Error: GCC_ANALYZER_WARNING (CWE-401): [#def1] opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:107:10: warning[-Wanalyzer-malloc-leak]: leak of ‘data’ opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:86:8: branch_false: following ‘false’ branch (when ‘rc == 0’)... opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:94:12: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:94:12: acquire_memory: allocated here opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:95:8: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)... opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:95:8: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:102:17: branch_false: following ‘false’ branch (when ‘i >= inputlen’)... opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:107:15: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:107:10: throw: if the called function throws an exception... opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:107:10: danger: ‘data’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 105| # 106| /* Sign */ # 107|-> rc = funcs->C_SignInit(session, mech, priv_key); # 108| if (rc != CKR_OK) { # 109| if (rc == CKR_MECHANISM_PARAM_INVALID && Error: GCC_ANALYZER_WARNING (CWE-401): [#def2] opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:129:10: warning[-Wanalyzer-malloc-leak]: leak of ‘data’ opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:86:8: branch_false: following ‘false’ branch (when ‘rc == 0’)... opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:94:12: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:94:12: acquire_memory: allocated here opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:95:8: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)... opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:95:8: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:102:17: branch_false: following ‘false’ branch (when ‘i >= inputlen’)... opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:107:15: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:108:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:129:15: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:129:10: throw: if the called function throws an exception... opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:129:10: danger: ‘data’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2) # 127| } # 128| # 129|-> rc = funcs->C_Sign(session, data, inputlen, NULL, &signaturelen); # 130| if (rc != CKR_OK) { # 131| if (rc == CKR_MECHANISM_PARAM_INVALID && Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:158:10: warning[-Wanalyzer-malloc-leak]: leak of ‘signature’ opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:86:8: branch_false: following ‘false’ branch (when ‘rc == 0’)... opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:94:12: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:95:8: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)... opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:95:8: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:108:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:129:15: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:130:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:150:17: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:150:17: acquire_memory: allocated here opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:151:8: branch_false: following ‘false’ branch (when ‘signature’ is non-NULL)... opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:158:15: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:158:10: throw: if the called function throws an exception... opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:158:10: danger: ‘signature’ leaks here; was allocated at [(9)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/8) # 156| } # 157| # 158|-> rc = funcs->C_Sign(session, data, inputlen, signature, &signaturelen); # 159| if (rc != CKR_OK) { # 160| testcase_error("C_Sign rc=%s", p11_get_ckr(rc)); Error: GCC_ANALYZER_WARNING (CWE-401): [#def4] opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:469:10: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp_key’ opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:458:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:462:15: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:462:15: acquire_memory: allocated here opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:463:8: branch_false: following ‘false’ branch (when ‘tmp_key’ is non-NULL)... opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:469:15: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:469:10: throw: if the called function throws an exception... opencryptoki-3.26.0/testcases/crypto/ibm_ml_dsa_func.c:469:10: danger: ‘tmp_key’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2) # 467| # 468| /* Now wrap the key */ # 469|-> rc = funcs->C_WrapKey(session, wrap_mech, secret_key, key_to_wrap, # 470| tmp_key, &tmp_len); # 471| if (rc != CKR_OK) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def5] opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:403:10: warning[-Wanalyzer-malloc-leak]: leak of ‘cipher’ opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:349:8: branch_false: following ‘false’ branch (when ‘rc == 0’)... opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:357:8: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:357:8: branch_false: following ‘false’ branch (when ‘hybrid == 0’)... opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:365:9: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:365:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:372:5: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:384:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:390:5: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:391:14: acquire_memory: allocated here opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:392:8: branch_false: following ‘false’ branch (when ‘cipher’ is non-NULL)... opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:400:5: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:403:10: throw: if the called function throws an exception... opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:403:10: danger: ‘cipher’ leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8) # 401| # 402| /* Encapsulation */ # 403|-> rc = funcs->C_DeriveKey(session, &mech, publ_key, derive_tmpl, # 404| secret_tmpl_len, &secret_key1); # 405| if (rc != CKR_OK) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def6] opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:615:10: warning[-Wanalyzer-malloc-leak]: leak of ‘cipher’ opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:492:7: enter_function: entry to ‘run_EnDecapsulateMLKEMwithECDH’ opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:534:8: branch_false: following ‘false’ branch (when ‘rc == 0’)... opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:541:10: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:541:8: branch_false: following ‘false’ branch (when ‘rc == 0’)... opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:548:9: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:548:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:570:10: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:570:10: call_function: calling ‘generate_EC_KeyPair’ from ‘run_EnDecapsulateMLKEMwithECDH’ opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:570:10: return_function: returning to ‘run_EnDecapsulateMLKEMwithECDH’ from ‘generate_EC_KeyPair’ opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:572:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:577:15: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:578:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:584:5: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:596:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:602:5: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:603:14: acquire_memory: allocated here opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:604:8: branch_false: following ‘false’ branch (when ‘cipher’ is non-NULL)... opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:612:5: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:615:10: throw: if the called function throws an exception... opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:615:10: danger: ‘cipher’ leaks here; was allocated at [(19)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/18) # 613| # 614| /* Encapsulation */ # 615|-> rc = funcs->C_DeriveKey(session, &mech, publ_key, derive_tmpl, # 616| secret_tmpl_len, &secret_key1); # 617| if (rc != CKR_OK) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def7] opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:1003:10: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp_key’ opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:992:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:996:15: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:996:15: acquire_memory: allocated here opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:997:8: branch_false: following ‘false’ branch (when ‘tmp_key’ is non-NULL)... opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:1003:15: branch_false: ...to here opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:1003:10: throw: if the called function throws an exception... opencryptoki-3.26.0/testcases/crypto/ibm_ml_kem_func.c:1003:10: danger: ‘tmp_key’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2) # 1001| # 1002| /* Now wrap the key */ # 1003|-> rc = funcs->C_WrapKey(session, wrap_mech, secret_key, key_to_wrap, # 1004| tmp_key, &tmp_len); # 1005| if (rc != CKR_OK) { Error: GCC_ANALYZER_WARNING (CWE-457): [#def8] opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2312:14: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘publ_opaquekeylen’ opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2182:14: enter_function: entry to ‘ibm_ml_dsa_export_import_tests’ opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2204:10: call_function: calling ‘is_cca_token’ from ‘ibm_ml_dsa_export_import_tests’ opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2204:10: return_function: returning to ‘ibm_ml_dsa_export_import_tests’ from ‘is_cca_token’ opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2208:8: branch_false: following ‘false’ branch (when ‘rc == 0’)... opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2212:10: branch_false: ...to here opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2212:8: branch_false: following ‘false’ branch (when ‘rc == 0’)... opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2217:5: branch_false: ...to here opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2217:5: branch_false: following ‘false’ branch... opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2218:5: branch_false: ...to here opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2218:5: branch_false: following ‘false’ branch... opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2220:17: branch_true: following ‘true’ branch... opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2221:22: branch_true: ...to here opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2246:12: branch_false: following ‘false’ branch... opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2262:9: branch_false: ...to here opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2267:12: branch_false: following ‘false’ branch... opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2272:9: branch_false: ...to here opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2274:12: branch_false: following ‘false’ branch... opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2281:19: branch_false: ...to here opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2282:12: branch_false: following ‘false’ branch... opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2286:19: branch_false: ...to here opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2287:12: branch_true: following ‘true’ branch... opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2300:14: branch_true: ...to here opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2300:14: call_function: calling ‘export_ibm_opaque’ from ‘ibm_ml_dsa_export_import_tests’ opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2300:14: return_function: returning to ‘ibm_ml_dsa_export_import_tests’ from ‘export_ibm_opaque’ opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2302:12: branch_false: following ‘false’ branch... opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2310:9: branch_false: ...to here opencryptoki-3.26.0/testcases/misc_tests/cca_ep11_export_import_test.c:2312:14: danger: use of uninitialized value ‘publ_opaquekeylen’ here # 2310| snprintf(label, sizeof(label), "re-imported_ml_dsa_%s_public_key", # 2311| ml_dsa_variants[i].name); # 2312|-> rc = import_ibm_ml_dsa_publ_key(session, CKK_IBM_ML_DSA, # 2313| label, publ_opaquekey, # 2314| publ_opaquekeylen, &imp_publ_key); Error: GCC_ANALYZER_WARNING (CWE-401): [#def9] opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5899:9: warning[-Wanalyzer-malloc-leak]: leak of 'priv_seed' opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5908:7: enter_function: entry to 'openssl_specific_pqc_generate_keypair' opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5932:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5937:16: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5937:16: call_function: calling 'openssl_get_pqc_oid_name' from 'openssl_specific_pqc_generate_keypair' opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5937:16: return_function: returning to 'openssl_specific_pqc_generate_keypair' from 'openssl_get_pqc_oid_name' opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5938:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5947:38: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5950:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5956:9: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5956:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5962:9: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5962:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5969:10: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5969:10: call_function: calling 'openssl_get_key_from_pkey' from 'openssl_specific_pqc_generate_keypair' opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5969:10: return_function: returning to 'openssl_specific_pqc_generate_keypair' from 'openssl_get_key_from_pkey' opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5971:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5976:10: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5976:10: call_function: calling 'openssl_get_key_from_pkey' from 'openssl_specific_pqc_generate_keypair' opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5976:10: return_function: returning to 'openssl_specific_pqc_generate_keypair' from 'openssl_get_key_from_pkey' opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5978:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5984:10: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5986:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5991:10: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5993:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:5998:5: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6014:8: branch_true: following 'true' branch... opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6015:14: branch_true: ...to here opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6015:14: call_function: calling 'openssl_get_key_from_pkey' from 'openssl_specific_pqc_generate_keypair' # 5897| } # 5898| # 5899|-> if (EVP_PKEY_get_octet_string_param(pkey, param, # 5900| *key, *key_len, key_len) != 1) { # 5901| TRACE_ERROR("EVP_PKEY_get_octet_string_param failed for '%s'\n", param); Error: GCC_ANALYZER_WARNING (CWE-401): [#def10] opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6168:14: warning[-Wanalyzer-malloc-leak]: leak of 'priv_key' opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6154:8: branch_true: following 'true' branch (when 'private_key != 0')... opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6155:14: branch_true: ...to here opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6156:12: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6161:20: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6161:20: acquire_memory: allocated here opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6162:12: branch_false: following 'false' branch (when 'priv_key' is non-NULL)... opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6168:14: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6168:14: throw: if 'pqc_pack_priv_key' throws an exception... opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6168:14: danger: 'priv_key' leaks here; was allocated at [(5)](sarif:/runs/0/results/97/codeFlows/0/threadFlows/0/locations/4) # 6166| } # 6167| # 6168|-> rc = pqc_pack_priv_key(tmpl, oid, mech, priv_key, &priv_len); # 6169| if (rc != CKR_OK) { # 6170| if (rc == CKR_ATTRIBUTE_VALUE_INVALID) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def11] opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6193:10: warning[-Wanalyzer-malloc-leak]: leak of 'pub_key' opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6181:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6186:15: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6186:15: acquire_memory: allocated here opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6187:8: branch_false: following 'false' branch (when 'pub_key' is non-NULL)... opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6193:10: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6193:10: throw: if 'pqc_pack_pub_key' throws an exception... opencryptoki-3.26.0/usr/lib/common/mech_openssl.c:6193:10: danger: 'pub_key' leaks here; was allocated at [(3)](sarif:/runs/0/results/98/codeFlows/0/threadFlows/0/locations/2) # 6191| } # 6192| # 6193|-> rc = pqc_pack_pub_key(tmpl, oid, mech, pub_key, &pub_len); # 6194| if (rc != CKR_OK) { # 6195| if (rc == CKR_ATTRIBUTE_VALUE_INVALID) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def12] opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:909:18: warning[-Wanalyzer-malloc-leak]: leak of 'ptr' opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:49:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:53:9: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:53:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:59:10: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:60:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:67:8: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:92:12: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:107:9: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:107:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:113:10: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:113:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:123:13: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:141:16: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:148:50: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:150:12: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:155:13: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:155:12: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:163:50: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:165:12: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:173:13: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:173:12: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:180:9: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:896:8: branch_true: following 'true' branch... opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:897:27: acquire_memory: allocated here opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:898:12: branch_false: following 'false' branch (when 'ptr' is non-NULL)... opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:903:9: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:906:9: branch_true: following 'true' branch... opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:908:9: branch_true: ...to here opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:909:18: throw: if 'ibm_ml_dsa_dup_param' throws an exception... opencryptoki-3.26.0/usr/lib/common/sign_mgr.c:909:18: danger: 'ptr' leaks here; was allocated at [(27)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/26) # 907| { # 908| case CKM_IBM_ML_DSA: # 909|-> rc = ibm_ml_dsa_dup_param(mech->pParameter, ptr, # 910| mech->ulParameterLen); # 911| if (rc != CKR_OK) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def13] opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:889:18: warning[-Wanalyzer-malloc-leak]: leak of 'ptr' opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:49:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:53:9: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:53:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:59:10: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:60:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:67:8: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:82:12: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:97:9: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:97:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:103:10: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:103:8: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:113:13: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:423:12: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:429:50: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:431:12: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:436:14: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:438:12: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:443:13: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:458:12: branch_false: following 'false' branch... opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:876:9: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:876:8: branch_true: following 'true' branch... opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:877:27: acquire_memory: allocated here opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:878:12: branch_false: following 'false' branch (when 'ptr' is non-NULL)... opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:883:9: branch_false: ...to here opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:886:9: branch_true: following 'true' branch... opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:888:9: branch_true: ...to here opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:889:18: throw: if 'ibm_ml_dsa_dup_param' throws an exception... opencryptoki-3.26.0/usr/lib/common/verify_mgr.c:889:18: danger: 'ptr' leaks here; was allocated at [(23)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/22) # 887| { # 888| case CKM_IBM_ML_DSA: # 889|-> rc = ibm_ml_dsa_dup_param(mech->pParameter, ptr, # 890| mech->ulParameterLen); # 891| if (rc != CKR_OK) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def14] opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8687:17: warning[-Wanalyzer-malloc-leak]: leak of ‘priv_key’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8605:14: enter_function: entry to ‘p11sak_export_dilithium_ml_dsa_pkey’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8641:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8650:11: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8653:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8659:16: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8659:16: call_function: calling ‘get_openssl_pqc_oid_name’ from ‘p11sak_export_dilithium_ml_dsa_pkey’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8659:16: return_function: returning to ‘p11sak_export_dilithium_ml_dsa_pkey’ from ‘get_openssl_pqc_oid_name’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8660:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8668:8: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8668:8: branch_true: following ‘true’ branch (when ‘private != 0’)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8669:20: branch_true: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8676:20: acquire_memory: allocated here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8677:12: branch_false: following ‘false’ branch (when ‘priv_key’ is non-NULL)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8683:13: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8683:12: branch_true: following ‘true’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8684:13: branch_true: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8686:16: branch_true: following ‘true’ branch (when ‘priv_seed’ is NULL)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8687:17: branch_true: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8687:17: throw: if ‘warnx’ throws an exception... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8687:17: danger: ‘priv_key’ leaks here; was allocated at [(17)](sarif:/runs/0/results/88/codeFlows/0/threadFlows/0/locations/16) # 8685| priv_seed = calloc(1, seed_len); # 8686| if (priv_seed == NULL) { # 8687|-> warnx("Failed to allocate buffer for private seed."); # 8688| rc = CKR_HOST_MEMORY; # 8689| goto out; Error: GCC_ANALYZER_WARNING (CWE-401): [#def15] opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8717:14: warning[-Wanalyzer-malloc-leak]: leak of ‘priv_seed’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8605:14: enter_function: entry to ‘p11sak_export_dilithium_ml_dsa_pkey’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8641:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8650:11: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8653:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8659:16: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8659:16: call_function: calling ‘get_openssl_pqc_oid_name’ from ‘p11sak_export_dilithium_ml_dsa_pkey’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8659:16: return_function: returning to ‘p11sak_export_dilithium_ml_dsa_pkey’ from ‘get_openssl_pqc_oid_name’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8660:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8668:8: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8668:8: branch_true: following ‘true’ branch (when ‘private != 0’)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8669:20: branch_true: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8677:12: branch_false: following ‘false’ branch (when ‘priv_key’ is non-NULL)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8683:13: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8683:12: branch_true: following ‘true’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8684:13: branch_true: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8685:25: acquire_memory: allocated here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8686:16: branch_false: following ‘false’ branch (when ‘priv_seed’ is non-NULL)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8694:9: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8712:12: branch_true: following ‘true’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8713:13: branch_true: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8717:14: branch_true: following ‘true’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8717:14: branch_true: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8717:14: throw: if the called function throws an exception... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8717:14: danger: ‘priv_seed’ leaks here; was allocated at [(21)](sarif:/runs/0/results/90/codeFlows/0/threadFlows/0/locations/20) # 8715| } # 8716| # 8717|-> rc = p11tool_pkcs11_funcs->C_GetAttributeValue(p11tool_pkcs11_session, # 8718| key, priv_attrs, # 8719| keytype->type == Error: GCC_ANALYZER_WARNING (CWE-401): [#def16] opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8962:13: warning[-Wanalyzer-malloc-leak]: leak of ‘priv_key’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8900:14: enter_function: entry to ‘p11sak_export_ml_kem_pkey’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8926:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8933:11: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8934:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8940:16: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8940:16: call_function: calling ‘get_openssl_pqc_oid_name’ from ‘p11sak_export_ml_kem_pkey’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8940:16: return_function: returning to ‘p11sak_export_ml_kem_pkey’ from ‘get_openssl_pqc_oid_name’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8941:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8949:8: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8949:8: branch_true: following ‘true’ branch (when ‘private != 0’)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8950:9: branch_true: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8952:20: acquire_memory: allocated here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8953:12: branch_false: following ‘false’ branch (when ‘priv_key’ is non-NULL)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8959:9: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8961:12: branch_true: following ‘true’ branch (when ‘priv_seed’ is NULL)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8962:13: branch_true: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8962:13: throw: if ‘warnx’ throws an exception... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8962:13: danger: ‘priv_key’ leaks here; was allocated at [(17)](sarif:/runs/0/results/92/codeFlows/0/threadFlows/0/locations/16) # 8960| priv_seed = calloc(1, seed_len); # 8961| if (priv_seed == NULL) { # 8962|-> warnx("Failed to allocate buffer for private seed."); # 8963| rc = CKR_HOST_MEMORY; # 8964| goto out; Error: GCC_ANALYZER_WARNING (CWE-401): [#def17] opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8972:14: warning[-Wanalyzer-malloc-leak]: leak of ‘priv_key’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8900:14: enter_function: entry to ‘p11sak_export_ml_kem_pkey’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8926:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8933:11: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8934:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8940:16: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8940:16: call_function: calling ‘get_openssl_pqc_oid_name’ from ‘p11sak_export_ml_kem_pkey’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8940:16: return_function: returning to ‘p11sak_export_ml_kem_pkey’ from ‘get_openssl_pqc_oid_name’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8941:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8949:8: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8949:8: branch_true: following ‘true’ branch (when ‘private != 0’)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8950:9: branch_true: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8952:20: acquire_memory: allocated here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8953:12: branch_false: following ‘false’ branch (when ‘priv_key’ is non-NULL)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8959:9: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8961:12: branch_false: following ‘false’ branch (when ‘priv_seed’ is non-NULL)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8967:9: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8972:14: throw: if the called function throws an exception... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8972:14: danger: ‘priv_key’ leaks here; was allocated at [(17)](sarif:/runs/0/results/93/codeFlows/0/threadFlows/0/locations/16) # 8970| priv_attrs[1].ulValueLen = oid->len_info.ml_kem.priv_seed_len; # 8971| # 8972|-> rc = p11tool_pkcs11_funcs->C_GetAttributeValue(p11tool_pkcs11_session, # 8973| key, priv_attrs, 2); # 8974| if (rc == CKR_ATTRIBUTE_SENSITIVE) Error: GCC_ANALYZER_WARNING (CWE-401): [#def18] opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8972:14: warning[-Wanalyzer-malloc-leak]: leak of ‘priv_seed’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8900:14: enter_function: entry to ‘p11sak_export_ml_kem_pkey’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8926:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8933:11: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8934:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8940:16: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8940:16: call_function: calling ‘get_openssl_pqc_oid_name’ from ‘p11sak_export_ml_kem_pkey’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8940:16: return_function: returning to ‘p11sak_export_ml_kem_pkey’ from ‘get_openssl_pqc_oid_name’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8941:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8949:8: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8949:8: branch_true: following ‘true’ branch (when ‘private != 0’)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8950:9: branch_true: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8953:12: branch_false: following ‘false’ branch (when ‘priv_key’ is non-NULL)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8959:9: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8960:21: acquire_memory: allocated here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8961:12: branch_false: following ‘false’ branch (when ‘priv_seed’ is non-NULL)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8967:9: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8972:14: throw: if the called function throws an exception... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8972:14: danger: ‘priv_seed’ leaks here; was allocated at [(19)](sarif:/runs/0/results/94/codeFlows/0/threadFlows/0/locations/18) # 8970| priv_attrs[1].ulValueLen = oid->len_info.ml_kem.priv_seed_len; # 8971| # 8972|-> rc = p11tool_pkcs11_funcs->C_GetAttributeValue(p11tool_pkcs11_session, # 8973| key, priv_attrs, 2); # 8974| if (rc == CKR_ATTRIBUTE_SENSITIVE) Error: GCC_ANALYZER_WARNING (CWE-401): [#def19] opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:9008:10: warning[-Wanalyzer-malloc-leak]: leak of ‘pub_key’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8900:14: enter_function: entry to ‘p11sak_export_ml_kem_pkey’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8926:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8933:11: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8934:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8940:16: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8940:16: call_function: calling ‘get_openssl_pqc_oid_name’ from ‘p11sak_export_ml_kem_pkey’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8940:16: return_function: returning to ‘p11sak_export_ml_kem_pkey’ from ‘get_openssl_pqc_oid_name’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8941:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8949:8: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8949:8: branch_false: following ‘false’ branch (when ‘private == 0’)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8996:5: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8998:15: acquire_memory: allocated here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8999:8: branch_false: following ‘false’ branch (when ‘pub_key’ is non-NULL)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:9005:5: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:9008:10: throw: if the called function throws an exception... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:9008:10: danger: ‘pub_key’ leaks here; was allocated at [(17)](sarif:/runs/0/results/95/codeFlows/0/threadFlows/0/locations/16) # 9006| pub_attrs[0].ulValueLen = oid->len_info.ml_kem.pk_len; # 9007| # 9008|-> rc = p11tool_pkcs11_funcs->C_GetAttributeValue(p11tool_pkcs11_session, key, # 9009| pub_attrs, 1); # 9010| if (rc == CKR_ATTRIBUTE_SENSITIVE) Error: GCC_ANALYZER_WARNING (CWE-401): [#def20] opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:9105:9: warning[-Wanalyzer-malloc-leak]: leak of ‘priv_key’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8900:14: enter_function: entry to ‘p11sak_export_ml_kem_pkey’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8926:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8933:11: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8934:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8940:16: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8940:16: call_function: calling ‘get_openssl_pqc_oid_name’ from ‘p11sak_export_ml_kem_pkey’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8940:16: return_function: returning to ‘p11sak_export_ml_kem_pkey’ from ‘get_openssl_pqc_oid_name’ opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8941:8: branch_false: following ‘false’ branch... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8949:8: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8949:8: branch_true: following ‘true’ branch (when ‘private != 0’)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8950:9: branch_true: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8952:20: acquire_memory: allocated here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8953:12: branch_false: following ‘false’ branch (when ‘priv_key’ is non-NULL)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8959:9: branch_false: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8961:12: branch_true: following ‘true’ branch (when ‘priv_seed’ is NULL)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:8962:13: branch_true: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:9104:8: branch_true: following ‘true’ branch (when ‘priv_key’ is non-NULL)... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:9105:9: branch_true: ...to here opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:9105:9: throw: if ‘OPENSSL_cleanse’ throws an exception... opencryptoki-3.26.0/usr/sbin/p11sak/p11sak.c:9105:9: danger: ‘priv_key’ leaks here; was allocated at [(17)](sarif:/runs/0/results/96/codeFlows/0/threadFlows/0/locations/16) # 9103| out: # 9104| if (priv_key != NULL) { # 9105|-> OPENSSL_cleanse(priv_key, priv_len); # 9106| free(priv_key); # 9107| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def21] opencryptoki-3.26.0/usr/sbin/pkcscca/pkcscca.c:1015:5: warning[-Wanalyzer-malloc-leak]: leak of ‘key_identifier’ opencryptoki-3.26.0/usr/sbin/pkcscca/pkcscca.c:1191:5: enter_function: entry to ‘cca_migrate’ opencryptoki-3.26.0/usr/sbin/pkcscca/pkcscca.c:1198:22: branch_true: following ‘true’ branch (when ‘key’ is non-NULL)... opencryptoki-3.26.0/usr/sbin/pkcscca/pkcscca.c:1199:9: branch_true: ...to here opencryptoki-3.26.0/usr/sbin/pkcscca/pkcscca.c:1220:18: call_function: calling ‘cca_migrate_asymmetric’ from ‘cca_migrate’ # 1013| memcpy(key_identifier, (char *) key->opaque_attr, key->attr_len); # 1014| # 1015|-> CSNDKTC(&return_code, # 1016| &reason_code, # 1017| &exit_data_length,
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.92.0 |
| diffbase-analyzer-version-cppcheck | 2.19.1 |
| diffbase-analyzer-version-gcc | 16.0.0 |
| diffbase-analyzer-version-gcc-analyzer | 16.0.0 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-195.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | opencryptoki-3.25.0-4.fc43 |
| diffbase-store-results-to | /tmp/tmpzcdi92dd/opencryptoki-3.25.0-4.fc43.tar.xz |
| diffbase-time-created | 2026-01-08 19:51:46 |
| diffbase-time-finished | 2026-01-08 19:56:52 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpzcdi92dd/opencryptoki-3.25.0-4.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpzcdi92dd/opencryptoki-3.25.0-4.fc43.src.rpm' |
| diffbase-tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-195.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | opencryptoki-3.26.0-1.fc44 |
| store-results-to | /tmp/tmpla9qeugt/opencryptoki-3.26.0-1.fc44.tar.xz |
| time-created | 2026-01-08 19:57:56 |
| time-finished | 2026-01-08 20:02:55 |
| title | Newly introduced findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpla9qeugt/opencryptoki-3.26.0-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpla9qeugt/opencryptoki-3.26.0-1.fc44.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |