Error: GCC_ANALYZER_WARNING (CWE-401): [#def1] openssh-10.0p1/kex-names.c:116:37: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’ openssh-10.0p1/kex-names.c:219:1: enter_function: entry to ‘kex_names_valid’ openssh-10.0p1/kex-names.c:223:12: branch_false: following ‘false’ branch... openssh-10.0p1/kex-names.c:225:23: acquire_memory: allocated here openssh-10.0p1/kex-names.c:225:12: branch_false: following ‘false’ branch... openssh-10.0p1/kex-names.c:227:19: branch_false: ...to here openssh-10.0p1/kex-names.c:227:38: branch_true: following ‘true’ branch... openssh-10.0p1/kex-names.c:229:21: call_function: calling ‘kex_alg_by_name’ from ‘kex_names_valid’ # 114| # 115| if (is_fetched == -1) { # 116|-> EVP_KEM *mlkem768 = EVP_KEM_fetch(NULL, "mlkem768", NULL); # 117| is_fetched = mlkem768 != NULL ? 1 : 0; # 118| EVP_KEM_free(mlkem768); Error: GCC_ANALYZER_WARNING (CWE-401): [#def2] openssh-10.0p1/kex-names.c:231:33: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’ openssh-10.0p1/kex-names.c:223:12: branch_false: following ‘false’ branch... openssh-10.0p1/kex-names.c:225:23: acquire_memory: allocated here openssh-10.0p1/kex-names.c:225:12: branch_false: following ‘false’ branch... openssh-10.0p1/kex-names.c:227:19: branch_false: ...to here openssh-10.0p1/kex-names.c:227:38: branch_true: following ‘true’ branch... openssh-10.0p1/kex-names.c:229:20: branch_true: following ‘true’ branch... openssh-10.0p1/kex-names.c:230:29: branch_true: ...to here openssh-10.0p1/kex-names.c:230:28: branch_true: following ‘true’ branch... openssh-10.0p1/kex-names.c:231:33: branch_true: ...to here openssh-10.0p1/kex-names.c:231:33: throw: if ‘sshlog’ throws an exception... openssh-10.0p1/kex-names.c:231:33: danger: ‘cp’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2) # 229| if (kex_alg_by_name(p) == NULL) { # 230| if (FIPS_mode()) # 231|-> error("\"%.100s\" is not allowed in FIPS mode", p); # 232| else # 233| error("Unsupported KEX algorithm \"%.100s\"", p); Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] openssh-10.0p1/kex-names.c:233:33: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’ openssh-10.0p1/kex-names.c:223:12: branch_false: following ‘false’ branch... openssh-10.0p1/kex-names.c:225:23: acquire_memory: allocated here openssh-10.0p1/kex-names.c:225:12: branch_false: following ‘false’ branch... openssh-10.0p1/kex-names.c:227:19: branch_false: ...to here openssh-10.0p1/kex-names.c:227:38: branch_true: following ‘true’ branch... openssh-10.0p1/kex-names.c:229:20: branch_true: following ‘true’ branch... openssh-10.0p1/kex-names.c:230:29: branch_true: ...to here openssh-10.0p1/kex-names.c:230:28: branch_false: following ‘false’ branch... openssh-10.0p1/kex-names.c:233:33: branch_false: ...to here openssh-10.0p1/kex-names.c:233:33: throw: if ‘sshlog’ throws an exception... openssh-10.0p1/kex-names.c:233:33: danger: ‘cp’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2) # 231| error("\"%.100s\" is not allowed in FIPS mode", p); # 232| else # 233|-> error("Unsupported KEX algorithm \"%.100s\"", p); # 234| free(s); # 235| return 0; Error: GCC_ANALYZER_WARNING (CWE-401): [#def4] openssh-10.0p1/kex.c:766:9: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’ openssh-10.0p1/kex.c:697:1: enter_function: entry to ‘kex_new’ openssh-10.0p1/kex.c:701:20: acquire_memory: allocated here openssh-10.0p1/kex.c:701:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)... openssh-10.0p1/kex.c:702:26: branch_false: ...to here openssh-10.0p1/kex.c:701:13: branch_true: following ‘true’ branch... openssh-10.0p1/kex.c:707:17: branch_true: ...to here openssh-10.0p1/kex.c:707:17: call_function: calling ‘kex_free’ from ‘kex_new’ # 764| sshbuf_free(kex->server_version); # 765| sshbuf_free(kex->client_pub); # 766|-> sshbuf_free(kex->session_id); # 767| #ifdef GSSAPI # 768| free(kex->gss_host); Error: COMPILER_WARNING (CWE-477): [#def5] openssh-10.0p1/openbsd-compat/port-linux-sshd.c: scope_hint: In function ‘sshd_selinux_copy_context’ openssh-10.0p1/openbsd-compat/port-linux-sshd.c:461:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated # 461 | if (getexeccon((security_context_t *)&ctx) != 0) { # | ^~ # 459| return; # 460| # 461|-> if (getexeccon((security_context_t *)&ctx) != 0) { # 462| logit_f("getexeccon failed with %s", strerror(errno)); # 463| return; Error: COMPILER_WARNING (CWE-477): [#def6] openssh-10.0p1/openbsd-compat/port-linux-sshd.c:461:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated # 459| return; # 460| # 461|-> if (getexeccon((security_context_t *)&ctx) != 0) { # 462| logit_f("getexeccon failed with %s", strerror(errno)); # 463| return; Error: GCC_ANALYZER_WARNING (CWE-775): [#def7] openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(selinux_openssh_contexts_path(), "r")’ openssh-10.0p1/openbsd-compat/port-linux-sshd.c:485:12: branch_false: following ‘false’ branch... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: branch_false: ...to here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: acquire_resource: opened here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:12: branch_false: following ‘false’ branch... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: ...to here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:12: branch_false: following ‘false’ branch... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:13: branch_false: ...to here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:32: branch_false: ...to here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: ...to here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:503:16: branch_true: following ‘true’ branch... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:505:28: branch_true: ...to here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:515:23: throw: if ‘strdelim’ throws an exception... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:13: danger: ‘fopen(selinux_openssh_contexts_path(), "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/2) # 494| # 495| if (fstat(fileno(contexts_file), &sb) != 0 || # 496|-> sb.st_uid != 0 || (sb.st_mode & 022) != 0) { # 497| logit_f("SELinux context file needs to be owned by root" # 498| " and not writable by anyone else"); Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(selinux_openssh_contexts_path(), "r")’ openssh-10.0p1/openbsd-compat/port-linux-sshd.c:485:12: branch_false: following ‘false’ branch... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: branch_false: ...to here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: acquire_memory: allocated here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:12: branch_false: following ‘false’ branch... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: ...to here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:12: branch_false: following ‘false’ branch... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:13: branch_false: ...to here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:32: branch_false: ...to here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: ...to here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:503:16: branch_true: following ‘true’ branch... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:505:28: branch_true: ...to here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:515:23: throw: if ‘strdelim’ throws an exception... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:13: danger: ‘fopen(selinux_openssh_contexts_path(), "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/2) # 494| # 495| if (fstat(fileno(contexts_file), &sb) != 0 || # 496|-> sb.st_uid != 0 || (sb.st_mode & 022) != 0) { # 497| logit_f("SELinux context file needs to be owned by root" # 498| " and not writable by anyone else"); Error: GCC_ANALYZER_WARNING (CWE-775): [#def9] openssh-10.0p1/openbsd-compat/port-linux-sshd.c:497:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(selinux_openssh_contexts_path(), "r")’ openssh-10.0p1/openbsd-compat/port-linux-sshd.c:485:12: branch_false: following ‘false’ branch... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: branch_false: ...to here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: acquire_resource: opened here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:12: branch_false: following ‘false’ branch... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: ...to here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:497:17: throw: if ‘sshlog’ throws an exception... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:497:17: danger: ‘fopen(selinux_openssh_contexts_path(), "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/2) # 495| if (fstat(fileno(contexts_file), &sb) != 0 || # 496| sb.st_uid != 0 || (sb.st_mode & 022) != 0) { # 497|-> logit_f("SELinux context file needs to be owned by root" # 498| " and not writable by anyone else"); # 499| fclose(contexts_file); Error: GCC_ANALYZER_WARNING (CWE-401): [#def10] openssh-10.0p1/openbsd-compat/port-linux-sshd.c:497:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(selinux_openssh_contexts_path(), "r")’ openssh-10.0p1/openbsd-compat/port-linux-sshd.c:485:12: branch_false: following ‘false’ branch... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: branch_false: ...to here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: acquire_memory: allocated here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:12: branch_false: following ‘false’ branch... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: ...to here openssh-10.0p1/openbsd-compat/port-linux-sshd.c:497:17: throw: if ‘sshlog’ throws an exception... openssh-10.0p1/openbsd-compat/port-linux-sshd.c:497:17: danger: ‘fopen(selinux_openssh_contexts_path(), "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/2) # 495| if (fstat(fileno(contexts_file), &sb) != 0 || # 496| sb.st_uid != 0 || (sb.st_mode & 022) != 0) { # 497|-> logit_f("SELinux context file needs to be owned by root" # 498| " and not writable by anyone else"); # 499| fclose(contexts_file); Error: GCC_ANALYZER_WARNING (CWE-401): [#def11] openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:287:1: warning[-Wanalyzer-malloc-leak]: leak of ‘response’ openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:243:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)... openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:247:9: branch_false: ...to here openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: acquire_memory: allocated here openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)... openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:254:9: branch_false: ...to here openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:287:1: danger: ‘response’ leaks here; was allocated at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2) # 285| } # 286| return ret; # 287|-> } # 288| # 289| static void Error: GCC_ANALYZER_WARNING (CWE-401): [#def12] openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:536:1: warning[-Wanalyzer-malloc-leak]: leak of ‘response’ openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:492:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)... openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:496:9: branch_false: ...to here openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: acquire_memory: allocated here openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)... openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:503:9: branch_false: ...to here openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:536:1: danger: ‘response’ leaks here; was allocated at [(3)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/2) # 534| } # 535| return ret; # 536|-> } # 537| # 538| int __attribute__((visibility("default"))) Error: GCC_ANALYZER_WARNING (CWE-775): [#def13] openssh-10.0p1/ssh-keysign.c:208:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’ openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:192:19: acquire_resource: opened here openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:198:9: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)... openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here openssh-10.0p1/ssh-keysign.c:208:23: throw: if ‘open’ throws an exception... openssh-10.0p1/ssh-keysign.c:208:23: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2) # 206| key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY); # 207| key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY); # 208|-> key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY); # 209| key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); # 210| Error: GCC_ANALYZER_WARNING (CWE-775): [#def14] openssh-10.0p1/ssh-keysign.c:208:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’ openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:198:9: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)... openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here openssh-10.0p1/ssh-keysign.c:206:23: acquire_resource: opened here openssh-10.0p1/ssh-keysign.c:208:23: throw: if ‘open’ throws an exception... openssh-10.0p1/ssh-keysign.c:208:23: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/8) # 206| key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY); # 207| key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY); # 208|-> key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY); # 209| key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); # 210| Error: GCC_ANALYZER_WARNING (CWE-775): [#def15] openssh-10.0p1/ssh-keysign.c:208:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’ openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:198:9: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)... openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here openssh-10.0p1/ssh-keysign.c:207:23: acquire_resource: opened here openssh-10.0p1/ssh-keysign.c:208:23: throw: if ‘open’ throws an exception... openssh-10.0p1/ssh-keysign.c:208:23: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/8) # 206| key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY); # 207| key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY); # 208|-> key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY); # 209| key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); # 210| Error: GCC_ANALYZER_WARNING (CWE-775): [#def16] openssh-10.0p1/ssh-keysign.c:209:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’ openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:198:9: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)... openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here openssh-10.0p1/ssh-keysign.c:208:23: acquire_resource: opened here openssh-10.0p1/ssh-keysign.c:209:23: throw: if ‘open’ throws an exception... openssh-10.0p1/ssh-keysign.c:209:23: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/8) # 207| key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY); # 208| key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY); # 209|-> key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); # 210| # 211| if ((pw = getpwuid(getuid())) == NULL) Error: GCC_ANALYZER_WARNING (CWE-775): [#def17] openssh-10.0p1/ssh-keysign.c:211:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’ openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:198:9: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)... openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here openssh-10.0p1/ssh-keysign.c:211:19: throw: if ‘getpwuid’ throws an exception... openssh-10.0p1/ssh-keysign.c:211:19: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/8) # 209| key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); # 210| # 211|-> if ((pw = getpwuid(getuid())) == NULL) # 212| fatal("getpwuid failed"); # 213| pw = pwcopy(pw); Error: GCC_ANALYZER_WARNING (CWE-775): [#def18] openssh-10.0p1/ssh-keysign.c:212:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’ openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:198:9: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)... openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here openssh-10.0p1/ssh-keysign.c:211:12: branch_true: following ‘true’ branch... openssh-10.0p1/ssh-keysign.c:212:17: branch_true: ...to here openssh-10.0p1/ssh-keysign.c:212:17: throw: if ‘sshfatal’ throws an exception... openssh-10.0p1/ssh-keysign.c:212:17: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/8) # 210| # 211| if ((pw = getpwuid(getuid())) == NULL) # 212|-> fatal("getpwuid failed"); # 213| pw = pwcopy(pw); # 214| Error: GCC_ANALYZER_WARNING (CWE-775): [#def19] openssh-10.0p1/ssh-keysign.c:213:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’ openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:198:9: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)... openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:213:14: throw: if ‘pwcopy’ throws an exception... openssh-10.0p1/ssh-keysign.c:213:14: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/8) # 211| if ((pw = getpwuid(getuid())) == NULL) # 212| fatal("getpwuid failed"); # 213|-> pw = pwcopy(pw); # 214| # 215| permanently_set_uid(pw); Error: GCC_ANALYZER_WARNING (CWE-775): [#def20] openssh-10.0p1/ssh-keysign.c:215:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’ openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:198:9: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)... openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:215:9: throw: if ‘permanently_set_uid’ throws an exception... openssh-10.0p1/ssh-keysign.c:215:9: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/8) # 213| pw = pwcopy(pw); # 214| # 215|-> permanently_set_uid(pw); # 216| # 217| seed_rng(); Error: GCC_ANALYZER_WARNING (CWE-775): [#def21] openssh-10.0p1/ssh-keysign.c:217:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’ openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:198:9: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)... openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:217:9: throw: if ‘seed_rng’ throws an exception... openssh-10.0p1/ssh-keysign.c:217:9: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/35/codeFlows/0/threadFlows/0/locations/8) # 215| permanently_set_uid(pw); # 216| # 217|-> seed_rng(); # 218| # 219| #ifdef DEBUG_SSH_KEYSIGN Error: GCC_ANALYZER_WARNING (CWE-775): [#def22] openssh-10.0p1/ssh-keysign.c:224:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’ openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:198:9: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)... openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:224:9: throw: if ‘initialize_options’ throws an exception... openssh-10.0p1/ssh-keysign.c:224:9: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/40/codeFlows/0/threadFlows/0/locations/8) # 222| # 223| /* verify that ssh-keysign is enabled by the admin */ # 224|-> initialize_options(&options); # 225| (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "", # 226| &options, 0, NULL); Error: GCC_ANALYZER_WARNING (CWE-775): [#def23] openssh-10.0p1/ssh-keysign.c:225:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’ openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:198:9: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)... openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:225:15: throw: if ‘read_config_file’ throws an exception... openssh-10.0p1/ssh-keysign.c:225:15: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/45/codeFlows/0/threadFlows/0/locations/8) # 223| /* verify that ssh-keysign is enabled by the admin */ # 224| initialize_options(&options); # 225|-> (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "", # 226| &options, 0, NULL); # 227| (void)fill_default_options(&options); Error: GCC_ANALYZER_WARNING (CWE-775): [#def24] openssh-10.0p1/ssh-keysign.c:227:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’ openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:198:9: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)... openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:227:15: throw: if ‘fill_default_options’ throws an exception... openssh-10.0p1/ssh-keysign.c:227:15: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/50/codeFlows/0/threadFlows/0/locations/8) # 225| (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "", # 226| &options, 0, NULL); # 227|-> (void)fill_default_options(&options); # 228| if (options.enable_ssh_keysign != 1) # 229| fatal("ssh-keysign not enabled in %s", Error: GCC_ANALYZER_WARNING (CWE-775): [#def25] openssh-10.0p1/ssh-keysign.c:229:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’ openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:198:9: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)... openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:228:12: branch_true: following ‘true’ branch... openssh-10.0p1/ssh-keysign.c:229:17: branch_true: ...to here openssh-10.0p1/ssh-keysign.c:229:17: throw: if ‘sshfatal’ throws an exception... openssh-10.0p1/ssh-keysign.c:229:17: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/54/codeFlows/0/threadFlows/0/locations/8) # 227| (void)fill_default_options(&options); # 228| if (options.enable_ssh_keysign != 1) # 229|-> fatal("ssh-keysign not enabled in %s", # 230| _PATH_HOST_CONFIG_FILE); # 231| Error: GCC_ANALYZER_WARNING (CWE-775): [#def26] openssh-10.0p1/ssh-keysign.c:232:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’ openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:198:9: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)... openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:228:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:232:13: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:232:13: throw: if ‘pledge’ throws an exception... openssh-10.0p1/ssh-keysign.c:232:13: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/60/codeFlows/0/threadFlows/0/locations/8) # 230| _PATH_HOST_CONFIG_FILE); # 231| # 232|-> if (pledge("stdio dns", NULL) != 0) # 233| fatal("%s: pledge: %s", __progname, strerror(errno)); # 234| Error: GCC_ANALYZER_WARNING (CWE-775): [#def27] openssh-10.0p1/ssh-keysign.c:233:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’ openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:198:9: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)... openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:228:12: branch_false: following ‘false’ branch... openssh-10.0p1/ssh-keysign.c:232:13: branch_false: ...to here openssh-10.0p1/ssh-keysign.c:232:12: branch_true: following ‘true’ branch... openssh-10.0p1/ssh-keysign.c:233:17: branch_true: ...to here openssh-10.0p1/ssh-keysign.c:233:17: throw: if ‘sshfatal’ throws an exception... openssh-10.0p1/ssh-keysign.c:233:17: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/65/codeFlows/0/threadFlows/0/locations/8) # 231| # 232| if (pledge("stdio dns", NULL) != 0) # 233|-> fatal("%s: pledge: %s", __progname, strerror(errno)); # 234| # 235| for (i = found = 0; i < NUM_KEYTYPES; i++) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def28] openssh-10.0p1/utf8.c:195:38: warning[-Wanalyzer-malloc-leak]: leak of ‘dp’ openssh-10.0p1/utf8.c:305:1: enter_function: entry to ‘mprintf’ openssh-10.0p1/utf8.c:311:15: call_function: calling ‘vfmprintf’ from ‘mprintf’ # 193| break; # 194| } # 195|-> tp = vis(dp, *sp, VIS_OCTAL | VIS_ALL, 0); # 196| width = tp - dp; # 197| total_width += width;
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.92.0 |
| diffbase-analyzer-version-cppcheck | 2.19.1 |
| diffbase-analyzer-version-gcc | 16.0.0 |
| diffbase-analyzer-version-gcc-analyzer | 16.0.0 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-164.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | openssh-10.2p1-1.fc44 |
| diffbase-store-results-to | /tmp/tmpqz4u6kup/openssh-10.2p1-1.fc44.tar.xz |
| diffbase-time-created | 2026-01-08 19:59:21 |
| diffbase-time-finished | 2026-01-08 20:02:31 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpqz4u6kup/openssh-10.2p1-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpqz4u6kup/openssh-10.2p1-1.fc44.src.rpm' |
| diffbase-tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-164.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | openssh-10.0p1-5.fc43 |
| store-results-to | /tmp/tmp4g90x3u7/openssh-10.0p1-5.fc43.tar.xz |
| time-created | 2026-01-08 19:55:16 |
| time-finished | 2026-01-08 19:58:54 |
| title | Fixed findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmp4g90x3u7/openssh-10.0p1-5.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp4g90x3u7/openssh-10.0p1-5.fc43.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |