openssh-10.2p1-1.fc44

List of Findings

Error: SHELLCHECK_WARNING (CWE-758): [#def1]
/etc/profile.d/gnome-ssh-askpass.sh:1:1: error[SC2148]: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
#    1|-> SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
#    2|   export SSH_ASKPASS

Error: GCC_ANALYZER_WARNING: [#def2]
openssh-10.2p1/addr.c:239:9: warning[-Wanalyzer-overlapping-buffers]: overlapping buffers passed as arguments to ‘memcpy’
openssh-10.2p1/addr.c:361:1: enter_function: entry to ‘addr_host_to_all1s’
openssh-10.2p1/addr.c:365:13: call_function: calling ‘addr_hostmask’ from ‘addr_host_to_all1s’
openssh-10.2p1/addr.c:365:13: return_function: returning to ‘addr_host_to_all1s’ from ‘addr_hostmask’
openssh-10.2p1/addr.c:365:12: branch_false: following ‘false’ branch...
openssh-10.2p1/addr.c:367:13: branch_false: ...to here
openssh-10.2p1/addr.c:367:13: call_function: calling ‘addr_or’ from ‘addr_host_to_all1s’
#  237|   		return (-1);
#  238|   
#  239|-> 	memcpy(dst, a, sizeof(*dst));
#  240|   	switch (a->af) {
#  241|   	case AF_INET:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def3]
openssh-10.2p1/addrmatch.c:71:21: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.2p1/addrmatch.c:60:25: acquire_memory: allocated here
openssh-10.2p1/addrmatch.c:60:12: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:60:12: branch_false: ...to here
openssh-10.2p1/addrmatch.c:62:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.2p1/addrmatch.c:63:23: branch_true: ...to here
openssh-10.2p1/addrmatch.c:64:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:66:21: branch_false: ...to here
openssh-10.2p1/addrmatch.c:66:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:71:21: branch_false: ...to here
openssh-10.2p1/addrmatch.c:71:21: throw: if ‘addr_pton_cidr’ throws an exception...
openssh-10.2p1/addrmatch.c:71:21: danger: ‘list’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   69|   		}
#   70|   		/* Prefer CIDR address matching */
#   71|-> 		r = addr_pton_cidr(cp, &match_addr, &masklen);
#   72|   		if (r == -2) {
#   73|   			debug2_f("inconsistent mask length for "

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
openssh-10.2p1/addrmatch.c:73:25: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.2p1/addrmatch.c:60:25: acquire_memory: allocated here
openssh-10.2p1/addrmatch.c:60:12: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:60:12: branch_false: ...to here
openssh-10.2p1/addrmatch.c:62:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.2p1/addrmatch.c:63:23: branch_true: ...to here
openssh-10.2p1/addrmatch.c:66:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:71:21: branch_false: ...to here
openssh-10.2p1/addrmatch.c:73:25: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/addrmatch.c:73:25: danger: ‘list’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   71|   		r = addr_pton_cidr(cp, &match_addr, &masklen);
#   72|   		if (r == -2) {
#   73|-> 			debug2_f("inconsistent mask length for "
#   74|   			    "match network \"%.100s\"", cp);
#   75|   			ret = -2;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
openssh-10.2p1/addrmatch.c:78:45: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.2p1/addrmatch.c:56:13: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:60:25: branch_false: ...to here
openssh-10.2p1/addrmatch.c:60:25: acquire_memory: allocated here
openssh-10.2p1/addrmatch.c:60:12: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:60:12: branch_false: ...to here
openssh-10.2p1/addrmatch.c:62:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.2p1/addrmatch.c:63:23: branch_true: ...to here
openssh-10.2p1/addrmatch.c:64:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:66:21: branch_false: ...to here
openssh-10.2p1/addrmatch.c:66:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:71:21: branch_false: ...to here
openssh-10.2p1/addrmatch.c:72:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:77:27: branch_false: ...to here
openssh-10.2p1/addrmatch.c:77:27: branch_true: following ‘true’ branch...
openssh-10.2p1/addrmatch.c:78:28: branch_true: ...to here
openssh-10.2p1/addrmatch.c:78:28: branch_true: following ‘true’ branch (when ‘addr’ is non-NULL)...
openssh-10.2p1/addrmatch.c:78:45: branch_true: ...to here
openssh-10.2p1/addrmatch.c:78:45: throw: if ‘addr_netmatch’ throws an exception...
openssh-10.2p1/addrmatch.c:78:45: danger: ‘list’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#   76|   			break;
#   77|   		} else if (r == 0) {
#   78|-> 			if (addr != NULL && addr_netmatch(&try_addr,
#   79|   			    &match_addr, masklen) == 0) {
#   80|    foundit:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
openssh-10.2p1/addrmatch.c:90:45: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.2p1/addrmatch.c:56:13: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:60:25: branch_false: ...to here
openssh-10.2p1/addrmatch.c:60:25: acquire_memory: allocated here
openssh-10.2p1/addrmatch.c:60:12: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:60:12: branch_false: ...to here
openssh-10.2p1/addrmatch.c:62:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.2p1/addrmatch.c:63:23: branch_true: ...to here
openssh-10.2p1/addrmatch.c:66:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:71:21: branch_false: ...to here
openssh-10.2p1/addrmatch.c:72:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:77:27: branch_false: ...to here
openssh-10.2p1/addrmatch.c:90:45: throw: if ‘match_pattern’ throws an exception...
openssh-10.2p1/addrmatch.c:90:45: danger: ‘list’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#   88|   		} else {
#   89|   			/* If CIDR parse failed, try wildcard string match */
#   90|-> 			if (addr != NULL && match_pattern(addr, cp) == 1)
#   91|   				goto foundit;
#   92|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def7]
openssh-10.2p1/addrmatch.c:124:25: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.2p1/addrmatch.c:120:25: acquire_memory: allocated here
openssh-10.2p1/addrmatch.c:120:12: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:120:12: branch_false: ...to here
openssh-10.2p1/addrmatch.c:122:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.2p1/addrmatch.c:123:21: branch_true: ...to here
openssh-10.2p1/addrmatch.c:124:25: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/addrmatch.c:124:25: danger: ‘list’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  122|   	while ((cp = strsep(&list, ",")) != NULL) {
#  123|   		if (*cp == '\0') {
#  124|-> 			error_f("empty entry in list \"%.100s\"", o);
#  125|   			ret = -1;
#  126|   			break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
openssh-10.2p1/addrmatch.c:137:25: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.2p1/addrmatch.c:120:25: acquire_memory: allocated here
openssh-10.2p1/addrmatch.c:120:12: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:120:12: branch_false: ...to here
openssh-10.2p1/addrmatch.c:122:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.2p1/addrmatch.c:123:21: branch_true: ...to here
openssh-10.2p1/addrmatch.c:123:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:136:21: branch_false: ...to here
openssh-10.2p1/addrmatch.c:137:25: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/addrmatch.c:137:25: danger: ‘list’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  135|   		/* Stop junk from reaching getaddrinfo. +3 is for masklen */
#  136|   		if (strlen(cp) > INET6_ADDRSTRLEN + 3) {
#  137|-> 			error_f("list entry \"%.100s\" too long", cp);
#  138|   			ret = -1;
#  139|   			break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
openssh-10.2p1/addrmatch.c:143:25: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.2p1/addrmatch.c:120:25: acquire_memory: allocated here
openssh-10.2p1/addrmatch.c:120:12: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:120:12: branch_false: ...to here
openssh-10.2p1/addrmatch.c:122:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.2p1/addrmatch.c:123:21: branch_true: ...to here
openssh-10.2p1/addrmatch.c:123:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:136:21: branch_false: ...to here
openssh-10.2p1/addrmatch.c:136:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:142:21: branch_false: ...to here
openssh-10.2p1/addrmatch.c:142:20: branch_true: following ‘true’ branch...
openssh-10.2p1/addrmatch.c:143:25: branch_true: ...to here
openssh-10.2p1/addrmatch.c:143:25: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/addrmatch.c:143:25: danger: ‘list’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  141|   #define VALID_CIDR_CHARS "0123456789abcdefABCDEF.:/"
#  142|   		if (strspn(cp, VALID_CIDR_CHARS) != strlen(cp)) {
#  143|-> 			error_f("list entry \"%.100s\" contains invalid "
#  144|   			    "characters", cp);
#  145|   			ret = -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def10]
openssh-10.2p1/addrmatch.c:149:21: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.2p1/addrmatch.c:120:25: acquire_memory: allocated here
openssh-10.2p1/addrmatch.c:120:12: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:120:12: branch_false: ...to here
openssh-10.2p1/addrmatch.c:122:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.2p1/addrmatch.c:123:21: branch_true: ...to here
openssh-10.2p1/addrmatch.c:123:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:136:21: branch_false: ...to here
openssh-10.2p1/addrmatch.c:136:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:142:21: branch_false: ...to here
openssh-10.2p1/addrmatch.c:142:20: branch_true: following ‘true’ branch...
openssh-10.2p1/addrmatch.c:143:25: branch_true: ...to here
openssh-10.2p1/addrmatch.c:149:21: throw: if ‘addr_pton_cidr’ throws an exception...
openssh-10.2p1/addrmatch.c:149:21: danger: ‘list’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  147|   
#  148|   		/* Prefer CIDR address matching */
#  149|-> 		r = addr_pton_cidr(cp, &match_addr, &masklen);
#  150|   		if (r == -1) {
#  151|   			error("Invalid network entry \"%.100s\"", cp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def11]
openssh-10.2p1/addrmatch.c:151:25: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.2p1/addrmatch.c:120:25: acquire_memory: allocated here
openssh-10.2p1/addrmatch.c:120:12: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:120:12: branch_false: ...to here
openssh-10.2p1/addrmatch.c:122:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.2p1/addrmatch.c:123:21: branch_true: ...to here
openssh-10.2p1/addrmatch.c:123:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:136:21: branch_false: ...to here
openssh-10.2p1/addrmatch.c:136:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:142:21: branch_false: ...to here
openssh-10.2p1/addrmatch.c:151:25: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/addrmatch.c:151:25: danger: ‘list’ leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  149|   		r = addr_pton_cidr(cp, &match_addr, &masklen);
#  150|   		if (r == -1) {
#  151|-> 			error("Invalid network entry \"%.100s\"", cp);
#  152|   			ret = -1;
#  153|   			break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def12]
openssh-10.2p1/addrmatch.c:155:25: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.2p1/addrmatch.c:120:25: acquire_memory: allocated here
openssh-10.2p1/addrmatch.c:120:12: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:120:12: branch_false: ...to here
openssh-10.2p1/addrmatch.c:122:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.2p1/addrmatch.c:123:21: branch_true: ...to here
openssh-10.2p1/addrmatch.c:123:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:136:21: branch_false: ...to here
openssh-10.2p1/addrmatch.c:136:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:142:21: branch_false: ...to here
openssh-10.2p1/addrmatch.c:150:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:154:27: branch_false: ...to here
openssh-10.2p1/addrmatch.c:155:25: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/addrmatch.c:155:25: danger: ‘list’ leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  153|   			break;
#  154|   		} else if (r == -2) {
#  155|-> 			error("Inconsistent mask length for "
#  156|   			    "network \"%.100s\"", cp);
#  157|   			ret = -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def13]
openssh-10.2p1/addrmatch.c:160:29: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.2p1/addrmatch.c:116:13: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:120:25: branch_false: ...to here
openssh-10.2p1/addrmatch.c:120:25: acquire_memory: allocated here
openssh-10.2p1/addrmatch.c:120:12: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:120:12: branch_false: ...to here
openssh-10.2p1/addrmatch.c:122:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.2p1/addrmatch.c:123:21: branch_true: ...to here
openssh-10.2p1/addrmatch.c:123:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:136:21: branch_false: ...to here
openssh-10.2p1/addrmatch.c:136:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:142:21: branch_false: ...to here
openssh-10.2p1/addrmatch.c:150:20: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:154:27: branch_false: ...to here
openssh-10.2p1/addrmatch.c:154:27: branch_false: following ‘false’ branch...
openssh-10.2p1/addrmatch.c:159:28: branch_false: ...to here
openssh-10.2p1/addrmatch.c:160:29: throw: if ‘addr_netmatch’ throws an exception...
openssh-10.2p1/addrmatch.c:160:29: danger: ‘list’ leaks here; was allocated at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2)
#  158|   			break;
#  159|   		} else if (r == 0 && addr != NULL) {
#  160|-> 			if (addr_netmatch(&try_addr, &match_addr,
#  161|   			    masklen) == 0)
#  162|   				ret = 1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def14]
openssh-10.2p1/audit-linux.c:176:77: warning[-Wanalyzer-malloc-leak]: leak of ‘audit_encode_nv_string("key_id", *cert.key_id, 0)’
openssh-10.2p1/audit-linux.c:150:12: branch_false: following ‘false’ branch...
openssh-10.2p1/audit-linux.c:157:15: branch_false: ...to here
openssh-10.2p1/audit-linux.c:169:12: branch_true: following ‘true’ branch (when ‘cert’ is non-NULL)...
openssh-10.2p1/audit-linux.c:172:57: branch_true: ...to here
openssh-10.2p1/audit-linux.c:172:24: acquire_memory: allocated here
openssh-10.2p1/audit-linux.c:173:20: branch_false: following ‘false’ branch...
openssh-10.2p1/audit-linux.c:176:77: branch_false: ...to here
openssh-10.2p1/audit-linux.c:175:17: throw: if ‘sshkey_type’ throws an exception...
openssh-10.2p1/audit-linux.c:176:77: danger: ‘audit_encode_nv_string("key_id", *cert.key_id, 0)’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  174|   			goto out;
#  175|   		snprintf(buf, sizeof(buf), "cert %s cert_serial=%llu cert_issuer_alg=\"%s\" cert_issuer_fp=\"%s\"",
#  176|-> 			pbuf, (unsigned long long)cert->serial, sshkey_type(cert->signature_key), issuer_fp);
#  177|   		free(pbuf);
#  178|   		rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL,

Error: GCC_ANALYZER_WARNING (CWE-476): [#def15]
openssh-10.2p1/auth-krb5.c:268:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openssh-10.2p1/auth-krb5.c:246:12: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-krb5.c:247:30: branch_true: ...to here
openssh-10.2p1/auth-krb5.c:256:20: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-krb5.c:259:23: branch_false: ...to here
openssh-10.2p1/auth-krb5.c:264:27: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-krb5.c:266:25: branch_true: ...to here
openssh-10.2p1/auth-krb5.c:268:25: danger: dereference of NULL ‘strchr(&krb5_ccname, 58)’
#  266|   			strncpy(krb5_ccname, authctxt->krb5_ccname, sizeof(krb5_ccname) - 10);
#  267|   			krb5_ccname_dir_start = strchr(krb5_ccname, ':') + 1;
#  268|-> 			*krb5_ccname_dir_start++ = '\0';
#  269|   			if (strcmp(krb5_ccname, "DIR") == 0) {
#  270|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def16]
openssh-10.2p1/auth-krb5.c:361:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openssh-10.2p1/auth-krb5.c:335:12: branch_false: following ‘false’ branch (when ‘template’ is non-NULL)...
openssh-10.2p1/auth-krb5.c:338:36: branch_false: ...to here
openssh-10.2p1/auth-krb5.c:341:16: branch_true: following ‘true’ branch (when ‘p_n’ is non-NULL)...
openssh-10.2p1/auth-krb5.c:343:18: branch_true: ...to here
openssh-10.2p1/auth-krb5.c:344:20: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-krb5.c:347:21: branch_false: ...to here
openssh-10.2p1/auth-krb5.c:361:25: danger: dereference of NULL ‘strchr(p_n, 125)’
#  359|   		} else {
#  360|   			p_o = strchr(p_n, '}') + 1;
#  361|-> 			*p_o = '\0';
#  362|   			debug_f("unsupported token %s in %s", p_n, template);
#  363|   			/* unknown token, fallback to the default */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def17]
openssh-10.2p1/auth-options.c:229:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.2p1/auth-options.c:849:1: enter_function: entry to ‘sshauthopt_deserialise’
openssh-10.2p1/auth-options.c:856:21: acquire_memory: allocated here
openssh-10.2p1/auth-options.c:856:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:866:9: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-options.c:866:9: branch_true: ...to here
openssh-10.2p1/auth-options.c:909:9: call_function: calling ‘sshauthopt_free’ from ‘sshauthopt_deserialise’
#  227|   	free(opts->permitlisten);
#  228|   
#  229|-> 	freezero(opts, sizeof(*opts));
#  230|   }
#  231|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def18]
openssh-10.2p1/auth-options.c:668:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sshauthopt_new()’
openssh-10.2p1/auth-options.c:660:1: enter_function: entry to ‘sshauthopt_copy’
openssh-10.2p1/auth-options.c:664:20: call_function: calling ‘sshauthopt_new’ from ‘sshauthopt_copy’
openssh-10.2p1/auth-options.c:664:20: return_function: returning to ‘sshauthopt_copy’ from ‘sshauthopt_new’
openssh-10.2p1/auth-options.c:664:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:668:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:687:9: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-options.c:687:9: call_function: calling ‘sshauthopt_free’ from ‘sshauthopt_copy’
#  666|   
#  667|   #define OPTSCALAR(x) ret->x = orig->x
#  668|-> 	OPTSCALAR(permit_port_forwarding_flag);
#  669|   	OPTSCALAR(permit_agent_forwarding_flag);
#  670|   	OPTSCALAR(permit_x11_forwarding_flag);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def19]
openssh-10.2p1/auth-options.c:753:26: warning[-Wanalyzer-malloc-leak]: leak of ‘a’
openssh-10.2p1/auth-options.c:740:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:741:18: branch_false: ...to here
openssh-10.2p1/auth-options.c:740:13: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:743:13: branch_false: ...to here
openssh-10.2p1/auth-options.c:743:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:747:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:748:12: branch_true: following ‘true’ branch (when ‘n != 0’)...
openssh-10.2p1/auth-options.c:748:27: branch_true: ...to here
openssh-10.2p1/auth-options.c:748:27: acquire_memory: allocated here
openssh-10.2p1/auth-options.c:748:13: branch_false: following ‘false’ branch (when ‘a’ is non-NULL)...
openssh-10.2p1/auth-options.c:752:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:752:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.2p1/auth-options.c:753:50: branch_true: ...to here
openssh-10.2p1/auth-options.c:753:26: throw: if ‘sshbuf_get_cstring’ throws an exception...
openssh-10.2p1/auth-options.c:753:26: danger: ‘a’ leaks here; was allocated at [(9)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/8)
#  751|   	}
#  752|   	for (i = 0; i < n; i++) {
#  753|-> 		if ((r = sshbuf_get_cstring(b, &a[i], NULL)) != 0)
#  754|   			goto out;
#  755|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def20]
openssh-10.2p1/auth-options.c:866:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.2p1/auth-options.c:856:21: acquire_memory: allocated here
openssh-10.2p1/auth-options.c:856:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:866:9: throw: if ‘sshbuf_get_u8’ throws an exception...
openssh-10.2p1/auth-options.c:866:9: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  864|   		opts->x = f; \
#  865|   	} while (0)
#  866|-> 	OPT_FLAG(permit_port_forwarding_flag);
#  867|   	OPT_FLAG(permit_agent_forwarding_flag);
#  868|   	OPT_FLAG(permit_x11_forwarding_flag);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def21]
openssh-10.2p1/auth-options.c:867:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.2p1/auth-options.c:856:21: acquire_memory: allocated here
openssh-10.2p1/auth-options.c:856:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:866:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:867:9: throw: if ‘sshbuf_get_u8’ throws an exception...
openssh-10.2p1/auth-options.c:867:9: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  865|   	} while (0)
#  866|   	OPT_FLAG(permit_port_forwarding_flag);
#  867|-> 	OPT_FLAG(permit_agent_forwarding_flag);
#  868|   	OPT_FLAG(permit_x11_forwarding_flag);
#  869|   	OPT_FLAG(permit_pty_flag);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def22]
openssh-10.2p1/auth-options.c:868:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.2p1/auth-options.c:856:21: acquire_memory: allocated here
openssh-10.2p1/auth-options.c:856:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:866:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:867:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:868:9: throw: if ‘sshbuf_get_u8’ throws an exception...
openssh-10.2p1/auth-options.c:868:9: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  866|   	OPT_FLAG(permit_port_forwarding_flag);
#  867|   	OPT_FLAG(permit_agent_forwarding_flag);
#  868|-> 	OPT_FLAG(permit_x11_forwarding_flag);
#  869|   	OPT_FLAG(permit_pty_flag);
#  870|   	OPT_FLAG(permit_user_rc);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def23]
openssh-10.2p1/auth-options.c:869:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.2p1/auth-options.c:856:21: acquire_memory: allocated here
openssh-10.2p1/auth-options.c:856:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:866:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:867:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:868:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:868:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:869:9: throw: if ‘sshbuf_get_u8’ throws an exception...
openssh-10.2p1/auth-options.c:869:9: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  867|   	OPT_FLAG(permit_agent_forwarding_flag);
#  868|   	OPT_FLAG(permit_x11_forwarding_flag);
#  869|-> 	OPT_FLAG(permit_pty_flag);
#  870|   	OPT_FLAG(permit_user_rc);
#  871|   	OPT_FLAG(restricted);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def24]
openssh-10.2p1/auth-options.c:870:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.2p1/auth-options.c:856:21: acquire_memory: allocated here
openssh-10.2p1/auth-options.c:856:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:866:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:867:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:868:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:868:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:869:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:869:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:870:9: throw: if ‘sshbuf_get_u8’ throws an exception...
openssh-10.2p1/auth-options.c:870:9: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  868|   	OPT_FLAG(permit_x11_forwarding_flag);
#  869|   	OPT_FLAG(permit_pty_flag);
#  870|-> 	OPT_FLAG(permit_user_rc);
#  871|   	OPT_FLAG(restricted);
#  872|   	OPT_FLAG(cert_authority);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def25]
openssh-10.2p1/auth-options.c:871:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.2p1/auth-options.c:856:21: acquire_memory: allocated here
openssh-10.2p1/auth-options.c:856:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:866:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:867:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:868:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:868:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:869:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:869:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:870:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:870:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:871:9: throw: if ‘sshbuf_get_u8’ throws an exception...
openssh-10.2p1/auth-options.c:871:9: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  869|   	OPT_FLAG(permit_pty_flag);
#  870|   	OPT_FLAG(permit_user_rc);
#  871|-> 	OPT_FLAG(restricted);
#  872|   	OPT_FLAG(cert_authority);
#  873|   	OPT_FLAG(no_require_user_presence);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def26]
openssh-10.2p1/auth-options.c:872:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.2p1/auth-options.c:856:21: acquire_memory: allocated here
openssh-10.2p1/auth-options.c:856:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:866:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:867:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:868:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:868:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:869:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:869:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:870:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:870:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:871:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:871:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:872:9: throw: if ‘sshbuf_get_u8’ throws an exception...
openssh-10.2p1/auth-options.c:872:9: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  870|   	OPT_FLAG(permit_user_rc);
#  871|   	OPT_FLAG(restricted);
#  872|-> 	OPT_FLAG(cert_authority);
#  873|   	OPT_FLAG(no_require_user_presence);
#  874|   	OPT_FLAG(require_verify);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def27]
openssh-10.2p1/auth-options.c:873:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.2p1/auth-options.c:856:21: acquire_memory: allocated here
openssh-10.2p1/auth-options.c:856:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:866:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:867:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:868:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:868:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:869:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:869:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:870:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:870:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:871:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:871:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:872:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:872:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:873:9: throw: if ‘sshbuf_get_u8’ throws an exception...
openssh-10.2p1/auth-options.c:873:9: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#  871|   	OPT_FLAG(restricted);
#  872|   	OPT_FLAG(cert_authority);
#  873|-> 	OPT_FLAG(no_require_user_presence);
#  874|   	OPT_FLAG(require_verify);
#  875|   #undef OPT_FLAG

Error: GCC_ANALYZER_WARNING (CWE-401): [#def28]
openssh-10.2p1/auth-options.c:874:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.2p1/auth-options.c:856:21: acquire_memory: allocated here
openssh-10.2p1/auth-options.c:856:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:866:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:867:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:868:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:868:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:869:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:869:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:870:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:870:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:871:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:871:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:872:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:872:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:873:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:873:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:874:9: throw: if ‘sshbuf_get_u8’ throws an exception...
openssh-10.2p1/auth-options.c:874:9: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/0)
#  872|   	OPT_FLAG(cert_authority);
#  873|   	OPT_FLAG(no_require_user_presence);
#  874|-> 	OPT_FLAG(require_verify);
#  875|   #undef OPT_FLAG
#  876|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def29]
openssh-10.2p1/auth-options.c:878:18: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.2p1/auth-options.c:856:21: acquire_memory: allocated here
openssh-10.2p1/auth-options.c:856:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:866:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:866:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:867:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:868:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:868:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:869:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:869:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:870:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:870:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:871:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:871:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:872:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:872:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:873:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:873:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:874:9: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-options.c:874:9: branch_false: ...to here
openssh-10.2p1/auth-options.c:878:18: throw: if ‘sshbuf_get_u64’ throws an exception...
openssh-10.2p1/auth-options.c:878:18: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/0)
#  876|   
#  877|   	/* Simple integer options */
#  878|-> 	if ((r = sshbuf_get_u64(m, &opts->valid_before)) != 0)
#  879|   		goto out;
#  880|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def30]
openssh-10.2p1/auth-pam.c:413:23: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.2p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.2p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.2p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.2p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.2p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.2p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.2p1/auth-pam.c:413:23: throw: if ‘sshbuf_new’ throws an exception...
openssh-10.2p1/auth-pam.c:413:23: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  411|   	if ((reply = calloc(n, sizeof(*reply))) == NULL)
#  412|   		return PAM_CONV_ERR;
#  413|-> 	if ((buffer = sshbuf_new()) == NULL) {
#  414|   		free(reply);
#  415|   		return PAM_CONV_ERR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def31]
openssh-10.2p1/auth-pam.c:422:34: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.2p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.2p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.2p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.2p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.2p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.2p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.2p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:413:12: branch_false: ...to here
openssh-10.2p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.2p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.2p1/auth-pam.c:422:34: throw: if ‘sshbuf_put_cstring’ throws an exception...
openssh-10.2p1/auth-pam.c:422:34: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  420|   		case PAM_PROMPT_ECHO_OFF:
#  421|   		case PAM_PROMPT_ECHO_ON:
#  422|-> 			if ((r = sshbuf_put_cstring(buffer,
#  423|   			    PAM_MSG_MEMBER(msg, i, msg))) != 0)
#  424|   				fatal("%s: buffer error: %s",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def32]
openssh-10.2p1/auth-pam.c:424:33: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.2p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.2p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.2p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.2p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.2p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.2p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.2p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:413:12: branch_false: ...to here
openssh-10.2p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.2p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.2p1/auth-pam.c:422:28: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-pam.c:424:33: branch_true: ...to here
openssh-10.2p1/auth-pam.c:424:33: throw: if ‘ssh_err’ throws an exception...
openssh-10.2p1/auth-pam.c:424:33: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#  422|   			if ((r = sshbuf_put_cstring(buffer,
#  423|   			    PAM_MSG_MEMBER(msg, i, msg))) != 0)
#  424|-> 				fatal("%s: buffer error: %s",
#  425|   				    __func__, ssh_err(r));
#  426|   			if (ssh_msg_send(ctxt->pam_csock,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def33]
openssh-10.2p1/auth-pam.c:426:29: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.2p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.2p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.2p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.2p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.2p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.2p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.2p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:413:12: branch_false: ...to here
openssh-10.2p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.2p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.2p1/auth-pam.c:422:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:427:29: branch_false: ...to here
openssh-10.2p1/auth-pam.c:426:29: throw: if ‘ssh_msg_send’ throws an exception...
openssh-10.2p1/auth-pam.c:426:29: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
#  424|   				fatal("%s: buffer error: %s",
#  425|   				    __func__, ssh_err(r));
#  426|-> 			if (ssh_msg_send(ctxt->pam_csock,
#  427|   			    PAM_MSG_MEMBER(msg, i, msg_style), buffer) == -1)
#  428|   				goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def34]
openssh-10.2p1/auth-pam.c:430:29: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.2p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.2p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.2p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.2p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.2p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.2p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.2p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:413:12: branch_false: ...to here
openssh-10.2p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.2p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.2p1/auth-pam.c:422:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:427:29: branch_false: ...to here
openssh-10.2p1/auth-pam.c:426:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:430:29: branch_false: ...to here
openssh-10.2p1/auth-pam.c:430:29: throw: if ‘ssh_msg_recv’ throws an exception...
openssh-10.2p1/auth-pam.c:430:29: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/4)
#  428|   				goto fail;
#  429|   
#  430|-> 			if (ssh_msg_recv(ctxt->pam_csock, buffer) == -1)
#  431|   				goto fail;
#  432|   			if ((r = sshbuf_get_u8(buffer, &status)) != 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def35]
openssh-10.2p1/auth-pam.c:432:34: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.2p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.2p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.2p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.2p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.2p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.2p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.2p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:413:12: branch_false: ...to here
openssh-10.2p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.2p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.2p1/auth-pam.c:422:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:427:29: branch_false: ...to here
openssh-10.2p1/auth-pam.c:426:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:430:29: branch_false: ...to here
openssh-10.2p1/auth-pam.c:430:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:432:34: branch_false: ...to here
openssh-10.2p1/auth-pam.c:432:34: throw: if ‘sshbuf_get_u8’ throws an exception...
openssh-10.2p1/auth-pam.c:432:34: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/4)
#  430|   			if (ssh_msg_recv(ctxt->pam_csock, buffer) == -1)
#  431|   				goto fail;
#  432|-> 			if ((r = sshbuf_get_u8(buffer, &status)) != 0)
#  433|   				fatal("%s: buffer error: %s",
#  434|   				    __func__, ssh_err(r));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def36]
openssh-10.2p1/auth-pam.c:433:33: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.2p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.2p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.2p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.2p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.2p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.2p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.2p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:413:12: branch_false: ...to here
openssh-10.2p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.2p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.2p1/auth-pam.c:422:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:427:29: branch_false: ...to here
openssh-10.2p1/auth-pam.c:426:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:430:29: branch_false: ...to here
openssh-10.2p1/auth-pam.c:430:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:432:34: branch_false: ...to here
openssh-10.2p1/auth-pam.c:432:28: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-pam.c:433:33: branch_true: ...to here
openssh-10.2p1/auth-pam.c:433:33: throw: if ‘ssh_err’ throws an exception...
openssh-10.2p1/auth-pam.c:433:33: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/4)
#  431|   				goto fail;
#  432|   			if ((r = sshbuf_get_u8(buffer, &status)) != 0)
#  433|-> 				fatal("%s: buffer error: %s",
#  434|   				    __func__, ssh_err(r));
#  435|   			if (status != PAM_AUTHTOK)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def37]
openssh-10.2p1/auth-pam.c:437:34: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.2p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.2p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.2p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.2p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.2p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.2p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.2p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:413:12: branch_false: ...to here
openssh-10.2p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.2p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.2p1/auth-pam.c:422:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:427:29: branch_false: ...to here
openssh-10.2p1/auth-pam.c:426:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:430:29: branch_false: ...to here
openssh-10.2p1/auth-pam.c:430:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:432:34: branch_false: ...to here
openssh-10.2p1/auth-pam.c:432:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:435:29: branch_false: ...to here
openssh-10.2p1/auth-pam.c:435:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:438:35: branch_false: ...to here
openssh-10.2p1/auth-pam.c:437:34: throw: if ‘sshbuf_get_cstring’ throws an exception...
openssh-10.2p1/auth-pam.c:437:34: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/4)
#  435|   			if (status != PAM_AUTHTOK)
#  436|   				goto fail;
#  437|-> 			if ((r = sshbuf_get_cstring(buffer,
#  438|   			    &reply[i].resp, NULL)) != 0)
#  439|   				fatal("%s: buffer error: %s",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def38]
openssh-10.2p1/auth-pam.c:444:34: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.2p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.2p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.2p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.2p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.2p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.2p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.2p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:413:12: branch_false: ...to here
openssh-10.2p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.2p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.2p1/auth-pam.c:444:34: throw: if ‘sshbuf_put_cstring’ throws an exception...
openssh-10.2p1/auth-pam.c:444:34: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/4)
#  442|   		case PAM_ERROR_MSG:
#  443|   		case PAM_TEXT_INFO:
#  444|-> 			if ((r = sshbuf_put_cstring(buffer,
#  445|   			    PAM_MSG_MEMBER(msg, i, msg))) != 0)
#  446|   				fatal("%s: buffer error: %s",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def39]
openssh-10.2p1/auth-pam.c:446:33: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.2p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.2p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.2p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.2p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.2p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.2p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.2p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:413:12: branch_false: ...to here
openssh-10.2p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.2p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.2p1/auth-pam.c:444:28: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-pam.c:446:33: branch_true: ...to here
openssh-10.2p1/auth-pam.c:446:33: throw: if ‘ssh_err’ throws an exception...
openssh-10.2p1/auth-pam.c:446:33: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/4)
#  444|   			if ((r = sshbuf_put_cstring(buffer,
#  445|   			    PAM_MSG_MEMBER(msg, i, msg))) != 0)
#  446|-> 				fatal("%s: buffer error: %s",
#  447|   				    __func__, ssh_err(r));
#  448|   			if (ssh_msg_send(ctxt->pam_csock,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def40]
openssh-10.2p1/auth-pam.c:448:29: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.2p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.2p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.2p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.2p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.2p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.2p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.2p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:413:12: branch_false: ...to here
openssh-10.2p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.2p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.2p1/auth-pam.c:444:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:449:29: branch_false: ...to here
openssh-10.2p1/auth-pam.c:448:29: throw: if ‘ssh_msg_send’ throws an exception...
openssh-10.2p1/auth-pam.c:448:29: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/4)
#  446|   				fatal("%s: buffer error: %s",
#  447|   				    __func__, ssh_err(r));
#  448|-> 			if (ssh_msg_send(ctxt->pam_csock,
#  449|   			    PAM_MSG_MEMBER(msg, i, msg_style), buffer) == -1)
#  450|   				goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def41]
openssh-10.2p1/auth-pam.c:455:17: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.2p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.2p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.2p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.2p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.2p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.2p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.2p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:413:12: branch_false: ...to here
openssh-10.2p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.2p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.2p1/auth-pam.c:444:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:449:29: branch_false: ...to here
openssh-10.2p1/auth-pam.c:448:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:455:17: branch_false: ...to here
openssh-10.2p1/auth-pam.c:455:17: throw: if ‘sshbuf_reset’ throws an exception...
openssh-10.2p1/auth-pam.c:455:17: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/4)
#  453|   			goto fail;
#  454|   		}
#  455|-> 		sshbuf_reset(buffer);
#  456|   	}
#  457|   	sshbuf_free(buffer);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def42]
openssh-10.2p1/auth-pam.c:457:9: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.2p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.2p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.2p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.2p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.2p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.2p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.2p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:413:12: branch_false: ...to here
openssh-10.2p1/auth-pam.c:457:9: throw: if ‘sshbuf_free’ throws an exception...
openssh-10.2p1/auth-pam.c:457:9: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/4)
#  455|   		sshbuf_reset(buffer);
#  456|   	}
#  457|-> 	sshbuf_free(buffer);
#  458|   	*resp = reply;
#  459|   	return (PAM_SUCCESS);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def43]
openssh-10.2p1/auth-pam.c:675:34: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.2p1/auth-pam.c:668:22: acquire_memory: allocated here
openssh-10.2p1/auth-pam.c:668:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.2p1/auth-pam.c:668:12: branch_false: ...to here
openssh-10.2p1/auth-pam.c:671:21: branch_true: following ‘true’ branch (when ‘n > i’)...
openssh-10.2p1/auth-pam.c:672:25: branch_true: ...to here
openssh-10.2p1/auth-pam.c:672:17: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-pam.c:673:17: branch_true: ...to here
openssh-10.2p1/auth-pam.c:675:34: throw: if ‘sshbuf_putf’ throws an exception...
openssh-10.2p1/auth-pam.c:675:34: danger: ‘reply’ leaks here; was allocated at [(1)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/0)
#  673|   		case PAM_ERROR_MSG:
#  674|   		case PAM_TEXT_INFO:
#  675|-> 			if ((r = sshbuf_putf(loginmsg, "%s\n",
#  676|   			    PAM_MSG_MEMBER(msg, i, msg))) != 0)
#  677|   				fatal("%s: buffer error: %s",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def44]
openssh-10.2p1/auth-pam.c:677:33: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.2p1/auth-pam.c:668:22: acquire_memory: allocated here
openssh-10.2p1/auth-pam.c:668:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.2p1/auth-pam.c:668:12: branch_false: ...to here
openssh-10.2p1/auth-pam.c:671:21: branch_true: following ‘true’ branch (when ‘n > i’)...
openssh-10.2p1/auth-pam.c:672:25: branch_true: ...to here
openssh-10.2p1/auth-pam.c:672:17: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-pam.c:673:17: branch_true: ...to here
openssh-10.2p1/auth-pam.c:675:28: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-pam.c:677:33: branch_true: ...to here
openssh-10.2p1/auth-pam.c:677:33: throw: if ‘ssh_err’ throws an exception...
openssh-10.2p1/auth-pam.c:677:33: danger: ‘reply’ leaks here; was allocated at [(1)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/0)
#  675|   			if ((r = sshbuf_putf(loginmsg, "%s\n",
#  676|   			    PAM_MSG_MEMBER(msg, i, msg))) != 0)
#  677|-> 				fatal("%s: buffer error: %s",
#  678|   				    __func__, ssh_err(r));
#  679|   			reply[i].resp_retcode = PAM_SUCCESS;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def45]
openssh-10.2p1/auth-pam.c:1002:15: warning[-Wanalyzer-malloc-leak]: leak of ‘fake_password(*resp)’
openssh-10.2p1/auth-pam.c:1013:1: enter_function: entry to ‘sshpam_respond’
openssh-10.2p1/auth-pam.c:1030:12: branch_false: following ‘false’ branch (when ‘num == 1’)...
openssh-10.2p1/auth-pam.c:1034:23: branch_false: ...to here
openssh-10.2p1/auth-pam.c:1034:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:1036:28: branch_false: ...to here
openssh-10.2p1/auth-pam.c:1042:24: call_function: calling ‘fake_password’ from ‘sshpam_respond’
openssh-10.2p1/auth-pam.c:1042:24: return_function: returning to ‘sshpam_respond’ from ‘fake_password’
openssh-10.2p1/auth-pam.c:1043:26: throw: if ‘sshbuf_put_cstring’ throws an exception...
openssh-10.2p1/auth-pam.c:1002:15: danger: ‘fake_password(*resp)’ leaks here; was allocated at [(8)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/7)
# 1000|   		fatal_f("password length too long: %zu", l);
# 1001|   
# 1002|-> 	ret = malloc(l + 1);
# 1003|   	if (ret == NULL)
# 1004|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def46]
openssh-10.2p1/auth-pam.c:1349:42: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.2p1/auth-pam.c:1333:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.2p1/auth-pam.c:1333:12: branch_false: ...to here
openssh-10.2p1/auth-pam.c:1336:21: branch_true: following ‘true’ branch (when ‘n > i’)...
openssh-10.2p1/auth-pam.c:1337:25: branch_true: ...to here
openssh-10.2p1/auth-pam.c:1339:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:1341:35: branch_false: ...to here
openssh-10.2p1/auth-pam.c:1341:46: acquire_memory: allocated here
openssh-10.2p1/auth-pam.c:1341:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:1343:25: branch_false: ...to here
openssh-10.2p1/auth-pam.c:1336:21: branch_true: following ‘true’ branch (when ‘n > i’)...
openssh-10.2p1/auth-pam.c:1337:25: branch_true: ...to here
openssh-10.2p1/auth-pam.c:1348:28: branch_true: following ‘true’ branch (when ‘len != 0’)...
openssh-10.2p1/auth-pam.c:1349:42: branch_true: ...to here
openssh-10.2p1/auth-pam.c:1349:42: throw: if ‘sshbuf_putf’ throws an exception...
openssh-10.2p1/auth-pam.c:1349:42: danger: ‘<unknown>’ leaks here; was allocated at [(9)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/8)
# 1347|   			len = strlen(PAM_MSG_MEMBER(msg, i, msg));
# 1348|   			if (len > 0) {
# 1349|-> 				if ((r = sshbuf_putf(loginmsg, "%s\n",
# 1350|   				    PAM_MSG_MEMBER(msg, i, msg))) != 0)
# 1351|   					fatal("%s: buffer error: %s",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def47]
openssh-10.2p1/auth-pam.c:1349:42: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.2p1/auth-pam.c:1333:22: acquire_memory: allocated here
openssh-10.2p1/auth-pam.c:1333:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.2p1/auth-pam.c:1333:12: branch_false: ...to here
openssh-10.2p1/auth-pam.c:1336:21: branch_true: following ‘true’ branch (when ‘n > i’)...
openssh-10.2p1/auth-pam.c:1337:25: branch_true: ...to here
openssh-10.2p1/auth-pam.c:1348:28: branch_true: following ‘true’ branch (when ‘len != 0’)...
openssh-10.2p1/auth-pam.c:1349:42: branch_true: ...to here
openssh-10.2p1/auth-pam.c:1349:42: throw: if ‘sshbuf_putf’ throws an exception...
openssh-10.2p1/auth-pam.c:1349:42: danger: ‘reply’ leaks here; was allocated at [(1)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/0)
# 1347|   			len = strlen(PAM_MSG_MEMBER(msg, i, msg));
# 1348|   			if (len > 0) {
# 1349|-> 				if ((r = sshbuf_putf(loginmsg, "%s\n",
# 1350|   				    PAM_MSG_MEMBER(msg, i, msg))) != 0)
# 1351|   					fatal("%s: buffer error: %s",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def48]
openssh-10.2p1/auth-pam.c:1351:41: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.2p1/auth-pam.c:1333:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.2p1/auth-pam.c:1333:12: branch_false: ...to here
openssh-10.2p1/auth-pam.c:1336:21: branch_true: following ‘true’ branch (when ‘n > i’)...
openssh-10.2p1/auth-pam.c:1337:25: branch_true: ...to here
openssh-10.2p1/auth-pam.c:1339:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:1341:35: branch_false: ...to here
openssh-10.2p1/auth-pam.c:1341:46: acquire_memory: allocated here
openssh-10.2p1/auth-pam.c:1341:28: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-pam.c:1343:25: branch_false: ...to here
openssh-10.2p1/auth-pam.c:1336:21: branch_true: following ‘true’ branch (when ‘n > i’)...
openssh-10.2p1/auth-pam.c:1337:25: branch_true: ...to here
openssh-10.2p1/auth-pam.c:1348:28: branch_true: following ‘true’ branch (when ‘len != 0’)...
openssh-10.2p1/auth-pam.c:1349:42: branch_true: ...to here
openssh-10.2p1/auth-pam.c:1349:36: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-pam.c:1351:41: branch_true: ...to here
openssh-10.2p1/auth-pam.c:1351:41: throw: if ‘ssh_err’ throws an exception...
openssh-10.2p1/auth-pam.c:1351:41: danger: ‘<unknown>’ leaks here; was allocated at [(9)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/8)
# 1349|   				if ((r = sshbuf_putf(loginmsg, "%s\n",
# 1350|   				    PAM_MSG_MEMBER(msg, i, msg))) != 0)
# 1351|-> 					fatal("%s: buffer error: %s",
# 1352|   					    __func__, ssh_err(r));
# 1353|   			}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def49]
openssh-10.2p1/auth-pam.c:1351:41: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.2p1/auth-pam.c:1333:22: acquire_memory: allocated here
openssh-10.2p1/auth-pam.c:1333:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.2p1/auth-pam.c:1333:12: branch_false: ...to here
openssh-10.2p1/auth-pam.c:1336:21: branch_true: following ‘true’ branch (when ‘n > i’)...
openssh-10.2p1/auth-pam.c:1337:25: branch_true: ...to here
openssh-10.2p1/auth-pam.c:1348:28: branch_true: following ‘true’ branch (when ‘len != 0’)...
openssh-10.2p1/auth-pam.c:1349:42: branch_true: ...to here
openssh-10.2p1/auth-pam.c:1349:36: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-pam.c:1351:41: branch_true: ...to here
openssh-10.2p1/auth-pam.c:1351:41: throw: if ‘ssh_err’ throws an exception...
openssh-10.2p1/auth-pam.c:1351:41: danger: ‘reply’ leaks here; was allocated at [(1)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/0)
# 1349|   				if ((r = sshbuf_putf(loginmsg, "%s\n",
# 1350|   				    PAM_MSG_MEMBER(msg, i, msg))) != 0)
# 1351|-> 					fatal("%s: buffer error: %s",
# 1352|   					    __func__, ssh_err(r));
# 1353|   			}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def50]
openssh-10.2p1/auth-rhosts.c:108:25: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.2p1/auth-rhosts.c:66:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:68:13: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:68:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:72:14: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:72:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:78:9: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:79:18: acquire_memory: allocated here
openssh-10.2p1/auth-rhosts.c:79:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
openssh-10.2p1/auth-rhosts.c:79:12: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:83:16: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-rhosts.c:83:16: branch_true: ...to here
openssh-10.2p1/auth-rhosts.c:98:20: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:105:25: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:108:25: throw: if ‘auth_debug_add’ throws an exception...
openssh-10.2p1/auth-rhosts.c:108:25: danger: ‘f’ leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  106|   		    dummy)) {
#  107|   		case 0:
#  108|-> 			auth_debug_add("Found empty line in %.100s.", filename);
#  109|   			continue;
#  110|   		case 1:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def51]
openssh-10.2p1/auth-rhosts.c:118:25: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.2p1/auth-rhosts.c:66:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:68:13: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:68:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:72:14: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:72:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:78:9: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:79:18: acquire_memory: allocated here
openssh-10.2p1/auth-rhosts.c:79:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
openssh-10.2p1/auth-rhosts.c:79:12: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:83:16: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-rhosts.c:83:16: branch_true: ...to here
openssh-10.2p1/auth-rhosts.c:98:20: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:105:25: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:118:25: throw: if ‘auth_debug_add’ throws an exception...
openssh-10.2p1/auth-rhosts.c:118:25: danger: ‘f’ leaks here; was allocated at [(7)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/6)
#  116|   			break;
#  117|   		case 3:
#  118|-> 			auth_debug_add("Found garbage in %.100s.", filename);
#  119|   			continue;
#  120|   		default:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def52]
openssh-10.2p1/auth-rhosts.c:145:25: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.2p1/auth-rhosts.c:66:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:68:13: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:68:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:72:14: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:72:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:78:9: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:79:18: acquire_memory: allocated here
openssh-10.2p1/auth-rhosts.c:79:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
openssh-10.2p1/auth-rhosts.c:79:12: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:83:16: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-rhosts.c:83:16: branch_true: ...to here
openssh-10.2p1/auth-rhosts.c:98:20: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:105:25: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:145:25: throw: if ‘auth_debug_add’ throws an exception...
openssh-10.2p1/auth-rhosts.c:145:25: danger: ‘f’ leaks here; was allocated at [(7)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/6)
#  143|   		if (!host[0] || !user[0]) {
#  144|   			/* We come here if either was '+' or '-'. */
#  145|-> 			auth_debug_add("Ignoring wild host/user names "
#  146|   			    "in %.100s.", filename);
#  147|   			continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def53]
openssh-10.2p1/auth-rhosts.c:151:30: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.2p1/auth-rhosts.c:66:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:68:13: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:68:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:72:14: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:72:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:78:9: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:79:18: acquire_memory: allocated here
openssh-10.2p1/auth-rhosts.c:79:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
openssh-10.2p1/auth-rhosts.c:79:12: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:83:16: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-rhosts.c:83:16: branch_true: ...to here
openssh-10.2p1/auth-rhosts.c:98:20: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:105:25: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:143:20: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:150:20: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-rhosts.c:151:38: branch_true: ...to here
openssh-10.2p1/auth-rhosts.c:151:30: throw: if ‘innetgr’ throws an exception...
openssh-10.2p1/auth-rhosts.c:151:30: danger: ‘f’ leaks here; was allocated at [(7)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/6)
#  149|   		/* Verify that host name matches. */
#  150|   		if (host[0] == '@') {
#  151|-> 			if (!innetgr(host + 1, hostname, NULL, NULL) &&
#  152|   			    !innetgr(host + 1, ipaddr, NULL, NULL))
#  153|   				continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def54]
openssh-10.2p1/auth-rhosts.c:152:30: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.2p1/auth-rhosts.c:66:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:68:13: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:68:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:72:14: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:72:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:78:9: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:79:18: acquire_memory: allocated here
openssh-10.2p1/auth-rhosts.c:79:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
openssh-10.2p1/auth-rhosts.c:79:12: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:83:16: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-rhosts.c:83:16: branch_true: ...to here
openssh-10.2p1/auth-rhosts.c:98:20: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:105:25: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:143:20: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:150:20: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-rhosts.c:151:38: branch_true: ...to here
openssh-10.2p1/auth-rhosts.c:151:28: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-rhosts.c:152:30: branch_true: ...to here
openssh-10.2p1/auth-rhosts.c:152:30: throw: if ‘innetgr’ throws an exception...
openssh-10.2p1/auth-rhosts.c:152:30: danger: ‘f’ leaks here; was allocated at [(7)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/6)
#  150|   		if (host[0] == '@') {
#  151|   			if (!innetgr(host + 1, hostname, NULL, NULL) &&
#  152|-> 			    !innetgr(host + 1, ipaddr, NULL, NULL))
#  153|   				continue;
#  154|   		} else if (strcasecmp(host, hostname) &&

Error: GCC_ANALYZER_WARNING (CWE-401): [#def55]
openssh-10.2p1/auth-rhosts.c:160:30: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.2p1/auth-rhosts.c:66:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:68:13: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:68:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:72:14: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:72:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:78:9: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:79:18: acquire_memory: allocated here
openssh-10.2p1/auth-rhosts.c:79:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
openssh-10.2p1/auth-rhosts.c:79:12: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:83:16: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-rhosts.c:83:16: branch_true: ...to here
openssh-10.2p1/auth-rhosts.c:98:20: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:105:25: branch_false: ...to here
openssh-10.2p1/auth-rhosts.c:143:20: branch_false: following ‘false’ branch...
openssh-10.2p1/auth-rhosts.c:159:20: branch_true: following ‘true’ branch...
openssh-10.2p1/auth-rhosts.c:160:38: branch_true: ...to here
openssh-10.2p1/auth-rhosts.c:160:30: throw: if ‘innetgr’ throws an exception...
openssh-10.2p1/auth-rhosts.c:160:30: danger: ‘f’ leaks here; was allocated at [(7)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/6)
#  158|   		/* Verify that user name matches. */
#  159|   		if (user[0] == '@') {
#  160|-> 			if (!innetgr(user + 1, NULL, client_user, NULL))
#  161|   				continue;
#  162|   		} else if (strcmp(user, client_user) != 0)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def56]
openssh-10.2p1/auth2-chall.c:332:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘response’
openssh-10.2p1/auth2-chall.c:304:12: branch_false: following ‘false’ branch (when ‘authctxt’ is non-NULL)...
openssh-10.2p1/auth2-chall.c:306:9: branch_false: ...to here
openssh-10.2p1/auth2-chall.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth2-chall.c:309:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth2-chall.c:312:9: branch_false: ...to here
openssh-10.2p1/auth2-chall.c:313:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth2-chall.c:315:22: branch_false: ...to here
openssh-10.2p1/auth2-chall.c:315:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth2-chall.c:317:12: branch_false: ...to here
openssh-10.2p1/auth2-chall.c:317:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth2-chall.c:319:12: branch_false: ...to here
openssh-10.2p1/auth2-chall.c:319:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth2-chall.c:326:18: branch_false: ...to here
openssh-10.2p1/auth2-chall.c:326:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth2-chall.c:329:15: branch_false: ...to here
openssh-10.2p1/auth2-chall.c:331:21: branch_true: following ‘true’ branch...
openssh-10.2p1/auth2-chall.c:332:60: branch_true: ...to here
openssh-10.2p1/auth2-chall.c:332:17: danger: dereference of NULL ‘response + (long unsigned int)i * 8’
#  330|   
#  331|   	for (i = 0; i < nresp; i++) {
#  332|-> 		explicit_bzero(response[i], strlen(response[i]));
#  333|   		free(response[i]);
#  334|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def57]
openssh-10.2p1/auth2-pubkeyfile.c:486:13: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.2p1/auth2-pubkeyfile.c:459:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth2-pubkeyfile.c:470:13: branch_false: ...to here
openssh-10.2p1/auth2-pubkeyfile.c:470:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth2-pubkeyfile.c:474:14: branch_false: ...to here
openssh-10.2p1/auth2-pubkeyfile.c:474:12: branch_false: following ‘false’ branch...
openssh-10.2p1/auth2-pubkeyfile.c:480:9: branch_false: ...to here
openssh-10.2p1/auth2-pubkeyfile.c:481:18: acquire_memory: allocated here
openssh-10.2p1/auth2-pubkeyfile.c:481:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
openssh-10.2p1/auth2-pubkeyfile.c:485:12: branch_false: ...to here
openssh-10.2p1/auth2-pubkeyfile.c:485:12: branch_true: following ‘true’ branch (when ‘strict_modes != 0’)...
openssh-10.2p1/auth2-pubkeyfile.c:486:13: branch_true: ...to here
openssh-10.2p1/auth2-pubkeyfile.c:486:13: throw: if ‘safe_path_fd’ throws an exception...
openssh-10.2p1/auth2-pubkeyfile.c:486:13: danger: ‘f’ leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  484|   	}
#  485|   	if (strict_modes &&
#  486|-> 	    safe_path_fd(fileno(f), file, pw, line, sizeof(line)) != 0) {
#  487|   		fclose(f);
#  488|   		logit("Authentication refused: %s", line);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def58]
openssh-10.2p1/authfd.c:103:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/authfd.c:99:21: acquire_resource: stream socket created here
openssh-10.2p1/authfd.c:99:12: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.2p1/authfd.c:103:13: branch_false: ...to here
openssh-10.2p1/authfd.c:103:13: throw: if ‘fcntl’ throws an exception...
openssh-10.2p1/authfd.c:103:13: danger: ‘sock’ leaks here
#  101|   
#  102|   	/* close on exec */
#  103|-> 	if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1 ||
#  104|   	    connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) {
#  105|   		oerrno = errno;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def59]
openssh-10.2p1/authfile.c:181:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(filename, 0)’
openssh-10.2p1/authfile.c:176:12: branch_false: following ‘false’ branch (when ‘pubkeyp’ is NULL)...
openssh-10.2p1/authfile.c:179:19: branch_false: ...to here
openssh-10.2p1/authfile.c:179:19: acquire_resource: opened here
openssh-10.2p1/authfile.c:179:12: branch_false: following ‘false’ branch...
openssh-10.2p1/authfile.c:181:18: branch_false: ...to here
openssh-10.2p1/authfile.c:181:18: throw: if ‘sshbuf_load_fd’ throws an exception...
openssh-10.2p1/authfile.c:181:18: danger: ‘open(filename, 0)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  179|   	if ((fd = open(filename, O_RDONLY)) == -1)
#  180|   		return SSH_ERR_SYSTEM_ERROR;
#  181|-> 	if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
#  182|   	    (r = sshkey_parse_pubkey_from_private_fileblob_type(buffer,
#  183|   	    KEY_UNSPEC, &pubkey)) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def60]
openssh-10.2p1/authfile.c:215:18: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "r")’
openssh-10.2p1/authfile.c:208:12: branch_false: following ‘false’ branch (when ‘kp’ is non-NULL)...
openssh-10.2p1/authfile.c:210:9: branch_false: ...to here
openssh-10.2p1/authfile.c:211:12: branch_false: following ‘false’ branch (when ‘commentp’ is NULL)...
openssh-10.2p1/authfile.c:213:18: branch_false: ...to here
openssh-10.2p1/authfile.c:213:18: acquire_resource: opened here
openssh-10.2p1/authfile.c:213:12: branch_false: following ‘false’ branch...
openssh-10.2p1/authfile.c:215:18: branch_false: ...to here
openssh-10.2p1/authfile.c:215:18: throw: if ‘sshkey_new’ throws an exception...
openssh-10.2p1/authfile.c:215:18: danger: ‘fopen(filename, "r")’ leaks here; was opened at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  213|   	if ((f = fopen(filename, "r")) == NULL)
#  214|   		return SSH_ERR_SYSTEM_ERROR;
#  215|-> 	if ((k = sshkey_new(KEY_UNSPEC)) == NULL) {
#  216|   		fclose(f);
#  217|   		return SSH_ERR_ALLOC_FAIL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def61]
openssh-10.2p1/authfile.c:215:18: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "r")’
openssh-10.2p1/authfile.c:208:12: branch_false: following ‘false’ branch (when ‘kp’ is non-NULL)...
openssh-10.2p1/authfile.c:210:9: branch_false: ...to here
openssh-10.2p1/authfile.c:211:12: branch_false: following ‘false’ branch (when ‘commentp’ is NULL)...
openssh-10.2p1/authfile.c:213:18: branch_false: ...to here
openssh-10.2p1/authfile.c:213:18: acquire_memory: allocated here
openssh-10.2p1/authfile.c:213:12: branch_false: following ‘false’ branch...
openssh-10.2p1/authfile.c:215:18: branch_false: ...to here
openssh-10.2p1/authfile.c:215:18: throw: if ‘sshkey_new’ throws an exception...
openssh-10.2p1/authfile.c:215:18: danger: ‘fopen(filename, "r")’ leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#  213|   	if ((f = fopen(filename, "r")) == NULL)
#  214|   		return SSH_ERR_SYSTEM_ERROR;
#  215|-> 	if ((k = sshkey_new(KEY_UNSPEC)) == NULL) {
#  216|   		fclose(f);
#  217|   		return SSH_ERR_ALLOC_FAIL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def62]
openssh-10.2p1/authfile.c:501:18: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.2p1/authfile.c:494:12: branch_false: following ‘false’ branch...
openssh-10.2p1/authfile.c:496:18: branch_false: ...to here
openssh-10.2p1/authfile.c:496:18: acquire_memory: allocated here
openssh-10.2p1/authfile.c:496:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
openssh-10.2p1/authfile.c:501:18: branch_false: ...to here
openssh-10.2p1/authfile.c:501:18: throw: if ‘sshkey_write’ throws an exception...
openssh-10.2p1/authfile.c:501:18: danger: ‘f’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  499|   		goto fail;
#  500|   	}
#  501|-> 	if ((r = sshkey_write(key, f)) != 0)
#  502|   		goto fail;
#  503|   	fprintf(f, " %s\n", comment);

Error: COMPILER_WARNING: [#def63]
openssh-10.2p1/chacha.c:51:31: warning[-Wunterminated-string-initialization]: initializer-string for array of ‘char’ truncates NUL terminator but destination lacks ‘nonstring’ attribute (17 chars into 16 available)
#   51 | static const char sigma[16] = "expand 32-byte k";
#      |                               ^~~~~~~~~~~~~~~~~~
#   49|     c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
#   50|   
#   51|-> static const char sigma[16] = "expand 32-byte k";
#   52|   static const char tau[16] = "expand 16-byte k";
#   53|   

Error: COMPILER_WARNING: [#def64]
openssh-10.2p1/chacha.c:52:29: warning[-Wunterminated-string-initialization]: initializer-string for array of ‘char’ truncates NUL terminator but destination lacks ‘nonstring’ attribute (17 chars into 16 available)
#   52 | static const char tau[16] = "expand 16-byte k";
#      |                             ^~~~~~~~~~~~~~~~~~
#   50|   
#   51|   static const char sigma[16] = "expand 32-byte k";
#   52|-> static const char tau[16] = "expand 16-byte k";
#   53|   
#   54|   void

Error: GCC_ANALYZER_WARNING (CWE-775): [#def65]
openssh-10.2p1/channels.c:531:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/channels.c:4226:1: enter_function: entry to ‘channel_setup_local_fwd_listener’
openssh-10.2p1/channels.c:4229:12: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:4233:24: branch_false: ...to here
openssh-10.2p1/channels.c:4233:24: call_function: calling ‘channel_setup_fwd_listener_tcpip’ from ‘channel_setup_local_fwd_listener’
#  529|   		found = sc->channels_alloc;
#  530|   		if (sc->channels_alloc > CHANNELS_MAX_CHANNELS)
#  531|-> 			fatal_f("internal error: channels_alloc %d too big",
#  532|   			    sc->channels_alloc);
#  533|   		sc->channels = xrecallocarray(sc->channels, sc->channels_alloc,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def66]
openssh-10.2p1/channels.c:533:32: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/channels.c:4226:1: enter_function: entry to ‘channel_setup_local_fwd_listener’
openssh-10.2p1/channels.c:4229:12: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:4233:24: branch_false: ...to here
openssh-10.2p1/channels.c:4233:24: call_function: calling ‘channel_setup_fwd_listener_tcpip’ from ‘channel_setup_local_fwd_listener’
#  531|   			fatal_f("internal error: channels_alloc %d too big",
#  532|   			    sc->channels_alloc);
#  533|-> 		sc->channels = xrecallocarray(sc->channels, sc->channels_alloc,
#  534|   		    sc->channels_alloc + 10, sizeof(*sc->channels));
#  535|   		sc->channels_alloc += 10;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def67]
openssh-10.2p1/channels.c:536:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/channels.c:4226:1: enter_function: entry to ‘channel_setup_local_fwd_listener’
openssh-10.2p1/channels.c:4229:12: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:4233:24: branch_false: ...to here
openssh-10.2p1/channels.c:4233:24: call_function: calling ‘channel_setup_fwd_listener_tcpip’ from ‘channel_setup_local_fwd_listener’
#  534|   		    sc->channels_alloc + 10, sizeof(*sc->channels));
#  535|   		sc->channels_alloc += 10;
#  536|-> 		debug2("channel: expanding %d", sc->channels_alloc);
#  537|   	}
#  538|   	/* Initialize and return new channel. */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def68]
openssh-10.2p1/channels.c:539:35: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/channels.c:4226:1: enter_function: entry to ‘channel_setup_local_fwd_listener’
openssh-10.2p1/channels.c:4229:12: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:4233:24: branch_false: ...to here
openssh-10.2p1/channels.c:4233:24: call_function: calling ‘channel_setup_fwd_listener_tcpip’ from ‘channel_setup_local_fwd_listener’
#  537|   	}
#  538|   	/* Initialize and return new channel. */
#  539|-> 	c = sc->channels[found] = xcalloc(1, sizeof(Channel));
#  540|   	if ((c->input = sshbuf_new()) == NULL ||
#  541|   	    (c->output = sshbuf_new()) == NULL ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def69]
openssh-10.2p1/channels.c:540:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/channels.c:4226:1: enter_function: entry to ‘channel_setup_local_fwd_listener’
openssh-10.2p1/channels.c:4229:12: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:4233:24: branch_false: ...to here
openssh-10.2p1/channels.c:4233:24: call_function: calling ‘channel_setup_fwd_listener_tcpip’ from ‘channel_setup_local_fwd_listener’
#  538|   	/* Initialize and return new channel. */
#  539|   	c = sc->channels[found] = xcalloc(1, sizeof(Channel));
#  540|-> 	if ((c->input = sshbuf_new()) == NULL ||
#  541|   	    (c->output = sshbuf_new()) == NULL ||
#  542|   	    (c->extended = sshbuf_new()) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def70]
openssh-10.2p1/channels.c:541:26: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/channels.c:4226:1: enter_function: entry to ‘channel_setup_local_fwd_listener’
openssh-10.2p1/channels.c:4229:12: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:4233:24: branch_false: ...to here
openssh-10.2p1/channels.c:4233:24: call_function: calling ‘channel_setup_fwd_listener_tcpip’ from ‘channel_setup_local_fwd_listener’
#  539|   	c = sc->channels[found] = xcalloc(1, sizeof(Channel));
#  540|   	if ((c->input = sshbuf_new()) == NULL ||
#  541|-> 	    (c->output = sshbuf_new()) == NULL ||
#  542|   	    (c->extended = sshbuf_new()) == NULL)
#  543|   		fatal_f("sshbuf_new failed");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def71]
openssh-10.2p1/channels.c:542:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/channels.c:4226:1: enter_function: entry to ‘channel_setup_local_fwd_listener’
openssh-10.2p1/channels.c:4229:12: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:4233:24: branch_false: ...to here
openssh-10.2p1/channels.c:4233:24: call_function: calling ‘channel_setup_fwd_listener_tcpip’ from ‘channel_setup_local_fwd_listener’
#  540|   	if ((c->input = sshbuf_new()) == NULL ||
#  541|   	    (c->output = sshbuf_new()) == NULL ||
#  542|-> 	    (c->extended = sshbuf_new()) == NULL)
#  543|   		fatal_f("sshbuf_new failed");
#  544|   	if ((r = sshbuf_set_max_size(c->input, CHAN_INPUT_MAX)) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def72]
openssh-10.2p1/channels.c:543:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/channels.c:4226:1: enter_function: entry to ‘channel_setup_local_fwd_listener’
openssh-10.2p1/channels.c:4229:12: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:4233:24: branch_false: ...to here
openssh-10.2p1/channels.c:4233:24: call_function: calling ‘channel_setup_fwd_listener_tcpip’ from ‘channel_setup_local_fwd_listener’
#  541|   	    (c->output = sshbuf_new()) == NULL ||
#  542|   	    (c->extended = sshbuf_new()) == NULL)
#  543|-> 		fatal_f("sshbuf_new failed");
#  544|   	if ((r = sshbuf_set_max_size(c->input, CHAN_INPUT_MAX)) != 0)
#  545|   		fatal_fr(r, "sshbuf_set_max_size");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def73]
openssh-10.2p1/channels.c:3955:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/channels.c:3862:1: enter_function: entry to ‘channel_setup_fwd_listener_tcpip’
openssh-10.2p1/channels.c:3891:16: call_function: calling ‘channel_fwd_bind_addr’ from ‘channel_setup_fwd_listener_tcpip’
openssh-10.2p1/channels.c:3891:16: return_function: returning to ‘channel_setup_fwd_listener_tcpip’ from ‘channel_fwd_bind_addr’
openssh-10.2p1/channels.c:3893:9: branch_true: following ‘true’ branch...
openssh-10.2p1/channels.c:3893:9: branch_true: ...to here
openssh-10.2p1/channels.c:3905:12: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:3916:12: branch_false: ...to here
openssh-10.2p1/channels.c:3918:26: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.2p1/channels.c:3919:25: branch_true: ...to here
openssh-10.2p1/channels.c:3940:20: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:3947:24: branch_false: ...to here
openssh-10.2p1/channels.c:3947:24: acquire_resource: socket created here
openssh-10.2p1/channels.c:3948:20: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.2p1/channels.c:3955:17: branch_false: ...to here
openssh-10.2p1/channels.c:3955:17: throw: if ‘set_reuseaddr’ throws an exception...
openssh-10.2p1/channels.c:3955:17: danger: ‘sock’ leaks here
# 3953|   		}
# 3954|   
# 3955|-> 		set_reuseaddr(sock);
# 3956|   		if (ai->ai_family == AF_INET6)
# 3957|   			sock_set_v6only(sock);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def74]
openssh-10.2p1/channels.c:3980:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/channels.c:3862:1: enter_function: entry to ‘channel_setup_fwd_listener_tcpip’
openssh-10.2p1/channels.c:3891:16: call_function: calling ‘channel_fwd_bind_addr’ from ‘channel_setup_fwd_listener_tcpip’
openssh-10.2p1/channels.c:3891:16: return_function: returning to ‘channel_setup_fwd_listener_tcpip’ from ‘channel_fwd_bind_addr’
openssh-10.2p1/channels.c:3893:9: branch_true: following ‘true’ branch...
openssh-10.2p1/channels.c:3893:9: branch_true: ...to here
openssh-10.2p1/channels.c:3905:12: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:3916:12: branch_false: ...to here
openssh-10.2p1/channels.c:3918:26: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.2p1/channels.c:3919:25: branch_true: ...to here
openssh-10.2p1/channels.c:3947:24: acquire_resource: socket created here
openssh-10.2p1/channels.c:3948:20: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.2p1/channels.c:3955:17: branch_false: ...to here
openssh-10.2p1/channels.c:3979:20: branch_true: following ‘true’ branch...
openssh-10.2p1/channels.c:3980:25: branch_true: ...to here
openssh-10.2p1/channels.c:3980:25: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/channels.c:3980:25: danger: ‘sock’ leaks here
# 3978|   		/* Start listening for connections on the socket. */
# 3979|   		if (listen(sock, SSH_LISTEN_BACKLOG) == -1) {
# 3980|-> 			error("listen [%s]:%s: %.100s", ntop, strport,
# 3981|   			    strerror(errno));
# 3982|   			close(sock);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def75]
openssh-10.2p1/channels.c:3982:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/channels.c:3862:1: enter_function: entry to ‘channel_setup_fwd_listener_tcpip’
openssh-10.2p1/channels.c:3891:16: call_function: calling ‘channel_fwd_bind_addr’ from ‘channel_setup_fwd_listener_tcpip’
openssh-10.2p1/channels.c:3891:16: return_function: returning to ‘channel_setup_fwd_listener_tcpip’ from ‘channel_fwd_bind_addr’
openssh-10.2p1/channels.c:3893:9: branch_true: following ‘true’ branch...
openssh-10.2p1/channels.c:3893:9: branch_true: ...to here
openssh-10.2p1/channels.c:3905:12: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:3916:12: branch_false: ...to here
openssh-10.2p1/channels.c:3918:26: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.2p1/channels.c:3919:25: branch_true: ...to here
openssh-10.2p1/channels.c:3947:24: acquire_resource: socket created here
openssh-10.2p1/channels.c:3948:20: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.2p1/channels.c:3955:17: branch_false: ...to here
openssh-10.2p1/channels.c:3979:20: branch_true: following ‘true’ branch...
openssh-10.2p1/channels.c:3980:25: branch_true: ...to here
openssh-10.2p1/channels.c:3982:25: throw: if ‘close’ throws an exception...
openssh-10.2p1/channels.c:3982:25: danger: ‘sock’ leaks here
# 3980|   			error("listen [%s]:%s: %.100s", ntop, strport,
# 3981|   			    strerror(errno));
# 3982|-> 			close(sock);
# 3983|   			continue;
# 3984|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def76]
openssh-10.2p1/channels.c:4690:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/channels.c:4660:16: branch_true: following ‘true’ branch...
openssh-10.2p1/channels.c:4661:25: branch_true: ...to here
openssh-10.2p1/channels.c:4670:28: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:4680:17: branch_false: ...to here
openssh-10.2p1/channels.c:4682:29: acquire_resource: socket created here
openssh-10.2p1/channels.c:4682:20: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.2p1/channels.c:4690:21: branch_false: ...to here
openssh-10.2p1/channels.c:4690:21: throw: if ‘set_nonblock’ throws an exception...
openssh-10.2p1/channels.c:4690:21: danger: ‘sock’ leaks here
# 4688|   			continue;
# 4689|   		}
# 4690|-> 		if (set_nonblock(sock) == -1)
# 4691|   			fatal_f("set_nonblock(%d)", sock);
# 4692|   		if (connect(sock, cctx->ai->ai_addr,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def77]
openssh-10.2p1/channels.c:5122:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/channels.c:5079:12: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:5087:13: branch_true: following ‘true’ branch (when ‘display_number < x11_max_displays’)...
openssh-10.2p1/channels.c:5089:17: branch_true: ...to here
openssh-10.2p1/channels.c:5095:20: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:5100:22: branch_false: ...to here
openssh-10.2p1/channels.c:5100:34: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.2p1/channels.c:5101:29: branch_true: ...to here
openssh-10.2p1/channels.c:5101:28: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:5104:32: branch_false: ...to here
openssh-10.2p1/channels.c:5104:32: acquire_resource: socket created here
openssh-10.2p1/channels.c:5106:28: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.2p1/channels.c:5121:29: branch_false: ...to here
openssh-10.2p1/channels.c:5121:28: branch_true: following ‘true’ branch...
openssh-10.2p1/channels.c:5122:33: branch_true: ...to here
openssh-10.2p1/channels.c:5122:33: throw: if ‘sock_set_v6only’ throws an exception...
openssh-10.2p1/channels.c:5122:33: danger: ‘sock’ leaks here
# 5120|   			}
# 5121|   			if (ai->ai_family == AF_INET6)
# 5122|-> 				sock_set_v6only(sock);
# 5123|   			if (x11_use_localhost)
# 5124|   				set_reuseaddr(sock);

Error: CPPCHECK_WARNING (CWE-457): [#def78]
openssh-10.2p1/channels.c:5152: warning[uninitvar]: Uninitialized variable: port
# 5150|   			break;
# 5151|   	}
# 5152|-> 	if (display_number >= x11_max_displays || port < X11_BASE_PORT ) {
# 5153|   		error("Failed to allocate internet-domain X11 display socket.");
# 5154|   		return -1;

Error: COMPILER_WARNING (CWE-195): [#def79]
openssh-10.2p1/channels.c: scope_hint: In function ‘connect_local_xsocket_path’
openssh-10.2p1/channels.c:5199:17: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’
# 5199 |         if (len > sizeof addr.sun_path)
#      |                 ^
# 5197|   	memset(&addr, 0, sizeof(addr));
# 5198|   	addr.sun_family = AF_UNIX;
# 5199|-> 	if (len > sizeof addr.sun_path)
# 5200|   		len = sizeof addr.sun_path;
# 5201|   	memcpy(addr.sun_path, pathname, len);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def80]
openssh-10.2p1/channels.c:5202:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/channels.c:5190:12: branch_false: following ‘false’ branch (when ‘len > 0’)...
openssh-10.2p1/channels.c:5192:16: branch_false: ...to here
openssh-10.2p1/channels.c:5192:16: acquire_resource: stream socket created here
openssh-10.2p1/channels.c:5193:12: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.2p1/channels.c:5197:9: branch_false: ...to here
openssh-10.2p1/channels.c:5202:13: throw: if ‘connect’ throws an exception...
openssh-10.2p1/channels.c:5202:13: danger: ‘sock’ leaks here
# 5200|   		len = sizeof addr.sun_path;
# 5201|   	memcpy(addr.sun_path, pathname, len);
# 5202|-> 	if (connect(sock, (struct sockaddr *)&addr, sizeof addr - (sizeof addr.sun_path - len) ) == 0)
# 5203|   		return sock;
# 5204|   	close(sock);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def81]
openssh-10.2p1/channels.c:5353:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/channels.c:5265:12: branch_false: following ‘false’ branch (when ‘display’ is non-NULL)...
openssh-10.2p1/channels.c:5296:13: branch_false: ...to here
openssh-10.2p1/channels.c:5296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:5297:13: branch_false: ...to here
openssh-10.2p1/channels.c:5296:13: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:5317:9: branch_false: ...to here
openssh-10.2p1/channels.c:5319:12: branch_false: following ‘false’ branch (when ‘cp’ is non-NULL)...
openssh-10.2p1/channels.c:5323:9: branch_false: ...to here
openssh-10.2p1/channels.c:5328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:5329:13: branch_false: ...to here
openssh-10.2p1/channels.c:5328:13: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:5336:9: branch_false: ...to here
openssh-10.2p1/channels.c:5340:12: branch_false: following ‘false’ branch...
openssh-10.2p1/channels.c:5345:14: branch_false: ...to here
openssh-10.2p1/channels.c:5345:26: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.2p1/channels.c:5347:24: branch_true: ...to here
openssh-10.2p1/channels.c:5347:24: acquire_resource: socket created here
openssh-10.2p1/channels.c:5348:20: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.2p1/channels.c:5353:21: branch_false: ...to here
openssh-10.2p1/channels.c:5353:21: throw: if ‘connect’ throws an exception...
openssh-10.2p1/channels.c:5353:21: danger: ‘sock’ leaks here
# 5351|   		}
# 5352|   		/* Connect it to the display. */
# 5353|-> 		if (connect(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
# 5354|   			debug2("connect %.100s port %u: %.100s", buf,
# 5355|   			    X11_BASE_PORT + display_number, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def82]
openssh-10.2p1/cipher-chachapoly-libcrypto.c:50:30: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
openssh-10.2p1/cipher-chachapoly-libcrypto.c:46:12: branch_false: following ‘false’ branch (when ‘keylen == 64’)...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:20: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:20: acquire_memory: allocated here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:12: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:50:30: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:50:30: throw: if ‘EVP_CIPHER_CTX_new’ throws an exception...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:50:30: danger: ‘ctx’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   48|   	if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
#   49|   		return NULL;
#   50|-> 	if ((ctx->main_evp = EVP_CIPHER_CTX_new()) == NULL ||
#   51|   	    (ctx->header_evp = EVP_CIPHER_CTX_new()) == NULL)
#   52|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def83]
openssh-10.2p1/cipher-chachapoly-libcrypto.c:51:32: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
openssh-10.2p1/cipher-chachapoly-libcrypto.c:46:12: branch_false: following ‘false’ branch (when ‘keylen == 64’)...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:20: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:20: acquire_memory: allocated here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:12: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:50:30: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:50:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:51:32: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:51:32: throw: if ‘EVP_CIPHER_CTX_new’ throws an exception...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:51:32: danger: ‘ctx’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#   49|   		return NULL;
#   50|   	if ((ctx->main_evp = EVP_CIPHER_CTX_new()) == NULL ||
#   51|-> 	    (ctx->header_evp = EVP_CIPHER_CTX_new()) == NULL)
#   52|   		goto fail;
#   53|   	if (!EVP_CipherInit(ctx->main_evp, EVP_chacha20(), key, NULL, 1))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def84]
openssh-10.2p1/cipher-chachapoly-libcrypto.c:53:14: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
openssh-10.2p1/cipher-chachapoly-libcrypto.c:46:12: branch_false: following ‘false’ branch (when ‘keylen == 64’)...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:20: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:20: acquire_memory: allocated here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:12: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:50:30: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:50:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:51:32: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:50:13: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:53:14: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:53:14: throw: if ‘EVP_chacha20’ throws an exception...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:53:14: danger: ‘ctx’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#   51|   	    (ctx->header_evp = EVP_CIPHER_CTX_new()) == NULL)
#   52|   		goto fail;
#   53|-> 	if (!EVP_CipherInit(ctx->main_evp, EVP_chacha20(), key, NULL, 1))
#   54|   		goto fail;
#   55|   	if (!EVP_CipherInit(ctx->header_evp, EVP_chacha20(), key + 32, NULL, 1))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def85]
openssh-10.2p1/cipher-chachapoly-libcrypto.c:55:14: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
openssh-10.2p1/cipher-chachapoly-libcrypto.c:46:12: branch_false: following ‘false’ branch (when ‘keylen == 64’)...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:20: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:20: acquire_memory: allocated here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:12: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:50:30: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:50:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:51:32: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:50:13: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:53:14: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:53:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:55:62: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:55:14: throw: if ‘EVP_chacha20’ throws an exception...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:55:14: danger: ‘ctx’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#   53|   	if (!EVP_CipherInit(ctx->main_evp, EVP_chacha20(), key, NULL, 1))
#   54|   		goto fail;
#   55|-> 	if (!EVP_CipherInit(ctx->header_evp, EVP_chacha20(), key + 32, NULL, 1))
#   56|   		goto fail;
#   57|   	if (EVP_CIPHER_CTX_iv_length(ctx->header_evp) != 16)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def86]
openssh-10.2p1/cipher-chachapoly-libcrypto.c:70:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
openssh-10.2p1/cipher-chachapoly-libcrypto.c:42:1: enter_function: entry to ‘chachapoly_new’
openssh-10.2p1/cipher-chachapoly-libcrypto.c:46:12: branch_false: following ‘false’ branch (when ‘keylen == 64’)...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:20: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:20: acquire_memory: allocated here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:12: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:50:30: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:50:12: branch_true: following ‘true’ branch...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:52:17: branch_true: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:61:9: call_function: calling ‘chachapoly_free’ from ‘chachapoly_new’
#   68|   	if (cpctx == NULL)
#   69|   		return;
#   70|-> 	EVP_CIPHER_CTX_free(cpctx->main_evp);
#   71|   	EVP_CIPHER_CTX_free(cpctx->header_evp);
#   72|   	freezero(cpctx, sizeof(*cpctx));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def87]
openssh-10.2p1/cipher-chachapoly-libcrypto.c:71:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
openssh-10.2p1/cipher-chachapoly-libcrypto.c:42:1: enter_function: entry to ‘chachapoly_new’
openssh-10.2p1/cipher-chachapoly-libcrypto.c:46:12: branch_false: following ‘false’ branch (when ‘keylen == 64’)...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:20: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:20: acquire_memory: allocated here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:12: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:50:30: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:50:12: branch_true: following ‘true’ branch...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:52:17: branch_true: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:61:9: call_function: calling ‘chachapoly_free’ from ‘chachapoly_new’
#   69|   		return;
#   70|   	EVP_CIPHER_CTX_free(cpctx->main_evp);
#   71|-> 	EVP_CIPHER_CTX_free(cpctx->header_evp);
#   72|   	freezero(cpctx, sizeof(*cpctx));
#   73|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def88]
openssh-10.2p1/cipher-chachapoly-libcrypto.c:72:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
openssh-10.2p1/cipher-chachapoly-libcrypto.c:42:1: enter_function: entry to ‘chachapoly_new’
openssh-10.2p1/cipher-chachapoly-libcrypto.c:46:12: branch_false: following ‘false’ branch (when ‘keylen == 64’)...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:20: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:20: acquire_memory: allocated here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:48:12: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:50:30: branch_false: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:50:12: branch_true: following ‘true’ branch...
openssh-10.2p1/cipher-chachapoly-libcrypto.c:52:17: branch_true: ...to here
openssh-10.2p1/cipher-chachapoly-libcrypto.c:61:9: call_function: calling ‘chachapoly_free’ from ‘chachapoly_new’
#   70|   	EVP_CIPHER_CTX_free(cpctx->main_evp);
#   71|   	EVP_CIPHER_CTX_free(cpctx->header_evp);
#   72|-> 	freezero(cpctx, sizeof(*cpctx));
#   73|   }
#   74|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def89]
openssh-10.2p1/cipher.c:244:30: warning[-Wanalyzer-malloc-leak]: leak of ‘cc’
openssh-10.2p1/cipher.c:230:19: acquire_memory: allocated here
openssh-10.2p1/cipher.c:230:12: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
openssh-10.2p1/cipher.c:233:26: branch_false: ...to here
openssh-10.2p1/cipher.c:236:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:236:13: branch_false: ...to here
openssh-10.2p1/cipher.c:243:12: branch_true: following ‘true’ branch...
openssh-10.2p1/cipher.c:244:30: branch_true: ...to here
openssh-10.2p1/cipher.c:244:30: throw: if ‘chachapoly_new’ throws an exception...
openssh-10.2p1/cipher.c:244:30: danger: ‘cc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  242|   	cc->cipher = cipher;
#  243|   	if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
#  244|-> 		cc->cp_ctx = chachapoly_new(key, keylen);
#  245|   		ret = cc->cp_ctx != NULL ? 0 : SSH_ERR_INVALID_ARGUMENT;
#  246|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def90]
openssh-10.2p1/cipher.c:262:16: warning[-Wanalyzer-malloc-leak]: leak of ‘cc’
openssh-10.2p1/cipher.c:230:19: acquire_memory: allocated here
openssh-10.2p1/cipher.c:230:12: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
openssh-10.2p1/cipher.c:233:26: branch_false: ...to here
openssh-10.2p1/cipher.c:236:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:236:13: branch_false: ...to here
openssh-10.2p1/cipher.c:243:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:248:13: branch_false: ...to here
openssh-10.2p1/cipher.c:248:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:262:18: branch_false: ...to here
openssh-10.2p1/cipher.c:262:16: throw: if the called function throws an exception...
openssh-10.2p1/cipher.c:262:16: danger: ‘cc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  260|   	goto out;
#  261|   #else /* WITH_OPENSSL */
#  262|-> 	type = (*cipher->evptype)();
#  263|   	if ((cc->evp = EVP_CIPHER_CTX_new()) == NULL) {
#  264|   		ret = SSH_ERR_ALLOC_FAIL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def91]
openssh-10.2p1/cipher.c:263:24: warning[-Wanalyzer-malloc-leak]: leak of ‘cc’
openssh-10.2p1/cipher.c:230:19: acquire_memory: allocated here
openssh-10.2p1/cipher.c:230:12: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
openssh-10.2p1/cipher.c:233:26: branch_false: ...to here
openssh-10.2p1/cipher.c:236:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:236:13: branch_false: ...to here
openssh-10.2p1/cipher.c:243:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:248:13: branch_false: ...to here
openssh-10.2p1/cipher.c:248:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:262:18: branch_false: ...to here
openssh-10.2p1/cipher.c:263:24: throw: if ‘EVP_CIPHER_CTX_new’ throws an exception...
openssh-10.2p1/cipher.c:263:24: danger: ‘cc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  261|   #else /* WITH_OPENSSL */
#  262|   	type = (*cipher->evptype)();
#  263|-> 	if ((cc->evp = EVP_CIPHER_CTX_new()) == NULL) {
#  264|   		ret = SSH_ERR_ALLOC_FAIL;
#  265|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def92]
openssh-10.2p1/cipher.c:267:13: warning[-Wanalyzer-malloc-leak]: leak of ‘cc’
openssh-10.2p1/cipher.c:230:19: acquire_memory: allocated here
openssh-10.2p1/cipher.c:230:12: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
openssh-10.2p1/cipher.c:233:26: branch_false: ...to here
openssh-10.2p1/cipher.c:236:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:236:13: branch_false: ...to here
openssh-10.2p1/cipher.c:243:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:248:13: branch_false: ...to here
openssh-10.2p1/cipher.c:248:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:262:18: branch_false: ...to here
openssh-10.2p1/cipher.c:263:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:267:13: branch_false: ...to here
openssh-10.2p1/cipher.c:267:13: throw: if ‘EVP_CipherInit’ throws an exception...
openssh-10.2p1/cipher.c:267:13: danger: ‘cc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  265|   		goto out;
#  266|   	}
#  267|-> 	if (EVP_CipherInit(cc->evp, type, NULL, (u_char *)iv,
#  268|   	    (do_encrypt == CIPHER_ENCRYPT)) == 0) {
#  269|   		ret = SSH_ERR_LIBCRYPTO_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def93]
openssh-10.2p1/cipher.c:273:13: warning[-Wanalyzer-malloc-leak]: leak of ‘cc’
openssh-10.2p1/cipher.c:230:19: acquire_memory: allocated here
openssh-10.2p1/cipher.c:230:12: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
openssh-10.2p1/cipher.c:233:26: branch_false: ...to here
openssh-10.2p1/cipher.c:236:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:236:13: branch_false: ...to here
openssh-10.2p1/cipher.c:243:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:248:13: branch_false: ...to here
openssh-10.2p1/cipher.c:248:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:262:18: branch_false: ...to here
openssh-10.2p1/cipher.c:263:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:267:13: branch_false: ...to here
openssh-10.2p1/cipher.c:267:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:272:13: branch_false: ...to here
openssh-10.2p1/cipher.c:272:12: branch_true: following ‘true’ branch...
openssh-10.2p1/cipher.c:273:13: branch_true: ...to here
openssh-10.2p1/cipher.c:273:13: throw: if ‘EVP_CIPHER_CTX_ctrl’ throws an exception...
openssh-10.2p1/cipher.c:273:13: danger: ‘cc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  271|   	}
#  272|   	if (cipher_authlen(cipher) &&
#  273|-> 	    EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED,
#  274|   	    -1, (u_char *)iv) <= 0) {
#  275|   		ret = SSH_ERR_LIBCRYPTO_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def94]
openssh-10.2p1/cipher.c:280:21: warning[-Wanalyzer-malloc-leak]: leak of ‘cc’
openssh-10.2p1/cipher.c:230:19: acquire_memory: allocated here
openssh-10.2p1/cipher.c:230:12: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
openssh-10.2p1/cipher.c:233:26: branch_false: ...to here
openssh-10.2p1/cipher.c:236:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:236:13: branch_false: ...to here
openssh-10.2p1/cipher.c:243:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:248:13: branch_false: ...to here
openssh-10.2p1/cipher.c:248:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:262:18: branch_false: ...to here
openssh-10.2p1/cipher.c:263:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:267:13: branch_false: ...to here
openssh-10.2p1/cipher.c:267:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:272:13: branch_false: ...to here
openssh-10.2p1/cipher.c:279:12: branch_true: following ‘true’ branch...
openssh-10.2p1/cipher.c:280:21: branch_true: ...to here
openssh-10.2p1/cipher.c:280:21: throw: if ‘EVP_CIPHER_CTX_set_key_length’ throws an exception...
openssh-10.2p1/cipher.c:280:21: danger: ‘cc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  278|   	klen = EVP_CIPHER_CTX_key_length(cc->evp);
#  279|   	if (klen > 0 && keylen != (u_int)klen) {
#  280|-> 		if (EVP_CIPHER_CTX_set_key_length(cc->evp, keylen) == 0) {
#  281|   			ret = SSH_ERR_LIBCRYPTO_ERROR;
#  282|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def95]
openssh-10.2p1/cipher.c:285:13: warning[-Wanalyzer-malloc-leak]: leak of ‘cc’
openssh-10.2p1/cipher.c:230:19: acquire_memory: allocated here
openssh-10.2p1/cipher.c:230:12: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
openssh-10.2p1/cipher.c:233:26: branch_false: ...to here
openssh-10.2p1/cipher.c:236:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:236:13: branch_false: ...to here
openssh-10.2p1/cipher.c:243:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:248:13: branch_false: ...to here
openssh-10.2p1/cipher.c:248:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:262:18: branch_false: ...to here
openssh-10.2p1/cipher.c:263:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:267:13: branch_false: ...to here
openssh-10.2p1/cipher.c:267:12: branch_false: following ‘false’ branch...
openssh-10.2p1/cipher.c:272:13: branch_false: ...to here
openssh-10.2p1/cipher.c:285:13: throw: if ‘EVP_CipherInit’ throws an exception...
openssh-10.2p1/cipher.c:285:13: danger: ‘cc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  283|   		}
#  284|   	}
#  285|-> 	if (EVP_CipherInit(cc->evp, NULL, (u_char *)key, NULL, -1) == 0) {
#  286|   		ret = SSH_ERR_LIBCRYPTO_ERROR;
#  287|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def96]
openssh-10.2p1/cipher.c:298:25: warning[-Wanalyzer-malloc-leak]: leak of ‘cc’
openssh-10.2p1/cipher.c:230:19: acquire_memory: allocated here
openssh-10.2p1/cipher.c:230:12: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
openssh-10.2p1/cipher.c:233:26: branch_false: ...to here
openssh-10.2p1/cipher.c:298:25: throw: if ‘EVP_CIPHER_CTX_free’ throws an exception...
openssh-10.2p1/cipher.c:298:25: danger: ‘cc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  296|   		if (cc != NULL) {
#  297|   #ifdef WITH_OPENSSL
#  298|-> 			EVP_CIPHER_CTX_free(cc->evp);
#  299|   #endif /* WITH_OPENSSL */
#  300|   			freezero(cc, sizeof(*cc));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def97]
openssh-10.2p1/cipher.c:300:25: warning[-Wanalyzer-malloc-leak]: leak of ‘cc’
openssh-10.2p1/cipher.c:230:19: acquire_memory: allocated here
openssh-10.2p1/cipher.c:230:12: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
openssh-10.2p1/cipher.c:233:26: branch_false: ...to here
openssh-10.2p1/cipher.c:300:25: throw: if ‘freezero’ throws an exception...
openssh-10.2p1/cipher.c:300:25: danger: ‘cc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  298|   			EVP_CIPHER_CTX_free(cc->evp);
#  299|   #endif /* WITH_OPENSSL */
#  300|-> 			freezero(cc, sizeof(*cc));
#  301|   		}
#  302|   	}

Error: GCC_ANALYZER_WARNING (CWE-404): [#def98]
openssh-10.2p1/clientloop.c:204:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/clientloop.c:203:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/clientloop.c:204:9: throw: if ‘xvasprintf’ throws an exception...
openssh-10.2p1/clientloop.c:204:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  202|   
#  203|   	va_start(args, fmt);
#  204|-> 	xvasprintf(&msg, fmt2, args);
#  205|   	va_end(args);
#  206|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def99]
openssh-10.2p1/clientloop.c:416:33: warning[-Wanalyzer-malloc-leak]: leak of ‘popen(cmd, "r")’
openssh-10.2p1/clientloop.c:311:12: branch_false: following ‘false’ branch...
openssh-10.2p1/clientloop.c:317:12: branch_false: ...to here
openssh-10.2p1/clientloop.c:317:12: branch_true: following ‘true’ branch (when ‘xauth_path’ is non-NULL)...
openssh-10.2p1/clientloop.c:317:35: branch_true: ...to here
openssh-10.2p1/clientloop.c:317:13: branch_false: following ‘false’ branch...
openssh-10.2p1/clientloop.c:330:21: branch_false: ...to here
openssh-10.2p1/clientloop.c:404:25: branch_false: following ‘false’ branch (when ‘generated == 0’)...
openssh-10.2p1/clientloop.c:404:25: branch_false: ...to here
openssh-10.2p1/clientloop.c:411:29: acquire_memory: allocated here
openssh-10.2p1/clientloop.c:412:28: branch_true: following ‘true’ branch...
openssh-10.2p1/clientloop.c:412:34: branch_true: ...to here
openssh-10.2p1/clientloop.c:416:33: danger: ‘popen(cmd, "r")’ leaks here; was allocated at [(9)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/8)
#  414|   				got_data = 1;
#  415|   			if (f)
#  416|-> 				pclose(f);
#  417|   			free(cmd);
#  418|   		}

Error: COMPILER_WARNING (CWE-704): [#def100]
openssh-10.2p1/clientloop.c: scope_hint: In function ‘hostspec_is_complex’
openssh-10.2p1/clientloop.c:2109:17: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 2109 |         if ((cp = strchr(hosts, ',')) == NULL)
#      |                 ^
# 2107|   		return 1;
# 2108|   	/* single host/ip = ok */
# 2109|-> 	if ((cp = strchr(hosts, ',')) == NULL)
# 2110|   		return 0;
# 2111|   	/* more than two entries on the line */

Error: COMPILER_WARNING (CWE-704): [#def101]
openssh-10.2p1/clientloop.c:2109:17: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 2107|   		return 1;
# 2108|   	/* single host/ip = ok */
# 2109|-> 	if ((cp = strchr(hosts, ',')) == NULL)
# 2110|   		return 0;
# 2111|   	/* more than two entries on the line */

Error: COMPILER_WARNING (CWE-563): [#def102]
openssh-10.2p1/contrib/gnome-ssh-askpass3.c:136:21: warning[-Wunused-variable]: unused variable ‘failed’
#  136 |         const char *failed;
#      |                     ^~~~~~
#  134|   passphrase_dialog(char *message, int prompt_type)
#  135|   {
#  136|-> 	const char *failed;
#  137|   	char *passphrase, *local;
#  138|   	int result, grab_tries, grab_server, grab_pointer;

Error: COMPILER_WARNING (CWE-477): [#def103]
openssh-10.2p1/contrib/gnome-ssh-askpass3.c: scope_hint: In function ‘passphrase_dialog’
openssh-10.2p1/contrib/gnome-ssh-askpass3.c:184:17: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_fg’ is deprecated: Use 'gtk_widget_override_color' instead
#  184 |                 gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
#      |                 ^~~~~~~~~~~~~~~~~~~~
/usr/include/gtk-3.0/gtk/gtk.h:277: included_from: Included from here.
openssh-10.2p1/contrib/gnome-ssh-askpass3.c:61: included_from: Included from here.
/usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:749:13: note: declared here
#  749 | void        gtk_widget_modify_fg          (GtkWidget            *widget,
#      |             ^~~~~~~~~~~~~~~~~~~~
#  182|   
#  183|   	if (fg_set)
#  184|-> 		gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
#  185|   	if (bg_set)
#  186|   		gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);

Error: COMPILER_WARNING (CWE-477): [#def104]
openssh-10.2p1/contrib/gnome-ssh-askpass3.c:184:17: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_fg’ is deprecated: Use 'gtk_widget_override_color' instead
#  182|   
#  183|   	if (fg_set)
#  184|-> 		gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
#  185|   	if (bg_set)
#  186|   		gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);

Error: COMPILER_WARNING (CWE-477): [#def105]
openssh-10.2p1/contrib/gnome-ssh-askpass3.c:186:17: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_bg’ is deprecated: Use 'gtk_widget_override_background_color' instead
#  186 |                 gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);
#      |                 ^~~~~~~~~~~~~~~~~~~~
/usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:753:13: note: declared here
#  753 | void        gtk_widget_modify_bg          (GtkWidget            *widget,
#      |             ^~~~~~~~~~~~~~~~~~~~
#  184|   		gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
#  185|   	if (bg_set)
#  186|-> 		gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);
#  187|   
#  188|   	if (prompt_type == PROMPT_ENTRY || prompt_type == PROMPT_NONE) {

Error: COMPILER_WARNING (CWE-477): [#def106]
openssh-10.2p1/contrib/gnome-ssh-askpass3.c:186:17: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_bg’ is deprecated: Use 'gtk_widget_override_background_color' instead
#  184|   		gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
#  185|   	if (bg_set)
#  186|-> 		gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);
#  187|   
#  188|   	if (prompt_type == PROMPT_ENTRY || prompt_type == PROMPT_NONE) {

Error: COMPILER_WARNING (CWE-477): [#def107]
openssh-10.2p1/contrib/gnome-ssh-askpass3.c:191:25: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_fg’ is deprecated: Use 'gtk_widget_override_color' instead
#  191 |                         gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
#      |                         ^~~~~~~~~~~~~~~~~~~~
/usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:749:13: note: declared here
#  749 | void        gtk_widget_modify_fg          (GtkWidget            *widget,
#      |             ^~~~~~~~~~~~~~~~~~~~
#  189|   		entry = gtk_entry_new();
#  190|   		if (fg_set)
#  191|-> 			gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
#  192|   		if (bg_set)
#  193|   			gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);

Error: COMPILER_WARNING (CWE-477): [#def108]
openssh-10.2p1/contrib/gnome-ssh-askpass3.c:191:25: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_fg’ is deprecated: Use 'gtk_widget_override_color' instead
#  189|   		entry = gtk_entry_new();
#  190|   		if (fg_set)
#  191|-> 			gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
#  192|   		if (bg_set)
#  193|   			gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);

Error: COMPILER_WARNING (CWE-477): [#def109]
openssh-10.2p1/contrib/gnome-ssh-askpass3.c:193:25: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_bg’ is deprecated: Use 'gtk_widget_override_background_color' instead
#  193 |                         gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);
#      |                         ^~~~~~~~~~~~~~~~~~~~
/usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:753:13: note: declared here
#  753 | void        gtk_widget_modify_bg          (GtkWidget            *widget,
#      |             ^~~~~~~~~~~~~~~~~~~~
#  191|   			gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
#  192|   		if (bg_set)
#  193|-> 			gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);
#  194|   		gtk_box_pack_start(
#  195|   		    GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),

Error: COMPILER_WARNING (CWE-477): [#def110]
openssh-10.2p1/contrib/gnome-ssh-askpass3.c:193:25: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_bg’ is deprecated: Use 'gtk_widget_override_background_color' instead
#  191|   			gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
#  192|   		if (bg_set)
#  193|-> 			gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);
#  194|   		gtk_box_pack_start(
#  195|   		    GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),

Error: COMPILER_WARNING (CWE-457): [#def111]
openssh-10.2p1/contrib/gnome-ssh-askpass3.c:243:39: warning[-Wmaybe-uninitialized]: ‘entry’ may be used uninitialized
#  243 |                 passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
#      |                                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
openssh-10.2p1/contrib/gnome-ssh-askpass3.c: scope_hint: In function ‘main’
openssh-10.2p1/contrib/gnome-ssh-askpass3.c:140:45: note: ‘entry’ was declared here
#  140 |         GtkWidget *parent_window, *dialog, *entry, *err;
#      |                                             ^~~~~
#  241|   	/* Report passphrase if user selected OK */
#  242|   	if (prompt_type == PROMPT_ENTRY) {
#  243|-> 		passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
#  244|   		if (result == GTK_RESPONSE_OK) {
#  245|   			local = g_locale_from_utf8(passphrase,

Error: GCC_ANALYZER_WARNING (CWE-688): [#def112]
openssh-10.2p1/contrib/gnome-ssh-askpass3.c:246:29: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
openssh-10.2p1/contrib/gnome-ssh-askpass3.c:280:1: enter_function: entry to ‘main’
openssh-10.2p1/contrib/gnome-ssh-askpass3.c:301:18: call_function: calling ‘passphrase_dialog’ from ‘main’
#  244|   		if (result == GTK_RESPONSE_OK) {
#  245|   			local = g_locale_from_utf8(passphrase,
#  246|-> 			    strlen(passphrase), NULL, NULL, NULL);
#  247|   			if (local != NULL) {
#  248|   				puts(local);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def113]
openssh-10.2p1/contrib/gnome-ssh-askpass3.c:256:17: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
openssh-10.2p1/contrib/gnome-ssh-askpass3.c:280:1: enter_function: entry to ‘main’
openssh-10.2p1/contrib/gnome-ssh-askpass3.c:301:18: call_function: calling ‘passphrase_dialog’ from ‘main’
#  254|   		}
#  255|   		/* Zero passphrase in memory */
#  256|-> 		memset(passphrase, '\b', strlen(passphrase));
#  257|   		gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
#  258|   		memset(passphrase, '\0', strlen(passphrase));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def114]
openssh-10.2p1/digest-openssl.c:122:27: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/digest-openssl.c:114:1: enter_function: entry to ‘ssh_digest_start’
openssh-10.2p1/digest-openssl.c:116:43: call_function: calling ‘ssh_digest_by_alg’ from ‘ssh_digest_start’
openssh-10.2p1/digest-openssl.c:116:43: return_function: returning to ‘ssh_digest_start’ from ‘ssh_digest_by_alg’
openssh-10.2p1/digest-openssl.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/digest-openssl.c:119:39: branch_false: ...to here
openssh-10.2p1/digest-openssl.c:119:39: acquire_memory: allocated here
openssh-10.2p1/digest-openssl.c:119:13: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/digest-openssl.c:121:9: branch_false: ...to here
openssh-10.2p1/digest-openssl.c:122:27: throw: if ‘EVP_MD_CTX_new’ throws an exception...
openssh-10.2p1/digest-openssl.c:122:27: danger: ‘ret’ leaks here; was allocated at [(13)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/12)
#  120|   		return NULL;
#  121|   	ret->alg = alg;
#  122|-> 	if ((ret->mdctx = EVP_MD_CTX_new()) == NULL) {
#  123|   		free(ret);
#  124|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def115]
openssh-10.2p1/digest-openssl.c:126:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/digest-openssl.c:114:1: enter_function: entry to ‘ssh_digest_start’
openssh-10.2p1/digest-openssl.c:116:43: call_function: calling ‘ssh_digest_by_alg’ from ‘ssh_digest_start’
openssh-10.2p1/digest-openssl.c:116:43: return_function: returning to ‘ssh_digest_start’ from ‘ssh_digest_by_alg’
openssh-10.2p1/digest-openssl.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/digest-openssl.c:119:39: branch_false: ...to here
openssh-10.2p1/digest-openssl.c:119:39: acquire_memory: allocated here
openssh-10.2p1/digest-openssl.c:119:13: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/digest-openssl.c:121:9: branch_false: ...to here
openssh-10.2p1/digest-openssl.c:122:12: branch_false: following ‘false’ branch...
openssh-10.2p1/digest-openssl.c:126:43: branch_false: ...to here
openssh-10.2p1/digest-openssl.c:126:13: throw: if the called function throws an exception...
openssh-10.2p1/digest-openssl.c:126:13: danger: ‘ret’ leaks here; was allocated at [(13)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/12)
#  124|   		return NULL;
#  125|   	}
#  126|-> 	if (EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) {
#  127|   		ssh_digest_free(ret);
#  128|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def116]
openssh-10.2p1/digest-openssl.c:180:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/digest-openssl.c:114:1: enter_function: entry to ‘ssh_digest_start’
openssh-10.2p1/digest-openssl.c:116:43: call_function: calling ‘ssh_digest_by_alg’ from ‘ssh_digest_start’
openssh-10.2p1/digest-openssl.c:116:43: return_function: returning to ‘ssh_digest_start’ from ‘ssh_digest_by_alg’
openssh-10.2p1/digest-openssl.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/digest-openssl.c:119:39: branch_false: ...to here
openssh-10.2p1/digest-openssl.c:119:39: acquire_memory: allocated here
openssh-10.2p1/digest-openssl.c:119:13: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/digest-openssl.c:121:9: branch_false: ...to here
openssh-10.2p1/digest-openssl.c:122:12: branch_false: following ‘false’ branch...
openssh-10.2p1/digest-openssl.c:126:43: branch_false: ...to here
openssh-10.2p1/digest-openssl.c:126:12: branch_true: following ‘true’ branch...
openssh-10.2p1/digest-openssl.c:127:17: branch_true: ...to here
openssh-10.2p1/digest-openssl.c:127:17: call_function: calling ‘ssh_digest_free’ from ‘ssh_digest_start’
#  178|   	if (ctx == NULL)
#  179|   		return;
#  180|-> 	EVP_MD_CTX_free(ctx->mdctx);
#  181|   	freezero(ctx, sizeof(*ctx));
#  182|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def117]
openssh-10.2p1/digest-openssl.c:181:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/digest-openssl.c:114:1: enter_function: entry to ‘ssh_digest_start’
openssh-10.2p1/digest-openssl.c:116:43: call_function: calling ‘ssh_digest_by_alg’ from ‘ssh_digest_start’
openssh-10.2p1/digest-openssl.c:116:43: return_function: returning to ‘ssh_digest_start’ from ‘ssh_digest_by_alg’
openssh-10.2p1/digest-openssl.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/digest-openssl.c:119:39: branch_false: ...to here
openssh-10.2p1/digest-openssl.c:119:39: acquire_memory: allocated here
openssh-10.2p1/digest-openssl.c:119:13: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/digest-openssl.c:121:9: branch_false: ...to here
openssh-10.2p1/digest-openssl.c:122:12: branch_false: following ‘false’ branch...
openssh-10.2p1/digest-openssl.c:126:43: branch_false: ...to here
openssh-10.2p1/digest-openssl.c:126:12: branch_true: following ‘true’ branch...
openssh-10.2p1/digest-openssl.c:127:17: branch_true: ...to here
openssh-10.2p1/digest-openssl.c:127:17: call_function: calling ‘ssh_digest_free’ from ‘ssh_digest_start’
#  179|   		return;
#  180|   	EVP_MD_CTX_free(ctx->mdctx);
#  181|-> 	freezero(ctx, sizeof(*ctx));
#  182|   }
#  183|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def118]
openssh-10.2p1/fatal.c:43:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/fatal.c:42:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/fatal.c:43:9: throw: if ‘sshlogv’ throws an exception...
openssh-10.2p1/fatal.c:43:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   41|   
#   42|   	va_start(args, fmt);
#   43|-> 	sshlogv(file, func, line, showfunc, level, suffix, fmt, args);
#   44|   	va_end(args);
#   45|   	cleanup_exit(255);

Error: COMPILER_WARNING (CWE-563): [#def119]
openssh-10.2p1/gss-genr.c: scope_hint: In function ‘ssh_gssapi_kex_mechs’
openssh-10.2p1/gss-genr.c:132:32: warning[-Wunused-variable]: unused variable ‘md’
#  132 |         struct ssh_digest_ctx *md = NULL;
#      |                                ^~
#  130|   	u_char digest[SSH_DIGEST_MAX_LENGTH];
#  131|   	char deroid[2];
#  132|-> 	struct ssh_digest_ctx *md = NULL;
#  133|   	char *s, *cp, *p;
#  134|   

Error: COMPILER_WARNING: [#def120]
openssh-10.2p1/gss-genr.c:182:30: warning[-Wstringop-truncation]: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length
#  182 |                         cp = strncpy(s, kex, strlen(kex));
#      |                              ^
openssh-10.2p1/gss-genr.c:182:46: note: length computed here
#  182 |                         cp = strncpy(s, kex, strlen(kex));
#      |                                              ^~~~~~~~~~~
#  180|   			    ssh_digest_bytes(SSH_DIGEST_MD5) * 2);
#  181|   #pragma GCC diagnostic ignored "-Wstringop-overflow"
#  182|-> 			cp = strncpy(s, kex, strlen(kex));
#  183|   #pragma GCC diagnostic pop
#  184|   			for ((p = strsep(&cp, ",")); p && *p != '\0';

Error: COMPILER_WARNING: [#def121]
openssh-10.2p1/gss-serv-krb5.c: scope_hint: In function ‘ssh_gssapi_krb5_cmdok’
openssh-10.2p1/gss-serv-krb5.c:337:16: warning[-Wunused-but-set-variable=]: variable ‘linenum’ set but not used
#  337 |         u_long linenum = 0;
#      |                ^~~~~~~
#  335|   	int found_principal = 0;
#  336|   	int ncommands = 0, allcommands = 0;
#  337|-> 	u_long linenum = 0;
#  338|   	size_t linesize = 0;
#  339|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def122]
openssh-10.2p1/gss-serv-krb5.c:359:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&file, "r")’
openssh-10.2p1/gss-serv-krb5.c:342:12: branch_false: following ‘false’ branch...
openssh-10.2p1/gss-serv-krb5.c:342:14: branch_false: ...to here
openssh-10.2p1/gss-serv-krb5.c:346:19: acquire_resource: opened here
openssh-10.2p1/gss-serv-krb5.c:346:12: branch_false: following ‘false’ branch...
openssh-10.2p1/gss-serv-krb5.c:357:13: branch_false: ...to here
openssh-10.2p1/gss-serv-krb5.c:357:12: branch_true: following ‘true’ branch...
openssh-10.2p1/gss-serv-krb5.c:359:17: branch_true: ...to here
openssh-10.2p1/gss-serv-krb5.c:359:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/gss-serv-krb5.c:359:17: danger: ‘fopen(&file, "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  357|   	if (fstat(fileno(fp), &st) == -1) {
#  358|   		/* can happen, but very wierd error so report it */
#  359|-> 		logit("User %s fstat %s failed: %s",
#  360|   		    pw->pw_name, file, strerror(errno));
#  361|   		fclose(fp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def123]
openssh-10.2p1/gss-serv-krb5.c:359:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(&file, "r")’
openssh-10.2p1/gss-serv-krb5.c:342:12: branch_false: following ‘false’ branch...
openssh-10.2p1/gss-serv-krb5.c:342:14: branch_false: ...to here
openssh-10.2p1/gss-serv-krb5.c:346:19: acquire_memory: allocated here
openssh-10.2p1/gss-serv-krb5.c:346:12: branch_false: following ‘false’ branch...
openssh-10.2p1/gss-serv-krb5.c:357:13: branch_false: ...to here
openssh-10.2p1/gss-serv-krb5.c:357:12: branch_true: following ‘true’ branch...
openssh-10.2p1/gss-serv-krb5.c:359:17: branch_true: ...to here
openssh-10.2p1/gss-serv-krb5.c:359:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/gss-serv-krb5.c:359:17: danger: ‘fopen(&file, "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  357|   	if (fstat(fileno(fp), &st) == -1) {
#  358|   		/* can happen, but very wierd error so report it */
#  359|-> 		logit("User %s fstat %s failed: %s",
#  360|   		    pw->pw_name, file, strerror(errno));
#  361|   		fclose(fp);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def124]
openssh-10.2p1/gss-serv-krb5.c:364:15: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&file, "r")’
openssh-10.2p1/gss-serv-krb5.c:342:12: branch_false: following ‘false’ branch...
openssh-10.2p1/gss-serv-krb5.c:342:14: branch_false: ...to here
openssh-10.2p1/gss-serv-krb5.c:346:19: acquire_resource: opened here
openssh-10.2p1/gss-serv-krb5.c:346:12: branch_false: following ‘false’ branch...
openssh-10.2p1/gss-serv-krb5.c:357:13: branch_false: ...to here
openssh-10.2p1/gss-serv-krb5.c:357:12: branch_false: following ‘false’ branch...
openssh-10.2p1/gss-serv-krb5.c:364:15: branch_false: ...to here
openssh-10.2p1/gss-serv-krb5.c:364:12: branch_true: following ‘true’ branch...
openssh-10.2p1/gss-serv-krb5.c:365:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/gss-serv-krb5.c:364:15: danger: ‘fopen(&file, "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  362|   		return 0;
#  363|   	}
#  364|-> 	if (!(st.st_uid == pw->pw_uid || st.st_uid == 0)) {
#  365|   		logit("User %s %s is not owned by root or user",
#  366|   		    pw->pw_name, file);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def125]
openssh-10.2p1/gss-serv-krb5.c:364:15: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(&file, "r")’
openssh-10.2p1/gss-serv-krb5.c:342:12: branch_false: following ‘false’ branch...
openssh-10.2p1/gss-serv-krb5.c:342:14: branch_false: ...to here
openssh-10.2p1/gss-serv-krb5.c:346:19: acquire_memory: allocated here
openssh-10.2p1/gss-serv-krb5.c:346:12: branch_false: following ‘false’ branch...
openssh-10.2p1/gss-serv-krb5.c:357:13: branch_false: ...to here
openssh-10.2p1/gss-serv-krb5.c:357:12: branch_false: following ‘false’ branch...
openssh-10.2p1/gss-serv-krb5.c:364:15: branch_false: ...to here
openssh-10.2p1/gss-serv-krb5.c:364:12: branch_true: following ‘true’ branch...
openssh-10.2p1/gss-serv-krb5.c:365:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/gss-serv-krb5.c:364:15: danger: ‘fopen(&file, "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  362|   		return 0;
#  363|   	}
#  364|-> 	if (!(st.st_uid == pw->pw_uid || st.st_uid == 0)) {
#  365|   		logit("User %s %s is not owned by root or user",
#  366|   		    pw->pw_name, file);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def126]
openssh-10.2p1/hmac.c:52:26: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/hmac.c:49:20: acquire_memory: allocated here
openssh-10.2p1/hmac.c:49:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/hmac.c:51:9: branch_false: ...to here
openssh-10.2p1/hmac.c:52:26: throw: if ‘ssh_digest_start’ throws an exception...
openssh-10.2p1/hmac.c:52:26: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   50|   		return NULL;
#   51|   	ret->alg = alg;
#   52|-> 	if ((ret->ictx = ssh_digest_start(alg)) == NULL ||
#   53|   	    (ret->octx = ssh_digest_start(alg)) == NULL ||
#   54|   	    (ret->digest = ssh_digest_start(alg)) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def127]
openssh-10.2p1/hmac.c:53:26: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/hmac.c:49:20: acquire_memory: allocated here
openssh-10.2p1/hmac.c:49:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/hmac.c:51:9: branch_false: ...to here
openssh-10.2p1/hmac.c:52:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hmac.c:53:26: branch_false: ...to here
openssh-10.2p1/hmac.c:53:26: throw: if ‘ssh_digest_start’ throws an exception...
openssh-10.2p1/hmac.c:53:26: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   51|   	ret->alg = alg;
#   52|   	if ((ret->ictx = ssh_digest_start(alg)) == NULL ||
#   53|-> 	    (ret->octx = ssh_digest_start(alg)) == NULL ||
#   54|   	    (ret->digest = ssh_digest_start(alg)) == NULL)
#   55|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def128]
openssh-10.2p1/hmac.c:54:28: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/hmac.c:49:20: acquire_memory: allocated here
openssh-10.2p1/hmac.c:49:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/hmac.c:51:9: branch_false: ...to here
openssh-10.2p1/hmac.c:52:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hmac.c:53:26: branch_false: ...to here
openssh-10.2p1/hmac.c:52:13: branch_false: following ‘false’ branch...
openssh-10.2p1/hmac.c:54:28: branch_false: ...to here
openssh-10.2p1/hmac.c:54:28: throw: if ‘ssh_digest_start’ throws an exception...
openssh-10.2p1/hmac.c:54:28: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   52|   	if ((ret->ictx = ssh_digest_start(alg)) == NULL ||
#   53|   	    (ret->octx = ssh_digest_start(alg)) == NULL ||
#   54|-> 	    (ret->digest = ssh_digest_start(alg)) == NULL)
#   55|   		goto fail;
#   56|   	ret->buf_len = ssh_digest_blocksize(ret->ictx);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def129]
openssh-10.2p1/hmac.c:56:24: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/hmac.c:49:20: acquire_memory: allocated here
openssh-10.2p1/hmac.c:49:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/hmac.c:51:9: branch_false: ...to here
openssh-10.2p1/hmac.c:52:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hmac.c:53:26: branch_false: ...to here
openssh-10.2p1/hmac.c:52:13: branch_false: following ‘false’ branch...
openssh-10.2p1/hmac.c:54:28: branch_false: ...to here
openssh-10.2p1/hmac.c:52:13: branch_false: following ‘false’ branch...
openssh-10.2p1/hmac.c:56:24: branch_false: ...to here
openssh-10.2p1/hmac.c:56:24: throw: if ‘ssh_digest_blocksize’ throws an exception...
openssh-10.2p1/hmac.c:56:24: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#   54|   	    (ret->digest = ssh_digest_start(alg)) == NULL)
#   55|   		goto fail;
#   56|-> 	ret->buf_len = ssh_digest_blocksize(ret->ictx);
#   57|   	if ((ret->buf = calloc(1, ret->buf_len)) == NULL)
#   58|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def130]
openssh-10.2p1/hmac.c:127:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/hmac.c:45:1: enter_function: entry to ‘ssh_hmac_start’
openssh-10.2p1/hmac.c:49:20: acquire_memory: allocated here
openssh-10.2p1/hmac.c:49:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/hmac.c:51:9: branch_false: ...to here
openssh-10.2p1/hmac.c:52:12: branch_true: following ‘true’ branch...
openssh-10.2p1/hmac.c:55:17: branch_true: ...to here
openssh-10.2p1/hmac.c:61:9: call_function: calling ‘ssh_hmac_free’ from ‘ssh_hmac_start’
#  125|   {
#  126|   	if (ctx != NULL) {
#  127|-> 		ssh_digest_free(ctx->ictx);
#  128|   		ssh_digest_free(ctx->octx);
#  129|   		ssh_digest_free(ctx->digest);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def131]
openssh-10.2p1/hmac.c:128:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/hmac.c:45:1: enter_function: entry to ‘ssh_hmac_start’
openssh-10.2p1/hmac.c:49:20: acquire_memory: allocated here
openssh-10.2p1/hmac.c:49:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/hmac.c:51:9: branch_false: ...to here
openssh-10.2p1/hmac.c:52:12: branch_true: following ‘true’ branch...
openssh-10.2p1/hmac.c:55:17: branch_true: ...to here
openssh-10.2p1/hmac.c:61:9: call_function: calling ‘ssh_hmac_free’ from ‘ssh_hmac_start’
#  126|   	if (ctx != NULL) {
#  127|   		ssh_digest_free(ctx->ictx);
#  128|-> 		ssh_digest_free(ctx->octx);
#  129|   		ssh_digest_free(ctx->digest);
#  130|   		if (ctx->buf) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def132]
openssh-10.2p1/hmac.c:129:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/hmac.c:45:1: enter_function: entry to ‘ssh_hmac_start’
openssh-10.2p1/hmac.c:49:20: acquire_memory: allocated here
openssh-10.2p1/hmac.c:49:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/hmac.c:51:9: branch_false: ...to here
openssh-10.2p1/hmac.c:52:12: branch_true: following ‘true’ branch...
openssh-10.2p1/hmac.c:55:17: branch_true: ...to here
openssh-10.2p1/hmac.c:61:9: call_function: calling ‘ssh_hmac_free’ from ‘ssh_hmac_start’
#  127|   		ssh_digest_free(ctx->ictx);
#  128|   		ssh_digest_free(ctx->octx);
#  129|-> 		ssh_digest_free(ctx->digest);
#  130|   		if (ctx->buf) {
#  131|   			explicit_bzero(ctx->buf, ctx->buf_len);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def133]
openssh-10.2p1/hmac.c:134:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/hmac.c:45:1: enter_function: entry to ‘ssh_hmac_start’
openssh-10.2p1/hmac.c:49:20: acquire_memory: allocated here
openssh-10.2p1/hmac.c:49:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/hmac.c:51:9: branch_false: ...to here
openssh-10.2p1/hmac.c:52:12: branch_true: following ‘true’ branch...
openssh-10.2p1/hmac.c:55:17: branch_true: ...to here
openssh-10.2p1/hmac.c:61:9: call_function: calling ‘ssh_hmac_free’ from ‘ssh_hmac_start’
#  132|   			free(ctx->buf);
#  133|   		}
#  134|-> 		freezero(ctx, sizeof(*ctx));
#  135|   	}
#  136|   }

Error: COMPILER_WARNING (CWE-704): [#def134]
openssh-10.2p1/hostfile.c: scope_hint: In function ‘extract_salt’
openssh-10.2p1/hostfile.c:93:16: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#   93 |         if ((p = memchr(s, HASH_DELIM, l)) == NULL) {
#      |                ^
#   91|   	s += sizeof(HASH_MAGIC) - 1;
#   92|   	l -= sizeof(HASH_MAGIC) - 1;
#   93|-> 	if ((p = memchr(s, HASH_DELIM, l)) == NULL) {
#   94|   		debug2("extract_salt: missing salt termination character");
#   95|   		return (-1);

Error: COMPILER_WARNING (CWE-704): [#def135]
openssh-10.2p1/hostfile.c:93:16: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#   91|   	s += sizeof(HASH_MAGIC) - 1;
#   92|   	l -= sizeof(HASH_MAGIC) - 1;
#   93|-> 	if ((p = memchr(s, HASH_DELIM, l)) == NULL) {
#   94|   		debug2("extract_salt: missing salt termination character");
#   95|   		return (-1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def136]
openssh-10.2p1/hostfile.c:132:15: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:557:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_resource: opened here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:572:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:572:13: branch_false: ...to here
openssh-10.2p1/hostfile.c:578:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  130|   	u_int len;
#  131|   
#  132|-> 	len = ssh_digest_bytes(SSH_DIGEST_SHA1);
#  133|   
#  134|   	if (name_from_hostfile == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def137]
openssh-10.2p1/hostfile.c:132:15: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:557:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_memory: allocated here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:572:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:572:13: branch_false: ...to here
openssh-10.2p1/hostfile.c:578:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  130|   	u_int len;
#  131|   
#  132|-> 	len = ssh_digest_bytes(SSH_DIGEST_SHA1);
#  133|   
#  134|   	if (name_from_hostfile == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def138]
openssh-10.2p1/hostfile.c:136:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:557:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_resource: opened here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:572:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:572:13: branch_false: ...to here
openssh-10.2p1/hostfile.c:578:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  134|   	if (name_from_hostfile == NULL) {
#  135|   		/* Create new salt */
#  136|-> 		arc4random_buf(salt, len);
#  137|   	} else {
#  138|   		/* Extract salt from known host entry */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def139]
openssh-10.2p1/hostfile.c:136:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:557:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_memory: allocated here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:572:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:572:13: branch_false: ...to here
openssh-10.2p1/hostfile.c:578:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  134|   	if (name_from_hostfile == NULL) {
#  135|   		/* Create new salt */
#  136|-> 		arc4random_buf(salt, len);
#  137|   	} else {
#  138|   		/* Extract salt from known host entry */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def140]
openssh-10.2p1/hostfile.c:458:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:557:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_resource: opened here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:572:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:572:13: branch_false: ...to here
openssh-10.2p1/hostfile.c:578:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  456|   	char *hashed_host = NULL, *lhost;
#  457|   
#  458|-> 	lhost = xstrdup(host);
#  459|   	lowercase(lhost);
#  460|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def141]
openssh-10.2p1/hostfile.c:458:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:557:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_memory: allocated here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:572:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:572:13: branch_false: ...to here
openssh-10.2p1/hostfile.c:578:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  456|   	char *hashed_host = NULL, *lhost;
#  457|   
#  458|-> 	lhost = xstrdup(host);
#  459|   	lowercase(lhost);
#  460|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def142]
openssh-10.2p1/hostfile.c:459:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:557:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_resource: opened here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:572:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:572:13: branch_false: ...to here
openssh-10.2p1/hostfile.c:578:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  457|   
#  458|   	lhost = xstrdup(host);
#  459|-> 	lowercase(lhost);
#  460|   
#  461|   	if (store_hash) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def143]
openssh-10.2p1/hostfile.c:459:9: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:557:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_memory: allocated here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:572:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:572:13: branch_false: ...to here
openssh-10.2p1/hostfile.c:578:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  457|   
#  458|   	lhost = xstrdup(host);
#  459|-> 	lowercase(lhost);
#  460|   
#  461|   	if (store_hash) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def144]
openssh-10.2p1/hostfile.c:498:22: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:557:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_resource: opened here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:572:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:572:13: branch_false: ...to here
openssh-10.2p1/hostfile.c:578:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  496|   	struct sshbuf *entry = NULL;
#  497|   
#  498|-> 	if ((entry = sshbuf_new()) == NULL)
#  499|   		fatal_f("allocation failed");
#  500|   	if ((r = format_host_entry(entry, host, ip, key, store_hash)) != 1) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def145]
openssh-10.2p1/hostfile.c:498:22: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:557:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_memory: allocated here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:572:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:572:13: branch_false: ...to here
openssh-10.2p1/hostfile.c:578:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  496|   	struct sshbuf *entry = NULL;
#  497|   
#  498|-> 	if ((entry = sshbuf_new()) == NULL)
#  499|   		fatal_f("allocation failed");
#  500|   	if ((r = format_host_entry(entry, host, ip, key, store_hash)) != 1) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def146]
openssh-10.2p1/hostfile.c:499:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:557:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_resource: opened here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:572:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:572:13: branch_false: ...to here
openssh-10.2p1/hostfile.c:578:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  497|   
#  498|   	if ((entry = sshbuf_new()) == NULL)
#  499|-> 		fatal_f("allocation failed");
#  500|   	if ((r = format_host_entry(entry, host, ip, key, store_hash)) != 1) {
#  501|   		debug_f("failed to format host entry");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def147]
openssh-10.2p1/hostfile.c:499:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:557:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_memory: allocated here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:572:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:572:13: branch_false: ...to here
openssh-10.2p1/hostfile.c:578:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  497|   
#  498|   	if ((entry = sshbuf_new()) == NULL)
#  499|-> 		fatal_f("allocation failed");
#  500|   	if ((r = format_host_entry(entry, host, ip, key, store_hash)) != 1) {
#  501|   		debug_f("failed to format host entry");

Error: COMPILER_WARNING (CWE-704): [#def148]
openssh-10.2p1/hostfile.c: scope_hint: In function ‘hostfile_create_user_ssh_dir’
openssh-10.2p1/hostfile.c:525:16: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  525 |         if ((p = strrchr(filename, '/')) == NULL)
#      |                ^
#  523|   	struct stat st;
#  524|   
#  525|-> 	if ((p = strrchr(filename, '/')) == NULL)
#  526|   		return;
#  527|   	len = p - filename;

Error: COMPILER_WARNING (CWE-704): [#def149]
openssh-10.2p1/hostfile.c:525:16: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  523|   	struct stat st;
#  524|   
#  525|-> 	if ((p = strrchr(filename, '/')) == NULL)
#  526|   		return;
#  527|   	len = p - filename;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def150]
openssh-10.2p1/hostfile.c:570:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_resource: opened here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:570:13: throw: if ‘fseek’ throws an exception...
openssh-10.2p1/hostfile.c:570:13: danger: ‘fopen(filename, "a+")’ leaks here; was opened at [(3)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/2)
#  568|   	setvbuf(f, NULL, _IONBF, 0);
#  569|   	/* Make sure we have a terminating newline. */
#  570|-> 	if (fseek(f, -1L, SEEK_END) == 0 && fgetc(f) != '\n')
#  571|   		addnl = 1;
#  572|   	if (fseek(f, 0L, SEEK_END) != 0 || (addnl && fputc('\n', f) != '\n')) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def151]
openssh-10.2p1/hostfile.c:570:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_memory: allocated here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:570:13: throw: if ‘fseek’ throws an exception...
openssh-10.2p1/hostfile.c:570:13: danger: ‘fopen(filename, "a+")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/2)
#  568|   	setvbuf(f, NULL, _IONBF, 0);
#  569|   	/* Make sure we have a terminating newline. */
#  570|-> 	if (fseek(f, -1L, SEEK_END) == 0 && fgetc(f) != '\n')
#  571|   		addnl = 1;
#  572|   	if (fseek(f, 0L, SEEK_END) != 0 || (addnl && fputc('\n', f) != '\n')) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def152]
openssh-10.2p1/hostfile.c:570:45: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_resource: opened here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:570:12: branch_true: following ‘true’ branch...
openssh-10.2p1/hostfile.c:570:45: branch_true: ...to here
openssh-10.2p1/hostfile.c:570:45: throw: if ‘fgetc’ throws an exception...
openssh-10.2p1/hostfile.c:570:45: danger: ‘fopen(filename, "a+")’ leaks here; was opened at [(3)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/2)
#  568|   	setvbuf(f, NULL, _IONBF, 0);
#  569|   	/* Make sure we have a terminating newline. */
#  570|-> 	if (fseek(f, -1L, SEEK_END) == 0 && fgetc(f) != '\n')
#  571|   		addnl = 1;
#  572|   	if (fseek(f, 0L, SEEK_END) != 0 || (addnl && fputc('\n', f) != '\n')) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def153]
openssh-10.2p1/hostfile.c:570:45: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_memory: allocated here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:570:12: branch_true: following ‘true’ branch...
openssh-10.2p1/hostfile.c:570:45: branch_true: ...to here
openssh-10.2p1/hostfile.c:570:45: throw: if ‘fgetc’ throws an exception...
openssh-10.2p1/hostfile.c:570:45: danger: ‘fopen(filename, "a+")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/2)
#  568|   	setvbuf(f, NULL, _IONBF, 0);
#  569|   	/* Make sure we have a terminating newline. */
#  570|-> 	if (fseek(f, -1L, SEEK_END) == 0 && fgetc(f) != '\n')
#  571|   		addnl = 1;
#  572|   	if (fseek(f, 0L, SEEK_END) != 0 || (addnl && fputc('\n', f) != '\n')) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def154]
openssh-10.2p1/hostfile.c:572:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_resource: opened here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:572:13: throw: if ‘fseek’ throws an exception...
openssh-10.2p1/hostfile.c:572:13: danger: ‘fopen(filename, "a+")’ leaks here; was opened at [(3)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/2)
#  570|   	if (fseek(f, -1L, SEEK_END) == 0 && fgetc(f) != '\n')
#  571|   		addnl = 1;
#  572|-> 	if (fseek(f, 0L, SEEK_END) != 0 || (addnl && fputc('\n', f) != '\n')) {
#  573|   		error("Failed to add terminating newline to %s: %s",
#  574|   		   filename, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def155]
openssh-10.2p1/hostfile.c:572:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_memory: allocated here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:572:13: throw: if ‘fseek’ throws an exception...
openssh-10.2p1/hostfile.c:572:13: danger: ‘fopen(filename, "a+")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/2)
#  570|   	if (fseek(f, -1L, SEEK_END) == 0 && fgetc(f) != '\n')
#  571|   		addnl = 1;
#  572|-> 	if (fseek(f, 0L, SEEK_END) != 0 || (addnl && fputc('\n', f) != '\n')) {
#  573|   		error("Failed to add terminating newline to %s: %s",
#  574|   		   filename, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def156]
openssh-10.2p1/hostfile.c:573:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_resource: opened here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:573:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/hostfile.c:573:17: danger: ‘fopen(filename, "a+")’ leaks here; was opened at [(3)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/2)
#  571|   		addnl = 1;
#  572|   	if (fseek(f, 0L, SEEK_END) != 0 || (addnl && fputc('\n', f) != '\n')) {
#  573|-> 		error("Failed to add terminating newline to %s: %s",
#  574|   		   filename, strerror(errno));
#  575|   		fclose(f);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def157]
openssh-10.2p1/hostfile.c:573:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.2p1/hostfile.c:563:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/hostfile.c:565:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:566:18: acquire_memory: allocated here
openssh-10.2p1/hostfile.c:566:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:568:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:573:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/hostfile.c:573:17: danger: ‘fopen(filename, "a+")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/2)
#  571|   		addnl = 1;
#  572|   	if (fseek(f, 0L, SEEK_END) != 0 || (addnl && fputc('\n', f) != '\n')) {
#  573|-> 		error("Failed to add terminating newline to %s: %s",
#  574|   		   filename, strerror(errno));
#  575|   		fclose(f);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def158]
openssh-10.2p1/hostfile.c:672:19: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.match_keys’
openssh-10.2p1/hostfile.c:657:31: acquire_memory: allocated here
openssh-10.2p1/hostfile.c:657:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:659:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:666:12: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.2p1/hostfile.c:667:18: branch_false: ...to here
openssh-10.2p1/hostfile.c:666:13: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.2p1/hostfile.c:672:19: branch_false: ...to here
openssh-10.2p1/hostfile.c:672:19: throw: if ‘_ssh_mkstemp’ throws an exception...
openssh-10.2p1/hostfile.c:672:19: danger: ‘ctx.match_keys’ leaks here; was allocated at [(1)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/0)
#  670|   	}
#  671|   
#  672|-> 	if ((fd = mkstemp(temp)) == -1) {
#  673|   		oerrno = errno;
#  674|   		error_f("mkstemp: %s", strerror(oerrno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def159]
openssh-10.2p1/hostfile.c:674:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.match_keys’
openssh-10.2p1/hostfile.c:657:31: acquire_memory: allocated here
openssh-10.2p1/hostfile.c:657:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:659:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:666:12: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.2p1/hostfile.c:667:18: branch_false: ...to here
openssh-10.2p1/hostfile.c:666:13: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.2p1/hostfile.c:672:19: branch_false: ...to here
openssh-10.2p1/hostfile.c:672:12: branch_true: following ‘true’ branch...
openssh-10.2p1/hostfile.c:673:26: branch_true: ...to here
openssh-10.2p1/hostfile.c:674:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/hostfile.c:674:17: danger: ‘ctx.match_keys’ leaks here; was allocated at [(1)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/0)
#  672|   	if ((fd = mkstemp(temp)) == -1) {
#  673|   		oerrno = errno;
#  674|-> 		error_f("mkstemp: %s", strerror(oerrno));
#  675|   		r = SSH_ERR_SYSTEM_ERROR;
#  676|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def160]
openssh-10.2p1/hostfile.c:680:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.match_keys’
openssh-10.2p1/hostfile.c:657:31: acquire_memory: allocated here
openssh-10.2p1/hostfile.c:657:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:659:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:666:12: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.2p1/hostfile.c:667:18: branch_false: ...to here
openssh-10.2p1/hostfile.c:666:13: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.2p1/hostfile.c:672:19: branch_false: ...to here
openssh-10.2p1/hostfile.c:672:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:678:24: branch_false: ...to here
openssh-10.2p1/hostfile.c:678:12: branch_true: following ‘true’ branch...
openssh-10.2p1/hostfile.c:679:26: branch_true: ...to here
openssh-10.2p1/hostfile.c:680:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/hostfile.c:680:17: danger: ‘ctx.match_keys’ leaks here; was allocated at [(1)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/0)
#  678|   	if ((ctx.out = fdopen(fd, "w")) == NULL) {
#  679|   		oerrno = errno;
#  680|-> 		close(fd);
#  681|   		error_f("fdopen: %s", strerror(oerrno));
#  682|   		r = SSH_ERR_SYSTEM_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def161]
openssh-10.2p1/hostfile.c:681:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.match_keys’
openssh-10.2p1/hostfile.c:657:31: acquire_memory: allocated here
openssh-10.2p1/hostfile.c:657:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:659:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:666:12: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.2p1/hostfile.c:667:18: branch_false: ...to here
openssh-10.2p1/hostfile.c:666:13: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.2p1/hostfile.c:672:19: branch_false: ...to here
openssh-10.2p1/hostfile.c:672:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:678:24: branch_false: ...to here
openssh-10.2p1/hostfile.c:678:12: branch_true: following ‘true’ branch...
openssh-10.2p1/hostfile.c:679:26: branch_true: ...to here
openssh-10.2p1/hostfile.c:681:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/hostfile.c:681:17: danger: ‘ctx.match_keys’ leaks here; was allocated at [(1)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/0)
#  679|   		oerrno = errno;
#  680|   		close(fd);
#  681|-> 		error_f("fdopen: %s", strerror(oerrno));
#  682|   		r = SSH_ERR_SYSTEM_ERROR;
#  683|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def162]
openssh-10.2p1/hostfile.c:816:29: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "r")’
openssh-10.2p1/hostfile.c:301:1: enter_function: entry to ‘load_hostkeys’
openssh-10.2p1/hostfile.c:306:18: acquire_resource: opened here
openssh-10.2p1/hostfile.c:306:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:311:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:311:9: call_function: calling ‘load_hostkeys_file’ from ‘load_hostkeys’
#  814|   
#  815|   	memset(&lineinfo, 0, sizeof(lineinfo));
#  816|-> 	if (host == NULL && (options & HKF_WANT_MATCH) != 0)
#  817|   		return SSH_ERR_INVALID_ARGUMENT;
#  818|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def163]
openssh-10.2p1/hostfile.c:816:29: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "r")’
openssh-10.2p1/hostfile.c:301:1: enter_function: entry to ‘load_hostkeys’
openssh-10.2p1/hostfile.c:306:18: acquire_memory: allocated here
openssh-10.2p1/hostfile.c:306:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:311:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:311:9: call_function: calling ‘load_hostkeys_file’ from ‘load_hostkeys’
#  814|   
#  815|   	memset(&lineinfo, 0, sizeof(lineinfo));
#  816|-> 	if (host == NULL && (options & HKF_WANT_MATCH) != 0)
#  817|   		return SSH_ERR_INVALID_ARGUMENT;
#  818|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def164]
openssh-10.2p1/hostfile.c:988:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "r")’
openssh-10.2p1/hostfile.c:985:18: acquire_resource: opened here
openssh-10.2p1/hostfile.c:985:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:988:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:988:9: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/hostfile.c:988:9: danger: ‘fopen(path, "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/32/codeFlows/0/threadFlows/0/locations/0)
#  986|   		return SSH_ERR_SYSTEM_ERROR;
#  987|   
#  988|-> 	debug3_f("reading file \"%s\"", path);
#  989|   	r = hostkeys_foreach_file(path, f, callback, ctx, host, ip,
#  990|   	    options, note);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def165]
openssh-10.2p1/hostfile.c:988:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.match_keys’
openssh-10.2p1/hostfile.c:638:1: enter_function: entry to ‘hostfile_replace_entries’
openssh-10.2p1/hostfile.c:657:31: acquire_memory: allocated here
openssh-10.2p1/hostfile.c:657:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:659:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:666:12: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.2p1/hostfile.c:667:18: branch_false: ...to here
openssh-10.2p1/hostfile.c:666:13: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.2p1/hostfile.c:672:19: branch_false: ...to here
openssh-10.2p1/hostfile.c:672:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:678:24: branch_false: ...to here
openssh-10.2p1/hostfile.c:678:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:687:18: branch_false: ...to here
openssh-10.2p1/hostfile.c:687:18: call_function: calling ‘hostkeys_foreach’ from ‘hostfile_replace_entries’
#  986|   		return SSH_ERR_SYSTEM_ERROR;
#  987|   
#  988|-> 	debug3_f("reading file \"%s\"", path);
#  989|   	r = hostkeys_foreach_file(path, f, callback, ctx, host, ip,
#  990|   	    options, note);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def166]
openssh-10.2p1/hostfile.c:988:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.out’
openssh-10.2p1/hostfile.c:638:1: enter_function: entry to ‘hostfile_replace_entries’
openssh-10.2p1/hostfile.c:657:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:659:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:666:12: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.2p1/hostfile.c:667:18: branch_false: ...to here
openssh-10.2p1/hostfile.c:666:13: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.2p1/hostfile.c:672:19: branch_false: ...to here
openssh-10.2p1/hostfile.c:672:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:678:24: branch_false: ...to here
openssh-10.2p1/hostfile.c:678:24: acquire_memory: allocated here
openssh-10.2p1/hostfile.c:678:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:687:18: branch_false: ...to here
openssh-10.2p1/hostfile.c:687:18: call_function: calling ‘hostkeys_foreach’ from ‘hostfile_replace_entries’
#  986|   		return SSH_ERR_SYSTEM_ERROR;
#  987|   
#  988|-> 	debug3_f("reading file \"%s\"", path);
#  989|   	r = hostkeys_foreach_file(path, f, callback, ctx, host, ip,
#  990|   	    options, note);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def167]
openssh-10.2p1/hostfile.c:988:9: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "r")’
openssh-10.2p1/hostfile.c:985:18: acquire_memory: allocated here
openssh-10.2p1/hostfile.c:985:12: branch_false: following ‘false’ branch...
openssh-10.2p1/hostfile.c:988:9: branch_false: ...to here
openssh-10.2p1/hostfile.c:988:9: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/hostfile.c:988:9: danger: ‘fopen(path, "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/33/codeFlows/0/threadFlows/0/locations/0)
#  986|   		return SSH_ERR_SYSTEM_ERROR;
#  987|   
#  988|-> 	debug3_f("reading file \"%s\"", path);
#  989|   	r = hostkeys_foreach_file(path, f, callback, ctx, host, ip,
#  990|   	    options, note);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def168]
openssh-10.2p1/kex-names.c:129:32: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
openssh-10.2p1/kex-names.c:284:1: enter_function: entry to ‘kex_names_valid’
openssh-10.2p1/kex-names.c:288:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:290:23: acquire_memory: allocated here
openssh-10.2p1/kex-names.c:290:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:292:19: branch_false: ...to here
openssh-10.2p1/kex-names.c:292:38: branch_true: following ‘true’ branch...
openssh-10.2p1/kex-names.c:294:21: call_function: calling ‘kex_alg_by_name’ from ‘kex_names_valid’
#  127|   
#  128|   		if (FIPS_mode() == 1) {
#  129|-> 		    mlkem768 = EVP_KEM_fetch(NULL, "mlkem768", NULL);
#  130|   		    is_fetched = mlkem768 != NULL ? 2 : 0;
#  131|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def169]
openssh-10.2p1/kex-names.c:133:36: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
openssh-10.2p1/kex-names.c:284:1: enter_function: entry to ‘kex_names_valid’
openssh-10.2p1/kex-names.c:288:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:290:23: acquire_memory: allocated here
openssh-10.2p1/kex-names.c:290:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:292:19: branch_false: ...to here
openssh-10.2p1/kex-names.c:292:38: branch_true: following ‘true’ branch...
openssh-10.2p1/kex-names.c:294:21: call_function: calling ‘kex_alg_by_name’ from ‘kex_names_valid’
#  131|   
#  132|   		    if (is_fetched == 0) {
#  133|-> 		        mlkem768 = EVP_KEM_fetch(NULL, "mlkem768", "provider=default,-fips");
#  134|   		        is_fetched = mlkem768 != NULL ? 1 : 0;
#  135|   		    }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def170]
openssh-10.2p1/kex-names.c:137:32: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
openssh-10.2p1/kex-names.c:284:1: enter_function: entry to ‘kex_names_valid’
openssh-10.2p1/kex-names.c:288:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:290:23: acquire_memory: allocated here
openssh-10.2p1/kex-names.c:290:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:292:19: branch_false: ...to here
openssh-10.2p1/kex-names.c:292:38: branch_true: following ‘true’ branch...
openssh-10.2p1/kex-names.c:294:21: call_function: calling ‘kex_alg_by_name’ from ‘kex_names_valid’
#  135|   		    }
#  136|   		} else {
#  137|-> 		    mlkem768 = EVP_KEM_fetch(NULL, "mlkem768", NULL);
#  138|   		    is_fetched = mlkem768 != NULL ? 1 : 0;
#  139|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def171]
openssh-10.2p1/kex-names.c:140:17: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
openssh-10.2p1/kex-names.c:284:1: enter_function: entry to ‘kex_names_valid’
openssh-10.2p1/kex-names.c:288:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:290:23: acquire_memory: allocated here
openssh-10.2p1/kex-names.c:290:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:292:19: branch_false: ...to here
openssh-10.2p1/kex-names.c:292:38: branch_true: following ‘true’ branch...
openssh-10.2p1/kex-names.c:294:21: call_function: calling ‘kex_alg_by_name’ from ‘kex_names_valid’
#  138|   		    is_fetched = mlkem768 != NULL ? 1 : 0;
#  139|   		}
#  140|-> 		EVP_KEM_free(mlkem768);
#  141|   	}
#  142|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def172]
openssh-10.2p1/kex-names.c:303:9: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
openssh-10.2p1/kex-names.c:288:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:290:23: acquire_memory: allocated here
openssh-10.2p1/kex-names.c:290:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:292:19: branch_false: ...to here
openssh-10.2p1/kex-names.c:303:9: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/kex-names.c:303:9: danger: ‘cp’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  301|   		}
#  302|   	}
#  303|-> 	debug3("kex names ok: [%s]", names);
#  304|   	free(s);
#  305|   	return 1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def173]
openssh-10.2p1/kex-names.c:314:19: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
openssh-10.2p1/kex-names.c:325:1: enter_function: entry to ‘kex_names_cat’
openssh-10.2p1/kex-names.c:334:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:336:15: branch_false: ...to here
openssh-10.2p1/kex-names.c:337:25: acquire_memory: allocated here
openssh-10.2p1/kex-names.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:338:20: branch_false: ...to here
openssh-10.2p1/kex-names.c:337:13: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/kex-names.c:342:9: branch_false: ...to here
openssh-10.2p1/kex-names.c:343:38: branch_true: following ‘true’ branch...
openssh-10.2p1/kex-names.c:344:21: call_function: calling ‘kex_has_any_alg’ from ‘kex_names_cat’
#  312|   	char *cp;
#  313|   
#  314|-> 	if ((cp = match_list(proposal, algs, NULL)) == NULL)
#  315|   		return 0;
#  316|   	free(cp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def174]
openssh-10.2p1/kex-names.c:314:19: warning[-Wanalyzer-malloc-leak]: leak of ‘patterns’
openssh-10.2p1/kex-names.c:365:1: enter_function: entry to ‘kex_assemble_names’
openssh-10.2p1/kex-names.c:371:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:374:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:382:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:390:19: branch_false: ...to here
openssh-10.2p1/kex-names.c:390:19: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:399:19: branch_false: ...to here
openssh-10.2p1/kex-names.c:399:19: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:417:37: branch_false: ...to here
openssh-10.2p1/kex-names.c:417:37: acquire_memory: allocated here
openssh-10.2p1/kex-names.c:417:12: branch_false: following ‘false’ branch (when ‘opatterns’ is non-NULL)...
openssh-10.2p1/kex-names.c:417:12: branch_false: ...to here
openssh-10.2p1/kex-names.c:422:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.2p1/kex-names.c:423:21: branch_true: ...to here
openssh-10.2p1/kex-names.c:423:20: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:428:17: branch_false: ...to here
openssh-10.2p1/kex-names.c:429:20: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:433:28: branch_false: ...to here
openssh-10.2p1/kex-names.c:433:28: call_function: calling ‘kex_names_cat’ from ‘kex_assemble_names’
openssh-10.2p1/kex-names.c:433:28: return_function: returning to ‘kex_assemble_names’ from ‘kex_names_cat’
openssh-10.2p1/kex-names.c:433:20: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:437:17: branch_false: ...to here
openssh-10.2p1/kex-names.c:422:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.2p1/kex-names.c:423:21: branch_true: ...to here
openssh-10.2p1/kex-names.c:423:20: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:428:17: branch_false: ...to here
openssh-10.2p1/kex-names.c:429:20: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:433:28: branch_false: ...to here
openssh-10.2p1/kex-names.c:433:28: call_function: calling ‘kex_names_cat’ from ‘kex_assemble_names’
#  312|   	char *cp;
#  313|   
#  314|-> 	if ((cp = match_list(proposal, algs, NULL)) == NULL)
#  315|   		return 0;
#  316|   	free(cp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def175]
openssh-10.2p1/kex-names.c:314:19: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/kex-names.c:365:1: enter_function: entry to ‘kex_assemble_names’
openssh-10.2p1/kex-names.c:371:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:374:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:382:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:390:19: branch_false: ...to here
openssh-10.2p1/kex-names.c:390:19: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:399:19: branch_false: ...to here
openssh-10.2p1/kex-names.c:399:19: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:417:37: branch_false: ...to here
openssh-10.2p1/kex-names.c:417:12: branch_false: following ‘false’ branch (when ‘opatterns’ is non-NULL)...
openssh-10.2p1/kex-names.c:417:12: branch_false: ...to here
openssh-10.2p1/kex-names.c:422:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.2p1/kex-names.c:423:21: branch_true: ...to here
openssh-10.2p1/kex-names.c:423:20: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:428:17: branch_false: ...to here
openssh-10.2p1/kex-names.c:429:20: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:433:28: branch_false: ...to here
openssh-10.2p1/kex-names.c:433:28: call_function: calling ‘kex_names_cat’ from ‘kex_assemble_names’
openssh-10.2p1/kex-names.c:433:28: return_function: returning to ‘kex_assemble_names’ from ‘kex_names_cat’
openssh-10.2p1/kex-names.c:433:20: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:437:17: branch_false: ...to here
openssh-10.2p1/kex-names.c:422:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.2p1/kex-names.c:423:21: branch_true: ...to here
openssh-10.2p1/kex-names.c:423:20: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:428:17: branch_false: ...to here
openssh-10.2p1/kex-names.c:429:20: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:433:28: branch_false: ...to here
openssh-10.2p1/kex-names.c:433:28: call_function: calling ‘kex_names_cat’ from ‘kex_assemble_names’
#  312|   	char *cp;
#  313|   
#  314|-> 	if ((cp = match_list(proposal, algs, NULL)) == NULL)
#  315|   		return 0;
#  316|   	free(cp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def176]
openssh-10.2p1/kex-names.c:429:33: warning[-Wanalyzer-malloc-leak]: leak of ‘patterns’
openssh-10.2p1/kex-names.c:371:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:374:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:382:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:390:19: branch_false: ...to here
openssh-10.2p1/kex-names.c:390:19: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:399:19: branch_false: ...to here
openssh-10.2p1/kex-names.c:399:19: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:417:37: branch_false: ...to here
openssh-10.2p1/kex-names.c:417:37: acquire_memory: allocated here
openssh-10.2p1/kex-names.c:417:12: branch_false: following ‘false’ branch (when ‘opatterns’ is non-NULL)...
openssh-10.2p1/kex-names.c:417:12: branch_false: ...to here
openssh-10.2p1/kex-names.c:422:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.2p1/kex-names.c:423:21: branch_true: ...to here
openssh-10.2p1/kex-names.c:423:20: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:428:17: branch_false: ...to here
openssh-10.2p1/kex-names.c:429:33: throw: if ‘match_filter_allowlist’ throws an exception...
openssh-10.2p1/kex-names.c:429:33: danger: ‘patterns’ leaks here; was allocated at [(11)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/10)
#  427|   		}
#  428|   		free(matching);
#  429|-> 		if ((matching = match_filter_allowlist(all, cp)) == NULL) {
#  430|   			r = SSH_ERR_ALLOC_FAIL;
#  431|   			goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def177]
openssh-10.2p1/kex-names.c:429:33: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/kex-names.c:365:1: enter_function: entry to ‘kex_assemble_names’
openssh-10.2p1/kex-names.c:371:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:374:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:382:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:390:19: branch_false: ...to here
openssh-10.2p1/kex-names.c:390:19: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:399:19: branch_false: ...to here
openssh-10.2p1/kex-names.c:399:19: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:417:37: branch_false: ...to here
openssh-10.2p1/kex-names.c:417:12: branch_false: following ‘false’ branch (when ‘opatterns’ is non-NULL)...
openssh-10.2p1/kex-names.c:417:12: branch_false: ...to here
openssh-10.2p1/kex-names.c:422:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.2p1/kex-names.c:423:21: branch_true: ...to here
openssh-10.2p1/kex-names.c:423:20: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:428:17: branch_false: ...to here
openssh-10.2p1/kex-names.c:429:20: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:433:28: branch_false: ...to here
openssh-10.2p1/kex-names.c:433:28: call_function: calling ‘kex_names_cat’ from ‘kex_assemble_names’
openssh-10.2p1/kex-names.c:433:28: return_function: returning to ‘kex_assemble_names’ from ‘kex_names_cat’
openssh-10.2p1/kex-names.c:433:20: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:437:17: branch_false: ...to here
openssh-10.2p1/kex-names.c:422:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.2p1/kex-names.c:423:21: branch_true: ...to here
openssh-10.2p1/kex-names.c:423:20: branch_false: following ‘false’ branch...
openssh-10.2p1/kex-names.c:428:17: branch_false: ...to here
openssh-10.2p1/kex-names.c:429:33: throw: if ‘match_filter_allowlist’ throws an exception...
openssh-10.2p1/kex-names.c:429:33: danger: ‘ret’ leaks here; was allocated at [(24)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/23)
#  427|   		}
#  428|   		free(matching);
#  429|-> 		if ((matching = match_filter_allowlist(all, cp)) == NULL) {
#  430|   			r = SSH_ERR_ALLOC_FAIL;
#  431|   			goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def178]
openssh-10.2p1/kex.c:193:18: warning[-Wanalyzer-malloc-leak]: leak of ‘proposal’
openssh-10.2p1/kex.c:191:25: acquire_memory: allocated here
openssh-10.2p1/kex.c:191:12: branch_false: following ‘false’ branch (when ‘proposal’ is non-NULL)...
openssh-10.2p1/kex.c:193:18: branch_false: ...to here
openssh-10.2p1/kex.c:193:18: throw: if ‘sshbuf_fromb’ throws an exception...
openssh-10.2p1/kex.c:193:18: danger: ‘proposal’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  191|   	if ((proposal = calloc(PROPOSAL_MAX, sizeof(char *))) == NULL)
#  192|   		return SSH_ERR_ALLOC_FAIL;
#  193|-> 	if ((b = sshbuf_fromb(raw)) == NULL) {
#  194|   		r = SSH_ERR_ALLOC_FAIL;
#  195|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def179]
openssh-10.2p1/kex.c:197:18: warning[-Wanalyzer-malloc-leak]: leak of ‘proposal’
openssh-10.2p1/kex.c:191:25: acquire_memory: allocated here
openssh-10.2p1/kex.c:191:12: branch_false: following ‘false’ branch (when ‘proposal’ is non-NULL)...
openssh-10.2p1/kex.c:193:18: branch_false: ...to here
openssh-10.2p1/kex.c:193:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:197:18: branch_false: ...to here
openssh-10.2p1/kex.c:197:18: throw: if ‘sshbuf_consume’ throws an exception...
openssh-10.2p1/kex.c:197:18: danger: ‘proposal’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  195|   		goto out;
#  196|   	}
#  197|-> 	if ((r = sshbuf_consume(b, KEX_COOKIE_LEN)) != 0) { /* skip cookie */
#  198|   		error_fr(r, "consume cookie");
#  199|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def180]
openssh-10.2p1/kex.c:198:17: warning[-Wanalyzer-malloc-leak]: leak of ‘proposal’
openssh-10.2p1/kex.c:191:25: acquire_memory: allocated here
openssh-10.2p1/kex.c:191:12: branch_false: following ‘false’ branch (when ‘proposal’ is non-NULL)...
openssh-10.2p1/kex.c:193:18: branch_false: ...to here
openssh-10.2p1/kex.c:193:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:197:18: branch_false: ...to here
openssh-10.2p1/kex.c:197:12: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:198:17: branch_true: ...to here
openssh-10.2p1/kex.c:198:17: throw: if ‘ssh_err’ throws an exception...
openssh-10.2p1/kex.c:198:17: danger: ‘proposal’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  196|   	}
#  197|   	if ((r = sshbuf_consume(b, KEX_COOKIE_LEN)) != 0) { /* skip cookie */
#  198|-> 		error_fr(r, "consume cookie");
#  199|   		goto out;
#  200|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def181]
openssh-10.2p1/kex.c:203:26: warning[-Wanalyzer-malloc-leak]: leak of ‘proposal’
openssh-10.2p1/kex.c:191:25: acquire_memory: allocated here
openssh-10.2p1/kex.c:191:12: branch_false: following ‘false’ branch (when ‘proposal’ is non-NULL)...
openssh-10.2p1/kex.c:193:18: branch_false: ...to here
openssh-10.2p1/kex.c:193:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:197:18: branch_false: ...to here
openssh-10.2p1/kex.c:197:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:202:14: branch_false: ...to here
openssh-10.2p1/kex.c:202:21: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:203:58: branch_true: ...to here
openssh-10.2p1/kex.c:203:26: throw: if ‘sshbuf_get_cstring’ throws an exception...
openssh-10.2p1/kex.c:203:26: danger: ‘proposal’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  201|   	/* extract kex init proposal strings */
#  202|   	for (i = 0; i < PROPOSAL_MAX; i++) {
#  203|-> 		if ((r = sshbuf_get_cstring(b, &(proposal[i]), NULL)) != 0) {
#  204|   			error_fr(r, "parse proposal %u", i);
#  205|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def182]
openssh-10.2p1/kex.c:700:26: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.2p1/kex.c:699:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:699:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.2p1/kex.c:700:26: branch_false: ...to here
openssh-10.2p1/kex.c:700:26: throw: if ‘sshbuf_new’ throws an exception...
openssh-10.2p1/kex.c:700:26: danger: ‘kex’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  698|   
#  699|   	if ((kex = calloc(1, sizeof(*kex))) == NULL ||
#  700|-> 	    (kex->peer = sshbuf_new()) == NULL ||
#  701|   	    (kex->my = sshbuf_new()) == NULL ||
#  702|   	    (kex->client_version = sshbuf_new()) == NULL ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def183]
openssh-10.2p1/kex.c:701:24: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.2p1/kex.c:699:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:699:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.2p1/kex.c:700:26: branch_false: ...to here
openssh-10.2p1/kex.c:699:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:701:24: branch_false: ...to here
openssh-10.2p1/kex.c:701:24: throw: if ‘sshbuf_new’ throws an exception...
openssh-10.2p1/kex.c:701:24: danger: ‘kex’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  699|   	if ((kex = calloc(1, sizeof(*kex))) == NULL ||
#  700|   	    (kex->peer = sshbuf_new()) == NULL ||
#  701|-> 	    (kex->my = sshbuf_new()) == NULL ||
#  702|   	    (kex->client_version = sshbuf_new()) == NULL ||
#  703|   	    (kex->server_version = sshbuf_new()) == NULL ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def184]
openssh-10.2p1/kex.c:702:36: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.2p1/kex.c:699:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:699:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.2p1/kex.c:700:26: branch_false: ...to here
openssh-10.2p1/kex.c:699:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:701:24: branch_false: ...to here
openssh-10.2p1/kex.c:699:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:702:36: branch_false: ...to here
openssh-10.2p1/kex.c:702:36: throw: if ‘sshbuf_new’ throws an exception...
openssh-10.2p1/kex.c:702:36: danger: ‘kex’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  700|   	    (kex->peer = sshbuf_new()) == NULL ||
#  701|   	    (kex->my = sshbuf_new()) == NULL ||
#  702|-> 	    (kex->client_version = sshbuf_new()) == NULL ||
#  703|   	    (kex->server_version = sshbuf_new()) == NULL ||
#  704|   	    (kex->session_id = sshbuf_new()) == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def185]
openssh-10.2p1/kex.c:703:36: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.2p1/kex.c:699:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:699:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.2p1/kex.c:700:26: branch_false: ...to here
openssh-10.2p1/kex.c:699:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:701:24: branch_false: ...to here
openssh-10.2p1/kex.c:699:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:702:36: branch_false: ...to here
openssh-10.2p1/kex.c:699:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:703:36: branch_false: ...to here
openssh-10.2p1/kex.c:703:36: throw: if ‘sshbuf_new’ throws an exception...
openssh-10.2p1/kex.c:703:36: danger: ‘kex’ leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  701|   	    (kex->my = sshbuf_new()) == NULL ||
#  702|   	    (kex->client_version = sshbuf_new()) == NULL ||
#  703|-> 	    (kex->server_version = sshbuf_new()) == NULL ||
#  704|   	    (kex->session_id = sshbuf_new()) == NULL) {
#  705|   		kex_free(kex);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def186]
openssh-10.2p1/kex.c:704:32: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.2p1/kex.c:699:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:699:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.2p1/kex.c:700:26: branch_false: ...to here
openssh-10.2p1/kex.c:699:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:701:24: branch_false: ...to here
openssh-10.2p1/kex.c:699:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:702:36: branch_false: ...to here
openssh-10.2p1/kex.c:699:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:703:36: branch_false: ...to here
openssh-10.2p1/kex.c:699:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:704:32: branch_false: ...to here
openssh-10.2p1/kex.c:704:32: throw: if ‘sshbuf_new’ throws an exception...
openssh-10.2p1/kex.c:704:32: danger: ‘kex’ leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  702|   	    (kex->client_version = sshbuf_new()) == NULL ||
#  703|   	    (kex->server_version = sshbuf_new()) == NULL ||
#  704|-> 	    (kex->session_id = sshbuf_new()) == NULL) {
#  705|   		kex_free(kex);
#  706|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def187]
openssh-10.2p1/kex.c:750:9: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.2p1/kex.c:695:1: enter_function: entry to ‘kex_new’
openssh-10.2p1/kex.c:699:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:699:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.2p1/kex.c:700:26: branch_false: ...to here
openssh-10.2p1/kex.c:699:13: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:705:17: branch_true: ...to here
openssh-10.2p1/kex.c:705:17: call_function: calling ‘kex_free’ from ‘kex_new’
#  748|   
#  749|   #ifdef WITH_OPENSSL
#  750|-> 	DH_free(kex->dh);
#  751|   #ifdef OPENSSL_HAS_ECC
#  752|   	EC_KEY_free(kex->ec_client_key);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def188]
openssh-10.2p1/kex.c:752:9: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.2p1/kex.c:695:1: enter_function: entry to ‘kex_new’
openssh-10.2p1/kex.c:699:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:699:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.2p1/kex.c:700:26: branch_false: ...to here
openssh-10.2p1/kex.c:699:13: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:705:17: branch_true: ...to here
openssh-10.2p1/kex.c:705:17: call_function: calling ‘kex_free’ from ‘kex_new’
#  750|   	DH_free(kex->dh);
#  751|   #ifdef OPENSSL_HAS_ECC
#  752|-> 	EC_KEY_free(kex->ec_client_key);
#  753|   #endif /* OPENSSL_HAS_ECC */
#  754|   	EVP_PKEY_free(kex->ec_hybrid_client_key);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def189]
openssh-10.2p1/kex.c:754:9: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.2p1/kex.c:695:1: enter_function: entry to ‘kex_new’
openssh-10.2p1/kex.c:699:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:699:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.2p1/kex.c:700:26: branch_false: ...to here
openssh-10.2p1/kex.c:699:13: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:705:17: branch_true: ...to here
openssh-10.2p1/kex.c:705:17: call_function: calling ‘kex_free’ from ‘kex_new’
#  752|   	EC_KEY_free(kex->ec_client_key);
#  753|   #endif /* OPENSSL_HAS_ECC */
#  754|-> 	EVP_PKEY_free(kex->ec_hybrid_client_key);
#  755|   #endif /* WITH_OPENSSL */
#  756|   	for (mode = 0; mode < MODE_MAX; mode++) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def190]
openssh-10.2p1/kex.c:760:9: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.2p1/kex.c:695:1: enter_function: entry to ‘kex_new’
openssh-10.2p1/kex.c:699:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:699:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.2p1/kex.c:700:26: branch_false: ...to here
openssh-10.2p1/kex.c:699:13: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:705:17: branch_true: ...to here
openssh-10.2p1/kex.c:705:17: call_function: calling ‘kex_free’ from ‘kex_new’
#  758|   		kex->newkeys[mode] = NULL;
#  759|   	}
#  760|-> 	sshbuf_free(kex->peer);
#  761|   	sshbuf_free(kex->my);
#  762|   	sshbuf_free(kex->client_version);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def191]
openssh-10.2p1/kex.c:761:9: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.2p1/kex.c:695:1: enter_function: entry to ‘kex_new’
openssh-10.2p1/kex.c:699:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:699:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.2p1/kex.c:700:26: branch_false: ...to here
openssh-10.2p1/kex.c:699:13: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:705:17: branch_true: ...to here
openssh-10.2p1/kex.c:705:17: call_function: calling ‘kex_free’ from ‘kex_new’
#  759|   	}
#  760|   	sshbuf_free(kex->peer);
#  761|-> 	sshbuf_free(kex->my);
#  762|   	sshbuf_free(kex->client_version);
#  763|   	sshbuf_free(kex->server_version);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def192]
openssh-10.2p1/kex.c:762:9: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.2p1/kex.c:695:1: enter_function: entry to ‘kex_new’
openssh-10.2p1/kex.c:699:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:699:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.2p1/kex.c:700:26: branch_false: ...to here
openssh-10.2p1/kex.c:699:13: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:705:17: branch_true: ...to here
openssh-10.2p1/kex.c:705:17: call_function: calling ‘kex_free’ from ‘kex_new’
#  760|   	sshbuf_free(kex->peer);
#  761|   	sshbuf_free(kex->my);
#  762|-> 	sshbuf_free(kex->client_version);
#  763|   	sshbuf_free(kex->server_version);
#  764|   	sshbuf_free(kex->client_pub);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def193]
openssh-10.2p1/kex.c:763:9: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.2p1/kex.c:695:1: enter_function: entry to ‘kex_new’
openssh-10.2p1/kex.c:699:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:699:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.2p1/kex.c:700:26: branch_false: ...to here
openssh-10.2p1/kex.c:699:13: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:705:17: branch_true: ...to here
openssh-10.2p1/kex.c:705:17: call_function: calling ‘kex_free’ from ‘kex_new’
#  761|   	sshbuf_free(kex->my);
#  762|   	sshbuf_free(kex->client_version);
#  763|-> 	sshbuf_free(kex->server_version);
#  764|   	sshbuf_free(kex->client_pub);
#  765|   	sshbuf_free(kex->session_id);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def194]
openssh-10.2p1/kex.c:764:9: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.2p1/kex.c:695:1: enter_function: entry to ‘kex_new’
openssh-10.2p1/kex.c:699:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:699:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.2p1/kex.c:700:26: branch_false: ...to here
openssh-10.2p1/kex.c:699:13: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:705:17: branch_true: ...to here
openssh-10.2p1/kex.c:705:17: call_function: calling ‘kex_free’ from ‘kex_new’
#  762|   	sshbuf_free(kex->client_version);
#  763|   	sshbuf_free(kex->server_version);
#  764|-> 	sshbuf_free(kex->client_pub);
#  765|   	sshbuf_free(kex->session_id);
#  766|   #ifdef GSSAPI

Error: GCC_ANALYZER_WARNING (CWE-401): [#def195]
openssh-10.2p1/kex.c:1161:17: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.2p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1141:12: branch_false: ...to here
openssh-10.2p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1146:12: branch_false: ...to here
openssh-10.2p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1150:24: branch_false: ...to here
openssh-10.2p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.2p1/kex.c:1155:19: branch_false: ...to here
openssh-10.2p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/kex.c:1161:17: branch_false: ...to here
openssh-10.2p1/kex.c:1161:17: throw: if ‘OSSL_PARAM_BLD_push_utf8_string’ throws an exception...
openssh-10.2p1/kex.c:1161:17: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/8)
# 1159|   	}
# 1160|   
# 1161|-> 	r =     OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_DIGEST,
# 1162|   		                md, strlen(md)) && /* SN */
# 1163|   		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_KEY,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def196]
openssh-10.2p1/kex.c:1163:17: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.2p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1141:12: branch_false: ...to here
openssh-10.2p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1146:12: branch_false: ...to here
openssh-10.2p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1150:24: branch_false: ...to here
openssh-10.2p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.2p1/kex.c:1155:19: branch_false: ...to here
openssh-10.2p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/kex.c:1161:17: branch_false: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1163:17: branch_true: ...to here
openssh-10.2p1/kex.c:1163:17: throw: if ‘sshbuf_len’ throws an exception...
openssh-10.2p1/kex.c:1163:17: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/8)
# 1161|   	r =     OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_DIGEST,
# 1162|   		                md, strlen(md)) && /* SN */
# 1163|-> 		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_KEY,
# 1164|   				sshbuf_ptr(shared_secret), sshbuf_len(shared_secret)) &&
# 1165|   		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_SSHKDF_XCGHASH,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def197]
openssh-10.2p1/kex.c:1164:33: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.2p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1141:12: branch_false: ...to here
openssh-10.2p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1146:12: branch_false: ...to here
openssh-10.2p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1150:24: branch_false: ...to here
openssh-10.2p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.2p1/kex.c:1155:19: branch_false: ...to here
openssh-10.2p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/kex.c:1161:17: branch_false: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1163:17: branch_true: ...to here
openssh-10.2p1/kex.c:1164:33: throw: if ‘sshbuf_ptr’ throws an exception...
openssh-10.2p1/kex.c:1164:33: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/8)
# 1162|   		                md, strlen(md)) && /* SN */
# 1163|   		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_KEY,
# 1164|-> 				sshbuf_ptr(shared_secret), sshbuf_len(shared_secret)) &&
# 1165|   		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_SSHKDF_XCGHASH,
# 1166|   				hash, hashlen) &&

Error: GCC_ANALYZER_WARNING (CWE-401): [#def198]
openssh-10.2p1/kex.c:1165:17: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.2p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1141:12: branch_false: ...to here
openssh-10.2p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1146:12: branch_false: ...to here
openssh-10.2p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1150:24: branch_false: ...to here
openssh-10.2p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.2p1/kex.c:1155:19: branch_false: ...to here
openssh-10.2p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/kex.c:1161:17: branch_false: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1163:17: branch_true: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1165:17: branch_true: ...to here
openssh-10.2p1/kex.c:1165:17: throw: if ‘OSSL_PARAM_BLD_push_octet_string’ throws an exception...
openssh-10.2p1/kex.c:1165:17: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/8)
# 1163|   		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_KEY,
# 1164|   				sshbuf_ptr(shared_secret), sshbuf_len(shared_secret)) &&
# 1165|-> 		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_SSHKDF_XCGHASH,
# 1166|   				hash, hashlen) &&
# 1167|   		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_SSHKDF_SESSION_ID,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def199]
openssh-10.2p1/kex.c:1167:17: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.2p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1141:12: branch_false: ...to here
openssh-10.2p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1146:12: branch_false: ...to here
openssh-10.2p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1150:24: branch_false: ...to here
openssh-10.2p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.2p1/kex.c:1155:19: branch_false: ...to here
openssh-10.2p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/kex.c:1161:17: branch_false: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1163:17: branch_true: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1165:17: branch_true: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1168:73: branch_true: ...to here
openssh-10.2p1/kex.c:1167:17: throw: if ‘sshbuf_len’ throws an exception...
openssh-10.2p1/kex.c:1167:17: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/8)
# 1165|   		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_SSHKDF_XCGHASH,
# 1166|   				hash, hashlen) &&
# 1167|-> 		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
# 1168|   				sshbuf_ptr(kex->session_id), sshbuf_len(kex->session_id)) &&
# 1169|   		OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_SSHKDF_TYPE,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def200]
openssh-10.2p1/kex.c:1168:33: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.2p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1141:12: branch_false: ...to here
openssh-10.2p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1146:12: branch_false: ...to here
openssh-10.2p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1150:24: branch_false: ...to here
openssh-10.2p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.2p1/kex.c:1155:19: branch_false: ...to here
openssh-10.2p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/kex.c:1161:17: branch_false: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1163:17: branch_true: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1165:17: branch_true: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1168:73: branch_true: ...to here
openssh-10.2p1/kex.c:1168:33: throw: if ‘sshbuf_ptr’ throws an exception...
openssh-10.2p1/kex.c:1168:33: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/8)
# 1166|   				hash, hashlen) &&
# 1167|   		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
# 1168|-> 				sshbuf_ptr(kex->session_id), sshbuf_len(kex->session_id)) &&
# 1169|   		OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_SSHKDF_TYPE,
# 1170|   				&keytype, 1);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def201]
openssh-10.2p1/kex.c:1169:17: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.2p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1141:12: branch_false: ...to here
openssh-10.2p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1146:12: branch_false: ...to here
openssh-10.2p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1150:24: branch_false: ...to here
openssh-10.2p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.2p1/kex.c:1155:19: branch_false: ...to here
openssh-10.2p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/kex.c:1161:17: branch_false: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1163:17: branch_true: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1165:17: branch_true: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1168:73: branch_true: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1169:17: branch_true: ...to here
openssh-10.2p1/kex.c:1169:17: throw: if ‘OSSL_PARAM_BLD_push_utf8_string’ throws an exception...
openssh-10.2p1/kex.c:1169:17: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/8)
# 1167|   		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
# 1168|   				sshbuf_ptr(kex->session_id), sshbuf_len(kex->session_id)) &&
# 1169|-> 		OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_SSHKDF_TYPE,
# 1170|   				&keytype, 1);
# 1171|   	if (r != 1) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def202]
openssh-10.2p1/kex.c:1176:18: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.2p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1141:12: branch_false: ...to here
openssh-10.2p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1146:12: branch_false: ...to here
openssh-10.2p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1150:24: branch_false: ...to here
openssh-10.2p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.2p1/kex.c:1155:19: branch_false: ...to here
openssh-10.2p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/kex.c:1161:17: branch_false: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1163:17: branch_true: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1165:17: branch_true: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1168:73: branch_true: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1169:17: branch_true: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1176:18: branch_true: ...to here
openssh-10.2p1/kex.c:1176:18: throw: if ‘OSSL_PARAM_BLD_to_param’ throws an exception...
openssh-10.2p1/kex.c:1176:18: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/8)
# 1174|   	}
# 1175|   
# 1176|-> 	params = OSSL_PARAM_BLD_to_param(param_bld);
# 1177|   	if (params == NULL) {
# 1178|   		r = SSH_ERR_LIBCRYPTO_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def203]
openssh-10.2p1/kex.c:1181:13: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.2p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1141:12: branch_false: ...to here
openssh-10.2p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1146:12: branch_false: ...to here
openssh-10.2p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1150:24: branch_false: ...to here
openssh-10.2p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.2p1/kex.c:1155:19: branch_false: ...to here
openssh-10.2p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/kex.c:1161:17: branch_false: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1163:17: branch_true: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1165:17: branch_true: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1168:73: branch_true: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1169:17: branch_true: ...to here
openssh-10.2p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1176:18: branch_true: ...to here
openssh-10.2p1/kex.c:1177:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1181:13: branch_false: ...to here
openssh-10.2p1/kex.c:1181:13: throw: if ‘EVP_KDF_derive’ throws an exception...
openssh-10.2p1/kex.c:1181:13: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/8)
# 1179|   		goto out;
# 1180|   	}
# 1181|-> 	r = EVP_KDF_derive(ctx, key, key_len, params);
# 1182|   	if (r != 1) {
# 1183|   		r = SSH_ERR_LIBCRYPTO_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def204]
openssh-10.2p1/kex.c:1195:9: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.2p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1141:12: branch_false: ...to here
openssh-10.2p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1146:12: branch_false: ...to here
openssh-10.2p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1150:24: branch_false: ...to here
openssh-10.2p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.2p1/kex.c:1155:19: branch_false: ...to here
openssh-10.2p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/kex.c:1161:17: branch_false: ...to here
openssh-10.2p1/kex.c:1195:9: throw: if ‘OSSL_PARAM_BLD_free’ throws an exception...
openssh-10.2p1/kex.c:1195:9: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/8)
# 1193|   
# 1194|   out:
# 1195|-> 	OSSL_PARAM_BLD_free(param_bld);
# 1196|   	OSSL_PARAM_free(params);
# 1197|   	free (key);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def205]
openssh-10.2p1/kex.c:1196:9: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.2p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1141:12: branch_false: ...to here
openssh-10.2p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1146:12: branch_false: ...to here
openssh-10.2p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1150:24: branch_false: ...to here
openssh-10.2p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.2p1/kex.c:1155:19: branch_false: ...to here
openssh-10.2p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.2p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/kex.c:1161:17: branch_false: ...to here
openssh-10.2p1/kex.c:1196:9: throw: if ‘OSSL_PARAM_free’ throws an exception...
openssh-10.2p1/kex.c:1196:9: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/8)
# 1194|   out:
# 1195|   	OSSL_PARAM_BLD_free(param_bld);
# 1196|-> 	OSSL_PARAM_free(params);
# 1197|   	free (key);
# 1198|   	EVP_KDF_CTX_free(ctx);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def206]
openssh-10.2p1/kex.c:1684:17: warning[-Wanalyzer-malloc-leak]: leak of ‘pub_ser’
openssh-10.2p1/kex.c:1656:12: branch_false: following ‘false’ branch (when ‘k’ is non-NULL)...
openssh-10.2p1/kex.c:1658:20: branch_false: ...to here
openssh-10.2p1/kex.c:1658:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1659:26: branch_false: ...to here
openssh-10.2p1/kex.c:1658:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1660:23: branch_false: ...to here
openssh-10.2p1/kex.c:1658:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1665:27: branch_false: ...to here
openssh-10.2p1/kex.c:1665:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1666:13: branch_false: ...to here
openssh-10.2p1/kex.c:1665:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kex.c:1673:20: branch_false: ...to here
openssh-10.2p1/kex.c:1673:12: branch_true: following ‘true’ branch...
openssh-10.2p1/kex.c:1677:25: branch_true: ...to here
openssh-10.2p1/kex.c:1680:32: acquire_memory: allocated here
openssh-10.2p1/kex.c:1680:20: branch_false: following ‘false’ branch (when ‘pub_ser’ is non-NULL)...
openssh-10.2p1/kex.c:1684:17: branch_false: ...to here
openssh-10.2p1/kex.c:1684:17: throw: if ‘EC_POINT_point2oct’ throws an exception...
openssh-10.2p1/kex.c:1684:17: danger: ‘pub_ser’ leaks here; was allocated at [(15)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/14)
# 1682|   			goto out;
# 1683|   		}
# 1684|-> 		EC_POINT_point2oct(group,
# 1685|   		    pub,
# 1686|   		    POINT_CONVERSION_UNCOMPRESSED,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def207]
openssh-10.2p1/kexdh.c:144:30: warning[-Wanalyzer-malloc-leak]: leak of ‘kbuf’
openssh-10.2p1/kexdh.c:107:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kexdh.c:112:21: branch_false: ...to here
openssh-10.2p1/kexdh.c:116:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kexdh.c:124:13: branch_false: ...to here
openssh-10.2p1/kexdh.c:125:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kexdh.c:131:20: branch_false: ...to here
openssh-10.2p1/kexdh.c:131:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kexdh.c:136:13: branch_false: ...to here
openssh-10.2p1/kexdh.c:136:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kexdh.c:137:13: branch_false: ...to here
openssh-10.2p1/kexdh.c:136:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kexdh.c:138:13: branch_false: ...to here
openssh-10.2p1/kexdh.c:136:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kexdh.c:143:21: branch_false: ...to here
openssh-10.2p1/kexdh.c:143:21: acquire_memory: allocated here
openssh-10.2p1/kexdh.c:143:12: branch_false: following ‘false’ branch (when ‘kbuf’ is non-NULL)...
openssh-10.2p1/kexdh.c:144:30: branch_false: ...to here
openssh-10.2p1/kexdh.c:144:30: throw: if ‘BN_new’ throws an exception...
openssh-10.2p1/kexdh.c:144:30: danger: ‘kbuf’ leaks here; was allocated at [(15)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/14)
#  142|   	}
#  143|   	if ((kbuf = malloc(klen)) == NULL ||
#  144|-> 	    (shared_secret = BN_new()) == NULL) {
#  145|   		r = SSH_ERR_ALLOC_FAIL;
#  146|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def208]
openssh-10.2p1/kexdh.c:148:13: warning[-Wanalyzer-malloc-leak]: leak of ‘kbuf’
openssh-10.2p1/kexdh.c:107:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kexdh.c:112:21: branch_false: ...to here
openssh-10.2p1/kexdh.c:116:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kexdh.c:124:13: branch_false: ...to here
openssh-10.2p1/kexdh.c:125:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kexdh.c:131:20: branch_false: ...to here
openssh-10.2p1/kexdh.c:131:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kexdh.c:136:13: branch_false: ...to here
openssh-10.2p1/kexdh.c:136:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kexdh.c:137:13: branch_false: ...to here
openssh-10.2p1/kexdh.c:136:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kexdh.c:138:13: branch_false: ...to here
openssh-10.2p1/kexdh.c:136:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kexdh.c:143:21: branch_false: ...to here
openssh-10.2p1/kexdh.c:143:21: acquire_memory: allocated here
openssh-10.2p1/kexdh.c:143:12: branch_false: following ‘false’ branch (when ‘kbuf’ is non-NULL)...
openssh-10.2p1/kexdh.c:144:30: branch_false: ...to here
openssh-10.2p1/kexdh.c:143:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kexdh.c:148:13: branch_false: ...to here
openssh-10.2p1/kexdh.c:148:13: throw: if ‘EVP_PKEY_derive’ throws an exception...
openssh-10.2p1/kexdh.c:148:13: danger: ‘kbuf’ leaks here; was allocated at [(15)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/14)
#  146|   		goto out;
#  147|   	}
#  148|-> 	if (EVP_PKEY_derive(ctx, kbuf, &klen) != 1 ||
#  149|   	    BN_bin2bn(kbuf, klen, shared_secret) == NULL) {
#  150|   		error_f("Could not derive key");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def209]
openssh-10.2p1/kexecdh.c:250:13: warning[-Wanalyzer-malloc-leak]: leak of ‘kbuf’
openssh-10.2p1/kexecdh.c:186:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kexecdh.c:191:9: branch_false: ...to here
openssh-10.2p1/kexecdh.c:193:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kexecdh.c:197:18: branch_false: ...to here
openssh-10.2p1/kexecdh.c:197:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kexecdh.c:202:18: branch_false: ...to here
openssh-10.2p1/kexecdh.c:202:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kexecdh.c:204:9: branch_false: ...to here
openssh-10.2p1/kexecdh.c:205:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kexecdh.c:206:26: branch_false: ...to here
openssh-10.2p1/kexecdh.c:205:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kexecdh.c:210:27: branch_false: ...to here
openssh-10.2p1/kexecdh.c:210:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kexecdh.c:214:13: branch_false: ...to here
openssh-10.2p1/kexecdh.c:214:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kexecdh.c:216:13: branch_false: ...to here
openssh-10.2p1/kexecdh.c:214:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kexecdh.c:218:23: branch_false: ...to here
openssh-10.2p1/kexecdh.c:214:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kexecdh.c:223:13: branch_false: ...to here
openssh-10.2p1/kexecdh.c:223:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kexecdh.c:224:13: branch_false: ...to here
openssh-10.2p1/kexecdh.c:223:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kexecdh.c:226:13: branch_false: ...to here
openssh-10.2p1/kexecdh.c:223:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kexecdh.c:236:9: branch_false: ...to here
openssh-10.2p1/kexecdh.c:238:12: branch_false: following ‘false’ branch...
openssh-10.2p1/kexecdh.c:239:13: branch_false: ...to here
openssh-10.2p1/kexecdh.c:238:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kexecdh.c:240:13: branch_false: ...to here
openssh-10.2p1/kexecdh.c:238:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kexecdh.c:241:13: branch_false: ...to here
openssh-10.2p1/kexecdh.c:238:13: branch_false: following ‘false’ branch...
openssh-10.2p1/kexecdh.c:246:21: branch_false: ...to here
openssh-10.2p1/kexecdh.c:246:21: acquire_memory: allocated here
openssh-10.2p1/kexecdh.c:246:12: branch_false: following ‘false’ branch (when ‘kbuf’ is non-NULL)...
openssh-10.2p1/kexecdh.c:250:13: branch_false: ...to here
openssh-10.2p1/kexecdh.c:250:13: throw: if ‘EVP_PKEY_derive’ throws an exception...
openssh-10.2p1/kexecdh.c:250:13: danger: ‘kbuf’ leaks here; was allocated at [(35)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/34)
#  248|   		goto out;
#  249|   	}
#  250|-> 	if (EVP_PKEY_derive(ctx, kbuf, &klen) != 1) {
#  251|   		r = SSH_ERR_LIBCRYPTO_ERROR;
#  252|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def210]
openssh-10.2p1/kexecdh.c:274:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘publen’
#  272|   	BN_clear_free(shared_secret);
#  273|   	freezero(kbuf, klen);
#  274|-> 	freezero(pub, publen);
#  275|   	sshbuf_free(buf);
#  276|   	return r;

Error: COMPILER_WARNING (CWE-195): [#def211]
openssh-10.2p1/kexgssc.c: scope_hint: In function ‘input_kexgssgex_group’
openssh-10.2p1/kexgssc.c:618:28: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘int’ and ‘u_int’ {aka ‘unsigned int’}
#  618 |         if (BN_num_bits(p) < kex->min || BN_num_bits(p) > kex->max)
#      |                            ^
#  616|   		fatal("shpkt_get_bignum2 failed: %s", ssh_err(r));
#  617|   
#  618|-> 	if (BN_num_bits(p) < kex->min || BN_num_bits(p) > kex->max)
#  619|   		fatal("GSSGRP_GEX group out of range: %d !< %d !< %d",
#  620|   		    kex->min, BN_num_bits(p), kex->max);

Error: COMPILER_WARNING (CWE-195): [#def212]
openssh-10.2p1/kexgssc.c:618:57: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘int’ and ‘u_int’ {aka ‘unsigned int’}
#  618 |         if (BN_num_bits(p) < kex->min || BN_num_bits(p) > kex->max)
#      |                                                         ^
#  616|   		fatal("shpkt_get_bignum2 failed: %s", ssh_err(r));
#  617|   
#  618|-> 	if (BN_num_bits(p) < kex->min || BN_num_bits(p) > kex->max)
#  619|   		fatal("GSSGRP_GEX group out of range: %d !< %d !< %d",
#  620|   		    kex->min, BN_num_bits(p), kex->max);

Error: COMPILER_WARNING (CWE-704): [#def213]
openssh-10.2p1/kexmlkem768x25519.c: scope_hint: In function ‘buf2nist_key’
openssh-10.2p1/kexmlkem768x25519.c:675:82: warning[-Wdiscarded-qualifiers]: passing argument 2 of ‘OSSL_PARAM_construct_utf8_string’ discards ‘const’ qualifier from pointer target type
#  675 |         params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0);
#      |                                                                                  ^~~~~~~~~~
/usr/include/openssl/indicator.h:18: included_from: Included from here.
/usr/include/openssl/core_dispatch.h:16: included_from: Included from here.
/usr/include/openssl/evp.h:28: included_from: Included from here.
openssh-10.2p1/sshkey.h:33: included_from: Included from here.
openssh-10.2p1/kexmlkem768x25519.c:37: included_from: Included from here.
/usr/include/openssl/params.h:88:68: note: expected ‘char *’ but argument is of type ‘const char *’
#   88 | OSSL_PARAM OSSL_PARAM_construct_utf8_string(const char *key, char *buf,
#      |                                                              ~~~~~~^~~
#  673|   		goto err;
#  674|   
#  675|-> 	params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0);
#  676|   	params[1] = OSSL_PARAM_construct_octet_string(
#  677|   			OSSL_PKEY_PARAM_PUB_KEY, (void *)pub_key_buf, pub_key_len);

Error: COMPILER_WARNING (CWE-704): [#def214]
openssh-10.2p1/kexmlkem768x25519.c:675:82: warning[-Wdiscarded-qualifiers]: passing argument 2 of ‘OSSL_PARAM_construct_utf8_string’ discards ‘const’ qualifier from pointer target type
#  673|   		goto err;
#  674|   
#  675|-> 	params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0);
#  676|   	params[1] = OSSL_PARAM_construct_octet_string(
#  677|   			OSSL_PKEY_PARAM_PUB_KEY, (void *)pub_key_buf, pub_key_len);

Error: COMPILER_WARNING (CWE-704): [#def215]
openssh-10.2p1/kexmlkem768x25519.c: scope_hint: In function ‘nist_pkey_keygen’
openssh-10.2p1/kexmlkem768x25519.c:755:82: warning[-Wdiscarded-qualifiers]: passing argument 2 of ‘OSSL_PARAM_construct_utf8_string’ discards ‘const’ qualifier from pointer target type
#  755 |         params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0);
#      |                                                                                  ^~~~~~~~~~
/usr/include/openssl/params.h:88:68: note: expected ‘char *’ but argument is of type ‘const char *’
#   88 | OSSL_PARAM OSSL_PARAM_construct_utf8_string(const char *key, char *buf,
#      |                                                              ~~~~~~^~~
#  753|   	}
#  754|   
#  755|-> 	params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0);
#  756|   	params[1] = OSSL_PARAM_construct_end();
#  757|   

Error: COMPILER_WARNING (CWE-704): [#def216]
openssh-10.2p1/kexmlkem768x25519.c:755:82: warning[-Wdiscarded-qualifiers]: passing argument 2 of ‘OSSL_PARAM_construct_utf8_string’ discards ‘const’ qualifier from pointer target type
#  753|   	}
#  754|   
#  755|-> 	params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0);
#  756|   	params[1] = OSSL_PARAM_construct_end();
#  757|   

Error: COMPILER_WARNING: [#def217]
openssh-10.2p1/kexmlkem768x25519.c:42: included_from: Included from here.
openssh-10.2p1/kexmlkem768x25519.c: scope_hint: In function ‘get_uncompressed_ec_pubkey’
openssh-10.2p1/kexmlkem768x25519.c:839:21: warning[-Wformat=]: format ‘%d’ expects argument of type ‘int’, but argument 8 has type ‘size_t’ {aka ‘long unsigned int’}
#  839 |             debug_f("Unexpected length of uncompressed public key: expected %d, got %d", buf_len, required_len);
#      |                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  ~~~~~~~
#      |                                                                                          |
#      |                                                                                          size_t {aka long unsigned int}
openssh-10.2p1/log.h:123:100: note: in definition of macro ‘debug_f’
#  123 | #define debug_f(...)            sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_DEBUG1, NULL, __VA_ARGS__)
#      |                                                                                                    ^~~~~~~~~~~
openssh-10.2p1/kexmlkem768x25519.c:839:78: note: format string is defined here
#  839 |             debug_f("Unexpected length of uncompressed public key: expected %d, got %d", buf_len, required_len);
#      |                                                                             ~^
#      |                                                                              |
#      |                                                                              int
#      |                                                                             %ld
#  837|   	    }
#  838|   	} else {
#  839|-> 	    debug_f("Unexpected length of uncompressed public key: expected %d, got %d", buf_len, required_len);
#  840|   	    return SSH_ERR_LIBCRYPTO_ERROR;
#  841|   	}

Error: COMPILER_WARNING: [#def218]
openssh-10.2p1/kexmlkem768x25519.c:839:21: warning[-Wformat=]: format ‘%d’ expects argument of type ‘int’, but argument 9 has type ‘size_t’ {aka ‘long unsigned int’}
#  839 |             debug_f("Unexpected length of uncompressed public key: expected %d, got %d", buf_len, required_len);
#      |                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~           ~~~~~~~~~~~~
#      |                                                                                                   |
#      |                                                                                                   size_t {aka long unsigned int}
openssh-10.2p1/log.h:123:100: note: in definition of macro ‘debug_f’
#  123 | #define debug_f(...)            sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_DEBUG1, NULL, __VA_ARGS__)
#      |                                                                                                    ^~~~~~~~~~~
openssh-10.2p1/kexmlkem768x25519.c:839:86: note: format string is defined here
#  839 |             debug_f("Unexpected length of uncompressed public key: expected %d, got %d", buf_len, required_len);
#      |                                                                                     ~^
#      |                                                                                      |
#      |                                                                                      int
#      |                                                                                     %ld
#  837|   	    }
#  838|   	} else {
#  839|-> 	    debug_f("Unexpected length of uncompressed public key: expected %d, got %d", buf_len, required_len);
#  840|   	    return SSH_ERR_LIBCRYPTO_ERROR;
#  841|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def219]
openssh-10.2p1/krl.c:142:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ssh_krl_init()’
openssh-10.2p1/krl.c:1278:1: enter_function: entry to ‘ssh_krl_file_contains_key’
openssh-10.2p1/krl.c:1284:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.2p1/krl.c:1286:18: branch_false: ...to here
openssh-10.2p1/krl.c:1286:12: branch_false: following ‘false’ branch...
openssh-10.2p1/krl.c:1290:18: branch_false: ...to here
openssh-10.2p1/krl.c:1290:18: call_function: calling ‘ssh_krl_from_blob’ from ‘ssh_krl_file_contains_key’
#  140|   	RB_INIT(&krl->revoked_sha1s);
#  141|   	RB_INIT(&krl->revoked_sha256s);
#  142|-> 	TAILQ_INIT(&krl->revoked_certs);
#  143|   	return krl;
#  144|   }

Error: COMPILER_WARNING: [#def220]
openssh-10.2p1/log.c: scope_hint: In function ‘do_log’
openssh-10.2p1/log.c:404:53: warning[-Wformat-truncation=]: ‘: ’ directive output may be truncated writing 2 bytes into a region of size between 1 and 1024
#  404 |                 snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", msgbuf, suffix);
#      |                                                     ^~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output 3 or more bytes (assuming 1026) into a destination of size 1024
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  402|   	}
#  403|   	if (suffix != NULL) {
#  404|-> 		snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", msgbuf, suffix);
#  405|   		strlcpy(msgbuf, fmtbuf, sizeof(msgbuf));
#  406|   	}

Error: COMPILER_WARNING: [#def221]
openssh-10.2p1/log.c: scope_hint: In function ‘do_log’
openssh-10.2p1/log.c:416:58: warning: ‘
#   ’ directive output may be truncated writing 2 bytes into a region of size between 1 and 1024 [-Wformat-truncation=]
#  416 |                 snprintf(msgbuf, sizeof msgbuf, "%s%s%.*s\r\n",
#      |                                                          ^~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 3 and 1026 bytes into a destination of size 1024
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  414|   		log_handler = tmp_handler;
#  415|   	} else if (log_on_stderr) {
#  416|-> 		snprintf(msgbuf, sizeof msgbuf, "%s%s%.*s\r\n",
#  417|   		    (log_on_stderr > 1) ? progname : "",
#  418|   		    (log_on_stderr > 1) ? ": " : "",

Error: COMPILER_WARNING: [#def222]
openssh-10.2p1/log.c: scope_hint: In function ‘sshlogv’
openssh-10.2p1/log.c:472:67: warning[-Wformat-truncation=]: ‘%ld’ directive output may be truncated writing between 1 and 11 bytes into a region of size between 8 and 111
#  472 |         snprintf(tag, sizeof(tag), "%.48s:%.48s():%d (bin=%s, pid=%ld)",
#      |                                                                   ^~~
openssh-10.2p1/log.c:472:36: note: directive argument in the range [-2147483648, 2147483647]
#  472 |         snprintf(tag, sizeof(tag), "%.48s:%.48s():%d (bin=%s, pid=%ld)",
#      |                                    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output 20 or more bytes (assuming 133) into a destination of size 128
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  470|   		return;
#  471|   
#  472|-> 	snprintf(tag, sizeof(tag), "%.48s:%.48s():%d (bin=%s, pid=%ld)",
#  473|   	    (cp = strrchr(file, '/')) == NULL ? file : cp + 1, func, line,
#  474|   	    argv0 == NULL ? "UNKNOWN" : argv0, (long)getpid());

Error: GCC_ANALYZER_WARNING (CWE-404): [#def223]
openssh-10.2p1/log.c:476:21: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/log.c:447:1: enter_function: entry to ‘sshlogdie’
openssh-10.2p1/log.c:452:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/log.c:453:9: call_function: calling ‘sshlogv’ from ‘sshlogdie’
#  474|   	    argv0 == NULL ? "UNKNOWN" : argv0, (long)getpid());
#  475|   	for (i = 0; i < nlog_verbose; i++) {
#  476|-> 		if (match_pattern_list(tag, log_verbose[i], 0) == 1) {
#  477|   			forced = 1;
#  478|   			break;

Error: COMPILER_WARNING (CWE-704): [#def224]
openssh-10.2p1/match.c: scope_hint: In function ‘match_user’
openssh-10.2p1/match.c:244:24: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  244 |                 if ((p = strrchr(pattern, '@')) != NULL &&
#      |                        ^
#  242|   	/* test mode */
#  243|   	if (user == NULL && host == NULL && ipaddr == NULL) {
#  244|-> 		if ((p = strrchr(pattern, '@')) != NULL &&
#  245|   		    match_host_and_ip(NULL, NULL, p + 1) < 0)
#  246|   			return -1;

Error: COMPILER_WARNING (CWE-704): [#def225]
openssh-10.2p1/match.c:244:24: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  242|   	/* test mode */
#  243|   	if (user == NULL && host == NULL && ipaddr == NULL) {
#  244|-> 		if ((p = strrchr(pattern, '@')) != NULL &&
#  245|   		    match_host_and_ip(NULL, NULL, p + 1) < 0)
#  246|   			return -1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def226]
openssh-10.2p1/misc-agent.c:140:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/misc-agent.c:116:20: branch_false: following ‘false’ branch...
openssh-10.2p1/misc-agent.c:123:29: branch_false: ...to here
openssh-10.2p1/misc-agent.c:123:29: acquire_resource: stream socket created here
openssh-10.2p1/misc-agent.c:123:20: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.2p1/misc-agent.c:127:21: branch_false: ...to here
openssh-10.2p1/misc-agent.c:139:20: branch_true: following ‘true’ branch...
openssh-10.2p1/misc-agent.c:140:25: branch_true: ...to here
openssh-10.2p1/misc-agent.c:140:25: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/misc-agent.c:140:25: danger: ‘sock’ leaks here
#  138|   		}
#  139|   		if (listen(sock, backlog) == -1) {
#  140|-> 			error_f("listen \"%s\": %s", path, strerror(errno));
#  141|   			break;
#  142|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def227]
openssh-10.2p1/misc-agent.c:147:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/misc-agent.c:116:20: branch_false: following ‘false’ branch...
openssh-10.2p1/misc-agent.c:123:29: branch_false: ...to here
openssh-10.2p1/misc-agent.c:123:29: acquire_resource: stream socket created here
openssh-10.2p1/misc-agent.c:123:20: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.2p1/misc-agent.c:127:21: branch_false: ...to here
openssh-10.2p1/misc-agent.c:139:20: branch_false: following ‘false’ branch...
openssh-10.2p1/misc-agent.c:145:9: branch_false: ...to here
openssh-10.2p1/misc-agent.c:146:12: branch_true: following ‘true’ branch (when ‘good != 0’)...
openssh-10.2p1/misc-agent.c:147:17: branch_true: ...to here
openssh-10.2p1/misc-agent.c:147:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/misc-agent.c:147:17: danger: ‘sock’ leaks here
#  145|   	umask(prev_mask);
#  146|   	if (good) {
#  147|-> 		debug3_f("listening on unix socket \"%s\" as fd=%d",
#  148|   		    path, sock);
#  149|   	} else if (sock != -1) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def228]
openssh-10.2p1/misc-agent.c:150:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/misc-agent.c:116:20: branch_false: following ‘false’ branch...
openssh-10.2p1/misc-agent.c:123:29: branch_false: ...to here
openssh-10.2p1/misc-agent.c:123:29: acquire_resource: stream socket created here
openssh-10.2p1/misc-agent.c:123:20: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.2p1/misc-agent.c:127:21: branch_false: ...to here
openssh-10.2p1/misc-agent.c:139:20: branch_true: following ‘true’ branch...
openssh-10.2p1/misc-agent.c:140:25: branch_true: ...to here
openssh-10.2p1/misc-agent.c:146:12: branch_false: following ‘false’ branch (when ‘good == 0’)...
openssh-10.2p1/misc-agent.c:149:19: branch_false: ...to here
openssh-10.2p1/misc-agent.c:149:19: branch_true: following ‘true’ branch (when ‘sock != -1’)...
openssh-10.2p1/misc-agent.c:150:17: branch_true: ...to here
openssh-10.2p1/misc-agent.c:150:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/misc-agent.c:150:17: danger: ‘sock’ leaks here
#  148|   		    path, sock);
#  149|   	} else if (sock != -1) {
#  150|-> 		close(sock);
#  151|   		sock = -1;
#  152|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def229]
openssh-10.2p1/misc-agent.c:244:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.2p1/misc-agent.c:235:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc-agent.c:240:19: branch_false: ...to here
openssh-10.2p1/misc-agent.c:240:19: acquire_resource: stream socket created here
openssh-10.2p1/misc-agent.c:240:12: branch_false: following ‘false’ branch (when ‘fd != -1’)...
openssh-10.2p1/misc-agent.c:244:9: branch_false: ...to here
openssh-10.2p1/misc-agent.c:244:9: throw: if ‘set_nonblock’ throws an exception...
openssh-10.2p1/misc-agent.c:244:9: danger: ‘fd’ leaks here
#  242|   		return 0;
#  243|   	}
#  244|-> 	set_nonblock(fd);
#  245|   	/* a socket without a listener should yield an error immediately */
#  246|   	if (connect(fd, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def230]
openssh-10.2p1/misc-agent.c:310:22: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(dirpath)’
openssh-10.2p1/misc-agent.c:283:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc-agent.c:289:9: branch_false: ...to here
openssh-10.2p1/misc-agent.c:292:12: branch_false: following ‘false’ branch (when ‘ignore_hosthash != 0’)...
openssh-10.2p1/misc-agent.c:302:9: branch_false: ...to here
openssh-10.2p1/misc-agent.c:303:18: acquire_memory: allocated here
openssh-10.2p1/misc-agent.c:303:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc-agent.c:309:9: branch_false: ...to here
openssh-10.2p1/misc-agent.c:310:22: throw: if ‘readdir’ throws an exception...
openssh-10.2p1/misc-agent.c:310:22: danger: ‘opendir(dirpath)’ leaks here; was allocated at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
#  308|   
#  309|   	path = NULL;
#  310|-> 	while ((dp = readdir(d)) != NULL) {
#  311|   		free(path);
#  312|   		xasprintf(&path, "%s/%s", dirpath, dp->d_name);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def231]
openssh-10.2p1/misc.c:651:29: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
openssh-10.2p1/misc.c:633:1: enter_function: entry to ‘convtime’
openssh-10.2p1/misc.c:639:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:641:18: acquire_memory: allocated here
openssh-10.2p1/misc.c:642:12: branch_false: following ‘false’ branch (when ‘os’ is non-NULL)...
openssh-10.2p1/misc.c:642:12: branch_false: ...to here
openssh-10.2p1/misc.c:645:16: branch_true: following ‘true’ branch...
openssh-10.2p1/misc.c:646:22: branch_true: ...to here
openssh-10.2p1/misc.c:646:22: call_function: calling ‘scandigits’ from ‘convtime’
openssh-10.2p1/misc.c:646:22: return_function: returning to ‘convtime’ from ‘scandigits’
openssh-10.2p1/misc.c:651:29: throw: if ‘strtonum’ throws an exception...
openssh-10.2p1/misc.c:651:29: danger: ‘p’ leaks here; was allocated at [(4)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/3)
#  649|   			*np = '\0';
#  650|   		}
#  651|-> 		secs = (int)strtonum(p, 0, INT_MAX, &errstr);
#  652|   		if (errstr)
#  653|   			goto fail;

Error: COMPILER_WARNING: [#def232]
openssh-10.2p1/misc.c: scope_hint: In function ‘fmt_timeframe’
openssh-10.2p1/misc.c:728:40: warning[-Wformat-truncation=]: ‘%02llu’ directive output may be truncated writing between 2 and 14 bytes into a region of size 9
#  728 |                 snprintf(buf, TF_LEN, "%02lluw%01ud%02uh", week, day, hrs);
#      |                                        ^~~~~~
openssh-10.2p1/misc.c:728:39: note: directive argument in the range [1, 30500568904943]
#  728 |                 snprintf(buf, TF_LEN, "%02lluw%01ud%02uh", week, day, hrs);
#      |                                       ^~~~~~~~~~~~~~~~~~~
openssh-10.2p1/misc.c:728:39: note: directive argument in the range [0, 6]
openssh-10.2p1/misc.c:728:39: note: directive argument in the range [0, 23]
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 9 and 21 bytes into a destination of size 9
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  726|   
#  727|   	if (week > 0)
#  728|-> 		snprintf(buf, TF_LEN, "%02lluw%01ud%02uh", week, day, hrs);
#  729|   	else if (day > 0)
#  730|   		snprintf(buf, TF_LEN, "%01ud%02uh%02um", day, hrs, min);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def233]
openssh-10.2p1/misc.c:767:27: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(s)’
openssh-10.2p1/misc.c:930:1: enter_function: entry to ‘parse_user_host_port’
openssh-10.2p1/misc.c:938:12: branch_false: following ‘false’ branch (when ‘hostp’ is NULL)...
openssh-10.2p1/misc.c:940:12: branch_false: ...to here
openssh-10.2p1/misc.c:943:27: acquire_memory: allocated here
openssh-10.2p1/misc.c:943:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:946:19: branch_false: ...to here
openssh-10.2p1/misc.c:946:12: branch_false: following ‘false’ branch (when ‘cp’ is NULL)...
openssh-10.2p1/misc.c:955:19: branch_false: ...to here
openssh-10.2p1/misc.c:955:19: call_function: calling ‘hpdelim’ from ‘parse_user_host_port’
openssh-10.2p1/misc.c:955:19: return_function: returning to ‘parse_user_host_port’ from ‘hpdelim’
openssh-10.2p1/misc.c:955:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:957:16: throw: if ‘xstrdup’ throws an exception...
openssh-10.2p1/misc.c:767:27: danger: ‘strdup(s)’ leaks here; was allocated at [(4)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/3)
#  765|   	char *s, *old;
#  766|   
#  767|-> 	if (cp == NULL || *cp == NULL)
#  768|   		return NULL;
#  769|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def234]
openssh-10.2p1/misc.c:1323:20: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/misc.c:1463:1: enter_function: entry to ‘percent_dollar_expand’
openssh-10.2p1/misc.c:1469:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/misc.c:1470:15: call_function: calling ‘vdollar_percent_expand’ from ‘percent_dollar_expand’
# 1321|   	size_t len;
# 1322|   
# 1323|-> 	if ((buf = sshbuf_new()) == NULL)
# 1324|   		fatal_f("sshbuf_new failed");
# 1325|   	if (parseerror == NULL)

Error: GCC_ANALYZER_WARNING (CWE-404): [#def235]
openssh-10.2p1/misc.c:1324:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/misc.c:1463:1: enter_function: entry to ‘percent_dollar_expand’
openssh-10.2p1/misc.c:1469:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/misc.c:1470:15: call_function: calling ‘vdollar_percent_expand’ from ‘percent_dollar_expand’
# 1322|   
# 1323|   	if ((buf = sshbuf_new()) == NULL)
# 1324|-> 		fatal_f("sshbuf_new failed");
# 1325|   	if (parseerror == NULL)
# 1326|   		fatal_f("null parseerror arg");

Error: GCC_ANALYZER_WARNING (CWE-404): [#def236]
openssh-10.2p1/misc.c:1337:33: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/misc.c:1463:1: enter_function: entry to ‘percent_dollar_expand’
openssh-10.2p1/misc.c:1469:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/misc.c:1470:15: call_function: calling ‘vdollar_percent_expand’ from ‘percent_dollar_expand’
# 1335|   			keys[num_keys].repl = va_arg(ap, char *);
# 1336|   			if (keys[num_keys].repl == NULL) {
# 1337|-> 				fatal_f("NULL replacement for token %s",
# 1338|   				    keys[num_keys].key);
# 1339|   			}

Error: GCC_ANALYZER_WARNING (CWE-404): [#def237]
openssh-10.2p1/misc.c:1342:25: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/misc.c:1463:1: enter_function: entry to ‘percent_dollar_expand’
openssh-10.2p1/misc.c:1469:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/misc.c:1470:15: call_function: calling ‘vdollar_percent_expand’ from ‘percent_dollar_expand’
# 1340|   		}
# 1341|   		if (num_keys == EXPAND_MAX_KEYS && va_arg(ap, char *) != NULL)
# 1342|-> 			fatal_f("too many keys");
# 1343|   		if (num_keys == 0)
# 1344|   			fatal_f("percent expansion without token list");

Error: GCC_ANALYZER_WARNING (CWE-404): [#def238]
openssh-10.2p1/misc.c:1344:25: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/misc.c:1463:1: enter_function: entry to ‘percent_dollar_expand’
openssh-10.2p1/misc.c:1469:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/misc.c:1470:15: call_function: calling ‘vdollar_percent_expand’ from ‘percent_dollar_expand’
# 1342|   			fatal_f("too many keys");
# 1343|   		if (num_keys == 0)
# 1344|-> 			fatal_f("percent expansion without token list");
# 1345|   	}
# 1346|   

Error: COMPILER_WARNING (CWE-704): [#def239]
openssh-10.2p1/misc.c: scope_hint: In function ‘vdollar_percent_expand’
openssh-10.2p1/misc.c:1352:37: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1352 |                         if ((varend = strchr(string, '}')) == NULL) {
#      |                                     ^
# 1350|   		if (dollar && string[0] == '$' && string[1] == '{') {
# 1351|   			string += 2;  /* skip over '${' */
# 1352|-> 			if ((varend = strchr(string, '}')) == NULL) {
# 1353|   				error_f("environment variable '%s' missing "
# 1354|   				    "closing '}'", string);

Error: COMPILER_WARNING (CWE-704): [#def240]
openssh-10.2p1/misc.c:1352:37: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1350|   		if (dollar && string[0] == '$' && string[1] == '{') {
# 1351|   			string += 2;  /* skip over '${' */
# 1352|-> 			if ((varend = strchr(string, '}')) == NULL) {
# 1353|   				error_f("environment variable '%s' missing "
# 1354|   				    "closing '}'", string);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def241]
openssh-10.2p1/misc.c:1353:33: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/misc.c:1425:1: enter_function: entry to ‘dollar_expand’
openssh-10.2p1/misc.c:1431:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/misc.c:1432:15: call_function: calling ‘vdollar_percent_expand’ from ‘dollar_expand’
# 1351|   			string += 2;  /* skip over '${' */
# 1352|   			if ((varend = strchr(string, '}')) == NULL) {
# 1353|-> 				error_f("environment variable '%s' missing "
# 1354|   				    "closing '}'", string);
# 1355|   				goto out;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def242]
openssh-10.2p1/misc.c:1359:33: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/misc.c:1425:1: enter_function: entry to ‘dollar_expand’
openssh-10.2p1/misc.c:1431:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/misc.c:1432:15: call_function: calling ‘vdollar_percent_expand’ from ‘dollar_expand’
# 1357|   			len = varend - string;
# 1358|   			if (len == 0) {
# 1359|-> 				error_f("zero-length environment variable");
# 1360|   				goto out;
# 1361|   			}

Error: GCC_ANALYZER_WARNING (CWE-404): [#def243]
openssh-10.2p1/misc.c:1362:31: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/misc.c:1425:1: enter_function: entry to ‘dollar_expand’
openssh-10.2p1/misc.c:1431:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/misc.c:1432:15: call_function: calling ‘vdollar_percent_expand’ from ‘dollar_expand’
# 1360|   				goto out;
# 1361|   			}
# 1362|-> 			var = xmalloc(len + 1);
# 1363|   			(void)strlcpy(var, string, len + 1);
# 1364|   			if ((val = getenv(var)) == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-404): [#def244]
openssh-10.2p1/misc.c:1365:33: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/misc.c:1425:1: enter_function: entry to ‘dollar_expand’
openssh-10.2p1/misc.c:1431:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/misc.c:1432:15: call_function: calling ‘vdollar_percent_expand’ from ‘dollar_expand’
# 1363|   			(void)strlcpy(var, string, len + 1);
# 1364|   			if ((val = getenv(var)) == NULL) {
# 1365|-> 				error_f("env var ${%s} has no value", var);
# 1366|   				missingvar = 1;
# 1367|   			} else {

Error: GCC_ANALYZER_WARNING (CWE-404): [#def245]
openssh-10.2p1/misc.c:1384:34: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/misc.c:1444:1: enter_function: entry to ‘percent_expand’
openssh-10.2p1/misc.c:1450:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/misc.c:1451:15: call_function: calling ‘vdollar_percent_expand’ from ‘percent_expand’
# 1382|   		if (*string != '%' || !percent) {
# 1383|    append:
# 1384|-> 			if ((r = sshbuf_put_u8(buf, *string)) != 0)
# 1385|   				fatal_fr(r, "sshbuf_put_u8 %%");
# 1386|   			continue;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def246]
openssh-10.2p1/misc.c:1385:33: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/misc.c:1444:1: enter_function: entry to ‘percent_expand’
openssh-10.2p1/misc.c:1450:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/misc.c:1451:15: call_function: calling ‘vdollar_percent_expand’ from ‘percent_expand’
# 1383|    append:
# 1384|   			if ((r = sshbuf_put_u8(buf, *string)) != 0)
# 1385|-> 				fatal_fr(r, "sshbuf_put_u8 %%");
# 1386|   			continue;
# 1387|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def247]
openssh-10.2p1/misc.c:1565:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dupfd’
openssh-10.2p1/misc.c:1560:31: acquire_resource: opened here
openssh-10.2p1/misc.c:1560:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:1560:12: branch_false: ...to here
openssh-10.2p1/misc.c:1565:16: branch_true: following ‘true’ branch (when ‘dupfd <= 2’)...
openssh-10.2p1/misc.c:1567:21: branch_true: ...to here
openssh-10.2p1/misc.c:1567:21: throw: if ‘fcntl’ throws an exception...
openssh-10.2p1/misc.c:1565:16: danger: ‘dupfd’ leaks here; was opened at [(1)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/0)
# 1563|   		exit(1);
# 1564|   	}
# 1565|-> 	while (++dupfd <= STDERR_FILENO) {
# 1566|   		/* Only populate closed fds. */
# 1567|   		if (fcntl(dupfd, F_GETFL) == -1 && errno == EBADF) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def248]
openssh-10.2p1/misc.c:1567:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-10.2p1/misc.c:1560:31: acquire_resource: opened here
openssh-10.2p1/misc.c:1560:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:1560:12: branch_false: ...to here
openssh-10.2p1/misc.c:1565:16: branch_true: following ‘true’ branch (when ‘dupfd <= 2’)...
openssh-10.2p1/misc.c:1567:21: branch_true: ...to here
openssh-10.2p1/misc.c:1565:16: branch_true: following ‘true’ branch (when ‘dupfd <= 2’)...
openssh-10.2p1/misc.c:1567:21: branch_true: ...to here
openssh-10.2p1/misc.c:1567:21: throw: if ‘fcntl’ throws an exception...
openssh-10.2p1/misc.c:1567:21: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/0)
# 1565|   	while (++dupfd <= STDERR_FILENO) {
# 1566|   		/* Only populate closed fds. */
# 1567|-> 		if (fcntl(dupfd, F_GETFL) == -1 && errno == EBADF) {
# 1568|   			if (dup2(nullfd, dupfd) == -1) {
# 1569|   				fprintf(stderr, "dup2: %s\n", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def249]
openssh-10.2p1/misc.c:1568:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), dupfd)’
openssh-10.2p1/misc.c:1560:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:1560:12: branch_false: ...to here
openssh-10.2p1/misc.c:1565:16: branch_true: following ‘true’ branch (when ‘dupfd <= 2’)...
openssh-10.2p1/misc.c:1567:21: branch_true: ...to here
openssh-10.2p1/misc.c:1567:20: branch_true: following ‘true’ branch...
openssh-10.2p1/misc.c:1568:29: acquire_resource: opened here
openssh-10.2p1/misc.c:1568:28: danger: ‘dup2(open("/dev/null", 2), dupfd)’ leaks here; was opened at [(7)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/6)
# 1566|   		/* Only populate closed fds. */
# 1567|   		if (fcntl(dupfd, F_GETFL) == -1 && errno == EBADF) {
# 1568|-> 			if (dup2(nullfd, dupfd) == -1) {
# 1569|   				fprintf(stderr, "dup2: %s\n", strerror(errno));
# 1570|   				exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def250]
openssh-10.2p1/misc.c:1574:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-10.2p1/misc.c:1560:31: acquire_resource: opened here
openssh-10.2p1/misc.c:1560:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:1560:12: branch_false: ...to here
openssh-10.2p1/misc.c:1565:16: branch_true: following ‘true’ branch (when ‘dupfd <= 2’)...
openssh-10.2p1/misc.c:1567:21: branch_true: ...to here
openssh-10.2p1/misc.c:1574:12: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/0)
# 1572|   		}
# 1573|   	}
# 1574|-> 	if (nullfd > STDERR_FILENO)
# 1575|   		close(nullfd);
# 1576|   	/* coverity[leaked_handle : FALSE]*/

Error: GCC_ANALYZER_WARNING (CWE-404): [#def251]
openssh-10.2p1/misc.c:1611:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/misc.c:1610:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/misc.c:1611:9: throw: if ‘xvasprintf’ throws an exception...
openssh-10.2p1/misc.c:1611:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/0)
# 1609|   
# 1610|   	va_start(ap, fmt);
# 1611|-> 	xvasprintf(&tmp1, fmt, ap);
# 1612|   	va_end(ap);
# 1613|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def252]
openssh-10.2p1/misc.c:1986:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/misc.c:1970:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:1977:16: branch_false: ...to here
openssh-10.2p1/misc.c:1977:16: acquire_resource: stream socket created here
openssh-10.2p1/misc.c:1978:12: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.2p1/misc.c:1984:12: branch_false: ...to here
openssh-10.2p1/misc.c:1984:12: branch_true: following ‘true’ branch (when ‘unlink_first == 1’)...
openssh-10.2p1/misc.c:1985:21: branch_true: ...to here
openssh-10.2p1/misc.c:1985:20: branch_true: following ‘true’ branch...
openssh-10.2p1/misc.c:1986:25: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/misc.c:1986:25: danger: ‘sock’ leaks here
# 1984|   	if (unlink_first == 1) {
# 1985|   		if (unlink(path) != 0 && errno != ENOENT)
# 1986|-> 			error("unlink(%s): %.100s", path, strerror(errno));
# 1987|   	}
# 1988|   	if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def253]
openssh-10.2p1/misc.c:1997:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/misc.c:1970:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:1977:16: branch_false: ...to here
openssh-10.2p1/misc.c:1977:16: acquire_resource: stream socket created here
openssh-10.2p1/misc.c:1978:12: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.2p1/misc.c:1984:12: branch_false: ...to here
openssh-10.2p1/misc.c:1988:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:1995:13: branch_false: ...to here
openssh-10.2p1/misc.c:1995:12: branch_true: following ‘true’ branch...
openssh-10.2p1/misc.c:1996:31: branch_true: ...to here
openssh-10.2p1/misc.c:1997:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/misc.c:1997:17: danger: ‘sock’ leaks here
# 1995|   	if (listen(sock, backlog) == -1) {
# 1996|   		saved_errno = errno;
# 1997|-> 		error_f("cannot listen on path %s: %s", path, strerror(errno));
# 1998|   		close(sock);
# 1999|   		unlink(path);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def254]
openssh-10.2p1/misc.c:1998:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/misc.c:1970:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:1977:16: branch_false: ...to here
openssh-10.2p1/misc.c:1977:16: acquire_resource: stream socket created here
openssh-10.2p1/misc.c:1978:12: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.2p1/misc.c:1984:12: branch_false: ...to here
openssh-10.2p1/misc.c:1988:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:1995:13: branch_false: ...to here
openssh-10.2p1/misc.c:1995:12: branch_true: following ‘true’ branch...
openssh-10.2p1/misc.c:1996:31: branch_true: ...to here
openssh-10.2p1/misc.c:1998:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/misc.c:1998:17: danger: ‘sock’ leaks here
# 1996|   		saved_errno = errno;
# 1997|   		error_f("cannot listen on path %s: %s", path, strerror(errno));
# 1998|-> 		close(sock);
# 1999|   		unlink(path);
# 2000|   		errno = saved_errno;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def255]
openssh-10.2p1/misc.c:2075:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 256)’
openssh-10.2p1/misc.c:2074:19: acquire_resource: opened here
openssh-10.2p1/misc.c:2074:12: branch_true: following ‘true’ branch...
openssh-10.2p1/misc.c:2075:17: branch_true: ...to here
openssh-10.2p1/misc.c:2075:17: danger: ‘open("/dev/tty", 256)’ leaks here; was opened at [(1)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/0)
# 2073|   
# 2074|   	if ((fd = open(_PATH_TTY, O_RDONLY | O_NOCTTY)) >= 0) {
# 2075|-> 		close(fd);
# 2076|   		return 0;	/* have controlling terminal */
# 2077|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def256]
openssh-10.2p1/misc.c:2207:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/misc.c:2171:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2174:21: branch_false: following ‘false’ branch (when ‘i >= argc’)...
openssh-10.2p1/misc.c:2205:27: branch_false: ...to here
openssh-10.2p1/misc.c:2205:20: acquire_memory: allocated here
openssh-10.2p1/misc.c:2205:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/misc.c:2207:9: branch_false: ...to here
openssh-10.2p1/misc.c:2207:9: throw: if ‘sshbuf_len’ throws an exception...
openssh-10.2p1/misc.c:2207:9: danger: ‘ret’ leaks here; was allocated at [(5)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/4)
# 2205|   	if ((ret = malloc(sshbuf_len(buf) + 1)) == NULL)
# 2206|   		fatal_f("malloc failed");
# 2207|-> 	memcpy(ret, sshbuf_ptr(buf), sshbuf_len(buf));
# 2208|   	ret[sshbuf_len(buf)] = '\0';
# 2209|   	sshbuf_free(buf);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def257]
openssh-10.2p1/misc.c:2207:21: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/misc.c:2171:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2174:21: branch_false: following ‘false’ branch (when ‘i >= argc’)...
openssh-10.2p1/misc.c:2205:27: branch_false: ...to here
openssh-10.2p1/misc.c:2205:20: acquire_memory: allocated here
openssh-10.2p1/misc.c:2205:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/misc.c:2207:9: branch_false: ...to here
openssh-10.2p1/misc.c:2207:21: throw: if ‘sshbuf_ptr’ throws an exception...
openssh-10.2p1/misc.c:2207:21: danger: ‘ret’ leaks here; was allocated at [(5)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/4)
# 2205|   	if ((ret = malloc(sshbuf_len(buf) + 1)) == NULL)
# 2206|   		fatal_f("malloc failed");
# 2207|-> 	memcpy(ret, sshbuf_ptr(buf), sshbuf_len(buf));
# 2208|   	ret[sshbuf_len(buf)] = '\0';
# 2209|   	sshbuf_free(buf);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def258]
openssh-10.2p1/misc.c:2208:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/misc.c:2171:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2174:21: branch_false: following ‘false’ branch (when ‘i >= argc’)...
openssh-10.2p1/misc.c:2205:27: branch_false: ...to here
openssh-10.2p1/misc.c:2205:20: acquire_memory: allocated here
openssh-10.2p1/misc.c:2205:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/misc.c:2207:9: branch_false: ...to here
openssh-10.2p1/misc.c:2208:13: throw: if ‘sshbuf_len’ throws an exception...
openssh-10.2p1/misc.c:2208:13: danger: ‘ret’ leaks here; was allocated at [(5)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/4)
# 2206|   		fatal_f("malloc failed");
# 2207|   	memcpy(ret, sshbuf_ptr(buf), sshbuf_len(buf));
# 2208|-> 	ret[sshbuf_len(buf)] = '\0';
# 2209|   	sshbuf_free(buf);
# 2210|   	sshbuf_free(arg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def259]
openssh-10.2p1/misc.c:2209:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/misc.c:2171:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2174:21: branch_false: following ‘false’ branch (when ‘i >= argc’)...
openssh-10.2p1/misc.c:2205:27: branch_false: ...to here
openssh-10.2p1/misc.c:2205:20: acquire_memory: allocated here
openssh-10.2p1/misc.c:2205:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/misc.c:2207:9: branch_false: ...to here
openssh-10.2p1/misc.c:2209:9: throw: if ‘sshbuf_free’ throws an exception...
openssh-10.2p1/misc.c:2209:9: danger: ‘ret’ leaks here; was allocated at [(5)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/4)
# 2207|   	memcpy(ret, sshbuf_ptr(buf), sshbuf_len(buf));
# 2208|   	ret[sshbuf_len(buf)] = '\0';
# 2209|-> 	sshbuf_free(buf);
# 2210|   	sshbuf_free(arg);
# 2211|   	return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def260]
openssh-10.2p1/misc.c:2210:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/misc.c:2171:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2174:21: branch_false: following ‘false’ branch (when ‘i >= argc’)...
openssh-10.2p1/misc.c:2205:27: branch_false: ...to here
openssh-10.2p1/misc.c:2205:20: acquire_memory: allocated here
openssh-10.2p1/misc.c:2205:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/misc.c:2207:9: branch_false: ...to here
openssh-10.2p1/misc.c:2210:9: throw: if ‘sshbuf_free’ throws an exception...
openssh-10.2p1/misc.c:2210:9: danger: ‘ret’ leaks here; was allocated at [(5)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/4)
# 2208|   	ret[sshbuf_len(buf)] = '\0';
# 2209|   	sshbuf_free(buf);
# 2210|-> 	sshbuf_free(arg);
# 2211|   	return ret;
# 2212|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def261]
openssh-10.2p1/misc.c:2377:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.2p1/misc.c:2792:1: enter_function: entry to ‘subprocess’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2870:20: branch_true: following ‘true’ branch...
openssh-10.2p1/misc.c:2871:25: branch_true: ...to here
openssh-10.2p1/misc.c:2873:25: call_function: calling ‘child_set_env’ from ‘subprocess’
# 2375|   
# 2376|   	if (strchr(name, '=') != NULL) {
# 2377|-> 		error("Invalid environment variable \"%.100s\"", name);
# 2378|   		return;
# 2379|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def262]
openssh-10.2p1/misc.c:2377:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.2p1/misc.c:2792:1: enter_function: entry to ‘subprocess’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2870:20: branch_true: following ‘true’ branch...
openssh-10.2p1/misc.c:2871:25: branch_true: ...to here
openssh-10.2p1/misc.c:2873:25: call_function: calling ‘child_set_env’ from ‘subprocess’
# 2375|   
# 2376|   	if (strchr(name, '=') != NULL) {
# 2377|-> 		error("Invalid environment variable \"%.100s\"", name);
# 2378|   		return;
# 2379|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def263]
openssh-10.2p1/misc.c:2386:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.2p1/misc.c:2792:1: enter_function: entry to ‘subprocess’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2870:20: branch_true: following ‘true’ branch...
openssh-10.2p1/misc.c:2871:25: branch_true: ...to here
openssh-10.2p1/misc.c:2873:25: call_function: calling ‘child_set_env’ from ‘subprocess’
# 2384|   	 */
# 2385|   	if ((*envp == NULL) != (*envsizep == 0))
# 2386|-> 		fatal_f("environment size mismatch");
# 2387|   	if (*envp == NULL && *envsizep == 0) {
# 2388|   		*envp = xmalloc(sizeof(char *));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def264]
openssh-10.2p1/misc.c:2386:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.2p1/misc.c:2792:1: enter_function: entry to ‘subprocess’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2870:20: branch_true: following ‘true’ branch...
openssh-10.2p1/misc.c:2871:25: branch_true: ...to here
openssh-10.2p1/misc.c:2873:25: call_function: calling ‘child_set_env’ from ‘subprocess’
# 2384|   	 */
# 2385|   	if ((*envp == NULL) != (*envsizep == 0))
# 2386|-> 		fatal_f("environment size mismatch");
# 2387|   	if (*envp == NULL && *envsizep == 0) {
# 2388|   		*envp = xmalloc(sizeof(char *));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def265]
openssh-10.2p1/misc.c:2422:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.2p1/misc.c:2792:1: enter_function: entry to ‘subprocess’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2870:20: branch_true: following ‘true’ branch...
openssh-10.2p1/misc.c:2871:25: branch_true: ...to here
openssh-10.2p1/misc.c:2873:25: call_function: calling ‘child_set_env’ from ‘subprocess’
# 2420|   	/* Allocate space and format the variable in the appropriate slot. */
# 2421|   	/* XXX xasprintf */
# 2422|-> 	env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1);
# 2423|   	snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value);
# 2424|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def266]
openssh-10.2p1/misc.c:2422:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.2p1/misc.c:2792:1: enter_function: entry to ‘subprocess’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2870:20: branch_true: following ‘true’ branch...
openssh-10.2p1/misc.c:2871:25: branch_true: ...to here
openssh-10.2p1/misc.c:2873:25: call_function: calling ‘child_set_env’ from ‘subprocess’
# 2420|   	/* Allocate space and format the variable in the appropriate slot. */
# 2421|   	/* XXX xasprintf */
# 2422|-> 	env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1);
# 2423|   	snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value);
# 2424|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def267]
openssh-10.2p1/misc.c:2754:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.2p1/misc.c:2792:1: enter_function: entry to ‘subprocess’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2870:20: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2881:17: branch_false: ...to here
openssh-10.2p1/misc.c:2881:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.2p1/misc.c:2882:25: branch_true: ...to here
openssh-10.2p1/misc.c:2882:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
# 2752|   #endif
# 2753|   	if (sigaction(signum, &sa, &osa) == -1) {
# 2754|-> 		debug3("sigaction(%s): %s", strsignal(signum), strerror(errno));
# 2755|   		return SIG_ERR;
# 2756|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def268]
openssh-10.2p1/misc.c:2754:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.2p1/misc.c:2792:1: enter_function: entry to ‘subprocess’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2870:20: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2881:17: branch_false: ...to here
openssh-10.2p1/misc.c:2881:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.2p1/misc.c:2882:25: branch_true: ...to here
openssh-10.2p1/misc.c:2882:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.2p1/misc.c:2882:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.2p1/misc.c:2881:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.2p1/misc.c:2882:25: branch_true: ...to here
openssh-10.2p1/misc.c:2882:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
# 2752|   #endif
# 2753|   	if (sigaction(signum, &sa, &osa) == -1) {
# 2754|-> 		debug3("sigaction(%s): %s", strsignal(signum), strerror(errno));
# 2755|   		return SIG_ERR;
# 2756|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def269]
openssh-10.2p1/misc.c:2754:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[i]’
openssh-10.2p1/misc.c:2792:1: enter_function: entry to ‘subprocess’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2870:20: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2881:17: branch_false: ...to here
openssh-10.2p1/misc.c:2881:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.2p1/misc.c:2882:25: branch_true: ...to here
openssh-10.2p1/misc.c:2882:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
# 2752|   #endif
# 2753|   	if (sigaction(signum, &sa, &osa) == -1) {
# 2754|-> 		debug3("sigaction(%s): %s", strsignal(signum), strerror(errno));
# 2755|   		return SIG_ERR;
# 2756|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def270]
openssh-10.2p1/misc.c:2770:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 0)’
openssh-10.2p1/misc.c:2765:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2770:12: branch_false: ...to here
openssh-10.2p1/misc.c:2770:12: branch_true: following ‘true’ branch (when ‘do_stdin != 0’)...
openssh-10.2p1/misc.c:2770:26: branch_true: ...to here
openssh-10.2p1/misc.c:2770:26: acquire_resource: opened here
openssh-10.2p1/misc.c:2770:13: danger: ‘dup2(open("/dev/null", 2), 0)’ leaks here; was opened at [(5)](sarif:/runs/0/results/40/codeFlows/0/threadFlows/0/locations/4)
# 2768|   		return -1;
# 2769|   	}
# 2770|-> 	if ((do_stdin && dup2(devnull, STDIN_FILENO) == -1) ||
# 2771|   	    (do_stdout && dup2(devnull, STDOUT_FILENO) == -1) ||
# 2772|   	    (do_stderr && dup2(devnull, STDERR_FILENO) == -1)) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def271]
openssh-10.2p1/misc.c:2771:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 1)’
openssh-10.2p1/misc.c:2765:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2770:12: branch_false: ...to here
openssh-10.2p1/misc.c:2770:13: branch_true: following ‘true’ branch (when ‘do_stdout != 0’)...
openssh-10.2p1/misc.c:2771:27: branch_true: ...to here
openssh-10.2p1/misc.c:2771:27: acquire_resource: opened here
openssh-10.2p1/misc.c:2771:13: danger: ‘dup2(open("/dev/null", 2), 1)’ leaks here; was opened at [(5)](sarif:/runs/0/results/41/codeFlows/0/threadFlows/0/locations/4)
# 2769|   	}
# 2770|   	if ((do_stdin && dup2(devnull, STDIN_FILENO) == -1) ||
# 2771|-> 	    (do_stdout && dup2(devnull, STDOUT_FILENO) == -1) ||
# 2772|   	    (do_stderr && dup2(devnull, STDERR_FILENO) == -1)) {
# 2773|   		error_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def272]
openssh-10.2p1/misc.c:2772:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 2)’
openssh-10.2p1/misc.c:2765:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2770:12: branch_false: ...to here
openssh-10.2p1/misc.c:2770:13: branch_true: following ‘true’ branch (when ‘do_stderr != 0’)...
openssh-10.2p1/misc.c:2772:27: branch_true: ...to here
openssh-10.2p1/misc.c:2772:27: acquire_resource: opened here
openssh-10.2p1/misc.c:2772:13: danger: ‘dup2(open("/dev/null", 2), 2)’ leaks here; was opened at [(5)](sarif:/runs/0/results/42/codeFlows/0/threadFlows/0/locations/4)
# 2770|   	if ((do_stdin && dup2(devnull, STDIN_FILENO) == -1) ||
# 2771|   	    (do_stdout && dup2(devnull, STDOUT_FILENO) == -1) ||
# 2772|-> 	    (do_stderr && dup2(devnull, STDERR_FILENO) == -1)) {
# 2773|   		error_f("dup2: %s", strerror(errno));
# 2774|   		ret = -1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def273]
openssh-10.2p1/misc.c:2773:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-10.2p1/misc.c:2765:24: acquire_resource: opened here
openssh-10.2p1/misc.c:2765:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2770:12: branch_false: ...to here
openssh-10.2p1/misc.c:2773:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/misc.c:2773:17: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/43/codeFlows/0/threadFlows/0/locations/0)
# 2771|   	    (do_stdout && dup2(devnull, STDOUT_FILENO) == -1) ||
# 2772|   	    (do_stderr && dup2(devnull, STDERR_FILENO) == -1)) {
# 2773|-> 		error_f("dup2: %s", strerror(errno));
# 2774|   		ret = -1;
# 2775|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def274]
openssh-10.2p1/misc.c:2776:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-10.2p1/misc.c:2765:24: acquire_resource: opened here
openssh-10.2p1/misc.c:2765:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2770:12: branch_false: ...to here
openssh-10.2p1/misc.c:2776:12: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/44/codeFlows/0/threadFlows/0/locations/0)
# 2774|   		ret = -1;
# 2775|   	}
# 2776|-> 	if (devnull > STDERR_FILENO)
# 2777|   		close(devnull);
# 2778|   	/* coverity[leaked_handle : FALSE]*/

Error: GCC_ANALYZER_WARNING (CWE-775): [#def275]
openssh-10.2p1/misc.c:2777:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-10.2p1/misc.c:2765:24: acquire_resource: opened here
openssh-10.2p1/misc.c:2765:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2770:12: branch_false: ...to here
openssh-10.2p1/misc.c:2776:12: branch_true: following ‘true’ branch...
openssh-10.2p1/misc.c:2777:17: branch_true: ...to here
openssh-10.2p1/misc.c:2777:17: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/45/codeFlows/0/threadFlows/0/locations/0)
# 2775|   	}
# 2776|   	if (devnull > STDERR_FILENO)
# 2777|-> 		close(devnull);
# 2778|   	/* coverity[leaked_handle : FALSE]*/
# 2779|   	return ret;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def276]
openssh-10.2p1/misc.c:2860:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2859:12: branch_true: following ‘true’ branch (when ‘restore_privs’ is non-NULL)...
openssh-10.2p1/misc.c:2860:17: branch_true: ...to here
openssh-10.2p1/misc.c:2860:17: throw: if the called function throws an exception...
openssh-10.2p1/misc.c:2860:17: danger: ‘p[0]’ leaks here
# 2858|   	}
# 2859|   	if (restore_privs != NULL)
# 2860|-> 		restore_privs();
# 2861|   
# 2862|   	switch ((pid = fork())) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def277]
openssh-10.2p1/misc.c:2860:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2859:12: branch_true: following ‘true’ branch (when ‘restore_privs’ is non-NULL)...
openssh-10.2p1/misc.c:2860:17: branch_true: ...to here
openssh-10.2p1/misc.c:2860:17: throw: if the called function throws an exception...
openssh-10.2p1/misc.c:2860:17: danger: ‘p[1]’ leaks here
# 2858|   	}
# 2859|   	if (restore_privs != NULL)
# 2860|-> 		restore_privs();
# 2861|   
# 2862|   	switch ((pid = fork())) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def278]
openssh-10.2p1/misc.c:2862:24: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2947:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2949:23: branch_false: ...to here
openssh-10.2p1/misc.c:2949:23: acquire_memory: allocated here
openssh-10.2p1/misc.c:2949:17: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
openssh-10.2p1/misc.c:2959:9: branch_false: ...to here
openssh-10.2p1/misc.c:2960:12: branch_false: following ‘false’ branch (when ‘child’ is NULL)...
openssh-10.2p1/misc.c:2808:24: branch_false: ...to here
openssh-10.2p1/misc.c:2862:24: danger: ‘f’ leaks here; was allocated at [(14)](sarif:/runs/0/results/48/codeFlows/0/threadFlows/0/locations/13)
# 2860|   		restore_privs();
# 2861|   
# 2862|-> 	switch ((pid = fork())) {
# 2863|   	case -1: /* error */
# 2864|   		error("%s: fork: %s", tag, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def279]
openssh-10.2p1/misc.c:2864:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2864:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/misc.c:2864:17: danger: ‘p[0]’ leaks here
# 2862|   	switch ((pid = fork())) {
# 2863|   	case -1: /* error */
# 2864|-> 		error("%s: fork: %s", tag, strerror(errno));
# 2865|   		close(p[0]);
# 2866|   		close(p[1]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def280]
openssh-10.2p1/misc.c:2864:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2864:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/misc.c:2864:17: danger: ‘p[1]’ leaks here
# 2862|   	switch ((pid = fork())) {
# 2863|   	case -1: /* error */
# 2864|-> 		error("%s: fork: %s", tag, strerror(errno));
# 2865|   		close(p[0]);
# 2866|   		close(p[1]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def281]
openssh-10.2p1/misc.c:2865:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2865:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/misc.c:2865:17: danger: ‘p[0]’ leaks here
# 2863|   	case -1: /* error */
# 2864|   		error("%s: fork: %s", tag, strerror(errno));
# 2865|-> 		close(p[0]);
# 2866|   		close(p[1]);
# 2867|   		return 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def282]
openssh-10.2p1/misc.c:2865:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2865:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/misc.c:2865:17: danger: ‘p[1]’ leaks here
# 2863|   	case -1: /* error */
# 2864|   		error("%s: fork: %s", tag, strerror(errno));
# 2865|-> 		close(p[0]);
# 2866|   		close(p[1]);
# 2867|   		return 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def283]
openssh-10.2p1/misc.c:2866:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2866:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/misc.c:2866:17: danger: ‘p[1]’ leaks here
# 2864|   		error("%s: fork: %s", tag, strerror(errno));
# 2865|   		close(p[0]);
# 2866|-> 		close(p[1]);
# 2867|   		return 0;
# 2868|   	case 0: /* child */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def284]
openssh-10.2p1/misc.c:2872:31: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2870:20: branch_true: following ‘true’ branch...
openssh-10.2p1/misc.c:2871:25: branch_true: ...to here
openssh-10.2p1/misc.c:2872:31: throw: if ‘xcalloc’ throws an exception...
openssh-10.2p1/misc.c:2872:31: danger: ‘p[0]’ leaks here
# 2870|   		if ((flags & SSH_SUBPROCESS_PRESERVE_ENV) == 0) {
# 2871|   			nenv = 5;
# 2872|-> 			env = xcalloc(sizeof(*env), nenv);
# 2873|   			child_set_env(&env, &nenv, "PATH", _PATH_STDPATH);
# 2874|   			child_set_env(&env, &nenv, "USER", pw->pw_name);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def285]
openssh-10.2p1/misc.c:2872:31: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2870:20: branch_true: following ‘true’ branch...
openssh-10.2p1/misc.c:2871:25: branch_true: ...to here
openssh-10.2p1/misc.c:2872:31: throw: if ‘xcalloc’ throws an exception...
openssh-10.2p1/misc.c:2872:31: danger: ‘p[1]’ leaks here
# 2870|   		if ((flags & SSH_SUBPROCESS_PRESERVE_ENV) == 0) {
# 2871|   			nenv = 5;
# 2872|-> 			env = xcalloc(sizeof(*env), nenv);
# 2873|   			child_set_env(&env, &nenv, "PATH", _PATH_STDPATH);
# 2874|   			child_set_env(&env, &nenv, "USER", pw->pw_name);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def286]
openssh-10.2p1/misc.c:2946:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2946:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/misc.c:2946:9: danger: ‘p[0]’ leaks here
# 2944|   	}
# 2945|   
# 2946|-> 	close(p[1]);
# 2947|   	if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0)
# 2948|   		close(p[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def287]
openssh-10.2p1/misc.c:2946:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2946:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/misc.c:2946:9: danger: ‘p[1]’ leaks here
# 2944|   	}
# 2945|   
# 2946|-> 	close(p[1]);
# 2947|   	if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0)
# 2948|   		close(p[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def288]
openssh-10.2p1/misc.c:2948:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2947:12: branch_true: following ‘true’ branch...
openssh-10.2p1/misc.c:2948:17: branch_true: ...to here
openssh-10.2p1/misc.c:2948:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/misc.c:2948:17: danger: ‘p[0]’ leaks here
# 2946|   	close(p[1]);
# 2947|   	if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0)
# 2948|-> 		close(p[0]);
# 2949|   	else if ((f = fdopen(p[0], "r")) == NULL) {
# 2950|   		error("%s: fdopen: %s", tag, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def289]
openssh-10.2p1/misc.c:2959:9: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.2p1/misc.c:2826:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2835:14: branch_false: ...to here
openssh-10.2p1/misc.c:2835:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2839:12: branch_false: ...to here
openssh-10.2p1/misc.c:2841:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2846:13: branch_false: ...to here
openssh-10.2p1/misc.c:2852:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2859:12: branch_false: ...to here
openssh-10.2p1/misc.c:2947:12: branch_false: following ‘false’ branch...
openssh-10.2p1/misc.c:2949:23: branch_false: ...to here
openssh-10.2p1/misc.c:2949:23: acquire_memory: allocated here
openssh-10.2p1/misc.c:2949:17: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
openssh-10.2p1/misc.c:2959:9: branch_false: ...to here
openssh-10.2p1/misc.c:2959:9: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/misc.c:2959:9: danger: ‘f’ leaks here; was allocated at [(14)](sarif:/runs/0/results/59/codeFlows/0/threadFlows/0/locations/13)
# 2957|   	}
# 2958|   	/* Success */
# 2959|-> 	debug3_f("%s pid %ld", tag, (long)pid);
# 2960|   	if (child != NULL)
# 2961|   		*child = f;

Error: COMPILER_WARNING (CWE-9001): [#def290]
openssh-10.2p1/ssh-keycat.c:57: included_from: Included from here.
openssh-10.2p1/misc.h:159:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  159 |     __attribute__((__bounded__( __minbytes__, 1, 8)));
#      |     ^~~~~~~~~~~~~
#  157|   /* Functions to extract or store big-endian words of various sizes */
#  158|   u_int64_t	get_u64(const void *)
#  159|->     __attribute__((__bounded__( __minbytes__, 1, 8)));
#  160|   u_int32_t	get_u32(const void *)
#  161|       __attribute__((__bounded__( __minbytes__, 1, 4)));

Error: COMPILER_WARNING (CWE-9001): [#def291]
openssh-10.2p1/misc.h:159:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  157|   /* Functions to extract or store big-endian words of various sizes */
#  158|   u_int64_t	get_u64(const void *)
#  159|->     __attribute__((__bounded__( __minbytes__, 1, 8)));
#  160|   u_int32_t	get_u32(const void *)
#  161|       __attribute__((__bounded__( __minbytes__, 1, 4)));

Error: COMPILER_WARNING (CWE-9001): [#def292]
openssh-10.2p1/misc.h:161:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  161 |     __attribute__((__bounded__( __minbytes__, 1, 4)));
#      |     ^~~~~~~~~~~~~
#  159|       __attribute__((__bounded__( __minbytes__, 1, 8)));
#  160|   u_int32_t	get_u32(const void *)
#  161|->     __attribute__((__bounded__( __minbytes__, 1, 4)));
#  162|   u_int16_t	get_u16(const void *)
#  163|       __attribute__((__bounded__( __minbytes__, 1, 2)));

Error: COMPILER_WARNING (CWE-9001): [#def293]
openssh-10.2p1/misc.h:161:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  159|       __attribute__((__bounded__( __minbytes__, 1, 8)));
#  160|   u_int32_t	get_u32(const void *)
#  161|->     __attribute__((__bounded__( __minbytes__, 1, 4)));
#  162|   u_int16_t	get_u16(const void *)
#  163|       __attribute__((__bounded__( __minbytes__, 1, 2)));

Error: COMPILER_WARNING (CWE-9001): [#def294]
openssh-10.2p1/misc.h:163:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  163 |     __attribute__((__bounded__( __minbytes__, 1, 2)));
#      |     ^~~~~~~~~~~~~
#  161|       __attribute__((__bounded__( __minbytes__, 1, 4)));
#  162|   u_int16_t	get_u16(const void *)
#  163|->     __attribute__((__bounded__( __minbytes__, 1, 2)));
#  164|   void		put_u64(void *, u_int64_t)
#  165|       __attribute__((__bounded__( __minbytes__, 1, 8)));

Error: COMPILER_WARNING (CWE-9001): [#def295]
openssh-10.2p1/misc.h:163:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  161|       __attribute__((__bounded__( __minbytes__, 1, 4)));
#  162|   u_int16_t	get_u16(const void *)
#  163|->     __attribute__((__bounded__( __minbytes__, 1, 2)));
#  164|   void		put_u64(void *, u_int64_t)
#  165|       __attribute__((__bounded__( __minbytes__, 1, 8)));

Error: COMPILER_WARNING (CWE-9001): [#def296]
openssh-10.2p1/misc.h:165:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  165 |     __attribute__((__bounded__( __minbytes__, 1, 8)));
#      |     ^~~~~~~~~~~~~
#  163|       __attribute__((__bounded__( __minbytes__, 1, 2)));
#  164|   void		put_u64(void *, u_int64_t)
#  165|->     __attribute__((__bounded__( __minbytes__, 1, 8)));
#  166|   void		put_u32(void *, u_int32_t)
#  167|       __attribute__((__bounded__( __minbytes__, 1, 4)));

Error: COMPILER_WARNING (CWE-9001): [#def297]
openssh-10.2p1/misc.h:165:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  163|       __attribute__((__bounded__( __minbytes__, 1, 2)));
#  164|   void		put_u64(void *, u_int64_t)
#  165|->     __attribute__((__bounded__( __minbytes__, 1, 8)));
#  166|   void		put_u32(void *, u_int32_t)
#  167|       __attribute__((__bounded__( __minbytes__, 1, 4)));

Error: COMPILER_WARNING (CWE-9001): [#def298]
openssh-10.2p1/misc.h:167:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  167 |     __attribute__((__bounded__( __minbytes__, 1, 4)));
#      |     ^~~~~~~~~~~~~
#  165|       __attribute__((__bounded__( __minbytes__, 1, 8)));
#  166|   void		put_u32(void *, u_int32_t)
#  167|->     __attribute__((__bounded__( __minbytes__, 1, 4)));
#  168|   void		put_u16(void *, u_int16_t)
#  169|       __attribute__((__bounded__( __minbytes__, 1, 2)));

Error: COMPILER_WARNING (CWE-9001): [#def299]
openssh-10.2p1/misc.h:167:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  165|       __attribute__((__bounded__( __minbytes__, 1, 8)));
#  166|   void		put_u32(void *, u_int32_t)
#  167|->     __attribute__((__bounded__( __minbytes__, 1, 4)));
#  168|   void		put_u16(void *, u_int16_t)
#  169|       __attribute__((__bounded__( __minbytes__, 1, 2)));

Error: COMPILER_WARNING (CWE-9001): [#def300]
openssh-10.2p1/misc.h:169:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  169 |     __attribute__((__bounded__( __minbytes__, 1, 2)));
#      |     ^~~~~~~~~~~~~
#  167|       __attribute__((__bounded__( __minbytes__, 1, 4)));
#  168|   void		put_u16(void *, u_int16_t)
#  169|->     __attribute__((__bounded__( __minbytes__, 1, 2)));
#  170|   
#  171|   /* Little-endian store/load, used by umac.c */

Error: COMPILER_WARNING (CWE-9001): [#def301]
openssh-10.2p1/misc.h:169:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  167|       __attribute__((__bounded__( __minbytes__, 1, 4)));
#  168|   void		put_u16(void *, u_int16_t)
#  169|->     __attribute__((__bounded__( __minbytes__, 1, 2)));
#  170|   
#  171|   /* Little-endian store/load, used by umac.c */

Error: COMPILER_WARNING (CWE-9001): [#def302]
openssh-10.2p1/misc.h:173:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  173 |     __attribute__((__bounded__(__minbytes__, 1, 4)));
#      |     ^~~~~~~~~~~~~
#  171|   /* Little-endian store/load, used by umac.c */
#  172|   u_int32_t	get_u32_le(const void *)
#  173|->     __attribute__((__bounded__(__minbytes__, 1, 4)));
#  174|   void		put_u32_le(void *, u_int32_t)
#  175|       __attribute__((__bounded__(__minbytes__, 1, 4)));

Error: COMPILER_WARNING (CWE-9001): [#def303]
openssh-10.2p1/misc.h:173:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  171|   /* Little-endian store/load, used by umac.c */
#  172|   u_int32_t	get_u32_le(const void *)
#  173|->     __attribute__((__bounded__(__minbytes__, 1, 4)));
#  174|   void		put_u32_le(void *, u_int32_t)
#  175|       __attribute__((__bounded__(__minbytes__, 1, 4)));

Error: COMPILER_WARNING (CWE-9001): [#def304]
openssh-10.2p1/misc.h:175:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  175 |     __attribute__((__bounded__(__minbytes__, 1, 4)));
#      |     ^~~~~~~~~~~~~
#  173|       __attribute__((__bounded__(__minbytes__, 1, 4)));
#  174|   void		put_u32_le(void *, u_int32_t)
#  175|->     __attribute__((__bounded__(__minbytes__, 1, 4)));
#  176|   
#  177|   struct bwlimit {

Error: COMPILER_WARNING (CWE-9001): [#def305]
openssh-10.2p1/misc.h:175:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  173|       __attribute__((__bounded__(__minbytes__, 1, 4)));
#  174|   void		put_u32_le(void *, u_int32_t)
#  175|->     __attribute__((__bounded__(__minbytes__, 1, 4)));
#  176|   
#  177|   struct bwlimit {

Error: COMPILER_WARNING (CWE-563): [#def306]
openssh-10.2p1/monitor.c:758:32: warning[-Wunused-variable]: unused variable ‘alglen’
#  758 |         size_t datlen, siglen, alglen;
#      |                                ^~~~~~
#  756|   	u_char *p = NULL, *signature = NULL;
#  757|   	char *alg = NULL, *effective_alg;
#  758|-> 	size_t datlen, siglen, alglen;
#  759|   	int r, is_proof = 0;
#  760|   	u_int keyid, compat;

Error: COMPILER_WARNING (CWE-195): [#def307]
openssh-10.2p1/monitor.c: scope_hint: In function ‘mm_answer_sign’
openssh-10.2p1/monitor.c:772:57: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘u_int’ {aka ‘unsigned int’} and ‘int’
#  772 |         if ((keyid = get_hostkey_index(pubkey, 1, ssh)) == -1)
#      |                                                         ^~
#  770|   		fatal_fr(r, "parse");
#  771|   
#  772|-> 	if ((keyid = get_hostkey_index(pubkey, 1, ssh)) == -1)
#  773|   		fatal_f("unknown hostkey");
#  774|   	debug_f("hostkey %s index %d", sshkey_ssh_name(pubkey), keyid);

Error: COMPILER_WARNING (CWE-704): [#def308]
openssh-10.2p1/monitor.c:822:39: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  822 |                         effective_alg = safe_rsa;
#      |                                       ^
#  820|   		if (ssh->compat & SSH_RH_RSASIGSHA && strcmp(alg, "ssh-rsa") == 0
#  821|   				&& (sshkey_type_plain(key->type) == KEY_RSA)) {
#  822|-> 			effective_alg = safe_rsa;
#  823|   		} else {
#  824|   			effective_alg = alg;

Error: COMPILER_WARNING (CWE-704): [#def309]
openssh-10.2p1/monitor.c:822:39: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  820|   		if (ssh->compat & SSH_RH_RSASIGSHA && strcmp(alg, "ssh-rsa") == 0
#  821|   				&& (sshkey_type_plain(key->type) == KEY_RSA)) {
#  822|-> 			effective_alg = safe_rsa;
#  823|   		} else {
#  824|   			effective_alg = alg;

Error: COMPILER_WARNING (CWE-704): [#def310]
openssh-10.2p1/monitor.c:833:39: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  833 |                         effective_alg = safe_rsa;
#      |                                       ^
#  831|   		if (ssh->compat & SSH_RH_RSASIGSHA && strcmp(alg, "ssh-rsa") == 0
#  832|   				&& (sshkey_type_plain(key->type) == KEY_RSA)) {
#  833|-> 			effective_alg = safe_rsa;
#  834|   		} else {
#  835|   			effective_alg = alg;

Error: COMPILER_WARNING (CWE-704): [#def311]
openssh-10.2p1/monitor.c:833:39: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  831|   		if (ssh->compat & SSH_RH_RSASIGSHA && strcmp(alg, "ssh-rsa") == 0
#  832|   				&& (sshkey_type_plain(key->type) == KEY_RSA)) {
#  833|-> 			effective_alg = safe_rsa;
#  834|   		} else {
#  835|   			effective_alg = alg;

Error: COMPILER_WARNING (CWE-195): [#def312]
openssh-10.2p1/monitor.c: scope_hint: In function ‘mm_answer_keyverify’
openssh-10.2p1/monitor.c:1620:18: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘int’ and ‘u_int’ {aka ‘unsigned int’}
# 1620 |         if (type != key_blobtype)
#      |                  ^~
# 1618|   	  !monitor_allowed_key(blob, bloblen))
# 1619|   		fatal_f("bad key, not previously allowed");
# 1620|-> 	if (type != key_blobtype)
# 1621|   		fatal_f("bad key type");
# 1622|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def313]
openssh-10.2p1/monitor.c:1790:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(*<unknown>.ttyfd, 0)’
openssh-10.2p1/monitor.c:1775:12: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1777:9: branch_false: ...to here
openssh-10.2p1/monitor.c:1781:12: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1783:30: branch_false: ...to here
openssh-10.2p1/monitor.c:1785:12: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1786:18: branch_false: ...to here
openssh-10.2p1/monitor.c:1785:13: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1790:13: branch_false: ...to here
openssh-10.2p1/monitor.c:1790:13: acquire_resource: opened here
openssh-10.2p1/monitor.c:1790:12: danger: ‘dup2(*<unknown>.ttyfd, 0)’ leaks here; was opened at [(9)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/8)
# 1788|   
# 1789|   	/* We need to trick ttyslot */
# 1790|-> 	if (dup2(s->ttyfd, 0) == -1)
# 1791|   		fatal_f("dup2");
# 1792|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def314]
openssh-10.2p1/monitor.c:1812:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 0)’
openssh-10.2p1/monitor.c:1775:12: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1777:9: branch_false: ...to here
openssh-10.2p1/monitor.c:1781:12: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1783:30: branch_false: ...to here
openssh-10.2p1/monitor.c:1785:12: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1786:18: branch_false: ...to here
openssh-10.2p1/monitor.c:1785:13: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1790:13: branch_false: ...to here
openssh-10.2p1/monitor.c:1790:12: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1793:41: branch_false: ...to here
openssh-10.2p1/monitor.c:1799:12: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1801:9: branch_false: ...to here
openssh-10.2p1/monitor.c:1805:12: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1806:13: branch_false: ...to here
openssh-10.2p1/monitor.c:1805:13: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1810:20: branch_false: ...to here
openssh-10.2p1/monitor.c:1810:20: acquire_resource: opened here
openssh-10.2p1/monitor.c:1810:12: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1812:12: branch_false: ...to here
openssh-10.2p1/monitor.c:1812:12: danger: ‘open("/dev/null", 0)’ leaks here; was opened at [(17)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/16)
# 1810|   	if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) == -1)
# 1811|   		fatal_f("open(/dev/null): %s", strerror(errno));
# 1812|-> 	if (fd0 != 0)
# 1813|   		error_f("fd0 %d != 0", fd0);
# 1814|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def315]
openssh-10.2p1/monitor.c:1813:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 0)’
openssh-10.2p1/monitor.c:1775:12: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1777:9: branch_false: ...to here
openssh-10.2p1/monitor.c:1781:12: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1783:30: branch_false: ...to here
openssh-10.2p1/monitor.c:1785:12: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1786:18: branch_false: ...to here
openssh-10.2p1/monitor.c:1785:13: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1790:13: branch_false: ...to here
openssh-10.2p1/monitor.c:1790:12: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1793:41: branch_false: ...to here
openssh-10.2p1/monitor.c:1799:12: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1801:9: branch_false: ...to here
openssh-10.2p1/monitor.c:1805:12: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1806:13: branch_false: ...to here
openssh-10.2p1/monitor.c:1805:13: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1810:20: branch_false: ...to here
openssh-10.2p1/monitor.c:1810:20: acquire_resource: opened here
openssh-10.2p1/monitor.c:1810:12: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:1812:12: branch_false: ...to here
openssh-10.2p1/monitor.c:1812:12: branch_true: following ‘true’ branch...
openssh-10.2p1/monitor.c:1813:17: branch_true: ...to here
openssh-10.2p1/monitor.c:1813:17: danger: ‘open("/dev/null", 0)’ leaks here; was opened at [(17)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/16)
# 1811|   		fatal_f("open(/dev/null): %s", strerror(errno));
# 1812|   	if (fd0 != 0)
# 1813|-> 		error_f("fd0 %d != 0", fd0);
# 1814|   
# 1815|   	/* slave side of pty is not needed */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def316]
openssh-10.2p1/monitor.c:2085:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pair[0]’
openssh-10.2p1/monitor.c:2069:12: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:2077:9: branch_false: ...to here
openssh-10.2p1/monitor.c:2077:9: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:2078:9: branch_false: ...to here
openssh-10.2p1/monitor.c:2078:9: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:2079:25: branch_false: ...to here
openssh-10.2p1/monitor.c:2082:12: branch_true: following ‘true’ branch (when ‘do_logfds != 0’)...
openssh-10.2p1/monitor.c:2083:21: branch_true: ...to here
openssh-10.2p1/monitor.c:2083:20: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:2085:17: branch_false: ...to here
openssh-10.2p1/monitor.c:2085:17: throw: if ‘fcntl’ throws an exception...
openssh-10.2p1/monitor.c:2085:17: danger: ‘pair[0]’ leaks here
# 2083|   		if (pipe(pair) == -1)
# 2084|   			fatal_f("pipe: %s", strerror(errno));
# 2085|-> 		FD_CLOSEONEXEC(pair[0]);
# 2086|   		FD_CLOSEONEXEC(pair[1]);
# 2087|   		mon->m_log_recvfd = pair[0];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def317]
openssh-10.2p1/monitor.c:2085:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pair[1]’
openssh-10.2p1/monitor.c:2069:12: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:2077:9: branch_false: ...to here
openssh-10.2p1/monitor.c:2077:9: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:2078:9: branch_false: ...to here
openssh-10.2p1/monitor.c:2078:9: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:2079:25: branch_false: ...to here
openssh-10.2p1/monitor.c:2082:12: branch_true: following ‘true’ branch (when ‘do_logfds != 0’)...
openssh-10.2p1/monitor.c:2083:21: branch_true: ...to here
openssh-10.2p1/monitor.c:2083:20: branch_false: following ‘false’ branch...
openssh-10.2p1/monitor.c:2085:17: branch_false: ...to here
openssh-10.2p1/monitor.c:2085:17: throw: if ‘fcntl’ throws an exception...
openssh-10.2p1/monitor.c:2085:17: danger: ‘pair[1]’ leaks here
# 2083|   		if (pipe(pair) == -1)
# 2084|   			fatal_f("pipe: %s", strerror(errno));
# 2085|-> 		FD_CLOSEONEXEC(pair[0]);
# 2086|   		FD_CLOSEONEXEC(pair[1]);
# 2087|   		mon->m_log_recvfd = pair[0];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def318]
openssh-10.2p1/monitor_wrap.c:672:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘tmp1’
openssh-10.2p1/monitor_wrap.c:670:21: acquire_resource: opened here
openssh-10.2p1/monitor_wrap.c:670:12: branch_false: following ‘false’ branch (when ‘tmp1 != -1’)...
openssh-10.2p1/monitor_wrap.c:671:33: branch_false: ...to here
openssh-10.2p1/monitor_wrap.c:670:13: branch_true: following ‘true’ branch (when ‘tmp2 == -1’)...
openssh-10.2p1/monitor_wrap.c:672:17: branch_true: ...to here
openssh-10.2p1/monitor_wrap.c:672:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/monitor_wrap.c:672:17: danger: ‘tmp1’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  670|   	if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
#  671|   	    (tmp2 = dup(pmonitor->m_recvfd)) == -1) {
#  672|-> 		error_f("cannot allocate fds for pty");
#  673|   		if (tmp1 >= 0)
#  674|   			close(tmp1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def319]
openssh-10.2p1/monitor_wrap.c:674:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘tmp1’
openssh-10.2p1/monitor_wrap.c:670:21: acquire_resource: opened here
openssh-10.2p1/monitor_wrap.c:670:12: branch_false: following ‘false’ branch (when ‘tmp1 != -1’)...
openssh-10.2p1/monitor_wrap.c:671:33: branch_false: ...to here
openssh-10.2p1/monitor_wrap.c:670:13: branch_true: following ‘true’ branch (when ‘tmp2 == -1’)...
openssh-10.2p1/monitor_wrap.c:672:17: branch_true: ...to here
openssh-10.2p1/monitor_wrap.c:673:20: branch_true: following ‘true’ branch (when ‘tmp1 >= 0’)...
openssh-10.2p1/monitor_wrap.c:674:25: branch_true: ...to here
openssh-10.2p1/monitor_wrap.c:674:25: throw: if ‘close’ throws an exception...
openssh-10.2p1/monitor_wrap.c:674:25: danger: ‘tmp1’ leaks here; was opened at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  672|   		error_f("cannot allocate fds for pty");
#  673|   		if (tmp1 >= 0)
#  674|-> 			close(tmp1);
#  675|   		return 0;
#  676|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def320]
openssh-10.2p1/monitor_wrap.c:677:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘tmp1’
openssh-10.2p1/monitor_wrap.c:670:21: acquire_resource: opened here
openssh-10.2p1/monitor_wrap.c:670:12: branch_false: following ‘false’ branch (when ‘tmp1 != -1’)...
openssh-10.2p1/monitor_wrap.c:671:33: branch_false: ...to here
openssh-10.2p1/monitor_wrap.c:670:13: branch_false: following ‘false’ branch (when ‘tmp2 != -1’)...
openssh-10.2p1/monitor_wrap.c:677:9: branch_false: ...to here
openssh-10.2p1/monitor_wrap.c:677:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/monitor_wrap.c:677:9: danger: ‘tmp1’ leaks here; was opened at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  675|   		return 0;
#  676|   	}
#  677|-> 	close(tmp1);
#  678|   	close(tmp2);
#  679|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def321]
openssh-10.2p1/monitor_wrap.c:677:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘tmp2’
openssh-10.2p1/monitor_wrap.c:670:12: branch_false: following ‘false’ branch (when ‘tmp1 != -1’)...
openssh-10.2p1/monitor_wrap.c:671:33: branch_false: ...to here
openssh-10.2p1/monitor_wrap.c:671:21: acquire_resource: opened here
openssh-10.2p1/monitor_wrap.c:670:13: branch_false: following ‘false’ branch (when ‘tmp2 != -1’)...
openssh-10.2p1/monitor_wrap.c:677:9: branch_false: ...to here
openssh-10.2p1/monitor_wrap.c:677:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/monitor_wrap.c:677:9: danger: ‘tmp2’ leaks here; was opened at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  675|   		return 0;
#  676|   	}
#  677|-> 	close(tmp1);
#  678|   	close(tmp2);
#  679|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def322]
openssh-10.2p1/monitor_wrap.c:678:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘tmp2’
openssh-10.2p1/monitor_wrap.c:670:12: branch_false: following ‘false’ branch (when ‘tmp1 != -1’)...
openssh-10.2p1/monitor_wrap.c:671:33: branch_false: ...to here
openssh-10.2p1/monitor_wrap.c:671:21: acquire_resource: opened here
openssh-10.2p1/monitor_wrap.c:670:13: branch_false: following ‘false’ branch (when ‘tmp2 != -1’)...
openssh-10.2p1/monitor_wrap.c:677:9: branch_false: ...to here
openssh-10.2p1/monitor_wrap.c:678:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/monitor_wrap.c:678:9: danger: ‘tmp2’ leaks here; was opened at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  676|   	}
#  677|   	close(tmp1);
#  678|-> 	close(tmp2);
#  679|   
#  680|   	if ((m = sshbuf_new()) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def323]
openssh-10.2p1/monitor_wrap.c:712:1: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘tmp1’
openssh-10.2p1/monitor_wrap.c:670:21: acquire_resource: opened here
openssh-10.2p1/monitor_wrap.c:670:12: branch_false: following ‘false’ branch (when ‘tmp1 != -1’)...
openssh-10.2p1/monitor_wrap.c:671:33: branch_false: ...to here
openssh-10.2p1/monitor_wrap.c:670:13: branch_true: following ‘true’ branch (when ‘tmp2 == -1’)...
openssh-10.2p1/monitor_wrap.c:672:17: branch_true: ...to here
openssh-10.2p1/monitor_wrap.c:673:20: branch_false: following ‘false’ branch (when ‘tmp1 < 0’)...
openssh-10.2p1/monitor_wrap.c:675:24: branch_false: ...to here
openssh-10.2p1/monitor_wrap.c:712:1: danger: ‘tmp1’ leaks here; was opened at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  710|   	/* Success */
#  711|   	return (1);
#  712|-> }
#  713|   
#  714|   void

Error: COMPILER_WARNING (CWE-704): [#def324]
openssh-10.2p1/mux.c: scope_hint: In function ‘env_permitted’
openssh-10.2p1/mux.c:238:17: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  238 |         if ((cp = strchr(env, '=')) == NULL || cp == env)
#      |                 ^
#  236|   	char name[1024], *cp;
#  237|   
#  238|-> 	if ((cp = strchr(env, '=')) == NULL || cp == env)
#  239|   		return 0;
#  240|   	ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env);

Error: COMPILER_WARNING (CWE-704): [#def325]
openssh-10.2p1/mux.c:238:17: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  236|   	char name[1024], *cp;
#  237|   
#  238|-> 	if ((cp = strchr(env, '=')) == NULL || cp == env)
#  239|   		return 0;
#  240|   	ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def326]
openssh-10.2p1/mux.c:2294:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/mux.c:2286:12: branch_false: following ‘false’ branch...
openssh-10.2p1/mux.c:2291:21: branch_false: ...to here
openssh-10.2p1/mux.c:2291:21: acquire_resource: stream socket created here
openssh-10.2p1/mux.c:2291:12: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.2p1/mux.c:2294:13: branch_false: ...to here
openssh-10.2p1/mux.c:2294:13: throw: if ‘connect’ throws an exception...
openssh-10.2p1/mux.c:2294:13: danger: ‘sock’ leaks here
# 2292|   		fatal_f("socket(): %s", strerror(errno));
# 2293|   
# 2294|-> 	if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
# 2295|   		switch (muxclient_command) {
# 2296|   		case SSHMUX_COMMAND_OPEN:

Error: COMPILER_WARNING (CWE-704): [#def327]
openssh-10.2p1/openbsd-compat/base64.c: scope_hint: In function ‘__b64_pton’
openssh-10.2p1/openbsd-compat/base64.c:212:21: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  212 |                 pos = strchr(Base64, ch);
#      |                     ^
#  210|   			break;
#  211|   
#  212|-> 		pos = strchr(Base64, ch);
#  213|   		if (pos == 0)		/* A non-base64 character. */
#  214|   			return (-1);

Error: COMPILER_WARNING (CWE-704): [#def328]
openssh-10.2p1/openbsd-compat/base64.c:212:21: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  210|   			break;
#  211|   
#  212|-> 		pos = strchr(Base64, ch);
#  213|   		if (pos == 0)		/* A non-base64 character. */
#  214|   			return (-1);

Error: COMPILER_WARNING: [#def329]
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c: scope_hint: In function ‘bcrypt_hash’
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:77:13: warning[-Wunterminated-string-initialization]: initializer-string for array of ‘unsigned char’ truncates NUL terminator but destination lacks ‘nonstring’ attribute (33 chars into 32 available)
#   77 |             "OxychromaticBlowfishSwatDynamite";
#      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   75|   	blf_ctx state;
#   76|   	uint8_t ciphertext[BCRYPT_HASHSIZE] =
#   77|-> 	    "OxychromaticBlowfishSwatDynamite";
#   78|   	uint32_t cdata[BCRYPT_WORDS];
#   79|   	int i;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def330]
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:84:9: warning[-Wanalyzer-malloc-leak]: leak of ‘countsalt’
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:114:1: enter_function: entry to ‘bcrypt_pbkdf’
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:127:12: branch_false: following ‘false’ branch (when ‘rounds != 0’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: following ‘false’ branch (when ‘saltlen <= 1048576’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:26: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:26: acquire_memory: allocated here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:12: branch_false: following ‘false’ branch (when ‘countsalt’ is non-NULL)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:134:18: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:143:25: branch_true: following ‘true’ branch (when ‘keylen != 0’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:144:42: branch_true: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:152:17: call_function: calling ‘bcrypt_hash’ from ‘bcrypt_pbkdf’
#   82|   
#   83|   	/* key expansion */
#   84|-> 	Blowfish_initstate(&state);
#   85|   	Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen);
#   86|   	for (i = 0; i < 64; i++) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def331]
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:85:9: warning[-Wanalyzer-malloc-leak]: leak of ‘countsalt’
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:114:1: enter_function: entry to ‘bcrypt_pbkdf’
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:127:12: branch_false: following ‘false’ branch (when ‘rounds != 0’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: following ‘false’ branch (when ‘saltlen <= 1048576’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:26: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:26: acquire_memory: allocated here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:12: branch_false: following ‘false’ branch (when ‘countsalt’ is non-NULL)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:134:18: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:143:25: branch_true: following ‘true’ branch (when ‘keylen != 0’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:144:42: branch_true: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:152:17: call_function: calling ‘bcrypt_hash’ from ‘bcrypt_pbkdf’
#   83|   	/* key expansion */
#   84|   	Blowfish_initstate(&state);
#   85|-> 	Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen);
#   86|   	for (i = 0; i < 64; i++) {
#   87|   		Blowfish_expand0state(&state, sha2salt, shalen);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def332]
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:87:17: warning[-Wanalyzer-malloc-leak]: leak of ‘countsalt’
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:114:1: enter_function: entry to ‘bcrypt_pbkdf’
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:127:12: branch_false: following ‘false’ branch (when ‘rounds != 0’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: following ‘false’ branch (when ‘saltlen <= 1048576’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:26: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:26: acquire_memory: allocated here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:12: branch_false: following ‘false’ branch (when ‘countsalt’ is non-NULL)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:134:18: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:143:25: branch_true: following ‘true’ branch (when ‘keylen != 0’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:144:42: branch_true: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:152:17: call_function: calling ‘bcrypt_hash’ from ‘bcrypt_pbkdf’
#   85|   	Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen);
#   86|   	for (i = 0; i < 64; i++) {
#   87|-> 		Blowfish_expand0state(&state, sha2salt, shalen);
#   88|   		Blowfish_expand0state(&state, sha2pass, shalen);
#   89|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def333]
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:88:17: warning[-Wanalyzer-malloc-leak]: leak of ‘countsalt’
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:114:1: enter_function: entry to ‘bcrypt_pbkdf’
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:127:12: branch_false: following ‘false’ branch (when ‘rounds != 0’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: following ‘false’ branch (when ‘saltlen <= 1048576’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:26: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:26: acquire_memory: allocated here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:12: branch_false: following ‘false’ branch (when ‘countsalt’ is non-NULL)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:134:18: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:143:25: branch_true: following ‘true’ branch (when ‘keylen != 0’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:144:42: branch_true: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:152:17: call_function: calling ‘bcrypt_hash’ from ‘bcrypt_pbkdf’
#   86|   	for (i = 0; i < 64; i++) {
#   87|   		Blowfish_expand0state(&state, sha2salt, shalen);
#   88|-> 		Blowfish_expand0state(&state, sha2pass, shalen);
#   89|   	}
#   90|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def334]
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:94:28: warning[-Wanalyzer-malloc-leak]: leak of ‘countsalt’
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:114:1: enter_function: entry to ‘bcrypt_pbkdf’
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:127:12: branch_false: following ‘false’ branch (when ‘rounds != 0’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: following ‘false’ branch (when ‘saltlen <= 1048576’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:26: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:26: acquire_memory: allocated here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:12: branch_false: following ‘false’ branch (when ‘countsalt’ is non-NULL)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:134:18: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:143:25: branch_true: following ‘true’ branch (when ‘keylen != 0’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:144:42: branch_true: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:152:17: call_function: calling ‘bcrypt_hash’ from ‘bcrypt_pbkdf’
#   92|   	j = 0;
#   93|   	for (i = 0; i < BCRYPT_WORDS; i++)
#   94|-> 		cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext),
#   95|   		    &j);
#   96|   	for (i = 0; i < 64; i++)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def335]
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:97:17: warning[-Wanalyzer-malloc-leak]: leak of ‘countsalt’
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:114:1: enter_function: entry to ‘bcrypt_pbkdf’
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:127:12: branch_false: following ‘false’ branch (when ‘rounds != 0’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: following ‘false’ branch (when ‘saltlen <= 1048576’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:26: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:26: acquire_memory: allocated here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:12: branch_false: following ‘false’ branch (when ‘countsalt’ is non-NULL)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:134:18: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:143:25: branch_true: following ‘true’ branch (when ‘keylen != 0’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:144:42: branch_true: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:152:17: call_function: calling ‘bcrypt_hash’ from ‘bcrypt_pbkdf’
#   95|   		    &j);
#   96|   	for (i = 0; i < 64; i++)
#   97|-> 		blf_enc(&state, cdata, BCRYPT_WORDS / 2);
#   98|   
#   99|   	/* copy out */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def336]
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:140:9: warning[-Wanalyzer-malloc-leak]: leak of ‘countsalt’
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:127:12: branch_false: following ‘false’ branch (when ‘rounds != 0’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: following ‘false’ branch (when ‘saltlen <= 1048576’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:26: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:26: acquire_memory: allocated here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:12: branch_false: following ‘false’ branch (when ‘countsalt’ is non-NULL)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:134:18: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:140:9: throw: if ‘crypto_hash_sha512’ throws an exception...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:140:9: danger: ‘countsalt’ leaks here; was allocated at [(7)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/6)
#  138|   
#  139|   	/* collapse password */
#  140|-> 	crypto_hash_sha512(sha2pass, pass, passlen);
#  141|   
#  142|   	/* generate key, sizeof(out) at a time */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def337]
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:150:17: warning[-Wanalyzer-malloc-leak]: leak of ‘countsalt’
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:127:12: branch_false: following ‘false’ branch (when ‘rounds != 0’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: following ‘false’ branch (when ‘saltlen <= 1048576’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:26: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:26: acquire_memory: allocated here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:132:12: branch_false: following ‘false’ branch (when ‘countsalt’ is non-NULL)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:134:18: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:143:25: branch_true: following ‘true’ branch (when ‘keylen != 0’)...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:144:42: branch_true: ...to here
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:150:17: throw: if ‘crypto_hash_sha512’ throws an exception...
openssh-10.2p1/openbsd-compat/bcrypt_pbkdf.c:150:17: danger: ‘countsalt’ leaks here; was allocated at [(7)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/6)
#  148|   
#  149|   		/* first round, salt is salt */
#  150|-> 		crypto_hash_sha512(sha2salt, countsalt, saltlen + 4);
#  151|   
#  152|   		bcrypt_hash(sha2pass, sha2salt, tmpout);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def338]
openssh-10.2p1/openbsd-compat/bsd-closefrom.c:139:24: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(&fdpath)’
openssh-10.2p1/openbsd-compat/bsd-closefrom.c:132:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/bsd-closefrom.c:137:66: branch_false: ...to here
openssh-10.2p1/openbsd-compat/bsd-closefrom.c:138:8: branch_true: following ‘true’ branch...
openssh-10.2p1/openbsd-compat/bsd-closefrom.c:138:60: branch_true: ...to here
openssh-10.2p1/openbsd-compat/bsd-closefrom.c:138:60: acquire_memory: allocated here
openssh-10.2p1/openbsd-compat/bsd-closefrom.c:138:9: branch_true: following ‘true’ branch...
openssh-10.2p1/openbsd-compat/bsd-closefrom.c:138:9: branch_true: ...to here
openssh-10.2p1/openbsd-compat/bsd-closefrom.c:139:24: throw: if ‘readdir’ throws an exception...
openssh-10.2p1/openbsd-compat/bsd-closefrom.c:139:24: danger: ‘opendir(&fdpath)’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  137|       len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid());
#  138|       if (len > 0 && (size_t)len < sizeof(fdpath) && (dirp = opendir(fdpath))) {
#  139|-> 	while ((dent = readdir(dirp)) != NULL) {
#  140|   	    fd = strtol(dent->d_name, &endp, 10);
#  141|   	    if (dent->d_name != endp && *endp == '\0' &&

Error: COMPILER_WARNING (CWE-704): [#def339]
openssh-10.2p1/openbsd-compat/getopt_long.c: scope_hint: In function ‘getopt_internal’
openssh-10.2p1/openbsd-compat/getopt_long.c:441:18: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  441 |             (oli = strchr(options, optchar)) == NULL) {
#      |                  ^
#  439|   	if ((optchar = (int)*place++) == (int)':' ||
#  440|   	    (optchar == (int)'-' && *place != '\0') ||
#  441|-> 	    (oli = strchr(options, optchar)) == NULL) {
#  442|   		/*
#  443|   		 * If the user specified "-" and  '-' isn't listed in

Error: COMPILER_WARNING (CWE-704): [#def340]
openssh-10.2p1/openbsd-compat/getopt_long.c:441:18: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  439|   	if ((optchar = (int)*place++) == (int)':' ||
#  440|   	    (optchar == (int)'-' && *place != '\0') ||
#  441|-> 	    (oli = strchr(options, optchar)) == NULL) {
#  442|   		/*
#  443|   		 * If the user specified "-" and  '-' isn't listed in

Error: GCC_ANALYZER_WARNING (CWE-401): [#def341]
openssh-10.2p1/openbsd-compat/glob.c:833:17: warning[-Wanalyzer-malloc-leak]: leak of ‘pathv’
openssh-10.2p1/openbsd-compat/glob.c:808:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/glob.c:808:13: branch_false: following ‘false’ branch (when ‘newn <= 2305843009213693950’)...
openssh-10.2p1/openbsd-compat/glob.c:828:30: branch_false: ...to here
openssh-10.2p1/openbsd-compat/glob.c:828:17: acquire_memory: allocated here
openssh-10.2p1/openbsd-compat/glob.c:829:12: branch_false: following ‘false’ branch (when ‘pathv’ is non-NULL)...
openssh-10.2p1/openbsd-compat/glob.c:831:13: branch_false: ...to here
openssh-10.2p1/openbsd-compat/glob.c:831:12: branch_true: following ‘true’ branch...
openssh-10.2p1/openbsd-compat/glob.c:834:42: branch_true: following ‘true’ branch (when ‘i != 0’)...
openssh-10.2p1/openbsd-compat/glob.c:835:25: branch_true: ...to here
openssh-10.2p1/openbsd-compat/glob.c:834:42: branch_true: following ‘true’ branch (when ‘i != 0’)...
openssh-10.2p1/openbsd-compat/glob.c:835:25: branch_true: ...to here
openssh-10.2p1/openbsd-compat/glob.c:834:42: branch_true: following ‘true’ branch (when ‘i != 0’)...
openssh-10.2p1/openbsd-compat/glob.c:835:25: branch_true: ...to here
openssh-10.2p1/openbsd-compat/glob.c:834:42: branch_true: following ‘true’ branch (when ‘i != 0’)...
openssh-10.2p1/openbsd-compat/glob.c:835:25: branch_true: ...to here
openssh-10.2p1/openbsd-compat/glob.c:834:42: branch_true: following ‘true’ branch (when ‘i != 0’)...
openssh-10.2p1/openbsd-compat/glob.c:835:25: branch_true: ...to here
openssh-10.2p1/openbsd-compat/glob.c:834:42: branch_true: following ‘true’ branch (when ‘i != 0’)...
openssh-10.2p1/openbsd-compat/glob.c:835:25: branch_true: ...to here
openssh-10.2p1/openbsd-compat/glob.c:834:42: branch_true: following ‘true’ branch (when ‘i != 0’)...
openssh-10.2p1/openbsd-compat/glob.c:835:25: branch_true: ...to here
openssh-10.2p1/openbsd-compat/glob.c:834:42: branch_false: following ‘false’ branch (when ‘i == 0’)...
openssh-10.2p1/openbsd-compat/glob.c:837:9: branch_false: ...to here
openssh-10.2p1/openbsd-compat/glob.c:839:12: branch_true: following ‘true’ branch...
openssh-10.2p1/openbsd-compat/glob.c:840:38: branch_true: ...to here
openssh-10.2p1/openbsd-compat/glob.c:841:20: branch_false: following ‘false’ branch (when ‘statv’ is non-NULL)...
openssh-10.2p1/openbsd-compat/glob.c:843:21: branch_false: ...to here
openssh-10.2p1/openbsd-compat/glob.c:850:20: branch_false: following ‘false’ branch (when ‘sb’ is non-NULL)...
openssh-10.2p1/openbsd-compat/glob.c:853:25: branch_false: ...to here
openssh-10.2p1/openbsd-compat/glob.c:854:28: branch_true: following ‘true’ branch...
openssh-10.2p1/openbsd-compat/glob.c:833:17: danger: ‘pathv’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  831|   	if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
#  832|   		/* first time around -- clear initial gl_offs items */
#  833|-> 		pathv += pglob->gl_offs;
#  834|   		for (i = pglob->gl_offs; i > 0; i--)
#  835|   			*--pathv = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def342]
openssh-10.2p1/openbsd-compat/glob.c:845:25: warning[-Wanalyzer-malloc-leak]: leak of ‘statv’
openssh-10.2p1/openbsd-compat/glob.c:808:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/glob.c:808:13: branch_false: following ‘false’ branch (when ‘newn <= 2305843009213693950’)...
openssh-10.2p1/openbsd-compat/glob.c:828:30: branch_false: ...to here
openssh-10.2p1/openbsd-compat/glob.c:829:12: branch_false: following ‘false’ branch (when ‘pathv’ is non-NULL)...
openssh-10.2p1/openbsd-compat/glob.c:831:13: branch_false: ...to here
openssh-10.2p1/openbsd-compat/glob.c:839:12: branch_true: following ‘true’ branch...
openssh-10.2p1/openbsd-compat/glob.c:840:38: branch_true: ...to here
openssh-10.2p1/openbsd-compat/glob.c:840:25: acquire_memory: allocated here
openssh-10.2p1/openbsd-compat/glob.c:841:20: branch_false: following ‘false’ branch (when ‘statv’ is non-NULL)...
openssh-10.2p1/openbsd-compat/glob.c:843:21: branch_false: ...to here
openssh-10.2p1/openbsd-compat/glob.c:843:20: branch_true: following ‘true’ branch...
openssh-10.2p1/openbsd-compat/glob.c:846:50: branch_true: following ‘true’ branch (when ‘i != 0’)...
openssh-10.2p1/openbsd-compat/glob.c:847:33: branch_true: ...to here
openssh-10.2p1/openbsd-compat/glob.c:846:50: branch_true: following ‘true’ branch (when ‘i != 0’)...
openssh-10.2p1/openbsd-compat/glob.c:847:33: branch_true: ...to here
openssh-10.2p1/openbsd-compat/glob.c:846:50: branch_true: following ‘true’ branch (when ‘i != 0’)...
openssh-10.2p1/openbsd-compat/glob.c:847:33: branch_true: ...to here
openssh-10.2p1/openbsd-compat/glob.c:846:50: branch_true: following ‘true’ branch (when ‘i != 0’)...
openssh-10.2p1/openbsd-compat/glob.c:847:33: branch_true: ...to here
openssh-10.2p1/openbsd-compat/glob.c:846:50: branch_true: following ‘true’ branch (when ‘i != 0’)...
openssh-10.2p1/openbsd-compat/glob.c:847:33: branch_true: ...to here
openssh-10.2p1/openbsd-compat/glob.c:846:50: branch_false: following ‘false’ branch (when ‘i == 0’)...
openssh-10.2p1/openbsd-compat/glob.c:849:17: branch_false: ...to here
openssh-10.2p1/openbsd-compat/glob.c:850:20: branch_false: following ‘false’ branch (when ‘sb’ is non-NULL)...
openssh-10.2p1/openbsd-compat/glob.c:853:25: branch_false: ...to here
openssh-10.2p1/openbsd-compat/glob.c:854:28: branch_true: following ‘true’ branch...
openssh-10.2p1/openbsd-compat/glob.c:845:25: danger: ‘statv’ leaks here; was allocated at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8)
#  843|   		if (pglob->gl_statv == NULL && pglob->gl_offs > 0) {
#  844|   			/* first time around -- clear initial gl_offs items */
#  845|-> 			statv += pglob->gl_offs;
#  846|   			for (i = pglob->gl_offs; i > 0; i--)
#  847|   				*--statv = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def343]
openssh-10.2p1/openbsd-compat/glob.c:999:14: warning[-Wanalyzer-malloc-leak]: leak of ‘g_opendir(pathbuf,  pglob)’
openssh-10.2p1/openbsd-compat/glob.c:698:1: enter_function: entry to ‘glob3’
openssh-10.2p1/openbsd-compat/glob.c:715:12: branch_false: following ‘false’ branch (when ‘pathend <= pathend_last’)...
openssh-10.2p1/openbsd-compat/glob.c:717:9: branch_false: ...to here
openssh-10.2p1/openbsd-compat/glob.c:720:21: call_function: calling ‘g_opendir’ from ‘glob3’
openssh-10.2p1/openbsd-compat/glob.c:720:21: return_function: returning to ‘glob3’ from ‘g_opendir’
openssh-10.2p1/openbsd-compat/glob.c:720:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/glob.c:735:13: branch_false: ...to here
openssh-10.2p1/openbsd-compat/glob.c:739:22: throw: if the called function throws an exception...
openssh-10.2p1/openbsd-compat/glob.c:999:14: danger: ‘g_opendir(pathbuf,  pglob)’ leaks here; was allocated at [(8)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/7)
#  997|   	char buf[PATH_MAX];
#  998|   
#  999|-> 	if (!*str)
# 1000|   		strlcpy(buf, ".", sizeof buf);
# 1001|   	else {

Error: COMPILER_WARNING (CWE-477): [#def344]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:67:1: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#   67 | sshd_selinux_send_audit_message(int success, security_context_t default_context,
#      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   65|   /* Send audit message */
#   66|   static int
#   67|-> sshd_selinux_send_audit_message(int success, security_context_t default_context,
#   68|   		       security_context_t selected_context)
#   69|   {

Error: COMPILER_WARNING (CWE-477): [#def345]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:67:1: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#   65|   /* Send audit message */
#   66|   static int
#   67|-> sshd_selinux_send_audit_message(int success, security_context_t default_context,
#   68|   		       security_context_t selected_context)
#   69|   {

Error: COMPILER_WARNING (CWE-477): [#def346]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:68:24: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#   68 |                        security_context_t selected_context)
#      |                        ^~~~~~~~~~~~~~~~~~
#   66|   static int
#   67|   sshd_selinux_send_audit_message(int success, security_context_t default_context,
#   68|-> 		       security_context_t selected_context)
#   69|   {
#   70|   	int rc=0;

Error: COMPILER_WARNING (CWE-477): [#def347]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:68:24: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#   66|   static int
#   67|   sshd_selinux_send_audit_message(int success, security_context_t default_context,
#   68|-> 		       security_context_t selected_context)
#   69|   {
#   70|   	int rc=0;

Error: COMPILER_WARNING (CWE-477): [#def348]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:114:1: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  114 | mls_range_allowed(security_context_t src, security_context_t dst)
#      | ^~~~~~~~~~~~~~~~~
#  112|   
#  113|   static int
#  114|-> mls_range_allowed(security_context_t src, security_context_t dst)
#  115|   {
#  116|   	struct av_decision avd;

Error: COMPILER_WARNING (CWE-477): [#def349]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:114:1: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  112|   
#  113|   static int
#  114|-> mls_range_allowed(security_context_t src, security_context_t dst)
#  115|   {
#  116|   	struct av_decision avd;

Error: COMPILER_WARNING (CWE-477): [#def350]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:141:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  141 |         security_context_t *sc) {
#      |         ^~~~~~~~~~~~~~~~~~
#  139|   static int
#  140|   get_user_context(const char *sename, const char *role, const char *lvl,
#  141|-> 	security_context_t *sc) {
#  142|   #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
#  143|   	if (lvl == NULL || lvl[0] == '\0' || get_default_context_with_level(sename, lvl, NULL, sc) != 0) {

Error: COMPILER_WARNING (CWE-477): [#def351]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:141:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  139|   static int
#  140|   get_user_context(const char *sename, const char *role, const char *lvl,
#  141|-> 	security_context_t *sc) {
#  142|   #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
#  143|   	if (lvl == NULL || lvl[0] == '\0' || get_default_context_with_level(sename, lvl, NULL, sc) != 0) {

Error: COMPILER_WARNING (CWE-477): [#def352]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c: scope_hint: In function ‘get_user_context’
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:179:17: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  179 |                 security_context_t obtained_raw;
#      |                 ^~~~~~~~~~~~~~~~~~
#  177|   		/* verify that the requested range is obtained */
#  178|   		context_t con;
#  179|-> 		security_context_t obtained_raw;
#  180|   		security_context_t requested_raw;
#  181|   		con = context_new(*sc);

Error: COMPILER_WARNING (CWE-477): [#def353]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:179:17: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  177|   		/* verify that the requested range is obtained */
#  178|   		context_t con;
#  179|-> 		security_context_t obtained_raw;
#  180|   		security_context_t requested_raw;
#  181|   		con = context_new(*sc);

Error: COMPILER_WARNING (CWE-477): [#def354]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:180:17: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  180 |                 security_context_t requested_raw;
#      |                 ^~~~~~~~~~~~~~~~~~
#  178|   		context_t con;
#  179|   		security_context_t obtained_raw;
#  180|-> 		security_context_t requested_raw;
#  181|   		con = context_new(*sc);
#  182|   		if (!con) {

Error: COMPILER_WARNING (CWE-477): [#def355]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:180:17: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  178|   		context_t con;
#  179|   		security_context_t obtained_raw;
#  180|-> 		security_context_t requested_raw;
#  181|   		con = context_new(*sc);
#  182|   		if (!con) {

Error: COMPILER_WARNING (CWE-477): [#def356]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c: scope_hint: At top level
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:239:1: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  239 | sshd_selinux_getctxbyname(char *pwname, security_context_t *default_sc,
#      | ^~~~~~~~~~~~~~~~~~~~~~~~~
#  237|   /* Return the default security context for the given username */
#  238|   static int
#  239|-> sshd_selinux_getctxbyname(char *pwname, security_context_t *default_sc,
#  240|       security_context_t *user_sc, int inetd, Authctxt *the_authctxt)
#  241|   {

Error: COMPILER_WARNING (CWE-477): [#def357]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:239:1: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  237|   /* Return the default security context for the given username */
#  238|   static int
#  239|-> sshd_selinux_getctxbyname(char *pwname, security_context_t *default_sc,
#  240|       security_context_t *user_sc, int inetd, Authctxt *the_authctxt)
#  241|   {

Error: COMPILER_WARNING (CWE-477): [#def358]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:240:5: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  240 |     security_context_t *user_sc, int inetd, Authctxt *the_authctxt)
#      |     ^~~~~~~~~~~~~~~~~~
#  238|   static int
#  239|   sshd_selinux_getctxbyname(char *pwname, security_context_t *default_sc,
#  240|->     security_context_t *user_sc, int inetd, Authctxt *the_authctxt)
#  241|   {
#  242|   	char *sename, *lvl;

Error: COMPILER_WARNING (CWE-477): [#def359]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:240:5: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  238|   static int
#  239|   sshd_selinux_getctxbyname(char *pwname, security_context_t *default_sc,
#  240|->     security_context_t *user_sc, int inetd, Authctxt *the_authctxt)
#  241|   {
#  242|   	char *sename, *lvl;

Error: COMPILER_WARNING (CWE-477): [#def360]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c: scope_hint: In function ‘sshd_selinux_getctxbyname’
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:271:25: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  271 |                         security_context_t sshdsc=NULL;
#      |                         ^~~~~~~~~~~~~~~~~~
#  269|   		/* If launched from xinetd, we must use current level */
#  270|   		if (inetd) {
#  271|-> 			security_context_t sshdsc=NULL;
#  272|   
#  273|   			if (getcon_raw(&sshdsc) < 0)

Error: COMPILER_WARNING (CWE-477): [#def361]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:271:25: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  269|   		/* If launched from xinetd, we must use current level */
#  270|   		if (inetd) {
#  271|-> 			security_context_t sshdsc=NULL;
#  272|   
#  273|   			if (getcon_raw(&sshdsc) < 0)

Error: COMPILER_WARNING (CWE-477): [#def362]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:292:33: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  292 |                                 security_context_t default_level_sc = *default_sc;
#      |                                 ^~~~~~~~~~~~~~~~~~
#  290|   
#  291|   			if (r == 0 && reqlvl != NULL && reqlvl[0]) {
#  292|-> 				security_context_t default_level_sc = *default_sc;
#  293|   				if (role != NULL && role[0]) {
#  294|   					if (get_user_context(sename, role, lvl, &default_level_sc) < 0)

Error: COMPILER_WARNING (CWE-477): [#def363]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:292:33: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  290|   
#  291|   			if (r == 0 && reqlvl != NULL && reqlvl[0]) {
#  292|-> 				security_context_t default_level_sc = *default_sc;
#  293|   				if (role != NULL && role[0]) {
#  294|   					if (get_user_context(sename, role, lvl, &default_level_sc) < 0)

Error: COMPILER_WARNING (CWE-477): [#def364]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c: scope_hint: In function ‘sshd_selinux_setup_exec_context’
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:385:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  385 |         security_context_t user_ctx = NULL;
#      |         ^~~~~~~~~~~~~~~~~~
#  383|       int(pam_setenv)(char *, const char *), void *the_authctxt, int use_pam)
#  384|   {
#  385|-> 	security_context_t user_ctx = NULL;
#  386|   	int r = 0;
#  387|   	security_context_t default_ctx = NULL;

Error: COMPILER_WARNING (CWE-477): [#def365]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:385:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  383|       int(pam_setenv)(char *, const char *), void *the_authctxt, int use_pam)
#  384|   {
#  385|-> 	security_context_t user_ctx = NULL;
#  386|   	int r = 0;
#  387|   	security_context_t default_ctx = NULL;

Error: COMPILER_WARNING (CWE-477): [#def366]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:387:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  387 |         security_context_t default_ctx = NULL;
#      |         ^~~~~~~~~~~~~~~~~~
#  385|   	security_context_t user_ctx = NULL;
#  386|   	int r = 0;
#  387|-> 	security_context_t default_ctx = NULL;
#  388|   	Authctxt *authctxt = (Authctxt *) the_authctxt;
#  389|   

Error: COMPILER_WARNING (CWE-477): [#def367]
openssh-10.2p1/openbsd-compat/port-linux-sshd.c:387:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  385|   	security_context_t user_ctx = NULL;
#  386|   	int r = 0;
#  387|-> 	security_context_t default_ctx = NULL;
#  388|   	Authctxt *authctxt = (Authctxt *) the_authctxt;
#  389|   

Error: COMPILER_WARNING (CWE-1164): [#def368]
openssh-10.2p1/openbsd-compat/port-linux.c:68:1: warning[-Wunused-function]: ‘ssh_selinux_getctxbyname’ defined but not used
#   68 | ssh_selinux_getctxbyname(char *pwname)
#      | ^~~~~~~~~~~~~~~~~~~~~~~~
#   66|   /* Return the default security context for the given username */
#   67|   static char *
#   68|-> ssh_selinux_getctxbyname(char *pwname)
#   69|   {
#   70|   	char *sc = NULL, *sename = NULL, *lvl = NULL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def369]
openssh-10.2p1/openbsd-compat/port-linux.c:285:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(oom_adj_path, "w")’
openssh-10.2p1/openbsd-compat/port-linux.c:281:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/port-linux.c:282:19: acquire_resource: opened here
openssh-10.2p1/openbsd-compat/port-linux.c:281:13: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/port-linux.c:285:13: branch_false: ...to here
openssh-10.2p1/openbsd-compat/port-linux.c:285:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/port-linux.c:288:17: branch_false: ...to here
openssh-10.2p1/openbsd-compat/port-linux.c:288:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/openbsd-compat/port-linux.c:285:13: danger: ‘fopen(oom_adj_path, "w")’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  283|   		return;
#  284|   
#  285|-> 	if (fprintf(fp, "%d\n", oom_adj_save) <= 0)
#  286|   		verbose("error writing %s: %s", oom_adj_path, strerror(errno));
#  287|   	else

Error: GCC_ANALYZER_WARNING (CWE-401): [#def370]
openssh-10.2p1/openbsd-compat/port-linux.c:285:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(oom_adj_path, "w")’
openssh-10.2p1/openbsd-compat/port-linux.c:281:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/port-linux.c:282:19: acquire_memory: allocated here
openssh-10.2p1/openbsd-compat/port-linux.c:281:13: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/port-linux.c:285:13: branch_false: ...to here
openssh-10.2p1/openbsd-compat/port-linux.c:285:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/port-linux.c:288:17: branch_false: ...to here
openssh-10.2p1/openbsd-compat/port-linux.c:288:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/openbsd-compat/port-linux.c:285:13: danger: ‘fopen(oom_adj_path, "w")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  283|   		return;
#  284|   
#  285|-> 	if (fprintf(fp, "%d\n", oom_adj_save) <= 0)
#  286|   		verbose("error writing %s: %s", oom_adj_path, strerror(errno));
#  287|   	else

Error: GCC_ANALYZER_WARNING (CWE-404): [#def371]
openssh-10.2p1/openbsd-compat/port-linux.c:327:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/openbsd-compat/port-linux.c:323:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/port-linux.c:326:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/openbsd-compat/port-linux.c:327:9: throw: if ‘xvasprintf’ throws an exception...
openssh-10.2p1/openbsd-compat/port-linux.c:327:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  325|   
#  326|   	va_start(ap, fmt);
#  327|-> 	xvasprintf(&s, fmt, ap);
#  328|   	va_end(ap);
#  329|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def372]
openssh-10.2p1/openbsd-compat/port-linux.c:355:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.2p1/openbsd-compat/port-linux.c:323:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/port-linux.c:331:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/port-linux.c:336:12: branch_false: ...to here
openssh-10.2p1/openbsd-compat/port-linux.c:343:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/port-linux.c:349:13: branch_false: ...to here
openssh-10.2p1/openbsd-compat/port-linux.c:349:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/port-linux.c:351:19: branch_false: ...to here
openssh-10.2p1/openbsd-compat/port-linux.c:351:19: acquire_resource: datagram socket created here
openssh-10.2p1/openbsd-compat/port-linux.c:351:12: branch_false: following ‘false’ branch (when ‘fd != -1’)...
openssh-10.2p1/openbsd-compat/port-linux.c:355:13: branch_false: ...to here
openssh-10.2p1/openbsd-compat/port-linux.c:355:13: throw: if ‘connect’ throws an exception...
openssh-10.2p1/openbsd-compat/port-linux.c:355:13: danger: ‘fd’ leaks here
#  353|   		goto out;
#  354|   	}
#  355|-> 	if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
#  356|   		error_f("socket \"%s\" connect: %s", path, strerror(errno));
#  357|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def373]
openssh-10.2p1/openbsd-compat/readpassphrase.c:94:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 2)’
openssh-10.2p1/openbsd-compat/readpassphrase.c:64:12: branch_false: following ‘false’ branch (when ‘bufsiz != 0’)...
openssh-10.2p1/openbsd-compat/readpassphrase.c:64:12: branch_false: ...to here
openssh-10.2p1/openbsd-compat/readpassphrase.c:70:21: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.2p1/openbsd-compat/readpassphrase.c:71:17: branch_true: ...to here
openssh-10.2p1/openbsd-compat/readpassphrase.c:79:12: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/readpassphrase.c:80:31: branch_false: ...to here
openssh-10.2p1/openbsd-compat/readpassphrase.c:80:31: acquire_resource: opened here
openssh-10.2p1/openbsd-compat/readpassphrase.c:79:13: branch_false: following ‘false’ branch...
openssh-10.2p1/openbsd-compat/readpassphrase.c:94:12: branch_false: ...to here
openssh-10.2p1/openbsd-compat/readpassphrase.c:94:12: danger: ‘open("/dev/tty", 2)’ leaks here; was opened at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#   92|   	 * generate SIGTTOU, so do it *before* installing the signal handlers.
#   93|   	 */
#   94|-> 	if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
#   95|   		memcpy(&term, &oterm, sizeof(term));
#   96|   		if (!(flags & RPP_ECHO_ON))

Error: COMPILER_WARNING: [#def374]
openssh-10.2p1/openbsd-compat/vis.c: scope_hint: In function ‘stravis’
openssh-10.2p1/openbsd-compat/vis.c:229:23: warning[-Wuse-after-free]: pointer ‘buf_15’ may be used after ‘realloc’
#  229 |                 *outp = buf;
#      |                 ~~~~~~^~~~~
openssh-10.2p1/openbsd-compat/vis.c:227:17: note: call to ‘realloc’ here
#  227 |         *outp = realloc(buf, len + 1);
#      |                 ^~~~~~~~~~~~~~~~~~~~~
#  227|   	*outp = realloc(buf, len + 1);
#  228|   	if (*outp == NULL) {
#  229|-> 		*outp = buf;
#  230|   		errno = serrno;
#  231|   	}

Error: GCC_ANALYZER_WARNING (CWE-404): [#def375]
openssh-10.2p1/packet.c:538:46: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/packet.c:2081:1: enter_function: entry to ‘sshpkt_fatal’
openssh-10.2p1/packet.c:2085:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/packet.c:2086:9: call_function: calling ‘sshpkt_vfatal’ from ‘sshpkt_fatal’
#  536|   		if (ssh_packet_connection_is_on_socket(ssh)) {
#  537|   			sock = ssh->state->connection_in;
#  538|-> 			ssh->remote_ipaddr = get_peer_ipaddr(sock);
#  539|   			ssh->remote_port = get_peer_port(sock);
#  540|   			ssh->local_ipaddr = get_local_ipaddr(sock);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def376]
openssh-10.2p1/packet.c:539:44: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/packet.c:2081:1: enter_function: entry to ‘sshpkt_fatal’
openssh-10.2p1/packet.c:2085:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/packet.c:2086:9: call_function: calling ‘sshpkt_vfatal’ from ‘sshpkt_fatal’
#  537|   			sock = ssh->state->connection_in;
#  538|   			ssh->remote_ipaddr = get_peer_ipaddr(sock);
#  539|-> 			ssh->remote_port = get_peer_port(sock);
#  540|   			ssh->local_ipaddr = get_local_ipaddr(sock);
#  541|   			ssh->local_port = get_local_port(sock);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def377]
openssh-10.2p1/packet.c:540:45: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/packet.c:2081:1: enter_function: entry to ‘sshpkt_fatal’
openssh-10.2p1/packet.c:2085:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/packet.c:2086:9: call_function: calling ‘sshpkt_vfatal’ from ‘sshpkt_fatal’
#  538|   			ssh->remote_ipaddr = get_peer_ipaddr(sock);
#  539|   			ssh->remote_port = get_peer_port(sock);
#  540|-> 			ssh->local_ipaddr = get_local_ipaddr(sock);
#  541|   			ssh->local_port = get_local_port(sock);
#  542|   		} else {

Error: GCC_ANALYZER_WARNING (CWE-404): [#def378]
openssh-10.2p1/packet.c:541:43: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/packet.c:2081:1: enter_function: entry to ‘sshpkt_fatal’
openssh-10.2p1/packet.c:2085:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/packet.c:2086:9: call_function: calling ‘sshpkt_vfatal’ from ‘sshpkt_fatal’
#  539|   			ssh->remote_port = get_peer_port(sock);
#  540|   			ssh->local_ipaddr = get_local_ipaddr(sock);
#  541|-> 			ssh->local_port = get_local_port(sock);
#  542|   		} else {
#  543|   			ssh->remote_ipaddr = xstrdup("UNKNOWN");

Error: GCC_ANALYZER_WARNING (CWE-404): [#def379]
openssh-10.2p1/packet.c:543:46: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/packet.c:2081:1: enter_function: entry to ‘sshpkt_fatal’
openssh-10.2p1/packet.c:2085:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/packet.c:2086:9: call_function: calling ‘sshpkt_vfatal’ from ‘sshpkt_fatal’
#  541|   			ssh->local_port = get_local_port(sock);
#  542|   		} else {
#  543|-> 			ssh->remote_ipaddr = xstrdup("UNKNOWN");
#  544|   			ssh->remote_port = 65535;
#  545|   			ssh->local_ipaddr = xstrdup("UNKNOWN");

Error: GCC_ANALYZER_WARNING (CWE-404): [#def380]
openssh-10.2p1/packet.c:545:45: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/packet.c:2081:1: enter_function: entry to ‘sshpkt_fatal’
openssh-10.2p1/packet.c:2085:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/packet.c:2086:9: call_function: calling ‘sshpkt_vfatal’ from ‘sshpkt_fatal’
#  543|   			ssh->remote_ipaddr = xstrdup("UNKNOWN");
#  544|   			ssh->remote_port = 65535;
#  545|-> 			ssh->local_ipaddr = xstrdup("UNKNOWN");
#  546|   			ssh->local_port = 65535;
#  547|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def381]
openssh-10.2p1/packet.c:2560:18: warning[-Wanalyzer-malloc-leak]: leak of ‘newkey’
openssh-10.2p1/packet.c:2556:23: acquire_memory: allocated here
openssh-10.2p1/packet.c:2556:12: branch_false: following ‘false’ branch (when ‘newkey’ is non-NULL)...
openssh-10.2p1/packet.c:2560:18: branch_false: ...to here
openssh-10.2p1/packet.c:2560:18: throw: if ‘sshbuf_froms’ throws an exception...
openssh-10.2p1/packet.c:2560:18: danger: ‘newkey’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
# 2558|   		goto out;
# 2559|   	}
# 2560|-> 	if ((r = sshbuf_froms(m, &b)) != 0)
# 2561|   		goto out;
# 2562|   #ifdef DEBUG_PK

Error: GCC_ANALYZER_WARNING (CWE-401): [#def382]
openssh-10.2p1/packet.c:2569:18: warning[-Wanalyzer-malloc-leak]: leak of ‘newkey’
openssh-10.2p1/packet.c:2556:23: acquire_memory: allocated here
openssh-10.2p1/packet.c:2556:12: branch_false: following ‘false’ branch (when ‘newkey’ is non-NULL)...
openssh-10.2p1/packet.c:2560:18: branch_false: ...to here
openssh-10.2p1/packet.c:2560:12: branch_false: following ‘false’ branch...
openssh-10.2p1/packet.c:2566:9: branch_false: ...to here
openssh-10.2p1/packet.c:2569:18: throw: if ‘sshbuf_get_cstring’ throws an exception...
openssh-10.2p1/packet.c:2569:18: danger: ‘newkey’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
# 2567|   	comp = &newkey->comp;
# 2568|   
# 2569|-> 	if ((r = sshbuf_get_cstring(b, &enc->name, NULL)) != 0 ||
# 2570|   	    (r = sshbuf_get_u32(b, (u_int *)&enc->enabled)) != 0 ||
# 2571|   	    (r = sshbuf_get_u32(b, &enc->block_size)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-476): [#def383]
openssh-10.2p1/readconf.c:811:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘arg’
openssh-10.2p1/readconf.c:2649:1: enter_function: entry to ‘read_config_file_depth’
openssh-10.2p1/readconf.c:2654:15: release_memory: ‘line’ is NULL
openssh-10.2p1/readconf.c:2659:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readconf.c:2662:18: branch_false: ...to here
openssh-10.2p1/readconf.c:2662:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readconf.c:2665:13: branch_false: ...to here
openssh-10.2p1/readconf.c:2682:16: branch_true: following ‘true’ branch...
openssh-10.2p1/readconf.c:2684:17: branch_true: ...to here
openssh-10.2p1/readconf.c:2690:21: call_function: calling ‘process_config_line_depth’ from ‘read_config_file_depth’
#  809|   		    strprefix(attrib, "exec=", 1) != NULL) {
#  810|   			arg = strchr(attrib, '=');
#  811|-> 			*(arg++) = '\0';
#  812|   		} else if ((arg = argv_next(acp, avp)) == NULL) {
#  813|   			error("%.200s line %d: missing argument for Match '%s'",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def384]
openssh-10.2p1/readconf.c:2665:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "r")’
openssh-10.2p1/readconf.c:2659:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readconf.c:2662:18: branch_false: ...to here
openssh-10.2p1/readconf.c:2662:18: acquire_resource: opened here
openssh-10.2p1/readconf.c:2662:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readconf.c:2665:13: branch_false: ...to here
openssh-10.2p1/readconf.c:2665:12: branch_true: following ‘true’ branch...
openssh-10.2p1/readconf.c:2668:21: branch_true: ...to here
openssh-10.2p1/readconf.c:2665:13: danger: ‘fopen(filename, "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
# 2663|   		return 0;
# 2664|   
# 2665|-> 	if (flags & SSHCONF_CHECKPERM) {
# 2666|   		struct stat sb;
# 2667|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def385]
openssh-10.2p1/readconf.c:2665:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "r")’
openssh-10.2p1/readconf.c:2659:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readconf.c:2662:18: branch_false: ...to here
openssh-10.2p1/readconf.c:2662:18: acquire_memory: allocated here
openssh-10.2p1/readconf.c:2662:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readconf.c:2665:13: branch_false: ...to here
openssh-10.2p1/readconf.c:2665:12: branch_true: following ‘true’ branch...
openssh-10.2p1/readconf.c:2668:21: branch_true: ...to here
openssh-10.2p1/readconf.c:2665:13: danger: ‘fopen(filename, "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
# 2663|   		return 0;
# 2664|   
# 2665|-> 	if (flags & SSHCONF_CHECKPERM) {
# 2666|   		struct stat sb;
# 2667|   

Error: COMPILER_WARNING (CWE-704): [#def386]
openssh-10.2p1/readconf.c: scope_hint: In function ‘parse_jump’
openssh-10.2p1/readconf.c:3527:33: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 3527 |                         if ((cp = strrchr(s, ',')) != NULL && cp != s) {
#      |                                 ^
# 3525|   			o->proxy_command = xstrdup("none");
# 3526|   			user = host = NULL;
# 3527|-> 			if ((cp = strrchr(s, ',')) != NULL && cp != s) {
# 3528|   				o->jump_extra = xstrdup(s);
# 3529|   				o->jump_extra[cp - s] = '\0';

Error: COMPILER_WARNING (CWE-704): [#def387]
openssh-10.2p1/readconf.c:3527:33: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 3525|   			o->proxy_command = xstrdup("none");
# 3526|   			user = host = NULL;
# 3527|-> 			if ((cp = strrchr(s, ',')) != NULL && cp != s) {
# 3528|   				o->jump_extra = xstrdup(s);
# 3529|   				o->jump_extra[cp - s] = '\0';

Error: GCC_ANALYZER_WARNING (CWE-775): [#def388]
openssh-10.2p1/readpass.c:66:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.2p1/readpass.c:60:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.2p1/readpass.c:62:13: branch_false: ...to here
openssh-10.2p1/readpass.c:62:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readpass.c:66:20: branch_false: ...to here
openssh-10.2p1/readpass.c:66:20: throw: if ‘ssh_signal’ throws an exception...
openssh-10.2p1/readpass.c:66:20: danger: ‘p[0]’ leaks here
#   64|   		return NULL;
#   65|   	}
#   66|-> 	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
#   67|   	if ((pid = fork()) == -1) {
#   68|   		error_f("fork: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def389]
openssh-10.2p1/readpass.c:66:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.2p1/readpass.c:60:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.2p1/readpass.c:62:13: branch_false: ...to here
openssh-10.2p1/readpass.c:62:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readpass.c:66:20: branch_false: ...to here
openssh-10.2p1/readpass.c:66:20: throw: if ‘ssh_signal’ throws an exception...
openssh-10.2p1/readpass.c:66:20: danger: ‘p[1]’ leaks here
#   64|   		return NULL;
#   65|   	}
#   66|-> 	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
#   67|   	if ((pid = fork()) == -1) {
#   68|   		error_f("fork: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def390]
openssh-10.2p1/readpass.c:68:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.2p1/readpass.c:60:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.2p1/readpass.c:62:13: branch_false: ...to here
openssh-10.2p1/readpass.c:62:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readpass.c:66:20: branch_false: ...to here
openssh-10.2p1/readpass.c:67:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.2p1/readpass.c:68:17: branch_true: ...to here
openssh-10.2p1/readpass.c:68:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/readpass.c:68:17: danger: ‘p[0]’ leaks here
#   66|   	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
#   67|   	if ((pid = fork()) == -1) {
#   68|-> 		error_f("fork: %s", strerror(errno));
#   69|   		ssh_signal(SIGCHLD, osigchld);
#   70|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def391]
openssh-10.2p1/readpass.c:68:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.2p1/readpass.c:60:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.2p1/readpass.c:62:13: branch_false: ...to here
openssh-10.2p1/readpass.c:62:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readpass.c:66:20: branch_false: ...to here
openssh-10.2p1/readpass.c:67:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.2p1/readpass.c:68:17: branch_true: ...to here
openssh-10.2p1/readpass.c:68:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/readpass.c:68:17: danger: ‘p[1]’ leaks here
#   66|   	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
#   67|   	if ((pid = fork()) == -1) {
#   68|-> 		error_f("fork: %s", strerror(errno));
#   69|   		ssh_signal(SIGCHLD, osigchld);
#   70|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def392]
openssh-10.2p1/readpass.c:69:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.2p1/readpass.c:60:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.2p1/readpass.c:62:13: branch_false: ...to here
openssh-10.2p1/readpass.c:62:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readpass.c:66:20: branch_false: ...to here
openssh-10.2p1/readpass.c:67:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.2p1/readpass.c:68:17: branch_true: ...to here
openssh-10.2p1/readpass.c:69:17: throw: if ‘ssh_signal’ throws an exception...
openssh-10.2p1/readpass.c:69:17: danger: ‘p[0]’ leaks here
#   67|   	if ((pid = fork()) == -1) {
#   68|   		error_f("fork: %s", strerror(errno));
#   69|-> 		ssh_signal(SIGCHLD, osigchld);
#   70|   		return NULL;
#   71|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def393]
openssh-10.2p1/readpass.c:69:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.2p1/readpass.c:60:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.2p1/readpass.c:62:13: branch_false: ...to here
openssh-10.2p1/readpass.c:62:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readpass.c:66:20: branch_false: ...to here
openssh-10.2p1/readpass.c:67:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.2p1/readpass.c:68:17: branch_true: ...to here
openssh-10.2p1/readpass.c:69:17: throw: if ‘ssh_signal’ throws an exception...
openssh-10.2p1/readpass.c:69:17: danger: ‘p[1]’ leaks here
#   67|   	if ((pid = fork()) == -1) {
#   68|   		error_f("fork: %s", strerror(errno));
#   69|-> 		ssh_signal(SIGCHLD, osigchld);
#   70|   		return NULL;
#   71|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def394]
openssh-10.2p1/readpass.c:73:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.2p1/readpass.c:60:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.2p1/readpass.c:62:13: branch_false: ...to here
openssh-10.2p1/readpass.c:62:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readpass.c:66:20: branch_false: ...to here
openssh-10.2p1/readpass.c:67:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/readpass.c:72:12: branch_false: ...to here
openssh-10.2p1/readpass.c:72:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/readpass.c:73:17: branch_true: ...to here
openssh-10.2p1/readpass.c:73:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/readpass.c:73:17: danger: ‘p[0]’ leaks here
#   71|   	}
#   72|   	if (pid == 0) {
#   73|-> 		close(p[0]);
#   74|   		if (dup2(p[1], STDOUT_FILENO) == -1)
#   75|   			fatal_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def395]
openssh-10.2p1/readpass.c:73:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.2p1/readpass.c:60:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.2p1/readpass.c:62:13: branch_false: ...to here
openssh-10.2p1/readpass.c:62:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readpass.c:66:20: branch_false: ...to here
openssh-10.2p1/readpass.c:67:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/readpass.c:72:12: branch_false: ...to here
openssh-10.2p1/readpass.c:72:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/readpass.c:73:17: branch_true: ...to here
openssh-10.2p1/readpass.c:73:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/readpass.c:73:17: danger: ‘p[1]’ leaks here
#   71|   	}
#   72|   	if (pid == 0) {
#   73|-> 		close(p[0]);
#   74|   		if (dup2(p[1], STDOUT_FILENO) == -1)
#   75|   			fatal_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def396]
openssh-10.2p1/readpass.c:74:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(p[1], 1)’
openssh-10.2p1/readpass.c:60:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.2p1/readpass.c:62:13: branch_false: ...to here
openssh-10.2p1/readpass.c:62:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readpass.c:66:20: branch_false: ...to here
openssh-10.2p1/readpass.c:67:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/readpass.c:72:12: branch_false: ...to here
openssh-10.2p1/readpass.c:72:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/readpass.c:73:17: branch_true: ...to here
openssh-10.2p1/readpass.c:74:21: acquire_resource: opened here
openssh-10.2p1/readpass.c:74:20: danger: ‘dup2(p[1], 1)’ leaks here; was opened at [(10)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/9)
#   72|   	if (pid == 0) {
#   73|   		close(p[0]);
#   74|-> 		if (dup2(p[1], STDOUT_FILENO) == -1)
#   75|   			fatal_f("dup2: %s", strerror(errno));
#   76|   		if (env_hint != NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def397]
openssh-10.2p1/readpass.c:75:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.2p1/readpass.c:60:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.2p1/readpass.c:62:13: branch_false: ...to here
openssh-10.2p1/readpass.c:62:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readpass.c:66:20: branch_false: ...to here
openssh-10.2p1/readpass.c:67:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/readpass.c:72:12: branch_false: ...to here
openssh-10.2p1/readpass.c:72:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/readpass.c:73:17: branch_true: ...to here
openssh-10.2p1/readpass.c:74:20: branch_true: following ‘true’ branch...
openssh-10.2p1/readpass.c:75:25: branch_true: ...to here
openssh-10.2p1/readpass.c:75:25: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/readpass.c:75:25: danger: ‘p[1]’ leaks here
#   73|   		close(p[0]);
#   74|   		if (dup2(p[1], STDOUT_FILENO) == -1)
#   75|-> 			fatal_f("dup2: %s", strerror(errno));
#   76|   		if (env_hint != NULL)
#   77|   			setenv("SSH_ASKPASS_PROMPT", env_hint, 1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def398]
openssh-10.2p1/readpass.c:79:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.2p1/readpass.c:60:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.2p1/readpass.c:62:13: branch_false: ...to here
openssh-10.2p1/readpass.c:62:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readpass.c:66:20: branch_false: ...to here
openssh-10.2p1/readpass.c:67:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/readpass.c:72:12: branch_false: ...to here
openssh-10.2p1/readpass.c:72:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/readpass.c:73:17: branch_true: ...to here
openssh-10.2p1/readpass.c:74:20: branch_false: following ‘false’ branch...
openssh-10.2p1/readpass.c:76:20: branch_false: ...to here
openssh-10.2p1/readpass.c:79:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/readpass.c:79:17: danger: ‘p[1]’ leaks here
#   77|   			setenv("SSH_ASKPASS_PROMPT", env_hint, 1);
#   78|   		execlp(askpass, askpass, msg, (char *)NULL);
#   79|-> 		fatal_f("exec(%s): %s", askpass, strerror(errno));
#   80|   	}
#   81|   	close(p[1]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def399]
openssh-10.2p1/readpass.c:81:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.2p1/readpass.c:60:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.2p1/readpass.c:62:13: branch_false: ...to here
openssh-10.2p1/readpass.c:62:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readpass.c:66:20: branch_false: ...to here
openssh-10.2p1/readpass.c:67:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/readpass.c:72:12: branch_false: ...to here
openssh-10.2p1/readpass.c:72:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/readpass.c:81:9: branch_false: ...to here
openssh-10.2p1/readpass.c:81:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/readpass.c:81:9: danger: ‘p[0]’ leaks here
#   79|   		fatal_f("exec(%s): %s", askpass, strerror(errno));
#   80|   	}
#   81|-> 	close(p[1]);
#   82|   
#   83|   	len = 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def400]
openssh-10.2p1/readpass.c:81:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.2p1/readpass.c:60:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.2p1/readpass.c:62:13: branch_false: ...to here
openssh-10.2p1/readpass.c:62:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readpass.c:66:20: branch_false: ...to here
openssh-10.2p1/readpass.c:67:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/readpass.c:72:12: branch_false: ...to here
openssh-10.2p1/readpass.c:72:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/readpass.c:81:9: branch_false: ...to here
openssh-10.2p1/readpass.c:81:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/readpass.c:81:9: danger: ‘p[1]’ leaks here
#   79|   		fatal_f("exec(%s): %s", askpass, strerror(errno));
#   80|   	}
#   81|-> 	close(p[1]);
#   82|   
#   83|   	len = 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def401]
openssh-10.2p1/readpass.c:95:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.2p1/readpass.c:60:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.2p1/readpass.c:62:13: branch_false: ...to here
openssh-10.2p1/readpass.c:62:12: branch_false: following ‘false’ branch...
openssh-10.2p1/readpass.c:66:20: branch_false: ...to here
openssh-10.2p1/readpass.c:67:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/readpass.c:72:12: branch_false: ...to here
openssh-10.2p1/readpass.c:72:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/readpass.c:81:9: branch_false: ...to here
openssh-10.2p1/readpass.c:95:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/readpass.c:95:9: danger: ‘p[0]’ leaks here
#   93|   	buf[len] = '\0';
#   94|   
#   95|-> 	close(p[0]);
#   96|   	while ((ret = waitpid(pid, &status, 0)) == -1)
#   97|   		if (errno != EINTR)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def402]
openssh-10.2p1/readpass.c:161:31: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 2)’
openssh-10.2p1/readpass.c:144:17: branch_false: following ‘false’ branch...
openssh-10.2p1/readpass.c:146:18: branch_false: ...to here
openssh-10.2p1/readpass.c:146:17: branch_false: following ‘false’ branch...
openssh-10.2p1/readpass.c:152:17: branch_false: ...to here
openssh-10.2p1/readpass.c:153:25: acquire_resource: opened here
openssh-10.2p1/readpass.c:154:20: branch_true: following ‘true’ branch...
openssh-10.2p1/readpass.c:161:31: branch_true: ...to here
openssh-10.2p1/readpass.c:161:31: throw: if ‘write’ throws an exception...
openssh-10.2p1/readpass.c:161:31: danger: ‘open("/dev/tty", 2)’ leaks here; was opened at [(5)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/4)
#  159|   			 * optimistically typed before echo is disabled.
#  160|   			 */
#  161|-> 			(void)write(ttyfd, &cr, 1);
#  162|   			close(ttyfd);
#  163|   		} else {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def403]
openssh-10.2p1/readpass.c:162:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 2)’
openssh-10.2p1/readpass.c:144:17: branch_false: following ‘false’ branch...
openssh-10.2p1/readpass.c:146:18: branch_false: ...to here
openssh-10.2p1/readpass.c:146:17: branch_false: following ‘false’ branch...
openssh-10.2p1/readpass.c:152:17: branch_false: ...to here
openssh-10.2p1/readpass.c:153:25: acquire_resource: opened here
openssh-10.2p1/readpass.c:154:20: branch_true: following ‘true’ branch...
openssh-10.2p1/readpass.c:161:31: branch_true: ...to here
openssh-10.2p1/readpass.c:162:25: danger: ‘open("/dev/tty", 2)’ leaks here; was opened at [(5)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/4)
#  160|   			 */
#  161|   			(void)write(ttyfd, &cr, 1);
#  162|-> 			close(ttyfd);
#  163|   		} else {
#  164|   			debug_f("can't open %s: %s", _PATH_TTY,

Error: GCC_ANALYZER_WARNING (CWE-404): [#def404]
openssh-10.2p1/readpass.c:248:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/readpass.c:247:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/readpass.c:248:9: throw: if ‘xvasprintf’ throws an exception...
openssh-10.2p1/readpass.c:248:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/0)
#  246|   
#  247|   	va_start(args, fmt);
#  248|-> 	xvasprintf(&prompt, fmt, args);
#  249|   	va_end(args);
#  250|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def405]
openssh-10.2p1/readpass.c:312:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/readpass.c:306:12: branch_true: following ‘true’ branch...
openssh-10.2p1/readpass.c:311:17: acquire_resource: ‘va_start’ called here
openssh-10.2p1/readpass.c:312:17: throw: if ‘xvasprintf’ throws an exception...
openssh-10.2p1/readpass.c:312:17: danger: missing call to ‘va_end’ to match ‘va_start’ at [(3)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/2)
#  310|   		*/
#  311|   		va_start(args, fmt);
#  312|-> 		xvasprintf(&msg, fmt, args);
#  313|   		va_end(args);
#  314|   		writemsg(msg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def406]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:106:20: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:233:1: enter_function: entry to ‘sk_enroll’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:242:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:246:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:249:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:249:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:253:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:256:21: call_function: calling ‘pack_key_ecdsa’ from ‘sk_enroll’
#  104|   	response->key_handle_len = 0;
#  105|   
#  106|-> 	if ((key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) == NULL) {
#  107|   		skdebug(__func__, "EC_KEY_new_by_curve_name");
#  108|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def407]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:110:13: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:233:1: enter_function: entry to ‘sk_enroll’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:242:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:246:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:249:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:249:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:253:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:256:21: call_function: calling ‘pack_key_ecdsa’ from ‘sk_enroll’
#  108|   		goto out;
#  109|   	}
#  110|-> 	if (EC_KEY_generate_key(key) != 1) {
#  111|   		skdebug(__func__, "EC_KEY_generate_key");
#  112|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def408]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:114:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:233:1: enter_function: entry to ‘sk_enroll’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:242:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:246:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:249:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:249:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:253:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:256:21: call_function: calling ‘pack_key_ecdsa’ from ‘sk_enroll’
#  112|   		goto out;
#  113|   	}
#  114|-> 	EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE);
#  115|   	if ((bio = BIO_new(BIO_s_mem())) == NULL ||
#  116|   	    (g = EC_KEY_get0_group(key)) == NULL ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def409]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:115:20: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:233:1: enter_function: entry to ‘sk_enroll’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:242:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:246:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:249:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:249:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:253:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:256:21: call_function: calling ‘pack_key_ecdsa’ from ‘sk_enroll’
#  113|   	}
#  114|   	EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE);
#  115|-> 	if ((bio = BIO_new(BIO_s_mem())) == NULL ||
#  116|   	    (g = EC_KEY_get0_group(key)) == NULL ||
#  117|   	    (q = EC_KEY_get0_public_key(key)) == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def410]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:116:18: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:233:1: enter_function: entry to ‘sk_enroll’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:242:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:246:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:249:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:249:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:253:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:256:21: call_function: calling ‘pack_key_ecdsa’ from ‘sk_enroll’
#  114|   	EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE);
#  115|   	if ((bio = BIO_new(BIO_s_mem())) == NULL ||
#  116|-> 	    (g = EC_KEY_get0_group(key)) == NULL ||
#  117|   	    (q = EC_KEY_get0_public_key(key)) == NULL) {
#  118|   		skdebug(__func__, "couldn't get key parameters");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def411]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:117:18: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:233:1: enter_function: entry to ‘sk_enroll’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:242:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:246:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:249:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:249:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:253:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:256:21: call_function: calling ‘pack_key_ecdsa’ from ‘sk_enroll’
#  115|   	if ((bio = BIO_new(BIO_s_mem())) == NULL ||
#  116|   	    (g = EC_KEY_get0_group(key)) == NULL ||
#  117|-> 	    (q = EC_KEY_get0_public_key(key)) == NULL) {
#  118|   		skdebug(__func__, "couldn't get key parameters");
#  119|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def412]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:121:36: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:233:1: enter_function: entry to ‘sk_enroll’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:242:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:246:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:249:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:249:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:253:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:256:21: call_function: calling ‘pack_key_ecdsa’ from ‘sk_enroll’
#  119|   		goto out;
#  120|   	}
#  121|-> 	response->public_key_len = EC_POINT_point2oct(g, q,
#  122|   	    POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
#  123|   	if (response->public_key_len == 0 || response->public_key_len > 2048) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def413]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:191:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:233:1: enter_function: entry to ‘sk_enroll’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:242:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:246:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:249:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:249:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:253:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:260:21: call_function: calling ‘pack_key_ed25519’ from ‘sk_enroll’
#  189|   	memset(pk, 0, sizeof(pk));
#  190|   	memset(sk, 0, sizeof(sk));
#  191|-> 	crypto_sign_ed25519_keypair(pk, sk);
#  192|   
#  193|   	response->public_key_len = sizeof(pk);

Error: GCC_ANALYZER_WARNING (CWE-415): [#def414]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:279:17: warning[-Wanalyzer-double-free]: double-‘free’ of ‘*response.public_key’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:233:1: enter_function: entry to ‘sk_enroll’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:242:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:246:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:249:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:253:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:260:21: call_function: calling ‘pack_key_ed25519’ from ‘sk_enroll’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:260:21: return_function: returning to ‘sk_enroll’ from ‘pack_key_ed25519’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:260:20: branch_true: following ‘true’ branch...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:261:25: branch_true: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:279:17: danger: second ‘free’ here; first ‘free’ was at [(16)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/15)
#  277|    out:
#  278|   	if (response != NULL) {
#  279|-> 		free(response->public_key);
#  280|   		free(response->key_handle);
#  281|   		free(response->signature);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def415]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:325:20: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:481:1: enter_function: entry to ‘sk_sign’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:491:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:495:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:502:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:509:21: call_function: calling ‘sig_ecdsa’ from ‘sk_sign’
#  323|   
#  324|   	/* Decode EC_KEY from key handle */
#  325|-> 	if ((bio = BIO_new(BIO_s_mem())) == NULL ||
#  326|   	    BIO_write(bio, key_handle, key_handle_len) != (int)key_handle_len) {
#  327|   		skdebug(__func__, "BIO setup failed");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def416]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:326:13: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:481:1: enter_function: entry to ‘sk_sign’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:491:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:495:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:502:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:509:21: call_function: calling ‘sig_ecdsa’ from ‘sk_sign’
#  324|   	/* Decode EC_KEY from key handle */
#  325|   	if ((bio = BIO_new(BIO_s_mem())) == NULL ||
#  326|-> 	    BIO_write(bio, key_handle, key_handle_len) != (int)key_handle_len) {
#  327|   		skdebug(__func__, "BIO setup failed");
#  328|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def417]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:330:19: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:481:1: enter_function: entry to ‘sk_sign’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:491:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:495:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:502:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:509:21: call_function: calling ‘sig_ecdsa’ from ‘sk_sign’
#  328|   		goto out;
#  329|   	}
#  330|-> 	if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, "")) == NULL) {
#  331|   		skdebug(__func__, "PEM_read_bio_PrivateKey failed");
#  332|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def418]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:335:17: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:481:1: enter_function: entry to ‘sk_sign’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:491:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:495:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:502:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:509:21: call_function: calling ‘sig_ecdsa’ from ‘sk_sign’
#  333|   	}
#  334|   	if (EVP_PKEY_base_id(pk) != EVP_PKEY_EC) {
#  335|-> 		skdebug(__func__, "Not an EC key: %d", EVP_PKEY_base_id(pk));
#  336|   		goto out;
#  337|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def419]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:338:19: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:481:1: enter_function: entry to ‘sk_sign’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:491:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:495:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:502:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:509:21: call_function: calling ‘sig_ecdsa’ from ‘sk_sign’
#  336|   		goto out;
#  337|   	}
#  338|-> 	if ((ec = EVP_PKEY_get1_EC_KEY(pk)) == NULL) {
#  339|   		skdebug(__func__, "EVP_PKEY_get1_EC_KEY failed");
#  340|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def420]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:349:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:481:1: enter_function: entry to ‘sk_sign’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:491:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:495:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:502:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:509:21: call_function: calling ‘sig_ecdsa’ from ‘sk_sign’
#  347|   	/* Prepare data to be signed */
#  348|   	dump("message", message, message_len);
#  349|-> 	SHA256Init(&ctx);
#  350|   	SHA256Update(&ctx, (const u_char *)application, strlen(application));
#  351|   	SHA256Final(apphash, &ctx);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def421]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:428:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:481:1: enter_function: entry to ‘sk_sign’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:491:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:495:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:502:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:515:21: call_function: calling ‘sig_ed25519’ from ‘sk_sign’
#  426|   	/* Prepare data to be signed */
#  427|   	dump("message", message, message_len);
#  428|-> 	SHA256Init(&ctx);
#  429|   	SHA256Update(&ctx, (const u_char *)application, strlen(application));
#  430|   	SHA256Final(apphash, &ctx);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def422]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:429:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:481:1: enter_function: entry to ‘sk_sign’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:491:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:495:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:502:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:515:21: call_function: calling ‘sig_ed25519’ from ‘sk_sign’
#  427|   	dump("message", message, message_len);
#  428|   	SHA256Init(&ctx);
#  429|-> 	SHA256Update(&ctx, (const u_char *)application, strlen(application));
#  430|   	SHA256Final(apphash, &ctx);
#  431|   	dump("apphash", apphash, sizeof(apphash));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def423]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:430:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:481:1: enter_function: entry to ‘sk_sign’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:491:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:495:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:502:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:515:21: call_function: calling ‘sig_ed25519’ from ‘sk_sign’
#  428|   	SHA256Init(&ctx);
#  429|   	SHA256Update(&ctx, (const u_char *)application, strlen(application));
#  430|-> 	SHA256Final(apphash, &ctx);
#  431|   	dump("apphash", apphash, sizeof(apphash));
#  432|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def424]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:450:13: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:481:1: enter_function: entry to ‘sk_sign’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:491:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:495:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:502:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:515:21: call_function: calling ‘sig_ed25519’ from ‘sk_sign’
#  448|   	/* create and encode signature */
#  449|   	smlen = sizeof(signbuf);
#  450|-> 	if (crypto_sign_ed25519(sig, &smlen, signbuf, sizeof(signbuf),
#  451|   	    key_handle) != 0) {
#  452|   		skdebug(__func__, "crypto_sign_ed25519 failed");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def425]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:502:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:491:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:495:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:502:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:502:9: throw: if ‘SHA256_Init’ throws an exception...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:502:9: danger: ‘response’ leaks here; was allocated at [(3)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/2)
#  500|   		goto out;
#  501|   	}
#  502|-> 	SHA256Init(&ctx);
#  503|   	SHA256Update(&ctx, data, datalen);
#  504|   	SHA256Final(message, &ctx);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def426]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:503:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:491:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:495:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:502:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:503:9: throw: if ‘SHA256_Update’ throws an exception...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:503:9: danger: ‘response’ leaks here; was allocated at [(3)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/2)
#  501|   	}
#  502|   	SHA256Init(&ctx);
#  503|-> 	SHA256Update(&ctx, data, datalen);
#  504|   	SHA256Final(message, &ctx);
#  505|   	response->flags = flags;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def427]
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:504:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:491:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:495:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:25: acquire_memory: allocated here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:498:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:502:9: branch_false: ...to here
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:504:9: throw: if ‘SHA256_Final’ throws an exception...
openssh-10.2p1/regress/misc/sk-dummy/sk-dummy.c:504:9: danger: ‘response’ leaks here; was allocated at [(3)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/2)
#  502|   	SHA256Init(&ctx);
#  503|   	SHA256Update(&ctx, data, datalen);
#  504|-> 	SHA256Final(message, &ctx);
#  505|   	response->flags = flags;
#  506|   	response->counter = 0x12345678;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def428]
openssh-10.2p1/scp.c:971:25: warning[-Wanalyzer-malloc-leak]: leak of ‘active’
openssh-10.2p1/scp.c:1665:1: enter_function: entry to ‘sink’
openssh-10.2p1/scp.c:1693:12: branch_false: following ‘false’ branch (when ‘argc == 1’)...
openssh-10.2p1/scp.c:1697:9: branch_false: ...to here
openssh-10.2p1/scp.c:1704:12: branch_true: following ‘true’ branch...
openssh-10.2p1/scp.c:1709:21: call_function: calling ‘brace_expand’ from ‘sink’
#  969|   		}
#  970|   		if (invalid)
#  971|-> 			fatal_f("invalid brace pattern \"%s\"", cp);
#  972|   		if (expanded) {
#  973|   			/*

Error: COMPILER_WARNING: [#def429]
openssh-10.2p1/scp.c: scope_hint: In function ‘rsource’
openssh-10.2p1/scp.c:1546:56: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 2 and 4095
# 1546 |                 (void) snprintf(path, sizeof path, "%s/%s", name, dp->d_name);
#      |                                                        ^~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 2 and 4350 bytes into a destination of size 4096
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
# 1544|   			continue;
# 1545|   		}
# 1546|-> 		(void) snprintf(path, sizeof path, "%s/%s", name, dp->d_name);
# 1547|   		vect[0] = path;
# 1548|   		source(1, vect);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def430]
openssh-10.2p1/scp.c:2152:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/scp.c:2140:12: branch_false: following ‘false’ branch...
openssh-10.2p1/scp.c:2150:12: branch_true: following ‘true’ branch...
openssh-10.2p1/scp.c:2151:17: branch_true: ...to here
openssh-10.2p1/scp.c:2151:17: acquire_resource: ‘va_start’ called here
openssh-10.2p1/scp.c:2152:17: throw: if ‘vfmprintf’ throws an exception...
openssh-10.2p1/scp.c:2152:17: danger: missing call to ‘va_end’ to match ‘va_start’ at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
# 2150|   	if (!iamremote) {
# 2151|   		va_start(ap, fmt);
# 2152|-> 		vfmprintf(stderr, fmt, ap);
# 2153|   		va_end(ap);
# 2154|   		fprintf(stderr, "\n");

Error: GCC_ANALYZER_WARNING (CWE-404): [#def431]
openssh-10.2p1/scp.c:2185:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/scp.c:2170:12: branch_false: following ‘false’ branch (when ‘fmt’ is non-NULL)...
openssh-10.2p1/scp.c:2179:9: branch_false: ...to here
openssh-10.2p1/scp.c:2181:12: branch_false: following ‘false’ branch...
openssh-10.2p1/scp.c:2184:9: branch_false: ...to here
openssh-10.2p1/scp.c:2184:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/scp.c:2185:9: throw: if ‘vasnmprintf’ throws an exception...
openssh-10.2p1/scp.c:2185:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
# 2183|   
# 2184|   	va_start(ap, fmt);
# 2185|-> 	vasnmprintf(&emsg, INT_MAX, NULL, fmt, ap);
# 2186|   	va_end(ap);
# 2187|   	return -1;

Error: CPPCHECK_WARNING (CWE-401): [#def432]
openssh-10.2p1/sftp-glob.c:171: error[memleakOnRealloc]: Common realloc mistake: 's' nulled but not freed upon failure
#  169|   		if (fudge_stat(s, &sb) == 0 && S_ISDIR(sb.st_mode)) {
#  170|   			/* NOCHECK on a directory; annotate */
#  171|-> 			if ((s = realloc(s, l + 2)) != NULL) {
#  172|   				memcpy(s + l, "/", 2);
#  173|   				pglob->gl_pathv[0] = s;

Error: CPPCHECK_WARNING (CWE-401): [#def433]
openssh-10.2p1/sftp-server.c:829: error[memleakOnRealloc]: Common realloc mistake: 'buf' nulled but not freed upon failure
#  827|   	if (len > buflen) {
#  828|   		debug3_f("allocate %zu => %u", buflen, len);
#  829|-> 		if ((buf = realloc(buf, len)) == NULL)
#  830|   			fatal_f("realloc failed");
#  831|   		buflen = len;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def434]
openssh-10.2p1/sftp-server.c:1121:26: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(path)’
openssh-10.2p1/sftp-server.c:1106:1: enter_function: entry to ‘process_opendir’
openssh-10.2p1/sftp-server.c:1112:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp-server.c:1115:9: branch_false: ...to here
openssh-10.2p1/sftp-server.c:1117:16: acquire_memory: allocated here
openssh-10.2p1/sftp-server.c:1118:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp-server.c:1121:26: branch_false: ...to here
openssh-10.2p1/sftp-server.c:1121:26: call_function: calling ‘handle_new’ from ‘process_opendir’
# 1119|   		status = errno_to_portable(errno);
# 1120|   	} else {
# 1121|-> 		handle = handle_new(HANDLE_DIR, path, 0, 0, dirp);
# 1122|   		if (handle < 0) {
# 1123|   			closedir(dirp);

Error: COMPILER_WARNING: [#def435]
openssh-10.2p1/sftp.c: scope_hint: In function ‘parse_dispatch_command’
openssh-10.2p1/sftp.c:1084:61: warning[-Wformat-truncation=]: ‘%3llu’ directive output may be truncated writing between 3 and 20 bytes into a region of size 16
# 1084 |                 snprintf(s_icapacity, sizeof(s_icapacity), "%3llu%%",
#      |                                                             ^~~~~
openssh-10.2p1/sftp.c:1084:60: note: directive argument in the range [0, 18446744073709551612]
# 1084 |                 snprintf(s_icapacity, sizeof(s_icapacity), "%3llu%%",
#      |                                                            ^~~~~~~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 5 and 22 bytes into a destination of size 16
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
# 1082|   		strlcpy(s_icapacity, "ERR", sizeof(s_icapacity));
# 1083|   	else {
# 1084|-> 		snprintf(s_icapacity, sizeof(s_icapacity), "%3llu%%",
# 1085|   		    (unsigned long long)(100 * (st.f_files - st.f_ffree) /
# 1086|   		    st.f_files));

Error: COMPILER_WARNING: [#def436]
openssh-10.2p1/sftp.c: scope_hint: In function ‘parse_dispatch_command’
openssh-10.2p1/sftp.c:1091:61: warning[-Wformat-truncation=]: ‘%3llu’ directive output may be truncated writing between 3 and 20 bytes into a region of size 16
# 1091 |                 snprintf(s_dcapacity, sizeof(s_dcapacity), "%3llu%%",
#      |                                                             ^~~~~
openssh-10.2p1/sftp.c:1091:60: note: directive argument in the range [0, 18446744073709551612]
# 1091 |                 snprintf(s_dcapacity, sizeof(s_dcapacity), "%3llu%%",
#      |                                                            ^~~~~~~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 5 and 22 bytes into a destination of size 16
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
# 1089|   		strlcpy(s_dcapacity, "ERR", sizeof(s_dcapacity));
# 1090|   	else {
# 1091|-> 		snprintf(s_dcapacity, sizeof(s_dcapacity), "%3llu%%",
# 1092|   		    (unsigned long long)(100 * (st.f_blocks - st.f_bfree) /
# 1093|   		    st.f_blocks));

Error: GCC_ANALYZER_WARNING (CWE-476): [#def437]
openssh-10.2p1/sftp.c:2160:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openssh-10.2p1/sftp.c:2129:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2133:18: branch_false: ...to here
openssh-10.2p1/sftp.c:2154:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2158:19: branch_false: ...to here
openssh-10.2p1/sftp.c:2158:19: branch_true: following ‘true’ branch...
openssh-10.2p1/sftp.c:2160:21: danger: dereference of NULL ‘makeargv(xmalloc((long unsigned int)(len + 1)), &argc, 1, 0, 0)’
# 2158|   	} else if (carg == 1 && cursor > 0 && line[cursor - 1] != ' ')  {
# 2159|   		/* Handle the command parsing */
# 2160|-> 		if (complete_cmd_parse(el, argv[0], argc == carg,
# 2161|   		    quote, terminated) != 0)
# 2162|   			ret = CC_REDISPLAY;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def438]
openssh-10.2p1/sftp.c:2185:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openssh-10.2p1/sftp.c:2129:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2133:18: branch_false: ...to here
openssh-10.2p1/sftp.c:2154:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2158:19: branch_false: ...to here
openssh-10.2p1/sftp.c:2163:19: branch_true: following ‘true’ branch...
openssh-10.2p1/sftp.c:2169:20: branch_true: ...to here
openssh-10.2p1/sftp.c:2172:29: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2182:26: branch_false: ...to here
openssh-10.2p1/sftp.c:2185:26: danger: dereference of NULL ‘makeargv(xmalloc((long unsigned int)(len + 1)), &argc, 1, 0, 0)’
# 2183|   			cmdarg++;
# 2184|   
# 2185|-> 		remote = complete_is_remote(argv[0], cmdarg);
# 2186|   
# 2187|   		if ((remote == REMOTE || remote == LOCAL) &&

Error: GCC_ANALYZER_WARNING (CWE-775): [#def439]
openssh-10.2p1/sftp.c:2381:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(c_out, 0)’
openssh-10.2p1/sftp.c:2372:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2374:22: branch_false: ...to here
openssh-10.2p1/sftp.c:2378:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2380:18: branch_false: ...to here
openssh-10.2p1/sftp.c:2380:17: branch_true: following ‘true’ branch...
openssh-10.2p1/sftp.c:2381:22: branch_true: ...to here
openssh-10.2p1/sftp.c:2381:22: acquire_resource: opened here
openssh-10.2p1/sftp.c:2381:20: danger: ‘dup2(c_out, 0)’ leaks here; was opened at [(7)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/6)
# 2379|   		fatal("fork: %s", strerror(errno));
# 2380|   	else if (sshpid == 0) {
# 2381|-> 		if ((dup2(c_in, STDIN_FILENO) == -1) ||
# 2382|   		    (dup2(c_out, STDOUT_FILENO) == -1)) {
# 2383|   			fprintf(stderr, "dup2: %s\n", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def440]
openssh-10.2p1/sftp.c:2381:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(c_out, 1)’
openssh-10.2p1/sftp.c:2372:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2374:22: branch_false: ...to here
openssh-10.2p1/sftp.c:2378:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2380:18: branch_false: ...to here
openssh-10.2p1/sftp.c:2380:17: branch_true: following ‘true’ branch...
openssh-10.2p1/sftp.c:2381:22: branch_true: ...to here
openssh-10.2p1/sftp.c:2381:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2382:22: branch_false: ...to here
openssh-10.2p1/sftp.c:2382:22: acquire_resource: opened here
openssh-10.2p1/sftp.c:2381:21: danger: ‘dup2(c_out, 1)’ leaks here; was opened at [(9)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/8)
# 2379|   		fatal("fork: %s", strerror(errno));
# 2380|   	else if (sshpid == 0) {
# 2381|-> 		if ((dup2(c_in, STDIN_FILENO) == -1) ||
# 2382|   		    (dup2(c_out, STDOUT_FILENO) == -1)) {
# 2383|   			fprintf(stderr, "dup2: %s\n", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def441]
openssh-10.2p1/sftp.c:2387:17: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘in’
openssh-10.2p1/sftp.c:2432:1: enter_function: entry to ‘main’
openssh-10.2p1/sftp.c:2465:16: branch_true: following ‘true’ branch (when ‘ch != -1’)...
openssh-10.2p1/sftp.c:2467:17: branch_true: ...to here
openssh-10.2p1/sftp.c:2597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2600:12: branch_false: ...to here
openssh-10.2p1/sftp.c:2600:12: branch_false: following ‘false’ branch (when ‘noisy == 0’)...
openssh-10.2p1/sftp.c:2603:9: branch_false: ...to here
openssh-10.2p1/sftp.c:2605:12: branch_false: following ‘false’ branch (when ‘sftp_direct’ is non-NULL)...
openssh-10.2p1/sftp.c:2657:26: branch_false: ...to here
openssh-10.2p1/sftp.c:2657:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2659:21: branch_false: ...to here
openssh-10.2p1/sftp.c:2659:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2661:17: branch_false: ...to here
openssh-10.2p1/sftp.c:2661:17: call_function: calling ‘connect_to_server’ from ‘main’
# 2385|   		}
# 2386|   		close(*in);
# 2387|-> 		close(*out);
# 2388|   		close(c_in);
# 2389|   		close(c_out);

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def442]
openssh-10.2p1/sftp.c:2389:17: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘c_out’
openssh-10.2p1/sftp.c:2372:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2374:22: branch_false: ...to here
openssh-10.2p1/sftp.c:2378:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2380:18: branch_false: ...to here
openssh-10.2p1/sftp.c:2380:17: branch_true: following ‘true’ branch...
openssh-10.2p1/sftp.c:2381:22: branch_true: ...to here
openssh-10.2p1/sftp.c:2381:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2382:22: branch_false: ...to here
openssh-10.2p1/sftp.c:2381:21: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2386:17: branch_false: ...to here
openssh-10.2p1/sftp.c:2388:17: release_resource: first ‘close’ here
openssh-10.2p1/sftp.c:2389:17: danger: second ‘close’ here; first ‘close’ was at [(11)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/10)
# 2387|   		close(*out);
# 2388|   		close(c_in);
# 2389|-> 		close(c_out);
# 2390|   
# 2391|   		/*

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def443]
openssh-10.2p1/sftp.c:2413:9: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘c_out’
openssh-10.2p1/sftp.c:2372:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2374:22: branch_false: ...to here
openssh-10.2p1/sftp.c:2378:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2380:18: branch_false: ...to here
openssh-10.2p1/sftp.c:2380:17: branch_false: following ‘false’ branch...
openssh-10.2p1/sftp.c:2405:9: branch_false: ...to here
openssh-10.2p1/sftp.c:2412:9: release_resource: first ‘close’ here
openssh-10.2p1/sftp.c:2413:9: danger: second ‘close’ here; first ‘close’ was at [(7)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/6)
# 2411|   	ssh_signal(SIGCHLD, sigchld_handler);
# 2412|   	close(c_in);
# 2413|-> 	close(c_out);
# 2414|   }
# 2415|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def444]
openssh-10.2p1/sk-usbhid.c:147:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.2p1/sk-usbhid.c:172:1: enter_function: entry to ‘sk_open’
openssh-10.2p1/sk-usbhid.c:177:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:181:19: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:181:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:185:25: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:185:25: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:185:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sk-usbhid.c:190:24: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:190:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sk-usbhid.c:191:17: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:191:17: call_function: calling ‘skdebug’ from ‘sk_open’
#  145|   
#  146|   	va_start(ap, fmt);
#  147|-> 	xvasprintf(&msg, fmt, ap);
#  148|   	va_end(ap);
#  149|   	debug("%s: %s", func, msg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def445]
openssh-10.2p1/sk-usbhid.c:147:9: warning[-Wanalyzer-malloc-leak]: leak of ‘device’
openssh-10.2p1/sk-usbhid.c:1149:1: enter_function: entry to ‘ssh_sk_sign’
openssh-10.2p1/sk-usbhid.c:1164:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:1168:9: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:1169:13: call_function: inlined call to ‘check_sign_load_resident_options’ from ‘ssh_sk_sign’
#  145|   
#  146|   	va_start(ap, fmt);
#  147|-> 	xvasprintf(&msg, fmt, ap);
#  148|   	va_end(ap);
#  149|   	debug("%s: %s", func, msg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def446]
openssh-10.2p1/sk-usbhid.c:147:9: warning[-Wanalyzer-malloc-leak]: leak of ‘skv’
openssh-10.2p1/sk-usbhid.c:220:1: enter_function: entry to ‘sk_openv’
openssh-10.2p1/sk-usbhid.c:227:20: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:227:12: branch_false: following ‘false’ branch (when ‘skv’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:227:12: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:231:21: branch_true: following ‘true’ branch (when ‘i < ndevs’)...
openssh-10.2p1/sk-usbhid.c:232:27: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:232:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sk-usbhid.c:233:25: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:233:25: call_function: calling ‘skdebug’ from ‘sk_openv’
#  145|   
#  146|   	va_start(ap, fmt);
#  147|-> 	xvasprintf(&msg, fmt, ap);
#  148|   	va_end(ap);
#  149|   	debug("%s: %s", func, msg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def447]
openssh-10.2p1/sk-usbhid.c:147:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sk’
openssh-10.2p1/sk-usbhid.c:172:1: enter_function: entry to ‘sk_open’
openssh-10.2p1/sk-usbhid.c:177:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:181:19: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:181:19: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:181:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:185:25: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:185:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sk-usbhid.c:186:17: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:186:17: call_function: calling ‘skdebug’ from ‘sk_open’
#  145|   
#  146|   	va_start(ap, fmt);
#  147|-> 	xvasprintf(&msg, fmt, ap);
#  148|   	va_end(ap);
#  149|   	debug("%s: %s", func, msg);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def448]
openssh-10.2p1/sk-usbhid.c:147:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/sk-usbhid.c:146:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/sk-usbhid.c:147:9: throw: if ‘xvasprintf’ throws an exception...
openssh-10.2p1/sk-usbhid.c:147:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  145|   
#  146|   	va_start(ap, fmt);
#  147|-> 	xvasprintf(&msg, fmt, ap);
#  148|   	va_end(ap);
#  149|   	debug("%s: %s", func, msg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def449]
openssh-10.2p1/sk-usbhid.c:149:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.2p1/sk-usbhid.c:172:1: enter_function: entry to ‘sk_open’
openssh-10.2p1/sk-usbhid.c:177:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:181:19: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:181:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:185:25: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:185:25: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:185:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sk-usbhid.c:190:24: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:190:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sk-usbhid.c:191:17: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:191:17: call_function: calling ‘skdebug’ from ‘sk_open’
#  147|   	xvasprintf(&msg, fmt, ap);
#  148|   	va_end(ap);
#  149|-> 	debug("%s: %s", func, msg);
#  150|   	free(msg);
#  151|   #elif defined(SK_DEBUG)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def450]
openssh-10.2p1/sk-usbhid.c:149:9: warning[-Wanalyzer-malloc-leak]: leak of ‘skv’
openssh-10.2p1/sk-usbhid.c:220:1: enter_function: entry to ‘sk_openv’
openssh-10.2p1/sk-usbhid.c:227:20: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:227:12: branch_false: following ‘false’ branch (when ‘skv’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:227:12: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:231:21: branch_true: following ‘true’ branch (when ‘i < ndevs’)...
openssh-10.2p1/sk-usbhid.c:232:27: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:232:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sk-usbhid.c:233:25: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:233:25: call_function: calling ‘skdebug’ from ‘sk_openv’
#  147|   	xvasprintf(&msg, fmt, ap);
#  148|   	va_end(ap);
#  149|-> 	debug("%s: %s", func, msg);
#  150|   	free(msg);
#  151|   #elif defined(SK_DEBUG)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def451]
openssh-10.2p1/sk-usbhid.c:149:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sk’
openssh-10.2p1/sk-usbhid.c:172:1: enter_function: entry to ‘sk_open’
openssh-10.2p1/sk-usbhid.c:177:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:181:19: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:181:19: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:181:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:185:25: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:185:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sk-usbhid.c:186:17: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:186:17: call_function: calling ‘skdebug’ from ‘sk_open’
#  147|   	xvasprintf(&msg, fmt, ap);
#  148|   	va_end(ap);
#  149|-> 	debug("%s: %s", func, msg);
#  150|   	free(msg);
#  151|   #elif defined(SK_DEBUG)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def452]
openssh-10.2p1/sk-usbhid.c:190:24: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.2p1/sk-usbhid.c:177:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:181:19: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:181:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:185:25: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:185:25: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:185:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sk-usbhid.c:190:24: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:190:24: throw: if ‘fido_dev_new’ throws an exception...
openssh-10.2p1/sk-usbhid.c:190:24: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/4)
#  188|   		return NULL;
#  189|   	}
#  190|-> 	if ((sk->dev = fido_dev_new()) == NULL) {
#  191|   		skdebug(__func__, "fido_dev_new failed");
#  192|   		free(sk->path);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def453]
openssh-10.2p1/sk-usbhid.c:190:24: warning[-Wanalyzer-malloc-leak]: leak of ‘skv’
openssh-10.2p1/sk-usbhid.c:220:1: enter_function: entry to ‘sk_openv’
openssh-10.2p1/sk-usbhid.c:227:20: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:227:12: branch_false: following ‘false’ branch (when ‘skv’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:227:12: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:231:21: branch_true: following ‘true’ branch (when ‘i < ndevs’)...
openssh-10.2p1/sk-usbhid.c:232:27: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:234:41: call_function: calling ‘sk_open’ from ‘sk_openv’
#  188|   		return NULL;
#  189|   	}
#  190|-> 	if ((sk->dev = fido_dev_new()) == NULL) {
#  191|   		skdebug(__func__, "fido_dev_new failed");
#  192|   		free(sk->path);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def454]
openssh-10.2p1/sk-usbhid.c:190:24: warning[-Wanalyzer-malloc-leak]: leak of ‘sk’
openssh-10.2p1/sk-usbhid.c:177:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:181:19: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:181:19: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:181:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:185:25: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:185:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sk-usbhid.c:190:24: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:190:24: throw: if ‘fido_dev_new’ throws an exception...
openssh-10.2p1/sk-usbhid.c:190:24: danger: ‘sk’ leaks here; was allocated at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2)
#  188|   		return NULL;
#  189|   	}
#  190|-> 	if ((sk->dev = fido_dev_new()) == NULL) {
#  191|   		skdebug(__func__, "fido_dev_new failed");
#  192|   		free(sk->path);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def455]
openssh-10.2p1/sk-usbhid.c:196:18: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.2p1/sk-usbhid.c:177:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:181:19: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:181:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:185:25: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:185:25: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:185:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sk-usbhid.c:190:24: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:190:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sk-usbhid.c:196:41: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:196:18: throw: if ‘fido_dev_open’ throws an exception...
openssh-10.2p1/sk-usbhid.c:196:18: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/4)
#  194|   		return NULL;
#  195|   	}
#  196|-> 	if ((r = fido_dev_open(sk->dev, sk->path)) != FIDO_OK) {
#  197|   		skdebug(__func__, "fido_dev_open %s failed: %s", sk->path,
#  198|   		    fido_strerr(r));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def456]
openssh-10.2p1/sk-usbhid.c:196:18: warning[-Wanalyzer-malloc-leak]: leak of ‘skv’
openssh-10.2p1/sk-usbhid.c:220:1: enter_function: entry to ‘sk_openv’
openssh-10.2p1/sk-usbhid.c:227:20: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:227:12: branch_false: following ‘false’ branch (when ‘skv’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:227:12: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:231:21: branch_true: following ‘true’ branch (when ‘i < ndevs’)...
openssh-10.2p1/sk-usbhid.c:232:27: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:234:41: call_function: calling ‘sk_open’ from ‘sk_openv’
#  194|   		return NULL;
#  195|   	}
#  196|-> 	if ((r = fido_dev_open(sk->dev, sk->path)) != FIDO_OK) {
#  197|   		skdebug(__func__, "fido_dev_open %s failed: %s", sk->path,
#  198|   		    fido_strerr(r));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def457]
openssh-10.2p1/sk-usbhid.c:196:18: warning[-Wanalyzer-malloc-leak]: leak of ‘sk’
openssh-10.2p1/sk-usbhid.c:177:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:181:19: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:181:19: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:181:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:185:25: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:185:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sk-usbhid.c:190:24: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:190:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sk-usbhid.c:196:41: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:196:18: throw: if ‘fido_dev_open’ throws an exception...
openssh-10.2p1/sk-usbhid.c:196:18: danger: ‘sk’ leaks here; was allocated at [(3)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/2)
#  194|   		return NULL;
#  195|   	}
#  196|-> 	if ((r = fido_dev_open(sk->dev, sk->path)) != FIDO_OK) {
#  197|   		skdebug(__func__, "fido_dev_open %s failed: %s", sk->path,
#  198|   		    fido_strerr(r));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def458]
openssh-10.2p1/sk-usbhid.c:197:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.2p1/sk-usbhid.c:177:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:181:19: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:181:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:185:25: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:185:25: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:185:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sk-usbhid.c:190:24: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:190:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sk-usbhid.c:196:41: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:196:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sk-usbhid.c:197:17: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:197:17: throw: if ‘fido_strerr’ throws an exception...
openssh-10.2p1/sk-usbhid.c:197:17: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/4)
#  195|   	}
#  196|   	if ((r = fido_dev_open(sk->dev, sk->path)) != FIDO_OK) {
#  197|-> 		skdebug(__func__, "fido_dev_open %s failed: %s", sk->path,
#  198|   		    fido_strerr(r));
#  199|   		fido_dev_free(&sk->dev);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def459]
openssh-10.2p1/sk-usbhid.c:197:17: warning[-Wanalyzer-malloc-leak]: leak of ‘sk’
openssh-10.2p1/sk-usbhid.c:177:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:181:19: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:181:19: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:181:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:185:25: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:185:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sk-usbhid.c:190:24: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:190:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sk-usbhid.c:196:41: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:196:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sk-usbhid.c:197:17: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:197:17: throw: if ‘fido_strerr’ throws an exception...
openssh-10.2p1/sk-usbhid.c:197:17: danger: ‘sk’ leaks here; was allocated at [(3)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/2)
#  195|   	}
#  196|   	if ((r = fido_dev_open(sk->dev, sk->path)) != FIDO_OK) {
#  197|-> 		skdebug(__func__, "fido_dev_open %s failed: %s", sk->path,
#  198|   		    fido_strerr(r));
#  199|   		fido_dev_free(&sk->dev);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def460]
openssh-10.2p1/sk-usbhid.c:199:17: warning[-Wanalyzer-malloc-leak]: leak of ‘sk’
openssh-10.2p1/sk-usbhid.c:177:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:181:19: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:181:19: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:181:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:185:25: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:185:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sk-usbhid.c:190:24: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:190:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sk-usbhid.c:196:41: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:196:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sk-usbhid.c:197:17: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:199:17: throw: if ‘fido_dev_free’ throws an exception...
openssh-10.2p1/sk-usbhid.c:199:17: danger: ‘sk’ leaks here; was allocated at [(3)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/2)
#  197|   		skdebug(__func__, "fido_dev_open %s failed: %s", sk->path,
#  198|   		    fido_strerr(r));
#  199|-> 		fido_dev_free(&sk->dev);
#  200|   		free(sk->path);
#  201|   		free(sk);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def461]
openssh-10.2p1/sk-usbhid.c:212:9: warning[-Wanalyzer-malloc-leak]: leak of ‘skv’
openssh-10.2p1/sk-usbhid.c:220:1: enter_function: entry to ‘sk_openv’
openssh-10.2p1/sk-usbhid.c:227:20: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:227:12: branch_false: following ‘false’ branch (when ‘skv’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:227:12: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:232:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sk-usbhid.c:233:25: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:239:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sk-usbhid.c:239:12: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:240:29: branch_true: following ‘true’ branch (when ‘i < ndevs’)...
openssh-10.2p1/sk-usbhid.c:241:37: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:241:25: call_function: inlined call to ‘sk_close’ from ‘sk_openv’
#  210|   	if (sk == NULL)
#  211|   		return;
#  212|-> 	fido_dev_cancel(sk->dev); /* cancel any pending operation */
#  213|   	fido_dev_close(sk->dev);
#  214|   	fido_dev_free(&sk->dev);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def462]
openssh-10.2p1/sk-usbhid.c:213:9: warning[-Wanalyzer-malloc-leak]: leak of ‘skv’
openssh-10.2p1/sk-usbhid.c:220:1: enter_function: entry to ‘sk_openv’
openssh-10.2p1/sk-usbhid.c:227:20: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:227:12: branch_false: following ‘false’ branch (when ‘skv’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:227:12: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:232:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sk-usbhid.c:233:25: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:239:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sk-usbhid.c:239:12: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:240:29: branch_true: following ‘true’ branch (when ‘i < ndevs’)...
openssh-10.2p1/sk-usbhid.c:241:37: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:241:25: call_function: inlined call to ‘sk_close’ from ‘sk_openv’
#  211|   		return;
#  212|   	fido_dev_cancel(sk->dev); /* cancel any pending operation */
#  213|-> 	fido_dev_close(sk->dev);
#  214|   	fido_dev_free(&sk->dev);
#  215|   	free(sk->path);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def463]
openssh-10.2p1/sk-usbhid.c:214:9: warning[-Wanalyzer-malloc-leak]: leak of ‘skv’
openssh-10.2p1/sk-usbhid.c:220:1: enter_function: entry to ‘sk_openv’
openssh-10.2p1/sk-usbhid.c:227:20: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:227:12: branch_false: following ‘false’ branch (when ‘skv’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:227:12: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:232:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sk-usbhid.c:233:25: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:239:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sk-usbhid.c:239:12: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:240:29: branch_true: following ‘true’ branch (when ‘i < ndevs’)...
openssh-10.2p1/sk-usbhid.c:241:37: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:241:25: call_function: inlined call to ‘sk_close’ from ‘sk_openv’
#  212|   	fido_dev_cancel(sk->dev); /* cancel any pending operation */
#  213|   	fido_dev_close(sk->dev);
#  214|-> 	fido_dev_free(&sk->dev);
#  215|   	free(sk->path);
#  216|   	free(sk);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def464]
openssh-10.2p1/sk-usbhid.c:232:27: warning[-Wanalyzer-malloc-leak]: leak of ‘skv’
openssh-10.2p1/sk-usbhid.c:227:20: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:227:12: branch_false: following ‘false’ branch (when ‘skv’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:227:12: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:231:21: branch_true: following ‘true’ branch (when ‘i < ndevs’)...
openssh-10.2p1/sk-usbhid.c:232:27: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:232:27: throw: if ‘fido_dev_info_ptr’ throws an exception...
openssh-10.2p1/sk-usbhid.c:232:27: danger: ‘skv’ leaks here; was allocated at [(1)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/0)
#  230|   	}
#  231|   	for (i = 0; i < ndevs; i++) {
#  232|-> 		if ((di = fido_dev_info_ptr(devlist, i)) == NULL)
#  233|   			skdebug(__func__, "fido_dev_info_ptr failed");
#  234|   		else if ((skv[*nopen] = sk_open(fido_dev_info_path(di))) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def465]
openssh-10.2p1/sk-usbhid.c:234:41: warning[-Wanalyzer-malloc-leak]: leak of ‘skv’
openssh-10.2p1/sk-usbhid.c:227:20: acquire_memory: allocated here
openssh-10.2p1/sk-usbhid.c:227:12: branch_false: following ‘false’ branch (when ‘skv’ is non-NULL)...
openssh-10.2p1/sk-usbhid.c:227:12: branch_false: ...to here
openssh-10.2p1/sk-usbhid.c:231:21: branch_true: following ‘true’ branch (when ‘i < ndevs’)...
openssh-10.2p1/sk-usbhid.c:232:27: branch_true: ...to here
openssh-10.2p1/sk-usbhid.c:234:41: throw: if ‘fido_dev_info_path’ throws an exception...
openssh-10.2p1/sk-usbhid.c:234:41: danger: ‘skv’ leaks here; was allocated at [(1)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/0)
#  232|   		if ((di = fido_dev_info_ptr(devlist, i)) == NULL)
#  233|   			skdebug(__func__, "fido_dev_info_ptr failed");
#  234|-> 		else if ((skv[*nopen] = sk_open(fido_dev_info_path(di))) == NULL)
#  235|   			skdebug(__func__, "sk_open failed");
#  236|   		else

Error: GCC_ANALYZER_WARNING (CWE-401): [#def466]
openssh-10.2p1/ssh-add.c:286:9: warning[-Wanalyzer-malloc-leak]: leak of ‘pin’
openssh-10.2p1/ssh-add.c:668:1: enter_function: entry to ‘do_file’
openssh-10.2p1/ssh-add.c:673:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-add.c:674:13: branch_true: ...to here
openssh-10.2p1/ssh-add.c:673:13: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-add.c:676:24: branch_true: ...to here
openssh-10.2p1/ssh-add.c:676:24: call_function: calling ‘update_pkcs11_uri’ from ‘do_file’
#  284|   		/* pin is freed in the update_card() */
#  285|   	}
#  286|-> 	pkcs11_uri_cleanup(uri);
#  287|   
#  288|   	return update_card(agent_fd, adding, pkcs11_uri, qflag, 1, 0,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def467]
openssh-10.2p1/ssh-add.c:317:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(filename, 0)’
openssh-10.2p1/ssh-add.c:668:1: enter_function: entry to ‘do_file’
openssh-10.2p1/ssh-add.c:680:12: branch_false: following ‘false’ branch (when ‘deleting == 0’)...
openssh-10.2p1/ssh-add.c:685:21: branch_false: ...to here
openssh-10.2p1/ssh-add.c:685:21: call_function: calling ‘add_file’ from ‘do_file’
#  315|   	 * will occur multiple times, so check perms first and bail if wrong.
#  316|   	 */
#  317|-> 	if (fd != STDIN_FILENO) {
#  318|   		if (sshkey_perm_ok(fd, filename) != 0) {
#  319|   			close(fd);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def468]
openssh-10.2p1/ssh-add.c:318:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(filename, 0)’
openssh-10.2p1/ssh-add.c:668:1: enter_function: entry to ‘do_file’
openssh-10.2p1/ssh-add.c:680:12: branch_false: following ‘false’ branch (when ‘deleting == 0’)...
openssh-10.2p1/ssh-add.c:685:21: branch_false: ...to here
openssh-10.2p1/ssh-add.c:685:21: call_function: calling ‘add_file’ from ‘do_file’
#  316|   	 */
#  317|   	if (fd != STDIN_FILENO) {
#  318|-> 		if (sshkey_perm_ok(fd, filename) != 0) {
#  319|   			close(fd);
#  320|   			return -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def469]
openssh-10.2p1/ssh-add.c:496:18: warning[-Wanalyzer-malloc-leak]: leak of ‘pin’
openssh-10.2p1/ssh-add.c:668:1: enter_function: entry to ‘do_file’
openssh-10.2p1/ssh-add.c:673:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-add.c:674:13: branch_true: ...to here
openssh-10.2p1/ssh-add.c:673:13: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-add.c:676:24: branch_true: ...to here
openssh-10.2p1/ssh-add.c:676:24: call_function: calling ‘update_pkcs11_uri’ from ‘do_file’
#  494|   	}
#  495|   
#  496|-> 	if ((r = ssh_update_card(agent_fd, add, id, pin == NULL ? "" : pin,
#  497|   	    lifetime, confirm, dest_constraints, ndest_constraints,
#  498|   	    cert_only, certs, ncerts)) == 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def470]
openssh-10.2p1/ssh-add.c:505:17: warning[-Wanalyzer-malloc-leak]: leak of ‘pin’
openssh-10.2p1/ssh-add.c:668:1: enter_function: entry to ‘do_file’
openssh-10.2p1/ssh-add.c:673:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-add.c:674:13: branch_true: ...to here
openssh-10.2p1/ssh-add.c:673:13: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-add.c:676:24: branch_true: ...to here
openssh-10.2p1/ssh-add.c:676:24: call_function: calling ‘update_pkcs11_uri’ from ‘do_file’
#  503|   		}
#  504|   	} else {
#  505|-> 		fprintf(stderr, "Could not %s card \"%s\": %s\n",
#  506|   		    add ? "add" : "remove", id, ssh_err(r));
#  507|   		ret = -1;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def471]
openssh-10.2p1/ssh-agent.c:271:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openssh-10.2p1/ssh-agent.c:1519:1: enter_function: entry to ‘add_p11_identity’
openssh-10.2p1/ssh-agent.c:1536:32: call_function: calling ‘dup_dest_constraints’ from ‘add_p11_identity’
#  269|   		    &(out->keys[i]))) != 0)
#  270|   			fatal_fr(r, "copy key");
#  271|-> 		out->key_is_ca[i] = dch->key_is_ca[i];
#  272|   	}
#  273|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def472]
openssh-10.2p1/ssh-agent.c:1578:25: warning[-Wanalyzer-malloc-leak]: leak of ‘module_path’
openssh-10.2p1/ssh-agent.c:2063:1: enter_function: entry to ‘after_poll’
openssh-10.2p1/ssh-agent.c:2068:21: branch_true: following ‘true’ branch (when ‘i < npfd’)...
openssh-10.2p1/ssh-agent.c:2069:24: branch_true: ...to here
openssh-10.2p1/ssh-agent.c:2079:20: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-agent.c:2084:32: branch_false: ...to here
openssh-10.2p1/ssh-agent.c:2097:28: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-agent.c:2098:29: branch_true: ...to here
openssh-10.2p1/ssh-agent.c:2098:29: call_function: calling ‘handle_conn_read’ from ‘after_poll’
# 1576|   	if (module_path != NULL) { /* do not validate default NULL path in URI */
# 1577|   		if (realpath(module_path, canonical_provider) == NULL) {
# 1578|-> 			verbose("failed PKCS#11 provider \"%.100s\": realpath: %s",
# 1579|   			    module_path, strerror(errno));
# 1580|   			free(module_path);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def473]
openssh-10.2p1/ssh-ecdsa-sk.c:178:18: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:234:1: enter_function: entry to ‘ssh_ecdsa_sk_verify’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:291:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:344:28: branch_true: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:344:28: call_function: calling ‘webauthn_check_prepare_hash’ from ‘ssh_ecdsa_sk_verify’
#  176|   	struct sshbuf *chall = NULL, *m = NULL;
#  177|   
#  178|-> 	if ((m = sshbuf_new()) == NULL ||
#  179|   	    (chall = sshbuf_from(data, datalen)) == NULL) {
#  180|   		r = SSH_ERR_ALLOC_FAIL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def474]
openssh-10.2p1/ssh-ecdsa-sk.c:179:22: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:234:1: enter_function: entry to ‘ssh_ecdsa_sk_verify’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:291:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:344:28: branch_true: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:344:28: call_function: calling ‘webauthn_check_prepare_hash’ from ‘ssh_ecdsa_sk_verify’
#  177|   
#  178|   	if ((m = sshbuf_new()) == NULL ||
#  179|-> 	    (chall = sshbuf_from(data, datalen)) == NULL) {
#  180|   		r = SSH_ERR_ALLOC_FAIL;
#  181|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def475]
openssh-10.2p1/ssh-ecdsa-sk.c:189:48: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:234:1: enter_function: entry to ‘ssh_ecdsa_sk_verify’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:291:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:344:28: branch_true: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:344:28: call_function: calling ‘webauthn_check_prepare_hash’ from ‘ssh_ecdsa_sk_verify’
#  187|   	if (strchr(origin, '\"') != NULL ||
#  188|   	    (flags & 0x40) != 0 /* AD */ ||
#  189|-> 	    ((flags & 0x80) == 0 /* ED */) != (sshbuf_len(extensions) == 0)) {
#  190|   		r = SSH_ERR_INVALID_FORMAT;
#  191|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def476]
openssh-10.2p1/ssh-ecdsa-sk.c:203:18: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:234:1: enter_function: entry to ‘ssh_ecdsa_sk_verify’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:291:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:344:28: branch_true: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:344:28: call_function: calling ‘webauthn_check_prepare_hash’ from ‘ssh_ecdsa_sk_verify’
#  201|   #define WEBAUTHN_1	"\",\"origin\":\""
#  202|   #define WEBAUTHN_2	"\""
#  203|-> 	if ((r = sshbuf_put(m, WEBAUTHN_0, sizeof(WEBAUTHN_0) - 1)) != 0 ||
#  204|   	    (r = sshbuf_dtourlb64(chall, m, 0)) != 0 ||
#  205|   	    (r = sshbuf_put(m, WEBAUTHN_1, sizeof(WEBAUTHN_1) - 1)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def477]
openssh-10.2p1/ssh-ecdsa-sk.c:204:18: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:234:1: enter_function: entry to ‘ssh_ecdsa_sk_verify’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:291:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:344:28: branch_true: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:344:28: call_function: calling ‘webauthn_check_prepare_hash’ from ‘ssh_ecdsa_sk_verify’
#  202|   #define WEBAUTHN_2	"\""
#  203|   	if ((r = sshbuf_put(m, WEBAUTHN_0, sizeof(WEBAUTHN_0) - 1)) != 0 ||
#  204|-> 	    (r = sshbuf_dtourlb64(chall, m, 0)) != 0 ||
#  205|   	    (r = sshbuf_put(m, WEBAUTHN_1, sizeof(WEBAUTHN_1) - 1)) != 0 ||
#  206|   	    (r = sshbuf_put(m, origin, strlen(origin))) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def478]
openssh-10.2p1/ssh-ecdsa-sk.c:205:18: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:234:1: enter_function: entry to ‘ssh_ecdsa_sk_verify’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:291:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:344:28: branch_true: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:344:28: call_function: calling ‘webauthn_check_prepare_hash’ from ‘ssh_ecdsa_sk_verify’
#  203|   	if ((r = sshbuf_put(m, WEBAUTHN_0, sizeof(WEBAUTHN_0) - 1)) != 0 ||
#  204|   	    (r = sshbuf_dtourlb64(chall, m, 0)) != 0 ||
#  205|-> 	    (r = sshbuf_put(m, WEBAUTHN_1, sizeof(WEBAUTHN_1) - 1)) != 0 ||
#  206|   	    (r = sshbuf_put(m, origin, strlen(origin))) != 0 ||
#  207|   	    (r = sshbuf_put(m, WEBAUTHN_2, sizeof(WEBAUTHN_2) - 1)) != 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def479]
openssh-10.2p1/ssh-ecdsa-sk.c:206:18: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:234:1: enter_function: entry to ‘ssh_ecdsa_sk_verify’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:291:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:344:28: branch_true: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:344:28: call_function: calling ‘webauthn_check_prepare_hash’ from ‘ssh_ecdsa_sk_verify’
#  204|   	    (r = sshbuf_dtourlb64(chall, m, 0)) != 0 ||
#  205|   	    (r = sshbuf_put(m, WEBAUTHN_1, sizeof(WEBAUTHN_1) - 1)) != 0 ||
#  206|-> 	    (r = sshbuf_put(m, origin, strlen(origin))) != 0 ||
#  207|   	    (r = sshbuf_put(m, WEBAUTHN_2, sizeof(WEBAUTHN_2) - 1)) != 0)
#  208|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def480]
openssh-10.2p1/ssh-ecdsa-sk.c:207:18: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:234:1: enter_function: entry to ‘ssh_ecdsa_sk_verify’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:291:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:344:28: branch_true: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:344:28: call_function: calling ‘webauthn_check_prepare_hash’ from ‘ssh_ecdsa_sk_verify’
#  205|   	    (r = sshbuf_put(m, WEBAUTHN_1, sizeof(WEBAUTHN_1) - 1)) != 0 ||
#  206|   	    (r = sshbuf_put(m, origin, strlen(origin))) != 0 ||
#  207|-> 	    (r = sshbuf_put(m, WEBAUTHN_2, sizeof(WEBAUTHN_2) - 1)) != 0)
#  208|   		goto out;
#  209|   #ifdef DEBUG_SK

Error: GCC_ANALYZER_WARNING (CWE-401): [#def481]
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: throw: if ‘sshbuf_get_cstring’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/8)
#  270|   		goto out;
#  271|   	}
#  272|-> 	if (sshbuf_get_cstring(b, &ktype, NULL) != 0) {
#  273|   		ret = SSH_ERR_INVALID_FORMAT;
#  274|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def482]
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: throw: if ‘sshbuf_froms’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/8)
#  280|   		goto out;
#  281|   	}
#  282|-> 	if (sshbuf_froms(b, &sigbuf) != 0 ||
#  283|   	    sshbuf_get_u8(b, &sig_flags) != 0 ||
#  284|   	    sshbuf_get_u32(b, &sig_counter) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def483]
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: throw: if ‘sshbuf_get_u8’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/8)
#  281|   	}
#  282|   	if (sshbuf_froms(b, &sigbuf) != 0 ||
#  283|-> 	    sshbuf_get_u8(b, &sig_flags) != 0 ||
#  284|   	    sshbuf_get_u32(b, &sig_counter) != 0) {
#  285|   		ret = SSH_ERR_INVALID_FORMAT;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def484]
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: throw: if ‘sshbuf_get_u32’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/8)
#  282|   	if (sshbuf_froms(b, &sigbuf) != 0 ||
#  283|   	    sshbuf_get_u8(b, &sig_flags) != 0 ||
#  284|-> 	    sshbuf_get_u32(b, &sig_counter) != 0) {
#  285|   		ret = SSH_ERR_INVALID_FORMAT;
#  286|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def485]
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: throw: if ‘sshbuf_get_cstring’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/8)
#  287|   	}
#  288|   	if (is_webauthn) {
#  289|-> 		if (sshbuf_get_cstring(b, &webauthn_origin, NULL) != 0 ||
#  290|   		    sshbuf_froms(b, &webauthn_wrapper) != 0 ||
#  291|   		    sshbuf_froms(b, &webauthn_exts) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def486]
openssh-10.2p1/ssh-ecdsa-sk.c:290:21: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:290:21: throw: if ‘sshbuf_froms’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:290:21: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/8)
#  288|   	if (is_webauthn) {
#  289|   		if (sshbuf_get_cstring(b, &webauthn_origin, NULL) != 0 ||
#  290|-> 		    sshbuf_froms(b, &webauthn_wrapper) != 0 ||
#  291|   		    sshbuf_froms(b, &webauthn_exts) != 0) {
#  292|   			ret = SSH_ERR_INVALID_FORMAT;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def487]
openssh-10.2p1/ssh-ecdsa-sk.c:291:21: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:291:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:291:21: throw: if ‘sshbuf_froms’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:291:21: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/8)
#  289|   		if (sshbuf_get_cstring(b, &webauthn_origin, NULL) != 0 ||
#  290|   		    sshbuf_froms(b, &webauthn_wrapper) != 0 ||
#  291|-> 		    sshbuf_froms(b, &webauthn_exts) != 0) {
#  292|   			ret = SSH_ERR_INVALID_FORMAT;
#  293|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def488]
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: throw: if ‘sshbuf_len’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/8)
#  294|   		}
#  295|   	}
#  296|-> 	if (sshbuf_len(b) != 0) {
#  297|   		ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
#  298|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def489]
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: throw: if ‘sshbuf_get_bignum2’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/8)
#  300|   
#  301|   	/* parse signature */
#  302|-> 	if (sshbuf_get_bignum2(sigbuf, &sig_r) != 0 ||
#  303|   	    sshbuf_get_bignum2(sigbuf, &sig_s) != 0) {
#  304|   		ret = SSH_ERR_INVALID_FORMAT;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def490]
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: throw: if ‘sshbuf_get_bignum2’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/8)
#  301|   	/* parse signature */
#  302|   	if (sshbuf_get_bignum2(sigbuf, &sig_r) != 0 ||
#  303|-> 	    sshbuf_get_bignum2(sigbuf, &sig_s) != 0) {
#  304|   		ret = SSH_ERR_INVALID_FORMAT;
#  305|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def491]
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: throw: if ‘sshbuf_len’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/8)
#  305|   		goto out;
#  306|   	}
#  307|-> 	if (sshbuf_len(sigbuf) != 0) {
#  308|   		ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
#  309|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def492]
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: throw: if ‘ECDSA_SIG_new’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/8)
#  326|   	}
#  327|   #endif
#  328|-> 	if ((esig = ECDSA_SIG_new()) == NULL) {
#  329|   		ret = SSH_ERR_ALLOC_FAIL;
#  330|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def493]
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: throw: if ‘ECDSA_SIG_set0’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/8)
#  330|   		goto out;
#  331|   	}
#  332|-> 	if (!ECDSA_SIG_set0(esig, sig_r, sig_s)) {
#  333|   		ret = SSH_ERR_LIBCRYPTO_ERROR;
#  334|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def494]
openssh-10.2p1/ssh-ecdsa-sk.c:339:32: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:32: throw: if ‘sshbuf_new’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:339:32: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/8)
#  337|   
#  338|   	/* Reconstruct data that was supposedly signed */
#  339|-> 	if ((original_signed = sshbuf_new()) == NULL) {
#  340|   		ret = SSH_ERR_ALLOC_FAIL;
#  341|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def495]
openssh-10.2p1/ssh-ecdsa-sk.c:348:27: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:348:27: throw: if ‘ssh_digest_memory’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:348:27: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/8)
#  346|   		    msghash, sizeof(msghash))) != 0)
#  347|   			goto out;
#  348|-> 	} else if ((ret = ssh_digest_memory(SSH_DIGEST_SHA256, data, dlen,
#  349|   	    msghash, sizeof(msghash))) != 0)
#  350|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def496]
openssh-10.2p1/ssh-ecdsa-sk.c:352:20: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:352:20: throw: if ‘ssh_digest_memory’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:352:20: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/8)
#  350|   		goto out;
#  351|   	/* Application value is hashed before signature */
#  352|-> 	if ((ret = ssh_digest_memory(SSH_DIGEST_SHA256, key->sk_application,
#  353|   	    strlen(key->sk_application), apphash, sizeof(apphash))) != 0)
#  354|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def497]
openssh-10.2p1/ssh-ecdsa-sk.c:361:20: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:20: throw: if ‘sshbuf_put’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:361:20: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/8)
#  359|   	sshbuf_dump_data(msghash, sizeof(msghash), stderr);
#  360|   #endif
#  361|-> 	if ((ret = sshbuf_put(original_signed,
#  362|   	    apphash, sizeof(apphash))) != 0 ||
#  363|   	    (ret = sshbuf_put_u8(original_signed, sig_flags)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def498]
openssh-10.2p1/ssh-ecdsa-sk.c:363:20: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:363:20: throw: if ‘sshbuf_put_u8’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:363:20: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/8)
#  361|   	if ((ret = sshbuf_put(original_signed,
#  362|   	    apphash, sizeof(apphash))) != 0 ||
#  363|-> 	    (ret = sshbuf_put_u8(original_signed, sig_flags)) != 0 ||
#  364|   	    (ret = sshbuf_put_u32(original_signed, sig_counter)) != 0 ||
#  365|   	    (ret = sshbuf_putb(original_signed, webauthn_exts)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def499]
openssh-10.2p1/ssh-ecdsa-sk.c:364:20: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:364:20: throw: if ‘sshbuf_put_u32’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:364:20: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/8)
#  362|   	    apphash, sizeof(apphash))) != 0 ||
#  363|   	    (ret = sshbuf_put_u8(original_signed, sig_flags)) != 0 ||
#  364|-> 	    (ret = sshbuf_put_u32(original_signed, sig_counter)) != 0 ||
#  365|   	    (ret = sshbuf_putb(original_signed, webauthn_exts)) != 0 ||
#  366|   	    (ret = sshbuf_put(original_signed, msghash, sizeof(msghash))) != 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def500]
openssh-10.2p1/ssh-ecdsa-sk.c:365:20: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:365:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:365:20: throw: if ‘sshbuf_putb’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:365:20: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/8)
#  363|   	    (ret = sshbuf_put_u8(original_signed, sig_flags)) != 0 ||
#  364|   	    (ret = sshbuf_put_u32(original_signed, sig_counter)) != 0 ||
#  365|-> 	    (ret = sshbuf_putb(original_signed, webauthn_exts)) != 0 ||
#  366|   	    (ret = sshbuf_put(original_signed, msghash, sizeof(msghash))) != 0)
#  367|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def501]
openssh-10.2p1/ssh-ecdsa-sk.c:366:20: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:365:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:366:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:366:20: throw: if ‘sshbuf_put’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:366:20: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/8)
#  364|   	    (ret = sshbuf_put_u32(original_signed, sig_counter)) != 0 ||
#  365|   	    (ret = sshbuf_putb(original_signed, webauthn_exts)) != 0 ||
#  366|-> 	    (ret = sshbuf_put(original_signed, msghash, sizeof(msghash))) != 0)
#  367|   		goto out;
#  368|   	details->sk_counter = sig_counter;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def502]
openssh-10.2p1/ssh-ecdsa-sk.c:375:23: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:365:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:366:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:368:9: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:375:23: throw: if ‘EVP_MD_CTX_new’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:375:23: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/8)
#  373|   #endif
#  374|   
#  375|-> 	if ((md_ctx = EVP_MD_CTX_new()) == NULL) {
#  376|   		ret = SSH_ERR_ALLOC_FAIL;
#  377|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def503]
openssh-10.2p1/ssh-ecdsa-sk.c:379:20: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:365:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:366:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:368:9: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:375:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:379:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:379:20: throw: if ‘i2d_ECDSA_SIG’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:379:20: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/8)
#  377|   		goto out;
#  378|   	}
#  379|-> 	if ((len = i2d_ECDSA_SIG(esig, NULL)) <= 0) {
#  380|   		len = 0;
#  381|   		ret = SSH_ERR_LIBCRYPTO_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def504]
openssh-10.2p1/ssh-ecdsa-sk.c:389:13: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:365:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:366:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:368:9: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:375:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:379:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:379:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:384:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:384:21: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:384:12: branch_false: following ‘false’ branch (when ‘sigb’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:388:9: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:389:13: throw: if ‘i2d_ECDSA_SIG’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:389:13: danger: ‘cp’ leaks here; was allocated at [(57)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/56)
#  387|   	}
#  388|   	cp = sigb; /* ASN1_item_i2d increments the pointer past the object */
#  389|-> 	if (i2d_ECDSA_SIG(esig, &cp) != len) {
#  390|   		ret = SSH_ERR_LIBCRYPTO_ERROR;
#  391|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def505]
openssh-10.2p1/ssh-ecdsa-sk.c:389:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:365:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:366:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:368:9: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:375:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:379:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:379:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:384:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:384:12: branch_false: following ‘false’ branch (when ‘sigb’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:388:9: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:389:13: throw: if ‘i2d_ECDSA_SIG’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:389:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/32/codeFlows/0/threadFlows/0/locations/8)
#  387|   	}
#  388|   	cp = sigb; /* ASN1_item_i2d increments the pointer past the object */
#  389|-> 	if (i2d_ECDSA_SIG(esig, &cp) != len) {
#  390|   		ret = SSH_ERR_LIBCRYPTO_ERROR;
#  391|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def506]
openssh-10.2p1/ssh-ecdsa-sk.c:398:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:365:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:366:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:368:9: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:375:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:379:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:379:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:384:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:384:12: branch_false: following ‘false’ branch (when ‘sigb’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:388:9: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:389:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:399:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:398:13: throw: if ‘EVP_sha256’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:398:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/33/codeFlows/0/threadFlows/0/locations/8)
#  396|   #endif
#  397|   	/* Verify it */
#  398|-> 	if (EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL,
#  399|   	    key->pkey) != 1) {
#  400|   		ret = SSH_ERR_LIBCRYPTO_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def507]
openssh-10.2p1/ssh-ecdsa-sk.c:403:17: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:365:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:366:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:368:9: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:375:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:379:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:379:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:384:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:384:12: branch_false: following ‘false’ branch (when ‘sigb’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:388:9: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:389:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:399:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:398:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:403:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:403:17: throw: if ‘sshbuf_len’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:403:17: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/35/codeFlows/0/threadFlows/0/locations/8)
#  401|   		goto out;
#  402|   	}
#  403|-> 	switch (EVP_DigestVerify(md_ctx, sigb, len,
#  404|   	    sshbuf_ptr(original_signed), sshbuf_len(original_signed))) {
#  405|   	case 1:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def508]
openssh-10.2p1/ssh-ecdsa-sk.c:404:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.2p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:365:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:366:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:368:9: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:375:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:379:20: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:379:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:384:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:384:12: branch_false: following ‘false’ branch (when ‘sigb’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:388:9: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:389:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:399:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:398:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:403:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:404:13: throw: if ‘sshbuf_ptr’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:404:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/37/codeFlows/0/threadFlows/0/locations/8)
#  402|   	}
#  403|   	switch (EVP_DigestVerify(md_ctx, sigb, len,
#  404|-> 	    sshbuf_ptr(original_signed), sshbuf_len(original_signed))) {
#  405|   	case 1:
#  406|   		ret = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def509]
openssh-10.2p1/ssh-ecdsa-sk.c:425:9: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa-sk.c:425:9: throw: if ‘sshkey_sig_details_free’ throws an exception...
openssh-10.2p1/ssh-ecdsa-sk.c:425:9: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/38/codeFlows/0/threadFlows/0/locations/8)
#  423|   	explicit_bzero(msghash, sizeof(msghash));
#  424|   	explicit_bzero(apphash, sizeof(apphash));
#  425|-> 	sshkey_sig_details_free(details);
#  426|   	sshbuf_free(webauthn_wrapper);
#  427|   	sshbuf_free(webauthn_exts);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def510]
openssh-10.2p1/ssh-ecdsa.c:478:13: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
openssh-10.2p1/ssh-ecdsa.c:422:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa.c:422:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa.c:427:51: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa.c:427:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa.c:431:18: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa.c:431:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa.c:433:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa.c:433:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa.c:434:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa.c:433:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa.c:438:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa.c:438:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ecdsa.c:442:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa.c:442:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa.c:448:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa.c:448:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa.c:449:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa.c:448:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa.c:453:13: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa.c:453:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa.c:458:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa.c:458:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa.c:462:14: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa.c:462:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa.c:466:17: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa.c:468:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ecdsa.c:473:21: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa.c:473:21: acquire_memory: allocated here
openssh-10.2p1/ssh-ecdsa.c:473:12: branch_false: following ‘false’ branch (when ‘sigb’ is non-NULL)...
openssh-10.2p1/ssh-ecdsa.c:477:9: branch_false: ...to here
openssh-10.2p1/ssh-ecdsa.c:478:13: throw: if ‘i2d_ECDSA_SIG’ throws an exception...
openssh-10.2p1/ssh-ecdsa.c:478:13: danger: ‘cp’ leaks here; was allocated at [(29)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/28)
#  476|   	}
#  477|   	cp = sigb; /* ASN1_item_i2d increments the pointer past the object */
#  478|-> 	if (i2d_ECDSA_SIG(esig, &cp) != len) {
#  479|   		ret = SSH_ERR_LIBCRYPTO_ERROR;
#  480|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def511]
openssh-10.2p1/ssh-ed25519-sk.c:203:24: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:203:24: throw: if ‘sshbuf_new’ throws an exception...
openssh-10.2p1/ssh-ed25519-sk.c:203:24: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/28)
#  201|   	details->sk_counter = sig_counter;
#  202|   	details->sk_flags = sig_flags;
#  203|-> 	if ((encoded = sshbuf_new()) == NULL) {
#  204|   		r = SSH_ERR_ALLOC_FAIL;
#  205|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def512]
openssh-10.2p1/ssh-ed25519-sk.c:207:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: throw: if ‘sshbuf_put’ throws an exception...
openssh-10.2p1/ssh-ed25519-sk.c:207:13: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/28)
#  205|   		goto out;
#  206|   	}
#  207|-> 	if (sshbuf_put(encoded, sigblob, len) != 0 ||
#  208|   	    sshbuf_put(encoded, apphash, sizeof(apphash)) != 0 ||
#  209|   	    sshbuf_put_u8(encoded, sig_flags) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def513]
openssh-10.2p1/ssh-ed25519-sk.c:208:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:208:13: throw: if ‘sshbuf_put’ throws an exception...
openssh-10.2p1/ssh-ed25519-sk.c:208:13: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/28)
#  206|   	}
#  207|   	if (sshbuf_put(encoded, sigblob, len) != 0 ||
#  208|-> 	    sshbuf_put(encoded, apphash, sizeof(apphash)) != 0 ||
#  209|   	    sshbuf_put_u8(encoded, sig_flags) != 0 ||
#  210|   	    sshbuf_put_u32(encoded, sig_counter) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def514]
openssh-10.2p1/ssh-ed25519-sk.c:209:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:209:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:209:13: throw: if ‘sshbuf_put_u8’ throws an exception...
openssh-10.2p1/ssh-ed25519-sk.c:209:13: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/28)
#  207|   	if (sshbuf_put(encoded, sigblob, len) != 0 ||
#  208|   	    sshbuf_put(encoded, apphash, sizeof(apphash)) != 0 ||
#  209|-> 	    sshbuf_put_u8(encoded, sig_flags) != 0 ||
#  210|   	    sshbuf_put_u32(encoded, sig_counter) != 0 ||
#  211|   	    sshbuf_put(encoded, msghash, sizeof(msghash)) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def515]
openssh-10.2p1/ssh-ed25519-sk.c:210:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:209:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:210:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:210:13: throw: if ‘sshbuf_put_u32’ throws an exception...
openssh-10.2p1/ssh-ed25519-sk.c:210:13: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/28)
#  208|   	    sshbuf_put(encoded, apphash, sizeof(apphash)) != 0 ||
#  209|   	    sshbuf_put_u8(encoded, sig_flags) != 0 ||
#  210|-> 	    sshbuf_put_u32(encoded, sig_counter) != 0 ||
#  211|   	    sshbuf_put(encoded, msghash, sizeof(msghash)) != 0) {
#  212|   		r = SSH_ERR_ALLOC_FAIL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def516]
openssh-10.2p1/ssh-ed25519-sk.c:211:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:209:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:210:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:211:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:211:13: throw: if ‘sshbuf_put’ throws an exception...
openssh-10.2p1/ssh-ed25519-sk.c:211:13: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/28)
#  209|   	    sshbuf_put_u8(encoded, sig_flags) != 0 ||
#  210|   	    sshbuf_put_u32(encoded, sig_counter) != 0 ||
#  211|-> 	    sshbuf_put(encoded, msghash, sizeof(msghash)) != 0) {
#  212|   		r = SSH_ERR_ALLOC_FAIL;
#  213|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def517]
openssh-10.2p1/ssh-ed25519-sk.c:219:14: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:209:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:210:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:211:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:219:14: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:219:14: throw: if ‘sshbuf_ptr’ throws an exception...
openssh-10.2p1/ssh-ed25519-sk.c:219:14: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/28)
#  217|   	sshbuf_dump(encoded, stderr);
#  218|   #endif
#  219|-> 	sm = sshbuf_ptr(encoded);
#  220|   	smlen = sshbuf_len(encoded);
#  221|   	mlen = smlen;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def518]
openssh-10.2p1/ssh-ed25519-sk.c:220:17: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:209:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:210:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:211:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:219:14: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:220:17: throw: if ‘sshbuf_len’ throws an exception...
openssh-10.2p1/ssh-ed25519-sk.c:220:17: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/28)
#  218|   #endif
#  219|   	sm = sshbuf_ptr(encoded);
#  220|-> 	smlen = sshbuf_len(encoded);
#  221|   	mlen = smlen;
#  222|   	if ((m = malloc(smlen)) == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def519]
openssh-10.2p1/ssh-ed25519-sk.c:226:20: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:209:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:210:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:211:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:219:14: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:222:12: branch_false: following ‘false’ branch (when ‘m’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:227:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:226:20: throw: if ‘crypto_sign_ed25519_open’ throws an exception...
openssh-10.2p1/ssh-ed25519-sk.c:226:20: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/28)
#  224|   		goto out;
#  225|   	}
#  226|-> 	if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
#  227|   	    key->ed25519_pk)) != 0) {
#  228|   		debug2_f("crypto_sign_ed25519_open failed: %d", ret);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def520]
openssh-10.2p1/ssh-ed25519-sk.c:226:20: warning[-Wanalyzer-malloc-leak]: leak of ‘m’
openssh-10.2p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:209:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:210:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:211:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:219:14: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:222:18: acquire_memory: allocated here
openssh-10.2p1/ssh-ed25519-sk.c:222:12: branch_false: following ‘false’ branch (when ‘m’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:227:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:226:20: throw: if ‘crypto_sign_ed25519_open’ throws an exception...
openssh-10.2p1/ssh-ed25519-sk.c:226:20: danger: ‘m’ leaks here; was allocated at [(43)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/42)
#  224|   		goto out;
#  225|   	}
#  226|-> 	if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
#  227|   	    key->ed25519_pk)) != 0) {
#  228|   		debug2_f("crypto_sign_ed25519_open failed: %d", ret);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def521]
openssh-10.2p1/ssh-ed25519-sk.c:228:17: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:209:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:210:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:211:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:219:14: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:222:12: branch_false: following ‘false’ branch (when ‘m’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:227:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:226:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:228:17: branch_true: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:228:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-ed25519-sk.c:228:17: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/28)
#  226|   	if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
#  227|   	    key->ed25519_pk)) != 0) {
#  228|-> 		debug2_f("crypto_sign_ed25519_open failed: %d", ret);
#  229|   	}
#  230|   	if (ret != 0 || mlen != smlen - len) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def522]
openssh-10.2p1/ssh-ed25519-sk.c:243:17: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:209:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:210:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:211:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:219:14: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:222:12: branch_false: following ‘false’ branch (when ‘m’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:227:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:226:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:228:17: branch_true: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:243:17: throw: if ‘freezero’ throws an exception...
openssh-10.2p1/ssh-ed25519-sk.c:243:17: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/28)
#  241|    out:
#  242|   	if (m != NULL)
#  243|-> 		freezero(m, smlen); /* NB mlen may be invalid if r != 0 */
#  244|   	sshkey_sig_details_free(details);
#  245|   	sshbuf_free(b);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def523]
openssh-10.2p1/ssh-ed25519-sk.c:244:9: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.2p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.2p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.2p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:203:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-ed25519-sk.c:205:17: branch_true: ...to here
openssh-10.2p1/ssh-ed25519-sk.c:244:9: throw: if ‘sshkey_sig_details_free’ throws an exception...
openssh-10.2p1/ssh-ed25519-sk.c:244:9: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/28)
#  242|   	if (m != NULL)
#  243|   		freezero(m, smlen); /* NB mlen may be invalid if r != 0 */
#  244|-> 	sshkey_sig_details_free(details);
#  245|   	sshbuf_free(b);
#  246|   	sshbuf_free(encoded);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def524]
openssh-10.2p1/ssh-ed25519.c:175:20: warning[-Wanalyzer-malloc-leak]: leak of ‘sig’
openssh-10.2p1/ssh-ed25519.c:162:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/ssh-ed25519.c:163:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:162:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:164:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:162:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:162:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:162:13: branch_false: following ‘false’ branch (when ‘datalen <= 2147483582’)...
openssh-10.2p1/ssh-ed25519.c:167:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:167:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:171:17: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:172:20: acquire_memory: allocated here
openssh-10.2p1/ssh-ed25519.c:172:12: branch_false: following ‘false’ branch (when ‘sig’ is non-NULL)...
openssh-10.2p1/ssh-ed25519.c:176:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:175:20: throw: if ‘crypto_sign_ed25519’ throws an exception...
openssh-10.2p1/ssh-ed25519.c:175:20: danger: ‘sig’ leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10)
#  173|   		return SSH_ERR_ALLOC_FAIL;
#  174|   
#  175|-> 	if ((ret = crypto_sign_ed25519(sig, &smlen, data, datalen,
#  176|   	    key->ed25519_sk)) != 0 || smlen <= datalen) {
#  177|   		r = SSH_ERR_INVALID_ARGUMENT; /* XXX better error? */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def525]
openssh-10.2p1/ssh-ed25519.c:286:20: warning[-Wanalyzer-malloc-leak]: leak of ‘m’
openssh-10.2p1/ssh-ed25519.c:246:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/ssh-ed25519.c:247:31: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:248:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:249:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: following ‘false’ branch (when ‘siglen != 0’)...
openssh-10.2p1/ssh-ed25519.c:252:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:252:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:257:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:259:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:259:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:260:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:259:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:262:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ed25519.c:266:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:270:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:270:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:278:9: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:280:12: branch_false: following ‘false’ branch (when ‘sm’ is non-NULL)...
openssh-10.2p1/ssh-ed25519.c:280:50: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:280:50: acquire_memory: allocated here
openssh-10.2p1/ssh-ed25519.c:280:13: branch_false: following ‘false’ branch (when ‘m’ is non-NULL)...
openssh-10.2p1/ssh-ed25519.c:284:9: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:286:20: throw: if ‘crypto_sign_ed25519_open’ throws an exception...
openssh-10.2p1/ssh-ed25519.c:286:20: danger: ‘m’ leaks here; was allocated at [(27)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/26)
#  284|   	memcpy(sm, sigblob, len);
#  285|   	memcpy(sm+len, data, dlen);
#  286|-> 	if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
#  287|   	    key->ed25519_pk)) != 0) {
#  288|   		debug2_f("crypto_sign_ed25519_open failed: %d", ret);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def526]
openssh-10.2p1/ssh-ed25519.c:286:20: warning[-Wanalyzer-malloc-leak]: leak of ‘sm’
openssh-10.2p1/ssh-ed25519.c:246:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/ssh-ed25519.c:247:31: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:248:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:249:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: following ‘false’ branch (when ‘siglen != 0’)...
openssh-10.2p1/ssh-ed25519.c:252:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:252:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:257:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:259:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:259:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:260:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:259:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:262:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ed25519.c:266:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:270:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:270:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:278:9: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:280:19: acquire_memory: allocated here
openssh-10.2p1/ssh-ed25519.c:280:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:286:20: throw: if ‘crypto_sign_ed25519_open’ throws an exception...
openssh-10.2p1/ssh-ed25519.c:286:20: danger: ‘sm’ leaks here; was allocated at [(25)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/24)
#  284|   	memcpy(sm, sigblob, len);
#  285|   	memcpy(sm+len, data, dlen);
#  286|-> 	if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
#  287|   	    key->ed25519_pk)) != 0) {
#  288|   		debug2_f("crypto_sign_ed25519_open failed: %d", ret);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def527]
openssh-10.2p1/ssh-ed25519.c:288:17: warning[-Wanalyzer-malloc-leak]: leak of ‘sm’
openssh-10.2p1/ssh-ed25519.c:246:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/ssh-ed25519.c:247:31: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:248:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:249:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: following ‘false’ branch (when ‘siglen != 0’)...
openssh-10.2p1/ssh-ed25519.c:252:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:252:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:257:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:259:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:259:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:260:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:259:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:262:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ed25519.c:266:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:270:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:270:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:278:9: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:280:19: acquire_memory: allocated here
openssh-10.2p1/ssh-ed25519.c:280:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:286:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-ed25519.c:288:17: branch_true: ...to here
openssh-10.2p1/ssh-ed25519.c:288:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-ed25519.c:288:17: danger: ‘sm’ leaks here; was allocated at [(25)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/24)
#  286|   	if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
#  287|   	    key->ed25519_pk)) != 0) {
#  288|-> 		debug2_f("crypto_sign_ed25519_open failed: %d", ret);
#  289|   	}
#  290|   	if (ret != 0 || mlen != dlen) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def528]
openssh-10.2p1/ssh-ed25519.c:299:17: warning[-Wanalyzer-malloc-leak]: leak of ‘sm’
openssh-10.2p1/ssh-ed25519.c:246:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.2p1/ssh-ed25519.c:247:31: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:248:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:249:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:246:13: branch_false: following ‘false’ branch (when ‘siglen != 0’)...
openssh-10.2p1/ssh-ed25519.c:252:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:252:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:257:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:257:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:259:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:259:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:260:18: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:259:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:262:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:262:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/ssh-ed25519.c:266:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:266:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:270:13: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:270:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-ed25519.c:278:9: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:280:19: acquire_memory: allocated here
openssh-10.2p1/ssh-ed25519.c:280:12: branch_false: following ‘false’ branch (when ‘sm’ is non-NULL)...
openssh-10.2p1/ssh-ed25519.c:280:50: branch_false: ...to here
openssh-10.2p1/ssh-ed25519.c:280:13: branch_true: following ‘true’ branch (when ‘m’ is NULL)...
openssh-10.2p1/ssh-ed25519.c:282:17: branch_true: ...to here
openssh-10.2p1/ssh-ed25519.c:299:17: throw: if ‘freezero’ throws an exception...
openssh-10.2p1/ssh-ed25519.c:299:17: danger: ‘sm’ leaks here; was allocated at [(25)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/24)
#  297|    out:
#  298|   	if (sm != NULL)
#  299|-> 		freezero(sm, smlen);
#  300|   	if (m != NULL)
#  301|   		freezero(m, smlen); /* NB mlen may be invalid if r != 0 */

Error: COMPILER_WARNING: [#def529]
openssh-10.2p1/ssh-keycat.c:39:9: warning: ‘_GNU_SOURCE’ redefined
#   39 | #define _GNU_SOURCE
#      |         ^~~~~~~~~~~
<command-line>: note: this is the location of the previous definition
#   37|   */
#   38|   
#   39|-> #define _GNU_SOURCE
#   40|   
#   41|   #include "config.h"

Error: COMPILER_WARNING: [#def530]
openssh-10.2p1/ssh-keycat.c:39:9: warning[warning]: ‘_GNU_SOURCE’ redefined
#   37|   */
#   38|   
#   39|-> #define _GNU_SOURCE
#   40|   
#   41|   #include "config.h"

Error: COMPILER_WARNING: [#def531]
openssh-10.2p1/ssh-keygen.c: scope_hint: In function ‘do_convert_to’
openssh-10.2p1/ssh-keygen.c:347:41: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 1024 bytes into a region of size 39
#  347 |             "%u-bit %s, converted by %s@%s from OpenSSH",
#      |                                         ^~
#  348 |             sshkey_size(k), sshkey_type(k),
#  349 |             pw->pw_name, hostname);
#      |                          ~~~~~~~~        
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output 36 or more bytes (assuming 1060) into a destination of size 61
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  345|   	/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
#  346|   	snprintf(comment, sizeof(comment),
#  347|-> 	    "%u-bit %s, converted by %s@%s from OpenSSH",
#  348|   	    sshkey_size(k), sshkey_type(k),
#  349|   	    pw->pw_name, hostname);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def532]
openssh-10.2p1/ssh-keygen.c:586:21: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&identity_file, "r")’
openssh-10.2p1/ssh-keygen.c:606:1: enter_function: entry to ‘do_convert_from_ssh2’
openssh-10.2p1/ssh-keygen.c:615:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:617:19: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:617:19: acquire_resource: opened here
openssh-10.2p1/ssh-keygen.c:617:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:619:9: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:620:24: call_function: calling ‘get_line’ from ‘do_convert_from_ssh2’
#  584|   
#  585|   	line[0] = '\0';
#  586|-> 	while ((c = fgetc(fp)) != EOF) {
#  587|   		if (pos >= len - 1)
#  588|   			fatal("input line too long.");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def533]
openssh-10.2p1/ssh-keygen.c:586:21: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(&identity_file, "r")’
openssh-10.2p1/ssh-keygen.c:606:1: enter_function: entry to ‘do_convert_from_ssh2’
openssh-10.2p1/ssh-keygen.c:615:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:617:19: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:617:19: acquire_memory: allocated here
openssh-10.2p1/ssh-keygen.c:617:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:619:9: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:620:24: call_function: calling ‘get_line’ from ‘do_convert_from_ssh2’
#  584|   
#  585|   	line[0] = '\0';
#  586|-> 	while ((c = fgetc(fp)) != EOF) {
#  587|   		if (pos >= len - 1)
#  588|   			fatal("input line too long.");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def534]
openssh-10.2p1/ssh-keygen.c:587:28: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&identity_file, "r")’
openssh-10.2p1/ssh-keygen.c:606:1: enter_function: entry to ‘do_convert_from_ssh2’
openssh-10.2p1/ssh-keygen.c:615:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:617:19: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:617:19: acquire_resource: opened here
openssh-10.2p1/ssh-keygen.c:617:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:619:9: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:620:24: call_function: calling ‘get_line’ from ‘do_convert_from_ssh2’
#  585|   	line[0] = '\0';
#  586|   	while ((c = fgetc(fp)) != EOF) {
#  587|-> 		if (pos >= len - 1)
#  588|   			fatal("input line too long.");
#  589|   		switch (c) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def535]
openssh-10.2p1/ssh-keygen.c:587:28: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(&identity_file, "r")’
openssh-10.2p1/ssh-keygen.c:606:1: enter_function: entry to ‘do_convert_from_ssh2’
openssh-10.2p1/ssh-keygen.c:615:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:617:19: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:617:19: acquire_memory: allocated here
openssh-10.2p1/ssh-keygen.c:617:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:619:9: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:620:24: call_function: calling ‘get_line’ from ‘do_convert_from_ssh2’
#  585|   	line[0] = '\0';
#  586|   	while ((c = fgetc(fp)) != EOF) {
#  587|-> 		if (pos >= len - 1)
#  588|   			fatal("input line too long.");
#  589|   		switch (c) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def536]
openssh-10.2p1/ssh-keygen.c:665:23: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&identity_file, "r")’
openssh-10.2p1/ssh-keygen.c:663:19: acquire_resource: opened here
openssh-10.2p1/ssh-keygen.c:663:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:665:23: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:665:23: throw: if ‘PEM_read_PUBKEY’ throws an exception...
openssh-10.2p1/ssh-keygen.c:665:23: danger: ‘fopen(&identity_file, "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  663|   	if ((fp = fopen(identity_file, "r")) == NULL)
#  664|   		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
#  665|-> 	if ((pubkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL)) == NULL) {
#  666|   		fatal_f("%s is not a recognised public key format",
#  667|   		    identity_file);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def537]
openssh-10.2p1/ssh-keygen.c:665:23: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(&identity_file, "r")’
openssh-10.2p1/ssh-keygen.c:663:19: acquire_memory: allocated here
openssh-10.2p1/ssh-keygen.c:663:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:665:23: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:665:23: throw: if ‘PEM_read_PUBKEY’ throws an exception...
openssh-10.2p1/ssh-keygen.c:665:23: danger: ‘fopen(&identity_file, "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  663|   	if ((fp = fopen(identity_file, "r")) == NULL)
#  664|   		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
#  665|-> 	if ((pubkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL)) == NULL) {
#  666|   		fatal_f("%s is not a recognised public key format",
#  667|   		    identity_file);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def538]
openssh-10.2p1/ssh-keygen.c:704:20: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&identity_file, "r")’
openssh-10.2p1/ssh-keygen.c:702:19: acquire_resource: opened here
openssh-10.2p1/ssh-keygen.c:702:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:704:20: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:704:20: throw: if ‘PEM_read_RSAPublicKey’ throws an exception...
openssh-10.2p1/ssh-keygen.c:704:20: danger: ‘fopen(&identity_file, "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  702|   	if ((fp = fopen(identity_file, "r")) == NULL)
#  703|   		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
#  704|-> 	if ((rsa = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL)) != NULL) {
#  705|   		if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
#  706|   			fatal("sshkey_new failed");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def539]
openssh-10.2p1/ssh-keygen.c:704:20: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(&identity_file, "r")’
openssh-10.2p1/ssh-keygen.c:702:19: acquire_memory: allocated here
openssh-10.2p1/ssh-keygen.c:702:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:704:20: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:704:20: throw: if ‘PEM_read_RSAPublicKey’ throws an exception...
openssh-10.2p1/ssh-keygen.c:704:20: danger: ‘fopen(&identity_file, "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  702|   	if ((fp = fopen(identity_file, "r")) == NULL)
#  703|   		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
#  704|-> 	if ((rsa = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL)) != NULL) {
#  705|   		if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
#  706|   			fatal("sshkey_new failed");

Error: COMPILER_WARNING: [#def540]
openssh-10.2p1/ssh-keygen.c: scope_hint: In function ‘do_gen_all_hostkeys’
openssh-10.2p1/ssh-keygen.c:1094:55: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 1024 bytes into a region of size 1023
# 1094 |                 snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
#      |                                                       ^~
# 1095 |                     hostname);
#      |                     ~~~~~~~~                           
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output 2 or more bytes (assuming 1026) into a destination of size 1024
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
# 1092|   		if ((r = sshkey_from_private(private, &public)) != 0)
# 1093|   			fatal_fr(r, "sshkey_from_private");
# 1094|-> 		snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
# 1095|   		    hostname);
# 1096|   		if ((r = sshkey_save_private(private, prv_tmp, "",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def541]
openssh-10.2p1/ssh-keygen.c:1322:18: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.out’
openssh-10.2p1/ssh-keygen.c:1288:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:1291:9: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:1302:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-keygen.c:1303:20: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:1304:21: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:1303:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:1305:21: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:1303:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:1306:21: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:1303:21: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:1308:17: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:1309:20: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:1311:32: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:1311:32: acquire_memory: allocated here
openssh-10.2p1/ssh-keygen.c:1311:20: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:1316:34: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:1322:18: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-keygen.c:1322:18: branch_true: ...to here
openssh-10.2p1/ssh-keygen.c:1322:18: throw: if ‘hostkeys_foreach’ throws an exception...
openssh-10.2p1/ssh-keygen.c:1322:18: danger: ‘ctx.out’ leaks here; was allocated at [(15)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/14)
# 1320|   	foreach_options = find_host ? HKF_WANT_MATCH : 0;
# 1321|   	foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0;
# 1322|-> 	if ((r = hostkeys_foreach(identity_file, (find_host || !hash_hosts) ?
# 1323|   	    known_hosts_find_delete : known_hosts_hash, &ctx, name, NULL,
# 1324|   	    foreach_options, 0)) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def542]
openssh-10.2p1/ssh-keygen.c:2968:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘out’
openssh-10.2p1/ssh-keygen.c:2958:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
openssh-10.2p1/ssh-keygen.c:2960:25: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:2960:25: acquire_resource: opened here
openssh-10.2p1/ssh-keygen.c:2960:17: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:2964:9: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:2966:12: branch_true: following ‘true’ branch (when ‘moduli_bits == 0’)...
openssh-10.2p1/ssh-keygen.c:2966:12: branch_true: ...to here
openssh-10.2p1/ssh-keygen.c:2968:13: throw: if ‘gen_candidates’ throws an exception...
openssh-10.2p1/ssh-keygen.c:2968:13: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2)
# 2966|   	if (moduli_bits == 0)
# 2967|   		moduli_bits = DEFAULT_BITS;
# 2968|-> 	if (gen_candidates(out, moduli_bits, start) != 0)
# 2969|   		fatal("modulus candidate generation failed");
# 2970|   #else /* WITH_OPENSSL */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def543]
openssh-10.2p1/ssh-keygen.c:2968:13: warning[-Wanalyzer-malloc-leak]: leak of ‘out’
openssh-10.2p1/ssh-keygen.c:2958:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
openssh-10.2p1/ssh-keygen.c:2960:25: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:2960:25: acquire_memory: allocated here
openssh-10.2p1/ssh-keygen.c:2960:17: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:2964:9: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:2966:12: branch_true: following ‘true’ branch (when ‘moduli_bits == 0’)...
openssh-10.2p1/ssh-keygen.c:2966:12: branch_true: ...to here
openssh-10.2p1/ssh-keygen.c:2968:13: throw: if ‘gen_candidates’ throws an exception...
openssh-10.2p1/ssh-keygen.c:2968:13: danger: ‘out’ leaks here; was allocated at [(3)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/2)
# 2966|   	if (moduli_bits == 0)
# 2967|   		moduli_bits = DEFAULT_BITS;
# 2968|-> 	if (gen_candidates(out, moduli_bits, start) != 0)
# 2969|   		fatal("modulus candidate generation failed");
# 2970|   #else /* WITH_OPENSSL */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def544]
openssh-10.2p1/ssh-keygen.c:3025:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘in’
openssh-10.2p1/ssh-keygen.c:3014:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-keygen.c:3015:27: acquire_resource: opened here
openssh-10.2p1/ssh-keygen.c:3015:20: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:3022:13: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:3022:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
openssh-10.2p1/ssh-keygen.c:3024:25: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:3024:17: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-keygen.c:3025:17: branch_true: ...to here
openssh-10.2p1/ssh-keygen.c:3025:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-keygen.c:3025:17: danger: ‘in’ leaks here; was opened at [(3)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/2)
# 3023|   		out = stdout;
# 3024|   	else if ((out = fopen(out_file, "a")) == NULL) {
# 3025|-> 		fatal("Couldn't open moduli file \"%s\": %s",
# 3026|   		    out_file, strerror(errno));
# 3027|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def545]
openssh-10.2p1/ssh-keygen.c:3025:17: warning[-Wanalyzer-malloc-leak]: leak of ‘in’
openssh-10.2p1/ssh-keygen.c:3014:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-keygen.c:3015:27: acquire_memory: allocated here
openssh-10.2p1/ssh-keygen.c:3015:20: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keygen.c:3022:13: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:3022:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
openssh-10.2p1/ssh-keygen.c:3024:25: branch_false: ...to here
openssh-10.2p1/ssh-keygen.c:3024:17: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-keygen.c:3025:17: branch_true: ...to here
openssh-10.2p1/ssh-keygen.c:3025:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-keygen.c:3025:17: danger: ‘in’ leaks here; was allocated at [(3)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/2)
# 3023|   		out = stdout;
# 3024|   	else if ((out = fopen(out_file, "a")) == NULL) {
# 3025|-> 		fatal("Couldn't open moduli file \"%s\": %s",
# 3026|   		    out_file, strerror(errno));
# 3027|   	}

Error: COMPILER_WARNING: [#def546]
openssh-10.2p1/ssh-keygen.c: scope_hint: In function ‘main’
openssh-10.2p1/ssh-keygen.c:3888:55: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 1024 bytes into a region of size 1023
# 3888 |                 snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname);
#      |                                                       ^~                ~~~~~~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output 2 or more bytes (assuming 1026) into a destination of size 1024
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
# 3886|   	} else {
# 3887|   		/* Create default comment field for the passphrase. */
# 3888|-> 		snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname);
# 3889|   	}
# 3890|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def547]
openssh-10.2p1/ssh-keysign.c:196:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-keysign.c:196:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:196:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/ssh-keysign.c:196:17: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  194|   	/* Leave /dev/null fd iff it is attached to stderr */
#  195|   	if (fd > 2)
#  196|-> 		close(fd);
#  197|   
#  198|   	for (i = 0; i < NUM_KEYTYPES; i++)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def548]
openssh-10.2p1/ssh-keysign.c:203:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:203:23: throw: if ‘open’ throws an exception...
openssh-10.2p1/ssh-keysign.c:203:23: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  201|   	i = 0;
#  202|   	/* XXX This really needs to read sshd_config for the paths */
#  203|-> 	key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
#  204|   	key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
#  205|   	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def549]
openssh-10.2p1/ssh-keysign.c:204:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:204:23: throw: if ‘open’ throws an exception...
openssh-10.2p1/ssh-keysign.c:204:23: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  202|   	/* XXX This really needs to read sshd_config for the paths */
#  203|   	key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
#  204|-> 	key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
#  205|   	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  206|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def550]
openssh-10.2p1/ssh-keysign.c:204:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:203:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:204:23: throw: if ‘open’ throws an exception...
openssh-10.2p1/ssh-keysign.c:204:23: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/8)
#  202|   	/* XXX This really needs to read sshd_config for the paths */
#  203|   	key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
#  204|-> 	key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
#  205|   	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  206|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def551]
openssh-10.2p1/ssh-keysign.c:205:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:205:23: throw: if ‘open’ throws an exception...
openssh-10.2p1/ssh-keysign.c:205:23: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  203|   	key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
#  204|   	key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
#  205|-> 	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  206|   
#  207|   	if ((pw = getpwuid(getuid())) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def552]
openssh-10.2p1/ssh-keysign.c:205:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:203:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:205:23: throw: if ‘open’ throws an exception...
openssh-10.2p1/ssh-keysign.c:205:23: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/8)
#  203|   	key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
#  204|   	key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
#  205|-> 	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  206|   
#  207|   	if ((pw = getpwuid(getuid())) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def553]
openssh-10.2p1/ssh-keysign.c:205:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:204:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:205:23: throw: if ‘open’ throws an exception...
openssh-10.2p1/ssh-keysign.c:205:23: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/8)
#  203|   	key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
#  204|   	key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
#  205|-> 	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  206|   
#  207|   	if ((pw = getpwuid(getuid())) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def554]
openssh-10.2p1/ssh-keysign.c:207:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:207:19: throw: if ‘getpwuid’ throws an exception...
openssh-10.2p1/ssh-keysign.c:207:19: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
#  205|   	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  206|   
#  207|-> 	if ((pw = getpwuid(getuid())) == NULL)
#  208|   		fatal("getpwuid failed");
#  209|   	pw = pwcopy(pw);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def555]
openssh-10.2p1/ssh-keysign.c:207:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:203:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:19: throw: if ‘getpwuid’ throws an exception...
openssh-10.2p1/ssh-keysign.c:207:19: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/8)
#  205|   	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  206|   
#  207|-> 	if ((pw = getpwuid(getuid())) == NULL)
#  208|   		fatal("getpwuid failed");
#  209|   	pw = pwcopy(pw);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def556]
openssh-10.2p1/ssh-keysign.c:207:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:204:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:19: throw: if ‘getpwuid’ throws an exception...
openssh-10.2p1/ssh-keysign.c:207:19: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/8)
#  205|   	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  206|   
#  207|-> 	if ((pw = getpwuid(getuid())) == NULL)
#  208|   		fatal("getpwuid failed");
#  209|   	pw = pwcopy(pw);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def557]
openssh-10.2p1/ssh-keysign.c:207:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:205:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:19: throw: if ‘getpwuid’ throws an exception...
openssh-10.2p1/ssh-keysign.c:207:19: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/8)
#  205|   	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  206|   
#  207|-> 	if ((pw = getpwuid(getuid())) == NULL)
#  208|   		fatal("getpwuid failed");
#  209|   	pw = pwcopy(pw);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def558]
openssh-10.2p1/ssh-keysign.c:208:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:207:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-keysign.c:208:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:208:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-keysign.c:208:17: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2)
#  206|   
#  207|   	if ((pw = getpwuid(getuid())) == NULL)
#  208|-> 		fatal("getpwuid failed");
#  209|   	pw = pwcopy(pw);
#  210|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def559]
openssh-10.2p1/ssh-keysign.c:208:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:203:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-keysign.c:208:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:208:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-keysign.c:208:17: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/8)
#  206|   
#  207|   	if ((pw = getpwuid(getuid())) == NULL)
#  208|-> 		fatal("getpwuid failed");
#  209|   	pw = pwcopy(pw);
#  210|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def560]
openssh-10.2p1/ssh-keysign.c:208:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:204:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-keysign.c:208:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:208:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-keysign.c:208:17: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/8)
#  206|   
#  207|   	if ((pw = getpwuid(getuid())) == NULL)
#  208|-> 		fatal("getpwuid failed");
#  209|   	pw = pwcopy(pw);
#  210|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def561]
openssh-10.2p1/ssh-keysign.c:208:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:205:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-keysign.c:208:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:208:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-keysign.c:208:17: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/8)
#  206|   
#  207|   	if ((pw = getpwuid(getuid())) == NULL)
#  208|-> 		fatal("getpwuid failed");
#  209|   	pw = pwcopy(pw);
#  210|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def562]
openssh-10.2p1/ssh-keysign.c:209:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:209:14: throw: if ‘pwcopy’ throws an exception...
openssh-10.2p1/ssh-keysign.c:209:14: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/2)
#  207|   	if ((pw = getpwuid(getuid())) == NULL)
#  208|   		fatal("getpwuid failed");
#  209|-> 	pw = pwcopy(pw);
#  210|   
#  211|   	permanently_set_uid(pw);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def563]
openssh-10.2p1/ssh-keysign.c:209:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:203:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:209:14: throw: if ‘pwcopy’ throws an exception...
openssh-10.2p1/ssh-keysign.c:209:14: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/8)
#  207|   	if ((pw = getpwuid(getuid())) == NULL)
#  208|   		fatal("getpwuid failed");
#  209|-> 	pw = pwcopy(pw);
#  210|   
#  211|   	permanently_set_uid(pw);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def564]
openssh-10.2p1/ssh-keysign.c:209:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:204:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:209:14: throw: if ‘pwcopy’ throws an exception...
openssh-10.2p1/ssh-keysign.c:209:14: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/8)
#  207|   	if ((pw = getpwuid(getuid())) == NULL)
#  208|   		fatal("getpwuid failed");
#  209|-> 	pw = pwcopy(pw);
#  210|   
#  211|   	permanently_set_uid(pw);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def565]
openssh-10.2p1/ssh-keysign.c:209:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:205:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:209:14: throw: if ‘pwcopy’ throws an exception...
openssh-10.2p1/ssh-keysign.c:209:14: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/8)
#  207|   	if ((pw = getpwuid(getuid())) == NULL)
#  208|   		fatal("getpwuid failed");
#  209|-> 	pw = pwcopy(pw);
#  210|   
#  211|   	permanently_set_uid(pw);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def566]
openssh-10.2p1/ssh-keysign.c:211:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:211:9: throw: if ‘permanently_set_uid’ throws an exception...
openssh-10.2p1/ssh-keysign.c:211:9: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/2)
#  209|   	pw = pwcopy(pw);
#  210|   
#  211|-> 	permanently_set_uid(pw);
#  212|   
#  213|   	seed_rng();

Error: GCC_ANALYZER_WARNING (CWE-775): [#def567]
openssh-10.2p1/ssh-keysign.c:211:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:203:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:211:9: throw: if ‘permanently_set_uid’ throws an exception...
openssh-10.2p1/ssh-keysign.c:211:9: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/8)
#  209|   	pw = pwcopy(pw);
#  210|   
#  211|-> 	permanently_set_uid(pw);
#  212|   
#  213|   	seed_rng();

Error: GCC_ANALYZER_WARNING (CWE-775): [#def568]
openssh-10.2p1/ssh-keysign.c:211:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:204:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:211:9: throw: if ‘permanently_set_uid’ throws an exception...
openssh-10.2p1/ssh-keysign.c:211:9: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/8)
#  209|   	pw = pwcopy(pw);
#  210|   
#  211|-> 	permanently_set_uid(pw);
#  212|   
#  213|   	seed_rng();

Error: GCC_ANALYZER_WARNING (CWE-775): [#def569]
openssh-10.2p1/ssh-keysign.c:211:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:205:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:211:9: throw: if ‘permanently_set_uid’ throws an exception...
openssh-10.2p1/ssh-keysign.c:211:9: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/8)
#  209|   	pw = pwcopy(pw);
#  210|   
#  211|-> 	permanently_set_uid(pw);
#  212|   
#  213|   	seed_rng();

Error: GCC_ANALYZER_WARNING (CWE-775): [#def570]
openssh-10.2p1/ssh-keysign.c:213:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:213:9: throw: if ‘seed_rng’ throws an exception...
openssh-10.2p1/ssh-keysign.c:213:9: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/2)
#  211|   	permanently_set_uid(pw);
#  212|   
#  213|-> 	seed_rng();
#  214|   
#  215|   #ifdef DEBUG_SSH_KEYSIGN

Error: GCC_ANALYZER_WARNING (CWE-775): [#def571]
openssh-10.2p1/ssh-keysign.c:213:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:203:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:213:9: throw: if ‘seed_rng’ throws an exception...
openssh-10.2p1/ssh-keysign.c:213:9: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/8)
#  211|   	permanently_set_uid(pw);
#  212|   
#  213|-> 	seed_rng();
#  214|   
#  215|   #ifdef DEBUG_SSH_KEYSIGN

Error: GCC_ANALYZER_WARNING (CWE-775): [#def572]
openssh-10.2p1/ssh-keysign.c:213:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:204:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:213:9: throw: if ‘seed_rng’ throws an exception...
openssh-10.2p1/ssh-keysign.c:213:9: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/8)
#  211|   	permanently_set_uid(pw);
#  212|   
#  213|-> 	seed_rng();
#  214|   
#  215|   #ifdef DEBUG_SSH_KEYSIGN

Error: GCC_ANALYZER_WARNING (CWE-775): [#def573]
openssh-10.2p1/ssh-keysign.c:213:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:205:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:213:9: throw: if ‘seed_rng’ throws an exception...
openssh-10.2p1/ssh-keysign.c:213:9: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/8)
#  211|   	permanently_set_uid(pw);
#  212|   
#  213|-> 	seed_rng();
#  214|   
#  215|   #ifdef DEBUG_SSH_KEYSIGN

Error: GCC_ANALYZER_WARNING (CWE-775): [#def574]
openssh-10.2p1/ssh-keysign.c:220:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:220:9: throw: if ‘initialize_options’ throws an exception...
openssh-10.2p1/ssh-keysign.c:220:9: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/2)
#  218|   
#  219|   	/* verify that ssh-keysign is enabled by the admin */
#  220|-> 	initialize_options(&options);
#  221|   	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  222|   	    &options, 0, NULL);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def575]
openssh-10.2p1/ssh-keysign.c:220:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:203:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:220:9: throw: if ‘initialize_options’ throws an exception...
openssh-10.2p1/ssh-keysign.c:220:9: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/8)
#  218|   
#  219|   	/* verify that ssh-keysign is enabled by the admin */
#  220|-> 	initialize_options(&options);
#  221|   	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  222|   	    &options, 0, NULL);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def576]
openssh-10.2p1/ssh-keysign.c:220:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:204:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:220:9: throw: if ‘initialize_options’ throws an exception...
openssh-10.2p1/ssh-keysign.c:220:9: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/8)
#  218|   
#  219|   	/* verify that ssh-keysign is enabled by the admin */
#  220|-> 	initialize_options(&options);
#  221|   	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  222|   	    &options, 0, NULL);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def577]
openssh-10.2p1/ssh-keysign.c:220:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:205:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:220:9: throw: if ‘initialize_options’ throws an exception...
openssh-10.2p1/ssh-keysign.c:220:9: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/8)
#  218|   
#  219|   	/* verify that ssh-keysign is enabled by the admin */
#  220|-> 	initialize_options(&options);
#  221|   	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  222|   	    &options, 0, NULL);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def578]
openssh-10.2p1/ssh-keysign.c:221:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:221:15: throw: if ‘read_config_file’ throws an exception...
openssh-10.2p1/ssh-keysign.c:221:15: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/2)
#  219|   	/* verify that ssh-keysign is enabled by the admin */
#  220|   	initialize_options(&options);
#  221|-> 	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  222|   	    &options, 0, NULL);
#  223|   	(void)fill_default_options(&options);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def579]
openssh-10.2p1/ssh-keysign.c:221:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:203:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:221:15: throw: if ‘read_config_file’ throws an exception...
openssh-10.2p1/ssh-keysign.c:221:15: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/32/codeFlows/0/threadFlows/0/locations/8)
#  219|   	/* verify that ssh-keysign is enabled by the admin */
#  220|   	initialize_options(&options);
#  221|-> 	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  222|   	    &options, 0, NULL);
#  223|   	(void)fill_default_options(&options);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def580]
openssh-10.2p1/ssh-keysign.c:221:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:204:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:221:15: throw: if ‘read_config_file’ throws an exception...
openssh-10.2p1/ssh-keysign.c:221:15: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/33/codeFlows/0/threadFlows/0/locations/8)
#  219|   	/* verify that ssh-keysign is enabled by the admin */
#  220|   	initialize_options(&options);
#  221|-> 	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  222|   	    &options, 0, NULL);
#  223|   	(void)fill_default_options(&options);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def581]
openssh-10.2p1/ssh-keysign.c:221:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:205:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:221:15: throw: if ‘read_config_file’ throws an exception...
openssh-10.2p1/ssh-keysign.c:221:15: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/34/codeFlows/0/threadFlows/0/locations/8)
#  219|   	/* verify that ssh-keysign is enabled by the admin */
#  220|   	initialize_options(&options);
#  221|-> 	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  222|   	    &options, 0, NULL);
#  223|   	(void)fill_default_options(&options);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def582]
openssh-10.2p1/ssh-keysign.c:223:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:223:15: throw: if ‘fill_default_options’ throws an exception...
openssh-10.2p1/ssh-keysign.c:223:15: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/35/codeFlows/0/threadFlows/0/locations/2)
#  221|   	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  222|   	    &options, 0, NULL);
#  223|-> 	(void)fill_default_options(&options);
#  224|   	if (options.enable_ssh_keysign != 1)
#  225|   		fatal("ssh-keysign not enabled in %s",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def583]
openssh-10.2p1/ssh-keysign.c:223:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:203:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:223:15: throw: if ‘fill_default_options’ throws an exception...
openssh-10.2p1/ssh-keysign.c:223:15: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/36/codeFlows/0/threadFlows/0/locations/8)
#  221|   	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  222|   	    &options, 0, NULL);
#  223|-> 	(void)fill_default_options(&options);
#  224|   	if (options.enable_ssh_keysign != 1)
#  225|   		fatal("ssh-keysign not enabled in %s",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def584]
openssh-10.2p1/ssh-keysign.c:223:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:204:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:223:15: throw: if ‘fill_default_options’ throws an exception...
openssh-10.2p1/ssh-keysign.c:223:15: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/37/codeFlows/0/threadFlows/0/locations/8)
#  221|   	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  222|   	    &options, 0, NULL);
#  223|-> 	(void)fill_default_options(&options);
#  224|   	if (options.enable_ssh_keysign != 1)
#  225|   		fatal("ssh-keysign not enabled in %s",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def585]
openssh-10.2p1/ssh-keysign.c:223:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:205:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:223:15: throw: if ‘fill_default_options’ throws an exception...
openssh-10.2p1/ssh-keysign.c:223:15: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/38/codeFlows/0/threadFlows/0/locations/8)
#  221|   	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  222|   	    &options, 0, NULL);
#  223|-> 	(void)fill_default_options(&options);
#  224|   	if (options.enable_ssh_keysign != 1)
#  225|   		fatal("ssh-keysign not enabled in %s",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def586]
openssh-10.2p1/ssh-keysign.c:225:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:224:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-keysign.c:225:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:225:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-keysign.c:225:17: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/39/codeFlows/0/threadFlows/0/locations/2)
#  223|   	(void)fill_default_options(&options);
#  224|   	if (options.enable_ssh_keysign != 1)
#  225|-> 		fatal("ssh-keysign not enabled in %s",
#  226|   		    _PATH_HOST_CONFIG_FILE);
#  227|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def587]
openssh-10.2p1/ssh-keysign.c:225:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:203:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:224:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-keysign.c:225:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:225:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-keysign.c:225:17: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/40/codeFlows/0/threadFlows/0/locations/8)
#  223|   	(void)fill_default_options(&options);
#  224|   	if (options.enable_ssh_keysign != 1)
#  225|-> 		fatal("ssh-keysign not enabled in %s",
#  226|   		    _PATH_HOST_CONFIG_FILE);
#  227|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def588]
openssh-10.2p1/ssh-keysign.c:225:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:204:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:224:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-keysign.c:225:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:225:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-keysign.c:225:17: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/41/codeFlows/0/threadFlows/0/locations/8)
#  223|   	(void)fill_default_options(&options);
#  224|   	if (options.enable_ssh_keysign != 1)
#  225|-> 		fatal("ssh-keysign not enabled in %s",
#  226|   		    _PATH_HOST_CONFIG_FILE);
#  227|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def589]
openssh-10.2p1/ssh-keysign.c:225:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:205:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:224:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-keysign.c:225:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:225:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-keysign.c:225:17: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/42/codeFlows/0/threadFlows/0/locations/8)
#  223|   	(void)fill_default_options(&options);
#  224|   	if (options.enable_ssh_keysign != 1)
#  225|-> 		fatal("ssh-keysign not enabled in %s",
#  226|   		    _PATH_HOST_CONFIG_FILE);
#  227|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def590]
openssh-10.2p1/ssh-keysign.c:228:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:224:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:228:13: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:228:13: throw: if ‘pledge’ throws an exception...
openssh-10.2p1/ssh-keysign.c:228:13: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/43/codeFlows/0/threadFlows/0/locations/2)
#  226|   		    _PATH_HOST_CONFIG_FILE);
#  227|   
#  228|-> 	if (pledge("stdio dns", NULL) != 0)
#  229|   		fatal("%s: pledge: %s", __progname, strerror(errno));
#  230|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def591]
openssh-10.2p1/ssh-keysign.c:228:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:203:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:224:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:228:13: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:228:13: throw: if ‘pledge’ throws an exception...
openssh-10.2p1/ssh-keysign.c:228:13: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/44/codeFlows/0/threadFlows/0/locations/8)
#  226|   		    _PATH_HOST_CONFIG_FILE);
#  227|   
#  228|-> 	if (pledge("stdio dns", NULL) != 0)
#  229|   		fatal("%s: pledge: %s", __progname, strerror(errno));
#  230|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def592]
openssh-10.2p1/ssh-keysign.c:228:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:204:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:224:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:228:13: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:228:13: throw: if ‘pledge’ throws an exception...
openssh-10.2p1/ssh-keysign.c:228:13: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/45/codeFlows/0/threadFlows/0/locations/8)
#  226|   		    _PATH_HOST_CONFIG_FILE);
#  227|   
#  228|-> 	if (pledge("stdio dns", NULL) != 0)
#  229|   		fatal("%s: pledge: %s", __progname, strerror(errno));
#  230|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def593]
openssh-10.2p1/ssh-keysign.c:228:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:205:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:224:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:228:13: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:228:13: throw: if ‘pledge’ throws an exception...
openssh-10.2p1/ssh-keysign.c:228:13: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/46/codeFlows/0/threadFlows/0/locations/8)
#  226|   		    _PATH_HOST_CONFIG_FILE);
#  227|   
#  228|-> 	if (pledge("stdio dns", NULL) != 0)
#  229|   		fatal("%s: pledge: %s", __progname, strerror(errno));
#  230|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def594]
openssh-10.2p1/ssh-keysign.c:229:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:224:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:228:13: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:228:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-keysign.c:229:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:229:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-keysign.c:229:17: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/47/codeFlows/0/threadFlows/0/locations/2)
#  227|   
#  228|   	if (pledge("stdio dns", NULL) != 0)
#  229|-> 		fatal("%s: pledge: %s", __progname, strerror(errno));
#  230|   
#  231|   	for (i = found = 0; i < NUM_KEYTYPES; i++) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def595]
openssh-10.2p1/ssh-keysign.c:229:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:203:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:224:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:228:13: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:228:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-keysign.c:229:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:229:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-keysign.c:229:17: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/49/codeFlows/0/threadFlows/0/locations/8)
#  227|   
#  228|   	if (pledge("stdio dns", NULL) != 0)
#  229|-> 		fatal("%s: pledge: %s", __progname, strerror(errno));
#  230|   
#  231|   	for (i = found = 0; i < NUM_KEYTYPES; i++) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def596]
openssh-10.2p1/ssh-keysign.c:229:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:204:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:224:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:228:13: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:228:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-keysign.c:229:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:229:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-keysign.c:229:17: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/48/codeFlows/0/threadFlows/0/locations/8)
#  227|   
#  228|   	if (pledge("stdio dns", NULL) != 0)
#  229|-> 		fatal("%s: pledge: %s", __progname, strerror(errno));
#  230|   
#  231|   	for (i = found = 0; i < NUM_KEYTYPES; i++) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def597]
openssh-10.2p1/ssh-keysign.c:229:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.2p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:198:9: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.2p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:205:23: acquire_resource: opened here
openssh-10.2p1/ssh-keysign.c:207:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:209:14: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:224:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-keysign.c:228:13: branch_false: ...to here
openssh-10.2p1/ssh-keysign.c:228:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-keysign.c:229:17: branch_true: ...to here
openssh-10.2p1/ssh-keysign.c:229:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-keysign.c:229:17: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/50/codeFlows/0/threadFlows/0/locations/8)
#  227|   
#  228|   	if (pledge("stdio dns", NULL) != 0)
#  229|-> 		fatal("%s: pledge: %s", __progname, strerror(errno));
#  230|   
#  231|   	for (i = found = 0; i < NUM_KEYTYPES; i++) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def598]
openssh-10.2p1/ssh-pkcs11-client.c:351:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pair[1], 0)’
openssh-10.2p1/ssh-pkcs11-client.c:336:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11-client.c:338:9: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11-client.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11-client.c:343:18: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11-client.c:344:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/ssh-pkcs11-client.c:350:19: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11-client.c:350:19: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/ssh-pkcs11-client.c:351:22: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11-client.c:351:22: acquire_resource: opened here
openssh-10.2p1/ssh-pkcs11-client.c:351:20: danger: ‘dup2(pair[1], 0)’ leaks here; was opened at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#  349|   		return NULL;
#  350|   	} else if (pid == 0) {
#  351|-> 		if ((dup2(pair[1], STDIN_FILENO) == -1) ||
#  352|   		    (dup2(pair[1], STDOUT_FILENO) == -1)) {
#  353|   			fprintf(stderr, "dup2: %s\n", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def599]
openssh-10.2p1/ssh-pkcs11-client.c:351:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pair[1], 1)’
openssh-10.2p1/ssh-pkcs11-client.c:336:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11-client.c:338:9: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11-client.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11-client.c:343:18: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11-client.c:344:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/ssh-pkcs11-client.c:350:19: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11-client.c:350:19: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/ssh-pkcs11-client.c:351:22: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11-client.c:351:20: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11-client.c:352:22: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11-client.c:352:22: acquire_resource: opened here
openssh-10.2p1/ssh-pkcs11-client.c:351:21: danger: ‘dup2(pair[1], 1)’ leaks here; was opened at [(11)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/10)
#  349|   		return NULL;
#  350|   	} else if (pid == 0) {
#  351|-> 		if ((dup2(pair[1], STDIN_FILENO) == -1) ||
#  352|   		    (dup2(pair[1], STDOUT_FILENO) == -1)) {
#  353|   			fprintf(stderr, "dup2: %s\n", strerror(errno));

Error: COMPILER_WARNING (CWE-704): [#def600]
openssh-10.2p1/ssh-pkcs11-uri.c: scope_hint: In function ‘percent_encode’
openssh-10.2p1/ssh-pkcs11-uri.c:137:20: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  137 |                 cp = strchr(allow_list, data[i]);
#      |                    ^
#  135|   		return NULL;
#  136|   	for (i = 0; i < length; i++) {
#  137|-> 		cp = strchr(allow_list, data[i]);
#  138|   		/* if c is specified as '\0' pointer to terminator is returned !! */
#  139|   		if (cp != NULL && *cp != '\0') {

Error: COMPILER_WARNING (CWE-704): [#def601]
openssh-10.2p1/ssh-pkcs11-uri.c:137:20: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  135|   		return NULL;
#  136|   	for (i = 0; i < length; i++) {
#  137|-> 		cp = strchr(allow_list, data[i]);
#  138|   		/* if c is specified as '\0' pointer to terminator is returned !! */
#  139|   		if (cp != NULL && *cp != '\0') {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def602]
openssh-10.2p1/ssh-pkcs11.c:201:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.2p1/ssh-pkcs11.c:2025:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2040:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2042:35: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2042:35: acquire_memory: allocated here
openssh-10.2p1/ssh-pkcs11.c:2053:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2057:18: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2057:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
#  199|   
#  200|   	TAILQ_FOREACH(p, &pkcs11_providers, next) {
#  201|-> 		debug("check %p %s (%s)", p, p->name, p->module->module_path);
#  202|   		if (!strcmp(module_path, p->module->module_path))
#  203|   			return (p->module);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def603]
openssh-10.2p1/ssh-pkcs11.c:202:22: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘module_path’ where non-null expected
openssh-10.2p1/ssh-pkcs11.c:2025:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2040:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2042:35: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2042:35: acquire_memory: this call could return NULL
openssh-10.2p1/ssh-pkcs11.c:2053:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2057:18: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2057:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
#  200|   	TAILQ_FOREACH(p, &pkcs11_providers, next) {
#  201|   		debug("check %p %s (%s)", p, p->name, p->module->module_path);
#  202|-> 		if (!strcmp(module_path, p->module->module_path))
#  203|   			return (p->module);
#  204|   	}

Error: COMPILER_WARNING (CWE-704): [#def604]
openssh-10.2p1/ssh-pkcs11.c: scope_hint: In function ‘pkcs11_uri_write’
openssh-10.2p1/ssh-pkcs11.c:582:52: warning[-Wdiscarded-qualifiers]: passing argument 1 of ‘pkcs11_lookup_key’ discards ‘const’ qualifier from pointer target type
#  582 |         struct pkcs11_key *k11 = pkcs11_lookup_key(key);
#      |                                                    ^~~
openssh-10.2p1/ssh-pkcs11.c:553:34: note: expected ‘struct sshkey *’ but argument is of type ‘const struct sshkey *’
#  553 | pkcs11_lookup_key(struct sshkey *key)
#      |                   ~~~~~~~~~~~~~~~^~~
#  580|   	char *p = NULL;
#  581|   	struct pkcs11_uri uri;
#  582|-> 	struct pkcs11_key *k11 = pkcs11_lookup_key(key);
#  583|   
#  584|   	if (k11 == NULL) {

Error: COMPILER_WARNING (CWE-704): [#def605]
openssh-10.2p1/ssh-pkcs11.c:582:52: warning[-Wdiscarded-qualifiers]: passing argument 1 of ‘pkcs11_lookup_key’ discards ‘const’ qualifier from pointer target type
#  580|   	char *p = NULL;
#  581|   	struct pkcs11_uri uri;
#  582|-> 	struct pkcs11_key *k11 = pkcs11_lookup_key(key);
#  583|   
#  584|   	if (k11 == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def606]
openssh-10.2p1/ssh-pkcs11.c:2050:13: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.2p1/ssh-pkcs11.c:2040:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2042:35: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2042:35: acquire_memory: allocated here
openssh-10.2p1/ssh-pkcs11.c:2050:13: throw: if ‘xcalloc’ throws an exception...
openssh-10.2p1/ssh-pkcs11.c:2050:13: danger: ‘provider_module’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
# 2048|   		provider_module = strdup(uri->module_path);
# 2049|   	}
# 2050|-> 	p = xcalloc(1, sizeof(*p));
# 2051|   	p->name = pkcs11_uri_get(uri);
# 2052|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def607]
openssh-10.2p1/ssh-pkcs11.c:2051:19: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.2p1/ssh-pkcs11.c:2040:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2042:35: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2042:35: acquire_memory: allocated here
openssh-10.2p1/ssh-pkcs11.c:2051:19: throw: if ‘pkcs11_uri_get’ throws an exception...
openssh-10.2p1/ssh-pkcs11.c:2051:19: danger: ‘provider_module’ leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
# 2049|   	}
# 2050|   	p = xcalloc(1, sizeof(*p));
# 2051|-> 	p->name = pkcs11_uri_get(uri);
# 2052|   
# 2053|   	if (lib_contains_symbol(provider_module, "C_GetFunctionList") != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def608]
openssh-10.2p1/ssh-pkcs11.c:2053:13: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.2p1/ssh-pkcs11.c:2040:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2042:35: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2042:35: acquire_memory: allocated here
openssh-10.2p1/ssh-pkcs11.c:2053:13: throw: if ‘lib_contains_symbol’ throws an exception...
openssh-10.2p1/ssh-pkcs11.c:2053:13: danger: ‘provider_module’ leaks here; was allocated at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
# 2051|   	p->name = pkcs11_uri_get(uri);
# 2052|   
# 2053|-> 	if (lib_contains_symbol(provider_module, "C_GetFunctionList") != 0) {
# 2054|   		error("provider %s is not a PKCS11 library", provider_module);
# 2055|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def609]
openssh-10.2p1/ssh-pkcs11.c:2054:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.2p1/ssh-pkcs11.c:2040:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2042:35: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2042:35: acquire_memory: allocated here
openssh-10.2p1/ssh-pkcs11.c:2053:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2054:17: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2054:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-pkcs11.c:2054:17: danger: ‘provider_module’ leaks here; was allocated at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
# 2052|   
# 2053|   	if (lib_contains_symbol(provider_module, "C_GetFunctionList") != 0) {
# 2054|-> 		error("provider %s is not a PKCS11 library", provider_module);
# 2055|   		goto fail;
# 2056|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def610]
openssh-10.2p1/ssh-pkcs11.c:2059:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.2p1/ssh-pkcs11.c:2025:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2040:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2042:35: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2042:35: acquire_memory: allocated here
openssh-10.2p1/ssh-pkcs11.c:2053:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2057:18: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2057:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2057:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.2p1/ssh-pkcs11.c:2057:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2058:15: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2057:13: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2059:17: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2059:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-pkcs11.c:2059:17: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/3)
# 2057|   	if ((m = pkcs11_provider_lookup_module(provider_module)) != NULL
# 2058|   	   && m->valid) {
# 2059|-> 		debug_f("provider module already initialized: %s", provider_module);
# 2060|   		free(provider_module);
# 2061|   		/* Skip the initialization of PKCS#11 module */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def611]
openssh-10.2p1/ssh-pkcs11.c:2070:21: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.2p1/ssh-pkcs11.c:2025:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2040:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2042:35: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2042:35: acquire_memory: allocated here
openssh-10.2p1/ssh-pkcs11.c:2053:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2057:18: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2057:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2057:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.2p1/ssh-pkcs11.c:2057:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2070:21: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2070:21: throw: if ‘xcalloc’ throws an exception...
openssh-10.2p1/ssh-pkcs11.c:2070:21: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/3)
# 2068|   		return 0;
# 2069|   	} else {
# 2070|-> 		m = xcalloc(1, sizeof(*m));
# 2071|   		p->module = m;
# 2072|   		m->refcount++;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def612]
openssh-10.2p1/ssh-pkcs11.c:2077:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.2p1/ssh-pkcs11.c:2025:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2040:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2042:35: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2042:35: acquire_memory: allocated here
openssh-10.2p1/ssh-pkcs11.c:2053:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2057:18: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2057:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2057:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.2p1/ssh-pkcs11.c:2057:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2070:21: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2076:12: branch_true: following ‘true’ branch (when ‘handle’ is NULL)...
openssh-10.2p1/ssh-pkcs11.c:2077:17: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2077:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-pkcs11.c:2077:17: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/3)
# 2075|   	/* open shared pkcs11-library */
# 2076|   	if ((handle = dlopen(provider_module, RTLD_NOW)) == NULL) {
# 2077|-> 		error("dlopen %s failed: %s", provider_module, dlerror());
# 2078|   		goto fail;
# 2079|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def613]
openssh-10.2p1/ssh-pkcs11.c:2081:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.2p1/ssh-pkcs11.c:2025:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2040:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2042:35: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2042:35: acquire_memory: allocated here
openssh-10.2p1/ssh-pkcs11.c:2053:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2057:18: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2057:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2057:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.2p1/ssh-pkcs11.c:2057:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2070:21: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2076:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.2p1/ssh-pkcs11.c:2080:32: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2080:12: branch_true: following ‘true’ branch (when ‘getfunctionlist’ is NULL)...
openssh-10.2p1/ssh-pkcs11.c:2081:17: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2081:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-pkcs11.c:2081:17: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/3)
# 2079|   	}
# 2080|   	if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL)
# 2081|-> 		fatal("dlsym(C_GetFunctionList) failed: %s", dlerror());
# 2082|   	p->module->handle = handle;
# 2083|   	/* setup the pkcs11 callbacks */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def614]
openssh-10.2p1/ssh-pkcs11.c:2084:19: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.2p1/ssh-pkcs11.c:2025:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2040:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2042:35: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2042:35: acquire_memory: allocated here
openssh-10.2p1/ssh-pkcs11.c:2053:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2057:18: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2057:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2057:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.2p1/ssh-pkcs11.c:2057:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2070:21: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2076:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.2p1/ssh-pkcs11.c:2080:32: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2080:12: branch_false: following ‘false’ branch (when ‘getfunctionlist’ is non-NULL)...
openssh-10.2p1/ssh-pkcs11.c:2082:9: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2084:19: throw: if the called function throws an exception...
openssh-10.2p1/ssh-pkcs11.c:2084:19: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/3)
# 2082|   	p->module->handle = handle;
# 2083|   	/* setup the pkcs11 callbacks */
# 2084|-> 	if ((rv = (*getfunctionlist)(&f)) != CKR_OK) {
# 2085|   		error("C_GetFunctionList for provider %s failed: %lu",
# 2086|   		    provider_module, rv);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def615]
openssh-10.2p1/ssh-pkcs11.c:2085:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.2p1/ssh-pkcs11.c:2025:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2040:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2042:35: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2042:35: acquire_memory: allocated here
openssh-10.2p1/ssh-pkcs11.c:2053:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2057:18: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2057:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2057:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.2p1/ssh-pkcs11.c:2057:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2070:21: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2076:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.2p1/ssh-pkcs11.c:2080:32: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2080:12: branch_false: following ‘false’ branch (when ‘getfunctionlist’ is non-NULL)...
openssh-10.2p1/ssh-pkcs11.c:2082:9: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2084:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2085:17: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2085:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-pkcs11.c:2085:17: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/3)
# 2083|   	/* setup the pkcs11 callbacks */
# 2084|   	if ((rv = (*getfunctionlist)(&f)) != CKR_OK) {
# 2085|-> 		error("C_GetFunctionList for provider %s failed: %lu",
# 2086|   		    provider_module, rv);
# 2087|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def616]
openssh-10.2p1/ssh-pkcs11.c:2090:19: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.2p1/ssh-pkcs11.c:2025:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2040:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2042:35: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2042:35: acquire_memory: allocated here
openssh-10.2p1/ssh-pkcs11.c:2053:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2057:18: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2057:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2057:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.2p1/ssh-pkcs11.c:2057:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2070:21: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2076:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.2p1/ssh-pkcs11.c:2080:32: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2080:12: branch_false: following ‘false’ branch (when ‘getfunctionlist’ is non-NULL)...
openssh-10.2p1/ssh-pkcs11.c:2082:9: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2084:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2089:9: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2090:19: throw: if the called function throws an exception...
openssh-10.2p1/ssh-pkcs11.c:2090:19: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/3)
# 2088|   	}
# 2089|   	m->function_list = f;
# 2090|-> 	if ((rv = f->C_Initialize(NULL)) != CKR_OK) {
# 2091|   		error("C_Initialize for provider %s failed: %lu",
# 2092|   		    provider_module, rv);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def617]
openssh-10.2p1/ssh-pkcs11.c:2091:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.2p1/ssh-pkcs11.c:2025:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2040:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2042:35: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2042:35: acquire_memory: allocated here
openssh-10.2p1/ssh-pkcs11.c:2053:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2057:18: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2057:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2057:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.2p1/ssh-pkcs11.c:2057:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2070:21: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2076:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.2p1/ssh-pkcs11.c:2080:32: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2080:12: branch_false: following ‘false’ branch (when ‘getfunctionlist’ is non-NULL)...
openssh-10.2p1/ssh-pkcs11.c:2082:9: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2084:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2089:9: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2090:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2091:17: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2091:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-pkcs11.c:2091:17: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/3)
# 2089|   	m->function_list = f;
# 2090|   	if ((rv = f->C_Initialize(NULL)) != CKR_OK) {
# 2091|-> 		error("C_Initialize for provider %s failed: %lu",
# 2092|   		    provider_module, rv);
# 2093|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def618]
openssh-10.2p1/ssh-pkcs11.c:2096:19: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.2p1/ssh-pkcs11.c:2025:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2040:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2042:35: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2042:35: acquire_memory: allocated here
openssh-10.2p1/ssh-pkcs11.c:2053:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2057:18: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2057:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2057:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.2p1/ssh-pkcs11.c:2057:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2070:21: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2076:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.2p1/ssh-pkcs11.c:2080:32: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2080:12: branch_false: following ‘false’ branch (when ‘getfunctionlist’ is non-NULL)...
openssh-10.2p1/ssh-pkcs11.c:2082:9: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2084:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2089:9: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2090:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2096:20: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2096:19: throw: if the called function throws an exception...
openssh-10.2p1/ssh-pkcs11.c:2096:19: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/3)
# 2094|   	}
# 2095|   	need_finalize = 1;
# 2096|-> 	if ((rv = f->C_GetInfo(&m->info)) != CKR_OK) {
# 2097|   		error("C_GetInfo for provider %s failed: %lu",
# 2098|   		    provider_module, rv);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def619]
openssh-10.2p1/ssh-pkcs11.c:2097:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.2p1/ssh-pkcs11.c:2025:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2040:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2042:35: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2042:35: acquire_memory: allocated here
openssh-10.2p1/ssh-pkcs11.c:2053:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2057:18: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2057:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2057:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.2p1/ssh-pkcs11.c:2057:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2070:21: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2076:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.2p1/ssh-pkcs11.c:2080:32: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2080:12: branch_false: following ‘false’ branch (when ‘getfunctionlist’ is non-NULL)...
openssh-10.2p1/ssh-pkcs11.c:2082:9: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2084:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2089:9: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2090:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2096:20: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2096:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2097:17: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2097:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-pkcs11.c:2097:17: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/3)
# 2095|   	need_finalize = 1;
# 2096|   	if ((rv = f->C_GetInfo(&m->info)) != CKR_OK) {
# 2097|-> 		error("C_GetInfo for provider %s failed: %lu",
# 2098|   		    provider_module, rv);
# 2099|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def620]
openssh-10.2p1/ssh-pkcs11.c:2104:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.2p1/ssh-pkcs11.c:2025:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2040:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2042:35: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2042:35: acquire_memory: allocated here
openssh-10.2p1/ssh-pkcs11.c:2053:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2057:18: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2057:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2057:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.2p1/ssh-pkcs11.c:2057:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2070:21: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2076:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.2p1/ssh-pkcs11.c:2080:32: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2080:12: branch_false: following ‘false’ branch (when ‘getfunctionlist’ is non-NULL)...
openssh-10.2p1/ssh-pkcs11.c:2082:9: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2084:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2089:9: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2090:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2096:20: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2096:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2101:17: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2101:9: call_function: inlined call to ‘rmspace’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2101:9: call_function: inlined call to ‘rmspace’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2102:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2103:13: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2102:13: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2104:17: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2104:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-pkcs11.c:2104:17: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/3)
# 2102|   	if (uri->lib_manuf != NULL &&
# 2103|   	    strncmp(uri->lib_manuf, m->info.manufacturerID, 32)) {
# 2104|-> 		debug_f("Skipping provider %s not matching library_manufacturer",
# 2105|   		    m->info.manufacturerID);
# 2106|    		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def621]
openssh-10.2p1/ssh-pkcs11.c:2109:9: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.2p1/ssh-pkcs11.c:2025:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2040:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2042:35: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2042:35: acquire_memory: allocated here
openssh-10.2p1/ssh-pkcs11.c:2053:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2057:18: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2057:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2057:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.2p1/ssh-pkcs11.c:2057:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2070:21: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2076:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.2p1/ssh-pkcs11.c:2080:32: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2080:12: branch_false: following ‘false’ branch (when ‘getfunctionlist’ is non-NULL)...
openssh-10.2p1/ssh-pkcs11.c:2082:9: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2084:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2089:9: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2090:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2096:20: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2096:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2101:17: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2101:9: call_function: inlined call to ‘rmspace’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2101:9: call_function: inlined call to ‘rmspace’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2108:9: call_function: inlined call to ‘rmspace’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2108:9: call_function: inlined call to ‘rmspace’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2109:9: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-pkcs11.c:2109:9: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/3)
# 2107|    	}
# 2108|   	rmspace(m->info.libraryDescription, sizeof(m->info.libraryDescription));
# 2109|-> 	debug("provider %s: manufacturerID <%.32s> cryptokiVersion %d.%d"
# 2110|   	    " libraryDescription <%.32s> libraryVersion %d.%d",
# 2111|   	    provider_module,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def622]
openssh-10.2p1/ssh-pkcs11.c:2166:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.2p1/ssh-pkcs11.c:2025:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2040:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2042:35: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2042:35: acquire_memory: allocated here
openssh-10.2p1/ssh-pkcs11.c:2053:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2057:18: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2057:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2057:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.2p1/ssh-pkcs11.c:2057:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2070:21: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2076:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.2p1/ssh-pkcs11.c:2080:32: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2080:12: branch_false: following ‘false’ branch (when ‘getfunctionlist’ is non-NULL)...
openssh-10.2p1/ssh-pkcs11.c:2082:9: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2084:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2089:9: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2090:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2096:20: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2096:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-pkcs11.c:2101:17: branch_false: ...to here
openssh-10.2p1/ssh-pkcs11.c:2101:9: call_function: inlined call to ‘rmspace’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2101:9: call_function: inlined call to ‘rmspace’ from ‘pkcs11_initialize_provider’
openssh-10.2p1/ssh-pkcs11.c:2102:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2103:13: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2102:13: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2104:17: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2165:13: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-pkcs11.c:2166:17: branch_true: ...to here
openssh-10.2p1/ssh-pkcs11.c:2166:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-pkcs11.c:2166:17: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/3)
# 2164|   fail:
# 2165|   	if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK)
# 2166|-> 		error("C_Finalize for provider %s failed: %lu",
# 2167|   		    provider_module, rv);
# 2168|   	free(provider_module);

Error: COMPILER_WARNING (CWE-1164): [#def623]
openssh-10.2p1/ssh-pkcs11.c: scope_hint: At top level
openssh-10.2p1/ssh-pkcs11.c:2332:1: warning[-Wunused-function]: ‘pkcs11_register_provider’ defined but not used
# 2332 | pkcs11_register_provider(char *provider_id, char *pin, struct sshkey ***keyp,
#      | ^~~~~~~~~~~~~~~~~~~~~~~~
# 2330|   
# 2331|   static int
# 2332|-> pkcs11_register_provider(char *provider_id, char *pin, struct sshkey ***keyp,
# 2333|       char ***labelsp, struct pkcs11_provider **providerp, CK_ULONG user)
# 2334|   {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def624]
openssh-10.2p1/ssh-sk-client.c:87:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pair[1], 0)’
openssh-10.2p1/ssh-sk-client.c:61:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-client.c:72:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-client.c:72:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-client.c:76:20: branch_false: ...to here
openssh-10.2p1/ssh-sk-client.c:77:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/ssh-sk-client.c:86:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-client.c:86:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/ssh-sk-client.c:87:22: branch_true: ...to here
openssh-10.2p1/ssh-sk-client.c:87:22: acquire_resource: opened here
openssh-10.2p1/ssh-sk-client.c:87:20: danger: ‘dup2(pair[1], 0)’ leaks here; was opened at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#   85|   	}
#   86|   	if (pid == 0) {
#   87|-> 		if ((dup2(pair[1], STDIN_FILENO) == -1) ||
#   88|   		    (dup2(pair[1], STDOUT_FILENO) == -1)) {
#   89|   			error_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def625]
openssh-10.2p1/ssh-sk-client.c:87:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pair[1], 1)’
openssh-10.2p1/ssh-sk-client.c:61:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-client.c:72:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-client.c:72:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-client.c:76:20: branch_false: ...to here
openssh-10.2p1/ssh-sk-client.c:77:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/ssh-sk-client.c:86:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-client.c:86:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/ssh-sk-client.c:87:22: branch_true: ...to here
openssh-10.2p1/ssh-sk-client.c:87:20: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-client.c:88:22: branch_false: ...to here
openssh-10.2p1/ssh-sk-client.c:88:22: acquire_resource: opened here
openssh-10.2p1/ssh-sk-client.c:87:21: danger: ‘dup2(pair[1], 1)’ leaks here; was opened at [(11)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/10)
#   85|   	}
#   86|   	if (pid == 0) {
#   87|-> 		if ((dup2(pair[1], STDIN_FILENO) == -1) ||
#   88|   		    (dup2(pair[1], STDOUT_FILENO) == -1)) {
#   89|   			error_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-404): [#def626]
openssh-10.2p1/ssh-sk-helper.c:64:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/ssh-sk-helper.c:63:9: acquire_resource: ‘va_start’ called here
openssh-10.2p1/ssh-sk-helper.c:64:9: throw: if ‘xvasprintf’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:64:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   62|   
#   63|   	va_start(ap, fmt);
#   64|-> 	xvasprintf(&msg, fmt, ap);
#   65|   	va_end(ap);
#   66|   	debug("%s: %s", __progname, msg);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def627]
openssh-10.2p1/ssh-sk-helper.c:119:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:354:24: call_function: calling ‘process_sign’ from ‘main’
#  117|   	char *provider = NULL, *pin = NULL;
#  118|   
#  119|-> 	if ((r = sshbuf_froms(req, &kbuf)) != 0 ||
#  120|   	    (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  121|   	    (r = sshbuf_get_string_direct(req, &message, &msglen)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def628]
openssh-10.2p1/ssh-sk-helper.c:120:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:354:24: call_function: calling ‘process_sign’ from ‘main’
#  118|   
#  119|   	if ((r = sshbuf_froms(req, &kbuf)) != 0 ||
#  120|-> 	    (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  121|   	    (r = sshbuf_get_string_direct(req, &message, &msglen)) != 0 ||
#  122|   	    (r = sshbuf_get_cstring(req, NULL, NULL)) != 0 || /* alg */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def629]
openssh-10.2p1/ssh-sk-helper.c:121:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:354:24: call_function: calling ‘process_sign’ from ‘main’
#  119|   	if ((r = sshbuf_froms(req, &kbuf)) != 0 ||
#  120|   	    (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  121|-> 	    (r = sshbuf_get_string_direct(req, &message, &msglen)) != 0 ||
#  122|   	    (r = sshbuf_get_cstring(req, NULL, NULL)) != 0 || /* alg */
#  123|   	    (r = sshbuf_get_u32(req, &compat)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def630]
openssh-10.2p1/ssh-sk-helper.c:122:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:354:24: call_function: calling ‘process_sign’ from ‘main’
#  120|   	    (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  121|   	    (r = sshbuf_get_string_direct(req, &message, &msglen)) != 0 ||
#  122|-> 	    (r = sshbuf_get_cstring(req, NULL, NULL)) != 0 || /* alg */
#  123|   	    (r = sshbuf_get_u32(req, &compat)) != 0 ||
#  124|   	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def631]
openssh-10.2p1/ssh-sk-helper.c:123:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:354:24: call_function: calling ‘process_sign’ from ‘main’
#  121|   	    (r = sshbuf_get_string_direct(req, &message, &msglen)) != 0 ||
#  122|   	    (r = sshbuf_get_cstring(req, NULL, NULL)) != 0 || /* alg */
#  123|-> 	    (r = sshbuf_get_u32(req, &compat)) != 0 ||
#  124|   	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0)
#  125|   		fatal_r(r, "%s: parse", __progname);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def632]
openssh-10.2p1/ssh-sk-helper.c:124:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:354:24: call_function: calling ‘process_sign’ from ‘main’
#  122|   	    (r = sshbuf_get_cstring(req, NULL, NULL)) != 0 || /* alg */
#  123|   	    (r = sshbuf_get_u32(req, &compat)) != 0 ||
#  124|-> 	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0)
#  125|   		fatal_r(r, "%s: parse", __progname);
#  126|   	if (sshbuf_len(req) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def633]
openssh-10.2p1/ssh-sk-helper.c:125:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:354:24: call_function: calling ‘process_sign’ from ‘main’
#  123|   	    (r = sshbuf_get_u32(req, &compat)) != 0 ||
#  124|   	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0)
#  125|-> 		fatal_r(r, "%s: parse", __progname);
#  126|   	if (sshbuf_len(req) != 0)
#  127|   		fatal("%s: trailing data in request", __progname);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def634]
openssh-10.2p1/ssh-sk-helper.c:175:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:357:24: call_function: calling ‘process_enroll’ from ‘main’
#  173|   	struct sshkey *key;
#  174|   
#  175|-> 	if ((attest = sshbuf_new()) == NULL ||
#  176|   	    (kbuf = sshbuf_new()) == NULL)
#  177|   		fatal("%s: sshbuf_new failed", __progname);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def635]
openssh-10.2p1/ssh-sk-helper.c:176:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:357:24: call_function: calling ‘process_enroll’ from ‘main’
#  174|   
#  175|   	if ((attest = sshbuf_new()) == NULL ||
#  176|-> 	    (kbuf = sshbuf_new()) == NULL)
#  177|   		fatal("%s: sshbuf_new failed", __progname);
#  178|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def636]
openssh-10.2p1/ssh-sk-helper.c:177:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:357:24: call_function: calling ‘process_enroll’ from ‘main’
#  175|   	if ((attest = sshbuf_new()) == NULL ||
#  176|   	    (kbuf = sshbuf_new()) == NULL)
#  177|-> 		fatal("%s: sshbuf_new failed", __progname);
#  178|   
#  179|   	if ((r = sshbuf_get_u32(req, &type)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def637]
openssh-10.2p1/ssh-sk-helper.c:179:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:357:24: call_function: calling ‘process_enroll’ from ‘main’
#  177|   		fatal("%s: sshbuf_new failed", __progname);
#  178|   
#  179|-> 	if ((r = sshbuf_get_u32(req, &type)) != 0 ||
#  180|   	    (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  181|   	    (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def638]
openssh-10.2p1/ssh-sk-helper.c:180:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:357:24: call_function: calling ‘process_enroll’ from ‘main’
#  178|   
#  179|   	if ((r = sshbuf_get_u32(req, &type)) != 0 ||
#  180|-> 	    (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  181|   	    (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
#  182|   	    (r = sshbuf_get_cstring(req, &application, NULL)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def639]
openssh-10.2p1/ssh-sk-helper.c:181:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:357:24: call_function: calling ‘process_enroll’ from ‘main’
#  179|   	if ((r = sshbuf_get_u32(req, &type)) != 0 ||
#  180|   	    (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  181|-> 	    (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
#  182|   	    (r = sshbuf_get_cstring(req, &application, NULL)) != 0 ||
#  183|   	    (r = sshbuf_get_cstring(req, &userid, NULL)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def640]
openssh-10.2p1/ssh-sk-helper.c:182:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:357:24: call_function: calling ‘process_enroll’ from ‘main’
#  180|   	    (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  181|   	    (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
#  182|-> 	    (r = sshbuf_get_cstring(req, &application, NULL)) != 0 ||
#  183|   	    (r = sshbuf_get_cstring(req, &userid, NULL)) != 0 ||
#  184|   	    (r = sshbuf_get_u8(req, &flags)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def641]
openssh-10.2p1/ssh-sk-helper.c:183:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:357:24: call_function: calling ‘process_enroll’ from ‘main’
#  181|   	    (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
#  182|   	    (r = sshbuf_get_cstring(req, &application, NULL)) != 0 ||
#  183|-> 	    (r = sshbuf_get_cstring(req, &userid, NULL)) != 0 ||
#  184|   	    (r = sshbuf_get_u8(req, &flags)) != 0 ||
#  185|   	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def642]
openssh-10.2p1/ssh-sk-helper.c:239:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:360:24: call_function: calling ‘process_load_resident’ from ‘main’
#  237|   	u_int flags;
#  238|   
#  239|-> 	if ((kbuf = sshbuf_new()) == NULL)
#  240|   		fatal("%s: sshbuf_new failed", __progname);
#  241|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def643]
openssh-10.2p1/ssh-sk-helper.c:240:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:360:24: call_function: calling ‘process_load_resident’ from ‘main’
#  238|   
#  239|   	if ((kbuf = sshbuf_new()) == NULL)
#  240|-> 		fatal("%s: sshbuf_new failed", __progname);
#  241|   
#  242|   	if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def644]
openssh-10.2p1/ssh-sk-helper.c:242:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:360:24: call_function: calling ‘process_load_resident’ from ‘main’
#  240|   		fatal("%s: sshbuf_new failed", __progname);
#  241|   
#  242|-> 	if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  243|   	    (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
#  244|   	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def645]
openssh-10.2p1/ssh-sk-helper.c:243:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:360:24: call_function: calling ‘process_load_resident’ from ‘main’
#  241|   
#  242|   	if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  243|-> 	    (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
#  244|   	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0 ||
#  245|   	    (r = sshbuf_get_u32(req, &flags)) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def646]
openssh-10.2p1/ssh-sk-helper.c:244:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:360:24: call_function: calling ‘process_load_resident’ from ‘main’
#  242|   	if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  243|   	    (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
#  244|-> 	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0 ||
#  245|   	    (r = sshbuf_get_u32(req, &flags)) != 0)
#  246|   		fatal_r(r, "%s: parse", __progname);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def647]
openssh-10.2p1/ssh-sk-helper.c:245:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:360:24: call_function: calling ‘process_load_resident’ from ‘main’
#  243|   	    (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
#  244|   	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0 ||
#  245|-> 	    (r = sshbuf_get_u32(req, &flags)) != 0)
#  246|   		fatal_r(r, "%s: parse", __progname);
#  247|   	if (sshbuf_len(req) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def648]
openssh-10.2p1/ssh-sk-helper.c:246:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:291:1: enter_function: entry to ‘main’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:360:24: call_function: calling ‘process_load_resident’ from ‘main’
#  244|   	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0 ||
#  245|   	    (r = sshbuf_get_u32(req, &flags)) != 0)
#  246|-> 		fatal_r(r, "%s: parse", __progname);
#  247|   	if (sshbuf_len(req) != 0)
#  248|   		fatal("%s: trailing data in request", __progname);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def649]
openssh-10.2p1/ssh-sk-helper.c:325:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.2p1/ssh-sk-helper.c:324:19: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_true: following ‘true’ branch (when ‘out == -1’)...
openssh-10.2p1/ssh-sk-helper.c:325:17: branch_true: ...to here
openssh-10.2p1/ssh-sk-helper.c:325:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:325:17: danger: ‘in’ leaks here; was opened at [(1)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/0)
#  323|   	closefrom(STDERR_FILENO + 1);
#  324|   	if ((in = dup(STDIN_FILENO)) == -1 || (out = dup(STDOUT_FILENO)) == -1)
#  325|-> 		fatal("%s: dup: %s", __progname, strerror(errno));
#  326|   	close(STDIN_FILENO);
#  327|   	close(STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def650]
openssh-10.2p1/ssh-sk-helper.c:326:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.2p1/ssh-sk-helper.c:324:19: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:326:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:326:9: danger: ‘in’ leaks here; was opened at [(1)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/0)
#  324|   	if ((in = dup(STDIN_FILENO)) == -1 || (out = dup(STDOUT_FILENO)) == -1)
#  325|   		fatal("%s: dup: %s", __progname, strerror(errno));
#  326|-> 	close(STDIN_FILENO);
#  327|   	close(STDOUT_FILENO);
#  328|   	sanitise_stdfd(); /* resets to /dev/null */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def651]
openssh-10.2p1/ssh-sk-helper.c:326:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:326:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:326:9: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/2)
#  324|   	if ((in = dup(STDIN_FILENO)) == -1 || (out = dup(STDOUT_FILENO)) == -1)
#  325|   		fatal("%s: dup: %s", __progname, strerror(errno));
#  326|-> 	close(STDIN_FILENO);
#  327|   	close(STDOUT_FILENO);
#  328|   	sanitise_stdfd(); /* resets to /dev/null */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def652]
openssh-10.2p1/ssh-sk-helper.c:327:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.2p1/ssh-sk-helper.c:324:19: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:327:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:327:9: danger: ‘in’ leaks here; was opened at [(1)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/0)
#  325|   		fatal("%s: dup: %s", __progname, strerror(errno));
#  326|   	close(STDIN_FILENO);
#  327|-> 	close(STDOUT_FILENO);
#  328|   	sanitise_stdfd(); /* resets to /dev/null */
#  329|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def653]
openssh-10.2p1/ssh-sk-helper.c:327:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:327:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:327:9: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/2)
#  325|   		fatal("%s: dup: %s", __progname, strerror(errno));
#  326|   	close(STDIN_FILENO);
#  327|-> 	close(STDOUT_FILENO);
#  328|   	sanitise_stdfd(); /* resets to /dev/null */
#  329|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def654]
openssh-10.2p1/ssh-sk-helper.c:328:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.2p1/ssh-sk-helper.c:324:19: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:328:9: throw: if ‘sanitise_stdfd’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:328:9: danger: ‘in’ leaks here; was opened at [(1)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/0)
#  326|   	close(STDIN_FILENO);
#  327|   	close(STDOUT_FILENO);
#  328|-> 	sanitise_stdfd(); /* resets to /dev/null */
#  329|   
#  330|   	if ((req = sshbuf_new()) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def655]
openssh-10.2p1/ssh-sk-helper.c:328:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:328:9: throw: if ‘sanitise_stdfd’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:328:9: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/2)
#  326|   	close(STDIN_FILENO);
#  327|   	close(STDOUT_FILENO);
#  328|-> 	sanitise_stdfd(); /* resets to /dev/null */
#  329|   
#  330|   	if ((req = sshbuf_new()) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def656]
openssh-10.2p1/ssh-sk-helper.c:330:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.2p1/ssh-sk-helper.c:324:19: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:330:20: throw: if ‘sshbuf_new’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:330:20: danger: ‘in’ leaks here; was opened at [(1)](sarif:/runs/0/results/32/codeFlows/0/threadFlows/0/locations/0)
#  328|   	sanitise_stdfd(); /* resets to /dev/null */
#  329|   
#  330|-> 	if ((req = sshbuf_new()) == NULL)
#  331|   		fatal("%s: sshbuf_new failed", __progname);
#  332|   	if (ssh_msg_recv(in, req) < 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def657]
openssh-10.2p1/ssh-sk-helper.c:330:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:20: throw: if ‘sshbuf_new’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:330:20: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/33/codeFlows/0/threadFlows/0/locations/2)
#  328|   	sanitise_stdfd(); /* resets to /dev/null */
#  329|   
#  330|-> 	if ((req = sshbuf_new()) == NULL)
#  331|   		fatal("%s: sshbuf_new failed", __progname);
#  332|   	if (ssh_msg_recv(in, req) < 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def658]
openssh-10.2p1/ssh-sk-helper.c:331:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.2p1/ssh-sk-helper.c:324:19: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-sk-helper.c:331:17: branch_true: ...to here
openssh-10.2p1/ssh-sk-helper.c:331:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:331:17: danger: ‘in’ leaks here; was opened at [(1)](sarif:/runs/0/results/34/codeFlows/0/threadFlows/0/locations/0)
#  329|   
#  330|   	if ((req = sshbuf_new()) == NULL)
#  331|-> 		fatal("%s: sshbuf_new failed", __progname);
#  332|   	if (ssh_msg_recv(in, req) < 0)
#  333|   		fatal("ssh_msg_recv failed");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def659]
openssh-10.2p1/ssh-sk-helper.c:331:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-sk-helper.c:331:17: branch_true: ...to here
openssh-10.2p1/ssh-sk-helper.c:331:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:331:17: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/35/codeFlows/0/threadFlows/0/locations/2)
#  329|   
#  330|   	if ((req = sshbuf_new()) == NULL)
#  331|-> 		fatal("%s: sshbuf_new failed", __progname);
#  332|   	if (ssh_msg_recv(in, req) < 0)
#  333|   		fatal("ssh_msg_recv failed");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def660]
openssh-10.2p1/ssh-sk-helper.c:332:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.2p1/ssh-sk-helper.c:324:19: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:13: throw: if ‘ssh_msg_recv’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:332:13: danger: ‘in’ leaks here; was opened at [(1)](sarif:/runs/0/results/36/codeFlows/0/threadFlows/0/locations/0)
#  330|   	if ((req = sshbuf_new()) == NULL)
#  331|   		fatal("%s: sshbuf_new failed", __progname);
#  332|-> 	if (ssh_msg_recv(in, req) < 0)
#  333|   		fatal("ssh_msg_recv failed");
#  334|   	close(in);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def661]
openssh-10.2p1/ssh-sk-helper.c:332:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:13: throw: if ‘ssh_msg_recv’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:332:13: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/37/codeFlows/0/threadFlows/0/locations/2)
#  330|   	if ((req = sshbuf_new()) == NULL)
#  331|   		fatal("%s: sshbuf_new failed", __progname);
#  332|-> 	if (ssh_msg_recv(in, req) < 0)
#  333|   		fatal("ssh_msg_recv failed");
#  334|   	close(in);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def662]
openssh-10.2p1/ssh-sk-helper.c:333:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-sk-helper.c:333:17: branch_true: ...to here
openssh-10.2p1/ssh-sk-helper.c:333:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:333:17: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/38/codeFlows/0/threadFlows/0/locations/2)
#  331|   		fatal("%s: sshbuf_new failed", __progname);
#  332|   	if (ssh_msg_recv(in, req) < 0)
#  333|-> 		fatal("ssh_msg_recv failed");
#  334|   	close(in);
#  335|   	debug_f("received message len %zu", sshbuf_len(req));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def663]
openssh-10.2p1/ssh-sk-helper.c:334:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:334:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:334:9: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/39/codeFlows/0/threadFlows/0/locations/2)
#  332|   	if (ssh_msg_recv(in, req) < 0)
#  333|   		fatal("ssh_msg_recv failed");
#  334|-> 	close(in);
#  335|   	debug_f("received message len %zu", sshbuf_len(req));
#  336|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def664]
openssh-10.2p1/ssh-sk-helper.c:335:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:335:9: throw: if ‘sshbuf_len’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:335:9: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/40/codeFlows/0/threadFlows/0/locations/2)
#  333|   		fatal("ssh_msg_recv failed");
#  334|   	close(in);
#  335|-> 	debug_f("received message len %zu", sshbuf_len(req));
#  336|   
#  337|   	if ((r = sshbuf_get_u8(req, &version)) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def665]
openssh-10.2p1/ssh-sk-helper.c:337:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:18: throw: if ‘sshbuf_get_u8’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:337:18: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/42/codeFlows/0/threadFlows/0/locations/2)
#  335|   	debug_f("received message len %zu", sshbuf_len(req));
#  336|   
#  337|-> 	if ((r = sshbuf_get_u8(req, &version)) != 0)
#  338|   		fatal_r(r, "%s: parse version", __progname);
#  339|   	if (version != SSH_SK_HELPER_VERSION) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def666]
openssh-10.2p1/ssh-sk-helper.c:338:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-sk-helper.c:338:17: branch_true: ...to here
openssh-10.2p1/ssh-sk-helper.c:338:17: throw: if ‘ssh_err’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:338:17: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/43/codeFlows/0/threadFlows/0/locations/2)
#  336|   
#  337|   	if ((r = sshbuf_get_u8(req, &version)) != 0)
#  338|-> 		fatal_r(r, "%s: parse version", __progname);
#  339|   	if (version != SSH_SK_HELPER_VERSION) {
#  340|   		fatal("unsupported version: received %d, expected %d",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def667]
openssh-10.2p1/ssh-sk-helper.c:340:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-sk-helper.c:340:17: branch_true: ...to here
openssh-10.2p1/ssh-sk-helper.c:340:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:340:17: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/45/codeFlows/0/threadFlows/0/locations/2)
#  338|   		fatal_r(r, "%s: parse version", __progname);
#  339|   	if (version != SSH_SK_HELPER_VERSION) {
#  340|-> 		fatal("unsupported version: received %d, expected %d",
#  341|   		    version, SSH_SK_HELPER_VERSION);
#  342|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def668]
openssh-10.2p1/ssh-sk-helper.c:344:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:18: throw: if ‘sshbuf_get_u32’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:344:18: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/46/codeFlows/0/threadFlows/0/locations/2)
#  342|   	}
#  343|   
#  344|-> 	if ((r = sshbuf_get_u32(req, &rtype)) != 0 ||
#  345|   	    (r = sshbuf_get_u8(req, &log_stderr)) != 0 ||
#  346|   	    (r = sshbuf_get_u32(req, &ll)) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def669]
openssh-10.2p1/ssh-sk-helper.c:345:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:345:18: throw: if ‘sshbuf_get_u8’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:345:18: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/47/codeFlows/0/threadFlows/0/locations/2)
#  343|   
#  344|   	if ((r = sshbuf_get_u32(req, &rtype)) != 0 ||
#  345|-> 	    (r = sshbuf_get_u8(req, &log_stderr)) != 0 ||
#  346|   	    (r = sshbuf_get_u32(req, &ll)) != 0)
#  347|   		fatal_r(r, "%s: parse", __progname);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def670]
openssh-10.2p1/ssh-sk-helper.c:346:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:346:18: throw: if ‘sshbuf_get_u32’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:346:18: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/48/codeFlows/0/threadFlows/0/locations/2)
#  344|   	if ((r = sshbuf_get_u32(req, &rtype)) != 0 ||
#  345|   	    (r = sshbuf_get_u8(req, &log_stderr)) != 0 ||
#  346|-> 	    (r = sshbuf_get_u32(req, &ll)) != 0)
#  347|   		fatal_r(r, "%s: parse", __progname);
#  348|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def671]
openssh-10.2p1/ssh-sk-helper.c:347:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:347:17: throw: if ‘ssh_err’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:347:17: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/49/codeFlows/0/threadFlows/0/locations/2)
#  345|   	    (r = sshbuf_get_u8(req, &log_stderr)) != 0 ||
#  346|   	    (r = sshbuf_get_u32(req, &ll)) != 0)
#  347|-> 		fatal_r(r, "%s: parse", __progname);
#  348|   
#  349|   	if (!vflag && log_level_name((LogLevel)ll) != NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def672]
openssh-10.2p1/ssh-sk-helper.c:349:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_true: following ‘true’ branch (when ‘vflag == 0’)...
openssh-10.2p1/ssh-sk-helper.c:349:23: branch_true: ...to here
openssh-10.2p1/ssh-sk-helper.c:349:23: throw: if ‘log_level_name’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:349:23: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/51/codeFlows/0/threadFlows/0/locations/2)
#  347|   		fatal_r(r, "%s: parse", __progname);
#  348|   
#  349|-> 	if (!vflag && log_level_name((LogLevel)ll) != NULL)
#  350|   		log_init(__progname, (LogLevel)ll, log_facility, log_stderr);
#  351|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def673]
openssh-10.2p1/ssh-sk-helper.c:350:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-sk-helper.c:350:17: throw: if ‘log_init’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:350:17: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/52/codeFlows/0/threadFlows/0/locations/2)
#  348|   
#  349|   	if (!vflag && log_level_name((LogLevel)ll) != NULL)
#  350|-> 		log_init(__progname, (LogLevel)ll, log_facility, log_stderr);
#  351|   
#  352|   	switch (rtype) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def674]
openssh-10.2p1/ssh-sk-helper.c:363:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh-sk-helper.c:324:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh-sk-helper.c:324:54: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:324:54: acquire_resource: opened here
openssh-10.2p1/ssh-sk-helper.c:324:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh-sk-helper.c:326:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:330:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:332:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:332:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:334:9: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:337:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:339:13: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:339:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:344:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:345:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:346:18: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:344:13: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk-helper.c:349:12: branch_false: ...to here
openssh-10.2p1/ssh-sk-helper.c:363:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-sk-helper.c:363:17: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/53/codeFlows/0/threadFlows/0/locations/2)
#  361|   		break;
#  362|   	default:
#  363|-> 		fatal("%s: unsupported request type %u", __progname, rtype);
#  364|   	}
#  365|   	sshbuf_free(req);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def675]
openssh-10.2p1/ssh-sk.c:120:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/ssh-sk.c:115:20: acquire_memory: allocated here
openssh-10.2p1/ssh-sk.c:115:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/ssh-sk.c:119:26: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:119:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-sk.c:120:17: branch_true: ...to here
openssh-10.2p1/ssh-sk.c:120:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-sk.c:120:17: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  118|   	}
#  119|   	if ((ret->path = strdup(path)) == NULL) {
#  120|-> 		error_f("strdup failed");
#  121|   		goto fail;
#  122|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def676]
openssh-10.2p1/ssh-sk.c:135:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.2p1/ssh-sk.c:115:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/ssh-sk.c:119:26: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:119:26: acquire_memory: allocated here
openssh-10.2p1/ssh-sk.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:124:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:124:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:135:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:135:13: throw: if ‘lib_contains_symbol’ throws an exception...
openssh-10.2p1/ssh-sk.c:135:13: danger: ‘<unknown>’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  133|   #endif
#  134|   	}
#  135|-> 	if (lib_contains_symbol(path, "sk_api_version") != 0) {
#  136|   		error("provider %s is not an OpenSSH FIDO library", path);
#  137|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def677]
openssh-10.2p1/ssh-sk.c:135:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/ssh-sk.c:115:20: acquire_memory: allocated here
openssh-10.2p1/ssh-sk.c:115:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/ssh-sk.c:119:26: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:124:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:124:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:135:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:135:13: throw: if ‘lib_contains_symbol’ throws an exception...
openssh-10.2p1/ssh-sk.c:135:13: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  133|   #endif
#  134|   	}
#  135|-> 	if (lib_contains_symbol(path, "sk_api_version") != 0) {
#  136|   		error("provider %s is not an OpenSSH FIDO library", path);
#  137|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def678]
openssh-10.2p1/ssh-sk.c:136:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.2p1/ssh-sk.c:115:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/ssh-sk.c:119:26: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:119:26: acquire_memory: allocated here
openssh-10.2p1/ssh-sk.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:124:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:124:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:135:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:135:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-sk.c:136:17: branch_true: ...to here
openssh-10.2p1/ssh-sk.c:136:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-sk.c:136:17: danger: ‘<unknown>’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  134|   	}
#  135|   	if (lib_contains_symbol(path, "sk_api_version") != 0) {
#  136|-> 		error("provider %s is not an OpenSSH FIDO library", path);
#  137|   		goto fail;
#  138|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def679]
openssh-10.2p1/ssh-sk.c:136:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/ssh-sk.c:115:20: acquire_memory: allocated here
openssh-10.2p1/ssh-sk.c:115:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/ssh-sk.c:119:26: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:124:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:124:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:135:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:135:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-sk.c:136:17: branch_true: ...to here
openssh-10.2p1/ssh-sk.c:136:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-sk.c:136:17: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  134|   	}
#  135|   	if (lib_contains_symbol(path, "sk_api_version") != 0) {
#  136|-> 		error("provider %s is not an OpenSSH FIDO library", path);
#  137|   		goto fail;
#  138|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def680]
openssh-10.2p1/ssh-sk.c:140:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.2p1/ssh-sk.c:115:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/ssh-sk.c:119:26: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:119:26: acquire_memory: allocated here
openssh-10.2p1/ssh-sk.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:124:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:124:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:135:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:135:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:139:30: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:139:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-sk.c:140:17: branch_true: ...to here
openssh-10.2p1/ssh-sk.c:140:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-sk.c:140:17: danger: ‘<unknown>’ leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  138|   	}
#  139|   	if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL)
#  140|-> 		fatal("Provider \"%s\" dlopen failed: %s", path, dlerror());
#  141|   	if ((ret->sk_api_version = dlsym(ret->dlhandle,
#  142|   	    "sk_api_version")) == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def681]
openssh-10.2p1/ssh-sk.c:140:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/ssh-sk.c:115:20: acquire_memory: allocated here
openssh-10.2p1/ssh-sk.c:115:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/ssh-sk.c:119:26: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:124:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:124:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:135:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:135:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:139:30: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:139:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-sk.c:140:17: branch_true: ...to here
openssh-10.2p1/ssh-sk.c:140:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh-sk.c:140:17: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  138|   	}
#  139|   	if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL)
#  140|-> 		fatal("Provider \"%s\" dlopen failed: %s", path, dlerror());
#  141|   	if ((ret->sk_api_version = dlsym(ret->dlhandle,
#  142|   	    "sk_api_version")) == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def682]
openssh-10.2p1/ssh-sk.c:143:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.2p1/ssh-sk.c:115:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/ssh-sk.c:119:26: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:119:26: acquire_memory: allocated here
openssh-10.2p1/ssh-sk.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:124:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:124:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:135:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:135:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:139:30: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:139:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:141:36: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:141:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-sk.c:143:17: branch_true: ...to here
openssh-10.2p1/ssh-sk.c:143:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-sk.c:143:17: danger: ‘<unknown>’ leaks here; was allocated at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
#  141|   	if ((ret->sk_api_version = dlsym(ret->dlhandle,
#  142|   	    "sk_api_version")) == NULL) {
#  143|-> 		error("Provider \"%s\" dlsym(sk_api_version) failed: %s",
#  144|   		    path, dlerror());
#  145|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def683]
openssh-10.2p1/ssh-sk.c:143:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/ssh-sk.c:115:20: acquire_memory: allocated here
openssh-10.2p1/ssh-sk.c:115:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/ssh-sk.c:119:26: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:124:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:124:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:135:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:135:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:139:30: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:139:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:141:36: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:141:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-sk.c:143:17: branch_true: ...to here
openssh-10.2p1/ssh-sk.c:143:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-sk.c:143:17: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  141|   	if ((ret->sk_api_version = dlsym(ret->dlhandle,
#  142|   	    "sk_api_version")) == NULL) {
#  143|-> 		error("Provider \"%s\" dlsym(sk_api_version) failed: %s",
#  144|   		    path, dlerror());
#  145|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def684]
openssh-10.2p1/ssh-sk.c:147:19: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.2p1/ssh-sk.c:115:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/ssh-sk.c:119:26: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:119:26: acquire_memory: allocated here
openssh-10.2p1/ssh-sk.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:124:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:124:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:135:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:135:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:139:30: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:139:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:141:36: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:141:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:147:19: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:147:19: throw: if the called function throws an exception...
openssh-10.2p1/ssh-sk.c:147:19: danger: ‘<unknown>’ leaks here; was allocated at [(3)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/2)
#  145|   		goto fail;
#  146|   	}
#  147|-> 	version = ret->sk_api_version();
#  148|   	debug_f("provider %s implements version 0x%08lx", ret->path,
#  149|   	    (u_long)version);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def685]
openssh-10.2p1/ssh-sk.c:147:19: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/ssh-sk.c:115:20: acquire_memory: allocated here
openssh-10.2p1/ssh-sk.c:115:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/ssh-sk.c:119:26: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:124:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:124:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:135:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:135:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:139:30: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:139:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:141:36: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:141:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:147:19: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:147:19: throw: if the called function throws an exception...
openssh-10.2p1/ssh-sk.c:147:19: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#  145|   		goto fail;
#  146|   	}
#  147|-> 	version = ret->sk_api_version();
#  148|   	debug_f("provider %s implements version 0x%08lx", ret->path,
#  149|   	    (u_long)version);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def686]
openssh-10.2p1/ssh-sk.c:148:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.2p1/ssh-sk.c:115:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/ssh-sk.c:119:26: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:119:26: acquire_memory: allocated here
openssh-10.2p1/ssh-sk.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:124:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:124:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:135:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:135:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:139:30: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:139:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:141:36: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:141:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:147:19: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:148:9: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-sk.c:148:9: danger: ‘<unknown>’ leaks here; was allocated at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2)
#  146|   	}
#  147|   	version = ret->sk_api_version();
#  148|-> 	debug_f("provider %s implements version 0x%08lx", ret->path,
#  149|   	    (u_long)version);
#  150|   	if ((version & SSH_SK_VERSION_MAJOR_MASK) != SSH_SK_VERSION_MAJOR) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def687]
openssh-10.2p1/ssh-sk.c:148:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/ssh-sk.c:115:20: acquire_memory: allocated here
openssh-10.2p1/ssh-sk.c:115:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/ssh-sk.c:119:26: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:124:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:124:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:135:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:135:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:139:30: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:139:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:141:36: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:141:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:147:19: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:148:9: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-sk.c:148:9: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/0)
#  146|   	}
#  147|   	version = ret->sk_api_version();
#  148|-> 	debug_f("provider %s implements version 0x%08lx", ret->path,
#  149|   	    (u_long)version);
#  150|   	if ((version & SSH_SK_VERSION_MAJOR_MASK) != SSH_SK_VERSION_MAJOR) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def688]
openssh-10.2p1/ssh-sk.c:151:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/ssh-sk.c:115:20: acquire_memory: allocated here
openssh-10.2p1/ssh-sk.c:115:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/ssh-sk.c:119:26: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:124:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:124:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:135:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:135:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:139:30: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:139:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:141:36: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:141:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:147:19: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:150:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-sk.c:151:17: branch_true: ...to here
openssh-10.2p1/ssh-sk.c:151:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-sk.c:151:17: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/0)
#  149|   	    (u_long)version);
#  150|   	if ((version & SSH_SK_VERSION_MAJOR_MASK) != SSH_SK_VERSION_MAJOR) {
#  151|-> 		error("Provider \"%s\" implements unsupported "
#  152|   		    "version 0x%08lx (supported: 0x%08lx)",
#  153|   		    path, (u_long)version, (u_long)SSH_SK_VERSION_MAJOR);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def689]
openssh-10.2p1/ssh-sk.c:157:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/ssh-sk.c:115:20: acquire_memory: allocated here
openssh-10.2p1/ssh-sk.c:115:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/ssh-sk.c:119:26: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:124:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:124:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:135:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:135:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:139:30: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:139:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:141:36: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:141:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:147:19: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:150:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:156:37: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:156:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-sk.c:157:17: branch_true: ...to here
openssh-10.2p1/ssh-sk.c:157:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-sk.c:157:17: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/0)
#  155|   	}
#  156|   	if ((ret->sk_enroll = dlsym(ret->dlhandle, "sk_enroll")) == NULL) {
#  157|-> 		error("Provider %s dlsym(sk_enroll) failed: %s",
#  158|   		    path, dlerror());
#  159|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def690]
openssh-10.2p1/ssh-sk.c:162:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/ssh-sk.c:115:20: acquire_memory: allocated here
openssh-10.2p1/ssh-sk.c:115:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/ssh-sk.c:119:26: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:124:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:124:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:135:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:135:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:139:30: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:139:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:141:36: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:141:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:147:19: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:150:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:156:37: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:156:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:161:35: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:161:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-sk.c:162:17: branch_true: ...to here
openssh-10.2p1/ssh-sk.c:162:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-sk.c:162:17: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/0)
#  160|   	}
#  161|   	if ((ret->sk_sign = dlsym(ret->dlhandle, "sk_sign")) == NULL) {
#  162|-> 		error("Provider \"%s\" dlsym(sk_sign) failed: %s",
#  163|   		    path, dlerror());
#  164|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def691]
openssh-10.2p1/ssh-sk.c:168:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/ssh-sk.c:115:20: acquire_memory: allocated here
openssh-10.2p1/ssh-sk.c:115:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/ssh-sk.c:119:26: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:119:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:124:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:124:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:135:13: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:135:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:139:30: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:139:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:141:36: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:141:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:147:19: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:150:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:156:37: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:156:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:161:35: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:161:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh-sk.c:166:49: branch_false: ...to here
openssh-10.2p1/ssh-sk.c:166:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh-sk.c:168:17: branch_true: ...to here
openssh-10.2p1/ssh-sk.c:168:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh-sk.c:168:17: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/0)
#  166|   	if ((ret->sk_load_resident_keys = dlsym(ret->dlhandle,
#  167|   	    "sk_load_resident_keys")) == NULL) {
#  168|-> 		error("Provider \"%s\" dlsym(sk_load_resident_keys) "
#  169|   		    "failed: %s", path, dlerror());
#  170|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def692]
openssh-10.2p1/ssh.c:2077:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.2p1/ssh.c:2069:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh.c:2072:9: branch_false: ...to here
openssh-10.2p1/ssh.c:2075:19: acquire_resource: opened here
openssh-10.2p1/ssh.c:2075:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh.c:2076:20: branch_false: ...to here
openssh-10.2p1/ssh.c:2075:13: branch_true: following ‘true’ branch (when ‘out == -1’)...
openssh-10.2p1/ssh.c:2077:17: branch_true: ...to here
openssh-10.2p1/ssh.c:2077:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh.c:2077:17: danger: ‘in’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
# 2075|   	if ((in = dup(STDIN_FILENO)) == -1 ||
# 2076|   	    (out = dup(STDOUT_FILENO)) == -1)
# 2077|-> 		fatal_f("dup() in/out failed");
# 2078|   	if ((c = channel_connect_stdio_fwd(ssh, options.stdio_forward_host,
# 2079|   	    options.stdio_forward_port, in, out,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def693]
openssh-10.2p1/ssh.c:2078:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.2p1/ssh.c:2069:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh.c:2072:9: branch_false: ...to here
openssh-10.2p1/ssh.c:2075:19: acquire_resource: opened here
openssh-10.2p1/ssh.c:2075:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh.c:2076:20: branch_false: ...to here
openssh-10.2p1/ssh.c:2075:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh.c:2078:18: branch_false: ...to here
openssh-10.2p1/ssh.c:2078:18: throw: if ‘channel_connect_stdio_fwd’ throws an exception...
openssh-10.2p1/ssh.c:2078:18: danger: ‘in’ leaks here; was opened at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
# 2076|   	    (out = dup(STDOUT_FILENO)) == -1)
# 2077|   		fatal_f("dup() in/out failed");
# 2078|-> 	if ((c = channel_connect_stdio_fwd(ssh, options.stdio_forward_host,
# 2079|   	    options.stdio_forward_port, in, out,
# 2080|   	    CHANNEL_NONBLOCK_STDIO)) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def694]
openssh-10.2p1/ssh.c:2078:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh.c:2069:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh.c:2072:9: branch_false: ...to here
openssh-10.2p1/ssh.c:2075:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.2p1/ssh.c:2076:20: branch_false: ...to here
openssh-10.2p1/ssh.c:2076:20: acquire_resource: opened here
openssh-10.2p1/ssh.c:2075:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.2p1/ssh.c:2078:18: branch_false: ...to here
openssh-10.2p1/ssh.c:2078:18: throw: if ‘channel_connect_stdio_fwd’ throws an exception...
openssh-10.2p1/ssh.c:2078:18: danger: ‘out’ leaks here; was opened at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
# 2076|   	    (out = dup(STDOUT_FILENO)) == -1)
# 2077|   		fatal_f("dup() in/out failed");
# 2078|-> 	if ((c = channel_connect_stdio_fwd(ssh, options.stdio_forward_host,
# 2079|   	    options.stdio_forward_port, in, out,
# 2080|   	    CHANNEL_NONBLOCK_STDIO)) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def695]
openssh-10.2p1/ssh.c:2272:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘err’
openssh-10.2p1/ssh.c:2263:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh.c:2264:22: branch_true: ...to here
openssh-10.2p1/ssh.c:2269:15: acquire_resource: opened here
openssh-10.2p1/ssh.c:2271:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh.c:2272:17: branch_true: ...to here
openssh-10.2p1/ssh.c:2272:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh.c:2272:17: danger: ‘err’ leaks here; was opened at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
# 2270|   
# 2271|   	if (in == -1 || out == -1 || err == -1)
# 2272|-> 		fatal("dup() in/out/err failed");
# 2273|   
# 2274|   	window = CHAN_SES_WINDOW_DEFAULT;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def696]
openssh-10.2p1/ssh.c:2272:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.2p1/ssh.c:2263:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh.c:2264:22: branch_true: ...to here
openssh-10.2p1/ssh.c:2264:22: acquire_resource: opened here
openssh-10.2p1/ssh.c:2271:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh.c:2272:17: branch_true: ...to here
openssh-10.2p1/ssh.c:2272:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh.c:2272:17: danger: ‘in’ leaks here; was opened at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
# 2270|   
# 2271|   	if (in == -1 || out == -1 || err == -1)
# 2272|-> 		fatal("dup() in/out/err failed");
# 2273|   
# 2274|   	window = CHAN_SES_WINDOW_DEFAULT;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def697]
openssh-10.2p1/ssh.c:2272:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh.c:2263:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh.c:2264:22: branch_true: ...to here
openssh-10.2p1/ssh.c:2268:15: acquire_resource: opened here
openssh-10.2p1/ssh.c:2271:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh.c:2272:17: branch_true: ...to here
openssh-10.2p1/ssh.c:2272:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/ssh.c:2272:17: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
# 2270|   
# 2271|   	if (in == -1 || out == -1 || err == -1)
# 2272|-> 		fatal("dup() in/out/err failed");
# 2273|   
# 2274|   	window = CHAN_SES_WINDOW_DEFAULT;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def698]
openssh-10.2p1/ssh.c:2280:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘err’
openssh-10.2p1/ssh.c:2263:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh.c:2264:22: branch_true: ...to here
openssh-10.2p1/ssh.c:2269:15: acquire_resource: opened here
openssh-10.2p1/ssh.c:2271:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh.c:2271:13: branch_false: ...to here
openssh-10.2p1/ssh.c:2271:13: branch_false: following ‘false’ branch (when ‘err != -1’)...
openssh-10.2p1/ssh.c:2276:13: branch_false: ...to here
openssh-10.2p1/ssh.c:2280:13: throw: if ‘channel_new’ throws an exception...
openssh-10.2p1/ssh.c:2280:13: danger: ‘err’ leaks here; was opened at [(3)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/2)
# 2278|   		packetmax >>= 1;
# 2279|   	}
# 2280|-> 	c = channel_new(ssh,
# 2281|   	    "session", SSH_CHANNEL_OPENING, in, out, err,
# 2282|   	    window, packetmax, CHAN_EXTENDED_WRITE,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def699]
openssh-10.2p1/ssh.c:2280:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.2p1/ssh.c:2263:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh.c:2264:22: branch_true: ...to here
openssh-10.2p1/ssh.c:2264:22: acquire_resource: opened here
openssh-10.2p1/ssh.c:2271:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh.c:2280:13: throw: if ‘channel_new’ throws an exception...
openssh-10.2p1/ssh.c:2280:13: danger: ‘in’ leaks here; was opened at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2)
# 2278|   		packetmax >>= 1;
# 2279|   	}
# 2280|-> 	c = channel_new(ssh,
# 2281|   	    "session", SSH_CHANNEL_OPENING, in, out, err,
# 2282|   	    window, packetmax, CHAN_EXTENDED_WRITE,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def700]
openssh-10.2p1/ssh.c:2280:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.2p1/ssh.c:2263:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh.c:2264:22: branch_true: ...to here
openssh-10.2p1/ssh.c:2268:15: acquire_resource: opened here
openssh-10.2p1/ssh.c:2271:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh.c:2280:13: throw: if ‘channel_new’ throws an exception...
openssh-10.2p1/ssh.c:2280:13: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2)
# 2278|   		packetmax >>= 1;
# 2279|   	}
# 2280|-> 	c = channel_new(ssh,
# 2281|   	    "session", SSH_CHANNEL_OPENING, in, out, err,
# 2282|   	    window, packetmax, CHAN_EXTENDED_WRITE,

Error: GCC_ANALYZER_WARNING (CWE-416): [#def701]
openssh-10.2p1/ssh_api.c:182:25: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘k’
openssh-10.2p1/ssh_api.c:87:1: enter_function: entry to ‘ssh_init’
openssh-10.2p1/ssh_api.c:101:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:103:12: branch_false: ...to here
openssh-10.2p1/ssh_api.c:116:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh_api.c:117:17: branch_true: ...to here
openssh-10.2p1/ssh_api.c:117:17: call_function: calling ‘ssh_free’ from ‘ssh_init’
#  180|   		TAILQ_REMOVE(&ssh->public_keys, k, next);
#  181|   		if (ssh->kex && ssh->kex->server)
#  182|-> 			sshkey_free(k->key);
#  183|   		free(k);
#  184|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def702]
openssh-10.2p1/ssh_api.c:556:30: warning[-Wanalyzer-malloc-leak]: leak of ‘avail’
openssh-10.2p1/ssh_api.c:542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:544:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:545:31: acquire_memory: allocated here
openssh-10.2p1/ssh_api.c:545:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:549:18: branch_false: ...to here
openssh-10.2p1/ssh_api.c:550:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.2p1/ssh_api.c:554:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:555:16: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh_api.c:556:30: throw: if ‘sshkey_type_from_name’ throws an exception...
openssh-10.2p1/ssh_api.c:556:30: danger: ‘avail’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  554|   	*replace = '\0';
#  555|   	while ((alg = strsep(&avail, ",")) && *alg != '\0') {
#  556|-> 		if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC)
#  557|   			continue;
#  558|   		nid = sshkey_ecdsa_nid_from_name(alg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def703]
openssh-10.2p1/ssh_api.c:556:30: warning[-Wanalyzer-malloc-leak]: leak of ‘replace’
openssh-10.2p1/ssh_api.c:542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:544:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:545:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:549:18: branch_false: ...to here
openssh-10.2p1/ssh_api.c:550:24: acquire_memory: allocated here
openssh-10.2p1/ssh_api.c:550:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.2p1/ssh_api.c:554:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:555:16: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh_api.c:556:30: throw: if ‘sshkey_type_from_name’ throws an exception...
openssh-10.2p1/ssh_api.c:556:30: danger: ‘replace’ leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#  554|   	*replace = '\0';
#  555|   	while ((alg = strsep(&avail, ",")) && *alg != '\0') {
#  556|-> 		if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC)
#  557|   			continue;
#  558|   		nid = sshkey_ecdsa_nid_from_name(alg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def704]
openssh-10.2p1/ssh_api.c:558:23: warning[-Wanalyzer-malloc-leak]: leak of ‘avail’
openssh-10.2p1/ssh_api.c:542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:544:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:545:31: acquire_memory: allocated here
openssh-10.2p1/ssh_api.c:545:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:549:18: branch_false: ...to here
openssh-10.2p1/ssh_api.c:550:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.2p1/ssh_api.c:554:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:555:16: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh_api.c:558:23: throw: if ‘sshkey_ecdsa_nid_from_name’ throws an exception...
openssh-10.2p1/ssh_api.c:558:23: danger: ‘avail’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  556|   		if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC)
#  557|   			continue;
#  558|-> 		nid = sshkey_ecdsa_nid_from_name(alg);
#  559|   		TAILQ_FOREACH(k, &ssh->public_keys, next) {
#  560|   			if (k->key->type != ktype &&

Error: GCC_ANALYZER_WARNING (CWE-401): [#def705]
openssh-10.2p1/ssh_api.c:558:23: warning[-Wanalyzer-malloc-leak]: leak of ‘replace’
openssh-10.2p1/ssh_api.c:542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:544:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:545:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:549:18: branch_false: ...to here
openssh-10.2p1/ssh_api.c:550:24: acquire_memory: allocated here
openssh-10.2p1/ssh_api.c:550:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.2p1/ssh_api.c:554:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:555:16: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh_api.c:558:23: throw: if ‘sshkey_ecdsa_nid_from_name’ throws an exception...
openssh-10.2p1/ssh_api.c:558:23: danger: ‘replace’ leaks here; was allocated at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
#  556|   		if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC)
#  557|   			continue;
#  558|-> 		nid = sshkey_ecdsa_nid_from_name(alg);
#  559|   		TAILQ_FOREACH(k, &ssh->public_keys, next) {
#  560|   			if (k->key->type != ktype &&

Error: GCC_ANALYZER_WARNING (CWE-401): [#def706]
openssh-10.2p1/ssh_api.c:561:31: warning[-Wanalyzer-malloc-leak]: leak of ‘avail’
openssh-10.2p1/ssh_api.c:542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:544:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:545:31: acquire_memory: allocated here
openssh-10.2p1/ssh_api.c:545:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:549:18: branch_false: ...to here
openssh-10.2p1/ssh_api.c:550:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.2p1/ssh_api.c:554:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:555:16: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh_api.c:561:31: throw: if ‘sshkey_is_cert’ throws an exception...
openssh-10.2p1/ssh_api.c:561:31: danger: ‘avail’ leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  559|   		TAILQ_FOREACH(k, &ssh->public_keys, next) {
#  560|   			if (k->key->type != ktype &&
#  561|-> 			    (!sshkey_is_cert(k->key) ||
#  562|   			    k->key->type != sshkey_type_plain(ktype)))
#  563|   				continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def707]
openssh-10.2p1/ssh_api.c:561:31: warning[-Wanalyzer-malloc-leak]: leak of ‘replace’
openssh-10.2p1/ssh_api.c:542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:544:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:545:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:549:18: branch_false: ...to here
openssh-10.2p1/ssh_api.c:550:24: acquire_memory: allocated here
openssh-10.2p1/ssh_api.c:550:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.2p1/ssh_api.c:554:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:555:16: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh_api.c:561:31: throw: if ‘sshkey_is_cert’ throws an exception...
openssh-10.2p1/ssh_api.c:561:31: danger: ‘replace’ leaks here; was allocated at [(5)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/4)
#  559|   		TAILQ_FOREACH(k, &ssh->public_keys, next) {
#  560|   			if (k->key->type != ktype &&
#  561|-> 			    (!sshkey_is_cert(k->key) ||
#  562|   			    k->key->type != sshkey_type_plain(ktype)))
#  563|   				continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def708]
openssh-10.2p1/ssh_api.c:562:45: warning[-Wanalyzer-malloc-leak]: leak of ‘avail’
openssh-10.2p1/ssh_api.c:542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:544:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:545:31: acquire_memory: allocated here
openssh-10.2p1/ssh_api.c:545:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:549:18: branch_false: ...to here
openssh-10.2p1/ssh_api.c:550:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.2p1/ssh_api.c:554:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:555:16: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh_api.c:562:45: throw: if ‘sshkey_type_plain’ throws an exception...
openssh-10.2p1/ssh_api.c:562:45: danger: ‘avail’ leaks here; was allocated at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
#  560|   			if (k->key->type != ktype &&
#  561|   			    (!sshkey_is_cert(k->key) ||
#  562|-> 			    k->key->type != sshkey_type_plain(ktype)))
#  563|   				continue;
#  564|   			if (sshkey_type_plain(k->key->type) == KEY_ECDSA &&

Error: GCC_ANALYZER_WARNING (CWE-401): [#def709]
openssh-10.2p1/ssh_api.c:562:45: warning[-Wanalyzer-malloc-leak]: leak of ‘replace’
openssh-10.2p1/ssh_api.c:542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:544:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:545:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:549:18: branch_false: ...to here
openssh-10.2p1/ssh_api.c:550:24: acquire_memory: allocated here
openssh-10.2p1/ssh_api.c:550:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.2p1/ssh_api.c:554:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:555:16: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh_api.c:562:45: throw: if ‘sshkey_type_plain’ throws an exception...
openssh-10.2p1/ssh_api.c:562:45: danger: ‘replace’ leaks here; was allocated at [(5)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/4)
#  560|   			if (k->key->type != ktype &&
#  561|   			    (!sshkey_is_cert(k->key) ||
#  562|-> 			    k->key->type != sshkey_type_plain(ktype)))
#  563|   				continue;
#  564|   			if (sshkey_type_plain(k->key->type) == KEY_ECDSA &&

Error: GCC_ANALYZER_WARNING (CWE-401): [#def710]
openssh-10.2p1/ssh_api.c:564:29: warning[-Wanalyzer-malloc-leak]: leak of ‘avail’
openssh-10.2p1/ssh_api.c:542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:544:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:545:31: acquire_memory: allocated here
openssh-10.2p1/ssh_api.c:545:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:549:18: branch_false: ...to here
openssh-10.2p1/ssh_api.c:550:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.2p1/ssh_api.c:554:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:555:16: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh_api.c:564:29: throw: if ‘sshkey_type_plain’ throws an exception...
openssh-10.2p1/ssh_api.c:564:29: danger: ‘avail’ leaks here; was allocated at [(3)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/2)
#  562|   			    k->key->type != sshkey_type_plain(ktype)))
#  563|   				continue;
#  564|-> 			if (sshkey_type_plain(k->key->type) == KEY_ECDSA &&
#  565|   			    k->key->ecdsa_nid != nid)
#  566|   				continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def711]
openssh-10.2p1/ssh_api.c:564:29: warning[-Wanalyzer-malloc-leak]: leak of ‘replace’
openssh-10.2p1/ssh_api.c:542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:544:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:545:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:549:18: branch_false: ...to here
openssh-10.2p1/ssh_api.c:550:24: acquire_memory: allocated here
openssh-10.2p1/ssh_api.c:550:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.2p1/ssh_api.c:554:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:555:16: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh_api.c:564:29: throw: if ‘sshkey_type_plain’ throws an exception...
openssh-10.2p1/ssh_api.c:564:29: danger: ‘replace’ leaks here; was allocated at [(5)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/4)
#  562|   			    k->key->type != sshkey_type_plain(ktype)))
#  563|   				continue;
#  564|-> 			if (sshkey_type_plain(k->key->type) == KEY_ECDSA &&
#  565|   			    k->key->ecdsa_nid != nid)
#  566|   				continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def712]
openssh-10.2p1/ssh_api.c:575:17: warning[-Wanalyzer-malloc-leak]: leak of ‘avail’
openssh-10.2p1/ssh_api.c:542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:544:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:545:31: acquire_memory: allocated here
openssh-10.2p1/ssh_api.c:545:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:549:18: branch_false: ...to here
openssh-10.2p1/ssh_api.c:550:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.2p1/ssh_api.c:554:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:555:16: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh_api.c:568:28: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:570:25: branch_false: ...to here
openssh-10.2p1/ssh_api.c:574:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh_api.c:575:17: branch_true: ...to here
openssh-10.2p1/ssh_api.c:575:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh_api.c:575:17: danger: ‘avail’ leaks here; was allocated at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2)
#  573|   	}
#  574|   	if (*replace != '\0') {
#  575|-> 		debug2_f("orig/%d    %s", ssh->kex->server, orig);
#  576|   		debug2_f("replace/%d %s", ssh->kex->server, replace);
#  577|   		free(orig);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def713]
openssh-10.2p1/ssh_api.c:576:17: warning[-Wanalyzer-malloc-leak]: leak of ‘avail’
openssh-10.2p1/ssh_api.c:542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:544:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:545:31: acquire_memory: allocated here
openssh-10.2p1/ssh_api.c:545:12: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:549:18: branch_false: ...to here
openssh-10.2p1/ssh_api.c:550:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.2p1/ssh_api.c:554:9: branch_false: ...to here
openssh-10.2p1/ssh_api.c:555:16: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh_api.c:568:28: branch_false: following ‘false’ branch...
openssh-10.2p1/ssh_api.c:570:25: branch_false: ...to here
openssh-10.2p1/ssh_api.c:574:12: branch_true: following ‘true’ branch...
openssh-10.2p1/ssh_api.c:575:17: branch_true: ...to here
openssh-10.2p1/ssh_api.c:576:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/ssh_api.c:576:17: danger: ‘avail’ leaks here; was allocated at [(3)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/2)
#  574|   	if (*replace != '\0') {
#  575|   		debug2_f("orig/%d    %s", ssh->kex->server, orig);
#  576|-> 		debug2_f("replace/%d %s", ssh->kex->server, replace);
#  577|   		free(orig);
#  578|   		proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = replace;

Error: COMPILER_WARNING: [#def714]
openssh-10.2p1/sshbuf-getput-basic.c: scope_hint: In function ‘sshbuf_get_string’
openssh-10.2p1/sshbuf-getput-basic.c:198:30: warning[-Walloc-size-larger-than=]: argument 1 value ‘18446744073709551613’ exceeds maximum object size 9223372036854775807
#  198 |                 if ((*valp = malloc(len + 1)) == NULL) {
#      |                              ^
/usr/include/stdlib.h:676:14: note: in a call to allocation function ‘malloc’ declared here
#  676 | extern void *malloc (size_t __size) __THROW __attribute_malloc__
#      |              ^
#  196|   		return r;
#  197|   	if (valp != NULL) {
#  198|-> 		if ((*valp = malloc(len + 1)) == NULL) {
#  199|   			SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL"));
#  200|   			return SSH_ERR_ALLOC_FAIL;

Error: COMPILER_WARNING: [#def715]
openssh-10.2p1/sshbuf-getput-basic.c: scope_hint: In function ‘ssh_ed25519_deserialize_public’
openssh-10.2p1/sshbuf-getput-basic.c:203:25: warning[-Wstringop-overflow=]: ‘__builtin_memcpy’ writing 18446744073709551612 bytes into a region of size 9223372036854775807
#  203 |                         memcpy(*valp, val, len);
#      |                         ^
openssh-10.2p1/sshbuf-getput-basic.c:198:30: note: destination object of size 9223372036854775807 allocated by ‘malloc’
#  198 |                 if ((*valp = malloc(len + 1)) == NULL) {
#      |                              ^
#  201|   		}
#  202|   		if (len != 0)
#  203|-> 			memcpy(*valp, val, len);
#  204|   		(*valp)[len] = '\0';
#  205|   	}

Error: COMPILER_WARNING: [#def716]
openssh-10.2p1/sshbuf-getput-basic.c:204:30: warning[-Wstringop-overflow=]: writing 1 byte into a region of size 0
#  204 |                 (*valp)[len] = '\0';
#      |                              ^
openssh-10.2p1/sshbuf-getput-basic.c:198:30: note: at offset -4 into destination object of size 9223372036854775807 allocated by ‘malloc’
#  198 |                 if ((*valp = malloc(len + 1)) == NULL) {
#      |                              ^
#  202|   		if (len != 0)
#  203|   			memcpy(*valp, val, len);
#  204|-> 		(*valp)[len] = '\0';
#  205|   	}
#  206|   	if (lenp != NULL)

Error: GCC_ANALYZER_WARNING (CWE-404): [#def717]
openssh-10.2p1/sshbuf-getput-basic.c:374:18: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.2p1/sshbuf-getput-basic.c:364:12: branch_false: following ‘false’ branch (when ‘len >= 0’)...
openssh-10.2p1/sshbuf-getput-basic.c:368:12: branch_false: ...to here
openssh-10.2p1/sshbuf-getput-basic.c:368:12: branch_false: following ‘false’ branch (when ‘len != 0’)...
openssh-10.2p1/sshbuf-getput-basic.c:372:9: branch_false: ...to here
openssh-10.2p1/sshbuf-getput-basic.c:373:9: acquire_resource: ‘va_copy’ called here
openssh-10.2p1/sshbuf-getput-basic.c:374:18: throw: if ‘sshbuf_reserve’ throws an exception...
openssh-10.2p1/sshbuf-getput-basic.c:374:18: danger: missing call to ‘va_end’ to match ‘va_copy’ at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  372|   	va_end(ap2);
#  373|   	VA_COPY(ap2, ap);
#  374|-> 	if ((r = sshbuf_reserve(buf, (size_t)len + 1, &p)) < 0)
#  375|   		goto out;
#  376|   	if ((r = vsnprintf((char *)p, len + 1, fmt, ap2)) != len) {

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def718]
openssh-10.2p1/sshbuf-io.c:110:17: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘open(path, 577, 420)’
openssh-10.2p1/sshbuf-io.c:105:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshbuf-io.c:107:13: branch_false: ...to here
openssh-10.2p1/sshbuf-io.c:107:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshbuf-io.c:108:52: branch_false: ...to here
openssh-10.2p1/sshbuf-io.c:108:52: release_resource: first ‘close’ here
openssh-10.2p1/sshbuf-io.c:107:13: branch_true: following ‘true’ branch...
openssh-10.2p1/sshbuf-io.c:109:26: branch_true: ...to here
openssh-10.2p1/sshbuf-io.c:110:17: danger: second ‘close’ here; first ‘close’ was at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  108|   	    sshbuf_len(buf)) != sshbuf_len(buf) || close(fd) != 0) {
#  109|   		oerrno = errno;
#  110|-> 		close(fd);
#  111|   		unlink(path);
#  112|   		errno = oerrno;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def719]
openssh-10.2p1/sshbuf-misc.c:141:13: warning[-Wanalyzer-malloc-leak]: leak of ‘s’
openssh-10.2p1/sshbuf-misc.c:139:18: acquire_memory: allocated here
openssh-10.2p1/sshbuf-misc.c:139:12: branch_false: following ‘false’ branch (when ‘s’ is non-NULL)...
openssh-10.2p1/sshbuf-misc.c:141:13: branch_false: ...to here
openssh-10.2p1/sshbuf-misc.c:141:13: throw: if ‘sshbuf_ptr’ throws an exception...
openssh-10.2p1/sshbuf-misc.c:141:13: danger: ‘s’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  139|   	if ((s = malloc(slen)) == NULL)
#  140|   		return SSH_ERR_ALLOC_FAIL;
#  141|-> 	if (b64_ntop(sshbuf_ptr(d), sshbuf_len(d), s, slen) == -1) {
#  142|   		r = SSH_ERR_INTERNAL_ERROR;
#  143|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def720]
openssh-10.2p1/sshconnect.c:359:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.2p1/sshconnect.c:538:1: enter_function: entry to ‘ssh_connect’
openssh-10.2p1/sshconnect.c:544:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshconnect.c:545:24: branch_true: ...to here
openssh-10.2p1/sshconnect.c:545:24: call_function: calling ‘ssh_connect_direct’ from ‘ssh_connect’
#  357|   		return -1;
#  358|   	}
#  359|-> 	(void)fcntl(sock, F_SETFD, FD_CLOEXEC);
#  360|   
#  361|   	/* Use interactive QOS (if specified) until authentication completed */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def721]
openssh-10.2p1/sshconnect2.c:2206:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.2p1/sshconnect2.c:2221:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2206:24: danger: ‘from[0]’ leaks here
# 2204|   	if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
# 2205|   		error_f("not installed: %s", strerror(errno));
# 2206|-> 		return -1;
# 2207|   	}
# 2208|   	if (fflush(stdout) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def722]
openssh-10.2p1/sshconnect2.c:2206:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.2p1/sshconnect2.c:2221:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2206:24: danger: ‘from[1]’ leaks here
# 2204|   	if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
# 2205|   		error_f("not installed: %s", strerror(errno));
# 2206|-> 		return -1;
# 2207|   	}
# 2208|   	if (fflush(stdout) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def723]
openssh-10.2p1/sshconnect2.c:2206:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshconnect2.c:2217:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2206:24: danger: ‘to[0]’ leaks here
# 2204|   	if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
# 2205|   		error_f("not installed: %s", strerror(errno));
# 2206|-> 		return -1;
# 2207|   	}
# 2208|   	if (fflush(stdout) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def724]
openssh-10.2p1/sshconnect2.c:2206:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshconnect2.c:2217:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2206:24: danger: ‘to[1]’ leaks here
# 2204|   	if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
# 2205|   		error_f("not installed: %s", strerror(errno));
# 2206|-> 		return -1;
# 2207|   	}
# 2208|   	if (fflush(stdout) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def725]
openssh-10.2p1/sshconnect2.c:2217:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshconnect2.c:2217:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2217:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/sshconnect2.c:2217:17: danger: ‘to[0]’ leaks here
# 2215|   	}
# 2216|   	if (pipe(from) == -1) {
# 2217|-> 		error_f("pipe: %s", strerror(errno));
# 2218|   		return -1;
# 2219|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def726]
openssh-10.2p1/sshconnect2.c:2217:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshconnect2.c:2217:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2217:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/sshconnect2.c:2217:17: danger: ‘to[1]’ leaks here
# 2215|   	}
# 2216|   	if (pipe(from) == -1) {
# 2217|-> 		error_f("pipe: %s", strerror(errno));
# 2218|   		return -1;
# 2219|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def727]
openssh-10.2p1/sshconnect2.c:2221:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.2p1/sshconnect2.c:2221:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2221:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/sshconnect2.c:2221:17: danger: ‘from[0]’ leaks here
# 2219|   	}
# 2220|   	if ((pid = fork()) == -1) {
# 2221|-> 		error_f("fork: %s", strerror(errno));
# 2222|   		return -1;
# 2223|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def728]
openssh-10.2p1/sshconnect2.c:2221:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.2p1/sshconnect2.c:2221:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2221:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/sshconnect2.c:2221:17: danger: ‘from[1]’ leaks here
# 2219|   	}
# 2220|   	if ((pid = fork()) == -1) {
# 2221|-> 		error_f("fork: %s", strerror(errno));
# 2222|   		return -1;
# 2223|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def729]
openssh-10.2p1/sshconnect2.c:2221:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.2p1/sshconnect2.c:2221:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2221:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/sshconnect2.c:2221:17: danger: ‘to[0]’ leaks here
# 2219|   	}
# 2220|   	if ((pid = fork()) == -1) {
# 2221|-> 		error_f("fork: %s", strerror(errno));
# 2222|   		return -1;
# 2223|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def730]
openssh-10.2p1/sshconnect2.c:2221:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.2p1/sshconnect2.c:2221:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2221:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/sshconnect2.c:2221:17: danger: ‘to[1]’ leaks here
# 2219|   	}
# 2220|   	if ((pid = fork()) == -1) {
# 2221|-> 		error_f("fork: %s", strerror(errno));
# 2222|   		return -1;
# 2223|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def731]
openssh-10.2p1/sshconnect2.c:2224:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2224:20: throw: if ‘ssh_signal’ throws an exception...
openssh-10.2p1/sshconnect2.c:2224:20: danger: ‘from[0]’ leaks here
# 2222|   		return -1;
# 2223|   	}
# 2224|-> 	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
# 2225|   	if (pid == 0) {
# 2226|   		close(from[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def732]
openssh-10.2p1/sshconnect2.c:2224:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2224:20: throw: if ‘ssh_signal’ throws an exception...
openssh-10.2p1/sshconnect2.c:2224:20: danger: ‘from[1]’ leaks here
# 2222|   		return -1;
# 2223|   	}
# 2224|-> 	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
# 2225|   	if (pid == 0) {
# 2226|   		close(from[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def733]
openssh-10.2p1/sshconnect2.c:2224:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2224:20: throw: if ‘ssh_signal’ throws an exception...
openssh-10.2p1/sshconnect2.c:2224:20: danger: ‘to[0]’ leaks here
# 2222|   		return -1;
# 2223|   	}
# 2224|-> 	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
# 2225|   	if (pid == 0) {
# 2226|   		close(from[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def734]
openssh-10.2p1/sshconnect2.c:2224:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2224:20: throw: if ‘ssh_signal’ throws an exception...
openssh-10.2p1/sshconnect2.c:2224:20: danger: ‘to[1]’ leaks here
# 2222|   		return -1;
# 2223|   	}
# 2224|-> 	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
# 2225|   	if (pid == 0) {
# 2226|   		close(from[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def735]
openssh-10.2p1/sshconnect2.c:2226:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshconnect2.c:2226:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2226:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/sshconnect2.c:2226:17: danger: ‘from[0]’ leaks here
# 2224|   	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
# 2225|   	if (pid == 0) {
# 2226|-> 		close(from[0]);
# 2227|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2228|   			fatal_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def736]
openssh-10.2p1/sshconnect2.c:2226:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshconnect2.c:2226:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2226:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/sshconnect2.c:2226:17: danger: ‘from[1]’ leaks here
# 2224|   	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
# 2225|   	if (pid == 0) {
# 2226|-> 		close(from[0]);
# 2227|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2228|   			fatal_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def737]
openssh-10.2p1/sshconnect2.c:2226:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshconnect2.c:2226:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2226:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/sshconnect2.c:2226:17: danger: ‘to[0]’ leaks here
# 2224|   	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
# 2225|   	if (pid == 0) {
# 2226|-> 		close(from[0]);
# 2227|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2228|   			fatal_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def738]
openssh-10.2p1/sshconnect2.c:2226:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshconnect2.c:2226:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2226:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/sshconnect2.c:2226:17: danger: ‘to[1]’ leaks here
# 2224|   	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
# 2225|   	if (pid == 0) {
# 2226|-> 		close(from[0]);
# 2227|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2228|   			fatal_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def739]
openssh-10.2p1/sshconnect2.c:2227:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(from[1], 1)’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshconnect2.c:2226:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2227:21: acquire_resource: opened here
openssh-10.2p1/sshconnect2.c:2227:20: danger: ‘dup2(from[1], 1)’ leaks here; was opened at [(15)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/14)
# 2225|   	if (pid == 0) {
# 2226|   		close(from[0]);
# 2227|-> 		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2228|   			fatal_f("dup2: %s", strerror(errno));
# 2229|   		close(to[1]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def740]
openssh-10.2p1/sshconnect2.c:2228:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshconnect2.c:2226:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2227:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshconnect2.c:2228:25: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2228:25: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/sshconnect2.c:2228:25: danger: ‘from[1]’ leaks here
# 2226|   		close(from[0]);
# 2227|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2228|-> 			fatal_f("dup2: %s", strerror(errno));
# 2229|   		close(to[1]);
# 2230|   		if (dup2(to[0], STDIN_FILENO) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def741]
openssh-10.2p1/sshconnect2.c:2228:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshconnect2.c:2226:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2227:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshconnect2.c:2228:25: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2228:25: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/sshconnect2.c:2228:25: danger: ‘to[0]’ leaks here
# 2226|   		close(from[0]);
# 2227|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2228|-> 			fatal_f("dup2: %s", strerror(errno));
# 2229|   		close(to[1]);
# 2230|   		if (dup2(to[0], STDIN_FILENO) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def742]
openssh-10.2p1/sshconnect2.c:2228:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshconnect2.c:2226:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2227:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshconnect2.c:2228:25: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2228:25: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/sshconnect2.c:2228:25: danger: ‘to[1]’ leaks here
# 2226|   		close(from[0]);
# 2227|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2228|-> 			fatal_f("dup2: %s", strerror(errno));
# 2229|   		close(to[1]);
# 2230|   		if (dup2(to[0], STDIN_FILENO) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def743]
openssh-10.2p1/sshconnect2.c:2229:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshconnect2.c:2226:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2227:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2229:17: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2229:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/sshconnect2.c:2229:17: danger: ‘from[1]’ leaks here
# 2227|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2228|   			fatal_f("dup2: %s", strerror(errno));
# 2229|-> 		close(to[1]);
# 2230|   		if (dup2(to[0], STDIN_FILENO) == -1)
# 2231|   			fatal_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def744]
openssh-10.2p1/sshconnect2.c:2229:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshconnect2.c:2226:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2227:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2229:17: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2229:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/sshconnect2.c:2229:17: danger: ‘to[0]’ leaks here
# 2227|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2228|   			fatal_f("dup2: %s", strerror(errno));
# 2229|-> 		close(to[1]);
# 2230|   		if (dup2(to[0], STDIN_FILENO) == -1)
# 2231|   			fatal_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def745]
openssh-10.2p1/sshconnect2.c:2229:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshconnect2.c:2226:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2227:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2229:17: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2229:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/sshconnect2.c:2229:17: danger: ‘to[1]’ leaks here
# 2227|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2228|   			fatal_f("dup2: %s", strerror(errno));
# 2229|-> 		close(to[1]);
# 2230|   		if (dup2(to[0], STDIN_FILENO) == -1)
# 2231|   			fatal_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def746]
openssh-10.2p1/sshconnect2.c:2230:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(to[0], 0)’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshconnect2.c:2226:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2227:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2229:17: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2230:21: acquire_resource: opened here
openssh-10.2p1/sshconnect2.c:2230:20: danger: ‘dup2(to[0], 0)’ leaks here; was opened at [(17)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/16)
# 2228|   			fatal_f("dup2: %s", strerror(errno));
# 2229|   		close(to[1]);
# 2230|-> 		if (dup2(to[0], STDIN_FILENO) == -1)
# 2231|   			fatal_f("dup2: %s", strerror(errno));
# 2232|   		close(from[1]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def747]
openssh-10.2p1/sshconnect2.c:2231:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshconnect2.c:2226:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2227:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2229:17: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2230:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshconnect2.c:2231:25: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2231:25: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/sshconnect2.c:2231:25: danger: ‘from[1]’ leaks here
# 2229|   		close(to[1]);
# 2230|   		if (dup2(to[0], STDIN_FILENO) == -1)
# 2231|-> 			fatal_f("dup2: %s", strerror(errno));
# 2232|   		close(from[1]);
# 2233|   		close(to[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def748]
openssh-10.2p1/sshconnect2.c:2231:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshconnect2.c:2226:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2227:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2229:17: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2230:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshconnect2.c:2231:25: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2231:25: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/sshconnect2.c:2231:25: danger: ‘to[0]’ leaks here
# 2229|   		close(to[1]);
# 2230|   		if (dup2(to[0], STDIN_FILENO) == -1)
# 2231|-> 			fatal_f("dup2: %s", strerror(errno));
# 2232|   		close(from[1]);
# 2233|   		close(to[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def749]
openssh-10.2p1/sshconnect2.c:2232:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshconnect2.c:2226:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2227:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2229:17: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2230:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2232:17: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2232:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/sshconnect2.c:2232:17: danger: ‘from[1]’ leaks here
# 2230|   		if (dup2(to[0], STDIN_FILENO) == -1)
# 2231|   			fatal_f("dup2: %s", strerror(errno));
# 2232|-> 		close(from[1]);
# 2233|   		close(to[0]);
# 2234|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def750]
openssh-10.2p1/sshconnect2.c:2232:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshconnect2.c:2226:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2227:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2229:17: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2230:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2232:17: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2232:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/sshconnect2.c:2232:17: danger: ‘to[0]’ leaks here
# 2230|   		if (dup2(to[0], STDIN_FILENO) == -1)
# 2231|   			fatal_f("dup2: %s", strerror(errno));
# 2232|-> 		close(from[1]);
# 2233|   		close(to[0]);
# 2234|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def751]
openssh-10.2p1/sshconnect2.c:2233:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshconnect2.c:2226:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2227:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2229:17: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2230:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2232:17: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2233:17: throw: if ‘close’ throws an exception...
openssh-10.2p1/sshconnect2.c:2233:17: danger: ‘to[0]’ leaks here
# 2231|   			fatal_f("dup2: %s", strerror(errno));
# 2232|   		close(from[1]);
# 2233|-> 		close(to[0]);
# 2234|   
# 2235|   		if (dup2(sock, STDERR_FILENO + 1) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def752]
openssh-10.2p1/sshconnect2.c:2235:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(ssh_packet_get_connection_in(ssh), 3)’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshconnect2.c:2226:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2227:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2229:17: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2230:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2232:17: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2235:21: acquire_resource: opened here
openssh-10.2p1/sshconnect2.c:2235:20: danger: ‘dup2(ssh_packet_get_connection_in(ssh), 3)’ leaks here; was opened at [(19)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/18)
# 2233|   		close(to[0]);
# 2234|   
# 2235|-> 		if (dup2(sock, STDERR_FILENO + 1) == -1)
# 2236|   			fatal_f("dup2: %s", strerror(errno));
# 2237|   		sock = STDERR_FILENO + 1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def753]
openssh-10.2p1/sshconnect2.c:2248:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2248:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/sshconnect2.c:2248:9: danger: ‘from[0]’ leaks here
# 2246|   		    strerror(errno));
# 2247|   	}
# 2248|-> 	close(from[1]);
# 2249|   	close(to[0]);
# 2250|   	sock = STDERR_FILENO + 1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def754]
openssh-10.2p1/sshconnect2.c:2248:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2248:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/sshconnect2.c:2248:9: danger: ‘from[1]’ leaks here
# 2246|   		    strerror(errno));
# 2247|   	}
# 2248|-> 	close(from[1]);
# 2249|   	close(to[0]);
# 2250|   	sock = STDERR_FILENO + 1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def755]
openssh-10.2p1/sshconnect2.c:2248:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2248:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/sshconnect2.c:2248:9: danger: ‘to[0]’ leaks here
# 2246|   		    strerror(errno));
# 2247|   	}
# 2248|-> 	close(from[1]);
# 2249|   	close(to[0]);
# 2250|   	sock = STDERR_FILENO + 1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def756]
openssh-10.2p1/sshconnect2.c:2248:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2248:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/sshconnect2.c:2248:9: danger: ‘to[1]’ leaks here
# 2246|   		    strerror(errno));
# 2247|   	}
# 2248|-> 	close(from[1]);
# 2249|   	close(to[0]);
# 2250|   	sock = STDERR_FILENO + 1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def757]
openssh-10.2p1/sshconnect2.c:2249:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2249:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/sshconnect2.c:2249:9: danger: ‘from[0]’ leaks here
# 2247|   	}
# 2248|   	close(from[1]);
# 2249|-> 	close(to[0]);
# 2250|   	sock = STDERR_FILENO + 1;
# 2251|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def758]
openssh-10.2p1/sshconnect2.c:2249:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2249:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/sshconnect2.c:2249:9: danger: ‘to[0]’ leaks here
# 2247|   	}
# 2248|   	close(from[1]);
# 2249|-> 	close(to[0]);
# 2250|   	sock = STDERR_FILENO + 1;
# 2251|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def759]
openssh-10.2p1/sshconnect2.c:2249:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2249:9: throw: if ‘close’ throws an exception...
openssh-10.2p1/sshconnect2.c:2249:9: danger: ‘to[1]’ leaks here
# 2247|   	}
# 2248|   	close(from[1]);
# 2249|-> 	close(to[0]);
# 2250|   	sock = STDERR_FILENO + 1;
# 2251|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def760]
openssh-10.2p1/sshconnect2.c:2252:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2252:18: throw: if ‘sshbuf_new’ throws an exception...
openssh-10.2p1/sshconnect2.c:2252:18: danger: ‘from[0]’ leaks here
# 2250|   	sock = STDERR_FILENO + 1;
# 2251|   
# 2252|-> 	if ((b = sshbuf_new()) == NULL)
# 2253|   		fatal_f("sshbuf_new failed");
# 2254|   	/* send # of sock, data to be signed */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def761]
openssh-10.2p1/sshconnect2.c:2252:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2252:18: throw: if ‘sshbuf_new’ throws an exception...
openssh-10.2p1/sshconnect2.c:2252:18: danger: ‘to[1]’ leaks here
# 2250|   	sock = STDERR_FILENO + 1;
# 2251|   
# 2252|-> 	if ((b = sshbuf_new()) == NULL)
# 2253|   		fatal_f("sshbuf_new failed");
# 2254|   	/* send # of sock, data to be signed */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def762]
openssh-10.2p1/sshconnect2.c:2253:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2252:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshconnect2.c:2253:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2253:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/sshconnect2.c:2253:17: danger: ‘from[0]’ leaks here
# 2251|   
# 2252|   	if ((b = sshbuf_new()) == NULL)
# 2253|-> 		fatal_f("sshbuf_new failed");
# 2254|   	/* send # of sock, data to be signed */
# 2255|   	if ((r = sshbuf_put_u32(b, sock)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def763]
openssh-10.2p1/sshconnect2.c:2253:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2252:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshconnect2.c:2253:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2253:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/sshconnect2.c:2253:17: danger: ‘to[1]’ leaks here
# 2251|   
# 2252|   	if ((b = sshbuf_new()) == NULL)
# 2253|-> 		fatal_f("sshbuf_new failed");
# 2254|   	/* send # of sock, data to be signed */
# 2255|   	if ((r = sshbuf_put_u32(b, sock)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def764]
openssh-10.2p1/sshconnect2.c:2255:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2252:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2255:18: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2255:18: throw: if ‘sshbuf_put_u32’ throws an exception...
openssh-10.2p1/sshconnect2.c:2255:18: danger: ‘from[0]’ leaks here
# 2253|   		fatal_f("sshbuf_new failed");
# 2254|   	/* send # of sock, data to be signed */
# 2255|-> 	if ((r = sshbuf_put_u32(b, sock)) != 0 ||
# 2256|   	    (r = sshbuf_put_string(b, data, datalen)) != 0)
# 2257|   		fatal_fr(r, "buffer error");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def765]
openssh-10.2p1/sshconnect2.c:2255:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2252:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2255:18: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2255:18: throw: if ‘sshbuf_put_u32’ throws an exception...
openssh-10.2p1/sshconnect2.c:2255:18: danger: ‘to[1]’ leaks here
# 2253|   		fatal_f("sshbuf_new failed");
# 2254|   	/* send # of sock, data to be signed */
# 2255|-> 	if ((r = sshbuf_put_u32(b, sock)) != 0 ||
# 2256|   	    (r = sshbuf_put_string(b, data, datalen)) != 0)
# 2257|   		fatal_fr(r, "buffer error");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def766]
openssh-10.2p1/sshconnect2.c:2256:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2252:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2255:18: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2255:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2256:18: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2256:18: throw: if ‘sshbuf_put_string’ throws an exception...
openssh-10.2p1/sshconnect2.c:2256:18: danger: ‘from[0]’ leaks here
# 2254|   	/* send # of sock, data to be signed */
# 2255|   	if ((r = sshbuf_put_u32(b, sock)) != 0 ||
# 2256|-> 	    (r = sshbuf_put_string(b, data, datalen)) != 0)
# 2257|   		fatal_fr(r, "buffer error");
# 2258|   	if (ssh_msg_send(to[1], version, b) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def767]
openssh-10.2p1/sshconnect2.c:2256:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2252:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2255:18: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2255:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2256:18: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2256:18: throw: if ‘sshbuf_put_string’ throws an exception...
openssh-10.2p1/sshconnect2.c:2256:18: danger: ‘to[1]’ leaks here
# 2254|   	/* send # of sock, data to be signed */
# 2255|   	if ((r = sshbuf_put_u32(b, sock)) != 0 ||
# 2256|-> 	    (r = sshbuf_put_string(b, data, datalen)) != 0)
# 2257|   		fatal_fr(r, "buffer error");
# 2258|   	if (ssh_msg_send(to[1], version, b) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def768]
openssh-10.2p1/sshconnect2.c:2257:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2252:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2255:18: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2257:17: throw: if ‘ssh_err’ throws an exception...
openssh-10.2p1/sshconnect2.c:2257:17: danger: ‘from[0]’ leaks here
# 2255|   	if ((r = sshbuf_put_u32(b, sock)) != 0 ||
# 2256|   	    (r = sshbuf_put_string(b, data, datalen)) != 0)
# 2257|-> 		fatal_fr(r, "buffer error");
# 2258|   	if (ssh_msg_send(to[1], version, b) == -1)
# 2259|   		fatal_f("couldn't send request");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def769]
openssh-10.2p1/sshconnect2.c:2257:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2252:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2255:18: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2257:17: throw: if ‘ssh_err’ throws an exception...
openssh-10.2p1/sshconnect2.c:2257:17: danger: ‘to[1]’ leaks here
# 2255|   	if ((r = sshbuf_put_u32(b, sock)) != 0 ||
# 2256|   	    (r = sshbuf_put_string(b, data, datalen)) != 0)
# 2257|-> 		fatal_fr(r, "buffer error");
# 2258|   	if (ssh_msg_send(to[1], version, b) == -1)
# 2259|   		fatal_f("couldn't send request");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def770]
openssh-10.2p1/sshconnect2.c:2258:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2252:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2255:18: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2255:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2256:18: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2255:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2258:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2258:13: throw: if ‘ssh_msg_send’ throws an exception...
openssh-10.2p1/sshconnect2.c:2258:13: danger: ‘from[0]’ leaks here
# 2256|   	    (r = sshbuf_put_string(b, data, datalen)) != 0)
# 2257|   		fatal_fr(r, "buffer error");
# 2258|-> 	if (ssh_msg_send(to[1], version, b) == -1)
# 2259|   		fatal_f("couldn't send request");
# 2260|   	sshbuf_reset(b);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def771]
openssh-10.2p1/sshconnect2.c:2258:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2252:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2255:18: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2255:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2256:18: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2255:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2258:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2258:13: throw: if ‘ssh_msg_send’ throws an exception...
openssh-10.2p1/sshconnect2.c:2258:13: danger: ‘to[1]’ leaks here
# 2256|   	    (r = sshbuf_put_string(b, data, datalen)) != 0)
# 2257|   		fatal_fr(r, "buffer error");
# 2258|-> 	if (ssh_msg_send(to[1], version, b) == -1)
# 2259|   		fatal_f("couldn't send request");
# 2260|   	sshbuf_reset(b);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def772]
openssh-10.2p1/sshconnect2.c:2259:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2252:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2255:18: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2255:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2256:18: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2255:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2258:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2258:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshconnect2.c:2259:17: branch_true: ...to here
openssh-10.2p1/sshconnect2.c:2259:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/sshconnect2.c:2259:17: danger: ‘from[0]’ leaks here
# 2257|   		fatal_fr(r, "buffer error");
# 2258|   	if (ssh_msg_send(to[1], version, b) == -1)
# 2259|-> 		fatal_f("couldn't send request");
# 2260|   	sshbuf_reset(b);
# 2261|   	r = ssh_msg_recv(from[0], b);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def773]
openssh-10.2p1/sshconnect2.c:2260:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2252:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2255:18: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2255:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2256:18: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2255:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2258:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2258:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2260:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2260:9: throw: if ‘sshbuf_reset’ throws an exception...
openssh-10.2p1/sshconnect2.c:2260:9: danger: ‘from[0]’ leaks here
# 2258|   	if (ssh_msg_send(to[1], version, b) == -1)
# 2259|   		fatal_f("couldn't send request");
# 2260|-> 	sshbuf_reset(b);
# 2261|   	r = ssh_msg_recv(from[0], b);
# 2262|   	close(from[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def774]
openssh-10.2p1/sshconnect2.c:2261:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.2p1/sshconnect2.c:2204:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2208:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2208:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2212:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2212:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2216:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2216:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2220:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2220:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshconnect2.c:2224:20: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2225:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.2p1/sshconnect2.c:2248:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2252:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2255:18: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2255:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2256:18: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2255:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2258:13: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2258:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshconnect2.c:2260:9: branch_false: ...to here
openssh-10.2p1/sshconnect2.c:2261:13: throw: if ‘ssh_msg_recv’ throws an exception...
openssh-10.2p1/sshconnect2.c:2261:13: danger: ‘from[0]’ leaks here
# 2259|   		fatal_f("couldn't send request");
# 2260|   	sshbuf_reset(b);
# 2261|-> 	r = ssh_msg_recv(from[0], b);
# 2262|   	close(from[0]);
# 2263|   	close(to[1]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def775]
openssh-10.2p1/sshd-auth.c:627:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock_in’
openssh-10.2p1/sshd-auth.c:588:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-auth.c:592:9: branch_false: ...to here
openssh-10.2p1/sshd-auth.c:609:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-auth.c:615:13: branch_false: ...to here
openssh-10.2p1/sshd-auth.c:615:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-auth.c:624:38: branch_false: ...to here
openssh-10.2p1/sshd-auth.c:624:38: acquire_resource: opened here
openssh-10.2p1/sshd-auth.c:627:13: throw: if ‘stdfd_devnull’ throws an exception...
openssh-10.2p1/sshd-auth.c:627:13: danger: ‘sock_in’ leaks here; was opened at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  625|   	}
#  626|   
#  627|-> 	if (stdfd_devnull(1, 1, 0) == -1)
#  628|   		error("stdfd_devnull failed");
#  629|   	debug("network sockets: %d, %d", sock_in, sock_out);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def776]
openssh-10.2p1/sshd-auth.c:627:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock_out’
openssh-10.2p1/sshd-auth.c:588:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-auth.c:592:9: branch_false: ...to here
openssh-10.2p1/sshd-auth.c:609:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-auth.c:615:13: branch_false: ...to here
openssh-10.2p1/sshd-auth.c:615:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd-auth.c:620:27: branch_true: ...to here
openssh-10.2p1/sshd-auth.c:621:28: acquire_resource: opened here
openssh-10.2p1/sshd-auth.c:627:13: throw: if ‘stdfd_devnull’ throws an exception...
openssh-10.2p1/sshd-auth.c:627:13: danger: ‘sock_out’ leaks here; was opened at [(7)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/6)
#  625|   	}
#  626|   
#  627|-> 	if (stdfd_devnull(1, 1, 0) == -1)
#  628|   		error("stdfd_devnull failed");
#  629|   	debug("network sockets: %d, %d", sock_in, sock_out);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def777]
openssh-10.2p1/sshd-auth.c:628:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock_in’
openssh-10.2p1/sshd-auth.c:588:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-auth.c:592:9: branch_false: ...to here
openssh-10.2p1/sshd-auth.c:609:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-auth.c:615:13: branch_false: ...to here
openssh-10.2p1/sshd-auth.c:615:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-auth.c:624:38: branch_false: ...to here
openssh-10.2p1/sshd-auth.c:624:38: acquire_resource: opened here
openssh-10.2p1/sshd-auth.c:627:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd-auth.c:628:17: branch_true: ...to here
openssh-10.2p1/sshd-auth.c:628:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/sshd-auth.c:628:17: danger: ‘sock_in’ leaks here; was opened at [(7)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/6)
#  626|   
#  627|   	if (stdfd_devnull(1, 1, 0) == -1)
#  628|-> 		error("stdfd_devnull failed");
#  629|   	debug("network sockets: %d, %d", sock_in, sock_out);
#  630|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def778]
openssh-10.2p1/sshd-auth.c:628:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock_out’
openssh-10.2p1/sshd-auth.c:588:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-auth.c:592:9: branch_false: ...to here
openssh-10.2p1/sshd-auth.c:609:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-auth.c:615:13: branch_false: ...to here
openssh-10.2p1/sshd-auth.c:615:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd-auth.c:620:27: branch_true: ...to here
openssh-10.2p1/sshd-auth.c:621:28: acquire_resource: opened here
openssh-10.2p1/sshd-auth.c:627:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd-auth.c:628:17: branch_true: ...to here
openssh-10.2p1/sshd-auth.c:628:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/sshd-auth.c:628:17: danger: ‘sock_out’ leaks here; was opened at [(7)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/6)
#  626|   
#  627|   	if (stdfd_devnull(1, 1, 0) == -1)
#  628|-> 		error("stdfd_devnull failed");
#  629|   	debug("network sockets: %d, %d", sock_in, sock_out);
#  630|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def779]
openssh-10.2p1/sshd-auth.c:629:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock_in’
openssh-10.2p1/sshd-auth.c:588:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-auth.c:592:9: branch_false: ...to here
openssh-10.2p1/sshd-auth.c:609:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-auth.c:615:13: branch_false: ...to here
openssh-10.2p1/sshd-auth.c:615:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-auth.c:624:38: branch_false: ...to here
openssh-10.2p1/sshd-auth.c:624:38: acquire_resource: opened here
openssh-10.2p1/sshd-auth.c:629:9: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/sshd-auth.c:629:9: danger: ‘sock_in’ leaks here; was opened at [(7)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/6)
#  627|   	if (stdfd_devnull(1, 1, 0) == -1)
#  628|   		error("stdfd_devnull failed");
#  629|-> 	debug("network sockets: %d, %d", sock_in, sock_out);
#  630|   
#  631|   	/*

Error: GCC_ANALYZER_WARNING (CWE-775): [#def780]
openssh-10.2p1/sshd-auth.c:629:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock_out’
openssh-10.2p1/sshd-auth.c:588:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-auth.c:592:9: branch_false: ...to here
openssh-10.2p1/sshd-auth.c:609:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-auth.c:615:13: branch_false: ...to here
openssh-10.2p1/sshd-auth.c:615:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd-auth.c:620:27: branch_true: ...to here
openssh-10.2p1/sshd-auth.c:621:28: acquire_resource: opened here
openssh-10.2p1/sshd-auth.c:629:9: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/sshd-auth.c:629:9: danger: ‘sock_out’ leaks here; was opened at [(7)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/6)
#  627|   	if (stdfd_devnull(1, 1, 0) == -1)
#  628|   		error("stdfd_devnull failed");
#  629|-> 	debug("network sockets: %d, %d", sock_in, sock_out);
#  630|   
#  631|   	/*

Error: GCC_ANALYZER_WARNING (CWE-775): [#def781]
openssh-10.2p1/sshd-session.c:443:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(ssh_packet_get_connection_in(ssh), 0)’
openssh-10.2p1/sshd-session.c:410:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshd-session.c:412:17: branch_false: ...to here
openssh-10.2p1/sshd-session.c:412:17: branch_false: following ‘false’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshd-session.c:428:31: branch_false: ...to here
openssh-10.2p1/sshd-session.c:443:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd-session.c:444:21: branch_true: ...to here
openssh-10.2p1/sshd-session.c:444:21: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:443:21: danger: ‘dup2(ssh_packet_get_connection_in(ssh), 0)’ leaks here; was opened at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  441|   		 */
#  442|   
#  443|-> 		if (ssh_packet_get_connection_in(ssh) != STDIN_FILENO &&
#  444|   		    dup2(ssh_packet_get_connection_in(ssh), STDIN_FILENO) == -1)
#  445|   			fatal("dup2 stdin failed: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def782]
openssh-10.2p1/sshd-session.c:446:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(ssh_packet_get_connection_out(ssh), 1)’
openssh-10.2p1/sshd-session.c:410:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshd-session.c:412:17: branch_false: ...to here
openssh-10.2p1/sshd-session.c:412:17: branch_false: following ‘false’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshd-session.c:428:31: branch_false: ...to here
openssh-10.2p1/sshd-session.c:446:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd-session.c:447:21: branch_true: ...to here
openssh-10.2p1/sshd-session.c:447:21: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:446:21: danger: ‘dup2(ssh_packet_get_connection_out(ssh), 1)’ leaks here; was opened at [(7)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/6)
#  444|   		    dup2(ssh_packet_get_connection_in(ssh), STDIN_FILENO) == -1)
#  445|   			fatal("dup2 stdin failed: %s", strerror(errno));
#  446|-> 		if (ssh_packet_get_connection_out(ssh) != STDOUT_FILENO &&
#  447|   		    dup2(ssh_packet_get_connection_out(ssh),
#  448|   		    STDOUT_FILENO) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def783]
openssh-10.2p1/sshd-session.c:452:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(*pmonitor.m_recvfd, 3)’
openssh-10.2p1/sshd-session.c:410:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshd-session.c:412:17: branch_false: ...to here
openssh-10.2p1/sshd-session.c:412:17: branch_false: following ‘false’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshd-session.c:428:31: branch_false: ...to here
openssh-10.2p1/sshd-session.c:452:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd-session.c:453:21: branch_true: ...to here
openssh-10.2p1/sshd-session.c:453:21: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:452:21: danger: ‘dup2(*pmonitor.m_recvfd, 3)’ leaks here; was opened at [(7)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/6)
#  450|   		/* leave stderr as-is */
#  451|   		log_redirect_stderr_to(NULL); /* dup can clobber log fd */
#  452|-> 		if (pmonitor->m_recvfd != PRIVSEP_MONITOR_FD &&
#  453|   		    dup2(pmonitor->m_recvfd, PRIVSEP_MONITOR_FD) == -1)
#  454|   			fatal("dup2 monitor fd: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def784]
openssh-10.2p1/sshd-session.c:455:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(*pmonitor.m_log_sendfd, 4)’
openssh-10.2p1/sshd-session.c:410:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.2p1/sshd-session.c:412:17: branch_false: ...to here
openssh-10.2p1/sshd-session.c:412:17: branch_false: following ‘false’ branch (when ‘pid == 0’)...
openssh-10.2p1/sshd-session.c:428:31: branch_false: ...to here
openssh-10.2p1/sshd-session.c:455:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd-session.c:456:21: branch_true: ...to here
openssh-10.2p1/sshd-session.c:456:21: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:455:21: danger: ‘dup2(*pmonitor.m_log_sendfd, 4)’ leaks here; was opened at [(7)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/6)
#  453|   		    dup2(pmonitor->m_recvfd, PRIVSEP_MONITOR_FD) == -1)
#  454|   			fatal("dup2 monitor fd: %s", strerror(errno));
#  455|-> 		if (pmonitor->m_log_sendfd != PRIVSEP_LOG_FD &&
#  456|   		    dup2(pmonitor->m_log_sendfd, PRIVSEP_LOG_FD) == -1)
#  457|   			fatal("dup2 log fd: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def785]
openssh-10.2p1/sshd-session.c:752:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd-session.c:905:1: enter_function: entry to ‘main’
openssh-10.2p1/sshd-session.c:1062:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1067:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1067:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-session.c:1070:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1075:24: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:1075:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1075:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1077:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd-session.c:1082:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1085:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd-session.c:1106:13: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1109:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1111:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1112:9: call_function: calling ‘recv_rexec_state’ from ‘main’
#  750|   	struct include_item *item;
#  751|   
#  752|-> 	debug3_f("entering fd = %d", fd);
#  753|   
#  754|   	if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def786]
openssh-10.2p1/sshd-session.c:754:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd-session.c:905:1: enter_function: entry to ‘main’
openssh-10.2p1/sshd-session.c:1062:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1067:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1067:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-session.c:1070:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1075:24: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:1075:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1075:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1077:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd-session.c:1082:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1085:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd-session.c:1106:13: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1109:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1111:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1112:9: call_function: calling ‘recv_rexec_state’ from ‘main’
#  752|   	debug3_f("entering fd = %d", fd);
#  753|   
#  754|-> 	if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
#  755|   		fatal_f("sshbuf_new failed");
#  756|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def787]
openssh-10.2p1/sshd-session.c:754:50: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd-session.c:905:1: enter_function: entry to ‘main’
openssh-10.2p1/sshd-session.c:1062:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1067:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1067:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-session.c:1070:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1075:24: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:1075:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1075:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1077:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd-session.c:1082:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1085:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd-session.c:1106:13: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1109:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1111:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1112:9: call_function: calling ‘recv_rexec_state’ from ‘main’
#  752|   	debug3_f("entering fd = %d", fd);
#  753|   
#  754|-> 	if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
#  755|   		fatal_f("sshbuf_new failed");
#  756|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def788]
openssh-10.2p1/sshd-session.c:755:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd-session.c:905:1: enter_function: entry to ‘main’
openssh-10.2p1/sshd-session.c:1062:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1067:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1067:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-session.c:1070:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1075:24: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:1075:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1075:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1077:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd-session.c:1082:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1085:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd-session.c:1106:13: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1109:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1111:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1112:9: call_function: calling ‘recv_rexec_state’ from ‘main’
#  753|   
#  754|   	if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
#  755|-> 		fatal_f("sshbuf_new failed");
#  756|   
#  757|   	/* receive config */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def789]
openssh-10.2p1/sshd-session.c:758:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd-session.c:905:1: enter_function: entry to ‘main’
openssh-10.2p1/sshd-session.c:1062:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1067:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1067:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-session.c:1070:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1075:24: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:1075:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1075:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1077:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd-session.c:1082:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1085:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd-session.c:1106:13: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1109:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1111:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1112:9: call_function: calling ‘recv_rexec_state’ from ‘main’
#  756|   
#  757|   	/* receive config */
#  758|-> 	if (ssh_msg_recv(fd, m) == -1)
#  759|   		fatal_f("ssh_msg_recv failed");
#  760|   	if ((r = sshbuf_get_u8(m, &ver)) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def790]
openssh-10.2p1/sshd-session.c:759:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd-session.c:905:1: enter_function: entry to ‘main’
openssh-10.2p1/sshd-session.c:1062:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1067:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1067:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-session.c:1070:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1075:24: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:1075:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1075:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1077:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd-session.c:1082:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1085:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd-session.c:1106:13: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1109:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1111:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1112:9: call_function: calling ‘recv_rexec_state’ from ‘main’
#  757|   	/* receive config */
#  758|   	if (ssh_msg_recv(fd, m) == -1)
#  759|-> 		fatal_f("ssh_msg_recv failed");
#  760|   	if ((r = sshbuf_get_u8(m, &ver)) != 0)
#  761|   		fatal_fr(r, "parse version");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def791]
openssh-10.2p1/sshd-session.c:760:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd-session.c:905:1: enter_function: entry to ‘main’
openssh-10.2p1/sshd-session.c:1062:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1067:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1067:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-session.c:1070:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1075:24: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:1075:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1075:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1077:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd-session.c:1082:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1085:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd-session.c:1106:13: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1109:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1111:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1112:9: call_function: calling ‘recv_rexec_state’ from ‘main’
#  758|   	if (ssh_msg_recv(fd, m) == -1)
#  759|   		fatal_f("ssh_msg_recv failed");
#  760|-> 	if ((r = sshbuf_get_u8(m, &ver)) != 0)
#  761|   		fatal_fr(r, "parse version");
#  762|   	if (ver != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def792]
openssh-10.2p1/sshd-session.c:761:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd-session.c:905:1: enter_function: entry to ‘main’
openssh-10.2p1/sshd-session.c:1062:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1067:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1067:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-session.c:1070:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1075:24: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:1075:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1075:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1077:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd-session.c:1082:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1085:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd-session.c:1106:13: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1109:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1111:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1112:9: call_function: calling ‘recv_rexec_state’ from ‘main’
#  759|   		fatal_f("ssh_msg_recv failed");
#  760|   	if ((r = sshbuf_get_u8(m, &ver)) != 0)
#  761|-> 		fatal_fr(r, "parse version");
#  762|   	if (ver != 0)
#  763|   		fatal_f("rexec version mismatch");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def793]
openssh-10.2p1/sshd-session.c:1077:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor
openssh-10.2p1/sshd-session.c:1062:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1067:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1067:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-session.c:1070:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1075:24: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:1075:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1075:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1077:16: branch_true: following ‘true’ branch (when ‘devnull <= 4’)...
openssh-10.2p1/sshd-session.c:1078:32: branch_true: ...to here
openssh-10.2p1/sshd-session.c:1078:20: branch_false: following ‘false’ branch (when ‘devnull != -1’)...
openssh-10.2p1/sshd-session.c:1078:20: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1077:16: danger: leaks here; was opened at [(5)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/4)
# 1075|   	if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1)
# 1076|   		fatal("open %s: %s", _PATH_DEVNULL, strerror(errno));
# 1077|-> 	while (devnull < PRIVSEP_MIN_FREE_FD) {
# 1078|   		if ((devnull = dup(devnull)) == -1)
# 1079|   			fatal("dup %s: %s", _PATH_DEVNULL, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def794]
openssh-10.2p1/sshd-session.c:1079:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd-session.c:1062:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1067:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1067:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-session.c:1070:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1075:24: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:1075:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1075:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1077:16: branch_true: following ‘true’ branch (when ‘devnull <= 4’)...
openssh-10.2p1/sshd-session.c:1078:32: branch_true: ...to here
openssh-10.2p1/sshd-session.c:1078:20: branch_true: following ‘true’ branch (when ‘devnull == -1’)...
openssh-10.2p1/sshd-session.c:1079:25: branch_true: ...to here
openssh-10.2p1/sshd-session.c:1079:25: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/sshd-session.c:1079:25: danger: ‘devnull’ leaks here; was opened at [(5)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/4)
# 1077|   	while (devnull < PRIVSEP_MIN_FREE_FD) {
# 1078|   		if ((devnull = dup(devnull)) == -1)
# 1079|-> 			fatal("dup %s: %s", _PATH_DEVNULL, strerror(errno));
# 1080|   	}
# 1081|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def795]
openssh-10.2p1/sshd-session.c:1082:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd-session.c:1062:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1067:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1067:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-session.c:1070:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1075:24: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:1075:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1075:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1077:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd-session.c:1082:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1082:9: throw: if ‘seed_rng’ throws an exception...
openssh-10.2p1/sshd-session.c:1082:9: danger: ‘devnull’ leaks here; was opened at [(5)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/4)
# 1080|   	}
# 1081|   
# 1082|-> 	seed_rng();
# 1083|   
# 1084|   	/* If requested, redirect the logs to the specified logfile. */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def796]
openssh-10.2p1/sshd-session.c:1089:22: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd-session.c:951:16: branch_true: following ‘true’ branch (when ‘opt != -1’)...
openssh-10.2p1/sshd-session.c:953:17: branch_true: ...to here
openssh-10.2p1/sshd-session.c:951:16: branch_false: following ‘false’ branch (when ‘opt == -1’)...
openssh-10.2p1/sshd-session.c:1062:13: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1062:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1067:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1067:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-session.c:1070:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1075:24: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:1075:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1075:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1077:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd-session.c:1082:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1085:12: branch_true: following ‘true’ branch (when ‘logfile’ is non-NULL)...
openssh-10.2p1/sshd-session.c:1088:70: branch_true: ...to here
openssh-10.2p1/sshd-session.c:1089:22: throw: if ‘percent_expand’ throws an exception...
openssh-10.2p1/sshd-session.c:1089:22: danger: ‘devnull’ leaks here; was opened at [(9)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/8)
# 1087|   
# 1088|   		snprintf(pid_s, sizeof(pid_s), "%ld", (unsigned long)getpid());
# 1089|-> 		cp = percent_expand(logfile,
# 1090|   		    "p", pid_s,
# 1091|   		    "P", "sshd-session",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def797]
openssh-10.2p1/sshd-session.c:1093:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd-session.c:951:16: branch_true: following ‘true’ branch (when ‘opt != -1’)...
openssh-10.2p1/sshd-session.c:953:17: branch_true: ...to here
openssh-10.2p1/sshd-session.c:951:16: branch_false: following ‘false’ branch (when ‘opt == -1’)...
openssh-10.2p1/sshd-session.c:1062:13: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1062:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1067:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1067:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-session.c:1070:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1075:24: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:1075:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1075:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1077:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd-session.c:1082:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1085:12: branch_true: following ‘true’ branch (when ‘logfile’ is non-NULL)...
openssh-10.2p1/sshd-session.c:1088:70: branch_true: ...to here
openssh-10.2p1/sshd-session.c:1093:17: throw: if ‘log_redirect_stderr_to’ throws an exception...
openssh-10.2p1/sshd-session.c:1093:17: danger: ‘devnull’ leaks here; was opened at [(9)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/8)
# 1091|   		    "P", "sshd-session",
# 1092|   		    (char *)NULL);
# 1093|-> 		log_redirect_stderr_to(cp);
# 1094|   		free(cp);
# 1095|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def798]
openssh-10.2p1/sshd-session.c:1101:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd-session.c:1062:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1067:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1067:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-session.c:1070:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1075:24: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:1075:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1075:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1077:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd-session.c:1082:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1085:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd-session.c:1106:13: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1101:9: throw: if ‘log_init’ throws an exception...
openssh-10.2p1/sshd-session.c:1101:9: danger: ‘devnull’ leaks here; was opened at [(5)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/4)
# 1099|   	 * key (unless started from inetd)
# 1100|   	 */
# 1101|-> 	log_init(__progname,
# 1102|   	    options.log_level == SYSLOG_LEVEL_NOT_SET ?
# 1103|   	    SYSLOG_LEVEL_INFO : options.log_level,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def799]
openssh-10.2p1/sshd-session.c:1109:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd-session.c:1062:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1067:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1067:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-session.c:1070:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1075:24: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:1075:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1075:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1077:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd-session.c:1082:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1085:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd-session.c:1106:13: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1109:20: throw: if ‘sshbuf_new’ throws an exception...
openssh-10.2p1/sshd-session.c:1109:20: danger: ‘devnull’ leaks here; was opened at [(5)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/4)
# 1107|   
# 1108|   	/* Fetch our configuration */
# 1109|-> 	if ((cfg = sshbuf_new()) == NULL)
# 1110|   		fatal("sshbuf_new config buf failed");
# 1111|   	setproctitle("%s", "[rexeced]");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def800]
openssh-10.2p1/sshd-session.c:1110:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd-session.c:1062:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1067:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1067:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-session.c:1070:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1075:24: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:1075:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1075:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1077:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd-session.c:1082:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1085:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd-session.c:1106:13: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1109:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd-session.c:1110:17: branch_true: ...to here
openssh-10.2p1/sshd-session.c:1110:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/sshd-session.c:1110:17: danger: ‘devnull’ leaks here; was opened at [(5)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/4)
# 1108|   	/* Fetch our configuration */
# 1109|   	if ((cfg = sshbuf_new()) == NULL)
# 1110|-> 		fatal("sshbuf_new config buf failed");
# 1111|   	setproctitle("%s", "[rexeced]");
# 1112|   	recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg, &timing_secret);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def801]
openssh-10.2p1/sshd-session.c:1111:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd-session.c:1062:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1067:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1067:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.2p1/sshd-session.c:1070:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1075:24: acquire_resource: opened here
openssh-10.2p1/sshd-session.c:1075:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1075:12: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1077:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd-session.c:1082:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1085:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd-session.c:1106:13: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1109:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd-session.c:1111:9: branch_false: ...to here
openssh-10.2p1/sshd-session.c:1111:9: throw: if ‘setproctitle’ throws an exception...
openssh-10.2p1/sshd-session.c:1111:9: danger: ‘devnull’ leaks here; was opened at [(5)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/4)
# 1109|   	if ((cfg = sshbuf_new()) == NULL)
# 1110|   		fatal("sshbuf_new config buf failed");
# 1111|-> 	setproctitle("%s", "[rexeced]");
# 1112|   	recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg, &timing_secret);
# 1113|   	parse_server_config(&options, "rexec", cfg, &includes, NULL, 1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def802]
openssh-10.2p1/sshd.c:846:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘listen_sock’
openssh-10.2p1/sshd.c:825:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.2p1/sshd.c:826:21: branch_true: ...to here
openssh-10.2p1/sshd.c:828:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:831:28: branch_false: ...to here
openssh-10.2p1/sshd.c:831:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:839:31: branch_false: ...to here
openssh-10.2p1/sshd.c:839:31: acquire_resource: socket created here
openssh-10.2p1/sshd.c:841:20: branch_false: following ‘false’ branch (when ‘listen_sock != -1’)...
openssh-10.2p1/sshd.c:846:21: branch_false: ...to here
openssh-10.2p1/sshd.c:846:21: throw: if ‘set_nonblock’ throws an exception...
openssh-10.2p1/sshd.c:846:21: danger: ‘listen_sock’ leaks here
#  844|   			continue;
#  845|   		}
#  846|-> 		if (set_nonblock(listen_sock) == -1) {
#  847|   			close(listen_sock);
#  848|   			continue;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def803]
openssh-10.2p1/sshd.c:1257:35: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1308:1: enter_function: entry to ‘main’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1608:21: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1697:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1697:9: call_function: calling ‘accumulate_host_timing_secret’ from ‘main’
# 1255|   	int r;
# 1256|   
# 1257|-> 	if (ctx == NULL && (ctx = ssh_digest_start(SSH_DIGEST_SHA512)) == NULL)
# 1258|   		fatal_f("ssh_digest_start");
# 1259|   	if (key == NULL) { /* finalize */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def804]
openssh-10.2p1/sshd.c:1258:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1308:1: enter_function: entry to ‘main’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1697:9: call_function: calling ‘accumulate_host_timing_secret’ from ‘main’
# 1256|   
# 1257|   	if (ctx == NULL && (ctx = ssh_digest_start(SSH_DIGEST_SHA512)) == NULL)
# 1258|-> 		fatal_f("ssh_digest_start");
# 1259|   	if (key == NULL) { /* finalize */
# 1260|   		/* add server config in case we are using agent for host keys */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def805]
openssh-10.2p1/sshd.c:1261:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1308:1: enter_function: entry to ‘main’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1697:9: call_function: calling ‘accumulate_host_timing_secret’ from ‘main’
# 1259|   	if (key == NULL) { /* finalize */
# 1260|   		/* add server config in case we are using agent for host keys */
# 1261|-> 		if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg),
# 1262|   		    sshbuf_len(server_cfg)) != 0)
# 1263|   			fatal_f("ssh_digest_update");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def806]
openssh-10.2p1/sshd.c:1261:44: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1308:1: enter_function: entry to ‘main’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1697:9: call_function: calling ‘accumulate_host_timing_secret’ from ‘main’
# 1259|   	if (key == NULL) { /* finalize */
# 1260|   		/* add server config in case we are using agent for host keys */
# 1261|-> 		if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg),
# 1262|   		    sshbuf_len(server_cfg)) != 0)
# 1263|   			fatal_f("ssh_digest_update");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def807]
openssh-10.2p1/sshd.c:1263:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1308:1: enter_function: entry to ‘main’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1697:9: call_function: calling ‘accumulate_host_timing_secret’ from ‘main’
# 1261|   		if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg),
# 1262|   		    sshbuf_len(server_cfg)) != 0)
# 1263|-> 			fatal_f("ssh_digest_update");
# 1264|   		len = ssh_digest_bytes(SSH_DIGEST_SHA512);
# 1265|   		hash = xmalloc(len);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def808]
openssh-10.2p1/sshd.c:1264:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1308:1: enter_function: entry to ‘main’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1697:9: call_function: calling ‘accumulate_host_timing_secret’ from ‘main’
# 1262|   		    sshbuf_len(server_cfg)) != 0)
# 1263|   			fatal_f("ssh_digest_update");
# 1264|-> 		len = ssh_digest_bytes(SSH_DIGEST_SHA512);
# 1265|   		hash = xmalloc(len);
# 1266|   		if (ssh_digest_final(ctx, hash, len) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def809]
openssh-10.2p1/sshd.c:1265:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1308:1: enter_function: entry to ‘main’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1697:9: call_function: calling ‘accumulate_host_timing_secret’ from ‘main’
# 1263|   			fatal_f("ssh_digest_update");
# 1264|   		len = ssh_digest_bytes(SSH_DIGEST_SHA512);
# 1265|-> 		hash = xmalloc(len);
# 1266|   		if (ssh_digest_final(ctx, hash, len) != 0)
# 1267|   			fatal_f("ssh_digest_final");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def810]
openssh-10.2p1/sshd.c:1483:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_true: following ‘true’ branch (when ‘devnull <= 4’)...
openssh-10.2p1/sshd.c:1484:32: branch_true: ...to here
openssh-10.2p1/sshd.c:1484:20: branch_false: following ‘false’ branch (when ‘devnull != -1’)...
openssh-10.2p1/sshd.c:1484:20: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: danger: leaks here; was opened at [(3)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/2)
# 1481|   	if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1)
# 1482|   		fatal("open %s: %s", _PATH_DEVNULL, strerror(errno));
# 1483|-> 	while (devnull < REEXEC_MIN_FREE_FD) {
# 1484|   		if ((devnull = dup(devnull)) == -1)
# 1485|   			fatal("dup %s: %s", _PATH_DEVNULL, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def811]
openssh-10.2p1/sshd.c:1485:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_true: following ‘true’ branch (when ‘devnull <= 4’)...
openssh-10.2p1/sshd.c:1484:32: branch_true: ...to here
openssh-10.2p1/sshd.c:1484:20: branch_true: following ‘true’ branch (when ‘devnull == -1’)...
openssh-10.2p1/sshd.c:1485:25: branch_true: ...to here
openssh-10.2p1/sshd.c:1485:25: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/sshd.c:1485:25: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2)
# 1483|   	while (devnull < REEXEC_MIN_FREE_FD) {
# 1484|   		if ((devnull = dup(devnull)) == -1)
# 1485|-> 			fatal("dup %s: %s", _PATH_DEVNULL, strerror(errno));
# 1486|   	}
# 1487|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def812]
openssh-10.2p1/sshd.c:1488:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1488:9: throw: if ‘seed_rng’ throws an exception...
openssh-10.2p1/sshd.c:1488:9: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2)
# 1486|   	}
# 1487|   
# 1488|-> 	seed_rng();
# 1489|   
# 1490|   	/* If requested, redirect the logs to the specified logfile. */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def813]
openssh-10.2p1/sshd.c:1495:22: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1362:16: branch_true: following ‘true’ branch (when ‘opt != -1’)...
openssh-10.2p1/sshd.c:1364:17: branch_true: ...to here
openssh-10.2p1/sshd.c:1362:16: branch_false: following ‘false’ branch (when ‘opt == -1’)...
openssh-10.2p1/sshd.c:1475:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1475:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1475:59: branch_true: ...to here
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_true: following ‘true’ branch (when ‘logfile’ is non-NULL)...
openssh-10.2p1/sshd.c:1494:70: branch_true: ...to here
openssh-10.2p1/sshd.c:1495:22: throw: if ‘percent_expand’ throws an exception...
openssh-10.2p1/sshd.c:1495:22: danger: ‘devnull’ leaks here; was opened at [(9)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/8)
# 1493|   
# 1494|   		snprintf(pid_s, sizeof(pid_s), "%ld", (unsigned long)getpid());
# 1495|-> 		cp = percent_expand(logfile,
# 1496|   		    "p", pid_s,
# 1497|   		    "P", "sshd",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def814]
openssh-10.2p1/sshd.c:1499:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1362:16: branch_true: following ‘true’ branch (when ‘opt != -1’)...
openssh-10.2p1/sshd.c:1364:17: branch_true: ...to here
openssh-10.2p1/sshd.c:1362:16: branch_false: following ‘false’ branch (when ‘opt == -1’)...
openssh-10.2p1/sshd.c:1475:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1475:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1475:59: branch_true: ...to here
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_true: following ‘true’ branch (when ‘logfile’ is non-NULL)...
openssh-10.2p1/sshd.c:1494:70: branch_true: ...to here
openssh-10.2p1/sshd.c:1499:17: throw: if ‘log_redirect_stderr_to’ throws an exception...
openssh-10.2p1/sshd.c:1499:17: danger: ‘devnull’ leaks here; was opened at [(9)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/8)
# 1497|   		    "P", "sshd",
# 1498|   		    (char *)NULL);
# 1499|-> 		log_redirect_stderr_to(cp);
# 1500|   		free(cp);
# 1501|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def815]
openssh-10.2p1/sshd.c:1507:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1507:9: throw: if ‘log_init’ throws an exception...
openssh-10.2p1/sshd.c:1507:9: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/2)
# 1505|   	 * key (unless started from inetd)
# 1506|   	 */
# 1507|-> 	log_init(__progname,
# 1508|   	    options.log_level == SYSLOG_LEVEL_NOT_SET ?
# 1509|   	    SYSLOG_LEVEL_INFO : options.log_level,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def816]
openssh-10.2p1/sshd.c:1531:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1531:9: throw: if ‘OpenSSL_version’ throws an exception...
openssh-10.2p1/sshd.c:1531:9: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/2)
# 1529|   		    "test mode (-T)");
# 1530|   
# 1531|-> 	debug("sshd version %s, %s", SSH_VERSION, SSH_OPENSSL_VERSION);
# 1532|   	if (uname(&utsname) != 0) {
# 1533|   		memset(&utsname, 0, sizeof(utsname));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def817]
openssh-10.2p1/sshd.c:1536:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1536:9: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/sshd.c:1536:9: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/2)
# 1534|   		strlcpy(utsname.sysname, "UNKNOWN", sizeof(utsname.sysname));
# 1535|   	}
# 1536|-> 	debug3("Running on %s %s %s %s", utsname.sysname, utsname.release,
# 1537|   	    utsname.version, utsname.machine);
# 1538|   	debug3("Started with: %s", args);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def818]
openssh-10.2p1/sshd.c:1538:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1538:9: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/sshd.c:1538:9: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/2)
# 1536|   	debug3("Running on %s %s %s %s", utsname.sysname, utsname.release,
# 1537|   	    utsname.version, utsname.machine);
# 1538|-> 	debug3("Started with: %s", args);
# 1539|   	free(args);
# 1540|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def819]
openssh-10.2p1/sshd.c:1542:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:20: throw: if ‘sshbuf_new’ throws an exception...
openssh-10.2p1/sshd.c:1542:20: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/2)
# 1540|   
# 1541|   	/* Fetch our configuration */
# 1542|-> 	if ((cfg = sshbuf_new()) == NULL)
# 1543|   		fatal("sshbuf_new config failed");
# 1544|   	if (strcasecmp(config_file_name, "none") != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def820]
openssh-10.2p1/sshd.c:1543:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1543:17: branch_true: ...to here
openssh-10.2p1/sshd.c:1543:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/sshd.c:1543:17: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/2)
# 1541|   	/* Fetch our configuration */
# 1542|   	if ((cfg = sshbuf_new()) == NULL)
# 1543|-> 		fatal("sshbuf_new config failed");
# 1544|   	if (strcasecmp(config_file_name, "none") != 0)
# 1545|   		load_server_config(config_file_name, cfg);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def821]
openssh-10.2p1/sshd.c:1545:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1544:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1545:17: branch_true: ...to here
openssh-10.2p1/sshd.c:1545:17: throw: if ‘load_server_config’ throws an exception...
openssh-10.2p1/sshd.c:1545:17: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/2)
# 1543|   		fatal("sshbuf_new config failed");
# 1544|   	if (strcasecmp(config_file_name, "none") != 0)
# 1545|-> 		load_server_config(config_file_name, cfg);
# 1546|   
# 1547|   	parse_server_config(&options, config_file_name, cfg,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def822]
openssh-10.2p1/sshd.c:1547:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1547:9: throw: if ‘parse_server_config’ throws an exception...
openssh-10.2p1/sshd.c:1547:9: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/2)
# 1545|   		load_server_config(config_file_name, cfg);
# 1546|   
# 1547|-> 	parse_server_config(&options, config_file_name, cfg,
# 1548|   	    &includes, NULL, 0);
# 1549|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def823]
openssh-10.2p1/sshd.c:1551:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1551:9: throw: if ‘fill_default_server_options’ throws an exception...
openssh-10.2p1/sshd.c:1551:9: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/2)
# 1549|   
# 1550|   	/* Fill in default values for those options not explicitly set. */
# 1551|-> 	fill_default_server_options(&options);
# 1552|   
# 1553|   	/* Check that options are sensible */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def824]
openssh-10.2p1/sshd.c:1557:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1554:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1555:14: branch_true: ...to here
openssh-10.2p1/sshd.c:1554:13: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1556:13: branch_true: ...to here
openssh-10.2p1/sshd.c:1555:13: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1557:17: branch_true: ...to here
openssh-10.2p1/sshd.c:1557:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/sshd.c:1557:17: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/2)
# 1555|   	    (options.authorized_keys_command != NULL &&
# 1556|   	    strcasecmp(options.authorized_keys_command, "none") != 0))
# 1557|-> 		fatal("AuthorizedKeysCommand set without "
# 1558|   		    "AuthorizedKeysCommandUser");
# 1559|   	if (options.authorized_principals_command_user == NULL &&

Error: GCC_ANALYZER_WARNING (CWE-775): [#def825]
openssh-10.2p1/sshd.c:1562:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1559:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1560:14: branch_true: ...to here
openssh-10.2p1/sshd.c:1559:13: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1561:13: branch_true: ...to here
openssh-10.2p1/sshd.c:1560:13: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1562:17: branch_true: ...to here
openssh-10.2p1/sshd.c:1562:17: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/sshd.c:1562:17: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/2)
# 1560|   	    (options.authorized_principals_command != NULL &&
# 1561|   	    strcasecmp(options.authorized_principals_command, "none") != 0))
# 1562|-> 		fatal("AuthorizedPrincipalsCommand set without "
# 1563|   		    "AuthorizedPrincipalsCommandUser");
# 1564|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def826]
openssh-10.2p1/sshd.c:1573:29: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1571:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1571:12: branch_true: ...to here
openssh-10.2p1/sshd.c:1572:29: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1573:49: branch_true: ...to here
openssh-10.2p1/sshd.c:1573:29: throw: if ‘auth2_methods_valid’ throws an exception...
openssh-10.2p1/sshd.c:1573:29: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/2)
# 1571|   	if (options.num_auth_methods != 0) {
# 1572|   		for (i = 0; i < options.num_auth_methods; i++) {
# 1573|-> 			if (auth2_methods_valid(options.auth_methods[i],
# 1574|   			    1) == 0)
# 1575|   				break;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def827]
openssh-10.2p1/sshd.c:1578:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1571:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1571:12: branch_true: ...to here
openssh-10.2p1/sshd.c:1577:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1578:25: branch_true: ...to here
openssh-10.2p1/sshd.c:1578:25: throw: if ‘sshfatal’ throws an exception...
openssh-10.2p1/sshd.c:1578:25: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/2)
# 1576|   		}
# 1577|   		if (i >= options.num_auth_methods)
# 1578|-> 			fatal("AuthenticationMethods cannot be satisfied by "
# 1579|   			    "enabled authentication methods");
# 1580|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def828]
openssh-10.2p1/sshd.c:1592:36: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1592:36: throw: if ‘xcalloc’ throws an exception...
openssh-10.2p1/sshd.c:1592:36: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/2)
# 1590|   
# 1591|   	/* load host keys */
# 1592|-> 	sensitive_data.host_keys = xcalloc(options.num_host_key_files,
# 1593|   	    sizeof(struct sshkey *));
# 1594|   	sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def829]
openssh-10.2p1/sshd.c:1594:39: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1594:39: throw: if ‘xcalloc’ throws an exception...
openssh-10.2p1/sshd.c:1594:39: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/2)
# 1592|   	sensitive_data.host_keys = xcalloc(options.num_host_key_files,
# 1593|   	    sizeof(struct sshkey *));
# 1594|-> 	sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files,
# 1595|   	    sizeof(struct sshkey *));
# 1596|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def830]
openssh-10.2p1/sshd.c:1601:26: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1598:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1598:20: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.2p1/sshd.c:1601:26: branch_false: ...to here
openssh-10.2p1/sshd.c:1601:26: throw: if ‘ssh_get_authentication_socket’ throws an exception...
openssh-10.2p1/sshd.c:1601:26: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/2)
# 1599|   			setenv(SSH_AUTHSOCKET_ENV_NAME,
# 1600|   			    options.host_key_agent, 1);
# 1601|-> 		if ((r = ssh_get_authentication_socket(NULL)) == 0)
# 1602|   			have_agent = 1;
# 1603|   		else

Error: GCC_ANALYZER_WARNING (CWE-775): [#def831]
openssh-10.2p1/sshd.c:1604:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1598:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1601:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1604:25: branch_false: ...to here
openssh-10.2p1/sshd.c:1604:25: throw: if ‘ssh_err’ throws an exception...
openssh-10.2p1/sshd.c:1604:25: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/2)
# 1602|   			have_agent = 1;
# 1603|   		else
# 1604|-> 			error_r(r, "Could not connect to agent \"%s\"",
# 1605|   			    options.host_key_agent);
# 1606|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def832]
openssh-10.2p1/sshd.c:1614:26: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1608:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1609:26: branch_true: ...to here
openssh-10.2p1/sshd.c:1609:26: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1612:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1612:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1614:26: branch_false: ...to here
openssh-10.2p1/sshd.c:1614:26: throw: if ‘sshkey_load_private’ throws an exception...
openssh-10.2p1/sshd.c:1614:26: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/33/codeFlows/0/threadFlows/0/locations/2)
# 1612|   		if (options.host_key_files[i] == NULL)
# 1613|   			continue;
# 1614|-> 		if ((r = sshkey_load_private(options.host_key_files[i], "",
# 1615|   		    &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
# 1616|   			do_log2_r(r, ll, "Unable to load host key \"%s\"",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def833]
openssh-10.2p1/sshd.c:1616:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1608:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1609:26: branch_true: ...to here
openssh-10.2p1/sshd.c:1609:26: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1612:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1614:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1614:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1614:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1616:25: branch_true: ...to here
openssh-10.2p1/sshd.c:1616:25: throw: if ‘ssh_err’ throws an exception...
openssh-10.2p1/sshd.c:1616:25: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/34/codeFlows/0/threadFlows/0/locations/2)
# 1614|   		if ((r = sshkey_load_private(options.host_key_files[i], "",
# 1615|   		    &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
# 1616|-> 			do_log2_r(r, ll, "Unable to load host key \"%s\"",
# 1617|   			    options.host_key_files[i]);
# 1618|   		if (FIPS_mode() && key != NULL && (sshkey_type_plain(key->type) == KEY_ED25519_SK

Error: GCC_ANALYZER_WARNING (CWE-775): [#def834]
openssh-10.2p1/sshd.c:1618:52: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1608:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1609:26: branch_true: ...to here
openssh-10.2p1/sshd.c:1609:26: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1612:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1618:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1618:52: throw: if ‘sshkey_type_plain’ throws an exception...
openssh-10.2p1/sshd.c:1618:52: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/36/codeFlows/0/threadFlows/0/locations/2)
# 1616|   			do_log2_r(r, ll, "Unable to load host key \"%s\"",
# 1617|   			    options.host_key_files[i]);
# 1618|-> 		if (FIPS_mode() && key != NULL && (sshkey_type_plain(key->type) == KEY_ED25519_SK
# 1619|   				||  sshkey_type_plain(key->type) == KEY_ED25519)) {
# 1620|   		    logit_f("sshd: Ed25519 keys are not allowed in FIPS mode, skipping %s", options.host_key_files[i]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def835]
openssh-10.2p1/sshd.c:1619:37: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1608:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1609:26: branch_true: ...to here
openssh-10.2p1/sshd.c:1609:26: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1612:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1618:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1618:21: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1619:58: branch_false: ...to here
openssh-10.2p1/sshd.c:1619:37: throw: if ‘sshkey_type_plain’ throws an exception...
openssh-10.2p1/sshd.c:1619:37: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/37/codeFlows/0/threadFlows/0/locations/2)
# 1617|   			    options.host_key_files[i]);
# 1618|   		if (FIPS_mode() && key != NULL && (sshkey_type_plain(key->type) == KEY_ED25519_SK
# 1619|-> 				||  sshkey_type_plain(key->type) == KEY_ED25519)) {
# 1620|   		    logit_f("sshd: Ed25519 keys are not allowed in FIPS mode, skipping %s", options.host_key_files[i]);
# 1621|   		    sshkey_free(key);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def836]
openssh-10.2p1/sshd.c:1620:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1608:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1609:26: branch_true: ...to here
openssh-10.2p1/sshd.c:1609:26: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1612:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1618:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1620:21: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/sshd.c:1620:21: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/38/codeFlows/0/threadFlows/0/locations/2)
# 1618|   		if (FIPS_mode() && key != NULL && (sshkey_type_plain(key->type) == KEY_ED25519_SK
# 1619|   				||  sshkey_type_plain(key->type) == KEY_ED25519)) {
# 1620|-> 		    logit_f("sshd: Ed25519 keys are not allowed in FIPS mode, skipping %s", options.host_key_files[i]);
# 1621|   		    sshkey_free(key);
# 1622|   		    key = NULL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def837]
openssh-10.2p1/sshd.c:1621:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1608:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1609:26: branch_true: ...to here
openssh-10.2p1/sshd.c:1609:26: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1612:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1618:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1621:21: throw: if ‘sshkey_free’ throws an exception...
openssh-10.2p1/sshd.c:1621:21: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/39/codeFlows/0/threadFlows/0/locations/2)
# 1619|   				||  sshkey_type_plain(key->type) == KEY_ED25519)) {
# 1620|   		    logit_f("sshd: Ed25519 keys are not allowed in FIPS mode, skipping %s", options.host_key_files[i]);
# 1621|-> 		    sshkey_free(key);
# 1622|   		    key = NULL;
# 1623|   		    continue;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def838]
openssh-10.2p1/sshd.c:1625:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1608:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1609:26: branch_true: ...to here
openssh-10.2p1/sshd.c:1609:26: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1612:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1625:21: throw: if ‘sshkey_is_sk’ throws an exception...
openssh-10.2p1/sshd.c:1625:21: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/40/codeFlows/0/threadFlows/0/locations/2)
# 1623|   		    continue;
# 1624|   		}
# 1625|-> 		if (sshkey_is_sk(key) &&
# 1626|   		    key->sk_flags & SSH_SK_USER_PRESENCE_REQD) {
# 1627|   			debug("host key %s requires user presence, ignoring",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def839]
openssh-10.2p1/sshd.c:1627:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1608:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1609:26: branch_true: ...to here
openssh-10.2p1/sshd.c:1609:26: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1612:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1625:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1626:24: branch_true: ...to here
openssh-10.2p1/sshd.c:1625:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1627:25: branch_true: ...to here
openssh-10.2p1/sshd.c:1627:25: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/sshd.c:1627:25: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/41/codeFlows/0/threadFlows/0/locations/2)
# 1625|   		if (sshkey_is_sk(key) &&
# 1626|   		    key->sk_flags & SSH_SK_USER_PRESENCE_REQD) {
# 1627|-> 			debug("host key %s requires user presence, ignoring",
# 1628|   			    options.host_key_files[i]);
# 1629|   			key->sk_flags &= ~SSH_SK_USER_PRESENCE_REQD;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def840]
openssh-10.2p1/sshd.c:1632:26: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1608:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1609:26: branch_true: ...to here
openssh-10.2p1/sshd.c:1609:26: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1612:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1631:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1632:26: throw: if ‘sshkey_shield_private’ throws an exception...
openssh-10.2p1/sshd.c:1632:26: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/42/codeFlows/0/threadFlows/0/locations/2)
# 1630|   		}
# 1631|   		if (r == 0 && key != NULL &&
# 1632|-> 		    (r = sshkey_shield_private(key)) != 0) {
# 1633|   			do_log2_r(r, ll, "Unable to shield host key \"%s\"",
# 1634|   			    options.host_key_files[i]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def841]
openssh-10.2p1/sshd.c:1633:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1608:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1609:26: branch_true: ...to here
openssh-10.2p1/sshd.c:1609:26: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1612:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1631:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1633:25: throw: if ‘ssh_err’ throws an exception...
openssh-10.2p1/sshd.c:1633:25: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/43/codeFlows/0/threadFlows/0/locations/2)
# 1631|   		if (r == 0 && key != NULL &&
# 1632|   		    (r = sshkey_shield_private(key)) != 0) {
# 1633|-> 			do_log2_r(r, ll, "Unable to shield host key \"%s\"",
# 1634|   			    options.host_key_files[i]);
# 1635|   			sshkey_free(key);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def842]
openssh-10.2p1/sshd.c:1635:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1608:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1609:26: branch_true: ...to here
openssh-10.2p1/sshd.c:1609:26: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1612:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1631:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1635:25: throw: if ‘sshkey_free’ throws an exception...
openssh-10.2p1/sshd.c:1635:25: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/45/codeFlows/0/threadFlows/0/locations/2)
# 1633|   			do_log2_r(r, ll, "Unable to shield host key \"%s\"",
# 1634|   			    options.host_key_files[i]);
# 1635|-> 			sshkey_free(key);
# 1636|   			key = NULL;
# 1637|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def843]
openssh-10.2p1/sshd.c:1638:26: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1608:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1609:26: branch_true: ...to here
openssh-10.2p1/sshd.c:1609:26: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1612:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1638:26: throw: if ‘sshkey_load_public’ throws an exception...
openssh-10.2p1/sshd.c:1638:26: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/46/codeFlows/0/threadFlows/0/locations/2)
# 1636|   			key = NULL;
# 1637|   		}
# 1638|-> 		if ((r = sshkey_load_public(options.host_key_files[i],
# 1639|   		    &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
# 1640|   			do_log2_r(r, ll, "Unable to load host key \"%s\"",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def844]
openssh-10.2p1/sshd.c:1640:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1608:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1609:26: branch_true: ...to here
openssh-10.2p1/sshd.c:1609:26: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1612:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1638:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1638:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1638:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1640:25: branch_true: ...to here
openssh-10.2p1/sshd.c:1640:25: throw: if ‘ssh_err’ throws an exception...
openssh-10.2p1/sshd.c:1640:25: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/47/codeFlows/0/threadFlows/0/locations/2)
# 1638|   		if ((r = sshkey_load_public(options.host_key_files[i],
# 1639|   		    &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
# 1640|-> 			do_log2_r(r, ll, "Unable to load host key \"%s\"",
# 1641|   			    options.host_key_files[i]);
# 1642|   		if (pubkey != NULL && key != NULL) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def845]
openssh-10.2p1/sshd.c:1643:30: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1608:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1609:26: branch_true: ...to here
openssh-10.2p1/sshd.c:1609:26: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1612:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1642:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1643:30: throw: if ‘sshkey_equal’ throws an exception...
openssh-10.2p1/sshd.c:1643:30: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/49/codeFlows/0/threadFlows/0/locations/2)
# 1641|   			    options.host_key_files[i]);
# 1642|   		if (pubkey != NULL && key != NULL) {
# 1643|-> 			if (!sshkey_equal(pubkey, key)) {
# 1644|   				error("Public key for %s does not match "
# 1645|   				    "private key", options.host_key_files[i]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def846]
openssh-10.2p1/sshd.c:1644:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1608:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1609:26: branch_true: ...to here
openssh-10.2p1/sshd.c:1609:26: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1612:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1642:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1643:28: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1644:33: branch_true: ...to here
openssh-10.2p1/sshd.c:1644:33: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/sshd.c:1644:33: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/50/codeFlows/0/threadFlows/0/locations/2)
# 1642|   		if (pubkey != NULL && key != NULL) {
# 1643|   			if (!sshkey_equal(pubkey, key)) {
# 1644|-> 				error("Public key for %s does not match "
# 1645|   				    "private key", options.host_key_files[i]);
# 1646|   				sshkey_free(pubkey);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def847]
openssh-10.2p1/sshd.c:1646:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1608:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1609:26: branch_true: ...to here
openssh-10.2p1/sshd.c:1609:26: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1612:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1642:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1643:28: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1644:33: branch_true: ...to here
openssh-10.2p1/sshd.c:1646:33: throw: if ‘sshkey_free’ throws an exception...
openssh-10.2p1/sshd.c:1646:33: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/51/codeFlows/0/threadFlows/0/locations/2)
# 1644|   				error("Public key for %s does not match "
# 1645|   				    "private key", options.host_key_files[i]);
# 1646|-> 				sshkey_free(pubkey);
# 1647|   				pubkey = NULL;
# 1648|   			}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def848]
openssh-10.2p1/sshd.c:1651:34: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1608:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1609:26: branch_true: ...to here
openssh-10.2p1/sshd.c:1609:26: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1612:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1650:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1651:34: throw: if ‘sshkey_from_private’ throws an exception...
openssh-10.2p1/sshd.c:1651:34: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/52/codeFlows/0/threadFlows/0/locations/2)
# 1649|   		}
# 1650|   		if (pubkey == NULL && key != NULL) {
# 1651|-> 			if ((r = sshkey_from_private(key, &pubkey)) != 0)
# 1652|   				fatal_r(r, "Could not demote key: \"%s\"",
# 1653|   				    options.host_key_files[i]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def849]
openssh-10.2p1/sshd.c:1652:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.2p1/sshd.c:1475:13: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1478:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1481:24: acquire_resource: opened here
openssh-10.2p1/sshd.c:1481:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1481:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1483:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.2p1/sshd.c:1488:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1491:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.2p1/sshd.c:1491:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1527:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1531:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1542:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1544:13: branch_false: ...to here
openssh-10.2p1/sshd.c:1583:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1588:12: branch_false: ...to here
openssh-10.2p1/sshd.c:1588:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.2p1/sshd.c:1592:44: branch_false: ...to here
openssh-10.2p1/sshd.c:1597:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshd.c:1608:9: branch_false: ...to here
openssh-10.2p1/sshd.c:1608:21: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1609:26: branch_true: ...to here
openssh-10.2p1/sshd.c:1609:26: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1612:21: branch_true: ...to here
openssh-10.2p1/sshd.c:1650:20: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1651:28: branch_true: following ‘true’ branch...
openssh-10.2p1/sshd.c:1652:33: branch_true: ...to here
openssh-10.2p1/sshd.c:1652:33: throw: if ‘ssh_err’ throws an exception...
openssh-10.2p1/sshd.c:1652:33: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/53/codeFlows/0/threadFlows/0/locations/2)
# 1650|   		if (pubkey == NULL && key != NULL) {
# 1651|   			if ((r = sshkey_from_private(key, &pubkey)) != 0)
# 1652|-> 				fatal_r(r, "Could not demote key: \"%s\"",
# 1653|   				    options.host_key_files[i]);
# 1654|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def850]
openssh-10.2p1/sshpty.c:117:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 258)’
openssh-10.2p1/sshpty.c:115:14: acquire_resource: opened here
openssh-10.2p1/sshpty.c:116:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshpty.c:117:17: branch_true: ...to here
openssh-10.2p1/sshpty.c:117:17: throw: if ‘sshlog’ throws an exception...
openssh-10.2p1/sshpty.c:117:17: danger: ‘open("/dev/tty", 258)’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  115|   	fd = open(_PATH_TTY, O_RDWR | O_NOCTTY);
#  116|   	if (fd >= 0) {
#  117|-> 		error("Failed to disconnect from controlling tty.");
#  118|   		close(fd);
#  119|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def851]
openssh-10.2p1/sshpty.c:118:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 258)’
openssh-10.2p1/sshpty.c:115:14: acquire_resource: opened here
openssh-10.2p1/sshpty.c:116:12: branch_true: following ‘true’ branch...
openssh-10.2p1/sshpty.c:117:17: branch_true: ...to here
openssh-10.2p1/sshpty.c:118:17: danger: ‘open("/dev/tty", 258)’ leaks here; was opened at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  116|   	if (fd >= 0) {
#  117|   		error("Failed to disconnect from controlling tty.");
#  118|-> 		close(fd);
#  119|   	}
#  120|   	/* Make it our controlling tty. */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def852]
openssh-10.2p1/sshpty.c:134:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(tty, 2)’
openssh-10.2p1/sshpty.c:130:14: acquire_resource: opened here
openssh-10.2p1/sshpty.c:131:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshpty.c:134:17: branch_false: ...to here
openssh-10.2p1/sshpty.c:134:17: danger: ‘open(tty, 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  132|   		error("%.100s: %.100s", tty, strerror(errno));
#  133|   	else
#  134|-> 		close(fd);
#  135|   
#  136|   	/* Verify that we now have a controlling tty. */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def853]
openssh-10.2p1/sshpty.c:142:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 1)’
openssh-10.2p1/sshpty.c:137:14: acquire_resource: opened here
openssh-10.2p1/sshpty.c:138:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshpty.c:142:17: branch_false: ...to here
openssh-10.2p1/sshpty.c:142:17: danger: ‘open("/dev/tty", 1)’ leaks here; was opened at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  140|   		    strerror(errno));
#  141|   	else
#  142|-> 		close(fd);
#  143|   }
#  144|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def854]
openssh-10.2p1/sshsig.c:655:26: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.2p1/sshsig.c:895:1: enter_function: entry to ‘check_allowed_keys_line’
openssh-10.2p1/sshsig.c:906:12: branch_false: following ‘false’ branch (when ‘principalsp’ is NULL)...
openssh-10.2p1/sshsig.c:910:18: branch_false: ...to here
openssh-10.2p1/sshsig.c:910:18: call_function: calling ‘parse_principals_key_and_options’ from ‘check_allowed_keys_line’
#  653|   	while (*opts && *opts != ' ' && *opts != '\t') {
#  654|   		/* flag options */
#  655|-> 		if ((r = opt_flag("cert-authority", 0, &opts)) != -1) {
#  656|   			ret->ca = 1;
#  657|   		} else if (opt_match(&opts, "namespaces")) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def855]
openssh-10.2p1/sshsig.c:655:26: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/sshsig.c:648:20: acquire_memory: allocated here
openssh-10.2p1/sshsig.c:648:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/sshsig.c:650:13: branch_false: ...to here
openssh-10.2p1/sshsig.c:650:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:653:16: branch_true: following ‘true’ branch...
openssh-10.2p1/sshsig.c:655:26: throw: if ‘opt_flag’ throws an exception...
openssh-10.2p1/sshsig.c:655:26: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  653|   	while (*opts && *opts != ' ' && *opts != '\t') {
#  654|   		/* flag options */
#  655|-> 		if ((r = opt_flag("cert-authority", 0, &opts)) != -1) {
#  656|   			ret->ca = 1;
#  657|   		} else if (opt_match(&opts, "namespaces")) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def856]
openssh-10.2p1/sshsig.c:657:28: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.2p1/sshsig.c:895:1: enter_function: entry to ‘check_allowed_keys_line’
openssh-10.2p1/sshsig.c:906:12: branch_false: following ‘false’ branch (when ‘principalsp’ is NULL)...
openssh-10.2p1/sshsig.c:910:18: branch_false: ...to here
openssh-10.2p1/sshsig.c:910:18: call_function: calling ‘parse_principals_key_and_options’ from ‘check_allowed_keys_line’
#  655|   		if ((r = opt_flag("cert-authority", 0, &opts)) != -1) {
#  656|   			ret->ca = 1;
#  657|-> 		} else if (opt_match(&opts, "namespaces")) {
#  658|   			if (ret->namespaces != NULL) {
#  659|   				errstr = "multiple \"namespaces\" clauses";

Error: GCC_ANALYZER_WARNING (CWE-401): [#def857]
openssh-10.2p1/sshsig.c:657:28: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/sshsig.c:648:20: acquire_memory: allocated here
openssh-10.2p1/sshsig.c:648:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/sshsig.c:650:13: branch_false: ...to here
openssh-10.2p1/sshsig.c:650:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:653:16: branch_true: following ‘true’ branch...
openssh-10.2p1/sshsig.c:655:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:657:28: branch_false: ...to here
openssh-10.2p1/sshsig.c:657:28: throw: if ‘opt_match’ throws an exception...
openssh-10.2p1/sshsig.c:657:28: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  655|   		if ((r = opt_flag("cert-authority", 0, &opts)) != -1) {
#  656|   			ret->ca = 1;
#  657|-> 		} else if (opt_match(&opts, "namespaces")) {
#  658|   			if (ret->namespaces != NULL) {
#  659|   				errstr = "multiple \"namespaces\" clauses";

Error: GCC_ANALYZER_WARNING (CWE-401): [#def858]
openssh-10.2p1/sshsig.c:662:43: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/sshsig.c:648:20: acquire_memory: allocated here
openssh-10.2p1/sshsig.c:648:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/sshsig.c:650:13: branch_false: ...to here
openssh-10.2p1/sshsig.c:650:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:653:16: branch_true: following ‘true’ branch...
openssh-10.2p1/sshsig.c:655:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:657:28: branch_false: ...to here
openssh-10.2p1/sshsig.c:658:28: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:662:43: branch_false: ...to here
openssh-10.2p1/sshsig.c:662:43: throw: if ‘opt_dequote’ throws an exception...
openssh-10.2p1/sshsig.c:662:43: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  660|   				goto fail;
#  661|   			}
#  662|-> 			ret->namespaces = opt_dequote(&opts, &errstr);
#  663|   			if (ret->namespaces == NULL)
#  664|   				goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def859]
openssh-10.2p1/sshsig.c:665:28: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/sshsig.c:648:20: acquire_memory: allocated here
openssh-10.2p1/sshsig.c:648:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/sshsig.c:650:13: branch_false: ...to here
openssh-10.2p1/sshsig.c:650:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:653:16: branch_true: following ‘true’ branch...
openssh-10.2p1/sshsig.c:655:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:657:28: branch_false: ...to here
openssh-10.2p1/sshsig.c:657:27: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:665:28: branch_false: ...to here
openssh-10.2p1/sshsig.c:665:28: throw: if ‘opt_match’ throws an exception...
openssh-10.2p1/sshsig.c:665:28: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  663|   			if (ret->namespaces == NULL)
#  664|   				goto fail;
#  665|-> 		} else if (opt_match(&opts, "valid-after")) {
#  666|   			if (ret->valid_after != 0) {
#  667|   				errstr = "multiple \"valid-after\" clauses";

Error: GCC_ANALYZER_WARNING (CWE-401): [#def860]
openssh-10.2p1/sshsig.c:670:36: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/sshsig.c:648:20: acquire_memory: allocated here
openssh-10.2p1/sshsig.c:648:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/sshsig.c:650:13: branch_false: ...to here
openssh-10.2p1/sshsig.c:650:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:653:16: branch_true: following ‘true’ branch...
openssh-10.2p1/sshsig.c:655:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:657:28: branch_false: ...to here
openssh-10.2p1/sshsig.c:657:27: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:665:28: branch_false: ...to here
openssh-10.2p1/sshsig.c:666:28: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:670:36: branch_false: ...to here
openssh-10.2p1/sshsig.c:670:36: throw: if ‘opt_dequote’ throws an exception...
openssh-10.2p1/sshsig.c:670:36: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  668|   				goto fail;
#  669|   			}
#  670|-> 			if ((opt = opt_dequote(&opts, &errstr)) == NULL)
#  671|   				goto fail;
#  672|   			if (parse_absolute_time(opt, &ret->valid_after) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def861]
openssh-10.2p1/sshsig.c:672:29: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/sshsig.c:648:20: acquire_memory: allocated here
openssh-10.2p1/sshsig.c:648:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/sshsig.c:650:13: branch_false: ...to here
openssh-10.2p1/sshsig.c:650:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:653:16: branch_true: following ‘true’ branch...
openssh-10.2p1/sshsig.c:655:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:657:28: branch_false: ...to here
openssh-10.2p1/sshsig.c:657:27: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:665:28: branch_false: ...to here
openssh-10.2p1/sshsig.c:666:28: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:670:36: branch_false: ...to here
openssh-10.2p1/sshsig.c:670:28: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:672:29: branch_false: ...to here
openssh-10.2p1/sshsig.c:672:29: throw: if ‘parse_absolute_time’ throws an exception...
openssh-10.2p1/sshsig.c:672:29: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  670|   			if ((opt = opt_dequote(&opts, &errstr)) == NULL)
#  671|   				goto fail;
#  672|-> 			if (parse_absolute_time(opt, &ret->valid_after) != 0 ||
#  673|   			    ret->valid_after == 0) {
#  674|   				free(opt);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def862]
openssh-10.2p1/sshsig.c:679:28: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/sshsig.c:648:20: acquire_memory: allocated here
openssh-10.2p1/sshsig.c:648:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/sshsig.c:650:13: branch_false: ...to here
openssh-10.2p1/sshsig.c:650:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:653:16: branch_true: following ‘true’ branch...
openssh-10.2p1/sshsig.c:655:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:657:28: branch_false: ...to here
openssh-10.2p1/sshsig.c:657:27: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:665:28: branch_false: ...to here
openssh-10.2p1/sshsig.c:665:27: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:679:28: branch_false: ...to here
openssh-10.2p1/sshsig.c:679:28: throw: if ‘opt_match’ throws an exception...
openssh-10.2p1/sshsig.c:679:28: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  677|   			}
#  678|   			free(opt);
#  679|-> 		} else if (opt_match(&opts, "valid-before")) {
#  680|   			if (ret->valid_before != 0) {
#  681|   				errstr = "multiple \"valid-before\" clauses";

Error: GCC_ANALYZER_WARNING (CWE-401): [#def863]
openssh-10.2p1/sshsig.c:684:36: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/sshsig.c:648:20: acquire_memory: allocated here
openssh-10.2p1/sshsig.c:648:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/sshsig.c:650:13: branch_false: ...to here
openssh-10.2p1/sshsig.c:650:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:653:16: branch_true: following ‘true’ branch...
openssh-10.2p1/sshsig.c:655:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:657:28: branch_false: ...to here
openssh-10.2p1/sshsig.c:657:27: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:665:28: branch_false: ...to here
openssh-10.2p1/sshsig.c:665:27: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:679:28: branch_false: ...to here
openssh-10.2p1/sshsig.c:680:28: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:684:36: branch_false: ...to here
openssh-10.2p1/sshsig.c:684:36: throw: if ‘opt_dequote’ throws an exception...
openssh-10.2p1/sshsig.c:684:36: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  682|   				goto fail;
#  683|   			}
#  684|-> 			if ((opt = opt_dequote(&opts, &errstr)) == NULL)
#  685|   				goto fail;
#  686|   			if (parse_absolute_time(opt, &ret->valid_before) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def864]
openssh-10.2p1/sshsig.c:686:29: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.2p1/sshsig.c:648:20: acquire_memory: allocated here
openssh-10.2p1/sshsig.c:648:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.2p1/sshsig.c:650:13: branch_false: ...to here
openssh-10.2p1/sshsig.c:650:12: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:653:16: branch_true: following ‘true’ branch...
openssh-10.2p1/sshsig.c:655:20: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:657:28: branch_false: ...to here
openssh-10.2p1/sshsig.c:657:27: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:665:28: branch_false: ...to here
openssh-10.2p1/sshsig.c:665:27: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:679:28: branch_false: ...to here
openssh-10.2p1/sshsig.c:680:28: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:684:36: branch_false: ...to here
openssh-10.2p1/sshsig.c:684:28: branch_false: following ‘false’ branch...
openssh-10.2p1/sshsig.c:686:29: branch_false: ...to here
openssh-10.2p1/sshsig.c:686:29: throw: if ‘parse_absolute_time’ throws an exception...
openssh-10.2p1/sshsig.c:686:29: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#  684|   			if ((opt = opt_dequote(&opts, &errstr)) == NULL)
#  685|   				goto fail;
#  686|-> 			if (parse_absolute_time(opt, &ret->valid_before) != 0 ||
#  687|   			    ret->valid_before == 0) {
#  688|   				free(opt);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def865]
openssh-10.2p1/sshsig.c:774:21: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.2p1/sshsig.c:895:1: enter_function: entry to ‘check_allowed_keys_line’
openssh-10.2p1/sshsig.c:906:12: branch_false: following ‘false’ branch (when ‘principalsp’ is NULL)...
openssh-10.2p1/sshsig.c:910:18: branch_false: ...to here
openssh-10.2p1/sshsig.c:910:18: call_function: calling ‘parse_principals_key_and_options’ from ‘check_allowed_keys_line’
#  772|   	 */
#  773|   	if (required_principal != NULL) {
#  774|-> 		if (match_pattern_list(required_principal,
#  775|   		    principals, 0) != 1) {
#  776|   			/* principal didn't match */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def866]
openssh-10.2p1/sshsig.c:780:17: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.2p1/sshsig.c:895:1: enter_function: entry to ‘check_allowed_keys_line’
openssh-10.2p1/sshsig.c:906:12: branch_false: following ‘false’ branch (when ‘principalsp’ is NULL)...
openssh-10.2p1/sshsig.c:910:18: branch_false: ...to here
openssh-10.2p1/sshsig.c:910:18: call_function: calling ‘parse_principals_key_and_options’ from ‘check_allowed_keys_line’
#  778|   			goto out;
#  779|   		}
#  780|-> 		debug_f("%s:%lu: matched principal \"%s\"",
#  781|   		    path, linenum, required_principal);
#  782|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def867]
openssh-10.2p1/sshsig.c:784:20: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.2p1/sshsig.c:895:1: enter_function: entry to ‘check_allowed_keys_line’
openssh-10.2p1/sshsig.c:906:12: branch_false: following ‘false’ branch (when ‘principalsp’ is NULL)...
openssh-10.2p1/sshsig.c:910:18: branch_false: ...to here
openssh-10.2p1/sshsig.c:910:18: call_function: calling ‘parse_principals_key_and_options’ from ‘check_allowed_keys_line’
#  782|   	}
#  783|   
#  784|-> 	if ((key = sshkey_new(KEY_UNSPEC)) == NULL) {
#  785|   		error_f("sshkey_new failed");
#  786|   		r = SSH_ERR_ALLOC_FAIL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def868]
openssh-10.2p1/sshsig.c:785:17: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.2p1/sshsig.c:895:1: enter_function: entry to ‘check_allowed_keys_line’
openssh-10.2p1/sshsig.c:906:12: branch_false: following ‘false’ branch (when ‘principalsp’ is NULL)...
openssh-10.2p1/sshsig.c:910:18: branch_false: ...to here
openssh-10.2p1/sshsig.c:910:18: call_function: calling ‘parse_principals_key_and_options’ from ‘check_allowed_keys_line’
#  783|   
#  784|   	if ((key = sshkey_new(KEY_UNSPEC)) == NULL) {
#  785|-> 		error_f("sshkey_new failed");
#  786|   		r = SSH_ERR_ALLOC_FAIL;
#  787|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def869]
openssh-10.2p1/sshsig.c:789:13: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.2p1/sshsig.c:895:1: enter_function: entry to ‘check_allowed_keys_line’
openssh-10.2p1/sshsig.c:906:12: branch_false: following ‘false’ branch (when ‘principalsp’ is NULL)...
openssh-10.2p1/sshsig.c:910:18: branch_false: ...to here
openssh-10.2p1/sshsig.c:910:18: call_function: calling ‘parse_principals_key_and_options’ from ‘check_allowed_keys_line’
#  787|   		goto out;
#  788|   	}
#  789|-> 	if (sshkey_read(key, &cp) != 0) {
#  790|   		/* no key? Check for options */
#  791|   		opts = cp;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def870]
openssh-10.2p1/sshsig.c:792:21: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.2p1/sshsig.c:895:1: enter_function: entry to ‘check_allowed_keys_line’
openssh-10.2p1/sshsig.c:906:12: branch_false: following ‘false’ branch (when ‘principalsp’ is NULL)...
openssh-10.2p1/sshsig.c:910:18: branch_false: ...to here
openssh-10.2p1/sshsig.c:910:18: call_function: calling ‘parse_principals_key_and_options’ from ‘check_allowed_keys_line’
#  790|   		/* no key? Check for options */
#  791|   		opts = cp;
#  792|-> 		if (sshkey_advance_past_options(&cp) != 0) {
#  793|   			error("%s:%lu: invalid options", path, linenum);
#  794|   			r = SSH_ERR_INVALID_FORMAT;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def871]
openssh-10.2p1/sshsig.c:793:25: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.2p1/sshsig.c:895:1: enter_function: entry to ‘check_allowed_keys_line’
openssh-10.2p1/sshsig.c:906:12: branch_false: following ‘false’ branch (when ‘principalsp’ is NULL)...
openssh-10.2p1/sshsig.c:910:18: branch_false: ...to here
openssh-10.2p1/sshsig.c:910:18: call_function: calling ‘parse_principals_key_and_options’ from ‘check_allowed_keys_line’
#  791|   		opts = cp;
#  792|   		if (sshkey_advance_past_options(&cp) != 0) {
#  793|-> 			error("%s:%lu: invalid options", path, linenum);
#  794|   			r = SSH_ERR_INVALID_FORMAT;
#  795|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def872]
openssh-10.2p1/sshsig.c:798:25: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.2p1/sshsig.c:895:1: enter_function: entry to ‘check_allowed_keys_line’
openssh-10.2p1/sshsig.c:906:12: branch_false: following ‘false’ branch (when ‘principalsp’ is NULL)...
openssh-10.2p1/sshsig.c:910:18: branch_false: ...to here
openssh-10.2p1/sshsig.c:910:18: call_function: calling ‘parse_principals_key_and_options’ from ‘check_allowed_keys_line’
#  796|   		}
#  797|   		if (cp == NULL || *cp == '\0') {
#  798|-> 			error("%s:%lu: missing key", path, linenum);
#  799|   			r = SSH_ERR_INVALID_FORMAT;
#  800|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def873]
openssh-10.2p1/sshsig.c:803:17: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.2p1/sshsig.c:895:1: enter_function: entry to ‘check_allowed_keys_line’
openssh-10.2p1/sshsig.c:906:12: branch_false: following ‘false’ branch (when ‘principalsp’ is NULL)...
openssh-10.2p1/sshsig.c:910:18: branch_false: ...to here
openssh-10.2p1/sshsig.c:910:18: call_function: calling ‘parse_principals_key_and_options’ from ‘check_allowed_keys_line’
#  801|   		}
#  802|   		*cp++ = '\0';
#  803|-> 		skip_space(&cp);
#  804|   		if (sshkey_read(key, &cp) != 0) {
#  805|   			error("%s:%lu: invalid key", path, linenum);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def874]
openssh-10.2p1/sshsig.c:804:21: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.2p1/sshsig.c:895:1: enter_function: entry to ‘check_allowed_keys_line’
openssh-10.2p1/sshsig.c:906:12: branch_false: following ‘false’ branch (when ‘principalsp’ is NULL)...
openssh-10.2p1/sshsig.c:910:18: branch_false: ...to here
openssh-10.2p1/sshsig.c:910:18: call_function: calling ‘parse_principals_key_and_options’ from ‘check_allowed_keys_line’
#  802|   		*cp++ = '\0';
#  803|   		skip_space(&cp);
#  804|-> 		if (sshkey_read(key, &cp) != 0) {
#  805|   			error("%s:%lu: invalid key", path, linenum);
#  806|   			r = SSH_ERR_INVALID_FORMAT;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def875]
openssh-10.2p1/sshsig.c:805:25: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.2p1/sshsig.c:895:1: enter_function: entry to ‘check_allowed_keys_line’
openssh-10.2p1/sshsig.c:906:12: branch_false: following ‘false’ branch (when ‘principalsp’ is NULL)...
openssh-10.2p1/sshsig.c:910:18: branch_false: ...to here
openssh-10.2p1/sshsig.c:910:18: call_function: calling ‘parse_principals_key_and_options’ from ‘check_allowed_keys_line’
#  803|   		skip_space(&cp);
#  804|   		if (sshkey_read(key, &cp) != 0) {
#  805|-> 			error("%s:%lu: invalid key", path, linenum);
#  806|   			r = SSH_ERR_INVALID_FORMAT;
#  807|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def876]
openssh-10.2p1/sshsig.c:810:9: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.2p1/sshsig.c:895:1: enter_function: entry to ‘check_allowed_keys_line’
openssh-10.2p1/sshsig.c:906:12: branch_false: following ‘false’ branch (when ‘principalsp’ is NULL)...
openssh-10.2p1/sshsig.c:910:18: branch_false: ...to here
openssh-10.2p1/sshsig.c:910:18: call_function: calling ‘parse_principals_key_and_options’ from ‘check_allowed_keys_line’
#  808|   		}
#  809|   	}
#  810|-> 	debug3("%s:%lu: options %s", path, linenum, opts == NULL ? "" : opts);
#  811|   	if ((sigopts = sshsigopt_parse(opts, path, linenum, &reason)) == NULL) {
#  812|   		error("%s:%lu: bad options: %s", path, linenum, reason);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def877]
openssh-10.2p1/sshsig.c:812:17: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.2p1/sshsig.c:895:1: enter_function: entry to ‘check_allowed_keys_line’
openssh-10.2p1/sshsig.c:906:12: branch_false: following ‘false’ branch (when ‘principalsp’ is NULL)...
openssh-10.2p1/sshsig.c:910:18: branch_false: ...to here
openssh-10.2p1/sshsig.c:910:18: call_function: calling ‘parse_principals_key_and_options’ from ‘check_allowed_keys_line’
#  810|   	debug3("%s:%lu: options %s", path, linenum, opts == NULL ? "" : opts);
#  811|   	if ((sigopts = sshsigopt_parse(opts, path, linenum, &reason)) == NULL) {
#  812|-> 		error("%s:%lu: bad options: %s", path, linenum, reason);
#  813|   		r = SSH_ERR_INVALID_FORMAT;
#  814|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def878]
openssh-10.2p1/utf8.c:83:19: warning[-Wanalyzer-malloc-leak]: leak of ‘dp’
openssh-10.2p1/utf8.c:305:1: enter_function: entry to ‘mprintf’
openssh-10.2p1/utf8.c:311:15: call_function: calling ‘vfmprintf’ from ‘mprintf’
#   81|   	if (tsz > maxsz)
#   82|   		tsz = maxsz;
#   83|-> 	if ((tp = recallocarray(*dst, *sz, tsz, 1)) == NULL)
#   84|   		return -1;
#   85|   	*dp = tp + (*dp - *dst);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def879]
openssh-10.2p1/utf8.c:83:19: warning[-Wanalyzer-malloc-leak]: leak of ‘dst’
openssh-10.2p1/utf8.c:305:1: enter_function: entry to ‘mprintf’
openssh-10.2p1/utf8.c:311:15: call_function: calling ‘vfmprintf’ from ‘mprintf’
#   81|   	if (tsz > maxsz)
#   82|   		tsz = maxsz;
#   83|-> 	if ((tp = recallocarray(*dst, *sz, tsz, 1)) == NULL)
#   84|   		return -1;
#   85|   	*dp = tp + (*dp - *dst);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def880]
openssh-10.2p1/utf8.c:195:38: warning[-Wanalyzer-malloc-leak]: leak of ‘dst’
openssh-10.2p1/utf8.c:305:1: enter_function: entry to ‘mprintf’
openssh-10.2p1/utf8.c:311:15: call_function: calling ‘vfmprintf’ from ‘mprintf’
#  193|   					break;
#  194|   				}
#  195|-> 				tp = vis(dp, *sp, VIS_OCTAL | VIS_ALL, 0);
#  196|   				width = tp - dp;
#  197|   				total_width += width;