Error: GCC_ANALYZER_WARNING (CWE-457): [#def1] opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1337:14: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘publ_opaquekeylen’ opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1233:14: enter_function: entry to ‘rsa_export_import_tests’ opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1251:10: call_function: calling ‘is_cca_token’ from ‘rsa_export_import_tests’ opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1251:10: return_function: returning to ‘rsa_export_import_tests’ from ‘is_cca_token’ opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1255:8: branch_false: following ‘false’ branch (when ‘rc == 0’)... opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1259:34: branch_false: ...to here opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1259:8: branch_false: following ‘false’ branch (when ‘rc == 0’)... opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1264:5: branch_false: ...to here opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1264:5: branch_false: following ‘false’ branch... opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1265:5: branch_false: ...to here opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1265:5: branch_false: following ‘false’ branch... opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1267:27: branch_true: following ‘true’ branch (when ‘keybitlen <= 4096’)... opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1269:9: branch_true: ...to here opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1277:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1291:9: branch_false: ...to here opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1296:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1300:18: branch_false: ...to here opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1303:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1310:19: branch_false: ...to here opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1311:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1315:19: branch_false: ...to here opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1316:12: branch_true: following ‘true’ branch... opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1328:14: branch_true: ...to here opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1328:14: call_function: calling ‘export_ibm_opaque’ from ‘rsa_export_import_tests’ opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1328:14: return_function: returning to ‘rsa_export_import_tests’ from ‘export_ibm_opaque’ opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1329:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1336:9: branch_false: ...to here opencryptoki-3.25.0/testcases/misc_tests/cca_ep11_export_import_test.c:1337:14: danger: use of uninitialized value ‘publ_opaquekeylen’ here # 1335| # 1336| snprintf(label, sizeof(label), "re-imported_rsa%u_public_key", keybitlen); # 1337|-> rc = import_rsa_publ_key(session, label, publ_opaquekey, publ_opaquekeylen, &imp_publ_key); # 1338| if (rc != CKR_OK) { # 1339| if (rc == CKR_PUBLIC_KEY_INVALID && is_ep11_token(SLOT_ID)) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def2] opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:864:10: warning[-Wanalyzer-malloc-leak]: leak of ‘state’ opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:770:5: branch_false: following ‘false’ branch... opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:771:5: branch_false: ...to here opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:771:5: branch_false: following ‘false’ branch... opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:773:8: branch_false: following ‘false’ branch (when ‘rc == 0’)... opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:780:34: branch_false: ...to here opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:780:8: branch_false: following ‘false’ branch (when ‘rc == 0’)... opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:787:34: branch_false: ...to here opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:787:8: branch_false: following ‘false’ branch (when ‘rc == 0’)... opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:796:10: branch_false: ...to here opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:797:8: branch_false: following ‘false’ branch... opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:816:15: branch_false: ...to here opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:817:8: branch_false: following ‘false’ branch... opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:825:15: branch_false: ...to here opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:826:8: branch_false: following ‘false’ branch... opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:835:5: branch_false: ...to here opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:838:8: branch_false: following ‘false’ branch... opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:845:15: branch_false: ...to here opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:846:8: branch_false: following ‘false’ branch... opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:857:13: branch_false: ...to here opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:857:13: acquire_memory: allocated here opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:858:8: branch_false: following ‘false’ branch (when ‘state’ is non-NULL)... opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:864:15: branch_false: ...to here opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:864:10: throw: if the called function throws an exception... opencryptoki-3.25.0/testcases/misc_tests/dual_functions.c:864:10: danger: ‘state’ leaks here; was allocated at [(21)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/20) # 862| } # 863| # 864|-> rc = funcs->C_GetOperationState(session, state, &state_len); # 865| if (rc != CKR_OK) { # 866| if (rc == CKR_STATE_UNSAVEABLE) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6037:14: warning[-Wanalyzer-malloc-leak]: leak of 'priv_key' opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6023:8: branch_true: following 'true' branch (when 'private_key != 0')... opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6024:14: branch_true: ...to here opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6025:12: branch_false: following 'false' branch... opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6030:20: branch_false: ...to here opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6030:20: acquire_memory: allocated here opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6031:12: branch_false: following 'false' branch (when 'priv_key' is non-NULL)... opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6037:14: branch_false: ...to here opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6037:14: throw: if 'ibm_dilithium_pack_priv_key' throws an exception... opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6037:14: danger: 'priv_key' leaks here; was allocated at [(5)](sarif:/runs/0/results/96/codeFlows/0/threadFlows/0/locations/4) # 6035| } # 6036| # 6037|-> rc = ibm_dilithium_pack_priv_key(tmpl, oid, priv_key, &priv_len); # 6038| if (rc != CKR_OK) { # 6039| TRACE_ERROR("ibm_dilithium_pack_priv_key failed\n"); Error: GCC_ANALYZER_WARNING (CWE-401): [#def4] opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6057:10: warning[-Wanalyzer-malloc-leak]: leak of 'pub_key' opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6023:8: branch_false: following 'false' branch (when 'private_key == 0')... opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6044:10: branch_false: ...to here opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6045:8: branch_false: following 'false' branch... opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6050:15: branch_false: ...to here opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6050:15: acquire_memory: allocated here opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6051:8: branch_false: following 'false' branch (when 'pub_key' is non-NULL)... opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6057:10: branch_false: ...to here opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6057:10: throw: if 'ibm_dilithium_pack_pub_key' throws an exception... opencryptoki-3.25.0/usr/lib/common/mech_openssl.c:6057:10: danger: 'pub_key' leaks here; was allocated at [(5)](sarif:/runs/0/results/97/codeFlows/0/threadFlows/0/locations/4) # 6055| } # 6056| # 6057|-> rc = ibm_dilithium_pack_pub_key(tmpl, oid, pub_key, &pub_len); # 6058| if (rc != CKR_OK) { # 6059| TRACE_ERROR("ibm_dilithium_pack_pub_key failed\n"); Error: GCC_ANALYZER_WARNING (CWE-401): [#def5] opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1168:17: warning[-Wanalyzer-malloc-leak]: leak of ‘conn’ opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1060:17: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:13: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: acquire_memory: allocated here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1117:12: branch_false: following ‘false’ branch (when ‘conn’ is non-NULL)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1122:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1128:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1136:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1144:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1151:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:12: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1162:48: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1163:20: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1168:17: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1168:17: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1168:17: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1168:17: throw: if ‘kmip_print_debug’ throws an exception... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1168:17: danger: ‘conn’ leaks here; was allocated at [(9)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/8) # 1166| goto out; # 1167| } # 1168|-> kmip_debug(debug, "issuer cert: '%s'", # 1169| conn->config.tls_issuer_cert); # 1170| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def6] opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1176:25: warning[-Wanalyzer-malloc-leak]: leak of ‘conn’ opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1060:17: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:13: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: acquire_memory: allocated here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1117:12: branch_false: following ‘false’ branch (when ‘conn’ is non-NULL)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1122:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1128:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1136:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1144:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1151:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:12: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1174:41: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1175:20: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1176:25: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1176:25: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1176:25: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1176:25: throw: if ‘kmip_print_debug’ throws an exception... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1176:25: danger: ‘conn’ leaks here; was allocated at [(9)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/8) # 1174| strdup(config->tls_pinned_pubkey); # 1175| if (conn->config.tls_pinned_pubkey == NULL) { # 1176|-> kmip_debug(debug, "strdup failed"); # 1177| rc = -ENOMEM; # 1178| goto out; Error: GCC_ANALYZER_WARNING (CWE-401): [#def7] opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1180:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1060:17: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:13: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1117:12: branch_false: following ‘false’ branch (when ‘conn’ is non-NULL)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1122:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1128:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1136:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1144:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1151:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:12: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1174:41: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1174:41: acquire_memory: allocated here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1175:20: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1180:17: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1180:17: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1180:17: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1180:17: throw: if ‘kmip_print_debug’ throws an exception... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1180:17: danger: ‘<unknown>’ leaks here; was allocated at [(29)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/28) # 1178| goto out; # 1179| } # 1180|-> kmip_debug(debug, "pinned pubkey: '%s'", # 1181| conn->config.tls_pinned_pubkey); # 1182| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1180:17: warning[-Wanalyzer-malloc-leak]: leak of ‘conn’ opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1060:17: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:13: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: acquire_memory: allocated here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1117:12: branch_false: following ‘false’ branch (when ‘conn’ is non-NULL)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1122:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1128:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1136:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1144:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1151:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:12: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1174:41: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1175:20: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1180:17: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1180:17: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1180:17: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1180:17: throw: if ‘kmip_print_debug’ throws an exception... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1180:17: danger: ‘conn’ leaks here; was allocated at [(9)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/8) # 1178| goto out; # 1179| } # 1180|-> kmip_debug(debug, "pinned pubkey: '%s'", # 1181| conn->config.tls_pinned_pubkey); # 1182| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def9] opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1187:25: warning[-Wanalyzer-malloc-leak]: leak of ‘conn’ opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1060:17: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:13: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: acquire_memory: allocated here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1117:12: branch_false: following ‘false’ branch (when ‘conn’ is non-NULL)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1122:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1128:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1136:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1144:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1151:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:12: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1185:48: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1186:20: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1187:25: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1187:25: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1187:25: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1187:25: throw: if ‘kmip_print_debug’ throws an exception... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1187:25: danger: ‘conn’ leaks here; was allocated at [(9)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/8) # 1185| conn->config.tls_server_cert = strdup(config->tls_server_cert); # 1186| if (conn->config.tls_server_cert == NULL) { # 1187|-> kmip_debug(debug, "strdup failed"); # 1188| rc = -ENOMEM; # 1189| goto out; Error: GCC_ANALYZER_WARNING (CWE-401): [#def10] opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1191:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1060:17: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:13: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1117:12: branch_false: following ‘false’ branch (when ‘conn’ is non-NULL)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1122:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1128:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1136:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1144:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1151:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:12: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1185:48: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1185:48: acquire_memory: allocated here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1186:20: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1191:17: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1191:17: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1191:17: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1191:17: throw: if ‘kmip_print_debug’ throws an exception... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1191:17: danger: ‘<unknown>’ leaks here; was allocated at [(31)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/30) # 1189| goto out; # 1190| } # 1191|-> kmip_debug(debug, "server cert: '%s'", # 1192| conn->config.tls_server_cert); # 1193| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def11] opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1191:17: warning[-Wanalyzer-malloc-leak]: leak of ‘conn’ opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1060:17: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:13: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: acquire_memory: allocated here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1117:12: branch_false: following ‘false’ branch (when ‘conn’ is non-NULL)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1122:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1128:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1136:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1144:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1151:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:12: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1185:48: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1186:20: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1191:17: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1191:17: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1191:17: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1191:17: throw: if ‘kmip_print_debug’ throws an exception... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1191:17: danger: ‘conn’ leaks here; was allocated at [(9)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/8) # 1189| goto out; # 1190| } # 1191|-> kmip_debug(debug, "server cert: '%s'", # 1192| conn->config.tls_server_cert); # 1193| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def12] opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: warning[-Wanalyzer-malloc-leak]: leak of ‘conn’ opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1060:17: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:13: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: acquire_memory: allocated here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1117:12: branch_false: following ‘false’ branch (when ‘conn’ is non-NULL)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1122:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1128:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1136:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1144:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1151:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1195:40: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: throw: if ‘kmip_print_debug’ throws an exception... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: danger: ‘conn’ leaks here; was allocated at [(9)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/8) # 1195| conn->config.tls_verify_peer = config->tls_verify_peer; # 1196| conn->config.tls_verify_host = config->tls_verify_host; # 1197|-> kmip_debug(debug, "verify peer: %d", conn->config.tls_verify_peer); # 1198| kmip_debug(debug, "verify host: %d", conn->config.tls_verify_host); # 1199| Error: GCC_ANALYZER_WARNING (CWE-401): [#def13] opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1198:9: warning[-Wanalyzer-malloc-leak]: leak of ‘conn’ opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1060:17: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:13: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: acquire_memory: allocated here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1117:12: branch_false: following ‘false’ branch (when ‘conn’ is non-NULL)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1122:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1128:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1136:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1144:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1151:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1195:40: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1198:9: throw: if ‘kmip_print_debug’ throws an exception... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1198:9: danger: ‘conn’ leaks here; was allocated at [(9)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/8) # 1196| conn->config.tls_verify_host = config->tls_verify_host; # 1197| kmip_debug(debug, "verify peer: %d", conn->config.tls_verify_peer); # 1198|-> kmip_debug(debug, "verify host: %d", conn->config.tls_verify_host); # 1199| # 1200| if (config->tls_cipher_list != NULL) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def14] opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1203:25: warning[-Wanalyzer-malloc-leak]: leak of ‘conn’ opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1060:17: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:13: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: acquire_memory: allocated here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1117:12: branch_false: following ‘false’ branch (when ‘conn’ is non-NULL)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1122:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1128:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1136:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1144:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1151:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1195:40: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1200:12: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1201:48: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1202:20: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1203:25: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1203:25: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1203:25: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1203:25: throw: if ‘kmip_print_debug’ throws an exception... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1203:25: danger: ‘conn’ leaks here; was allocated at [(9)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/8) # 1201| conn->config.tls_cipher_list = strdup(config->tls_cipher_list); # 1202| if (conn->config.tls_cipher_list == NULL) { # 1203|-> kmip_debug(debug, "strdup failed"); # 1204| rc = -ENOMEM; # 1205| goto out; Error: GCC_ANALYZER_WARNING (CWE-401): [#def15] opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1207:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1060:17: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:13: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1117:12: branch_false: following ‘false’ branch (when ‘conn’ is non-NULL)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1122:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1128:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1136:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1144:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1151:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1195:40: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1200:12: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1201:48: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1201:48: acquire_memory: allocated here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1202:20: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1207:17: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1207:17: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1207:17: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1207:17: throw: if ‘kmip_print_debug’ throws an exception... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1207:17: danger: ‘<unknown>’ leaks here; was allocated at [(35)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/34) # 1205| goto out; # 1206| } # 1207|-> kmip_debug(debug, "TLS cipher list: '%s'", # 1208| conn->config.tls_cipher_list); # 1209| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def16] opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1207:17: warning[-Wanalyzer-malloc-leak]: leak of ‘conn’ opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1060:17: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:13: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: acquire_memory: allocated here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1117:12: branch_false: following ‘false’ branch (when ‘conn’ is non-NULL)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1122:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1128:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1136:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1144:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1151:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1195:40: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1200:12: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1201:48: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1202:20: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1207:17: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1207:17: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1207:17: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1207:17: throw: if ‘kmip_print_debug’ throws an exception... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1207:17: danger: ‘conn’ leaks here; was allocated at [(9)](sarif:/runs/0/results/32/codeFlows/0/threadFlows/0/locations/8) # 1205| goto out; # 1206| } # 1207|-> kmip_debug(debug, "TLS cipher list: '%s'", # 1208| conn->config.tls_cipher_list); # 1209| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def17] opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1215:25: warning[-Wanalyzer-malloc-leak]: leak of ‘conn’ opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1060:17: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:13: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: acquire_memory: allocated here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1117:12: branch_false: following ‘false’ branch (when ‘conn’ is non-NULL)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1122:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1128:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1136:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1144:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1151:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1195:40: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1200:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1211:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1211:12: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1213:41: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1214:20: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1215:25: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1215:25: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1215:25: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1215:25: throw: if ‘kmip_print_debug’ throws an exception... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1215:25: danger: ‘conn’ leaks here; was allocated at [(9)](sarif:/runs/0/results/33/codeFlows/0/threadFlows/0/locations/8) # 1213| strdup(config->tls13_cipher_list); # 1214| if (conn->config.tls13_cipher_list == NULL) { # 1215|-> kmip_debug(debug, "strdup failed"); # 1216| rc = -ENOMEM; # 1217| goto out; Error: GCC_ANALYZER_WARNING (CWE-401): [#def18] opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1219:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1060:17: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:13: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1117:12: branch_false: following ‘false’ branch (when ‘conn’ is non-NULL)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1122:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1128:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1136:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1144:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1151:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1195:40: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1200:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1211:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1211:12: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1213:41: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1213:41: acquire_memory: allocated here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1214:20: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1219:17: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1219:17: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1219:17: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1219:17: throw: if ‘kmip_print_debug’ throws an exception... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1219:17: danger: ‘<unknown>’ leaks here; was allocated at [(37)](sarif:/runs/0/results/34/codeFlows/0/threadFlows/0/locations/36) # 1217| goto out; # 1218| } # 1219|-> kmip_debug(debug, "TLSv1.3 cipher list: '%s'", # 1220| conn->config.tls13_cipher_list); # 1221| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def19] opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1219:17: warning[-Wanalyzer-malloc-leak]: leak of ‘conn’ opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1060:17: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:13: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: acquire_memory: allocated here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1117:12: branch_false: following ‘false’ branch (when ‘conn’ is non-NULL)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1122:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1128:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1136:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1144:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1151:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1195:40: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1200:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1211:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1211:12: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1213:41: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1214:20: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1219:17: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1219:17: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1219:17: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1219:17: throw: if ‘kmip_print_debug’ throws an exception... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1219:17: danger: ‘conn’ leaks here; was allocated at [(9)](sarif:/runs/0/results/35/codeFlows/0/threadFlows/0/locations/8) # 1217| goto out; # 1218| } # 1219|-> kmip_debug(debug, "TLSv1.3 cipher list: '%s'", # 1220| conn->config.tls13_cipher_list); # 1221| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def20] opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1225:22: warning[-Wanalyzer-malloc-leak]: leak of ‘conn’ opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1060:17: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:13: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1103:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1107:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1111:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1116:16: acquire_memory: allocated here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1117:12: branch_false: following ‘false’ branch (when ‘conn’ is non-NULL)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1122:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1128:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1133:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1136:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1141:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1144:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1149:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1151:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1161:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1172:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1184:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1195:40: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: branch_true: following ‘true’ branch (when ‘debug != 0’)... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1197:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1200:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1211:13: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1211:12: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1223:17: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1223:9: branch_true: following ‘true’ branch... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1224:9: branch_true: ...to here opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1225:22: throw: if ‘kmip_connection_tls_init’ throws an exception... opencryptoki-3.25.0/usr/sbin/p11kmip/kmipclient/kmip.c:1225:22: danger: ‘conn’ leaks here; was allocated at [(9)](sarif:/runs/0/results/36/codeFlows/0/threadFlows/0/locations/8) # 1223| switch (conn->config.transport) { # 1224| case KMIP_TRANSPORT_PLAIN_TLS: # 1225|-> rc = kmip_connection_tls_init(conn, debug); # 1226| if (rc != 0) { # 1227| kmip_debug(debug, "kmip_connection_tls_init failed"); Error: GCC_ANALYZER_WARNING (CWE-401): [#def21] opencryptoki-3.25.0/usr/sbin/p11sak/p11sak.c:3240:14: warning[-Wanalyzer-malloc-leak]: leak of ‘matched_objs’ opencryptoki-3.25.0/usr/sbin/p11sak/p11sak.c:9284:14: enter_function: entry to ‘p11sak_extract_cert_pubkey’ opencryptoki-3.25.0/usr/sbin/p11sak/p11sak.c:9290:8: branch_false: following ‘false’ branch... opencryptoki-3.25.0/usr/sbin/p11sak/p11sak.c:9293:5: branch_false: ...to here opencryptoki-3.25.0/usr/sbin/p11sak/p11sak.c:9295:10: call_function: calling ‘iterate_objects’ from ‘p11sak_extract_cert_pubkey’ # 3238| # 3239| if (typestr != NULL) { # 3240|-> rc = p11tool_get_typestr_value(class_val, keysize_val, objtype_val, # 3241| label_val, typestr); # 3242| if (rc != CKR_OK) { Error: COMPILER_WARNING: [#def22] opencryptoki-3.25.0/usr/sbin/pkcscca/pkcscca.c: scope_hint: In function ‘main’ opencryptoki-3.25.0/usr/sbin/pkcscca/pkcscca.c:1752:28: warning[-Wunused-but-set-variable=]: variable ‘c_flag’ set but not used # 1752 | int ret = -1, opt = 0, c_flag = 0, masterkey = 0; # | ^~~~~~ # 1750| int main(int argc, char **argv) # 1751| { # 1752|-> int ret = -1, opt = 0, c_flag = 0, masterkey = 0; # 1753| int data_store_len = 0; # 1754| CK_SLOT_ID slot_id = 0;
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.92.0 |
| diffbase-analyzer-version-cppcheck | 2.19.1 |
| diffbase-analyzer-version-gcc | 16.0.0 |
| diffbase-analyzer-version-gcc-analyzer | 16.0.0 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-195.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | opencryptoki-3.26.0-1.fc44 |
| diffbase-store-results-to | /tmp/tmpla9qeugt/opencryptoki-3.26.0-1.fc44.tar.xz |
| diffbase-time-created | 2026-01-08 19:57:56 |
| diffbase-time-finished | 2026-01-08 20:02:55 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpla9qeugt/opencryptoki-3.26.0-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpla9qeugt/opencryptoki-3.26.0-1.fc44.src.rpm' |
| diffbase-tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-195.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | opencryptoki-3.25.0-4.fc43 |
| store-results-to | /tmp/tmpzcdi92dd/opencryptoki-3.25.0-4.fc43.tar.xz |
| time-created | 2026-01-08 19:51:46 |
| time-finished | 2026-01-08 19:56:52 |
| title | Fixed findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpzcdi92dd/opencryptoki-3.25.0-4.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpzcdi92dd/opencryptoki-3.25.0-4.fc43.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |