Error: COMPILER_WARNING (CWE-477): [#def1] tomcat-native-2.0.8-src/native/src/ssl.c: scope_hint: In function 'make_dh_params' tomcat-native-2.0.8-src/native/src/ssl.c:52:5: warning[-Wdeprecated-declarations]: 'DH_new' is deprecated: Since OpenSSL 3.0 # 52 | DH *dh = DH_new(); # | ^~ /usr/include/openssl/dsa.h:31: included_from: Included from here. /usr/include/openssl/x509.h:37: included_from: Included from here. /usr/include/openssl/ssl.h:32: included_from: Included from here. tomcat-native-2.0.8-src/native/include/ssl_private.h:38: included_from: Included from here. tomcat-native-2.0.8-src/native/src/ssl.c:23: included_from: Included from here. /usr/include/openssl/dh.h:210:27: note: declared here # 210 | OSSL_DEPRECATEDIN_3_0 DH *DH_new(void); # | ^~~~~~ # 50| static DH *make_dh_params(BIGNUM *(*prime)(BIGNUM *)) # 51| { # 52|-> DH *dh = DH_new(); # 53| BIGNUM *p, *g; # 54| Error: COMPILER_WARNING (CWE-477): [#def2] tomcat-native-2.0.8-src/native/src/ssl.c:52:5: warning[-Wdeprecated-declarations]: 'DH_new' is deprecated: Since OpenSSL 3.0 # 50| static DH *make_dh_params(BIGNUM *(*prime)(BIGNUM *)) # 51| { # 52|-> DH *dh = DH_new(); # 53| BIGNUM *p, *g; # 54| Error: COMPILER_WARNING (CWE-477): [#def3] tomcat-native-2.0.8-src/native/src/ssl.c:63:5: warning[-Wdeprecated-declarations]: 'DH_set0_pqg' is deprecated: Since OpenSSL 3.0 # 63 | if (!p || !g || !DH_set0_pqg(dh, p, NULL, g)) { # | ^~ /usr/include/openssl/dh.h:266:27: note: declared here # 266 | OSSL_DEPRECATEDIN_3_0 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); # | ^~~~~~~~~~~ # 61| BN_set_word(g, 2); # 62| } # 63|-> if (!p || !g || !DH_set0_pqg(dh, p, NULL, g)) { # 64| DH_free(dh); # 65| BN_free(p); Error: COMPILER_WARNING (CWE-477): [#def4] tomcat-native-2.0.8-src/native/src/ssl.c:63:5: warning[-Wdeprecated-declarations]: 'DH_set0_pqg' is deprecated: Since OpenSSL 3.0 # 61| BN_set_word(g, 2); # 62| } # 63|-> if (!p || !g || !DH_set0_pqg(dh, p, NULL, g)) { # 64| DH_free(dh); # 65| BN_free(p); Error: COMPILER_WARNING (CWE-477): [#def5] tomcat-native-2.0.8-src/native/src/ssl.c:64:9: warning[-Wdeprecated-declarations]: 'DH_free' is deprecated: Since OpenSSL 3.0 # 64 | DH_free(dh); # | ^~~~~~~ /usr/include/openssl/dh.h:211:28: note: declared here # 211 | OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh); # | ^~~~~~~ # 62| } # 63| if (!p || !g || !DH_set0_pqg(dh, p, NULL, g)) { # 64|-> DH_free(dh); # 65| BN_free(p); # 66| BN_free(g); Error: COMPILER_WARNING (CWE-477): [#def6] tomcat-native-2.0.8-src/native/src/ssl.c:64:9: warning[-Wdeprecated-declarations]: 'DH_free' is deprecated: Since OpenSSL 3.0 # 62| } # 63| if (!p || !g || !DH_set0_pqg(dh, p, NULL, g)) { # 64|-> DH_free(dh); # 65| BN_free(p); # 66| BN_free(g); Error: COMPILER_WARNING (CWE-477): [#def7] tomcat-native-2.0.8-src/native/src/ssl.c: scope_hint: In function 'free_dh_params' tomcat-native-2.0.8-src/native/src/ssl.c:102:9: warning[-Wdeprecated-declarations]: 'DH_free' is deprecated: Since OpenSSL 3.0 # 102 | DH_free(dhparams[n].dh); # | ^~~~~~~ /usr/include/openssl/dh.h:211:28: note: declared here # 211 | OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh); # | ^~~~~~~ # 100| * NULL. */ # 101| for (n = 0; n < sizeof(dhparams)/sizeof(dhparams[0]); n++) { # 102|-> DH_free(dhparams[n].dh); # 103| dhparams[n].dh = NULL; # 104| } Error: COMPILER_WARNING (CWE-477): [#def8] tomcat-native-2.0.8-src/native/src/ssl.c:102:9: warning[-Wdeprecated-declarations]: 'DH_free' is deprecated: Since OpenSSL 3.0 # 100| * NULL. */ # 101| for (n = 0; n < sizeof(dhparams)/sizeof(dhparams[0]); n++) { # 102|-> DH_free(dhparams[n].dh); # 103| dhparams[n].dh = NULL; # 104| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def9] tomcat-native-2.0.8-src/native/src/ssl.c:720:5: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'handshakeCount' tomcat-native-2.0.8-src/native/src/ssl.c:679:27: acquire_memory: this call could return NULL tomcat-native-2.0.8-src/native/src/ssl.c:690:8: branch_false: following 'false' branch... tomcat-native-2.0.8-src/native/src/ssl.c:697:5: branch_false: ...to here tomcat-native-2.0.8-src/native/src/ssl.c:698:8: branch_false: following 'false' branch... tomcat-native-2.0.8-src/native/src/ssl.c:706:16: branch_false: ...to here tomcat-native-2.0.8-src/native/src/ssl.c:720:5: danger: 'handshakeCount' could be NULL: unchecked value from [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0) # 718| # 719| /* Store the handshakeCount in the SSL instance. */ # 720|-> *handshakeCount = 0; # 721| SSL_set_app_data3(ssl, handshakeCount); # 722| Error: GCC_ANALYZER_WARNING (CWE-476): [#def10] tomcat-native-2.0.8-src/native/src/ssl.c:724:5: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'destroyCount' tomcat-native-2.0.8-src/native/src/ssl.c:680:25: acquire_memory: this call could return NULL tomcat-native-2.0.8-src/native/src/ssl.c:690:8: branch_false: following 'false' branch... tomcat-native-2.0.8-src/native/src/ssl.c:697:5: branch_false: ...to here tomcat-native-2.0.8-src/native/src/ssl.c:698:8: branch_false: following 'false' branch... tomcat-native-2.0.8-src/native/src/ssl.c:706:16: branch_false: ...to here tomcat-native-2.0.8-src/native/src/ssl.c:724:5: danger: 'destroyCount' could be NULL: unchecked value from [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0) # 722| # 723| /* Store the destroyCount in the SSL instance. */ # 724|-> *destroyCount = 0; # 725| SSL_set_app_data4(ssl, destroyCount); # 726| Error: COMPILER_WARNING (CWE-477): [#def11] tomcat-native-2.0.8-src/native/src/ssl.c: scope_hint: In function 'Java_org_apache_tomcat_jni_SSL_getTime' tomcat-native-2.0.8-src/native/src/ssl.c:1137:9: warning[-Wdeprecated-declarations]: 'SSL_SESSION_get_time' is deprecated: Since OpenSSL 3.4;not Y2038-safe, replace with SSL_SESSION_get_time_ex() # 1137 | return SSL_get_time(session); # | ^~~~~~ /usr/include/openssl/ssl.h:1754:13: note: declared here # 1754 | __owur long SSL_SESSION_get_time(const SSL_SESSION *s); # | ^~~~~~~~~~~~~~~~~~~~ # 1135| session = SSL_get_session(ssl_); # 1136| if (session) { # 1137|-> return SSL_get_time(session); # 1138| } else { # 1139| tcn_ThrowException(e, "ssl session is null"); Error: COMPILER_WARNING (CWE-477): [#def12] tomcat-native-2.0.8-src/native/src/ssl.c:1137:9: warning[-Wdeprecated-declarations]: 'SSL_SESSION_get_time' is deprecated: Since OpenSSL 3.4;not Y2038-safe, replace with SSL_SESSION_get_time_ex() # 1135| session = SSL_get_session(ssl_); # 1136| if (session) { # 1137|-> return SSL_get_time(session); # 1138| } else { # 1139| tcn_ThrowException(e, "ssl session is null"); Error: GCC_ANALYZER_WARNING (CWE-688): [#def13] tomcat-native-2.0.8-src/native/src/sslconf.c:157:14: warning[-Wanalyzer-null-argument]: use of NULL 'cvalue' where non-null expected tomcat-native-2.0.8-src/native/src/sslconf.c:147:5: branch_true: following 'true' branch (when 'cmd' is non-NULL)... tomcat-native-2.0.8-src/native/src/sslconf.c:147:5: branch_true: ...to here tomcat-native-2.0.8-src/native/src/sslconf.c:148:5: branch_false: following 'false' branch (when 'value' is NULL)... tomcat-native-2.0.8-src/native/src/sslconf.c:152:8: branch_false: ...to here tomcat-native-2.0.8-src/native/src/sslconf.c:152:8: branch_false: following 'false' branch (when 'ccmd' is non-NULL)... tomcat-native-2.0.8-src/native/src/sslconf.c:156:10: branch_false: ...to here tomcat-native-2.0.8-src/native/src/sslconf.c:156:8: branch_true: following 'true' branch (when the strings are equal)... tomcat-native-2.0.8-src/native/src/sslconf.c:157:14: branch_true: ...to here tomcat-native-2.0.8-src/native/src/sslconf.c:157:14: danger: argument 1 ('cvalue') NULL where non-null expected # 155| } # 156| if (!strcmp(J2S(cmd), "NO_OCSP_CHECK")) { # 157|-> if (!strcasecmp(J2S(value), "false")) # 158| c->no_ocsp_check = 0; # 159| else Error: GCC_ANALYZER_WARNING (CWE-688): [#def14] tomcat-native-2.0.8-src/native/src/sslconf.c:248:15: warning[-Wanalyzer-null-argument]: use of NULL 'cvalue' where non-null expected tomcat-native-2.0.8-src/native/src/sslconf.c:233:5: branch_true: following 'true' branch (when 'cmd' is non-NULL)... tomcat-native-2.0.8-src/native/src/sslconf.c:233:5: branch_true: ...to here tomcat-native-2.0.8-src/native/src/sslconf.c:234:5: branch_false: following 'false' branch (when 'value' is NULL)... tomcat-native-2.0.8-src/native/src/sslconf.c:238:8: branch_false: ...to here tomcat-native-2.0.8-src/native/src/sslconf.c:238:8: branch_false: following 'false' branch (when 'ccmd' is non-NULL)... tomcat-native-2.0.8-src/native/src/sslconf.c:243:10: branch_false: ...to here tomcat-native-2.0.8-src/native/src/sslconf.c:243:8: branch_true: following 'true' branch (when the strings are equal)... tomcat-native-2.0.8-src/native/src/sslconf.c:248:15: branch_true: ...to here tomcat-native-2.0.8-src/native/src/sslconf.c:248:15: danger: argument 1 ('cvalue') NULL where non-null expected #argument 1 of '__builtin_strlen' must be non-null # 246| * no matter what was given in the config. # 247| */ # 248|-> len = strlen(J2S(value)) + strlen(SSL_CIPHERS_ALWAYS_DISABLED) + 1; # 249| buf = malloc(len * sizeof(char *)); # 250| if (buf == NULL) { Error: GCC_ANALYZER_WARNING (CWE-688): [#def15] tomcat-native-2.0.8-src/native/src/sslconf.c:260:14: warning[-Wanalyzer-null-argument]: use of NULL 'cvalue' where non-null expected tomcat-native-2.0.8-src/native/src/sslconf.c:233:5: branch_true: following 'true' branch (when 'cmd' is non-NULL)... tomcat-native-2.0.8-src/native/src/sslconf.c:233:5: branch_true: ...to here tomcat-native-2.0.8-src/native/src/sslconf.c:234:5: branch_false: following 'false' branch (when 'value' is NULL)... tomcat-native-2.0.8-src/native/src/sslconf.c:238:8: branch_false: ...to here tomcat-native-2.0.8-src/native/src/sslconf.c:238:8: branch_false: following 'false' branch (when 'ccmd' is non-NULL)... tomcat-native-2.0.8-src/native/src/sslconf.c:243:10: branch_false: ...to here tomcat-native-2.0.8-src/native/src/sslconf.c:243:8: branch_false: following 'false' branch (when the strings are non-equal)... tomcat-native-2.0.8-src/native/src/sslconf.c:259:10: branch_false: ...to here tomcat-native-2.0.8-src/native/src/sslconf.c:259:8: branch_true: following 'true' branch (when the strings are equal)... tomcat-native-2.0.8-src/native/src/sslconf.c:260:14: branch_true: ...to here tomcat-native-2.0.8-src/native/src/sslconf.c:260:14: danger: argument 1 ('cvalue') NULL where non-null expected # 258| #endif # 259| if (!strcmp(J2S(cmd), "NO_OCSP_CHECK")) { # 260|-> if (!strcasecmp(J2S(value), "false")) # 261| c->no_ocsp_check = 0; # 262| else Error: GCC_ANALYZER_WARNING (CWE-401): [#def16] tomcat-native-2.0.8-src/native/src/sslconf.c:265:9: warning[-Wanalyzer-malloc-leak]: leak of 'buf' tomcat-native-2.0.8-src/native/src/sslconf.c:233:5: branch_true: following 'true' branch (when 'cmd' is non-NULL)... tomcat-native-2.0.8-src/native/src/sslconf.c:233:5: branch_true: ...to here tomcat-native-2.0.8-src/native/src/sslconf.c:234:5: branch_true: following 'true' branch (when 'value' is non-NULL)... tomcat-native-2.0.8-src/native/src/sslconf.c:234:5: branch_true: ...to here tomcat-native-2.0.8-src/native/src/sslconf.c:238:8: branch_false: following 'false' branch (when 'ccmd' is non-NULL)... tomcat-native-2.0.8-src/native/src/sslconf.c:243:10: branch_false: ...to here tomcat-native-2.0.8-src/native/src/sslconf.c:243:8: branch_true: following 'true' branch (when the strings are equal)... tomcat-native-2.0.8-src/native/src/sslconf.c:248:15: branch_true: ...to here tomcat-native-2.0.8-src/native/src/sslconf.c:249:15: acquire_memory: allocated here tomcat-native-2.0.8-src/native/src/sslconf.c:250:12: branch_false: following 'false' branch (when 'buf' is non-NULL)... tomcat-native-2.0.8-src/native/src/sslconf.c:254:9: branch_false: ...to here tomcat-native-2.0.8-src/native/src/sslconf.c:259:8: branch_true: following 'true' branch (when the strings are equal)... tomcat-native-2.0.8-src/native/src/sslconf.c:260:14: branch_true: ...to here tomcat-native-2.0.8-src/native/src/sslconf.c:265:9: danger: 'buf' leaks here; was allocated at [(9)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/8) # 263| c->no_ocsp_check = 1; # 264| TCN_FREE_CSTRING(cmd); # 265|-> TCN_FREE_CSTRING(value); # 266| return 1; # 267| } Error: COMPILER_WARNING (CWE-477): [#def17] tomcat-native-2.0.8-src/native/src/sslcontext.c: scope_hint: In function 'Java_org_apache_tomcat_jni_SSLContext_setTmpDH' tomcat-native-2.0.8-src/native/src/sslcontext.c:765:5: warning[-Wdeprecated-declarations]: 'PEM_read_bio_DHparams' is deprecated: Since OpenSSL 3.0 # 765 | dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); # | ^~ /usr/include/openssl/ssl.h:37: included_from: Included from here. tomcat-native-2.0.8-src/native/include/ssl_private.h:38: included_from: Included from here. tomcat-native-2.0.8-src/native/src/sslcontext.c:27: included_from: Included from here. /usr/include/openssl/pem.h:478:1: note: declared here # 478 | DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH) # | ^~~~~~~~~~~~~~~~~~~ # 763| } # 764| # 765|-> dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); # 766| BIO_free(bio); # 767| if (!dh) { Error: COMPILER_WARNING (CWE-477): [#def18] tomcat-native-2.0.8-src/native/src/sslcontext.c:765:5: warning[-Wdeprecated-declarations]: 'PEM_read_bio_DHparams' is deprecated: Since OpenSSL 3.0 # 763| } # 764| # 765|-> dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); # 766| BIO_free(bio); # 767| if (!dh) { Error: COMPILER_WARNING (CWE-477): [#def19] tomcat-native-2.0.8-src/native/src/sslcontext.c:777:9: warning[-Wdeprecated-declarations]: 'DH_free' is deprecated: Since OpenSSL 3.0 # 777 | DH_free(dh); # | ^~~~~~~ /usr/include/openssl/dsa.h:31: included_from: Included from here. /usr/include/openssl/x509.h:37: included_from: Included from here. /usr/include/openssl/ssl.h:32: included_from: Included from here. /usr/include/openssl/dh.h:211:28: note: declared here # 211 | OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh); # | ^~~~~~~ # 775| if (1 != SSL_CTX_set_tmp_dh(c->ctx, dh)) { # 776| char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; # 777|-> DH_free(dh); # 778| ERR_error_string_n(SSL_ERR_get(), err, TCN_OPENSSL_ERROR_STRING_LENGTH); # 779| tcn_Throw(e, "Error while configuring DH with file %s: %s", J2S(file), err); Error: COMPILER_WARNING (CWE-477): [#def20] tomcat-native-2.0.8-src/native/src/sslcontext.c:777:9: warning[-Wdeprecated-declarations]: 'DH_free' is deprecated: Since OpenSSL 3.0 # 775| if (1 != SSL_CTX_set_tmp_dh(c->ctx, dh)) { # 776| char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; # 777|-> DH_free(dh); # 778| ERR_error_string_n(SSL_ERR_get(), err, TCN_OPENSSL_ERROR_STRING_LENGTH); # 779| tcn_Throw(e, "Error while configuring DH with file %s: %s", J2S(file), err); Error: COMPILER_WARNING (CWE-477): [#def21] tomcat-native-2.0.8-src/native/src/sslcontext.c:784:5: warning[-Wdeprecated-declarations]: 'DH_free' is deprecated: Since OpenSSL 3.0 # 784 | DH_free(dh); # | ^~~~~~~ /usr/include/openssl/dh.h:211:28: note: declared here # 211 | OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh); # | ^~~~~~~ # 782| } # 783| # 784|-> DH_free(dh); # 785| TCN_FREE_CSTRING(file); # 786| } Error: COMPILER_WARNING (CWE-477): [#def22] tomcat-native-2.0.8-src/native/src/sslcontext.c:784:5: warning[-Wdeprecated-declarations]: 'DH_free' is deprecated: Since OpenSSL 3.0 # 782| } # 783| # 784|-> DH_free(dh); # 785| TCN_FREE_CSTRING(file); # 786| } Error: COMPILER_WARNING (CWE-477): [#def23] tomcat-native-2.0.8-src/native/src/sslcontext.c: scope_hint: In function 'Java_org_apache_tomcat_jni_SSLContext_setTmpECDHByCurveName' tomcat-native-2.0.8-src/native/src/sslcontext.c:808:5: warning[-Wdeprecated-declarations]: 'EC_KEY_new_by_curve_name' is deprecated: Since OpenSSL 3.0 # 808 | ecdh = EC_KEY_new_by_curve_name(i); # | ^~~~ /usr/include/openssl/x509.h:33: included_from: Included from here. /usr/include/openssl/ec.h:1017:31: note: declared here # 1017 | OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name(int nid); # | ^~~~~~~~~~~~~~~~~~~~~~~~ # 806| } # 807| # 808|-> ecdh = EC_KEY_new_by_curve_name(i); # 809| if (!ecdh) { # 810| tcn_Throw(e, "Can't configure elliptic curve: unknown curve name %s", J2S(curveName)); Error: COMPILER_WARNING (CWE-477): [#def24] tomcat-native-2.0.8-src/native/src/sslcontext.c:808:5: warning[-Wdeprecated-declarations]: 'EC_KEY_new_by_curve_name' is deprecated: Since OpenSSL 3.0 # 806| } # 807| # 808|-> ecdh = EC_KEY_new_by_curve_name(i); # 809| if (!ecdh) { # 810| tcn_Throw(e, "Can't configure elliptic curve: unknown curve name %s", J2S(curveName)); Error: COMPILER_WARNING (CWE-477): [#def25] tomcat-native-2.0.8-src/native/src/sslcontext.c:818:9: warning[-Wdeprecated-declarations]: 'EC_KEY_free' is deprecated: Since OpenSSL 3.0 # 818 | EC_KEY_free(ecdh); # | ^~~~~~~~~~~ /usr/include/openssl/ec.h:1022:28: note: declared here # 1022 | OSSL_DEPRECATEDIN_3_0 void EC_KEY_free(EC_KEY *key); # | ^~~~~~~~~~~ # 816| if (1 != SSL_CTX_set_tmp_ecdh(c->ctx, ecdh)) { # 817| char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; # 818|-> EC_KEY_free(ecdh); # 819| ERR_error_string_n(SSL_ERR_get(), err, TCN_OPENSSL_ERROR_STRING_LENGTH); # 820| tcn_Throw(e, "Error while configuring elliptic curve %s: %s", J2S(curveName), err); Error: COMPILER_WARNING (CWE-477): [#def26] tomcat-native-2.0.8-src/native/src/sslcontext.c:818:9: warning[-Wdeprecated-declarations]: 'EC_KEY_free' is deprecated: Since OpenSSL 3.0 # 816| if (1 != SSL_CTX_set_tmp_ecdh(c->ctx, ecdh)) { # 817| char err[TCN_OPENSSL_ERROR_STRING_LENGTH]; # 818|-> EC_KEY_free(ecdh); # 819| ERR_error_string_n(SSL_ERR_get(), err, TCN_OPENSSL_ERROR_STRING_LENGTH); # 820| tcn_Throw(e, "Error while configuring elliptic curve %s: %s", J2S(curveName), err); Error: COMPILER_WARNING (CWE-477): [#def27] tomcat-native-2.0.8-src/native/src/sslcontext.c:824:5: warning[-Wdeprecated-declarations]: 'EC_KEY_free' is deprecated: Since OpenSSL 3.0 # 824 | EC_KEY_free(ecdh); # | ^~~~~~~~~~~ /usr/include/openssl/ec.h:1022:28: note: declared here # 1022 | OSSL_DEPRECATEDIN_3_0 void EC_KEY_free(EC_KEY *key); # | ^~~~~~~~~~~ # 822| return; # 823| } # 824|-> EC_KEY_free(ecdh); # 825| TCN_FREE_CSTRING(curveName); # 826| #else Error: COMPILER_WARNING (CWE-477): [#def28] tomcat-native-2.0.8-src/native/src/sslcontext.c:824:5: warning[-Wdeprecated-declarations]: 'EC_KEY_free' is deprecated: Since OpenSSL 3.0 # 822| return; # 823| } # 824|-> EC_KEY_free(ecdh); # 825| TCN_FREE_CSTRING(curveName); # 826| #else Error: COMPILER_WARNING (CWE-477): [#def29] tomcat-native-2.0.8-src/native/src/sslcontext.c: scope_hint: In function 'Java_org_apache_tomcat_jni_SSLContext_setCertificate' tomcat-native-2.0.8-src/native/src/sslcontext.c:1087:9: warning[-Wdeprecated-declarations]: 'DH_free' is deprecated: Since OpenSSL 3.0 # 1087 | DH_free(dhparams); # | ^~~~~~~ /usr/include/openssl/dh.h:211:28: note: declared here # 211 | OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh); # | ^~~~~~~ # 1085| if ((idx == 0) && (dhparams = SSL_dh_GetParamFromFile(cert_file))) { # 1086| SSL_CTX_set_tmp_dh(c->ctx, dhparams); # 1087|-> DH_free(dhparams); # 1088| } # 1089| Error: COMPILER_WARNING (CWE-477): [#def30] tomcat-native-2.0.8-src/native/src/sslcontext.c:1087:9: warning[-Wdeprecated-declarations]: 'DH_free' is deprecated: Since OpenSSL 3.0 # 1085| if ((idx == 0) && (dhparams = SSL_dh_GetParamFromFile(cert_file))) { # 1086| SSL_CTX_set_tmp_dh(c->ctx, dhparams); # 1087|-> DH_free(dhparams); # 1088| } # 1089| Error: COMPILER_WARNING (CWE-477): [#def31] tomcat-native-2.0.8-src/native/src/sslcontext.c:1098:9: warning[-Wdeprecated-declarations]: 'EC_KEY_new_by_curve_name' is deprecated: Since OpenSSL 3.0 # 1098 | (eckey = EC_KEY_new_by_curve_name(nid))) { # | ^ /usr/include/openssl/ec.h:1017:31: note: declared here # 1017 | OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name(int nid); # | ^~~~~~~~~~~~~~~~~~~~~~~~ # 1096| if ((ecparams = SSL_ec_GetParamFromFile(cert_file)) && # 1097| (nid = EC_GROUP_get_curve_name(ecparams)) && # 1098|-> (eckey = EC_KEY_new_by_curve_name(nid))) { # 1099| SSL_CTX_set_tmp_ecdh(c->ctx, eckey); # 1100| } Error: COMPILER_WARNING (CWE-477): [#def32] tomcat-native-2.0.8-src/native/src/sslcontext.c:1098:9: warning[-Wdeprecated-declarations]: 'EC_KEY_new_by_curve_name' is deprecated: Since OpenSSL 3.0 # 1096| if ((ecparams = SSL_ec_GetParamFromFile(cert_file)) && # 1097| (nid = EC_GROUP_get_curve_name(ecparams)) && # 1098|-> (eckey = EC_KEY_new_by_curve_name(nid))) { # 1099| SSL_CTX_set_tmp_ecdh(c->ctx, eckey); # 1100| } Error: COMPILER_WARNING (CWE-477): [#def33] tomcat-native-2.0.8-src/native/src/sslcontext.c:1102:5: warning[-Wdeprecated-declarations]: 'EC_KEY_free' is deprecated: Since OpenSSL 3.0 # 1102 | EC_KEY_free(eckey); # | ^~~~~~~~~~~ /usr/include/openssl/ec.h:1022:28: note: declared here # 1022 | OSSL_DEPRECATEDIN_3_0 void EC_KEY_free(EC_KEY *key); # | ^~~~~~~~~~~ # 1100| } # 1101| /* OpenSSL assures us that _free() is NULL-safe */ # 1102|-> EC_KEY_free(eckey); # 1103| EC_GROUP_free(ecparams); # 1104| #endif Error: COMPILER_WARNING (CWE-477): [#def34] tomcat-native-2.0.8-src/native/src/sslcontext.c:1102:5: warning[-Wdeprecated-declarations]: 'EC_KEY_free' is deprecated: Since OpenSSL 3.0 # 1100| } # 1101| /* OpenSSL assures us that _free() is NULL-safe */ # 1102|-> EC_KEY_free(eckey); # 1103| EC_GROUP_free(ecparams); # 1104| #endif Error: COMPILER_WARNING (CWE-477): [#def35] tomcat-native-2.0.8-src/native/src/sslcontext.c:1105:5: warning[-Wdeprecated-declarations]: 'SSL_CTX_set_tmp_dh_callback' is deprecated: Since OpenSSL 3.0 # 1105 | SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH); # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ /usr/include/openssl/ssl.h:2277:6: note: declared here # 2277 | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ # 1103| EC_GROUP_free(ecparams); # 1104| #endif # 1105|-> SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH); # 1106| # 1107| cleanup: Error: COMPILER_WARNING (CWE-477): [#def36] tomcat-native-2.0.8-src/native/src/sslcontext.c:1105:5: warning[-Wdeprecated-declarations]: 'SSL_CTX_set_tmp_dh_callback' is deprecated: Since OpenSSL 3.0 # 1103| EC_GROUP_free(ecparams); # 1104| #endif # 1105|-> SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH); # 1106| # 1107| cleanup: Error: COMPILER_WARNING (CWE-477): [#def37] tomcat-native-2.0.8-src/native/src/sslcontext.c: scope_hint: In function 'Java_org_apache_tomcat_jni_SSLContext_setCertificateRaw' tomcat-native-2.0.8-src/native/src/sslcontext.c:1214:5: warning[-Wdeprecated-declarations]: 'SSL_CTX_set_tmp_dh_callback' is deprecated: Since OpenSSL 3.0 # 1214 | SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH); # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ /usr/include/openssl/ssl.h:2277:6: note: declared here # 2277 | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ # 1212| */ # 1213| #endif # 1214|-> SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH); # 1215| cleanup: # 1216| free(key); Error: COMPILER_WARNING (CWE-477): [#def38] tomcat-native-2.0.8-src/native/src/sslcontext.c:1214:5: warning[-Wdeprecated-declarations]: 'SSL_CTX_set_tmp_dh_callback' is deprecated: Since OpenSSL 3.0 # 1212| */ # 1213| #endif # 1214|-> SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH); # 1215| cleanup: # 1216| free(key); Error: GCC_ANALYZER_WARNING (CWE-401): [#def39] tomcat-native-2.0.8-src/native/src/sslcontext.c:1519:9: warning[-Wanalyzer-malloc-leak]: leak of 'p_data' tomcat-native-2.0.8-src/native/src/sslcontext.c:1458:8: branch_false: following 'false' branch (when 'protos' is non-NULL)... tomcat-native-2.0.8-src/native/src/sslcontext.c:1463:11: branch_false: ...to here tomcat-native-2.0.8-src/native/src/sslcontext.c:1465:8: branch_false: following 'false' branch... tomcat-native-2.0.8-src/native/src/sslcontext.c:1470:32: branch_false: ...to here tomcat-native-2.0.8-src/native/src/sslcontext.c:1470:32: acquire_memory: allocated here tomcat-native-2.0.8-src/native/src/sslcontext.c:1471:8: branch_false: following 'false' branch (when 'p_data' is non-NULL)... branch_false: ...to here tomcat-native-2.0.8-src/native/src/sslcontext.c:1476:17: branch_true: following 'true' branch... tomcat-native-2.0.8-src/native/src/sslcontext.c:1477:35: branch_true: ...to here tomcat-native-2.0.8-src/native/src/sslcontext.c:1481:13: branch_true: following 'true' branch... tomcat-native-2.0.8-src/native/src/sslcontext.c:1485:24: branch_true: ...to here tomcat-native-2.0.8-src/native/src/sslcontext.c:1486:16: branch_false: following 'false' branch (when 'p_data_size >= p_data_len')... tomcat-native-2.0.8-src/native/src/sslcontext.c:1497:13: branch_false: ...to here tomcat-native-2.0.8-src/native/src/sslcontext.c:1476:17: branch_false: following 'false' branch... tomcat-native-2.0.8-src/native/src/sslcontext.c:1507:8: branch_false: ...to here tomcat-native-2.0.8-src/native/src/sslcontext.c:1507:8: branch_false: following 'false' branch (when 'p_data' is non-NULL)... tomcat-native-2.0.8-src/native/src/sslcontext.c:1512:13: branch_false: ...to here tomcat-native-2.0.8-src/native/src/sslcontext.c:1519:9: danger: 'p_data' leaks here; was allocated at [(5)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/4) # 1517| p_data -= p_data_len; # 1518| *proto_data = p_data; # 1519|-> *proto_len = p_data_len; # 1520| return 0; # 1521| } Error: COMPILER_WARNING (CWE-477): [#def40] tomcat-native-2.0.8-src/native/src/sslutils.c: scope_hint: In function 'SSL_dh_GetParamFromFile' tomcat-native-2.0.8-src/native/src/sslutils.c:191:5: warning[-Wdeprecated-declarations]: 'PEM_read_bio_DHparams' is deprecated: Since OpenSSL 3.0 # 191 | dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); # | ^~ /usr/include/openssl/ssl.h:37: included_from: Included from here. tomcat-native-2.0.8-src/native/include/ssl_private.h:38: included_from: Included from here. tomcat-native-2.0.8-src/native/src/sslutils.c:23: included_from: Included from here. /usr/include/openssl/pem.h:478:1: note: declared here # 478 | DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH) # | ^~~~~~~~~~~~~~~~~~~ # 189| if ((bio = BIO_new_file(file, "r")) == NULL) # 190| return NULL; # 191|-> dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); # 192| BIO_free(bio); # 193| return dh; Error: COMPILER_WARNING (CWE-477): [#def41] tomcat-native-2.0.8-src/native/src/sslutils.c:191:5: warning[-Wdeprecated-declarations]: 'PEM_read_bio_DHparams' is deprecated: Since OpenSSL 3.0 # 189| if ((bio = BIO_new_file(file, "r")) == NULL) # 190| return NULL; # 191|-> dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); # 192| BIO_free(bio); # 193| return dh; Error: COMPILER_WARNING (CWE-477): [#def42] tomcat-native-2.0.8-src/native/src/sslutils.c: scope_hint: In function 'SSL_ec_GetParamFromFile' tomcat-native-2.0.8-src/native/src/sslutils.c:204:5: warning[-Wdeprecated-declarations]: 'PEM_read_bio_ECPKParameters' is deprecated: Since OpenSSL 3.0 # 204 | group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL); # | ^~~~~ /usr/include/openssl/pem.h:470:1: note: declared here # 470 | DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, ECPKParameters, EC_GROUP) # | ^~~~~~~~~~~~~~~~~~~ # 202| if ((bio = BIO_new_file(file, "r")) == NULL) # 203| return NULL; # 204|-> group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL); # 205| BIO_free(bio); # 206| return (group); Error: COMPILER_WARNING (CWE-477): [#def43] tomcat-native-2.0.8-src/native/src/sslutils.c:204:5: warning[-Wdeprecated-declarations]: 'PEM_read_bio_ECPKParameters' is deprecated: Since OpenSSL 3.0 # 202| if ((bio = BIO_new_file(file, "r")) == NULL) # 203| return NULL; # 204|-> group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL); # 205| BIO_free(bio); # 206| return (group);
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-230.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | tomcat-native-2.0.8-1.fc43 |
| store-results-to | /tmp/tmpdatuowo3/tomcat-native-2.0.8-1.fc43.tar.xz |
| time-created | 2025-04-25 15:48:56 |
| time-finished | 2025-04-25 15:50:09 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpdatuowo3/tomcat-native-2.0.8-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpdatuowo3/tomcat-native-2.0.8-1.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |