b2) { # 357| /* record is consistent, use it */ # 358| break; Error: GCC_ANALYZER_WARNING (CWE-401): [#def56] sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:212:8: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to 'safealign_memcpy' from 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following 'false' branch (when 'str' is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling 'pc_list_add_password' from 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: return_function: returning to 'pc_list_from_response' from 'pc_list_add_password' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:564:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:28: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following 'false' branch (when 'str' is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling 'pc_list_add_password' from 'pc_list_from_response' # 210| # 211| pcl = realloc(*pc_list, (c + 2) * sizeof(struct prompt_config *)); # 212|-> if (pcl == NULL) { # 213| return ENOMEM; # 214| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def57] sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:212:8: warning[-Wanalyzer-malloc-leak]: leak of 'pcl' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to 'safealign_memcpy' from 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:569:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:573:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:575:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:580:16: branch_false: following 'false' branch (when 'str' is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:584:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:586:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:591:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:593:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:599:16: branch_false: following 'false' branch (when 'str2' is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:604:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:606:19: call_function: calling 'pc_list_add_2fa' from 'pc_list_from_response' # 210| # 211| pcl = realloc(*pc_list, (c + 2) * sizeof(struct prompt_config *)); # 212|-> if (pcl == NULL) { # 213| return ENOMEM; # 214| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def58] sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:212:8: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to ‘safealign_memcpy’ from ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling ‘pc_list_add_password’ from ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: return_function: returning to ‘pc_list_from_response’ from ‘pc_list_add_password’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:564:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:28: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling ‘pc_list_add_password’ from ‘pc_list_from_response’ # 210| # 211| pcl = realloc(*pc_list, (c + 2) * sizeof(struct prompt_config *)); # 212|-> if (pcl == NULL) { # 213| return ENOMEM; # 214| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def59] sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:212:8: warning[-Wanalyzer-malloc-leak]: leak of ‘pcl’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to ‘safealign_memcpy’ from ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:569:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:573:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:575:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:580:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:584:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:586:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:591:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:593:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:599:16: branch_false: following ‘false’ branch (when ‘str2’ is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:604:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:606:19: call_function: calling ‘pc_list_add_2fa’ from ‘pc_list_from_response’ # 210| # 211| pcl = realloc(*pc_list, (c + 2) * sizeof(struct prompt_config *)); # 212|-> if (pcl == NULL) { # 213| return ENOMEM; # 214| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def60] sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:216:8: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to 'safealign_memcpy' from 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following 'false' branch (when 'str' is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling 'pc_list_add_password' from 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: return_function: returning to 'pc_list_from_response' from 'pc_list_add_password' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:564:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:28: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following 'false' branch (when 'str' is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling 'pc_list_add_password' from 'pc_list_from_response' # 214| } # 215| pcl[c] = pc; # 216|-> pcl[c + 1] = NULL; # 217| # 218| *pc_list = pcl; Error: GCC_ANALYZER_WARNING (CWE-401): [#def61] sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:216:8: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to ‘safealign_memcpy’ from ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling ‘pc_list_add_password’ from ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: return_function: returning to ‘pc_list_from_response’ from ‘pc_list_add_password’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:564:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:28: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling ‘pc_list_add_password’ from ‘pc_list_from_response’ # 214| } # 215| pcl[c] = pc; # 216|-> pcl[c + 1] = NULL; # 217| # 218| *pc_list = pcl; Error: GCC_ANALYZER_WARNING (CWE-401): [#def62] sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:252:8: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to 'safealign_memcpy' from 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following 'false' branch (when 'str' is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling 'pc_list_add_password' from 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: return_function: returning to 'pc_list_from_response' from 'pc_list_add_password' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:564:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:28: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following 'false' branch (when 'str' is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling 'pc_list_add_password' from 'pc_list_from_response' # 250| # 251| ret = pc_list_add_pc(pc_list, pc); # 252|-> if (ret != EOK) { # 253| goto done; # 254| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def63] sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:252:8: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to ‘safealign_memcpy’ from ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling ‘pc_list_add_password’ from ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: return_function: returning to ‘pc_list_from_response’ from ‘pc_list_add_password’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:564:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:28: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling ‘pc_list_add_password’ from ‘pc_list_from_response’ # 250| # 251| ret = pc_list_add_pc(pc_list, pc); # 252|-> if (ret != EOK) { # 253| goto done; # 254| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def64] sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:297:8: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to 'safealign_memcpy' from 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following 'false' branch (when 'str' is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling 'pc_list_add_password' from 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: return_function: returning to 'pc_list_from_response' from 'pc_list_add_password' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:564:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:28: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:569:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:573:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:575:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:580:16: branch_false: following 'false' branch (when 'str' is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:584:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:586:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:591:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:593:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:599:16: branch_false: following 'false' branch (when 'str2' is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:604:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:606:19: call_function: calling 'pc_list_add_2fa' from 'pc_list_from_response' # 295| # 296| ret = pc_list_add_pc(pc_list, pc); # 297|-> if (ret != EOK) { # 298| goto done; # 299| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def65] sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:297:8: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to ‘safealign_memcpy’ from ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling ‘pc_list_add_password’ from ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: return_function: returning to ‘pc_list_from_response’ from ‘pc_list_add_password’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:564:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:28: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:569:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:573:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:575:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:580:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:584:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:586:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:591:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:593:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:599:16: branch_false: following ‘false’ branch (when ‘str2’ is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:604:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:606:19: call_function: calling ‘pc_list_add_2fa’ from ‘pc_list_from_response’ # 295| # 296| ret = pc_list_add_pc(pc_list, pc); # 297|-> if (ret != EOK) { # 298| goto done; # 299| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def66] sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:337:8: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to 'safealign_memcpy' from 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following 'false' branch (when 'str' is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling 'pc_list_add_password' from 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: return_function: returning to 'pc_list_from_response' from 'pc_list_add_password' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:564:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:28: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:659:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:663:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:665:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:670:16: branch_false: following 'false' branch (when 'str' is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:674:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:676:19: call_function: calling 'pc_list_add_2fa_single' from 'pc_list_from_response' # 335| # 336| ret = pc_list_add_pc(pc_list, pc); # 337|-> if (ret != EOK) { # 338| goto done; # 339| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def67] sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:337:8: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to ‘safealign_memcpy’ from ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling ‘pc_list_add_password’ from ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: return_function: returning to ‘pc_list_from_response’ from ‘pc_list_add_password’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:564:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:28: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:659:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:663:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:665:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:670:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:674:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:676:19: call_function: calling ‘pc_list_add_2fa_single’ from ‘pc_list_from_response’ # 335| # 336| ret = pc_list_add_pc(pc_list, pc); # 337|-> if (ret != EOK) { # 338| goto done; # 339| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def68] sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:383:8: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to 'safealign_memcpy' from 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following 'false' branch (when 'str' is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling 'pc_list_add_password' from 'pc_list_from_response' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: return_function: returning to 'pc_list_from_response' from 'pc_list_add_password' sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:564:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:28: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:614:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:618:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:620:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:625:16: branch_false: following 'false' branch (when 'str' is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:629:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:631:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:636:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:638:16: branch_false: following 'false' branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:644:16: branch_false: following 'false' branch (when 'str2' is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:649:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:651:19: call_function: calling 'pc_list_add_passkey' from 'pc_list_from_response' # 381| # 382| ret = pc_list_add_pc(pc_list, pc); # 383|-> if (ret != EOK) { # 384| goto done; # 385| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def69] sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:383:8: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to ‘safealign_memcpy’ from ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling ‘pc_list_add_password’ from ‘pc_list_from_response’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:562:19: return_function: returning to ‘pc_list_from_response’ from ‘pc_list_add_password’ sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:564:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:28: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:614:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:618:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:620:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:625:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:629:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:631:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:636:13: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:638:16: branch_false: following ‘false’ branch... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:644:16: branch_false: following ‘false’ branch (when ‘str2’ is non-NULL)... sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:649:16: branch_false: ...to here sssd-2.10.2/src/sss_client/pam_sss_prompt_config.c:651:19: call_function: calling ‘pc_list_add_passkey’ from ‘pc_list_from_response’ # 381| # 382| ret = pc_list_add_pc(pc_list, pc); # 383|-> if (ret != EOK) { # 384| goto done; # 385| } Error: GCC_ANALYZER_WARNING (CWE-457): [#def70] sssd-2.10.2/src/tools/sss_override.c:1153:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘count’ sssd-2.10.2/src/tools/sss_override.c:1654:12: enter_function: entry to ‘override_user_export’ sssd-2.10.2/src/tools/sss_override.c:1661:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/tools/sss_override.c:1666:11: branch_false: ...to here sssd-2.10.2/src/tools/sss_override.c:1666:11: call_function: calling ‘user_export’ from ‘override_user_export’ # 1151| } # 1152| # 1153|-> for (i = 0; i < count; i++) { # 1154| objs[i].orig_name = ldb_msg_find_attr_as_string(msgs[i], ORIGNAME, # 1155| NULL); Error: GCC_ANALYZER_WARNING (CWE-457): [#def71] sssd-2.10.2/src/tools/sss_override.c:1243:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘count’ sssd-2.10.2/src/tools/sss_override.c:1918:12: enter_function: entry to ‘override_group_export’ sssd-2.10.2/src/tools/sss_override.c:1925:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/tools/sss_override.c:1930:11: branch_false: ...to here sssd-2.10.2/src/tools/sss_override.c:1930:11: call_function: calling ‘group_export’ from ‘override_group_export’ # 1241| } # 1242| # 1243|-> for (i = 0; i < count; i++) { # 1244| objs[i].orig_name = ldb_msg_find_attr_as_string(msgs[i], ORIGNAME, # 1245| NULL); Error: GCC_ANALYZER_WARNING (CWE-910): [#def72] sssd-2.10.2/src/util/debug.c:445:19: warning[-Wanalyzer-double-fclose]: double 'fclose' of FILE '_sss_debug_file' sssd-2.10.2/src/util/debug.c:440:8: branch_false: following 'false' branch... sssd-2.10.2/src/util/debug.c:442:9: branch_false: ...to here sssd-2.10.2/src/util/debug.c:442:8: branch_true: following 'true' branch... branch_true: ...to here sssd-2.10.2/src/util/debug.c:445:19: release_resource: first 'fclose' here sssd-2.10.2/src/util/debug.c:454:18: branch_true: following 'true' branch (when 'error == 4')... branch_true: ...to here sssd-2.10.2/src/util/debug.c:445:19: danger: second 'fclose' here; first 'fclose' was at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4) # 443| do { # 444| error = 0; # 445|-> ret = fclose(_sss_debug_file); # 446| if (ret != 0) { # 447| error = errno; Error: GCC_ANALYZER_WARNING (CWE-415): [#def73] sssd-2.10.2/src/util/debug.c:445:19: warning[-Wanalyzer-double-free]: double-'fclose' of '_sss_debug_file' sssd-2.10.2/src/util/debug.c:440:8: branch_false: following 'false' branch... sssd-2.10.2/src/util/debug.c:442:9: branch_false: ...to here sssd-2.10.2/src/util/debug.c:442:8: branch_true: following 'true' branch... branch_true: ...to here sssd-2.10.2/src/util/debug.c:445:19: release_memory: first 'fclose' here sssd-2.10.2/src/util/debug.c:454:18: branch_true: following 'true' branch (when 'error == 4')... branch_true: ...to here sssd-2.10.2/src/util/debug.c:445:19: danger: second 'fclose' here; first 'fclose' was at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4) # 443| do { # 444| error = 0; # 445|-> ret = fclose(_sss_debug_file); # 446| if (ret != 0) { # 447| error = errno; Error: GCC_ANALYZER_WARNING (CWE-457): [#def74] sssd-2.10.2/src/util/find_uid.c:271:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'is_systemd' sssd-2.10.2/src/util/find_uid.c:348:9: enter_function: entry to 'check_if_uid_is_active' sssd-2.10.2/src/util/find_uid.c:354:8: branch_false: following 'false' branch... sssd-2.10.2/src/util/find_uid.c:358:8: branch_false: ...to here sssd-2.10.2/src/util/find_uid.c:368:11: call_function: calling 'get_active_uid_linux' from 'check_if_uid_is_active' # 269| } # 270| # 271|-> if (is_systemd) { # 272| /* Systemd process may linger for a while even when user. # 273| * is logged out. Lets ignore it and focus only Error: GCC_ANALYZER_WARNING (CWE-457): [#def75] sssd-2.10.2/src/util/find_uid.c:271:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘is_systemd’ sssd-2.10.2/src/util/find_uid.c:348:9: enter_function: entry to ‘check_if_uid_is_active’ sssd-2.10.2/src/util/find_uid.c:354:8: branch_false: following ‘false’ branch... sssd-2.10.2/src/util/find_uid.c:358:8: branch_false: ...to here sssd-2.10.2/src/util/find_uid.c:368:11: call_function: calling ‘get_active_uid_linux’ from ‘check_if_uid_is_active’ # 269| } # 270| # 271|-> if (is_systemd) { # 272| /* Systemd process may linger for a while even when user. # 273| * is logged out. Lets ignore it and focus only
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-78.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | sssd-2.10.2-3.fc43 |
| store-results-to | /tmp/tmpeihv6qpc/sssd-2.10.2-3.fc43.tar.xz |
| time-created | 2025-04-25 15:55:46 |
| time-finished | 2025-04-25 16:03:20 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpeihv6qpc/sssd-2.10.2-3.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpeihv6qpc/sssd-2.10.2-3.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |