sssd-2.11.1-4.fc44

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1]
sssd-2.11.1/src/db/sysdb_ops.c:322:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*_msgs'
sssd-2.11.1/src/db/sysdb_ops.c:1747:1: enter_function: entry to 'sysdb_remove_ghostattr_from_groups'
sssd-2.11.1/src/db/sysdb_ops.c:1765:8: branch_false: following 'false' branch...
sssd-2.11.1/src/db/sysdb_ops.c:1769:11: branch_false: ...to here
sssd-2.11.1/src/db/sysdb_ops.c:1770:8: branch_false: following 'false' branch...
sssd-2.11.1/src/db/sysdb_ops.c:1774:14: branch_false: ...to here
sssd-2.11.1/src/db/sysdb_ops.c:1776:8: branch_false: following 'false' branch...
sssd-2.11.1/src/db/sysdb_ops.c:1780:11: branch_false: ...to here
sssd-2.11.1/src/db/sysdb_ops.c:1781:8: branch_false: following 'false' branch...
sssd-2.11.1/src/db/sysdb_ops.c:1781:8: branch_false: ...to here
sssd-2.11.1/src/db/sysdb_ops.c:1798:8: branch_false: following 'false' branch...
sssd-2.11.1/src/db/sysdb_ops.c:1803:13: branch_false: ...to here
sssd-2.11.1/src/db/sysdb_ops.c:1804:8: branch_false: following 'false' branch...
sssd-2.11.1/src/db/sysdb_ops.c:1808:14: branch_false: ...to here
sssd-2.11.1/src/db/sysdb_ops.c:1809:8: branch_false: following 'false' branch...
sssd-2.11.1/src/db/sysdb_ops.c:1815:33: branch_false: ...to here
sssd-2.11.1/src/db/sysdb_ops.c:1816:8: branch_false: following 'false' branch...
sssd-2.11.1/src/db/sysdb_ops.c:1826:11: branch_false: ...to here
sssd-2.11.1/src/db/sysdb_ops.c:1826:11: call_function: calling 'sysdb_search_entry' from 'sysdb_remove_ghostattr_from_groups'
#  320|       }
#  321|   
#  322|->     return sysdb_merge_msg_list_ts_attrs(sysdb, *_msgs_count, *_msgs,
#  323|                                            attrs);
#  324|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def2]
sssd-2.11.1/src/db/sysdb_search.c:1068:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 'val'
sssd-2.11.1/src/db/sysdb_search.c:1054:8: branch_false: following 'false' branch...
sssd-2.11.1/src/db/sysdb_search.c:1054:8: branch_false: ...to here
sssd-2.11.1/src/db/sysdb_search.c:1057:17: branch_false: following 'false' branch...
sssd-2.11.1/src/db/sysdb_search.c:1065:8: branch_false: ...to here
sssd-2.11.1/src/db/sysdb_search.c:1065:8: branch_false: following 'false' branch...
sssd-2.11.1/src/db/sysdb_search.c:1068:28: branch_false: ...to here
sssd-2.11.1/src/db/sysdb_search.c:1068:5: danger: dereference of NULL 'val'
# 1066|   
# 1067|       /* yes, convert */
# 1068|->     val->data = (uint8_t *)talloc_strdup(msg, SYSDB_GROUP_CLASS);
# 1069|       if (val->data == NULL) return ENOMEM;
# 1070|       val->length = strlen(SYSDB_GROUP_CLASS);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def3]
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:195:11: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:174:8: branch_false: following 'false' branch (when 'state' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:178:14: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:179:8: branch_false: following 'false' branch (when 'config' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:185:22: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:190:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:195:11: throw: if 'krb5_unparse_name_flags' throws an exception...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:195:11: danger: '<unknown>' leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  193|       }
#  194|   
#  195|->     ret = krb5_unparse_name_flags(kctx, princ, 0, &username);
#  196|       if (ret != 0) {
#  197|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:195:11: warning[-Wanalyzer-malloc-leak]: leak of 'config'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:174:8: branch_false: following 'false' branch (when 'state' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:178:14: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:178:14: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:179:8: branch_false: following 'false' branch (when 'config' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:190:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:195:11: throw: if 'krb5_unparse_name_flags' throws an exception...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:195:11: danger: 'config' leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  193|       }
#  194|   
#  195|->     ret = krb5_unparse_name_flags(kctx, princ, 0, &username);
#  196|       if (ret != 0) {
#  197|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:201:5: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:174:8: branch_false: following 'false' branch (when 'state' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:178:14: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:179:8: branch_false: following 'false' branch (when 'config' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:185:22: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:190:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:196:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:200:24: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:201:5: throw: if 'krb5_free_unparsed_name' throws an exception...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:201:5: danger: '<unknown>' leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#  199|   
#  200|       config->username = strdup(username);
#  201|->     krb5_free_unparsed_name(kctx, username);
#  202|       if (config->username == NULL) {
#  203|           ret = ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:201:5: warning[-Wanalyzer-malloc-leak]: leak of 'config'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:174:8: branch_false: following 'false' branch (when 'state' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:178:14: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:178:14: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:179:8: branch_false: following 'false' branch (when 'config' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:190:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:196:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:200:24: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:201:5: throw: if 'krb5_free_unparsed_name' throws an exception...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:201:5: danger: 'config' leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  199|   
#  200|       config->username = strdup(username);
#  201|->     krb5_free_unparsed_name(kctx, username);
#  202|       if (config->username == NULL) {
#  203|           ret = ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def7]
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:244:12: warning[-Wanalyzer-malloc-leak]: leak of 'blob'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:219:1: enter_function: entry to 'sss_radiuskdc_set_cookie'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:231:12: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:232:8: branch_false: following 'false' branch (when 'blob' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:237:5: call_function: inlined call to 'safealign_memcpy' from 'sss_radiuskdc_set_cookie'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:244:12: throw: if the called function throws an exception...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:244:12: danger: 'blob' leaks here; was allocated at [(2)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/1)
#  242|       cookie.length = len;
#  243|   
#  244|->     return cb->set_cookie(context, rock, pa_type, &cookie);
#  245|   }
#  246|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:313:16: warning[-Wanalyzer-malloc-leak]: leak of 'malloc((long unsigned int)data.length)'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:299:14: branch_true: following 'true' branch...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:299:14: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:301:8: branch_false: following 'false' branch (when '<unknown> != 0')...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:305:17: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:305:17: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:306:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:306:8: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:313:16: throw: if 'krad_packet_get_attr' throws an exception...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:313:16: danger: 'malloc((long unsigned int)data.length)' leaks here; was allocated at [(5)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/4)
#  311|       memindex = 0;
#  312|       do {
#  313|->         rmsg = krad_packet_get_attr(rres, attr, i);
#  314|           if (rmsg != NULL) {
#  315|               memcpy(&data.data[memindex], rmsg->data, rmsg->length);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:427:11: warning[-Wanalyzer-malloc-leak]: leak of 'client'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:421:14: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:422:8: branch_false: following 'false' branch (when 'client' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:425:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:427:11: throw: if 'krad_client_new' throws an exception...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:427:11: danger: 'client' leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  425|       memset(client, 0, sizeof(struct sss_radiuskdc_client));
#  426|   
#  427|->     ret = krad_client_new(kctx, vctx, &client->client);
#  428|       if (ret != 0) {
#  429|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def10]
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:427:11: warning[-Wanalyzer-malloc-leak]: leak of 'state'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:483:1: enter_function: entry to 'sss_radiuskdc_challenge_init'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:492:13: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:493:8: branch_false: following 'false' branch (when 'state' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:496:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:504:21: call_function: calling 'sss_radiuskdc_client_init' from 'sss_radiuskdc_challenge_init'
#  425|       memset(client, 0, sizeof(struct sss_radiuskdc_client));
#  426|   
#  427|->     ret = krad_client_new(kctx, vctx, &client->client);
#  428|       if (ret != 0) {
#  429|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def11]
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:432:11: warning[-Wanalyzer-malloc-leak]: leak of 'state'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:483:1: enter_function: entry to 'sss_radiuskdc_challenge_init'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:492:13: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:493:8: branch_false: following 'false' branch (when 'state' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:496:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:504:21: call_function: calling 'sss_radiuskdc_client_init' from 'sss_radiuskdc_challenge_init'
#  430|       }
#  431|   
#  432|->     ret = krad_attrset_new(kctx, &client->attrs);
#  433|       if (ret != 0) {
#  434|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def12]
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:444:11: warning[-Wanalyzer-malloc-leak]: leak of 'state'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:483:1: enter_function: entry to 'sss_radiuskdc_challenge_init'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:492:13: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:493:8: branch_false: following 'false' branch (when 'state' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:496:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:504:21: call_function: calling 'sss_radiuskdc_client_init' from 'sss_radiuskdc_challenge_init'
#  442|       data.data = hostname;
#  443|       data.length = strlen(hostname);
#  444|->     ret = krad_attrset_add(client->attrs, krad_attr_name2num("NAS-Identifier"),
#  445|                              &data);
#  446|       if (ret != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def13]
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:450:11: warning[-Wanalyzer-malloc-leak]: leak of 'state'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:483:1: enter_function: entry to 'sss_radiuskdc_challenge_init'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:492:13: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:493:8: branch_false: following 'false' branch (when 'state' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:496:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:504:21: call_function: calling 'sss_radiuskdc_client_init' from 'sss_radiuskdc_challenge_init'
#  448|       }
#  449|   
#  450|->     ret = krad_attrset_add_number(client->attrs, krad_attr_name2num("Service-Type"),
#  451|                                     KRAD_SERVICE_TYPE_AUTHENTICATE_ONLY);
#  452|       if (ret != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def14]
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:458:11: warning[-Wanalyzer-malloc-leak]: leak of 'state'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:483:1: enter_function: entry to 'sss_radiuskdc_challenge_init'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:492:13: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:493:8: branch_false: following 'false' branch (when 'state' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:496:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:504:21: call_function: calling 'sss_radiuskdc_client_init' from 'sss_radiuskdc_challenge_init'
#  456|       data.data = config->username;
#  457|       data.length = strlen(config->username);
#  458|->     ret = krad_attrset_add(client->attrs, krad_attr_name2num("User-Name"),
#  459|                              &data);
#  460|       if (ret != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def15]
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:505:47: warning[-Wanalyzer-malloc-leak]: leak of 'state'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:492:13: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:493:8: branch_false: following 'false' branch (when 'state' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:496:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:505:47: throw: if the called function throws an exception...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:505:47: danger: 'state' leaks here; was allocated at [(1)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/0)
#  503|   
#  504|       state->client = sss_radiuskdc_client_init(kctx,
#  505|->                                               cb->event_context(kctx, rock),
#  506|                                                 config);
#  507|       if (state->client == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def16]
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:522:5: warning[-Wanalyzer-malloc-leak]: leak of 'state'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:528:1: enter_function: entry to 'sss_radiuskdc_verify_init'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:539:13: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:540:8: branch_false: following 'false' branch (when 'state' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:543:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:553:8: branch_true: following 'true' branch...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:554:9: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:554:9: call_function: calling 'sss_radiuskdc_verify_free' from 'sss_radiuskdc_verify_init'
#  520|       }
#  521|   
#  522|->     sss_string_array_free(state->indicators);
#  523|       sss_radiuskdc_client_free(state->client);
#  524|       free(state);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def17]
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:552:25: warning[-Wanalyzer-malloc-leak]: leak of 'state'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:539:13: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:540:8: branch_false: following 'false' branch (when 'state' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:543:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:552:25: throw: if 'sss_string_array_copy' throws an exception...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:552:25: danger: 'state' leaks here; was allocated at [(1)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/0)
#  550|       state->arg = arg;
#  551|   
#  552|->     state->indicators = sss_string_array_copy(indicators);
#  553|       if (state->indicators == NULL) {
#  554|           sss_radiuskdc_verify_free(state);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def18]
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:559:47: warning[-Wanalyzer-malloc-leak]: leak of 'state'
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:539:13: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:540:8: branch_false: following 'false' branch (when 'state' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:543:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:553:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:559:47: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:559:47: throw: if the called function throws an exception...
sssd-2.11.1/src/krb5_plugin/common/radius_kdcpreauth.c:559:47: danger: 'state' leaks here; was allocated at [(1)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/0)
#  557|   
#  558|       state->client = sss_radiuskdc_client_init(kctx,
#  559|->                                               cb->event_context(kctx, rock),
#  560|                                                 config);
#  561|       if (state->client == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def19]
sssd-2.11.1/src/krb5_plugin/common/utils.c:93:18: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
sssd-2.11.1/src/krb5_plugin/common/utils.c:83:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/common/utils.c:88:8: branch_false: following 'false' branch (when 'array' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/utils.c:88:8: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/utils.c:92:5: branch_true: following 'true' branch...
sssd-2.11.1/src/krb5_plugin/common/utils.c:94:12: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/common/utils.c:98:14: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/utils.c:98:20: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/utils.c:99:12: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/common/utils.c:92:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/utils.c:92:5: branch_true: following 'true' branch...
sssd-2.11.1/src/krb5_plugin/common/utils.c:93:18: throw: if 'json_string_value' throws an exception...
sssd-2.11.1/src/krb5_plugin/common/utils.c:93:18: danger: '<unknown>' leaks here; was allocated at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8)
#   91|   
#   92|       json_array_foreach(jarray, i, jval) {
#   93|->         strval = json_string_value(jval);
#   94|           if (strval == NULL) {
#   95|               goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def20]
sssd-2.11.1/src/krb5_plugin/common/utils.c:93:18: warning[-Wanalyzer-malloc-leak]: leak of 'array'
sssd-2.11.1/src/krb5_plugin/common/utils.c:83:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/common/utils.c:87:13: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/utils.c:88:8: branch_false: following 'false' branch (when 'array' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/utils.c:88:8: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/utils.c:92:5: branch_true: following 'true' branch...
sssd-2.11.1/src/krb5_plugin/common/utils.c:93:18: throw: if 'json_string_value' throws an exception...
sssd-2.11.1/src/krb5_plugin/common/utils.c:93:18: danger: 'array' leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   91|   
#   92|       json_array_foreach(jarray, i, jval) {
#   93|->         strval = json_string_value(jval);
#   94|           if (strval == NULL) {
#   95|               goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def21]
sssd-2.11.1/src/krb5_plugin/common/utils.c:93:18: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
sssd-2.11.1/src/krb5_plugin/common/utils.c:83:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/common/utils.c:88:8: branch_false: following ‘false’ branch (when ‘array’ is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/utils.c:88:8: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/utils.c:92:5: branch_true: following ‘true’ branch...
sssd-2.11.1/src/krb5_plugin/common/utils.c:94:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/common/utils.c:98:14: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/utils.c:98:20: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/utils.c:99:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/common/utils.c:92:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/utils.c:92:5: branch_true: following ‘true’ branch...
sssd-2.11.1/src/krb5_plugin/common/utils.c:93:18: throw: if ‘json_string_value’ throws an exception...
sssd-2.11.1/src/krb5_plugin/common/utils.c:93:18: danger: ‘<unknown>’ leaks here; was allocated at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8)
#   91|   
#   92|       json_array_foreach(jarray, i, jval) {
#   93|->         strval = json_string_value(jval);
#   94|           if (strval == NULL) {
#   95|               goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def22]
sssd-2.11.1/src/krb5_plugin/common/utils.c:93:18: warning[-Wanalyzer-malloc-leak]: leak of ‘array’
sssd-2.11.1/src/krb5_plugin/common/utils.c:83:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/common/utils.c:87:13: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/utils.c:88:8: branch_false: following ‘false’ branch (when ‘array’ is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/utils.c:88:8: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/utils.c:92:5: branch_true: following ‘true’ branch...
sssd-2.11.1/src/krb5_plugin/common/utils.c:93:18: throw: if ‘json_string_value’ throws an exception...
sssd-2.11.1/src/krb5_plugin/common/utils.c:93:18: danger: ‘array’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   91|   
#   92|       json_array_foreach(jarray, i, jval) {
#   93|->         strval = json_string_value(jval);
#   94|           if (strval == NULL) {
#   95|               goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def23]
sssd-2.11.1/src/krb5_plugin/common/utils.c:199:11: warning[-Wanalyzer-malloc-leak]: leak of 'array'
sssd-2.11.1/src/krb5_plugin/common/utils.c:234:1: enter_function: entry to 'sss_radius_encode_padata_array'
sssd-2.11.1/src/krb5_plugin/common/utils.c:240:13: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/utils.c:241:8: branch_false: following 'false' branch (when 'array' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/utils.c:245:16: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/utils.c:245:16: call_function: calling 'sss_radius_encode_padata' from 'sss_radius_encode_padata_array'
#  197|       char *str;
#  198|   
#  199|->     str = fn(data);
#  200|       if (str == NULL) {
#  201|           return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def24]
sssd-2.11.1/src/krb5_plugin/common/utils.c:199:11: warning[-Wanalyzer-malloc-leak]: leak of ‘array’
sssd-2.11.1/src/krb5_plugin/common/utils.c:234:1: enter_function: entry to ‘sss_radius_encode_padata_array’
sssd-2.11.1/src/krb5_plugin/common/utils.c:240:13: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/common/utils.c:241:8: branch_false: following ‘false’ branch (when ‘array’ is non-NULL)...
sssd-2.11.1/src/krb5_plugin/common/utils.c:245:16: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/common/utils.c:245:16: call_function: calling ‘sss_radius_encode_padata’ from ‘sss_radius_encode_padata_array’
#  197|       char *str;
#  198|   
#  199|->     str = fn(data);
#  200|       if (str == NULL) {
#  201|           return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def25]
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:195:5: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:132:1: enter_function: entry to 'sss_idpcl_process'
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:155:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:161:14: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:162:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:167:14: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:184:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:189:14: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:189:14: call_function: calling 'sss_idpcl_encode_padata' from 'sss_idpcl_process'
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:189:14: return_function: returning to 'sss_idpcl_process' from 'sss_idpcl_encode_padata'
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:190:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:195:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:195:5: throw: if the called function throws an exception...
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:195:5: danger: '<unknown>' leaks here; was allocated at [(12)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/11)
#  193|       }
#  194|   
#  195|->     cb->disable_fallback(context, rock);
#  196|       *_pa_data_out = padata;
#  197|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def26]
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:195:5: warning[-Wanalyzer-malloc-leak]: leak of 'sss_idpcl_encode_padata()'
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:132:1: enter_function: entry to 'sss_idpcl_process'
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:155:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:161:14: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:162:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:167:14: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:184:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:189:14: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:189:14: call_function: calling 'sss_idpcl_encode_padata' from 'sss_idpcl_process'
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:189:14: return_function: returning to 'sss_idpcl_process' from 'sss_idpcl_encode_padata'
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:190:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:195:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:195:5: throw: if the called function throws an exception...
sssd-2.11.1/src/krb5_plugin/idp/idp_clpreauth.c:195:5: danger: 'sss_idpcl_encode_padata()' leaks here; was allocated at [(10)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/9)
#  193|       }
#  194|   
#  195|->     cb->disable_fallback(context, rock);
#  196|       *_pa_data_out = padata;
#  197|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def27]
sssd-2.11.1/src/krb5_plugin/idp/idp_kdcpreauth.c:75:11: warning[-Wanalyzer-malloc-leak]: leak of 'config'
sssd-2.11.1/src/krb5_plugin/idp/idp_kdcpreauth.c:64:8: branch_false: following 'false' branch (when 'state' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/idp/idp_kdcpreauth.c:68:14: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_kdcpreauth.c:68:14: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/idp/idp_kdcpreauth.c:69:8: branch_false: following 'false' branch (when 'config' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/idp/idp_kdcpreauth.c:73:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_kdcpreauth.c:75:11: throw: if 'sss_radiuskdc_config_init' throws an exception...
sssd-2.11.1/src/krb5_plugin/idp/idp_kdcpreauth.c:75:11: danger: 'config' leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   73|       memset(config, 0, sizeof(struct sss_idpkdc_config));
#   74|   
#   75|->     ret = sss_radiuskdc_config_init(state, kctx, princ, configstr, &config->radius);
#   76|       if (ret != 0) {
#   77|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def28]
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:46:5: warning[-Wanalyzer-malloc-leak]: leak of 'idpcfg'
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:59:1: enter_function: entry to 'sss_idp_config_init'
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:68:14: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:69:8: branch_false: following 'false' branch (when 'idpcfg' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:72:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:75:8: branch_true: following 'true' branch...
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:77:9: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:116:9: call_function: calling 'sss_idp_config_free' from 'sss_idp_config_init'
#   44|       }
#   45|   
#   46|->     sss_string_array_free(idpcfg->indicators);
#   47|       free(idpcfg);
#   48|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def29]
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:46:5: warning[-Wanalyzer-malloc-leak]: leak of ‘idpcfg’
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:59:1: enter_function: entry to ‘sss_idp_config_init’
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:68:14: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:69:8: branch_false: following ‘false’ branch (when ‘idpcfg’ is non-NULL)...
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:72:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:75:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:77:9: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:116:9: call_function: calling ‘sss_idp_config_free’ from ‘sss_idp_config_init’
#   44|       }
#   45|   
#   46|->     sss_string_array_free(idpcfg->indicators);
#   47|       free(idpcfg);
#   48|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def30]
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:74:13: warning[-Wanalyzer-malloc-leak]: leak of 'idpcfg'
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:68:14: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:69:8: branch_false: following 'false' branch (when 'idpcfg' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:72:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:74:13: throw: if 'json_loads' throws an exception...
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:74:13: danger: 'idpcfg' leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   72|       memset(idpcfg, 0, sizeof(struct sss_idp_config));
#   73|   
#   74|->     jroot = json_loads(config, 0, &jret);
#   75|       if (jroot == NULL) {
#   76|           ret = EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def31]
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:74:13: warning[-Wanalyzer-malloc-leak]: leak of ‘idpcfg’
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:68:14: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:69:8: branch_false: following ‘false’ branch (when ‘idpcfg’ is non-NULL)...
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:72:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:74:13: throw: if ‘json_loads’ throws an exception...
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:74:13: danger: ‘idpcfg’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   72|       memset(idpcfg, 0, sizeof(struct sss_idp_config));
#   73|   
#   74|->     jroot = json_loads(config, 0, &jret);
#   75|       if (jroot == NULL) {
#   76|           ret = EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def32]
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:81:11: warning[-Wanalyzer-malloc-leak]: leak of 'idpcfg'
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:68:14: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:69:8: branch_false: following 'false' branch (when 'idpcfg' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:72:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:75:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:81:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:81:11: throw: if 'json_unpack' throws an exception...
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:81:11: danger: 'idpcfg' leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   79|   
#   80|       /* Only one item is supported at the moment. The rest is ignored. */
#   81|->     ret = json_unpack(jroot, "[{s:s, s?:o}]",
#   82|                         "type", &idpcfg->type,
#   83|                         "indicators", &jindicators);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def33]
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:81:11: warning[-Wanalyzer-malloc-leak]: leak of ‘idpcfg’
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:68:14: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:69:8: branch_false: following ‘false’ branch (when ‘idpcfg’ is non-NULL)...
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:72:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:75:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:81:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:81:11: throw: if ‘json_unpack’ throws an exception...
sssd-2.11.1/src/krb5_plugin/idp/idp_utils.c:81:11: danger: ‘idpcfg’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   79|   
#   80|       /* Only one item is supported at the moment. The rest is ignored. */
#   81|->     ret = json_unpack(jroot, "[{s:s, s?:o}]",
#   82|                         "type", &idpcfg->type,
#   83|                         "indicators", &jindicators);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def34]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:173:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_child[0]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:202:9: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:173:16: danger: 'pipe_to_child[0]' leaks here
#  171|       if (buf == NULL) {
#  172|           ret = ENOMEM;
#  173|->         return ret;
#  174|       }
#  175|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def35]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:173:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_child[1]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:202:9: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:173:16: danger: 'pipe_to_child[1]' leaks here
#  171|       if (buf == NULL) {
#  172|           ret = ENOMEM;
#  173|->         return ret;
#  174|       }
#  175|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def36]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:173:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_parent[0]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:226:12: branch_true: following 'true' branch (when 'size == -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:228:13: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:173:16: danger: 'pipe_to_parent[0]' leaks here
#  171|       if (buf == NULL) {
#  172|           ret = ENOMEM;
#  173|->         return ret;
#  174|       }
#  175|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def37]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: warning[-Wanalyzer-malloc-leak]: leak of 'buf'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:170:11: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: throw: if 'sss_passkey_concat_credentials' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: danger: 'buf' leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  174|       }
#  175|   
#  176|->     ret = sss_passkey_concat_credentials(data->credential_id_list,
#  177|                                            &result_creds);
#  178|       if (ret != 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def38]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_child[0]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_true: following 'true' branch (when 'cpid == 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: danger: 'pipe_to_child[0]' leaks here
#  206|       /* Child */
#  207|       if (cpid == 0) {
#  208|->         close(pipe_to_child[1]);
#  209|           dup2(pipe_to_child[0], STDIN_FILENO);
#  210|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def39]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_child[1]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_true: following 'true' branch (when 'cpid == 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: danger: 'pipe_to_child[1]' leaks here
#  206|       /* Child */
#  207|       if (cpid == 0) {
#  208|->         close(pipe_to_child[1]);
#  209|           dup2(pipe_to_child[0], STDIN_FILENO);
#  210|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def40]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_parent[0]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_true: following 'true' branch (when 'cpid == 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: danger: 'pipe_to_parent[0]' leaks here
#  206|       /* Child */
#  207|       if (cpid == 0) {
#  208|->         close(pipe_to_child[1]);
#  209|           dup2(pipe_to_child[0], STDIN_FILENO);
#  210|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def41]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_parent[1]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_true: following 'true' branch (when 'cpid == 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: danger: 'pipe_to_parent[1]' leaks here
#  206|       /* Child */
#  207|       if (cpid == 0) {
#  208|->         close(pipe_to_child[1]);
#  209|           dup2(pipe_to_child[0], STDIN_FILENO);
#  210|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def42]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: warning[-Wanalyzer-malloc-leak]: leak of 'buf'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:170:11: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_true: following 'true' branch (when 'cpid == 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: danger: 'buf' leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  206|       /* Child */
#  207|       if (cpid == 0) {
#  208|->         close(pipe_to_child[1]);
#  209|           dup2(pipe_to_child[0], STDIN_FILENO);
#  210|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def43]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:211:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_child[0]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_true: following 'true' branch (when 'cpid == 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:211:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:211:9: danger: 'pipe_to_child[0]' leaks here
#  209|           dup2(pipe_to_child[0], STDIN_FILENO);
#  210|   
#  211|->         close(pipe_to_parent[0]);
#  212|           dup2(pipe_to_parent[1], STDOUT_FILENO);
#  213|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def44]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:211:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_parent[0]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_true: following 'true' branch (when 'cpid == 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:211:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:211:9: danger: 'pipe_to_parent[0]' leaks here
#  209|           dup2(pipe_to_child[0], STDIN_FILENO);
#  210|   
#  211|->         close(pipe_to_parent[0]);
#  212|           dup2(pipe_to_parent[1], STDOUT_FILENO);
#  213|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def45]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:211:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_parent[1]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_true: following 'true' branch (when 'cpid == 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:211:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:211:9: danger: 'pipe_to_parent[1]' leaks here
#  209|           dup2(pipe_to_child[0], STDIN_FILENO);
#  210|   
#  211|->         close(pipe_to_parent[0]);
#  212|           dup2(pipe_to_parent[1], STDOUT_FILENO);
#  213|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def46]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:211:9: warning[-Wanalyzer-malloc-leak]: leak of 'buf'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:170:11: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_true: following 'true' branch (when 'cpid == 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:208:9: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:211:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:211:9: danger: 'buf' leaks here; was allocated at [(1)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/0)
#  209|           dup2(pipe_to_child[0], STDIN_FILENO);
#  210|   
#  211|->         close(pipe_to_parent[0]);
#  212|           dup2(pipe_to_parent[1], STDOUT_FILENO);
#  213|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def47]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_child[0]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: danger: 'pipe_to_child[0]' leaks here
#  217|        * back from child */
#  218|       } else {
#  219|->         close(pipe_to_child[0]);
#  220|           close(pipe_to_parent[1]);
#  221|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def48]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_child[1]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: danger: 'pipe_to_child[1]' leaks here
#  217|        * back from child */
#  218|       } else {
#  219|->         close(pipe_to_child[0]);
#  220|           close(pipe_to_parent[1]);
#  221|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def49]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_parent[0]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: danger: 'pipe_to_parent[0]' leaks here
#  217|        * back from child */
#  218|       } else {
#  219|->         close(pipe_to_child[0]);
#  220|           close(pipe_to_parent[1]);
#  221|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def50]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_parent[1]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: danger: 'pipe_to_parent[1]' leaks here
#  217|        * back from child */
#  218|       } else {
#  219|->         close(pipe_to_child[0]);
#  220|           close(pipe_to_parent[1]);
#  221|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def51]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: warning[-Wanalyzer-malloc-leak]: leak of 'buf'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:170:11: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: danger: 'buf' leaks here; was allocated at [(1)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/0)
#  217|        * back from child */
#  218|       } else {
#  219|->         close(pipe_to_child[0]);
#  220|           close(pipe_to_parent[1]);
#  221|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def52]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:220:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_child[1]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:220:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:220:9: danger: 'pipe_to_child[1]' leaks here
#  218|       } else {
#  219|           close(pipe_to_child[0]);
#  220|->         close(pipe_to_parent[1]);
#  221|   
#  222|           write(pipe_to_child[1], pin, strlen(pin));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def53]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:220:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_parent[0]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:220:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:220:9: danger: 'pipe_to_parent[0]' leaks here
#  218|       } else {
#  219|           close(pipe_to_child[0]);
#  220|->         close(pipe_to_parent[1]);
#  221|   
#  222|           write(pipe_to_child[1], pin, strlen(pin));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def54]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:220:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_parent[1]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:220:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:220:9: danger: 'pipe_to_parent[1]' leaks here
#  218|       } else {
#  219|           close(pipe_to_child[0]);
#  220|->         close(pipe_to_parent[1]);
#  221|   
#  222|           write(pipe_to_child[1], pin, strlen(pin));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def55]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:220:9: warning[-Wanalyzer-malloc-leak]: leak of 'buf'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:170:11: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:220:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:220:9: danger: 'buf' leaks here; was allocated at [(1)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/0)
#  218|       } else {
#  219|           close(pipe_to_child[0]);
#  220|->         close(pipe_to_parent[1]);
#  221|   
#  222|           write(pipe_to_child[1], pin, strlen(pin));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def56]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:222:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_child[1]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:222:9: throw: if 'write' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:222:9: danger: 'pipe_to_child[1]' leaks here
#  220|           close(pipe_to_parent[1]);
#  221|   
#  222|->         write(pipe_to_child[1], pin, strlen(pin));
#  223|           close(pipe_to_child[1]);
#  224|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def57]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:222:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_parent[0]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:222:9: throw: if 'write' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:222:9: danger: 'pipe_to_parent[0]' leaks here
#  220|           close(pipe_to_parent[1]);
#  221|   
#  222|->         write(pipe_to_child[1], pin, strlen(pin));
#  223|           close(pipe_to_child[1]);
#  224|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def58]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:222:9: warning[-Wanalyzer-malloc-leak]: leak of 'buf'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:170:11: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:222:9: throw: if 'write' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:222:9: danger: 'buf' leaks here; was allocated at [(1)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/0)
#  220|           close(pipe_to_parent[1]);
#  221|   
#  222|->         write(pipe_to_child[1], pin, strlen(pin));
#  223|           close(pipe_to_child[1]);
#  224|   

Error: COMPILER_WARNING (CWE-252): [#def59]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c: scope_hint: In function 'sss_passkeycl_exec_child'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:222:9: warning[-Wunused-result]: ignoring return value of 'write' declared with attribute 'warn_unused_result'
#  222 |         write(pipe_to_child[1], pin, strlen(pin));
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  220|           close(pipe_to_parent[1]);
#  221|   
#  222|->         write(pipe_to_child[1], pin, strlen(pin));
#  223|           close(pipe_to_child[1]);
#  224|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def60]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:223:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_child[1]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:223:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:223:9: danger: 'pipe_to_child[1]' leaks here
#  221|   
#  222|           write(pipe_to_child[1], pin, strlen(pin));
#  223|->         close(pipe_to_child[1]);
#  224|   
#  225|           size = read(pipe_to_parent[0], buf, CHILD_MSG_CHUNK);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def61]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:223:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_parent[0]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:223:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:223:9: danger: 'pipe_to_parent[0]' leaks here
#  221|   
#  222|           write(pipe_to_child[1], pin, strlen(pin));
#  223|->         close(pipe_to_child[1]);
#  224|   
#  225|           size = read(pipe_to_parent[0], buf, CHILD_MSG_CHUNK);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def62]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:223:9: warning[-Wanalyzer-malloc-leak]: leak of 'buf'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:170:11: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:223:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:223:9: danger: 'buf' leaks here; was allocated at [(1)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/0)
#  221|   
#  222|           write(pipe_to_child[1], pin, strlen(pin));
#  223|->         close(pipe_to_child[1]);
#  224|   
#  225|           size = read(pipe_to_parent[0], buf, CHILD_MSG_CHUNK);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def63]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:231:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipe_to_parent[0]'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:226:12: branch_false: following 'false' branch (when 'size != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:231:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:231:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:231:9: danger: 'pipe_to_parent[0]' leaks here
#  229|           }
#  230|   
#  231|->         close(pipe_to_parent[0]);
#  232|           wait(NULL);
#  233|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def64]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:231:9: warning[-Wanalyzer-malloc-leak]: leak of 'buf'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:170:11: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:226:12: branch_false: following 'false' branch (when 'size != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:231:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:231:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:231:9: danger: 'buf' leaks here; was allocated at [(1)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/0)
#  229|           }
#  230|   
#  231|->         close(pipe_to_parent[0]);
#  232|           wait(NULL);
#  233|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def65]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:232:9: warning[-Wanalyzer-malloc-leak]: leak of 'buf'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:170:11: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:171:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:176:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:178:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:183:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:194:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:199:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:200:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:205:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:207:8: branch_false: following 'false' branch (when 'cpid != 0')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:219:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:226:12: branch_false: following 'false' branch (when 'size != -1')...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:231:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:232:9: throw: if 'wait' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_clpreauth.c:232:9: danger: 'buf' leaks here; was allocated at [(1)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/0)
#  230|   
#  231|           close(pipe_to_parent[0]);
#  232|->         wait(NULL);
#  233|       }
#  234|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def66]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_kdcpreauth.c:75:11: warning[-Wanalyzer-malloc-leak]: leak of 'config'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_kdcpreauth.c:64:8: branch_false: following 'false' branch (when 'state' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_kdcpreauth.c:68:14: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_kdcpreauth.c:68:14: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_kdcpreauth.c:69:8: branch_false: following 'false' branch (when 'config' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_kdcpreauth.c:73:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_kdcpreauth.c:75:11: throw: if 'sss_radiuskdc_config_init' throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_kdcpreauth.c:75:11: danger: 'config' leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   73|       memset(config, 0, sizeof(struct sss_passkeykdc_config));
#   74|   
#   75|->     ret = sss_radiuskdc_config_init(state, kctx, princ, configstr, &config->radius);
#   76|       if (ret != 0) {
#   77|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def67]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:42:5: warning[-Wanalyzer-malloc-leak]: leak of ‘passkey’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:52:1: enter_function: entry to ‘sss_passkey_config_init’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:61:15: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:62:8: branch_false: following ‘false’ branch (when ‘passkey’ is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:65:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:94:9: call_function: inlined call to ‘sss_passkey_config_free’ from ‘sss_passkey_config_init’
#   40|       }
#   41|   
#   42|->     sss_string_array_free(passkey->indicators);
#   43|       free(passkey);
#   44|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def68]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:67:13: warning[-Wanalyzer-malloc-leak]: leak of ‘passkey’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:61:15: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:62:8: branch_false: following ‘false’ branch (when ‘passkey’ is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:65:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:67:13: throw: if ‘json_loads’ throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:67:13: danger: ‘passkey’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   65|       memset(passkey, 0, sizeof(struct sss_passkey_config));
#   66|   
#   67|->     jroot = json_loads(config, 0, &jret);
#   68|       if (jroot == NULL) {
#   69|           ret = EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def69]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:73:11: warning[-Wanalyzer-malloc-leak]: leak of ‘passkey’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:61:15: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:62:8: branch_false: following ‘false’ branch (when ‘passkey’ is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:65:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:68:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:73:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:73:11: throw: if ‘json_unpack’ throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:73:11: danger: ‘passkey’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   71|       }
#   72|   
#   73|->     ret = json_unpack(jroot, "[{s?:o}]", "indicators", &jindicators);
#   74|       if (ret != 0) {
#   75|           ret = EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def70]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:81:31: warning[-Wanalyzer-malloc-leak]: leak of ‘passkey’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:61:15: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:62:8: branch_false: following ‘false’ branch (when ‘passkey’ is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:65:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:68:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:73:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:74:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:80:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:80:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:81:31: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:81:31: throw: if ‘sss_json_array_to_strings’ throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:81:31: danger: ‘passkey’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#   79|       /* Are indicators set? */
#   80|       if (jindicators != NULL) {
#   81|->         passkey->indicators = sss_json_array_to_strings(jindicators);
#   82|           if (passkey->indicators == NULL) {
#   83|               ret = EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-416): [#def71]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:111:10: warning[-Wanalyzer-use-after-free]: use after 'free' of 'data'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:417:1: enter_function: entry to 'sss_passkey_message_from_json'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:429:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:433:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:437:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:441:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:452:16: call_function: calling 'sss_passkey_reply_from_json_object' from 'sss_passkey_message_from_json'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:452:16: return_function: returning to 'sss_passkey_message_from_json' from 'sss_passkey_reply_from_json_object'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:453:12: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:461:15: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:461:15: call_function: calling 'sss_passkey_message_init' from 'sss_passkey_message_from_json'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:461:15: return_function: returning to 'sss_passkey_message_from_json' from 'sss_passkey_message_init'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:462:8: branch_true: following 'true' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:463:9: call_function: calling 'sss_passkey_challenge_free' from 'sss_passkey_message_from_json'
#  109|       }
#  110|   
#  111|->     free(data->domain);
#  112|       free(data->cryptographic_challenge);
#  113|       sss_string_array_free(data->credential_id_list);

Error: GCC_ANALYZER_WARNING (CWE-416): [#def72]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:111:10: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘data’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:417:1: enter_function: entry to ‘sss_passkey_message_from_json’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:429:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:433:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:437:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:441:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:452:16: call_function: calling ‘sss_passkey_reply_from_json_object’ from ‘sss_passkey_message_from_json’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:452:16: return_function: returning to ‘sss_passkey_message_from_json’ from ‘sss_passkey_reply_from_json_object’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:453:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:461:15: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:461:15: call_function: calling ‘sss_passkey_message_init’ from ‘sss_passkey_message_from_json’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:461:15: return_function: returning to ‘sss_passkey_message_from_json’ from ‘sss_passkey_message_init’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:462:8: branch_true: following ‘true’ branch...
#  109|       }
#  110|   
#  111|->     free(data->domain);
#  112|       free(data->cryptographic_challenge);
#  113|       sss_string_array_free(data->credential_id_list);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def73]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:113:5: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:417:1: enter_function: entry to 'sss_passkey_message_from_json'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:429:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:433:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:437:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:441:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:452:16: call_function: calling 'sss_passkey_reply_from_json_object' from 'sss_passkey_message_from_json'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:452:16: return_function: returning to 'sss_passkey_message_from_json' from 'sss_passkey_reply_from_json_object'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:453:12: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:461:15: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:462:8: branch_true: following 'true' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:463:9: call_function: calling 'sss_passkey_challenge_free' from 'sss_passkey_message_from_json'
#  111|       free(data->domain);
#  112|       free(data->cryptographic_challenge);
#  113|->     sss_string_array_free(data->credential_id_list);
#  114|   
#  115|       free(data);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def74]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:113:5: warning[-Wanalyzer-malloc-leak]: leak of 'data'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:417:1: enter_function: entry to 'sss_passkey_message_from_json'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:429:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:433:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:437:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:441:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:446:16: call_function: calling 'sss_passkey_challenge_from_json_object' from 'sss_passkey_message_from_json'
#  111|       free(data->domain);
#  112|       free(data->cryptographic_challenge);
#  113|->     sss_string_array_free(data->credential_id_list);
#  114|   
#  115|       free(data);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def75]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:113:5: warning[-Wanalyzer-malloc-leak]: leak of 'message'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:376:1: enter_function: entry to 'sss_passkey_message_init'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:398:15: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:399:8: branch_false: following 'false' branch (when 'message' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:399:8: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:405:22: branch_true: following 'true' branch (when 'state' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:405:45: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:408:8: branch_true: following 'true' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:409:9: call_function: calling 'sss_passkey_message_free' from 'sss_passkey_message_init'
#  111|       free(data->domain);
#  112|       free(data->cryptographic_challenge);
#  113|->     sss_string_array_free(data->credential_id_list);
#  114|   
#  115|       free(data);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def76]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:113:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:417:1: enter_function: entry to ‘sss_passkey_message_from_json’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:429:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:433:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:437:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:441:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:452:16: call_function: calling ‘sss_passkey_reply_from_json_object’ from ‘sss_passkey_message_from_json’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:452:16: return_function: returning to ‘sss_passkey_message_from_json’ from ‘sss_passkey_reply_from_json_object’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:453:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:461:15: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:462:8: branch_true: following ‘true’ branch...
#  111|       free(data->domain);
#  112|       free(data->cryptographic_challenge);
#  113|->     sss_string_array_free(data->credential_id_list);
#  114|   
#  115|       free(data);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def77]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:113:5: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:119:1: enter_function: entry to ‘sss_passkey_challenge_init’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:128:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:128:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:128:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:134:12: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:135:8: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:135:8: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:143:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:145:9: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:158:9: call_function: inlined call to ‘sss_passkey_challenge_free’ from ‘sss_passkey_challenge_init’
#  111|       free(data->domain);
#  112|       free(data->cryptographic_challenge);
#  113|->     sss_string_array_free(data->credential_id_list);
#  114|   
#  115|       free(data);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def78]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:113:5: warning[-Wanalyzer-malloc-leak]: leak of ‘message’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:376:1: enter_function: entry to ‘sss_passkey_message_init’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:398:15: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:399:8: branch_false: following ‘false’ branch (when ‘message’ is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:399:8: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:405:22: branch_true: following ‘true’ branch (when ‘state’ is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:405:45: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:408:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:409:9: call_function: calling ‘sss_passkey_message_free’ from ‘sss_passkey_message_init’
#  111|       free(data->domain);
#  112|       free(data->cryptographic_challenge);
#  113|->     sss_string_array_free(data->credential_id_list);
#  114|   
#  115|       free(data);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def79]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:115:5: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:417:1: enter_function: entry to 'sss_passkey_message_from_json'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:429:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:433:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:437:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:441:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:452:16: call_function: calling 'sss_passkey_reply_from_json_object' from 'sss_passkey_message_from_json'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:452:16: return_function: returning to 'sss_passkey_message_from_json' from 'sss_passkey_reply_from_json_object'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:453:12: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:461:15: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:462:8: branch_true: following 'true' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:463:9: call_function: calling 'sss_passkey_challenge_free' from 'sss_passkey_message_from_json'
#  113|       sss_string_array_free(data->credential_id_list);
#  114|   
#  115|->     free(data);
#  116|   }
#  117|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def80]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:115:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:417:1: enter_function: entry to ‘sss_passkey_message_from_json’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:429:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:433:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:437:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:441:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:452:16: call_function: calling ‘sss_passkey_reply_from_json_object’ from ‘sss_passkey_message_from_json’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:452:16: return_function: returning to ‘sss_passkey_message_from_json’ from ‘sss_passkey_reply_from_json_object’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:453:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:461:15: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:462:8: branch_true: following ‘true’ branch...
#  113|       sss_string_array_free(data->credential_id_list);
#  114|   
#  115|->     free(data);
#  116|   }
#  117|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def81]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:128:9: warning[-Wanalyzer-malloc-leak]: leak of 'sss_passkey_challenge_init(jdata.domain,  credential_id_list,  jdata.user_verification,  jdata.cryptographic_challenge)'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:417:1: enter_function: entry to 'sss_passkey_message_from_json'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:429:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:433:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:437:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:441:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:446:16: call_function: calling 'sss_passkey_challenge_from_json_object' from 'sss_passkey_message_from_json'
#  126|   
#  127|       /* These are required fields. */
#  128|->     if (is_empty(domain)
#  129|           || is_empty(cryptographic_challenge)
#  130|           || credential_id_list == NULL || is_empty(credential_id_list[0])) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def82]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:128:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sss_passkey_challenge_init(jdata.domain,  credential_id_list,  jdata.user_verification,  jdata.cryptographic_challenge)’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:166:1: enter_function: entry to ‘sss_passkey_challenge_from_json_object’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:174:8: branch_false: following ‘false’ branch (when ‘jobject’ is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:178:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:183:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:187:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:187:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:188:30: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:189:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:194:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:194:12: call_function: calling ‘sss_passkey_challenge_init’ from ‘sss_passkey_challenge_from_json_object’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:194:12: return_function: returning to ‘sss_passkey_challenge_from_json_object’ from ‘sss_passkey_challenge_init’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:198:5: throw: if ‘sss_string_array_free’ throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:128:9: danger: ‘sss_passkey_challenge_init(jdata.domain,  credential_id_list,  jdata.user_verification,  jdata.cryptographic_challenge)’ leaks here; was allocated at [(18)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/17)
#  126|   
#  127|       /* These are required fields. */
#  128|->     if (is_empty(domain)
#  129|           || is_empty(cryptographic_challenge)
#  130|           || credential_id_list == NULL || is_empty(credential_id_list[0])) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def83]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:148:32: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:166:1: enter_function: entry to 'sss_passkey_challenge_from_json_object'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:174:8: branch_false: following 'false' branch (when 'jobject' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:178:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:183:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:187:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:187:8: branch_true: following 'true' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:188:30: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:189:12: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:194:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:194:12: call_function: calling 'sss_passkey_challenge_init' from 'sss_passkey_challenge_from_json_object'
#  146|       }
#  147|   
#  148|->     data->credential_id_list = sss_string_array_copy(credential_id_list);
#  149|       if (data->credential_id_list == NULL) {
#  150|           ret = ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def84]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:148:32: warning[-Wanalyzer-malloc-leak]: leak of 'data'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:166:1: enter_function: entry to 'sss_passkey_challenge_from_json_object'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:174:8: branch_false: following 'false' branch (when 'jobject' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:178:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:183:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:187:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:187:8: branch_true: following 'true' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:188:30: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:189:12: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:194:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:194:12: call_function: calling 'sss_passkey_challenge_init' from 'sss_passkey_challenge_from_json_object'
#  146|       }
#  147|   
#  148|->     data->credential_id_list = sss_string_array_copy(credential_id_list);
#  149|       if (data->credential_id_list == NULL) {
#  150|           ret = ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def85]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:148:32: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:128:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:128:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:128:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:135:8: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:135:8: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:141:20: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:143:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:148:32: throw: if ‘sss_string_array_copy’ throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:148:32: danger: ‘<unknown>’ leaks here; was allocated at [(9)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/8)
#  146|       }
#  147|   
#  148|->     data->credential_id_list = sss_string_array_copy(credential_id_list);
#  149|       if (data->credential_id_list == NULL) {
#  150|           ret = ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def86]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:148:32: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:128:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:128:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:128:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:134:12: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:135:8: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:135:8: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:143:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:148:32: throw: if ‘sss_string_array_copy’ throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:148:32: danger: ‘data’ leaks here; was allocated at [(7)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/6)
#  146|       }
#  147|   
#  148|->     data->credential_id_list = sss_string_array_copy(credential_id_list);
#  149|       if (data->credential_id_list == NULL) {
#  150|           ret = ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def87]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:198:5: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:417:1: enter_function: entry to 'sss_passkey_message_from_json'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:429:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:433:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:437:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:441:5: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:446:16: call_function: calling 'sss_passkey_challenge_from_json_object' from 'sss_passkey_message_from_json'
#  196|                                         jdata.cryptographic_challenge);
#  197|   
#  198|->     sss_string_array_free(credential_id_list);
#  199|       return data;
#  200|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def88]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:198:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:166:1: enter_function: entry to ‘sss_passkey_challenge_from_json_object’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:174:8: branch_false: following ‘false’ branch (when ‘jobject’ is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:178:11: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:183:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:187:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:187:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:188:30: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:189:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:194:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:194:12: call_function: calling ‘sss_passkey_challenge_init’ from ‘sss_passkey_challenge_from_json_object’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:194:12: return_function: returning to ‘sss_passkey_challenge_from_json_object’ from ‘sss_passkey_challenge_init’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:198:5: throw: if ‘sss_string_array_free’ throws an exception...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:198:5: danger: ‘<unknown>’ leaks here; was allocated at [(20)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/19)
#  196|                                         jdata.cryptographic_challenge);
#  197|   
#  198|->     sss_string_array_free(credential_id_list);
#  199|       return data;
#  200|   }

Error: GCC_ANALYZER_WARNING (CWE-416): [#def89]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:243:10: warning[-Wanalyzer-use-after-free]: use after 'free' of 'data'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:531:1: enter_function: entry to 'sss_passkey_message_from_reply_json'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:540:8: branch_false: following 'false' branch (when 'json_str' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:544:13: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:545:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:549:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:549:12: call_function: calling 'sss_passkey_reply_from_json_object' from 'sss_passkey_message_from_reply_json'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:549:12: return_function: returning to 'sss_passkey_message_from_reply_json' from 'sss_passkey_reply_from_json_object'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:550:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:555:15: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:555:15: call_function: calling 'sss_passkey_message_init' from 'sss_passkey_message_from_reply_json'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:555:15: return_function: returning to 'sss_passkey_message_from_reply_json' from 'sss_passkey_message_init'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:556:8: branch_true: following 'true' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:557:9: branch_true: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:557:9: call_function: calling 'sss_passkey_reply_free' from 'sss_passkey_message_from_reply_json'
#  241|       }
#  242|   
#  243|->     free(data->credential_id);
#  244|       free(data->cryptographic_challenge);
#  245|       free(data->authenticator_data);

Error: GCC_ANALYZER_WARNING (CWE-416): [#def90]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:243:10: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘data’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:531:1: enter_function: entry to ‘sss_passkey_message_from_reply_json’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:540:8: branch_false: following ‘false’ branch (when ‘json_str’ is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:544:13: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:545:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:549:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:549:12: call_function: calling ‘sss_passkey_reply_from_json_object’ from ‘sss_passkey_message_from_reply_json’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:549:12: return_function: returning to ‘sss_passkey_message_from_reply_json’ from ‘sss_passkey_reply_from_json_object’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:550:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:555:15: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:555:15: call_function: calling ‘sss_passkey_message_init’ from ‘sss_passkey_message_from_reply_json’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:555:15: return_function: returning to ‘sss_passkey_message_from_reply_json’ from ‘sss_passkey_message_init’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:556:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:557:9: call_function: inlined call to ‘sss_passkey_reply_free’ from ‘sss_passkey_message_from_reply_json’
#  241|       }
#  242|   
#  243|->     free(data->credential_id);
#  244|       free(data->cryptographic_challenge);
#  245|       free(data->authenticator_data);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def91]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:320:12: warning[-Wanalyzer-malloc-leak]: leak of 'sss_passkey_reply_from_json_object(json_loads(json_str, 0, & jret))'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:531:1: enter_function: entry to 'sss_passkey_message_from_reply_json'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:540:8: branch_false: following 'false' branch (when 'json_str' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:544:13: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:545:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:549:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:549:12: call_function: calling 'sss_passkey_reply_from_json_object' from 'sss_passkey_message_from_reply_json'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:549:12: return_function: returning to 'sss_passkey_message_from_reply_json' from 'sss_passkey_reply_from_json_object'
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:550:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:555:15: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:555:15: call_function: calling 'sss_passkey_message_init' from 'sss_passkey_message_from_reply_json'
#  318|       }
#  319|   
#  320|->     return sss_passkey_reply_init(jdata.credential_id,
#  321|                                     jdata.cryptographic_challenge,
#  322|                                     jdata.authenticator_data,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def92]
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:320:12: warning[-Wanalyzer-malloc-leak]: leak of ‘sss_passkey_reply_from_json_object(json_loads(json_str, 0, & jret))’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:531:1: enter_function: entry to ‘sss_passkey_message_from_reply_json’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:540:8: branch_false: following ‘false’ branch (when ‘json_str’ is non-NULL)...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:544:13: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:545:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:549:12: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:549:12: call_function: calling ‘sss_passkey_reply_from_json_object’ from ‘sss_passkey_message_from_reply_json’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:549:12: return_function: returning to ‘sss_passkey_message_from_reply_json’ from ‘sss_passkey_reply_from_json_object’
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:550:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:555:15: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/passkey/passkey_utils.c:555:15: call_function: calling ‘sss_passkey_message_init’ from ‘sss_passkey_message_from_reply_json’
#  318|       }
#  319|   
#  320|->     return sss_passkey_reply_init(jdata.credential_id,
#  321|                                     jdata.cryptographic_challenge,
#  322|                                     jdata.authenticator_data,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def93]
sssd-2.11.1/src/krb5_plugin/sssd_krb5_localauth_plugin.c:69:18: warning[-Wanalyzer-malloc-leak]: leak of 'buffer'
sssd-2.11.1/src/krb5_plugin/sssd_krb5_localauth_plugin.c:52:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/sssd_krb5_localauth_plugin.c:57:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/sssd_krb5_localauth_plugin.c:57:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/sssd_krb5_localauth_plugin.c:63:14: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/sssd_krb5_localauth_plugin.c:63:14: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/sssd_krb5_localauth_plugin.c:64:8: branch_false: following 'false' branch (when 'buffer' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/sssd_krb5_localauth_plugin.c:69:18: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/sssd_krb5_localauth_plugin.c:69:18: throw: if '_nss_sss_getpwnam_r' throws an exception...
sssd-2.11.1/src/krb5_plugin/sssd_krb5_localauth_plugin.c:69:18: danger: 'buffer' leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#   67|       }
#   68|   
#   69|->     nss_status = _nss_sss_getpwnam_r(princ_str, &pwd, buffer, buflen,
#   70|                                        &nss_errno);
#   71|       if (nss_status != NSS_STATUS_SUCCESS) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def94]
sssd-2.11.1/src/krb5_plugin/sssd_krb5_localauth_plugin.c:137:18: warning[-Wanalyzer-malloc-leak]: leak of 'buffer'
sssd-2.11.1/src/krb5_plugin/sssd_krb5_localauth_plugin.c:126:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/sssd_krb5_localauth_plugin.c:131:14: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/sssd_krb5_localauth_plugin.c:131:14: acquire_memory: allocated here
sssd-2.11.1/src/krb5_plugin/sssd_krb5_localauth_plugin.c:132:8: branch_false: following 'false' branch (when 'buffer' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/sssd_krb5_localauth_plugin.c:137:18: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/sssd_krb5_localauth_plugin.c:137:18: throw: if '_nss_sss_getpwnam_r' throws an exception...
sssd-2.11.1/src/krb5_plugin/sssd_krb5_localauth_plugin.c:137:18: danger: 'buffer' leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  135|       }
#  136|   
#  137|->     nss_status = _nss_sss_getpwnam_r(princ_str, &pwd, buffer, buflen,
#  138|                                        &nss_errno);
#  139|       if (nss_status != NSS_STATUS_SUCCESS) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def95]
sssd-2.11.1/src/krb5_plugin/sssd_krb5_locator_plugin.c:355:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(krb5info_name, 0)'
sssd-2.11.1/src/krb5_plugin/sssd_krb5_locator_plugin.c:453:17: enter_function: entry to 'sssd_krb5_locator_lookup'
sssd-2.11.1/src/krb5_plugin/sssd_krb5_locator_plugin.c:473:8: branch_false: following 'false' branch (when 'private_data' is non-NULL)...
sssd-2.11.1/src/krb5_plugin/sssd_krb5_locator_plugin.c:476:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/sssd_krb5_locator_plugin.c:476:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/sssd_krb5_locator_plugin.c:480:8: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/sssd_krb5_locator_plugin.c:485:9: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/sssd_krb5_locator_plugin.c:488:12: branch_false: following 'false' branch...
sssd-2.11.1/src/krb5_plugin/sssd_krb5_locator_plugin.c:493:15: branch_false: ...to here
sssd-2.11.1/src/krb5_plugin/sssd_krb5_locator_plugin.c:493:15: call_function: calling 'get_krb5info' from 'sssd_krb5_locator_lookup'
#  353|   
#  354|       errno = 0;
#  355|->     len = sss_atomic_read_s(fd, buf, BUFSIZE);
#  356|       if (len == -1) {
#  357|           ret = errno;

Error: COMPILER_WARNING (CWE-704): [#def96]
sssd-2.11.1/src/lib/certmap/sss_certmap.c: scope_hint: In function 'get_type_prefix'
sssd-2.11.1/src/lib/certmap/sss_certmap.c:106:11: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  106 |     delim = strchr(match_rule, ':');
#      |           ^
#  104|       *rule_start = match_rule;
#  105|   
#  106|->     delim = strchr(match_rule, ':');
#  107|       if (delim == NULL) {
#  108|           /* no type prefix found */

Error: COMPILER_WARNING (CWE-704): [#def97]
sssd-2.11.1/src/lib/certmap/sss_certmap.c:106:11: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  104|       *rule_start = match_rule;
#  105|   
#  106|->     delim = strchr(match_rule, ':');
#  107|       if (delim == NULL) {
#  108|           /* no type prefix found */

Error: COMPILER_WARNING (CWE-704): [#def98]
sssd-2.11.1/src/lib/certmap/sss_certmap.c: scope_hint: In function 'expand_sid'
sssd-2.11.1/src/lib/certmap/sss_certmap.c:586:13: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  586 |         sep = strrchr(sid, '-');
#      |             ^
#  584|           exp = talloc_strdup(ctx, sid);
#  585|       } else if (strcasecmp(attr_name, "rid") == 0) {
#  586|->         sep = strrchr(sid, '-');
#  587|           if (sep == NULL || sep[1] == '\0') {
#  588|               CM_DEBUG(ctx, "Unsupported SID string [%s].", sid);

Error: COMPILER_WARNING (CWE-704): [#def99]
sssd-2.11.1/src/lib/certmap/sss_certmap.c:586:13: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  584|           exp = talloc_strdup(ctx, sid);
#  585|       } else if (strcasecmp(attr_name, "rid") == 0) {
#  586|->         sep = strrchr(sid, '-');
#  587|           if (sep == NULL || sep[1] == '\0') {
#  588|               CM_DEBUG(ctx, "Unsupported SID string [%s].", sid);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def100]
sssd-2.11.1/src/lib/cifs_idmap_sss/cifs_idmap_sss.c:74:11: warning[-Wanalyzer-malloc-leak]: leak of 'ctx'
sssd-2.11.1/src/lib/cifs_idmap_sss/cifs_idmap_sss.c:63:8: branch_false: following 'false' branch...
sssd-2.11.1/src/lib/cifs_idmap_sss/cifs_idmap_sss.c:66:11: branch_false: ...to here
sssd-2.11.1/src/lib/cifs_idmap_sss/cifs_idmap_sss.c:66:11: acquire_memory: allocated here
sssd-2.11.1/src/lib/cifs_idmap_sss/cifs_idmap_sss.c:67:8: branch_false: following 'false' branch (when 'ctx' is non-NULL)...
sssd-2.11.1/src/lib/cifs_idmap_sss/cifs_idmap_sss.c:71:5: branch_false: ...to here
sssd-2.11.1/src/lib/cifs_idmap_sss/cifs_idmap_sss.c:74:11: throw: if 'sss_idmap_init' throws an exception...
sssd-2.11.1/src/lib/cifs_idmap_sss/cifs_idmap_sss.c:74:11: danger: 'ctx' leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   72|       ctx_set_error(ctx, NULL);
#   73|   
#   74|->     err = sss_idmap_init(NULL, NULL, NULL, &ctx->idmap);
#   75|       if (err != IDMAP_SUCCESS) {
#   76|           ctx_set_error(ctx, idmap_error_string(err));

Error: GCC_ANALYZER_WARNING (CWE-465): [#def101]
sssd-2.11.1/src/lib/idmap/sss_idmap.c:1322:12: warning[-Wanalyzer-deref-before-check]: check of 'idmap_domain_info' for NULL after already dereferencing it
sssd-2.11.1/src/lib/idmap/sss_idmap.c:1306:8: branch_false: following 'false' branch...
sssd-2.11.1/src/lib/idmap/sss_idmap.c:1310:5: branch_false: following 'false' branch...
sssd-2.11.1/src/lib/idmap/sss_idmap.c:1314:8: branch_false: following 'false' branch...
sssd-2.11.1/src/lib/idmap/sss_idmap.c:1314:8: branch_false: ...to here
sssd-2.11.1/src/lib/idmap/sss_idmap.c:1322:12: danger: pointer 'idmap_domain_info' is checked for NULL here but it was already dereferenced at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
# 1320|   
# 1321|       /* Try primary slices */
# 1322|->     while (idmap_domain_info != NULL) {
# 1323|           if (is_from_dom(idmap_domain_info->sid, domain_id)) {
# 1324|               if (idmap_domain_info->external_mapping == true) {

Error: COMPILER_WARNING (CWE-457): [#def102]
sssd-2.11.1/src/p11_child/p11_child_openssl.c: scope_hint: In function ‘do_card’
sssd-2.11.1/src/p11_child/p11_child_openssl.c:2228:15: warning[-Wmaybe-uninitialized]: ‘module_id’ may be used uninitialized
# 2228 |         ret = do_slot(module, module_id, slot_id, &info, &token_info, &module_info,
#      |               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 2229 |                       mem_ctx, p11_ctx, mode, pin, module_name_in, token_name_in,
#      |                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 2230 |                       key_id_in, label_in, uri_str, _multi);
#      |                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sssd-2.11.1/src/p11_child/p11_child_openssl.c:1996:12: note: ‘module_id’ was declared here
# 1996 |     size_t module_id;
#      |            ^~~~~~~~~
# 2226|           }
# 2227|   
# 2228|->         ret = do_slot(module, module_id, slot_id, &info, &token_info, &module_info,
# 2229|                         mem_ctx, p11_ctx, mode, pin, module_name_in, token_name_in,
# 2230|                         key_id_in, label_in, uri_str, _multi);

Error: COMPILER_WARNING (CWE-704): [#def103]
sssd-2.11.1/src/providers/ad/ad_access.c: scope_hint: In function 'parse_sub_filter'
sssd-2.11.1/src/providers/ad/ad_access.c:73:15: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#   73 |     specdelim = strchr(full_filter, ':');
#      |               ^
#   71|       char *specdelim;
#   72|   
#   73|->     specdelim = strchr(full_filter, ':');
#   74|       if (specdelim == NULL) return EINVAL;
#   75|   

Error: COMPILER_WARNING (CWE-704): [#def104]
sssd-2.11.1/src/providers/ad/ad_access.c:73:15: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#   71|       char *specdelim;
#   72|   
#   73|->     specdelim = strchr(full_filter, ':');
#   74|       if (specdelim == NULL) return EINVAL;
#   75|   

Error: COMPILER_WARNING (CWE-704): [#def105]
sssd-2.11.1/src/providers/ad/ad_access.c: scope_hint: In function 'parse_filter'
sssd-2.11.1/src/providers/ad/ad_access.c:112:13: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  112 |     kwdelim = strchr(full_filter, ':');
#      |             ^
#  110|       if (filter == NULL || spec == NULL || flags == NULL) return EINVAL;
#  111|   
#  112|->     kwdelim = strchr(full_filter, ':');
#  113|       if (kwdelim != NULL) {
#  114|           specdelim = strchr(kwdelim+1, ':');

Error: COMPILER_WARNING (CWE-704): [#def106]
sssd-2.11.1/src/providers/ad/ad_access.c:112:13: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  110|       if (filter == NULL || spec == NULL || flags == NULL) return EINVAL;
#  111|   
#  112|->     kwdelim = strchr(full_filter, ':');
#  113|       if (kwdelim != NULL) {
#  114|           specdelim = strchr(kwdelim+1, ':');

Error: GCC_ANALYZER_WARNING (CWE-476): [#def107]
sssd-2.11.1/src/providers/ad/ad_gpo.c:1321:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'dacl_filtered_gpo'
sssd-2.11.1/src/providers/ad/ad_gpo.c:1304:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:1309:25: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:1312:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:1312:8: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:1317:17: branch_true: following 'true' branch (when 'i < num_dacl_filtered_gpos')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:1319:47: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:1328:12: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:1329:13: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:1317:17: branch_true: following 'true' branch (when 'i < num_dacl_filtered_gpos')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:1319:47: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:1319:9: release_memory: 'dacl_filtered_gpo' is NULL
sssd-2.11.1/src/providers/ad/ad_gpo.c:1321:9: danger: dereference of NULL 'dacl_filtered_gpo'
# 1319|           dacl_filtered_gpo = dacl_filtered_gpos[i];
# 1320|   
# 1321|->         DEBUG(SSSDBG_TRACE_ALL, "examining cse candidate_gpo_guid: %s\n",
# 1322|                 dacl_filtered_gpo->gpo_guid);
# 1323|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def108]
sssd-2.11.1/src/providers/ad/ad_gpo.c:4941:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/ad/ad_gpo.c:4922:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4929:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4932:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4938:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4939:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4940:15: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4941:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4941:9: danger: 'pipefd_from_child[0]' leaks here
# 4939|       if (ret == -1) {
# 4940|           ret = errno;
# 4941|->         DEBUG(SSSDBG_CRIT_FAILURE,
# 4942|                 "pipe (to) failed [%d][%s].\n", errno, strerror(errno));
# 4943|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def109]
sssd-2.11.1/src/providers/ad/ad_gpo.c:4941:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ad/ad_gpo.c:4922:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4929:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4932:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4938:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4939:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4940:15: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4941:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4941:9: danger: 'pipefd_from_child[1]' leaks here
# 4939|       if (ret == -1) {
# 4940|           ret = errno;
# 4941|->         DEBUG(SSSDBG_CRIT_FAILURE,
# 4942|                 "pipe (to) failed [%d][%s].\n", errno, strerror(errno));
# 4943|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def110]
sssd-2.11.1/src/providers/ad/ad_gpo.c:4949:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/ad/ad_gpo.c:4922:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4929:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4932:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4938:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4939:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4946:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4948:8: branch_true: following 'true' branch (when 'pid == 0')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4949:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4949:9: throw: if 'exec_child_ex' throws an exception...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4949:9: danger: 'pipefd_from_child[0]' leaks here
# 4947|   
# 4948|       if (pid == 0) { /* child */
# 4949|->         exec_child_ex(state,
# 4950|                         pipefd_to_child, pipefd_from_child,
# 4951|                         GPO_CHILD, GPO_CHILD_LOG_FILE, extra_args, false,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def111]
sssd-2.11.1/src/providers/ad/ad_gpo.c:4949:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ad/ad_gpo.c:4922:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4929:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4932:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4938:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4939:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4946:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4948:8: branch_true: following 'true' branch (when 'pid == 0')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4949:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4949:9: throw: if 'exec_child_ex' throws an exception...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4949:9: danger: 'pipefd_from_child[1]' leaks here
# 4947|   
# 4948|       if (pid == 0) { /* child */
# 4949|->         exec_child_ex(state,
# 4950|                         pipefd_to_child, pipefd_from_child,
# 4951|                         GPO_CHILD, GPO_CHILD_LOG_FILE, extra_args, false,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def112]
sssd-2.11.1/src/providers/ad/ad_gpo.c:4949:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ad/ad_gpo.c:4922:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4929:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4932:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4938:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4939:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4946:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4948:8: branch_true: following 'true' branch (when 'pid == 0')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4949:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4949:9: throw: if 'exec_child_ex' throws an exception...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4949:9: danger: 'pipefd_to_child[0]' leaks here
# 4947|   
# 4948|       if (pid == 0) { /* child */
# 4949|->         exec_child_ex(state,
# 4950|                         pipefd_to_child, pipefd_from_child,
# 4951|                         GPO_CHILD, GPO_CHILD_LOG_FILE, extra_args, false,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def113]
sssd-2.11.1/src/providers/ad/ad_gpo.c:4949:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/ad/ad_gpo.c:4922:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4929:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4932:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4938:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4939:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4946:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4948:8: branch_true: following 'true' branch (when 'pid == 0')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4949:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4949:9: throw: if 'exec_child_ex' throws an exception...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4949:9: danger: 'pipefd_to_child[1]' leaks here
# 4947|   
# 4948|       if (pid == 0) { /* child */
# 4949|->         exec_child_ex(state,
# 4950|                         pipefd_to_child, pipefd_from_child,
# 4951|                         GPO_CHILD, GPO_CHILD_LOG_FILE, extra_args, false,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def114]
sssd-2.11.1/src/providers/ad/ad_gpo.c:4973:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/ad/ad_gpo.c:4922:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4929:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4932:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4938:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4939:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4946:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4948:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4956:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4956:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4972:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4973:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4973:9: danger: 'pipefd_from_child[0]' leaks here
# 4971|       } else { /* error */
# 4972|           ret = errno;
# 4973|->         DEBUG(SSSDBG_CRIT_FAILURE,
# 4974|                 "fork failed [%d][%s].\n", errno, strerror(errno));
# 4975|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def115]
sssd-2.11.1/src/providers/ad/ad_gpo.c:4973:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ad/ad_gpo.c:4922:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4929:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4932:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4938:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4939:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4946:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4948:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4956:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4956:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4972:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4973:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4973:9: danger: 'pipefd_from_child[1]' leaks here
# 4971|       } else { /* error */
# 4972|           ret = errno;
# 4973|->         DEBUG(SSSDBG_CRIT_FAILURE,
# 4974|                 "fork failed [%d][%s].\n", errno, strerror(errno));
# 4975|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def116]
sssd-2.11.1/src/providers/ad/ad_gpo.c:4973:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ad/ad_gpo.c:4922:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4929:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4932:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4938:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4939:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4946:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4948:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4956:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4956:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4972:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4973:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4973:9: danger: 'pipefd_to_child[0]' leaks here
# 4971|       } else { /* error */
# 4972|           ret = errno;
# 4973|->         DEBUG(SSSDBG_CRIT_FAILURE,
# 4974|                 "fork failed [%d][%s].\n", errno, strerror(errno));
# 4975|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def117]
sssd-2.11.1/src/providers/ad/ad_gpo.c:4973:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/ad/ad_gpo.c:4922:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4929:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4932:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4938:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4939:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4946:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4948:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4956:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4956:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4972:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4973:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4973:9: danger: 'pipefd_to_child[1]' leaks here
# 4971|       } else { /* error */
# 4972|           ret = errno;
# 4973|->         DEBUG(SSSDBG_CRIT_FAILURE,
# 4974|                 "fork failed [%d][%s].\n", errno, strerror(errno));
# 4975|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def118]
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/ad/ad_gpo.c:4922:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4929:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4932:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4938:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4939:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4940:15: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: danger: 'pipefd_from_child[0]' leaks here
# 4979|   
# 4980|   fail:
# 4981|->     PIPE_CLOSE(pipefd_from_child);
# 4982|       PIPE_CLOSE(pipefd_to_child);
# 4983|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def119]
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ad/ad_gpo.c:4922:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4929:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4932:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4938:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4939:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4940:15: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: danger: 'pipefd_from_child[1]' leaks here
# 4979|   
# 4980|   fail:
# 4981|->     PIPE_CLOSE(pipefd_from_child);
# 4982|       PIPE_CLOSE(pipefd_to_child);
# 4983|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def120]
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ad/ad_gpo.c:4922:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4929:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4932:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4938:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4939:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4946:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4948:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4956:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4956:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4972:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: danger: 'pipefd_to_child[0]' leaks here
# 4979|   
# 4980|   fail:
# 4981|->     PIPE_CLOSE(pipefd_from_child);
# 4982|       PIPE_CLOSE(pipefd_to_child);
# 4983|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def121]
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/ad/ad_gpo.c:4922:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4929:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4932:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4938:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4939:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4946:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4948:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4956:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4956:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4972:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: danger: 'pipefd_to_child[1]' leaks here
# 4979|   
# 4980|   fail:
# 4981|->     PIPE_CLOSE(pipefd_from_child);
# 4982|       PIPE_CLOSE(pipefd_to_child);
# 4983|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def122]
sssd-2.11.1/src/providers/ad/ad_gpo.c:4982:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/ad/ad_gpo.c:4922:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4929:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4932:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4938:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4939:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4940:15: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4982:5: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4982:5: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4982:5: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4982:5: danger: 'pipefd_from_child[0]' leaks here
# 4980|   fail:
# 4981|       PIPE_CLOSE(pipefd_from_child);
# 4982|->     PIPE_CLOSE(pipefd_to_child);
# 4983|       return ret;
# 4984|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def123]
sssd-2.11.1/src/providers/ad/ad_gpo.c:4982:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ad/ad_gpo.c:4922:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4929:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4932:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4938:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4939:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4940:15: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4981:5: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4982:5: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4982:5: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_gpo.c:4982:5: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ad/ad_gpo.c:4982:5: danger: 'pipefd_from_child[1]' leaks here
# 4980|   fail:
# 4981|       PIPE_CLOSE(pipefd_from_child);
# 4982|->     PIPE_CLOSE(pipefd_to_child);
# 4983|       return ret;
# 4984|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def124]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:264:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:263:15: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:264:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:264:9: danger: 'pipefd_from_child[0]' leaks here
#  262|       if (ret == -1) {
#  263|           ret = errno;
#  264|->         DEBUG(SSSDBG_CRIT_FAILURE,
#  265|                 "pipe (to) failed [%d][%s].\n", ret, strerror(ret));
#  266|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def125]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:264:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:263:15: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:264:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:264:9: danger: 'pipefd_from_child[1]' leaks here
#  262|       if (ret == -1) {
#  263|           ret = errno;
#  264|->         DEBUG(SSSDBG_CRIT_FAILURE,
#  265|                 "pipe (to) failed [%d][%s].\n", ret, strerror(ret));
#  266|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def126]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:271:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_true: following 'true' branch (when 'child_pid == 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:272:23: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:271:9: throw: if 'exec_child_ex' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:271:9: danger: 'pipefd_from_child[0]' leaks here
#  269|       child_pid = fork();
#  270|       if (child_pid == 0) { /* child */
#  271|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child,
#  272|                         renewal_data->prog_path, NULL,
#  273|                         extra_args, true,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def127]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:271:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_true: following 'true' branch (when 'child_pid == 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:272:23: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:271:9: throw: if 'exec_child_ex' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:271:9: danger: 'pipefd_from_child[1]' leaks here
#  269|       child_pid = fork();
#  270|       if (child_pid == 0) { /* child */
#  271|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child,
#  272|                         renewal_data->prog_path, NULL,
#  273|                         extra_args, true,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def128]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:271:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_true: following 'true' branch (when 'child_pid == 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:272:23: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:271:9: throw: if 'exec_child_ex' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:271:9: danger: 'pipefd_to_child[0]' leaks here
#  269|       child_pid = fork();
#  270|       if (child_pid == 0) { /* child */
#  271|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child,
#  272|                         renewal_data->prog_path, NULL,
#  273|                         extra_args, true,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def129]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:271:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_true: following 'true' branch (when 'child_pid == 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:272:23: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:271:9: throw: if 'exec_child_ex' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:271:9: danger: 'pipefd_to_child[1]' leaks here
#  269|       child_pid = fork();
#  270|       if (child_pid == 0) { /* child */
#  271|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child,
#  272|                         renewal_data->prog_path, NULL,
#  273|                         extra_args, true,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def130]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_true: following 'true' branch (when 'child_pid > 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:280:14: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: danger: 'pipefd_from_child[1]' leaks here
#  279|   
#  280|           state->io->read_from_child_fd = pipefd_from_child[0];
#  281|->         PIPE_FD_CLOSE(pipefd_from_child[1]);
#  282|           sss_fd_nonblocking(state->io->read_from_child_fd);
#  283|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def131]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_true: following 'true' branch (when 'child_pid > 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:280:14: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: danger: 'pipefd_to_child[0]' leaks here
#  279|   
#  280|           state->io->read_from_child_fd = pipefd_from_child[0];
#  281|->         PIPE_FD_CLOSE(pipefd_from_child[1]);
#  282|           sss_fd_nonblocking(state->io->read_from_child_fd);
#  283|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def132]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_true: following 'true' branch (when 'child_pid > 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:280:14: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: danger: 'pipefd_to_child[1]' leaks here
#  279|   
#  280|           state->io->read_from_child_fd = pipefd_from_child[0];
#  281|->         PIPE_FD_CLOSE(pipefd_from_child[1]);
#  282|           sss_fd_nonblocking(state->io->read_from_child_fd);
#  283|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def133]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_true: following 'true' branch (when 'child_pid > 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:280:14: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:9: throw: if 'sss_fd_nonblocking' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:9: danger: 'pipefd_from_child[1]' leaks here
#  280|           state->io->read_from_child_fd = pipefd_from_child[0];
#  281|           PIPE_FD_CLOSE(pipefd_from_child[1]);
#  282|->         sss_fd_nonblocking(state->io->read_from_child_fd);
#  283|   
#  284|           state->io->write_to_child_fd = pipefd_to_child[1];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def134]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_true: following 'true' branch (when 'child_pid > 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:280:14: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:9: throw: if 'sss_fd_nonblocking' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:9: danger: 'pipefd_to_child[0]' leaks here
#  280|           state->io->read_from_child_fd = pipefd_from_child[0];
#  281|           PIPE_FD_CLOSE(pipefd_from_child[1]);
#  282|->         sss_fd_nonblocking(state->io->read_from_child_fd);
#  283|   
#  284|           state->io->write_to_child_fd = pipefd_to_child[1];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def135]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_true: following 'true' branch (when 'child_pid > 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:280:14: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:9: throw: if 'sss_fd_nonblocking' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:9: danger: 'pipefd_to_child[1]' leaks here
#  280|           state->io->read_from_child_fd = pipefd_from_child[0];
#  281|           PIPE_FD_CLOSE(pipefd_from_child[1]);
#  282|->         sss_fd_nonblocking(state->io->read_from_child_fd);
#  283|   
#  284|           state->io->write_to_child_fd = pipefd_to_child[1];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def136]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_true: following 'true' branch (when 'child_pid > 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:280:14: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: danger: 'pipefd_from_child[1]' leaks here
#  283|   
#  284|           state->io->write_to_child_fd = pipefd_to_child[1];
#  285|->         PIPE_FD_CLOSE(pipefd_to_child[0]);
#  286|           sss_fd_nonblocking(state->io->write_to_child_fd);
#  287|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def137]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_true: following 'true' branch (when 'child_pid > 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:280:14: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: danger: 'pipefd_to_child[0]' leaks here
#  283|   
#  284|           state->io->write_to_child_fd = pipefd_to_child[1];
#  285|->         PIPE_FD_CLOSE(pipefd_to_child[0]);
#  286|           sss_fd_nonblocking(state->io->write_to_child_fd);
#  287|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def138]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:286:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_true: following 'true' branch (when 'child_pid > 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:280:14: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:286:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:286:9: throw: if 'sss_fd_nonblocking' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:286:9: danger: 'pipefd_from_child[1]' leaks here
#  284|           state->io->write_to_child_fd = pipefd_to_child[1];
#  285|           PIPE_FD_CLOSE(pipefd_to_child[0]);
#  286|->         sss_fd_nonblocking(state->io->write_to_child_fd);
#  287|   
#  288|           /* Set up SIGCHLD handler */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def139]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:286:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_true: following 'true' branch (when 'child_pid > 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:280:14: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:286:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:286:9: throw: if 'sss_fd_nonblocking' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:286:9: danger: 'pipefd_to_child[0]' leaks here
#  284|           state->io->write_to_child_fd = pipefd_to_child[1];
#  285|           PIPE_FD_CLOSE(pipefd_to_child[0]);
#  286|->         sss_fd_nonblocking(state->io->write_to_child_fd);
#  287|   
#  288|           /* Set up SIGCHLD handler */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def140]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:289:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_true: following 'true' branch (when 'child_pid > 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:280:14: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:286:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:289:15: throw: if 'child_handler_setup' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:289:15: danger: 'pipefd_from_child[1]' leaks here
#  287|   
#  288|           /* Set up SIGCHLD handler */
#  289|->         ret = child_handler_setup(ev, child_pid, NULL, NULL, &state->child_ctx);
#  290|           if (ret != EOK) {
#  291|               DEBUG(SSSDBG_OP_FAILURE, "Could not set up child handlers [%d]: %s\n",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def141]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:289:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_true: following 'true' branch (when 'child_pid > 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:280:14: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:286:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:289:15: throw: if 'child_handler_setup' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:289:15: danger: 'pipefd_to_child[0]' leaks here
#  287|   
#  288|           /* Set up SIGCHLD handler */
#  289|->         ret = child_handler_setup(ev, child_pid, NULL, NULL, &state->child_ctx);
#  290|           if (ret != EOK) {
#  291|               DEBUG(SSSDBG_OP_FAILURE, "Could not set up child handlers [%d]: %s\n",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def142]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:291:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_true: following 'true' branch (when 'child_pid > 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:280:14: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:286:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:290:12: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:291:13: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:291:13: throw: if 'sss_strerror' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:291:13: danger: 'pipefd_from_child[1]' leaks here
#  289|           ret = child_handler_setup(ev, child_pid, NULL, NULL, &state->child_ctx);
#  290|           if (ret != EOK) {
#  291|->             DEBUG(SSSDBG_OP_FAILURE, "Could not set up child handlers [%d]: %s\n",
#  292|                   ret, sss_strerror(ret));
#  293|               ret = ERR_RENEWAL_CHILD;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def143]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:291:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_true: following 'true' branch (when 'child_pid > 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:280:14: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:286:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:290:12: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:291:13: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:291:13: throw: if 'sss_strerror' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:291:13: danger: 'pipefd_to_child[0]' leaks here
#  289|           ret = child_handler_setup(ev, child_pid, NULL, NULL, &state->child_ctx);
#  290|           if (ret != EOK) {
#  291|->             DEBUG(SSSDBG_OP_FAILURE, "Could not set up child handlers [%d]: %s\n",
#  292|                   ret, sss_strerror(ret));
#  293|               ret = ERR_RENEWAL_CHILD;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def144]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:298:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_true: following 'true' branch (when 'child_pid > 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:280:14: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:286:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:290:12: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:298:14: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:298:14: throw: if 'be_ptask_get_timeout' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:298:14: danger: 'pipefd_from_child[1]' leaks here
#  296|   
#  297|           /* Set up timeout handler */
#  298|->         tv = sss_tevent_timeval_current_ofs_time_t(be_ptask_get_timeout(be_ptask));
#  299|           state->timeout_handler = tevent_add_timer(ev, req, tv,
#  300|                                       ad_machine_account_password_renewal_timeout,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def145]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:298:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_true: following 'true' branch (when 'child_pid > 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:280:14: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:286:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:290:12: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:298:14: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:298:14: throw: if 'be_ptask_get_timeout' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:298:14: danger: 'pipefd_to_child[0]' leaks here
#  296|   
#  297|           /* Set up timeout handler */
#  298|->         tv = sss_tevent_timeval_current_ofs_time_t(be_ptask_get_timeout(be_ptask));
#  299|           state->timeout_handler = tevent_add_timer(ev, req, tv,
#  300|                                       ad_machine_account_password_renewal_timeout,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def146]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:322:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: following 'false' branch (when 'child_pid <= 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:321:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:322:9: throw: if 'sss_strerror' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:322:9: danger: 'pipefd_from_child[0]' leaks here
#  320|       } else { /* error */
#  321|           ret = errno;
#  322|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
#  323|                                      ret, sss_strerror(ret));
#  324|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def147]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:322:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: following 'false' branch (when 'child_pid <= 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:321:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:322:9: throw: if 'sss_strerror' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:322:9: danger: 'pipefd_from_child[1]' leaks here
#  320|       } else { /* error */
#  321|           ret = errno;
#  322|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
#  323|                                      ret, sss_strerror(ret));
#  324|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def148]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:322:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: following 'false' branch (when 'child_pid <= 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:321:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:322:9: throw: if 'sss_strerror' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:322:9: danger: 'pipefd_to_child[0]' leaks here
#  320|       } else { /* error */
#  321|           ret = errno;
#  322|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
#  323|                                      ret, sss_strerror(ret));
#  324|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def149]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:322:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: following 'false' branch (when 'child_pid <= 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:321:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:322:9: throw: if 'sss_strerror' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:322:9: danger: 'pipefd_to_child[1]' leaks here
#  320|       } else { /* error */
#  321|           ret = errno;
#  322|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
#  323|                                      ret, sss_strerror(ret));
#  324|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def150]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:263:15: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:330:8: branch_true: following 'true' branch (when 'ret != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: danger: 'pipefd_from_child[0]' leaks here
#  329|   done:
#  330|       if (ret != EOK) {
#  331|->         PIPE_CLOSE(pipefd_from_child);
#  332|           PIPE_CLOSE(pipefd_to_child);
#  333|           tevent_req_error(req, ret);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def151]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:263:15: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:330:8: branch_true: following 'true' branch (when 'ret != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: danger: 'pipefd_from_child[1]' leaks here
#  329|   done:
#  330|       if (ret != EOK) {
#  331|->         PIPE_CLOSE(pipefd_from_child);
#  332|           PIPE_CLOSE(pipefd_to_child);
#  333|           tevent_req_error(req, ret);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def152]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: following 'false' branch (when 'child_pid <= 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:321:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:330:8: branch_true: following 'true' branch (when 'ret != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: danger: 'pipefd_to_child[0]' leaks here
#  329|   done:
#  330|       if (ret != EOK) {
#  331|->         PIPE_CLOSE(pipefd_from_child);
#  332|           PIPE_CLOSE(pipefd_to_child);
#  333|           tevent_req_error(req, ret);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def153]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: following 'false' branch (when 'child_pid <= 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:321:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:330:8: branch_true: following 'true' branch (when 'ret != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: danger: 'pipefd_to_child[1]' leaks here
#  329|   done:
#  330|       if (ret != EOK) {
#  331|->         PIPE_CLOSE(pipefd_from_child);
#  332|           PIPE_CLOSE(pipefd_to_child);
#  333|           tevent_req_error(req, ret);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def154]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:332:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:263:15: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:330:8: branch_true: following 'true' branch (when 'ret != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:332:9: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:332:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:332:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:332:9: danger: 'pipefd_from_child[0]' leaks here
#  330|       if (ret != EOK) {
#  331|           PIPE_CLOSE(pipefd_from_child);
#  332|->         PIPE_CLOSE(pipefd_to_child);
#  333|           tevent_req_error(req, ret);
#  334|           tevent_req_post(req, ev);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def155]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:332:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:263:15: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:330:8: branch_true: following 'true' branch (when 'ret != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:332:9: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:332:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:332:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:332:9: danger: 'pipefd_from_child[1]' leaks here
#  330|       if (ret != EOK) {
#  331|           PIPE_CLOSE(pipefd_from_child);
#  332|->         PIPE_CLOSE(pipefd_to_child);
#  333|           tevent_req_error(req, ret);
#  334|           tevent_req_post(req, ev);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def156]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:334:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:263:15: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:330:8: branch_true: following 'true' branch (when 'ret != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:332:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:334:9: throw: if 'tevent_req_post' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:334:9: danger: 'pipefd_from_child[0]' leaks here
#  332|           PIPE_CLOSE(pipefd_to_child);
#  333|           tevent_req_error(req, ret);
#  334|->         tevent_req_post(req, ev);
#  335|       }
#  336|       return req;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def157]
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:334:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:263:15: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:330:8: branch_true: following 'true' branch (when 'ret != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:331:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:332:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:334:9: throw: if 'tevent_req_post' throws an exception...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:334:9: danger: 'pipefd_from_child[1]' leaks here
#  332|           PIPE_CLOSE(pipefd_to_child);
#  333|           tevent_req_error(req, ret);
#  334|->         tevent_req_post(req, ev);
#  335|       }
#  336|       return req;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def158]
sssd-2.11.1/src/providers/ad/ad_subdomains.c:1164:19: warning[-Wanalyzer-null-dereference]: dereference of NULL 'root_id_ctx'
sssd-2.11.1/src/providers/ad/ad_subdomains.c:2288:13: enter_function: entry to 'ad_subdomains_refresh_root_done'
sssd-2.11.1/src/providers/ad/ad_subdomains.c:2305:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_subdomains.c:2306:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_subdomains.c:2309:9: release_memory: 'root_id_ctx' is NULL
sssd-2.11.1/src/providers/ad/ad_subdomains.c:2323:15: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_subdomains.c:2326:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_subdomains.c:2326:15: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_subdomains.c:2331:14: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_subdomains.c:2331:14: release_memory: 'root_id_ctx' is NULL
sssd-2.11.1/src/providers/ad/ad_subdomains.c:2331:14: call_function: calling 'ad_get_slave_domain_send' from 'ad_subdomains_refresh_root_done'
# 1162|       state->sd_ctx = sd_ctx;
# 1163|       state->be_ctx = sd_ctx->be_ctx;
# 1164|->     state->opts = root_id_ctx->sdap_id_ctx->opts;
# 1165|       state->idmap_ctx = root_id_ctx->sdap_id_ctx->opts->idmap_ctx;
# 1166|       state->root_attrs = root_attrs;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def159]
sssd-2.11.1/src/providers/be_dyndns.c:1087:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1086:15: branch_true: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1087:9: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/providers/be_dyndns.c:1087:9: danger: ‘pipefd_to_child[0]’ leaks here
# 1085|       if (ret == -1) {
# 1086|           ret = errno;
# 1087|->         DEBUG(SSSDBG_CRIT_FAILURE,
# 1088|                 "pipe (from) failed [%d][%s].\n", ret, strerror(ret));
# 1089|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def160]
sssd-2.11.1/src/providers/be_dyndns.c:1087:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1086:15: branch_true: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1087:9: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/providers/be_dyndns.c:1087:9: danger: ‘pipefd_to_child[1]’ leaks here
# 1085|       if (ret == -1) {
# 1086|           ret = errno;
# 1087|->         DEBUG(SSSDBG_CRIT_FAILURE,
# 1088|                 "pipe (from) failed [%d][%s].\n", ret, strerror(ret));
# 1089|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def161]
sssd-2.11.1/src/providers/be_dyndns.c:1131:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1086:15: branch_true: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1130:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/providers/be_dyndns.c:1131:9: branch_true: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1131:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1131:9: branch_true: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1131:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/providers/be_dyndns.c:1131:9: danger: ‘pipefd_to_child[0]’ leaks here
# 1129|   done:
# 1130|       if (ret != EOK) {
# 1131|->         PIPE_CLOSE(pipefd_to_child);
# 1132|           tevent_req_error(req, ret);
# 1133|           tevent_req_post(req, ev);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def162]
sssd-2.11.1/src/providers/be_dyndns.c:1131:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1086:15: branch_true: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1130:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/providers/be_dyndns.c:1131:9: branch_true: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1131:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1131:9: branch_true: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1131:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/providers/be_dyndns.c:1131:9: danger: ‘pipefd_to_child[1]’ leaks here
# 1129|   done:
# 1130|       if (ret != EOK) {
# 1131|->         PIPE_CLOSE(pipefd_to_child);
# 1132|           tevent_req_error(req, ret);
# 1133|           tevent_req_post(req, ev);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def163]
sssd-2.11.1/src/providers/be_dyndns.c:1133:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1086:15: branch_true: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1130:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/providers/be_dyndns.c:1131:9: branch_true: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1131:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1131:9: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1131:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1131:9: branch_true: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1133:9: throw: if ‘tevent_req_post’ throws an exception...
sssd-2.11.1/src/providers/be_dyndns.c:1133:9: danger: ‘pipefd_to_child[0]’ leaks here
# 1131|           PIPE_CLOSE(pipefd_to_child);
# 1132|           tevent_req_error(req, ret);
# 1133|->         tevent_req_post(req, ev);
# 1134|       }
# 1135|       return req;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def164]
sssd-2.11.1/src/providers/be_dyndns.c:1159:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1157|   
# 1158|       if (!sss_is_valid_dns_scheme(server_uri)) {
# 1159|->         sss_log(SSS_LOG_WARNING,
# 1160|                   "Invalid DNS scheme in SSSD config file: %s, using dns://\n",
# 1161|                   server_uri->scheme);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def165]
sssd-2.11.1/src/providers/be_dyndns.c:1159:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1157|   
# 1158|       if (!sss_is_valid_dns_scheme(server_uri)) {
# 1159|->         sss_log(SSS_LOG_WARNING,
# 1160|                   "Invalid DNS scheme in SSSD config file: %s, using dns://\n",
# 1161|                   server_uri->scheme);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def166]
sssd-2.11.1/src/providers/be_dyndns.c:1159:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1157|   
# 1158|       if (!sss_is_valid_dns_scheme(server_uri)) {
# 1159|->         sss_log(SSS_LOG_WARNING,
# 1160|                   "Invalid DNS scheme in SSSD config file: %s, using dns://\n",
# 1161|                   server_uri->scheme);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def167]
sssd-2.11.1/src/providers/be_dyndns.c:1159:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1157|   
# 1158|       if (!sss_is_valid_dns_scheme(server_uri)) {
# 1159|->         sss_log(SSS_LOG_WARNING,
# 1160|                   "Invalid DNS scheme in SSSD config file: %s, using dns://\n",
# 1161|                   server_uri->scheme);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def168]
sssd-2.11.1/src/providers/be_dyndns.c:1162:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1160|                   "Invalid DNS scheme in SSSD config file: %s, using dns://\n",
# 1161|                   server_uri->scheme);
# 1162|->         DEBUG(SSSDBG_MINOR_FAILURE,
# 1163|                 "Invalid DNS scheme in SSSD config file: %s, using dns://\n",
# 1164|                 server_uri->scheme);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def169]
sssd-2.11.1/src/providers/be_dyndns.c:1162:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1160|                   "Invalid DNS scheme in SSSD config file: %s, using dns://\n",
# 1161|                   server_uri->scheme);
# 1162|->         DEBUG(SSSDBG_MINOR_FAILURE,
# 1163|                 "Invalid DNS scheme in SSSD config file: %s, using dns://\n",
# 1164|                 server_uri->scheme);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def170]
sssd-2.11.1/src/providers/be_dyndns.c:1162:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1160|                   "Invalid DNS scheme in SSSD config file: %s, using dns://\n",
# 1161|                   server_uri->scheme);
# 1162|->         DEBUG(SSSDBG_MINOR_FAILURE,
# 1163|                 "Invalid DNS scheme in SSSD config file: %s, using dns://\n",
# 1164|                 server_uri->scheme);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def171]
sssd-2.11.1/src/providers/be_dyndns.c:1162:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1160|                   "Invalid DNS scheme in SSSD config file: %s, using dns://\n",
# 1161|                   server_uri->scheme);
# 1162|->         DEBUG(SSSDBG_MINOR_FAILURE,
# 1163|                 "Invalid DNS scheme in SSSD config file: %s, using dns://\n",
# 1164|                 server_uri->scheme);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def172]
sssd-2.11.1/src/providers/be_dyndns.c:1168:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1166|   
# 1167|       use_dot = sss_is_dot_scheme(server_uri);
# 1168|->     DEBUG(SSSDBG_FUNC_DATA, "nsupdate DoT: %i\n", use_dot);
# 1169|   
# 1170|       switch (auth_type) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def173]
sssd-2.11.1/src/providers/be_dyndns.c:1168:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1166|   
# 1167|       use_dot = sss_is_dot_scheme(server_uri);
# 1168|->     DEBUG(SSSDBG_FUNC_DATA, "nsupdate DoT: %i\n", use_dot);
# 1169|   
# 1170|       switch (auth_type) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def174]
sssd-2.11.1/src/providers/be_dyndns.c:1168:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1166|   
# 1167|       use_dot = sss_is_dot_scheme(server_uri);
# 1168|->     DEBUG(SSSDBG_FUNC_DATA, "nsupdate DoT: %i\n", use_dot);
# 1169|   
# 1170|       switch (auth_type) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def175]
sssd-2.11.1/src/providers/be_dyndns.c:1168:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1166|   
# 1167|       use_dot = sss_is_dot_scheme(server_uri);
# 1168|->     DEBUG(SSSDBG_FUNC_DATA, "nsupdate DoT: %i\n", use_dot);
# 1169|   
# 1170|       switch (auth_type) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def176]
sssd-2.11.1/src/providers/be_dyndns.c:1172:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1170|       switch (auth_type) {
# 1171|       case BE_NSUPDATE_AUTH_NONE:
# 1172|->         DEBUG(SSSDBG_FUNC_DATA, "nsupdate auth type: none\n");
# 1173|           break;
# 1174|       case BE_NSUPDATE_AUTH_GSS_TSIG:

Error: GCC_ANALYZER_WARNING (CWE-775): [#def177]
sssd-2.11.1/src/providers/be_dyndns.c:1172:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1170|       switch (auth_type) {
# 1171|       case BE_NSUPDATE_AUTH_NONE:
# 1172|->         DEBUG(SSSDBG_FUNC_DATA, "nsupdate auth type: none\n");
# 1173|           break;
# 1174|       case BE_NSUPDATE_AUTH_GSS_TSIG:

Error: GCC_ANALYZER_WARNING (CWE-775): [#def178]
sssd-2.11.1/src/providers/be_dyndns.c:1172:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1170|       switch (auth_type) {
# 1171|       case BE_NSUPDATE_AUTH_NONE:
# 1172|->         DEBUG(SSSDBG_FUNC_DATA, "nsupdate auth type: none\n");
# 1173|           break;
# 1174|       case BE_NSUPDATE_AUTH_GSS_TSIG:

Error: GCC_ANALYZER_WARNING (CWE-775): [#def179]
sssd-2.11.1/src/providers/be_dyndns.c:1172:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1170|       switch (auth_type) {
# 1171|       case BE_NSUPDATE_AUTH_NONE:
# 1172|->         DEBUG(SSSDBG_FUNC_DATA, "nsupdate auth type: none\n");
# 1173|           break;
# 1174|       case BE_NSUPDATE_AUTH_GSS_TSIG:

Error: GCC_ANALYZER_WARNING (CWE-775): [#def180]
sssd-2.11.1/src/providers/be_dyndns.c:1175:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1173|           break;
# 1174|       case BE_NSUPDATE_AUTH_GSS_TSIG:
# 1175|->         DEBUG(SSSDBG_FUNC_DATA, "nsupdate auth type: GSS-TSIG\n");
# 1176|           argv[argc] = talloc_strdup(argv, "-g");
# 1177|           if (argv[argc] == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def181]
sssd-2.11.1/src/providers/be_dyndns.c:1175:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1173|           break;
# 1174|       case BE_NSUPDATE_AUTH_GSS_TSIG:
# 1175|->         DEBUG(SSSDBG_FUNC_DATA, "nsupdate auth type: GSS-TSIG\n");
# 1176|           argv[argc] = talloc_strdup(argv, "-g");
# 1177|           if (argv[argc] == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def182]
sssd-2.11.1/src/providers/be_dyndns.c:1175:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1173|           break;
# 1174|       case BE_NSUPDATE_AUTH_GSS_TSIG:
# 1175|->         DEBUG(SSSDBG_FUNC_DATA, "nsupdate auth type: GSS-TSIG\n");
# 1176|           argv[argc] = talloc_strdup(argv, "-g");
# 1177|           if (argv[argc] == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def183]
sssd-2.11.1/src/providers/be_dyndns.c:1175:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1173|           break;
# 1174|       case BE_NSUPDATE_AUTH_GSS_TSIG:
# 1175|->         DEBUG(SSSDBG_FUNC_DATA, "nsupdate auth type: GSS-TSIG\n");
# 1176|           argv[argc] = talloc_strdup(argv, "-g");
# 1177|           if (argv[argc] == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def184]
sssd-2.11.1/src/providers/be_dyndns.c:1176:22: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1174|       case BE_NSUPDATE_AUTH_GSS_TSIG:
# 1175|           DEBUG(SSSDBG_FUNC_DATA, "nsupdate auth type: GSS-TSIG\n");
# 1176|->         argv[argc] = talloc_strdup(argv, "-g");
# 1177|           if (argv[argc] == NULL) {
# 1178|               goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def185]
sssd-2.11.1/src/providers/be_dyndns.c:1176:22: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1174|       case BE_NSUPDATE_AUTH_GSS_TSIG:
# 1175|           DEBUG(SSSDBG_FUNC_DATA, "nsupdate auth type: GSS-TSIG\n");
# 1176|->         argv[argc] = talloc_strdup(argv, "-g");
# 1177|           if (argv[argc] == NULL) {
# 1178|               goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def186]
sssd-2.11.1/src/providers/be_dyndns.c:1176:22: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1174|       case BE_NSUPDATE_AUTH_GSS_TSIG:
# 1175|           DEBUG(SSSDBG_FUNC_DATA, "nsupdate auth type: GSS-TSIG\n");
# 1176|->         argv[argc] = talloc_strdup(argv, "-g");
# 1177|           if (argv[argc] == NULL) {
# 1178|               goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def187]
sssd-2.11.1/src/providers/be_dyndns.c:1176:22: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1174|       case BE_NSUPDATE_AUTH_GSS_TSIG:
# 1175|           DEBUG(SSSDBG_FUNC_DATA, "nsupdate auth type: GSS-TSIG\n");
# 1176|->         argv[argc] = talloc_strdup(argv, "-g");
# 1177|           if (argv[argc] == NULL) {
# 1178|               goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def188]
sssd-2.11.1/src/providers/be_dyndns.c:1183:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1181|           break;
# 1182|       default:
# 1183|->         DEBUG(SSSDBG_CRIT_FAILURE,
# 1184|                 "Unknown nsupdate auth type %d\n", auth_type);
# 1185|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def189]
sssd-2.11.1/src/providers/be_dyndns.c:1183:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1181|           break;
# 1182|       default:
# 1183|->         DEBUG(SSSDBG_CRIT_FAILURE,
# 1184|                 "Unknown nsupdate auth type %d\n", auth_type);
# 1185|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def190]
sssd-2.11.1/src/providers/be_dyndns.c:1183:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1181|           break;
# 1182|       default:
# 1183|->         DEBUG(SSSDBG_CRIT_FAILURE,
# 1184|                 "Unknown nsupdate auth type %d\n", auth_type);
# 1185|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def191]
sssd-2.11.1/src/providers/be_dyndns.c:1183:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/providers/be_dyndns.c:1052:20: enter_function: entry to ‘be_nsupdate_send’
sssd-2.11.1/src/providers/be_dyndns.c:1072:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_dyndns.c:1075:10: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1078:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1084:11: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1085:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: branch_false: ...to here
sssd-2.11.1/src/providers/be_dyndns.c:1092:12: call_function: calling ‘be_nsupdate_args’ from ‘be_nsupdate_send’
# 1181|           break;
# 1182|       default:
# 1183|->         DEBUG(SSSDBG_CRIT_FAILURE,
# 1184|                 "Unknown nsupdate auth type %d\n", auth_type);
# 1185|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def192]
sssd-2.11.1/src/providers/be_netlink.c:201:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&type_path, 0)’
sssd-2.11.1/src/providers/be_netlink.c:182:8: branch_false: following ‘false’ branch (when ‘ret >= 0’)...
sssd-2.11.1/src/providers/be_netlink.c:185:15: branch_false: ...to here
sssd-2.11.1/src/providers/be_netlink.c:185:15: branch_false: following ‘false’ branch (when ‘ret <= 37’)...
sssd-2.11.1/src/providers/be_netlink.c:190:5: branch_false: ...to here
sssd-2.11.1/src/providers/be_netlink.c:191:10: acquire_resource: opened here
sssd-2.11.1/src/providers/be_netlink.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/be_netlink.c:199:5: branch_false: ...to here
sssd-2.11.1/src/providers/be_netlink.c:201:11: throw: if ‘sss_atomic_io_s’ throws an exception...
sssd-2.11.1/src/providers/be_netlink.c:201:11: danger: ‘open(&type_path, 0)’ leaks here; was opened at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  199|       memset(buf, 0, BUFSIZE);
#  200|       errno = 0;
#  201|->     ret = sss_atomic_read_s(fd, buf, BUFSIZE);
#  202|       if (ret == -1) {
#  203|           ret = errno;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def193]
sssd-2.11.1/src/providers/data_provider/dp_targets.c:56:13: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
sssd-2.11.1/src/providers/data_provider/dp_targets.c:47:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/data_provider/dp_targets.c:52:5: acquire_resource: ‘va_start’ called here
sssd-2.11.1/src/providers/data_provider/dp_targets.c:53:12: branch_true: following ‘true’ branch (when ‘type != 11’)...
sssd-2.11.1/src/providers/data_provider/dp_targets.c:54:18: branch_true: ...to here
sssd-2.11.1/src/providers/data_provider/dp_targets.c:55:12: branch_true: following ‘true’ branch (when ‘target’ is NULL)...
sssd-2.11.1/src/providers/data_provider/dp_targets.c:55:12: branch_true: ...to here
 branch_false: following ‘false’ branch (when ‘type > 10’)...
sssd-2.11.1/src/providers/data_provider/dp_targets.c:56:13: branch_false: ...to here
sssd-2.11.1/src/providers/data_provider/dp_targets.c:56:13: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/providers/data_provider/dp_targets.c:56:13: danger: missing call to ‘va_end’ to match ‘va_start’ at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   54|           target = provider->targets[type];
#   55|           if (target == NULL || target->module_name == NULL) {
#   56|->             DEBUG(SSSDBG_MINOR_FAILURE, "Uninitialized target %s\n",
#   57|                     dp_target_to_string(type));
#   58|               continue;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def194]
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:96:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:81:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:85:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:86:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:93:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:94:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:95:15: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:96:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:96:9: danger: 'pipefd_from_child[0]' leaks here
#   94|       if (ret == -1) {
#   95|           ret = errno;
#   96|->         DEBUG(SSSDBG_CRIT_FAILURE,
#   97|                 "pipe (to) failed [%d][%s].\n", errno, strerror(errno));
#   98|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def195]
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:96:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:81:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:85:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:86:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:93:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:94:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:95:15: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:96:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:96:9: danger: 'pipefd_from_child[1]' leaks here
#   94|       if (ret == -1) {
#   95|           ret = errno;
#   96|->         DEBUG(SSSDBG_CRIT_FAILURE,
#   97|                 "pipe (to) failed [%d][%s].\n", errno, strerror(errno));
#   98|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def196]
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:104:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:81:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:85:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:86:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:93:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:94:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:101:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:103:8: branch_true: following 'true' branch (when 'pid == 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:104:9: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:104:9: throw: if 'exec_child_ex' throws an exception...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:104:9: danger: 'pipefd_from_child[0]' leaks here
#  102|   
#  103|       if (pid == 0) { /* child */
#  104|->         exec_child_ex(tmp_ctx,
#  105|                         pipefd_to_child, pipefd_from_child,
#  106|                         OIDC_CHILD, OIDC_CHILD_LOG_FILE,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def197]
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:104:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:81:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:85:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:86:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:93:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:94:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:101:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:103:8: branch_true: following 'true' branch (when 'pid == 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:104:9: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:104:9: throw: if 'exec_child_ex' throws an exception...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:104:9: danger: 'pipefd_from_child[1]' leaks here
#  102|   
#  103|       if (pid == 0) { /* child */
#  104|->         exec_child_ex(tmp_ctx,
#  105|                         pipefd_to_child, pipefd_from_child,
#  106|                         OIDC_CHILD, OIDC_CHILD_LOG_FILE,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def198]
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:104:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:81:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:85:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:86:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:93:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:94:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:101:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:103:8: branch_true: following 'true' branch (when 'pid == 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:104:9: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:104:9: throw: if 'exec_child_ex' throws an exception...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:104:9: danger: 'pipefd_to_child[0]' leaks here
#  102|   
#  103|       if (pid == 0) { /* child */
#  104|->         exec_child_ex(tmp_ctx,
#  105|                         pipefd_to_child, pipefd_from_child,
#  106|                         OIDC_CHILD, OIDC_CHILD_LOG_FILE,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def199]
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:104:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:81:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:85:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:86:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:93:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:94:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:101:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:103:8: branch_true: following 'true' branch (when 'pid == 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:104:9: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:104:9: throw: if 'exec_child_ex' throws an exception...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:104:9: danger: 'pipefd_to_child[1]' leaks here
#  102|   
#  103|       if (pid == 0) { /* child */
#  104|->         exec_child_ex(tmp_ctx,
#  105|                         pipefd_to_child, pipefd_from_child,
#  106|                         OIDC_CHILD, OIDC_CHILD_LOG_FILE,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def200]
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:116:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:81:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:85:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:86:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:93:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:94:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:101:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:103:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_true: following 'true' branch (when 'pid < 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:115:15: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:116:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:116:9: danger: 'pipefd_from_child[0]' leaks here
#  114|       } else if (pid < 0) { /* error */
#  115|           ret = errno;
#  116|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d]: %s\n", ret, strerror(ret));
#  117|           goto done;
#  118|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def201]
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:116:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:81:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:85:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:86:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:93:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:94:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:101:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:103:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_true: following 'true' branch (when 'pid < 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:115:15: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:116:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:116:9: danger: 'pipefd_from_child[1]' leaks here
#  114|       } else if (pid < 0) { /* error */
#  115|           ret = errno;
#  116|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d]: %s\n", ret, strerror(ret));
#  117|           goto done;
#  118|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def202]
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:116:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:81:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:85:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:86:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:93:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:94:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:101:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:103:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_true: following 'true' branch (when 'pid < 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:115:15: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:116:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:116:9: danger: 'pipefd_to_child[0]' leaks here
#  114|       } else if (pid < 0) { /* error */
#  115|           ret = errno;
#  116|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d]: %s\n", ret, strerror(ret));
#  117|           goto done;
#  118|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def203]
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:116:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:81:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:85:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:86:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:93:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:94:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:101:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:103:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_true: following 'true' branch (when 'pid < 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:115:15: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:116:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:116:9: danger: 'pipefd_to_child[1]' leaks here
#  114|       } else if (pid < 0) { /* error */
#  115|           ret = errno;
#  116|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d]: %s\n", ret, strerror(ret));
#  117|           goto done;
#  118|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def204]
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:81:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:85:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:86:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:93:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:94:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:101:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:103:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_false: following 'false' branch (when 'pid >= 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:122:10: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:123:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: danger: 'pipefd_from_child[0]' leaks here
#  122|       io = talloc_zero(tmp_ctx, struct child_io_fds);
#  123|       if (io == NULL) {
#  124|->         DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
#  125|           ret = ENOMEM;
#  126|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def205]
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:81:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:85:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:86:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:93:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:94:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:101:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:103:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_false: following 'false' branch (when 'pid >= 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:122:10: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:123:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: danger: 'pipefd_from_child[1]' leaks here
#  122|       io = talloc_zero(tmp_ctx, struct child_io_fds);
#  123|       if (io == NULL) {
#  124|->         DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
#  125|           ret = ENOMEM;
#  126|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def206]
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:81:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:85:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:86:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:93:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:94:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:101:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:103:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_false: following 'false' branch (when 'pid >= 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:122:10: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:123:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: danger: 'pipefd_to_child[0]' leaks here
#  122|       io = talloc_zero(tmp_ctx, struct child_io_fds);
#  123|       if (io == NULL) {
#  124|->         DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
#  125|           ret = ENOMEM;
#  126|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def207]
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:81:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:85:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:86:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:93:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:94:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:101:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:103:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_false: following 'false' branch (when 'pid >= 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:122:10: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:123:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: danger: 'pipefd_to_child[1]' leaks here
#  122|       io = talloc_zero(tmp_ctx, struct child_io_fds);
#  123|       if (io == NULL) {
#  124|->         DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
#  125|           ret = ENOMEM;
#  126|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def208]
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:81:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:85:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:86:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:93:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:94:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:101:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:103:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:123:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:159:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: danger: 'pipefd_from_child[0]' leaks here
#  158|       if (ret != EOK) {
#  159|           PIPE_CLOSE(pipefd_from_child);
#  160|->         PIPE_CLOSE(pipefd_to_child);
#  161|           child_terminate(pid);
#  162|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def209]
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:81:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:85:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:86:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:93:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:94:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:101:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:103:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:123:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:159:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: danger: 'pipefd_from_child[1]' leaks here
#  158|       if (ret != EOK) {
#  159|           PIPE_CLOSE(pipefd_from_child);
#  160|->         PIPE_CLOSE(pipefd_to_child);
#  161|           child_terminate(pid);
#  162|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def210]
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:81:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:85:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:86:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:93:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:94:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:101:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:103:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:123:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:159:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: danger: 'pipefd_to_child[0]' leaks here
#  158|       if (ret != EOK) {
#  159|           PIPE_CLOSE(pipefd_from_child);
#  160|->         PIPE_CLOSE(pipefd_to_child);
#  161|           child_terminate(pid);
#  162|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def211]
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:81:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:85:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:86:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:93:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:94:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:101:11: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:103:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:123:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:124:9: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:159:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: branch_true: ...to here
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/idp/oidc_child_handler.c:160:9: danger: 'pipefd_to_child[1]' leaks here
#  158|       if (ret != EOK) {
#  159|           PIPE_CLOSE(pipefd_from_child);
#  160|->         PIPE_CLOSE(pipefd_to_child);
#  161|           child_terminate(pid);
#  162|       }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def212]
sssd-2.11.1/src/providers/ipa/ipa_access.c:68:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/providers/ipa/ipa_access.c:67:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/providers/ipa/ipa_access.c:68:5: throw: if 'sss_vdebug_fn' throws an exception...
sssd-2.11.1/src/providers/ipa/ipa_access.c:68:5: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   66|   
#   67|       va_start(ap, fmt);
#   68|->     sss_vdebug_fn(file, line, function, loglevel, 0, fmt, ap);
#   69|       va_end(ap);
#   70|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def213]
sssd-2.11.1/src/providers/ipa/ipa_dn.c:40:15: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/providers/ipa/ipa_dn.c:94:9: enter_function: entry to '_ipa_get_rdn'
sssd-2.11.1/src/providers/ipa/ipa_dn.c:109:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ipa/ipa_dn.c:113:5: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_dn.c:113:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/providers/ipa/ipa_dn.c:114:12: call_function: calling 'check_dn' from '_ipa_get_rdn'
#   38|   
#   39|       /* check RDN attribute */
#   40|->     ldbattr = ldb_dn_get_rdn_name(dn);
#   41|       if (ldbattr == NULL || strcasecmp(ldbattr, rdn_attr) != 0) {
#   42|           return false;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def214]
sssd-2.11.1/src/providers/ipa/ipa_dn.c:50:16: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/providers/ipa/ipa_dn.c:94:9: enter_function: entry to '_ipa_get_rdn'
sssd-2.11.1/src/providers/ipa/ipa_dn.c:109:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ipa/ipa_dn.c:113:5: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_dn.c:113:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/providers/ipa/ipa_dn.c:114:12: call_function: calling 'check_dn' from '_ipa_get_rdn'
#   48|   
#   49|       comp = 1;
#   50|->     num_comp = ldb_dn_get_comp_num(dn);
#   51|   
#   52|       va_copy(ap, in_ap);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def215]
sssd-2.11.1/src/providers/ipa/ipa_dn.c:63:19: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/providers/ipa/ipa_dn.c:41:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ipa/ipa_dn.c:52:5: acquire_resource: 'va_copy' called here
sssd-2.11.1/src/providers/ipa/ipa_dn.c:53:12: branch_true: following 'true' branch (when 'attr' is non-NULL)...
sssd-2.11.1/src/providers/ipa/ipa_dn.c:54:9: branch_true: ...to here
sssd-2.11.1/src/providers/ipa/ipa_dn.c:55:12: branch_false: following 'false' branch (when 'val' is non-NULL)...
sssd-2.11.1/src/providers/ipa/ipa_dn.c:59:12: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_dn.c:59:12: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ipa/ipa_dn.c:63:19: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_dn.c:63:19: throw: if 'ldb_dn_get_component_name' throws an exception...
sssd-2.11.1/src/providers/ipa/ipa_dn.c:63:19: danger: missing call to 'va_end' to match 'va_copy' at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#   61|           }
#   62|   
#   63|->         ldbattr = ldb_dn_get_component_name(dn, comp);
#   64|           if (ldbattr == NULL || strcasecmp(ldbattr, attr) != 0) {
#   65|               goto vafail;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def216]
sssd-2.11.1/src/providers/ipa/ipa_dn.c:68:18: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/providers/ipa/ipa_dn.c:41:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ipa/ipa_dn.c:52:5: acquire_resource: 'va_copy' called here
sssd-2.11.1/src/providers/ipa/ipa_dn.c:53:12: branch_true: following 'true' branch (when 'attr' is non-NULL)...
sssd-2.11.1/src/providers/ipa/ipa_dn.c:54:9: branch_true: ...to here
sssd-2.11.1/src/providers/ipa/ipa_dn.c:55:12: branch_false: following 'false' branch (when 'val' is non-NULL)...
sssd-2.11.1/src/providers/ipa/ipa_dn.c:59:12: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_dn.c:59:12: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ipa/ipa_dn.c:63:19: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_dn.c:64:12: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ipa/ipa_dn.c:68:18: throw: if 'ldb_dn_get_component_val' throws an exception...
sssd-2.11.1/src/providers/ipa/ipa_dn.c:68:18: danger: missing call to 'va_end' to match 'va_copy' at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#   66|           }
#   67|   
#   68|->         ldbval = ldb_dn_get_component_val(dn, comp);
#   69|           if (ldbval == NULL) {
#   70|               goto vafail;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def217]
sssd-2.11.1/src/providers/ipa/ipa_dn.c:82:15: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/providers/ipa/ipa_dn.c:94:9: enter_function: entry to '_ipa_get_rdn'
sssd-2.11.1/src/providers/ipa/ipa_dn.c:109:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ipa/ipa_dn.c:113:5: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_dn.c:113:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/providers/ipa/ipa_dn.c:114:12: call_function: calling 'check_dn' from '_ipa_get_rdn'
#   80|       va_end(ap);
#   81|   
#   82|->     ldbattr = ldb_dn_get_component_name(dn, comp);
#   83|       if (ldbattr == NULL || strcmp(ldbattr, "dc") != 0) {
#   84|           return false;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def218]
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:689:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:686:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:693:5: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:696:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:703:11: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:705:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:712:15: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:712:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:726:15: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:689:16: danger: 'pipefd_to_child[0]' leaks here
#  687|           DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
#  688|           ret = ENOMEM;
#  689|->         return ret;
#  690|       }
#  691|       c++;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def219]
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:689:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:686:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:693:5: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:696:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:703:11: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:705:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:712:15: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:712:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:726:15: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:689:16: danger: 'pipefd_to_child[1]' leaks here
#  687|           DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
#  688|           ret = ENOMEM;
#  689|->         return ret;
#  690|       }
#  691|       c++;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def220]
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:706:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:686:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:693:5: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:696:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:703:11: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:705:8: branch_true: following 'true' branch (when 'pid == 0')...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:706:9: branch_true: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:706:9: throw: if 'exec_child_ex' throws an exception...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:706:9: danger: 'pipefd_to_child[0]' leaks here
#  704|   
#  705|       if (pid == 0) { /* child */
#  706|->         exec_child_ex(state, pipefd_to_child, NULL,
#  707|                         SELINUX_CHILD, SELINUX_CHILD_LOG_FILE, extra_args,
#  708|                         false, STDIN_FILENO, STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def221]
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:706:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:686:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:693:5: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:696:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:703:11: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:705:8: branch_true: following 'true' branch (when 'pid == 0')...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:706:9: branch_true: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:706:9: throw: if 'exec_child_ex' throws an exception...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:706:9: danger: 'pipefd_to_child[1]' leaks here
#  704|   
#  705|       if (pid == 0) { /* child */
#  706|->         exec_child_ex(state, pipefd_to_child, NULL,
#  707|                         SELINUX_CHILD, SELINUX_CHILD_LOG_FILE, extra_args,
#  708|                         false, STDIN_FILENO, STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def222]
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:727:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:686:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:693:5: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:696:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:703:11: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:705:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:712:15: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:712:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:726:15: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:727:9: throw: if 'sss_strerror' throws an exception...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:727:9: danger: 'pipefd_to_child[0]' leaks here
#  725|       } else { /* error */
#  726|           ret = errno;
#  727|->         DEBUG(SSSDBG_CRIT_FAILURE,
#  728|                 "fork failed [%d][%s].\n", errno, sss_strerror(errno));
#  729|           return ret;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def223]
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:727:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:686:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:693:5: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:696:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:703:11: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:705:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:712:15: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:712:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:726:15: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:727:9: throw: if 'sss_strerror' throws an exception...
sssd-2.11.1/src/providers/ipa/ipa_selinux.c:727:9: danger: 'pipefd_to_child[1]' leaks here
#  725|       } else { /* error */
#  726|           ret = errno;
#  727|->         DEBUG(SSSDBG_CRIT_FAILURE,
#  728|                 "fork failed [%d][%s].\n", errno, sss_strerror(errno));
#  729|           return ret;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def224]
sssd-2.11.1/src/providers/ipa/ipa_subdomains_id.c:936:12: warning[-Wanalyzer-null-dereference]: dereference of NULL 'iter'
sssd-2.11.1/src/providers/ipa/ipa_subdomains_id.c:1927:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_id.c:1931:10: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_id.c:1942:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_id.c:1948:19: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_id.c:1948:19: call_function: inlined call to 'ipa_get_trust_type' from 'ipa_srv_acct_send'
#  934|       }
#  935|   
#  936|->     return iter->type;
#  937|   }
#  938|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def225]
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:866:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'ret'
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:855:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:856:20: branch_true: ...to here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:857:15: acquire_resource: opened here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:858:12: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:866:18: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:866:18: throw: if 'talloc_asprintf' throws an exception...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:866:18: danger: 'ret' leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  864|       }
#  865|   
#  866|->     gkt_env[0] = talloc_asprintf(NULL, "KRB5CCNAME=%s", ccache);
#  867|       if (gkt_env[0] == NULL) {
#  868|           DEBUG(SSSDBG_FATAL_FAILURE, "Failed to format KRB5CCNAME\n");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def226]
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:868:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'ret'
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:855:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:856:20: branch_true: ...to here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:857:15: acquire_resource: opened here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:858:12: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:866:18: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:867:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:868:9: branch_true: ...to here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:868:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:868:9: danger: 'ret' leaks here; was opened at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  866|       gkt_env[0] = talloc_asprintf(NULL, "KRB5CCNAME=%s", ccache);
#  867|       if (gkt_env[0] == NULL) {
#  868|->         DEBUG(SSSDBG_FATAL_FAILURE, "Failed to format KRB5CCNAME\n");
#  869|           exit(1);
#  870|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def227]
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:876:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'ret'
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:855:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:856:20: branch_true: ...to here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:857:15: acquire_resource: opened here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:858:12: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:866:18: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:867:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:874:11: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:875:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:876:15: branch_true: ...to here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:877:9: throw: if 'sss_strerror' throws an exception...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:876:9: danger: 'ret' leaks here; was opened at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  874|       ret = unlink(keytab_path);
#  875|       if (ret == -1) {
#  876|->         ret = errno;
#  877|           DEBUG(SSSDBG_FATAL_FAILURE,
#  878|                 "Failed to unlink the temporary ccname [%d][%s]\n",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def228]
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:888:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'ret'
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:855:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:856:20: branch_true: ...to here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:857:15: acquire_resource: opened here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:858:12: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:866:18: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:867:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:874:11: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:875:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:883:5: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:888:5: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:888:5: danger: 'ret' leaks here; was opened at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  886|                    gkt_env);
#  887|   
#  888|->     DEBUG(SSSDBG_FATAL_FAILURE,
#  889|             "execle returned %d, this shouldn't happen!\n", ret);
#  890|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def229]
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:892:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'ret'
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:855:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:856:20: branch_true: ...to here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:857:15: acquire_resource: opened here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:858:12: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:866:18: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:867:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:874:11: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:875:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:883:5: branch_false: ...to here
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:893:5: throw: if 'sss_strerror' throws an exception...
sssd-2.11.1/src/providers/ipa/ipa_subdomains_server.c:892:5: danger: 'ret' leaks here; was opened at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  890|   
#  891|       /* The child should never end up here */
#  892|->     ret = errno;
#  893|       DEBUG(SSSDBG_FATAL_FAILURE,
#  894|             "execle failed [%d][%s].\n", ret, sss_strerror(ret));

Error: COMPILER_WARNING (CWE-252): [#def230]
sssd-2.11.1/src/providers/ipa/selinux_child.c: scope_hint: In function ‘main’
sssd-2.11.1/src/providers/ipa/selinux_child.c:359:9: warning[-Wunused-result]: ignoring return value of ‘setresuid’ declared with attribute ‘warn_unused_result’
#  359 |         setresuid(suid, suid, suid);
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~
#  357|   
#  358|       if (getresuid(&ruid, &euid, &suid) == 0) {
#  359|->         setresuid(suid, suid, suid);
#  360|       }
#  361|       if (getresgid(&rgid, &egid, &sgid) == 0) {

Error: COMPILER_WARNING (CWE-252): [#def231]
sssd-2.11.1/src/providers/ipa/selinux_child.c:362:9: warning[-Wunused-result]: ignoring return value of ‘setresgid’ declared with attribute ‘warn_unused_result’
#  362 |         setresgid(sgid, sgid, sgid);
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~
#  360|       }
#  361|       if (getresgid(&rgid, &egid, &sgid) == 0) {
#  362|->         setresgid(sgid, sgid, sgid);
#  363|       }
#  364|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def232]
sssd-2.11.1/src/providers/ipa/selinux_child_semanage.c:54:5: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
sssd-2.11.1/src/providers/ipa/selinux_child_semanage.c:53:5: acquire_resource: ‘va_start’ called here
sssd-2.11.1/src/providers/ipa/selinux_child_semanage.c:54:5: throw: if ‘sss_vdebug_fn’ throws an exception...
sssd-2.11.1/src/providers/ipa/selinux_child_semanage.c:54:5: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   52|   
#   53|       va_start(ap, fmt);
#   54|->     sss_vdebug_fn(__FILE__, __LINE__, "libsemanage", level,
#   55|                     APPEND_LINE_FEED, fmt, ap);
#   56|       va_end(ap);

Error: COMPILER_WARNING (CWE-252): [#def233]
sssd-2.11.1/src/providers/krb5/krb5_ccache.c: scope_hint: In function 'switch_to_user'
sssd-2.11.1/src/providers/krb5/krb5_ccache.c:64:9: warning[-Wunused-result]: ignoring return value of 'setresuid' declared with attribute 'warn_unused_result'
#   64 |         setresuid(-1, suid, -1);
#      |         ^~~~~~~~~~~~~~~~~~~~~~~
#   62|       ret = setresgid(-1, rgid, -1);
#   63|       if (ret != 0) {
#   64|->         setresuid(-1, suid, -1);
#   65|           return errno;
#   66|       }

Error: COMPILER_WARNING (CWE-252): [#def234]
sssd-2.11.1/src/providers/krb5/krb5_ccache.c: scope_hint: In function ‘switch_to_user’
sssd-2.11.1/src/providers/krb5/krb5_ccache.c:64:9: warning[-Wunused-result]: ignoring return value of ‘setresuid’ declared with attribute ‘warn_unused_result’
#   64 |         setresuid(-1, suid, -1);
#      |         ^~~~~~~~~~~~~~~~~~~~~~~
#   62|       ret = setresgid(-1, rgid, -1);
#   63|       if (ret != 0) {
#   64|->         setresuid(-1, suid, -1);
#   65|           return errno;
#   66|       }

Error: COMPILER_WARNING (CWE-252): [#def235]
sssd-2.11.1/src/providers/krb5/krb5_ccache.c: scope_hint: In function 'switch_to_service'
sssd-2.11.1/src/providers/krb5/krb5_ccache.c:94:9: warning[-Wunused-result]: ignoring return value of 'setresuid' declared with attribute 'warn_unused_result'
#   94 |         setresuid(-1, ruid, -1);
#      |         ^~~~~~~~~~~~~~~~~~~~~~~
#   92|       ret = setresgid(-1, sgid, -1);
#   93|       if (ret != 0) {
#   94|->         setresuid(-1, ruid, -1);
#   95|           return errno;
#   96|       }

Error: COMPILER_WARNING (CWE-252): [#def236]
sssd-2.11.1/src/providers/krb5/krb5_ccache.c: scope_hint: In function ‘switch_to_service’
sssd-2.11.1/src/providers/krb5/krb5_ccache.c:94:9: warning[-Wunused-result]: ignoring return value of ‘setresuid’ declared with attribute ‘warn_unused_result’
#   94 |         setresuid(-1, ruid, -1);
#      |         ^~~~~~~~~~~~~~~~~~~~~~~
#   92|       ret = setresgid(-1, sgid, -1);
#   93|       if (ret != 0) {
#   94|->         setresuid(-1, ruid, -1);
#   95|           return errno;
#   96|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def237]
sssd-2.11.1/src/providers/krb5/krb5_child.c:1400:12: warning[-Wanalyzer-malloc-leak]: leak of ‘cred’
sssd-2.11.1/src/providers/krb5/krb5_child.c:1394:12: acquire_memory: allocated here
sssd-2.11.1/src/providers/krb5/krb5_child.c:1395:8: branch_false: following ‘false’ branch (when ‘cred’ is non-NULL)...
sssd-2.11.1/src/providers/krb5/krb5_child.c:1400:12: branch_false: ...to here
sssd-2.11.1/src/providers/krb5/krb5_child.c:1400:12: throw: if ‘krb5_copy_principal’ throws an exception...
sssd-2.11.1/src/providers/krb5/krb5_child.c:1400:12: danger: ‘cred’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
# 1398|       }
# 1399|   
# 1400|->     kerr = krb5_copy_principal(ctx, princ, &cred->client);
# 1401|       if (kerr != 0) {
# 1402|           DEBUG(SSSDBG_CRIT_FAILURE, "krb5_copy_principal failed.\n");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def238]
sssd-2.11.1/src/providers/krb5/krb5_child.c:4053:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/etc/krb5.conf", 0)’
sssd-2.11.1/src/providers/krb5/krb5_child.c:4051:10: acquire_resource: opened here
sssd-2.11.1/src/providers/krb5/krb5_child.c:4052:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/providers/krb5/krb5_child.c:4053:9: branch_true: ...to here
sssd-2.11.1/src/providers/krb5/krb5_child.c:4053:9: danger: ‘open("/etc/krb5.conf", 0)’ leaks here; was opened at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
# 4051|       fd = open("/etc/krb5.conf", O_RDONLY);
# 4052|       if (fd != -1) {
# 4053|->         close(fd);
# 4054|       } else {
# 4055|           ret = errno;

Error: COMPILER_WARNING (CWE-704): [#def239]
sssd-2.11.1/src/providers/ldap/sdap.c: scope_hint: In function 'split_extra_attr'
sssd-2.11.1/src/providers/ldap/sdap.c:101:9: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  101 |     sep = strchr(conf_attr, ':');
#      |         ^
#   99|       char *sep;
#  100|   
#  101|->     sep = strchr(conf_attr, ':');
#  102|       if (sep == NULL) {
#  103|           sysdb_attr = talloc_strdup(mem_ctx, conf_attr);

Error: COMPILER_WARNING (CWE-704): [#def240]
sssd-2.11.1/src/providers/ldap/sdap.c:101:9: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#   99|       char *sep;
#  100|   
#  101|->     sep = strchr(conf_attr, ':');
#  102|       if (sep == NULL) {
#  103|           sysdb_attr = talloc_strdup(mem_ctx, conf_attr);

Error: COMPILER_WARNING (CWE-704): [#def241]
sssd-2.11.1/src/providers/ldap/sdap_async_groups.c: scope_hint: In function 'are_sids_from_same_dom'
sssd-2.11.1/src/providers/ldap/sdap_async_groups.c:785:10: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  785 |     rid1 = strrchr(sid1, '-');
#      |          ^
#  783|       bool result;
#  784|   
#  785|->     rid1 = strrchr(sid1, '-');
#  786|       if (rid1 == NULL) {
#  787|           return EINVAL;

Error: COMPILER_WARNING (CWE-704): [#def242]
sssd-2.11.1/src/providers/ldap/sdap_async_groups.c:785:10: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  783|       bool result;
#  784|   
#  785|->     rid1 = strrchr(sid1, '-');
#  786|       if (rid1 == NULL) {
#  787|           return EINVAL;

Error: COMPILER_WARNING (CWE-704): [#def243]
sssd-2.11.1/src/providers/ldap/sdap_async_groups.c:790:10: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  790 |     rid2 = strrchr(sid2, '-');
#      |          ^
#  788|       }
#  789|   
#  790|->     rid2 = strrchr(sid2, '-');
#  791|       if (rid2 == NULL) {
#  792|           return EINVAL;

Error: COMPILER_WARNING (CWE-704): [#def244]
sssd-2.11.1/src/providers/ldap/sdap_async_groups.c:790:10: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  788|       }
#  789|   
#  790|->     rid2 = strrchr(sid2, '-');
#  791|       if (rid2 == NULL) {
#  792|           return EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def245]
sssd-2.11.1/src/providers/ldap/sdap_async_initgroups.c:71:15: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sysdb_groupnames'
sssd-2.11.1/src/providers/ldap/sdap_async_initgroups.c:1167:1: enter_function: entry to 'sdap_initgr_store_groups'
sssd-2.11.1/src/providers/ldap/sdap_async_initgroups.c:1169:12: call_function: calling 'sdap_nested_groups_store' from 'sdap_initgr_store_groups'
#   69|       mi = 0;
#   70|   
#   71|->     for (i=0; sysdb_groupnames[i]; i++) {
#   72|           subdomain = find_domain_by_object_name(domain, sysdb_groupnames[i]);
#   73|           if (subdomain == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-404): [#def246]
sssd-2.11.1/src/providers/ldap/sdap_certmap.c:48:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/providers/ldap/sdap_certmap.c:47:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/providers/ldap/sdap_certmap.c:48:5: throw: if 'sss_vdebug_fn' throws an exception...
sssd-2.11.1/src/providers/ldap/sdap_certmap.c:48:5: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   46|   
#   47|       va_start(ap, format);
#   48|->     sss_vdebug_fn(file, line, function, level, APPEND_LINE_FEED,
#   49|                     format, ap);
#   50|       va_end(ap);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def247]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:100:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:99:15: branch_true: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:100:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:100:9: danger: 'pipefd_from_child[0]' leaks here
#   98|       if (ret == -1) {
#   99|           ret = errno;
#  100|->         DEBUG(SSSDBG_CRIT_FAILURE,
#  101|                 "pipe(to) failed [%d][%s].\n", ret, strerror(ret));
#  102|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def248]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:100:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:99:15: branch_true: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:100:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:100:9: danger: 'pipefd_from_child[1]' leaks here
#   98|       if (ret == -1) {
#   99|           ret = errno;
#  100|->         DEBUG(SSSDBG_CRIT_FAILURE,
#  101|                 "pipe(to) failed [%d][%s].\n", ret, strerror(ret));
#  102|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def249]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:108:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:105:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:107:8: branch_true: following 'true' branch (when 'pid == 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:108:9: branch_true: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:108:9: throw: if 'exec_child' throws an exception...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:108:9: danger: 'pipefd_from_child[0]' leaks here
#  106|   
#  107|       if (pid == 0) { /* child */
#  108|->         exec_child(child,
#  109|                      pipefd_to_child, pipefd_from_child,
#  110|                      LDAP_CHILD, LDAP_CHILD_LOG_FILE);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def250]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:108:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:105:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:107:8: branch_true: following 'true' branch (when 'pid == 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:108:9: branch_true: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:108:9: throw: if 'exec_child' throws an exception...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:108:9: danger: 'pipefd_from_child[1]' leaks here
#  106|   
#  107|       if (pid == 0) { /* child */
#  108|->         exec_child(child,
#  109|                      pipefd_to_child, pipefd_from_child,
#  110|                      LDAP_CHILD, LDAP_CHILD_LOG_FILE);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def251]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:108:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:105:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:107:8: branch_true: following 'true' branch (when 'pid == 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:108:9: branch_true: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:108:9: throw: if 'exec_child' throws an exception...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:108:9: danger: 'pipefd_to_child[0]' leaks here
#  106|   
#  107|       if (pid == 0) { /* child */
#  108|->         exec_child(child,
#  109|                      pipefd_to_child, pipefd_from_child,
#  110|                      LDAP_CHILD, LDAP_CHILD_LOG_FILE);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def252]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:108:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:105:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:107:8: branch_true: following 'true' branch (when 'pid == 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:108:9: branch_true: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:108:9: throw: if 'exec_child' throws an exception...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:108:9: danger: 'pipefd_to_child[1]' leaks here
#  106|   
#  107|       if (pid == 0) { /* child */
#  108|->         exec_child(child,
#  109|                      pipefd_to_child, pipefd_from_child,
#  110|                      LDAP_CHILD, LDAP_CHILD_LOG_FILE);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def253]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:132:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:105:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:107:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:131:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:132:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:132:9: danger: 'pipefd_from_child[0]' leaks here
#  130|       } else { /* error */
#  131|           ret = errno;
#  132|->         DEBUG(SSSDBG_CRIT_FAILURE,
#  133|                 "fork failed [%d][%s].\n", ret, strerror(ret));
#  134|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def254]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:132:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:105:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:107:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:131:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:132:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:132:9: danger: 'pipefd_from_child[1]' leaks here
#  130|       } else { /* error */
#  131|           ret = errno;
#  132|->         DEBUG(SSSDBG_CRIT_FAILURE,
#  133|                 "fork failed [%d][%s].\n", ret, strerror(ret));
#  134|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def255]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:132:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:105:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:107:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:131:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:132:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:132:9: danger: 'pipefd_to_child[0]' leaks here
#  130|       } else { /* error */
#  131|           ret = errno;
#  132|->         DEBUG(SSSDBG_CRIT_FAILURE,
#  133|                 "fork failed [%d][%s].\n", ret, strerror(ret));
#  134|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def256]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:132:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:105:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:107:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:131:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:132:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:132:9: danger: 'pipefd_to_child[1]' leaks here
#  130|       } else { /* error */
#  131|           ret = errno;
#  132|->         DEBUG(SSSDBG_CRIT_FAILURE,
#  133|                 "fork failed [%d][%s].\n", ret, strerror(ret));
#  134|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def257]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:137:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:99:15: branch_true: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: branch_true: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:137:12: danger: 'pipefd_from_child[1]' leaks here
#  135|       }
#  136|   
#  137|->     return EOK;
#  138|   
#  139|   fail:

Error: GCC_ANALYZER_WARNING (CWE-775): [#def258]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:137:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:105:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:107:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:131:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:137:12: danger: 'pipefd_to_child[0]' leaks here
#  135|       }
#  136|   
#  137|->     return EOK;
#  138|   
#  139|   fail:

Error: GCC_ANALYZER_WARNING (CWE-775): [#def259]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:137:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:105:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:107:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:131:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:137:12: danger: 'pipefd_to_child[1]' leaks here
#  135|       }
#  136|   
#  137|->     return EOK;
#  138|   
#  139|   fail:

Error: GCC_ANALYZER_WARNING (CWE-775): [#def260]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:99:15: branch_true: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: branch_true: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: danger: 'pipefd_from_child[0]' leaks here
#  138|   
#  139|   fail:
#  140|->     PIPE_CLOSE(pipefd_from_child);
#  141|       PIPE_CLOSE(pipefd_to_child);
#  142|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def261]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:99:15: branch_true: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: branch_true: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: danger: 'pipefd_from_child[1]' leaks here
#  138|   
#  139|   fail:
#  140|->     PIPE_CLOSE(pipefd_from_child);
#  141|       PIPE_CLOSE(pipefd_to_child);
#  142|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def262]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:105:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:107:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:131:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: branch_true: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: danger: 'pipefd_to_child[0]' leaks here
#  138|   
#  139|   fail:
#  140|->     PIPE_CLOSE(pipefd_from_child);
#  141|       PIPE_CLOSE(pipefd_to_child);
#  142|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def263]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:105:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:107:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:131:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: branch_true: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: danger: 'pipefd_to_child[1]' leaks here
#  138|   
#  139|   fail:
#  140|->     PIPE_CLOSE(pipefd_from_child);
#  141|       PIPE_CLOSE(pipefd_to_child);
#  142|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def264]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[0]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:105:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:107:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:131:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: branch_true: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: danger: 'pipefd_from_child[0]' leaks here
#  139|   fail:
#  140|       PIPE_CLOSE(pipefd_from_child);
#  141|->     PIPE_CLOSE(pipefd_to_child);
#  142|       return ret;
#  143|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def265]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:105:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:107:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:131:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: branch_true: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: danger: 'pipefd_from_child[1]' leaks here
#  139|   fail:
#  140|       PIPE_CLOSE(pipefd_from_child);
#  141|->     PIPE_CLOSE(pipefd_to_child);
#  142|       return ret;
#  143|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def266]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:105:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:107:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:131:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: branch_true: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: danger: 'pipefd_to_child[0]' leaks here
#  139|   fail:
#  140|       PIPE_CLOSE(pipefd_from_child);
#  141|->     PIPE_CLOSE(pipefd_to_child);
#  142|       return ret;
#  143|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def267]
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[1]'
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:91:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:97:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:98:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:105:11: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:107:8: branch_false: following 'false' branch (when 'pid != 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:114:15: branch_false: following 'false' branch (when 'pid <= 0')...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:131:15: branch_false: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:140:5: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: branch_true: ...to here
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: throw: if 'close' throws an exception...
sssd-2.11.1/src/providers/ldap/sdap_child_helpers.c:141:5: danger: 'pipefd_to_child[1]' leaks here
#  139|   fail:
#  140|       PIPE_CLOSE(pipefd_from_child);
#  141|->     PIPE_CLOSE(pipefd_to_child);
#  142|       return ret;
#  143|   }

Error: COMPILER_WARNING (CWE-704): [#def268]
sssd-2.11.1/src/providers/ldap/sdap_range.c: scope_hint: In function 'sdap_parse_range'
sssd-2.11.1/src/providers/ldap/sdap_range.c:48:12: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#   48 |     endptr = strchr(attr_desc, ';');
#      |            ^
#   46|   
#   47|       /* The base_attr is the portion before the semicolon (if it exists) */
#   48|->     endptr = strchr(attr_desc, ';');
#   49|       if (endptr == NULL) {
#   50|           /* Not a ranged attribute. Just copy the attribute desc */

Error: COMPILER_WARNING (CWE-704): [#def269]
sssd-2.11.1/src/providers/ldap/sdap_range.c:48:12: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#   46|   
#   47|       /* The base_attr is the portion before the semicolon (if it exists) */
#   48|->     endptr = strchr(attr_desc, ';');
#   49|       if (endptr == NULL) {
#   50|           /* Not a ranged attribute. Just copy the attribute desc */

Error: GCC_ANALYZER_WARNING (CWE-404): [#def270]
sssd-2.11.1/src/providers/proxy/proxy_certmap.c:43:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/providers/proxy/proxy_certmap.c:42:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/providers/proxy/proxy_certmap.c:43:5: throw: if 'sss_vdebug_fn' throws an exception...
sssd-2.11.1/src/providers/proxy/proxy_certmap.c:43:5: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   41|   
#   42|       va_start(ap, format);
#   43|->     sss_vdebug_fn(file, line, function, level, APPEND_LINE_FEED, format, ap);
#   44|       va_end(ap);
#   45|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def271]
sssd-2.11.1/src/providers/proxy/proxy_child.c:82:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
sssd-2.11.1/src/providers/proxy/proxy_child.c:73:8: branch_false: following ‘false’ branch (when ‘num_msg > 0’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:75:37: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:77:8: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:77:8: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:79:15: branch_true: following ‘true’ branch (when ‘i < num_msg’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:21: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:81:13: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:88:20: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:89:33: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:89:33: acquire_memory: allocated here
sssd-2.11.1/src/providers/proxy/proxy_child.c:90:20: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:91:17: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:79:15: branch_true: following ‘true’ branch (when ‘i < num_msg’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:21: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:81:13: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:82:17: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/providers/proxy/proxy_child.c:82:17: danger: ‘<unknown>’ leaks here; was allocated at [(11)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/10)
#   80|           switch( msgm[i]->msg_style ) {
#   81|               case PAM_PROMPT_ECHO_OFF:
#   82|->                 DEBUG(SSSDBG_CONF_SETTINGS,
#   83|                         "Conversation message: [%s]\n", msgm[i]->msg);
#   84|                   reply[i].resp_retcode = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def272]
sssd-2.11.1/src/providers/proxy/proxy_child.c:82:17: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
sssd-2.11.1/src/providers/proxy/proxy_child.c:73:8: branch_false: following ‘false’ branch (when ‘num_msg > 0’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:75:37: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:75:37: acquire_memory: allocated here
sssd-2.11.1/src/providers/proxy/proxy_child.c:77:8: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:77:8: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:79:15: branch_true: following ‘true’ branch (when ‘i < num_msg’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:21: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:81:13: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:82:17: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/providers/proxy/proxy_child.c:82:17: danger: ‘reply’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   80|           switch( msgm[i]->msg_style ) {
#   81|               case PAM_PROMPT_ECHO_OFF:
#   82|->                 DEBUG(SSSDBG_CONF_SETTINGS,
#   83|                         "Conversation message: [%s]\n", msgm[i]->msg);
#   84|                   reply[i].resp_retcode = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def273]
sssd-2.11.1/src/providers/proxy/proxy_child.c:86:23: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
sssd-2.11.1/src/providers/proxy/proxy_child.c:73:8: branch_false: following ‘false’ branch (when ‘num_msg > 0’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:75:37: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:77:8: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:77:8: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:79:15: branch_true: following ‘true’ branch (when ‘i < num_msg’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:21: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:81:13: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:88:20: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:89:33: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:89:33: acquire_memory: allocated here
sssd-2.11.1/src/providers/proxy/proxy_child.c:90:20: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:91:17: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:79:15: branch_true: following ‘true’ branch (when ‘i < num_msg’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:21: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:81:13: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:86:23: throw: if ‘sss_authtok_get_password’ throws an exception...
sssd-2.11.1/src/providers/proxy/proxy_child.c:86:23: danger: ‘<unknown>’ leaks here; was allocated at [(11)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/10)
#   84|                   reply[i].resp_retcode = 0;
#   85|   
#   86|->                 ret = sss_authtok_get_password(auth_data->authtok,
#   87|                                                  &password, &pwlen);
#   88|                   if (ret) goto failed;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def274]
sssd-2.11.1/src/providers/proxy/proxy_child.c:86:23: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
sssd-2.11.1/src/providers/proxy/proxy_child.c:73:8: branch_false: following ‘false’ branch (when ‘num_msg > 0’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:75:37: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:75:37: acquire_memory: allocated here
sssd-2.11.1/src/providers/proxy/proxy_child.c:77:8: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:77:8: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:79:15: branch_true: following ‘true’ branch (when ‘i < num_msg’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:21: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:81:13: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:86:23: throw: if ‘sss_authtok_get_password’ throws an exception...
sssd-2.11.1/src/providers/proxy/proxy_child.c:86:23: danger: ‘reply’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#   84|                   reply[i].resp_retcode = 0;
#   85|   
#   86|->                 ret = sss_authtok_get_password(auth_data->authtok,
#   87|                                                  &password, &pwlen);
#   88|                   if (ret) goto failed;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def275]
sssd-2.11.1/src/providers/proxy/proxy_child.c:95:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
sssd-2.11.1/src/providers/proxy/proxy_child.c:73:8: branch_false: following ‘false’ branch (when ‘num_msg > 0’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:75:37: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:77:8: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:77:8: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:79:15: branch_true: following ‘true’ branch (when ‘i < num_msg’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:21: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:81:13: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:88:20: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:89:33: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:89:33: acquire_memory: allocated here
sssd-2.11.1/src/providers/proxy/proxy_child.c:90:20: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:91:17: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:79:15: branch_true: following ‘true’ branch (when ‘i < num_msg’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:21: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:94:13: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:95:17: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/providers/proxy/proxy_child.c:95:17: danger: ‘<unknown>’ leaks here; was allocated at [(11)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/10)
#   93|                   break;
#   94|               default:
#   95|->                 DEBUG(SSSDBG_CRIT_FAILURE,
#   96|                         "Conversation style %d not supported.\n",
#   97|                              msgm[i]->msg_style);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def276]
sssd-2.11.1/src/providers/proxy/proxy_child.c:95:17: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
sssd-2.11.1/src/providers/proxy/proxy_child.c:73:8: branch_false: following ‘false’ branch (when ‘num_msg > 0’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:75:37: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:75:37: acquire_memory: allocated here
sssd-2.11.1/src/providers/proxy/proxy_child.c:77:8: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:77:8: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:79:15: branch_true: following ‘true’ branch (when ‘i < num_msg’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:21: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:94:13: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:95:17: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/providers/proxy/proxy_child.c:95:17: danger: ‘reply’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#   93|                   break;
#   94|               default:
#   95|->                 DEBUG(SSSDBG_CRIT_FAILURE,
#   96|                         "Conversation style %d not supported.\n",
#   97|                              msgm[i]->msg_style);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def277]
sssd-2.11.1/src/providers/proxy/proxy_child.c:108:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
sssd-2.11.1/src/providers/proxy/proxy_child.c:73:8: branch_false: following ‘false’ branch (when ‘num_msg > 0’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:75:37: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:77:8: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:77:8: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:79:15: branch_true: following ‘true’ branch (when ‘i < num_msg’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:21: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:81:13: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:88:20: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:89:33: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:89:33: acquire_memory: allocated here
sssd-2.11.1/src/providers/proxy/proxy_child.c:90:20: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:91:17: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:79:15: branch_true: following ‘true’ branch (when ‘i < num_msg’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:21: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:80:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:81:13: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:88:20: branch_true: following ‘true’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:88:17: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:108:5: danger: ‘<unknown>’ leaks here; was allocated at [(11)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/10)
#  106|   
#  107|   failed:
#  108|->     free(reply);
#  109|       return PAM_CONV_ERR;
#  110|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def278]
sssd-2.11.1/src/providers/proxy/proxy_child.c:133:17: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
sssd-2.11.1/src/providers/proxy/proxy_child.c:124:8: branch_false: following ‘false’ branch (when ‘num_msg > 0’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:126:37: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:126:37: acquire_memory: allocated here
sssd-2.11.1/src/providers/proxy/proxy_child.c:128:8: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:128:8: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:130:15: branch_true: following ‘true’ branch (when ‘i < num_msg’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:131:21: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:131:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:132:13: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:133:17: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/providers/proxy/proxy_child.c:133:17: danger: ‘reply’ leaks here; was allocated at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
#  131|           switch( msgm[i]->msg_style ) {
#  132|               case PAM_PROMPT_ECHO_OFF:
#  133|->                 DEBUG(SSSDBG_CONF_SETTINGS,
#  134|                         "Conversation message: [%s]\n", msgm[i]->msg);
#  135|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def279]
sssd-2.11.1/src/providers/proxy/proxy_child.c:139:27: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
sssd-2.11.1/src/providers/proxy/proxy_child.c:124:8: branch_false: following ‘false’ branch (when ‘num_msg > 0’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:126:37: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:126:37: acquire_memory: allocated here
sssd-2.11.1/src/providers/proxy/proxy_child.c:128:8: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:128:8: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:130:15: branch_true: following ‘true’ branch (when ‘i < num_msg’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:131:21: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:131:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:132:13: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:137:20: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:139:27: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:139:27: throw: if ‘sss_authtok_get_password’ throws an exception...
sssd-2.11.1/src/providers/proxy/proxy_child.c:139:27: danger: ‘reply’ leaks here; was allocated at [(3)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/2)
#  137|                   if (!auth_data->sent_old) {
#  138|                       /* The first prompt will be asking for the old authtok */
#  139|->                     ret = sss_authtok_get_password(auth_data->authtok,
#  140|                                                     &password, &pwlen);
#  141|                       if (ret) goto failed;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def280]
sssd-2.11.1/src/providers/proxy/proxy_child.c:149:27: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
sssd-2.11.1/src/providers/proxy/proxy_child.c:124:8: branch_false: following ‘false’ branch (when ‘num_msg > 0’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:126:37: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:126:37: acquire_memory: allocated here
sssd-2.11.1/src/providers/proxy/proxy_child.c:128:8: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:128:8: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:130:15: branch_true: following ‘true’ branch (when ‘i < num_msg’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:131:21: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:131:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:132:13: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:137:20: branch_true: following ‘true’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:149:27: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:149:27: throw: if ‘sss_authtok_get_password’ throws an exception...
sssd-2.11.1/src/providers/proxy/proxy_child.c:149:27: danger: ‘reply’ leaks here; was allocated at [(3)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/2)
#  147|                   else {
#  148|                       /* Subsequent prompts are looking for the new authtok */
#  149|->                     ret = sss_authtok_get_password(auth_data->newauthtok,
#  150|                                                     &password, &pwlen);
#  151|                       if (ret) goto failed;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def281]
sssd-2.11.1/src/providers/proxy/proxy_child.c:160:17: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
sssd-2.11.1/src/providers/proxy/proxy_child.c:124:8: branch_false: following ‘false’ branch (when ‘num_msg > 0’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:126:37: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:126:37: acquire_memory: allocated here
sssd-2.11.1/src/providers/proxy/proxy_child.c:128:8: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:128:8: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:130:15: branch_true: following ‘true’ branch (when ‘i < num_msg’)...
sssd-2.11.1/src/providers/proxy/proxy_child.c:131:21: branch_true: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:131:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/providers/proxy/proxy_child.c:159:13: branch_false: ...to here
sssd-2.11.1/src/providers/proxy/proxy_child.c:160:17: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/providers/proxy/proxy_child.c:160:17: danger: ‘reply’ leaks here; was allocated at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2)
#  158|                   break;
#  159|               default:
#  160|->                 DEBUG(SSSDBG_CRIT_FAILURE,
#  161|                         "Conversation style %d not supported.\n",
#  162|                              msgm[i]->msg_style);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def282]
sssd-2.11.1/src/python/pysss.c:252:15: warning[-Wanalyzer-malloc-leak]: leak of 'groups'
sssd-2.11.1/src/python/pysss.c:236:7: branch_false: following 'false' branch...
sssd-2.11.1/src/python/pysss.c:240:10: branch_false: ...to here
sssd-2.11.1/src/python/pysss.c:241:8: branch_false: following 'false' branch...
sssd-2.11.1/src/python/pysss.c:245:5: branch_false: ...to here
sssd-2.11.1/src/python/pysss.c:246:14: acquire_memory: allocated here
sssd-2.11.1/src/python/pysss.c:247:8: branch_false: following 'false' branch (when 'groups' is non-NULL)...
sssd-2.11.1/src/python/pysss.c:247:8: branch_false: ...to here
sssd-2.11.1/src/python/pysss.c:252:15: throw: if 'getgrouplist' throws an exception...
sssd-2.11.1/src/python/pysss.c:252:15: danger: 'groups' leaks here; was allocated at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
#  250|   
#  251|       do {
#  252|->         ret = getgrouplist(username, pw->pw_gid, groups, &ngroups);
#  253|           if (ret < ngroups) {
#  254|               gid_t *tmp_groups = realloc(groups, ngroups * sizeof(gid_t));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def283]
sssd-2.11.1/src/responder/common/responder_common.c:132:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&proc_path, 0)’
sssd-2.11.1/src/responder/common/responder_common.c:104:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/common/responder_common.c:106:15: branch_false: ...to here
sssd-2.11.1/src/responder/common/responder_common.c:113:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
sssd-2.11.1/src/responder/common/responder_common.c:120:9: branch_false: ...to here
sssd-2.11.1/src/responder/common/responder_common.c:120:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/common/responder_common.c:126:9: branch_false: ...to here
sssd-2.11.1/src/responder/common/responder_common.c:126:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/common/responder_common.c:127:15: branch_true: ...to here
sssd-2.11.1/src/responder/common/responder_common.c:129:12: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/common/responder_common.c:130:23: branch_true: ...to here
sssd-2.11.1/src/responder/common/responder_common.c:130:23: acquire_resource: opened here
sssd-2.11.1/src/responder/common/responder_common.c:131:16: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/common/responder_common.c:132:21: branch_true: ...to here
sssd-2.11.1/src/responder/common/responder_common.c:132:21: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/common/responder_common.c:132:21: danger: ‘open(&proc_path, 0)’ leaks here; was opened at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10)
#  130|               proc_fd = open(proc_path, O_RDONLY);
#  131|               if (proc_fd != -1) {
#  132|->                 if (sss_fd_nonblocking(proc_fd) == EOK) {
#  133|                       ret = read(proc_fd, cmd_line, sizeof(cmd_line)-1);
#  134|                       if (ret > 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def284]
sssd-2.11.1/src/responder/common/responder_common.c:708:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
sssd-2.11.1/src/responder/common/responder_common.c:701:10: acquire_resource: stream socket created here
sssd-2.11.1/src/responder/common/responder_common.c:702:8: branch_false: following ‘false’ branch (when ‘fd != -1’)...
sssd-2.11.1/src/responder/common/responder_common.c:706:21: branch_false: ...to here
sssd-2.11.1/src/responder/common/responder_common.c:708:11: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/common/responder_common.c:708:11: danger: ‘fd’ leaks here
#  706|       orig_umaskval = umask(umaskval);
#  707|   
#  708|->     ret = sss_fd_nonblocking(fd);
#  709|       if (ret != EOK) {
#  710|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def285]
sssd-2.11.1/src/responder/common/responder_common.c:742:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
sssd-2.11.1/src/responder/common/responder_common.c:701:10: acquire_resource: stream socket created here
sssd-2.11.1/src/responder/common/responder_common.c:702:8: branch_false: following ‘false’ branch (when ‘fd != -1’)...
sssd-2.11.1/src/responder/common/responder_common.c:706:21: branch_false: ...to here
sssd-2.11.1/src/responder/common/responder_common.c:709:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/common/responder_common.c:713:11: branch_false: ...to here
sssd-2.11.1/src/responder/common/responder_common.c:714:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/common/responder_common.c:718:5: branch_false: ...to here
sssd-2.11.1/src/responder/common/responder_common.c:732:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/common/responder_common.c:740:9: branch_false: ...to here
sssd-2.11.1/src/responder/common/responder_common.c:740:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/common/responder_common.c:741:15: branch_true: ...to here
sssd-2.11.1/src/responder/common/responder_common.c:742:9: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/common/responder_common.c:742:9: danger: ‘fd’ leaks here
#  740|       if (listen(fd, 128) == -1) {
#  741|           ret = errno;
#  742|->         DEBUG(SSSDBG_FATAL_FAILURE,
#  743|                 "Unable to listen on socket '%s' [%d]: %s\n",
#  744|                 sock_name, ret, sss_strerror(ret));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def286]
sssd-2.11.1/src/responder/common/responder_common.c:756:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
sssd-2.11.1/src/responder/common/responder_common.c:701:10: acquire_resource: stream socket created here
sssd-2.11.1/src/responder/common/responder_common.c:702:8: branch_false: following ‘false’ branch (when ‘fd != -1’)...
sssd-2.11.1/src/responder/common/responder_common.c:706:21: branch_false: ...to here
sssd-2.11.1/src/responder/common/responder_common.c:709:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/common/responder_common.c:713:11: branch_false: ...to here
sssd-2.11.1/src/responder/common/responder_common.c:714:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/common/responder_common.c:718:5: branch_false: ...to here
sssd-2.11.1/src/responder/common/responder_common.c:732:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/common/responder_common.c:740:9: branch_false: ...to here
sssd-2.11.1/src/responder/common/responder_common.c:740:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/common/responder_common.c:741:15: branch_true: ...to here
sssd-2.11.1/src/responder/common/responder_common.c:753:8: branch_false: following ‘false’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/common/responder_common.c:756:9: branch_false: ...to here
sssd-2.11.1/src/responder/common/responder_common.c:756:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/common/responder_common.c:756:9: danger: ‘fd’ leaks here
#  754|           *_fd = fd;
#  755|       } else {
#  756|->         close(fd);
#  757|       }
#  758|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def287]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1193:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1192:15: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1193:9: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1193:9: danger: ‘pipefd_from_child[0]’ leaks here
# 1191|       if (ret == -1) {
# 1192|           ret = errno;
# 1193|->         DEBUG(SSSDBG_CRIT_FAILURE,
# 1194|                 "pipe failed [%d][%s].\n", ret, strerror(ret));
# 1195|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def288]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1193:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1192:15: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1193:9: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1193:9: danger: ‘pipefd_from_child[1]’ leaks here
# 1191|       if (ret == -1) {
# 1192|           ret = errno;
# 1193|->         DEBUG(SSSDBG_CRIT_FAILURE,
# 1194|                 "pipe failed [%d][%s].\n", ret, strerror(ret));
# 1195|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def289]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1200:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_true: following ‘true’ branch (when ‘child_pid == 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1200:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1200:9: throw: if ‘exec_child_ex’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1200:9: danger: ‘pipefd_from_child[0]’ leaks here
# 1198|       child_pid = fork();
# 1199|       if (child_pid == 0) { /* child */
# 1200|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child,
# 1201|                         P11_CHILD_PATH, state->logfile, state->extra_args,
# 1202|                         false, STDIN_FILENO, STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def290]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1200:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_true: following ‘true’ branch (when ‘child_pid == 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1200:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1200:9: throw: if ‘exec_child_ex’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1200:9: danger: ‘pipefd_from_child[1]’ leaks here
# 1198|       child_pid = fork();
# 1199|       if (child_pid == 0) { /* child */
# 1200|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child,
# 1201|                         P11_CHILD_PATH, state->logfile, state->extra_args,
# 1202|                         false, STDIN_FILENO, STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def291]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1200:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_true: following ‘true’ branch (when ‘child_pid == 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1200:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1200:9: throw: if ‘exec_child_ex’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1200:9: danger: ‘pipefd_to_child[0]’ leaks here
# 1198|       child_pid = fork();
# 1199|       if (child_pid == 0) { /* child */
# 1200|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child,
# 1201|                         P11_CHILD_PATH, state->logfile, state->extra_args,
# 1202|                         false, STDIN_FILENO, STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def292]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1200:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_true: following ‘true’ branch (when ‘child_pid == 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1200:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1200:9: throw: if ‘exec_child_ex’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1200:9: danger: ‘pipefd_to_child[1]’ leaks here
# 1198|       child_pid = fork();
# 1199|       if (child_pid == 0) { /* child */
# 1200|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child,
# 1201|                         P11_CHILD_PATH, state->logfile, state->extra_args,
# 1202|                         false, STDIN_FILENO, STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def293]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1206:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1192:15: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1206:16: danger: ‘pipefd_from_child[0]’ leaks here
# 1204|           ret = errno;
# 1205|           DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec p11 child\n");
# 1206|->         return ret;
# 1207|       } else if (child_pid > 0) { /* parent */
# 1208|           state->io->read_from_child_fd = pipefd_from_child[0];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def294]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1206:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1192:15: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1206:16: danger: ‘pipefd_from_child[1]’ leaks here
# 1204|           ret = errno;
# 1205|           DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec p11 child\n");
# 1206|->         return ret;
# 1207|       } else if (child_pid > 0) { /* parent */
# 1208|           state->io->read_from_child_fd = pipefd_from_child[0];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def295]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1206:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1236:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1206:16: danger: ‘pipefd_to_child[0]’ leaks here
# 1204|           ret = errno;
# 1205|           DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec p11 child\n");
# 1206|->         return ret;
# 1207|       } else if (child_pid > 0) { /* parent */
# 1208|           state->io->read_from_child_fd = pipefd_from_child[0];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def296]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1206:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1236:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1206:16: danger: ‘pipefd_to_child[1]’ leaks here
# 1204|           ret = errno;
# 1205|           DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec p11 child\n");
# 1206|->         return ret;
# 1207|       } else if (child_pid > 0) { /* parent */
# 1208|           state->io->read_from_child_fd = pipefd_from_child[0];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def297]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1208:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: danger: ‘pipefd_from_child[1]’ leaks here
# 1207|       } else if (child_pid > 0) { /* parent */
# 1208|           state->io->read_from_child_fd = pipefd_from_child[0];
# 1209|->         PIPE_FD_CLOSE(pipefd_from_child[1]);
# 1210|           sss_fd_nonblocking(state->io->read_from_child_fd);
# 1211|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def298]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1208:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: danger: ‘pipefd_to_child[0]’ leaks here
# 1207|       } else if (child_pid > 0) { /* parent */
# 1208|           state->io->read_from_child_fd = pipefd_from_child[0];
# 1209|->         PIPE_FD_CLOSE(pipefd_from_child[1]);
# 1210|           sss_fd_nonblocking(state->io->read_from_child_fd);
# 1211|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def299]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1208:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: danger: ‘pipefd_to_child[1]’ leaks here
# 1207|       } else if (child_pid > 0) { /* parent */
# 1208|           state->io->read_from_child_fd = pipefd_from_child[0];
# 1209|->         PIPE_FD_CLOSE(pipefd_from_child[1]);
# 1210|           sss_fd_nonblocking(state->io->read_from_child_fd);
# 1211|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def300]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1208:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:9: danger: ‘pipefd_from_child[1]’ leaks here
# 1208|           state->io->read_from_child_fd = pipefd_from_child[0];
# 1209|           PIPE_FD_CLOSE(pipefd_from_child[1]);
# 1210|->         sss_fd_nonblocking(state->io->read_from_child_fd);
# 1211|   
# 1212|           state->io->write_to_child_fd = pipefd_to_child[1];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def301]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1208:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:9: danger: ‘pipefd_to_child[0]’ leaks here
# 1208|           state->io->read_from_child_fd = pipefd_from_child[0];
# 1209|           PIPE_FD_CLOSE(pipefd_from_child[1]);
# 1210|->         sss_fd_nonblocking(state->io->read_from_child_fd);
# 1211|   
# 1212|           state->io->write_to_child_fd = pipefd_to_child[1];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def302]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1208:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:9: danger: ‘pipefd_to_child[1]’ leaks here
# 1208|           state->io->read_from_child_fd = pipefd_from_child[0];
# 1209|           PIPE_FD_CLOSE(pipefd_from_child[1]);
# 1210|->         sss_fd_nonblocking(state->io->read_from_child_fd);
# 1211|   
# 1212|           state->io->write_to_child_fd = pipefd_to_child[1];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def303]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1208:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: danger: ‘pipefd_from_child[1]’ leaks here
# 1211|   
# 1212|           state->io->write_to_child_fd = pipefd_to_child[1];
# 1213|->         PIPE_FD_CLOSE(pipefd_to_child[0]);
# 1214|           sss_fd_nonblocking(state->io->write_to_child_fd);
# 1215|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def304]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1208:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: danger: ‘pipefd_to_child[0]’ leaks here
# 1211|   
# 1212|           state->io->write_to_child_fd = pipefd_to_child[1];
# 1213|->         PIPE_FD_CLOSE(pipefd_to_child[0]);
# 1214|           sss_fd_nonblocking(state->io->write_to_child_fd);
# 1215|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def305]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1214:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1208:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1214:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1214:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1214:9: danger: ‘pipefd_from_child[1]’ leaks here
# 1212|           state->io->write_to_child_fd = pipefd_to_child[1];
# 1213|           PIPE_FD_CLOSE(pipefd_to_child[0]);
# 1214|->         sss_fd_nonblocking(state->io->write_to_child_fd);
# 1215|   
# 1216|           /* Set up SIGCHLD handler */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def306]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1214:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1208:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1214:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1214:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1214:9: danger: ‘pipefd_to_child[0]’ leaks here
# 1212|           state->io->write_to_child_fd = pipefd_to_child[1];
# 1213|           PIPE_FD_CLOSE(pipefd_to_child[0]);
# 1214|->         sss_fd_nonblocking(state->io->write_to_child_fd);
# 1215|   
# 1216|           /* Set up SIGCHLD handler */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def307]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1217:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1208:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1214:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1217:15: throw: if ‘child_handler_setup’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1217:15: danger: ‘pipefd_from_child[1]’ leaks here
# 1215|   
# 1216|           /* Set up SIGCHLD handler */
# 1217|->         ret = child_handler_setup(state->ev, child_pid,
# 1218|                                     ifp_users_find_by_valid_cert_step,
# 1219|                                     req, &state->child_ctx);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def308]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1217:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1208:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1214:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1217:15: throw: if ‘child_handler_setup’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1217:15: danger: ‘pipefd_to_child[0]’ leaks here
# 1215|   
# 1216|           /* Set up SIGCHLD handler */
# 1217|->         ret = child_handler_setup(state->ev, child_pid,
# 1218|                                     ifp_users_find_by_valid_cert_step,
# 1219|                                     req, &state->child_ctx);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def309]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1221:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1208:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1214:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1220:12: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1221:13: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1221:13: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1221:13: danger: ‘pipefd_from_child[1]’ leaks here
# 1219|                                     req, &state->child_ctx);
# 1220|           if (ret != EOK) {
# 1221|->             DEBUG(SSSDBG_OP_FAILURE, "Could not set up child handlers [%d]: %s\n",
# 1222|                     ret, sss_strerror(ret));
# 1223|               ret = ERR_P11_CHILD;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def310]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1221:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1208:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1214:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1220:12: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1221:13: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1221:13: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1221:13: danger: ‘pipefd_to_child[0]’ leaks here
# 1219|                                     req, &state->child_ctx);
# 1220|           if (ret != EOK) {
# 1221|->             DEBUG(SSSDBG_OP_FAILURE, "Could not set up child handlers [%d]: %s\n",
# 1222|                     ret, sss_strerror(ret));
# 1223|               ret = ERR_P11_CHILD;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def311]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1228:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1208:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1214:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1220:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1228:41: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1228:14: throw: if ‘tevent_timeval_current_ofs’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1228:14: danger: ‘pipefd_from_child[1]’ leaks here
# 1226|   
# 1227|           /* Set up timeout handler */
# 1228|->         tv = tevent_timeval_current_ofs(state->timeout, 0);
# 1229|           endtime = tevent_req_set_endtime(req, state->ev, tv);
# 1230|           if (endtime == false) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def312]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1228:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1208:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1214:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1220:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1228:41: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1228:14: throw: if ‘tevent_timeval_current_ofs’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1228:14: danger: ‘pipefd_to_child[0]’ leaks here
# 1226|   
# 1227|           /* Set up timeout handler */
# 1228|->         tv = tevent_timeval_current_ofs(state->timeout, 0);
# 1229|           endtime = tevent_req_set_endtime(req, state->ev, tv);
# 1230|           if (endtime == false) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def313]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1229:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1208:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1214:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1220:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1228:41: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1229:19: throw: if ‘tevent_req_set_endtime’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1229:19: danger: ‘pipefd_from_child[1]’ leaks here
# 1227|           /* Set up timeout handler */
# 1228|           tv = tevent_timeval_current_ofs(state->timeout, 0);
# 1229|->         endtime = tevent_req_set_endtime(req, state->ev, tv);
# 1230|           if (endtime == false) {
# 1231|               ret = ERR_P11_CHILD;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def314]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1229:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1208:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1210:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1214:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1220:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1228:41: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1229:19: throw: if ‘tevent_req_set_endtime’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1229:19: danger: ‘pipefd_to_child[0]’ leaks here
# 1227|           /* Set up timeout handler */
# 1228|           tv = tevent_timeval_current_ofs(state->timeout, 0);
# 1229|->         endtime = tevent_req_set_endtime(req, state->ev, tv);
# 1230|           if (endtime == false) {
# 1231|               ret = ERR_P11_CHILD;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def315]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1237:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1236:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1237:9: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1237:9: danger: ‘pipefd_from_child[0]’ leaks here
# 1235|       } else { /* error */
# 1236|           ret = errno;
# 1237|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
# 1238|                 ret, sss_strerror(ret));
# 1239|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def316]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1237:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1236:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1237:9: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1237:9: danger: ‘pipefd_from_child[1]’ leaks here
# 1235|       } else { /* error */
# 1236|           ret = errno;
# 1237|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
# 1238|                 ret, sss_strerror(ret));
# 1239|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def317]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1237:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1236:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1237:9: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1237:9: danger: ‘pipefd_to_child[0]’ leaks here
# 1235|       } else { /* error */
# 1236|           ret = errno;
# 1237|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
# 1238|                 ret, sss_strerror(ret));
# 1239|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def318]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1237:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1236:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1237:9: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1237:9: danger: ‘pipefd_to_child[1]’ leaks here
# 1235|       } else { /* error */
# 1236|           ret = errno;
# 1237|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
# 1238|                 ret, sss_strerror(ret));
# 1239|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def319]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1192:15: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1245:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: danger: ‘pipefd_from_child[0]’ leaks here
# 1244|   done:
# 1245|       if (ret != EOK) {
# 1246|->         PIPE_CLOSE(pipefd_from_child);
# 1247|           PIPE_CLOSE(pipefd_to_child);
# 1248|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def320]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1192:15: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1245:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: danger: ‘pipefd_from_child[1]’ leaks here
# 1244|   done:
# 1245|       if (ret != EOK) {
# 1246|->         PIPE_CLOSE(pipefd_from_child);
# 1247|           PIPE_CLOSE(pipefd_to_child);
# 1248|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def321]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1208:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1209:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1213:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1214:28: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: danger: ‘pipefd_to_child[0]’ leaks here
# 1244|   done:
# 1245|       if (ret != EOK) {
# 1246|->         PIPE_CLOSE(pipefd_from_child);
# 1247|           PIPE_CLOSE(pipefd_to_child);
# 1248|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def322]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1236:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1245:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: danger: ‘pipefd_to_child[1]’ leaks here
# 1244|   done:
# 1245|       if (ret != EOK) {
# 1246|->         PIPE_CLOSE(pipefd_from_child);
# 1247|           PIPE_CLOSE(pipefd_to_child);
# 1248|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def323]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1236:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1245:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: danger: ‘pipefd_from_child[0]’ leaks here
# 1245|       if (ret != EOK) {
# 1246|           PIPE_CLOSE(pipefd_from_child);
# 1247|->         PIPE_CLOSE(pipefd_to_child);
# 1248|       }
# 1249|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def324]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1236:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1245:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: danger: ‘pipefd_from_child[1]’ leaks here
# 1245|       if (ret != EOK) {
# 1246|           PIPE_CLOSE(pipefd_from_child);
# 1247|->         PIPE_CLOSE(pipefd_to_child);
# 1248|       }
# 1249|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def325]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1236:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1245:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: danger: ‘pipefd_to_child[0]’ leaks here
# 1245|       if (ret != EOK) {
# 1246|           PIPE_CLOSE(pipefd_from_child);
# 1247|->         PIPE_CLOSE(pipefd_to_child);
# 1248|       }
# 1249|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def326]
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/ifp/ifp_users.c:1184:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1190:11: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1191:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1198:17: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1199:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1207:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1236:15: branch_false: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1245:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1246:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: branch_true: ...to here
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ifp/ifp_users.c:1247:9: danger: ‘pipefd_to_child[1]’ leaks here
# 1245|       if (ret != EOK) {
# 1246|           PIPE_CLOSE(pipefd_from_child);
# 1247|->         PIPE_CLOSE(pipefd_to_child);
# 1248|       }
# 1249|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def327]
sssd-2.11.1/src/responder/nss/nsssrv_mmap_cache.c:160:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘creat(talloc_asprintf(talloc_named_const(0, 0, "talloc_new: src/responder/nss/nsssrv_mmap_cache.c:137"), "%s_%s", *mc_ctx.file, "corrupted"), 384)’
sssd-2.11.1/src/responder/nss/nsssrv_mmap_cache.c:131:8: branch_false: following ‘false’ branch (when ‘mc_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/nss/nsssrv_mmap_cache.c:137:15: branch_false: ...to here
sssd-2.11.1/src/responder/nss/nsssrv_mmap_cache.c:138:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/nss/nsssrv_mmap_cache.c:143:12: branch_false: ...to here
sssd-2.11.1/src/responder/nss/nsssrv_mmap_cache.c:145:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/nss/nsssrv_mmap_cache.c:151:10: branch_false: ...to here
sssd-2.11.1/src/responder/nss/nsssrv_mmap_cache.c:151:10: acquire_resource: opened here
sssd-2.11.1/src/responder/nss/nsssrv_mmap_cache.c:152:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/nss/nsssrv_mmap_cache.c:160:15: branch_false: ...to here
sssd-2.11.1/src/responder/nss/nsssrv_mmap_cache.c:160:15: throw: if ‘sss_atomic_io_s’ throws an exception...
sssd-2.11.1/src/responder/nss/nsssrv_mmap_cache.c:160:15: danger: ‘creat(talloc_asprintf(talloc_named_const(0, 0, "talloc_new: src/responder/nss/nsssrv_mmap_cache.c:137"), "%s_%s", *mc_ctx.file, "corrupted"), 384)’ leaks here; was opened at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  158|       }
#  159|   
#  160|->     written = sss_atomic_write_s(fd, mc_ctx->mmap_base, mc_ctx->mmap_size);
#  161|       if (written != mc_ctx->mmap_size) {
#  162|           if (written == -1) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def328]
sssd-2.11.1/src/responder/nss/nsssrv_mmap_cache.c:1241:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(filename, 2)’
sssd-2.11.1/src/responder/nss/nsssrv_mmap_cache.c:1239:11: acquire_resource: opened here
sssd-2.11.1/src/responder/nss/nsssrv_mmap_cache.c:1240:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/nss/nsssrv_mmap_cache.c:1241:15: branch_true: ...to here
sssd-2.11.1/src/responder/nss/nsssrv_mmap_cache.c:1241:15: throw: if ‘sss_br_lock_file’ throws an exception...
sssd-2.11.1/src/responder/nss/nsssrv_mmap_cache.c:1241:15: danger: ‘open(filename, 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
# 1239|       ofd = open(filename, O_RDWR);
# 1240|       if (ofd != -1) {
# 1241|->         ret = sss_br_lock_file(ofd, 0, 1, retries, t);
# 1242|           if (ret != EOK) {
# 1243|               DEBUG(SSSDBG_FATAL_FAILURE, "Failed to lock file %s.\n", filename);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def329]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:137:5: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:136:5: acquire_resource: ‘va_start’ called here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:137:5: throw: if ‘sss_vdebug_fn’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:137:5: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  135|   
#  136|       va_start(ap, format);
#  137|->     sss_vdebug_fn(file, line, function, level, APPEND_LINE_FEED,
#  138|                     format, ap);
#  139|       va_end(ap);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def330]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:886:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:885:15: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:886:9: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:886:9: danger: ‘pipefd_from_child[0]’ leaks here
#  884|       if (ret == -1) {
#  885|           ret = errno;
#  886|->         DEBUG(SSSDBG_CRIT_FAILURE,
#  887|                 "pipe failed [%d][%s].\n", ret, strerror(ret));
#  888|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def331]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:886:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:885:15: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:886:9: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:886:9: danger: ‘pipefd_from_child[1]’ leaks here
#  884|       if (ret == -1) {
#  885|           ret = errno;
#  886|->         DEBUG(SSSDBG_CRIT_FAILURE,
#  887|                 "pipe failed [%d][%s].\n", ret, strerror(ret));
#  888|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def332]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:893:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_true: following ‘true’ branch (when ‘child_pid == 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:893:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:893:9: throw: if ‘exec_child_ex’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:893:9: danger: ‘pipefd_from_child[0]’ leaks here
#  891|       child_pid = fork();
#  892|       if (child_pid == 0) { /* child */
#  893|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child,
#  894|                         P11_CHILD_PATH, P11_CHILD_LOG_FILE, extra_args, false,
#  895|                         STDIN_FILENO, STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def333]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:893:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_true: following ‘true’ branch (when ‘child_pid == 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:893:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:893:9: throw: if ‘exec_child_ex’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:893:9: danger: ‘pipefd_from_child[1]’ leaks here
#  891|       child_pid = fork();
#  892|       if (child_pid == 0) { /* child */
#  893|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child,
#  894|                         P11_CHILD_PATH, P11_CHILD_LOG_FILE, extra_args, false,
#  895|                         STDIN_FILENO, STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def334]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:893:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_true: following ‘true’ branch (when ‘child_pid == 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:893:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:893:9: throw: if ‘exec_child_ex’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:893:9: danger: ‘pipefd_to_child[0]’ leaks here
#  891|       child_pid = fork();
#  892|       if (child_pid == 0) { /* child */
#  893|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child,
#  894|                         P11_CHILD_PATH, P11_CHILD_LOG_FILE, extra_args, false,
#  895|                         STDIN_FILENO, STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def335]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:893:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_true: following ‘true’ branch (when ‘child_pid == 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:893:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:893:9: throw: if ‘exec_child_ex’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:893:9: danger: ‘pipefd_to_child[1]’ leaks here
#  891|       child_pid = fork();
#  892|       if (child_pid == 0) { /* child */
#  893|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child,
#  894|                         P11_CHILD_PATH, P11_CHILD_LOG_FILE, extra_args, false,
#  895|                         STDIN_FILENO, STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def336]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:901:14: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: danger: ‘pipefd_from_child[1]’ leaks here
#  900|   
#  901|           state->io->read_from_child_fd = pipefd_from_child[0];
#  902|->         PIPE_FD_CLOSE(pipefd_from_child[1]);
#  903|           sss_fd_nonblocking(state->io->read_from_child_fd);
#  904|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def337]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:901:14: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: danger: ‘pipefd_to_child[0]’ leaks here
#  900|   
#  901|           state->io->read_from_child_fd = pipefd_from_child[0];
#  902|->         PIPE_FD_CLOSE(pipefd_from_child[1]);
#  903|           sss_fd_nonblocking(state->io->read_from_child_fd);
#  904|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def338]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:901:14: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: danger: ‘pipefd_to_child[1]’ leaks here
#  900|   
#  901|           state->io->read_from_child_fd = pipefd_from_child[0];
#  902|->         PIPE_FD_CLOSE(pipefd_from_child[1]);
#  903|           sss_fd_nonblocking(state->io->read_from_child_fd);
#  904|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def339]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:901:14: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:9: danger: ‘pipefd_from_child[1]’ leaks here
#  901|           state->io->read_from_child_fd = pipefd_from_child[0];
#  902|           PIPE_FD_CLOSE(pipefd_from_child[1]);
#  903|->         sss_fd_nonblocking(state->io->read_from_child_fd);
#  904|   
#  905|           state->io->write_to_child_fd = pipefd_to_child[1];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def340]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:901:14: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:9: danger: ‘pipefd_to_child[0]’ leaks here
#  901|           state->io->read_from_child_fd = pipefd_from_child[0];
#  902|           PIPE_FD_CLOSE(pipefd_from_child[1]);
#  903|->         sss_fd_nonblocking(state->io->read_from_child_fd);
#  904|   
#  905|           state->io->write_to_child_fd = pipefd_to_child[1];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def341]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:901:14: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:9: danger: ‘pipefd_to_child[1]’ leaks here
#  901|           state->io->read_from_child_fd = pipefd_from_child[0];
#  902|           PIPE_FD_CLOSE(pipefd_from_child[1]);
#  903|->         sss_fd_nonblocking(state->io->read_from_child_fd);
#  904|   
#  905|           state->io->write_to_child_fd = pipefd_to_child[1];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def342]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:906:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:901:14: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:906:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:906:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:906:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:906:9: danger: ‘pipefd_from_child[1]’ leaks here
#  904|   
#  905|           state->io->write_to_child_fd = pipefd_to_child[1];
#  906|->         PIPE_FD_CLOSE(pipefd_to_child[0]);
#  907|           sss_fd_nonblocking(state->io->write_to_child_fd);
#  908|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def343]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:906:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:901:14: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:906:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:906:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:906:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:906:9: danger: ‘pipefd_to_child[0]’ leaks here
#  904|   
#  905|           state->io->write_to_child_fd = pipefd_to_child[1];
#  906|->         PIPE_FD_CLOSE(pipefd_to_child[0]);
#  907|           sss_fd_nonblocking(state->io->write_to_child_fd);
#  908|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def344]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:907:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:901:14: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:906:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:907:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:907:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:907:9: danger: ‘pipefd_from_child[1]’ leaks here
#  905|           state->io->write_to_child_fd = pipefd_to_child[1];
#  906|           PIPE_FD_CLOSE(pipefd_to_child[0]);
#  907|->         sss_fd_nonblocking(state->io->write_to_child_fd);
#  908|   
#  909|           /* Set up SIGCHLD handler */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def345]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:907:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:901:14: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:906:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:907:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:907:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:907:9: danger: ‘pipefd_to_child[0]’ leaks here
#  905|           state->io->write_to_child_fd = pipefd_to_child[1];
#  906|           PIPE_FD_CLOSE(pipefd_to_child[0]);
#  907|->         sss_fd_nonblocking(state->io->write_to_child_fd);
#  908|   
#  909|           /* Set up SIGCHLD handler */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def346]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:910:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:901:14: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:906:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:907:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:910:15: throw: if ‘child_handler_setup’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:910:15: danger: ‘pipefd_from_child[1]’ leaks here
#  908|   
#  909|           /* Set up SIGCHLD handler */
#  910|->         ret = child_handler_setup(ev, child_pid, NULL, NULL, &state->child_ctx);
#  911|           if (ret != EOK) {
#  912|               DEBUG(SSSDBG_OP_FAILURE, "Could not set up child handlers [%d]: %s\n",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def347]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:910:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:901:14: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:906:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:907:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:910:15: throw: if ‘child_handler_setup’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:910:15: danger: ‘pipefd_to_child[0]’ leaks here
#  908|   
#  909|           /* Set up SIGCHLD handler */
#  910|->         ret = child_handler_setup(ev, child_pid, NULL, NULL, &state->child_ctx);
#  911|           if (ret != EOK) {
#  912|               DEBUG(SSSDBG_OP_FAILURE, "Could not set up child handlers [%d]: %s\n",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def348]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:912:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:901:14: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:906:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:907:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:911:12: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:912:13: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:912:13: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:912:13: danger: ‘pipefd_from_child[1]’ leaks here
#  910|           ret = child_handler_setup(ev, child_pid, NULL, NULL, &state->child_ctx);
#  911|           if (ret != EOK) {
#  912|->             DEBUG(SSSDBG_OP_FAILURE, "Could not set up child handlers [%d]: %s\n",
#  913|                   ret, sss_strerror(ret));
#  914|               ret = ERR_P11_CHILD;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def349]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:912:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:901:14: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:906:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:907:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:911:12: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:912:13: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:912:13: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:912:13: danger: ‘pipefd_to_child[0]’ leaks here
#  910|           ret = child_handler_setup(ev, child_pid, NULL, NULL, &state->child_ctx);
#  911|           if (ret != EOK) {
#  912|->             DEBUG(SSSDBG_OP_FAILURE, "Could not set up child handlers [%d]: %s\n",
#  913|                   ret, sss_strerror(ret));
#  914|               ret = ERR_P11_CHILD;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def350]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:961:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:960:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:961:9: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:961:9: danger: ‘pipefd_from_child[0]’ leaks here
#  959|       } else { /* error */
#  960|           ret = errno;
#  961|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
#  962|                                      ret, sss_strerror(ret));
#  963|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def351]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:961:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:960:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:961:9: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:961:9: danger: ‘pipefd_from_child[1]’ leaks here
#  959|       } else { /* error */
#  960|           ret = errno;
#  961|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
#  962|                                      ret, sss_strerror(ret));
#  963|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def352]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:961:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:960:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:961:9: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:961:9: danger: ‘pipefd_to_child[0]’ leaks here
#  959|       } else { /* error */
#  960|           ret = errno;
#  961|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
#  962|                                      ret, sss_strerror(ret));
#  963|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def353]
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:961:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:960:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:961:9: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:961:9: danger: ‘pipefd_to_child[1]’ leaks here
#  959|       } else { /* error */
#  960|           ret = errno;
#  961|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
#  962|                                      ret, sss_strerror(ret));
#  963|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def354]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1083:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1082:15: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1083:9: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1083:9: danger: ‘pipefd_from_child[0]’ leaks here
# 1081|       if (ret == -1) {
# 1082|           ret = errno;
# 1083|->         DEBUG(SSSDBG_CRIT_FAILURE,
# 1084|                 "pipe failed [%d][%s].\n", ret, strerror(ret));
# 1085|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def355]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1083:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1082:15: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1083:9: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1083:9: danger: ‘pipefd_from_child[1]’ leaks here
# 1081|       if (ret == -1) {
# 1082|           ret = errno;
# 1083|->         DEBUG(SSSDBG_CRIT_FAILURE,
# 1084|                 "pipe failed [%d][%s].\n", ret, strerror(ret));
# 1085|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def356]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1090:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_true: following ‘true’ branch (when ‘child_pid == 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1090:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1090:9: throw: if ‘exec_child_ex’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1090:9: danger: ‘pipefd_from_child[0]’ leaks here
# 1088|       child_pid = fork();
# 1089|       if (child_pid == 0) { /* child */
# 1090|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child,
# 1091|                         PASSKEY_CHILD_PATH, state->logfile, state->extra_args,
# 1092|                         false, STDIN_FILENO, STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def357]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1090:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_true: following ‘true’ branch (when ‘child_pid == 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1090:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1090:9: throw: if ‘exec_child_ex’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1090:9: danger: ‘pipefd_from_child[1]’ leaks here
# 1088|       child_pid = fork();
# 1089|       if (child_pid == 0) { /* child */
# 1090|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child,
# 1091|                         PASSKEY_CHILD_PATH, state->logfile, state->extra_args,
# 1092|                         false, STDIN_FILENO, STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def358]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1090:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_true: following ‘true’ branch (when ‘child_pid == 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1090:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1090:9: throw: if ‘exec_child_ex’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1090:9: danger: ‘pipefd_to_child[0]’ leaks here
# 1088|       child_pid = fork();
# 1089|       if (child_pid == 0) { /* child */
# 1090|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child,
# 1091|                         PASSKEY_CHILD_PATH, state->logfile, state->extra_args,
# 1092|                         false, STDIN_FILENO, STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def359]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1090:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_true: following ‘true’ branch (when ‘child_pid == 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1090:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1090:9: throw: if ‘exec_child_ex’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1090:9: danger: ‘pipefd_to_child[1]’ leaks here
# 1088|       child_pid = fork();
# 1089|       if (child_pid == 0) { /* child */
# 1090|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child,
# 1091|                         PASSKEY_CHILD_PATH, state->logfile, state->extra_args,
# 1092|                         false, STDIN_FILENO, STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def360]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: danger: ‘pipefd_from_child[1]’ leaks here
# 1097|       } else if (child_pid > 0) { /* parent */
# 1098|           state->io->read_from_child_fd = pipefd_from_child[0];
# 1099|->         PIPE_FD_CLOSE(pipefd_from_child[1]);
# 1100|           sss_fd_nonblocking(state->io->read_from_child_fd);
# 1101|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def361]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: danger: ‘pipefd_to_child[0]’ leaks here
# 1097|       } else if (child_pid > 0) { /* parent */
# 1098|           state->io->read_from_child_fd = pipefd_from_child[0];
# 1099|->         PIPE_FD_CLOSE(pipefd_from_child[1]);
# 1100|           sss_fd_nonblocking(state->io->read_from_child_fd);
# 1101|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def362]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: danger: ‘pipefd_to_child[1]’ leaks here
# 1097|       } else if (child_pid > 0) { /* parent */
# 1098|           state->io->read_from_child_fd = pipefd_from_child[0];
# 1099|->         PIPE_FD_CLOSE(pipefd_from_child[1]);
# 1100|           sss_fd_nonblocking(state->io->read_from_child_fd);
# 1101|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def363]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:9: danger: ‘pipefd_from_child[1]’ leaks here
# 1098|           state->io->read_from_child_fd = pipefd_from_child[0];
# 1099|           PIPE_FD_CLOSE(pipefd_from_child[1]);
# 1100|->         sss_fd_nonblocking(state->io->read_from_child_fd);
# 1101|   
# 1102|           state->io->write_to_child_fd = pipefd_to_child[1];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def364]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:9: danger: ‘pipefd_to_child[0]’ leaks here
# 1098|           state->io->read_from_child_fd = pipefd_from_child[0];
# 1099|           PIPE_FD_CLOSE(pipefd_from_child[1]);
# 1100|->         sss_fd_nonblocking(state->io->read_from_child_fd);
# 1101|   
# 1102|           state->io->write_to_child_fd = pipefd_to_child[1];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def365]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:9: danger: ‘pipefd_to_child[1]’ leaks here
# 1098|           state->io->read_from_child_fd = pipefd_from_child[0];
# 1099|           PIPE_FD_CLOSE(pipefd_from_child[1]);
# 1100|->         sss_fd_nonblocking(state->io->read_from_child_fd);
# 1101|   
# 1102|           state->io->write_to_child_fd = pipefd_to_child[1];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def366]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: danger: ‘pipefd_from_child[1]’ leaks here
# 1101|   
# 1102|           state->io->write_to_child_fd = pipefd_to_child[1];
# 1103|->         PIPE_FD_CLOSE(pipefd_to_child[0]);
# 1104|           sss_fd_nonblocking(state->io->write_to_child_fd);
# 1105|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def367]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: danger: ‘pipefd_to_child[0]’ leaks here
# 1101|   
# 1102|           state->io->write_to_child_fd = pipefd_to_child[1];
# 1103|->         PIPE_FD_CLOSE(pipefd_to_child[0]);
# 1104|           sss_fd_nonblocking(state->io->write_to_child_fd);
# 1105|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def368]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1104:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1104:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1104:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1104:9: danger: ‘pipefd_from_child[1]’ leaks here
# 1102|           state->io->write_to_child_fd = pipefd_to_child[1];
# 1103|           PIPE_FD_CLOSE(pipefd_to_child[0]);
# 1104|->         sss_fd_nonblocking(state->io->write_to_child_fd);
# 1105|   
# 1106|           /* Set up SIGCHLD handler */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def369]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1104:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1104:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1104:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1104:9: danger: ‘pipefd_to_child[0]’ leaks here
# 1102|           state->io->write_to_child_fd = pipefd_to_child[1];
# 1103|           PIPE_FD_CLOSE(pipefd_to_child[0]);
# 1104|->         sss_fd_nonblocking(state->io->write_to_child_fd);
# 1105|   
# 1106|           /* Set up SIGCHLD handler */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def370]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1108:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1104:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1107:12: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1108:19: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1108:19: throw: if ‘child_handler_setup’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1108:19: danger: ‘pipefd_from_child[1]’ leaks here
# 1106|           /* Set up SIGCHLD handler */
# 1107|           if (state->kerberos_pa) {
# 1108|->             ret = child_handler_setup(state->ev, child_pid, NULL, req, &state->child_ctx);
# 1109|           } else {
# 1110|               ret = child_handler_setup(state->ev, child_pid,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def371]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1108:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1104:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1107:12: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1108:19: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1108:19: throw: if ‘child_handler_setup’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1108:19: danger: ‘pipefd_to_child[0]’ leaks here
# 1106|           /* Set up SIGCHLD handler */
# 1107|           if (state->kerberos_pa) {
# 1108|->             ret = child_handler_setup(state->ev, child_pid, NULL, req, &state->child_ctx);
# 1109|           } else {
# 1110|               ret = child_handler_setup(state->ev, child_pid,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def372]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1110:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1104:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1107:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1110:19: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1110:19: throw: if ‘child_handler_setup’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1110:19: danger: ‘pipefd_from_child[1]’ leaks here
# 1108|               ret = child_handler_setup(state->ev, child_pid, NULL, req, &state->child_ctx);
# 1109|           } else {
# 1110|->             ret = child_handler_setup(state->ev, child_pid,
# 1111|                                         pam_passkey_auth_done, req,
# 1112|                                         &state->child_ctx);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def373]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1110:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1104:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1107:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1110:19: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1110:19: throw: if ‘child_handler_setup’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1110:19: danger: ‘pipefd_to_child[0]’ leaks here
# 1108|               ret = child_handler_setup(state->ev, child_pid, NULL, req, &state->child_ctx);
# 1109|           } else {
# 1110|->             ret = child_handler_setup(state->ev, child_pid,
# 1111|                                         pam_passkey_auth_done, req,
# 1112|                                         &state->child_ctx);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def374]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1116:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1104:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1115:12: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1116:13: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1116:13: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1116:13: danger: ‘pipefd_from_child[1]’ leaks here
# 1114|   
# 1115|           if (ret != EOK) {
# 1116|->             DEBUG(SSSDBG_OP_FAILURE, "Could not set up child handlers [%d]: %s\n",
# 1117|                     ret, sss_strerror(ret));
# 1118|               ret = ERR_PASSKEY_CHILD;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def375]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1116:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1104:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1115:12: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1116:13: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1116:13: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1116:13: danger: ‘pipefd_to_child[0]’ leaks here
# 1114|   
# 1115|           if (ret != EOK) {
# 1116|->             DEBUG(SSSDBG_OP_FAILURE, "Could not set up child handlers [%d]: %s\n",
# 1117|                     ret, sss_strerror(ret));
# 1118|               ret = ERR_PASSKEY_CHILD;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def376]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1123:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1104:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1115:12: branch_false: following ‘false’ branch (when ‘ret == 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1123:41: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1123:14: throw: if ‘tevent_timeval_current_ofs’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1123:14: danger: ‘pipefd_from_child[1]’ leaks here
# 1121|   
# 1122|           /* Set up timeout handler */
# 1123|->         tv = tevent_timeval_current_ofs(state->timeout, 0);
# 1124|           state->timeout_handler = tevent_add_timer(state->ev, req, tv,
# 1125|                                                     passkey_child_timeout, req);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def377]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1123:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1104:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1115:12: branch_false: following ‘false’ branch (when ‘ret == 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1123:41: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1123:14: throw: if ‘tevent_timeval_current_ofs’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1123:14: danger: ‘pipefd_to_child[0]’ leaks here
# 1121|   
# 1122|           /* Set up timeout handler */
# 1123|->         tv = tevent_timeval_current_ofs(state->timeout, 0);
# 1124|           state->timeout_handler = tevent_add_timer(state->ev, req, tv,
# 1125|                                                     passkey_child_timeout, req);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def378]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1156:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1155:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1156:9: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1156:9: danger: ‘pipefd_from_child[0]’ leaks here
# 1154|       } else { /* error */
# 1155|           ret = errno;
# 1156|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
# 1157|                 ret, sss_strerror(ret));
# 1158|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def379]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1156:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1155:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1156:9: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1156:9: danger: ‘pipefd_from_child[1]’ leaks here
# 1154|       } else { /* error */
# 1155|           ret = errno;
# 1156|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
# 1157|                 ret, sss_strerror(ret));
# 1158|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def380]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1156:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1155:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1156:9: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1156:9: danger: ‘pipefd_to_child[0]’ leaks here
# 1154|       } else { /* error */
# 1155|           ret = errno;
# 1156|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
# 1157|                 ret, sss_strerror(ret));
# 1158|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def381]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1156:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1155:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1156:9: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1156:9: danger: ‘pipefd_to_child[1]’ leaks here
# 1154|       } else { /* error */
# 1155|           ret = errno;
# 1156|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
# 1157|                 ret, sss_strerror(ret));
# 1158|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def382]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1082:15: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1164:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: danger: ‘pipefd_from_child[0]’ leaks here
# 1163|   done:
# 1164|       if (ret != EOK) {
# 1165|->         PIPE_CLOSE(pipefd_from_child);
# 1166|           PIPE_CLOSE(pipefd_to_child);
# 1167|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def383]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1100:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1115:12: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1116:13: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: danger: ‘pipefd_from_child[1]’ leaks here
# 1163|   done:
# 1164|       if (ret != EOK) {
# 1165|->         PIPE_CLOSE(pipefd_from_child);
# 1166|           PIPE_CLOSE(pipefd_to_child);
# 1167|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def384]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1098:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1099:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1103:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1104:28: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1115:12: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1116:13: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: danger: ‘pipefd_to_child[0]’ leaks here
# 1163|   done:
# 1164|       if (ret != EOK) {
# 1165|->         PIPE_CLOSE(pipefd_from_child);
# 1166|           PIPE_CLOSE(pipefd_to_child);
# 1167|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def385]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1155:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1164:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: danger: ‘pipefd_from_child[0]’ leaks here
# 1164|       if (ret != EOK) {
# 1165|           PIPE_CLOSE(pipefd_from_child);
# 1166|->         PIPE_CLOSE(pipefd_to_child);
# 1167|       }
# 1168|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def386]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1155:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1164:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: danger: ‘pipefd_from_child[1]’ leaks here
# 1164|       if (ret != EOK) {
# 1165|           PIPE_CLOSE(pipefd_from_child);
# 1166|->         PIPE_CLOSE(pipefd_to_child);
# 1167|       }
# 1168|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def387]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1155:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1164:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: danger: ‘pipefd_to_child[0]’ leaks here
# 1164|       if (ret != EOK) {
# 1165|           PIPE_CLOSE(pipefd_from_child);
# 1166|->         PIPE_CLOSE(pipefd_to_child);
# 1167|       }
# 1168|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def388]
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1074:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1080:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1081:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1088:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1089:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1097:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1155:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1164:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1165:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/pam/pamsrv_passkey.c:1166:9: danger: ‘pipefd_to_child[1]’ leaks here
# 1164|       if (ret != EOK) {
# 1165|           PIPE_CLOSE(pipefd_from_child);
# 1166|->         PIPE_CLOSE(pipefd_to_child);
# 1167|       }
# 1168|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def389]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:193:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:207:15: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:193:16: danger: ‘pipefd_from_child[0]’ leaks here
#  191|   
#  192|       if (state->iter >= state->cert_count) {
#  193|->         return EOK;
#  194|       }
#  195|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def390]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:193:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:207:15: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:193:16: danger: ‘pipefd_from_child[1]’ leaks here
#  191|   
#  192|       if (state->iter >= state->cert_count) {
#  193|->         return EOK;
#  194|       }
#  195|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def391]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:193:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:251:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:193:16: danger: ‘pipefd_to_child[0]’ leaks here
#  191|   
#  192|       if (state->iter >= state->cert_count) {
#  193|->         return EOK;
#  194|       }
#  195|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def392]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:193:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:251:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:193:16: danger: ‘pipefd_to_child[1]’ leaks here
#  191|   
#  192|       if (state->iter >= state->cert_count) {
#  193|->         return EOK;
#  194|       }
#  195|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def393]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:208:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:207:15: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:208:9: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:208:9: danger: ‘pipefd_from_child[0]’ leaks here
#  206|       if (ret == -1) {
#  207|           ret = errno;
#  208|->         DEBUG(SSSDBG_CRIT_FAILURE,
#  209|                 "pipe failed [%d][%s].\n", ret, strerror(ret));
#  210|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def394]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:208:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:207:15: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:208:9: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:208:9: danger: ‘pipefd_from_child[1]’ leaks here
#  206|       if (ret == -1) {
#  207|           ret = errno;
#  208|->         DEBUG(SSSDBG_CRIT_FAILURE,
#  209|                 "pipe failed [%d][%s].\n", ret, strerror(ret));
#  210|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def395]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:215:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_true: following ‘true’ branch (when ‘child_pid == 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:215:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:215:9: throw: if ‘exec_child_ex’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:215:9: danger: ‘pipefd_from_child[0]’ leaks here
#  213|       child_pid = fork();
#  214|       if (child_pid == 0) { /* child */
#  215|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child, P11_CHILD_PATH,
#  216|                         state->logfile, state->extra_args, false,
#  217|                         STDIN_FILENO, STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def396]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:215:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_true: following ‘true’ branch (when ‘child_pid == 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:215:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:215:9: throw: if ‘exec_child_ex’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:215:9: danger: ‘pipefd_from_child[1]’ leaks here
#  213|       child_pid = fork();
#  214|       if (child_pid == 0) { /* child */
#  215|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child, P11_CHILD_PATH,
#  216|                         state->logfile, state->extra_args, false,
#  217|                         STDIN_FILENO, STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def397]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:215:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_true: following ‘true’ branch (when ‘child_pid == 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:215:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:215:9: throw: if ‘exec_child_ex’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:215:9: danger: ‘pipefd_to_child[0]’ leaks here
#  213|       child_pid = fork();
#  214|       if (child_pid == 0) { /* child */
#  215|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child, P11_CHILD_PATH,
#  216|                         state->logfile, state->extra_args, false,
#  217|                         STDIN_FILENO, STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def398]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:215:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_true: following ‘true’ branch (when ‘child_pid == 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:215:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:215:9: throw: if ‘exec_child_ex’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:215:9: danger: ‘pipefd_to_child[1]’ leaks here
#  213|       child_pid = fork();
#  214|       if (child_pid == 0) { /* child */
#  215|->         exec_child_ex(state, pipefd_to_child, pipefd_from_child, P11_CHILD_PATH,
#  216|                         state->logfile, state->extra_args, false,
#  217|                         STDIN_FILENO, STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def399]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:222:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: danger: ‘pipefd_from_child[1]’ leaks here
#  221|   
#  222|           state->io->read_from_child_fd = pipefd_from_child[0];
#  223|->         PIPE_FD_CLOSE(pipefd_from_child[1]);
#  224|           sss_fd_nonblocking(state->io->read_from_child_fd);
#  225|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def400]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:222:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: danger: ‘pipefd_to_child[0]’ leaks here
#  221|   
#  222|           state->io->read_from_child_fd = pipefd_from_child[0];
#  223|->         PIPE_FD_CLOSE(pipefd_from_child[1]);
#  224|           sss_fd_nonblocking(state->io->read_from_child_fd);
#  225|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def401]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:222:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: danger: ‘pipefd_to_child[1]’ leaks here
#  221|   
#  222|           state->io->read_from_child_fd = pipefd_from_child[0];
#  223|->         PIPE_FD_CLOSE(pipefd_from_child[1]);
#  224|           sss_fd_nonblocking(state->io->read_from_child_fd);
#  225|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def402]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:222:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:9: danger: ‘pipefd_from_child[1]’ leaks here
#  222|           state->io->read_from_child_fd = pipefd_from_child[0];
#  223|           PIPE_FD_CLOSE(pipefd_from_child[1]);
#  224|->         sss_fd_nonblocking(state->io->read_from_child_fd);
#  225|   
#  226|           state->io->write_to_child_fd = pipefd_to_child[1];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def403]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:222:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:9: danger: ‘pipefd_to_child[0]’ leaks here
#  222|           state->io->read_from_child_fd = pipefd_from_child[0];
#  223|           PIPE_FD_CLOSE(pipefd_from_child[1]);
#  224|->         sss_fd_nonblocking(state->io->read_from_child_fd);
#  225|   
#  226|           state->io->write_to_child_fd = pipefd_to_child[1];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def404]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:222:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:9: danger: ‘pipefd_to_child[1]’ leaks here
#  222|           state->io->read_from_child_fd = pipefd_from_child[0];
#  223|           PIPE_FD_CLOSE(pipefd_from_child[1]);
#  224|->         sss_fd_nonblocking(state->io->read_from_child_fd);
#  225|   
#  226|           state->io->write_to_child_fd = pipefd_to_child[1];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def405]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:227:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:222:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:227:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:227:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:227:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:227:9: danger: ‘pipefd_from_child[1]’ leaks here
#  225|   
#  226|           state->io->write_to_child_fd = pipefd_to_child[1];
#  227|->         PIPE_FD_CLOSE(pipefd_to_child[0]);
#  228|           sss_fd_nonblocking(state->io->write_to_child_fd);
#  229|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def406]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:227:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:222:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:227:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:227:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:227:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:227:9: danger: ‘pipefd_to_child[0]’ leaks here
#  225|   
#  226|           state->io->write_to_child_fd = pipefd_to_child[1];
#  227|->         PIPE_FD_CLOSE(pipefd_to_child[0]);
#  228|           sss_fd_nonblocking(state->io->write_to_child_fd);
#  229|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def407]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:228:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:222:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:227:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:228:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:228:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:228:9: danger: ‘pipefd_from_child[1]’ leaks here
#  226|           state->io->write_to_child_fd = pipefd_to_child[1];
#  227|           PIPE_FD_CLOSE(pipefd_to_child[0]);
#  228|->         sss_fd_nonblocking(state->io->write_to_child_fd);
#  229|   
#  230|           /* Set up SIGCHLD handler */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def408]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:228:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:222:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:227:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:228:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:228:9: throw: if ‘sss_fd_nonblocking’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:228:9: danger: ‘pipefd_to_child[0]’ leaks here
#  226|           state->io->write_to_child_fd = pipefd_to_child[1];
#  227|           PIPE_FD_CLOSE(pipefd_to_child[0]);
#  228|->         sss_fd_nonblocking(state->io->write_to_child_fd);
#  229|   
#  230|           /* Set up SIGCHLD handler */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def409]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:231:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:222:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:227:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:228:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:231:15: throw: if ‘child_handler_setup’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:231:15: danger: ‘pipefd_from_child[1]’ leaks here
#  229|   
#  230|           /* Set up SIGCHLD handler */
#  231|->         ret = child_handler_setup(state->ev, child_pid, cert_to_ssh_key_done,
#  232|                                     req, &state->child_ctx);
#  233|           if (ret != EOK) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def410]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:231:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:222:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:227:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:228:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:231:15: throw: if ‘child_handler_setup’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:231:15: danger: ‘pipefd_to_child[0]’ leaks here
#  229|   
#  230|           /* Set up SIGCHLD handler */
#  231|->         ret = child_handler_setup(state->ev, child_pid, cert_to_ssh_key_done,
#  232|                                     req, &state->child_ctx);
#  233|           if (ret != EOK) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def411]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:234:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:222:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:227:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:228:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:233:12: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:234:13: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:234:13: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:234:13: danger: ‘pipefd_from_child[1]’ leaks here
#  232|                                     req, &state->child_ctx);
#  233|           if (ret != EOK) {
#  234|->             DEBUG(SSSDBG_OP_FAILURE, "Could not set up child handlers [%d]: %s\n",
#  235|                   ret, sss_strerror(ret));
#  236|               ret = ERR_P11_CHILD;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def412]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:234:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:222:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:227:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:228:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:233:12: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:234:13: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:234:13: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:234:13: danger: ‘pipefd_to_child[0]’ leaks here
#  232|                                     req, &state->child_ctx);
#  233|           if (ret != EOK) {
#  234|->             DEBUG(SSSDBG_OP_FAILURE, "Could not set up child handlers [%d]: %s\n",
#  235|                   ret, sss_strerror(ret));
#  236|               ret = ERR_P11_CHILD;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def413]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:252:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:251:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:252:9: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:252:9: danger: ‘pipefd_from_child[0]’ leaks here
#  250|       } else { /* error */
#  251|           ret = errno;
#  252|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
#  253|                                      ret, sss_strerror(ret));
#  254|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def414]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:252:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:251:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:252:9: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:252:9: danger: ‘pipefd_from_child[1]’ leaks here
#  250|       } else { /* error */
#  251|           ret = errno;
#  252|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
#  253|                                      ret, sss_strerror(ret));
#  254|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def415]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:252:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:251:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:252:9: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:252:9: danger: ‘pipefd_to_child[0]’ leaks here
#  250|       } else { /* error */
#  251|           ret = errno;
#  252|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
#  253|                                      ret, sss_strerror(ret));
#  254|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def416]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:252:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:251:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:252:9: throw: if ‘sss_strerror’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:252:9: danger: ‘pipefd_to_child[1]’ leaks here
#  250|       } else { /* error */
#  251|           ret = errno;
#  252|->         DEBUG(SSSDBG_CRIT_FAILURE, "fork failed [%d][%s].\n",
#  253|                                      ret, sss_strerror(ret));
#  254|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def417]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_true: following ‘true’ branch (when ‘ret == -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:207:15: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:260:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: danger: ‘pipefd_from_child[0]’ leaks here
#  259|   done:
#  260|       if (ret != EOK) {
#  261|->         PIPE_CLOSE(pipefd_from_child);
#  262|           PIPE_CLOSE(pipefd_to_child);
#  263|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def418]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:222:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:224:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:227:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:227:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:233:12: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:234:13: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: danger: ‘pipefd_from_child[1]’ leaks here
#  259|   done:
#  260|       if (ret != EOK) {
#  261|->         PIPE_CLOSE(pipefd_from_child);
#  262|           PIPE_CLOSE(pipefd_to_child);
#  263|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def419]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:222:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:223:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:227:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:228:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:233:12: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:234:13: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: danger: ‘pipefd_to_child[0]’ leaks here
#  259|   done:
#  260|       if (ret != EOK) {
#  261|->         PIPE_CLOSE(pipefd_from_child);
#  262|           PIPE_CLOSE(pipefd_to_child);
#  263|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def420]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:251:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:260:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: danger: ‘pipefd_to_child[1]’ leaks here
#  259|   done:
#  260|       if (ret != EOK) {
#  261|->         PIPE_CLOSE(pipefd_from_child);
#  262|           PIPE_CLOSE(pipefd_to_child);
#  263|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def421]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[0]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:251:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:260:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: danger: ‘pipefd_from_child[0]’ leaks here
#  260|       if (ret != EOK) {
#  261|           PIPE_CLOSE(pipefd_from_child);
#  262|->         PIPE_CLOSE(pipefd_to_child);
#  263|       }
#  264|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def422]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:251:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:260:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: danger: ‘pipefd_from_child[1]’ leaks here
#  260|       if (ret != EOK) {
#  261|           PIPE_CLOSE(pipefd_from_child);
#  262|->         PIPE_CLOSE(pipefd_to_child);
#  263|       }
#  264|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def423]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:251:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:260:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: danger: ‘pipefd_to_child[0]’ leaks here
#  260|       if (ret != EOK) {
#  261|           PIPE_CLOSE(pipefd_from_child);
#  262|->         PIPE_CLOSE(pipefd_to_child);
#  263|       }
#  264|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def424]
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[1]’
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:192:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:196:28: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:199:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:205:11: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:206:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:213:17: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:214:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:220:15: branch_false: following ‘false’ branch (when ‘child_pid <= 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:251:15: branch_false: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:260:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:261:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: branch_true: ...to here
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: throw: if ‘close’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cert_to_ssh_key.c:262:9: danger: ‘pipefd_to_child[1]’ leaks here
#  260|       if (ret != EOK) {
#  261|           PIPE_CLOSE(pipefd_from_child);
#  262|->         PIPE_CLOSE(pipefd_to_child);
#  263|       }
#  264|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def425]
sssd-2.11.1/src/responder/ssh/ssh_cmd.c:131:5: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
sssd-2.11.1/src/responder/ssh/ssh_cmd.c:130:5: acquire_resource: ‘va_start’ called here
sssd-2.11.1/src/responder/ssh/ssh_cmd.c:131:5: throw: if ‘sss_vdebug_fn’ throws an exception...
sssd-2.11.1/src/responder/ssh/ssh_cmd.c:131:5: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  129|   
#  130|       va_start(ap, format);
#  131|->     sss_vdebug_fn(file, line, function, level, APPEND_LINE_FEED,
#  132|                     format, ap);
#  133|       va_end(ap);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def426]
sssd-2.11.1/src/sbus/interface/sbus_introspection.c:395:5: warning[-Wanalyzer-malloc-leak]: leak of 'memstream'
sssd-2.11.1/src/sbus/interface/sbus_introspection.c:373:17: acquire_memory: allocated here
sssd-2.11.1/src/sbus/interface/sbus_introspection.c:374:8: branch_false: following 'false' branch (when 'memstream' is non-NULL)...
sssd-2.11.1/src/sbus/interface/sbus_introspection.c:378:5: branch_false: ...to here
sssd-2.11.1/src/sbus/interface/sbus_introspection.c:378:5: branch_false: following 'false' branch...
sssd-2.11.1/src/sbus/interface/sbus_introspection.c:379:5: branch_false: ...to here
sssd-2.11.1/src/sbus/interface/sbus_introspection.c:379:5: branch_false: following 'false' branch...
sssd-2.11.1/src/sbus/interface/sbus_introspection.c:379:5: branch_false: ...to here
sssd-2.11.1/src/sbus/interface/sbus_introspection.c:389:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sbus/interface/sbus_introspection.c:393:5: branch_false: ...to here
sssd-2.11.1/src/sbus/interface/sbus_introspection.c:393:5: branch_false: following 'false' branch...
sssd-2.11.1/src/sbus/interface/sbus_introspection.c:395:5: branch_false: ...to here
sssd-2.11.1/src/sbus/interface/sbus_introspection.c:395:5: throw: if 'fflush' throws an exception...
sssd-2.11.1/src/sbus/interface/sbus_introspection.c:395:5: danger: 'memstream' leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  393|       WRITE_OR_FAIL(memstream, ret, done, FMT_NODE_CLOSE);
#  394|   
#  395|->     fflush(memstream);
#  396|       introspection = talloc_memdup(mem_ctx, buffer, size + 1);
#  397|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def427]
sssd-2.11.1/src/sbus/request/sbus_message.c:96:9: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/sbus/request/sbus_message.c:301:1: enter_function: entry to '_sbus_signal_create'
sssd-2.11.1/src/sbus/request/sbus_message.c:311:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/sbus/request/sbus_message.c:312:11: call_function: calling 'sbus_signal_create_valist' from '_sbus_signal_create'
#   94|       talloc_msg = talloc(mem_ctx, struct sbus_talloc_msg);
#   95|       if (talloc_msg == NULL) {
#   96|->         DEBUG(SSSDBG_CRIT_FAILURE,
#   97|                 "Unable to bound D-Bus message with talloc context!\n");
#   98|           return ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def428]
sssd-2.11.1/src/sbus/request/sbus_message.c:105:12: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/sbus/request/sbus_message.c:301:1: enter_function: entry to '_sbus_signal_create'
sssd-2.11.1/src/sbus/request/sbus_message.c:311:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/sbus/request/sbus_message.c:312:11: call_function: calling 'sbus_signal_create_valist' from '_sbus_signal_create'
#  103|        * freed through dbus api. */
#  104|   
#  105|->     bret = dbus_message_allocate_data_slot(&global_data_slot);
#  106|       if (!bret) {
#  107|           DEBUG(SSSDBG_CRIT_FAILURE, "Unable to allocate data slot!\n");

Error: GCC_ANALYZER_WARNING (CWE-404): [#def429]
sssd-2.11.1/src/sbus/request/sbus_message.c:107:9: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/sbus/request/sbus_message.c:301:1: enter_function: entry to '_sbus_signal_create'
sssd-2.11.1/src/sbus/request/sbus_message.c:311:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/sbus/request/sbus_message.c:312:11: call_function: calling 'sbus_signal_create_valist' from '_sbus_signal_create'
#  105|       bret = dbus_message_allocate_data_slot(&global_data_slot);
#  106|       if (!bret) {
#  107|->         DEBUG(SSSDBG_CRIT_FAILURE, "Unable to allocate data slot!\n");
#  108|           talloc_free(talloc_msg);
#  109|           return ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def430]
sssd-2.11.1/src/sbus/request/sbus_message.c:113:12: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/sbus/request/sbus_message.c:301:1: enter_function: entry to '_sbus_signal_create'
sssd-2.11.1/src/sbus/request/sbus_message.c:311:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/sbus/request/sbus_message.c:312:11: call_function: calling 'sbus_signal_create_valist' from '_sbus_signal_create'
#  111|   
#  112|       free_fn = sbus_msg_data_destructor;
#  113|->     bret = dbus_message_set_data(msg, global_data_slot, talloc_msg, free_fn);
#  114|       if (!bret) {
#  115|           DEBUG(SSSDBG_CRIT_FAILURE, "Unable to set message data!\n");

Error: GCC_ANALYZER_WARNING (CWE-404): [#def431]
sssd-2.11.1/src/sbus/request/sbus_message.c:180:11: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/sbus/request/sbus_message.c:227:1: enter_function: entry to '_sbus_method_create'
sssd-2.11.1/src/sbus/request/sbus_message.c:238:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/sbus/request/sbus_message.c:239:11: call_function: calling 'sbus_method_create_valist' from '_sbus_method_create'
#  178|       errno_t ret;
#  179|   
#  180|->     msg = dbus_message_new_method_call(bus, path, iface, method);
#  181|       if (msg == NULL) {
#  182|           DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create message\n");

Error: GCC_ANALYZER_WARNING (CWE-404): [#def432]
sssd-2.11.1/src/sbus/request/sbus_message.c:182:9: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/sbus/request/sbus_message.c:227:1: enter_function: entry to '_sbus_method_create'
sssd-2.11.1/src/sbus/request/sbus_message.c:238:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/sbus/request/sbus_message.c:239:11: call_function: calling 'sbus_method_create_valist' from '_sbus_method_create'
#  180|       msg = dbus_message_new_method_call(bus, path, iface, method);
#  181|       if (msg == NULL) {
#  182|->         DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create message\n");
#  183|           return NULL;
#  184|       }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def433]
sssd-2.11.1/src/sbus/request/sbus_message.c:255:11: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/sbus/request/sbus_message.c:301:1: enter_function: entry to '_sbus_signal_create'
sssd-2.11.1/src/sbus/request/sbus_message.c:311:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/sbus/request/sbus_message.c:312:11: call_function: calling 'sbus_signal_create_valist' from '_sbus_signal_create'
#  253|       errno_t ret;
#  254|   
#  255|->     msg = dbus_message_new_signal(path, iface, signame);
#  256|       if (msg == NULL) {
#  257|           DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create message\n");

Error: GCC_ANALYZER_WARNING (CWE-404): [#def434]
sssd-2.11.1/src/sbus/request/sbus_message.c:257:9: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/sbus/request/sbus_message.c:301:1: enter_function: entry to '_sbus_signal_create'
sssd-2.11.1/src/sbus/request/sbus_message.c:311:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/sbus/request/sbus_message.c:312:11: call_function: calling 'sbus_signal_create_valist' from '_sbus_signal_create'
#  255|       msg = dbus_message_new_signal(path, iface, signame);
#  256|       if (msg == NULL) {
#  257|->         DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create message\n");
#  258|           return NULL;
#  259|       }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def435]
sssd-2.11.1/src/sbus/sbus_opath.c:213:17: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/sbus/sbus_opath.c:28:1: enter_function: entry to '_sbus_opath_compose'
sssd-2.11.1/src/sbus/sbus_opath.c:36:8: branch_false: following 'false' branch (when 'base' is non-NULL)...
sssd-2.11.1/src/sbus/sbus_opath.c:41:12: branch_false: ...to here
sssd-2.11.1/src/sbus/sbus_opath.c:42:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sbus/sbus_opath.c:46:5: branch_false: ...to here
sssd-2.11.1/src/sbus/sbus_opath.c:46:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/sbus/sbus_opath.c:47:12: branch_true: following 'true' branch (when 'part' is non-NULL)...
sssd-2.11.1/src/sbus/sbus_opath.c:48:21: branch_true: ...to here
sssd-2.11.1/src/sbus/sbus_opath.c:48:21: call_function: calling 'sbus_opath_escape' from '_sbus_opath_compose'
#  211|       }
#  212|   
#  213|->     safe_path = talloc_strdup(tmp_ctx, "");
#  214|       if (safe_path == NULL) {
#  215|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def436]
sssd-2.11.1/src/sbus/sbus_opath.c:221:21: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/sbus/sbus_opath.c:28:1: enter_function: entry to '_sbus_opath_compose'
sssd-2.11.1/src/sbus/sbus_opath.c:36:8: branch_false: following 'false' branch (when 'base' is non-NULL)...
sssd-2.11.1/src/sbus/sbus_opath.c:41:12: branch_false: ...to here
sssd-2.11.1/src/sbus/sbus_opath.c:42:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sbus/sbus_opath.c:46:5: branch_false: ...to here
sssd-2.11.1/src/sbus/sbus_opath.c:46:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/sbus/sbus_opath.c:47:12: branch_true: following 'true' branch (when 'part' is non-NULL)...
sssd-2.11.1/src/sbus/sbus_opath.c:48:21: branch_true: ...to here
sssd-2.11.1/src/sbus/sbus_opath.c:48:21: call_function: calling 'sbus_opath_escape' from '_sbus_opath_compose'
#  219|       if (strcmp(component, "") == 0) {
#  220|           /* the for loop would just fall through */
#  221|->         safe_path = talloc_asprintf_append_buffer(safe_path, "_");
#  222|           if (safe_path == NULL) {
#  223|               goto done;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def437]
sssd-2.11.1/src/sbus/sbus_opath.c:237:25: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/sbus/sbus_opath.c:28:1: enter_function: entry to '_sbus_opath_compose'
sssd-2.11.1/src/sbus/sbus_opath.c:36:8: branch_false: following 'false' branch (when 'base' is non-NULL)...
sssd-2.11.1/src/sbus/sbus_opath.c:41:12: branch_false: ...to here
sssd-2.11.1/src/sbus/sbus_opath.c:42:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sbus/sbus_opath.c:46:5: branch_false: ...to here
sssd-2.11.1/src/sbus/sbus_opath.c:46:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/sbus/sbus_opath.c:47:12: branch_true: following 'true' branch (when 'part' is non-NULL)...
sssd-2.11.1/src/sbus/sbus_opath.c:48:21: branch_true: ...to here
sssd-2.11.1/src/sbus/sbus_opath.c:48:21: call_function: calling 'sbus_opath_escape' from '_sbus_opath_compose'
#  235|                   || (c >= 'a' && c <= 'z')
#  236|                   || (c >= '0' && c <= '9')) {
#  237|->             safe_path = talloc_asprintf_append_buffer(safe_path, "%c", c);
#  238|               if (safe_path == NULL) {
#  239|                   goto done;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def438]
sssd-2.11.1/src/sbus/sbus_opath.c:242:25: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/sbus/sbus_opath.c:28:1: enter_function: entry to '_sbus_opath_compose'
sssd-2.11.1/src/sbus/sbus_opath.c:36:8: branch_false: following 'false' branch (when 'base' is non-NULL)...
sssd-2.11.1/src/sbus/sbus_opath.c:41:12: branch_false: ...to here
sssd-2.11.1/src/sbus/sbus_opath.c:42:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sbus/sbus_opath.c:46:5: branch_false: ...to here
sssd-2.11.1/src/sbus/sbus_opath.c:46:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/sbus/sbus_opath.c:47:12: branch_true: following 'true' branch (when 'part' is non-NULL)...
sssd-2.11.1/src/sbus/sbus_opath.c:48:21: branch_true: ...to here
sssd-2.11.1/src/sbus/sbus_opath.c:48:21: call_function: calling 'sbus_opath_escape' from '_sbus_opath_compose'
#  240|               }
#  241|           } else {
#  242|->             safe_path = talloc_asprintf_append_buffer(safe_path, "_%02x", c);
#  243|               if (safe_path == NULL) {
#  244|                   goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def439]
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:90:14: warning[-Wanalyzer-malloc-leak]: leak of 'data'
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:389:1: enter_function: entry to '_sss_getautomntbyname_r'
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:411:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:417:23: branch_false: ...to here
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:418:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:423:11: branch_false: ...to here
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:424:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:430:16: branch_false: ...to here
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:435:12: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:436:8: branch_false: following 'false' branch (when 'data' is non-NULL)...
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:441:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:452:11: call_function: calling 'sss_autofs_make_request' from '_sss_getautomntbyname_r'
#   88|       enum sss_status status;
#   89|   
#   90|->     status = sss_cli_make_request_with_checks(cmd, rd, SSS_CLI_SOCKET_TIMEOUT,
#   91|                                                 repbuf, replen, errnop,
#   92|                                                 SSS_AUTOFS_SOCKET_NAME, false, false);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def440]
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:90:14: warning[-Wanalyzer-malloc-leak]: leak of 'name'
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:102:1: enter_function: entry to '_sss_setautomntent'
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:114:8: branch_false: following 'false' branch (when 'mapname' is non-NULL)...
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:116:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:122:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:127:19: branch_false: ...to here
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:127:12: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:128:8: branch_false: following 'false' branch (when 'name' is non-NULL)...
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:132:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:137:11: call_function: calling 'sss_autofs_make_request' from '_sss_setautomntent'
#   88|       enum sss_status status;
#   89|   
#   90|->     status = sss_cli_make_request_with_checks(cmd, rd, SSS_CLI_SOCKET_TIMEOUT,
#   91|                                                 repbuf, replen, errnop,
#   92|                                                 SSS_AUTOFS_SOCKET_NAME, false, false);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def441]
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:90:14: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:389:1: enter_function: entry to ‘_sss_getautomntbyname_r’
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:411:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:417:23: branch_false: ...to here
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:418:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:423:11: branch_false: ...to here
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:424:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:430:16: branch_false: ...to here
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:435:12: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:436:8: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:441:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:452:11: call_function: calling ‘sss_autofs_make_request’ from ‘_sss_getautomntbyname_r’
#   88|       enum sss_status status;
#   89|   
#   90|->     status = sss_cli_make_request_with_checks(cmd, rd, SSS_CLI_SOCKET_TIMEOUT,
#   91|                                                 repbuf, replen, errnop,
#   92|                                                 SSS_AUTOFS_SOCKET_NAME, false, false);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def442]
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:90:14: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:102:1: enter_function: entry to ‘_sss_setautomntent’
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:114:8: branch_false: following ‘false’ branch (when ‘mapname’ is non-NULL)...
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:116:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:122:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:127:19: branch_false: ...to here
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:127:12: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:128:8: branch_false: following ‘false’ branch (when ‘name’ is non-NULL)...
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:132:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/autofs/sss_autofs.c:137:11: call_function: calling ‘sss_autofs_make_request’ from ‘_sss_setautomntent’
#   88|       enum sss_status status;
#   89|   
#   90|->     status = sss_cli_make_request_with_checks(cmd, rd, SSS_CLI_SOCKET_TIMEOUT,
#   91|                                                 repbuf, replen, errnop,
#   92|                                                 SSS_AUTOFS_SOCKET_NAME, false, false);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def443]
sssd-2.11.1/src/sss_client/common.c:89:9: warning[-Wanalyzer-malloc-leak]: leak of 'descriptor'
sssd-2.11.1/src/sss_client/common.c:723:24: enter_function: entry to 'sss_cli_check_socket'
sssd-2.11.1/src/sss_client/common.c:748:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/common.c:750:26: branch_true: ...to here
sssd-2.11.1/src/sss_client/common.c:750:26: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/common.c:751:12: branch_false: following 'false' branch (when 'descriptor' is non-NULL)...
sssd-2.11.1/src/sss_client/common.c:755:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:757:12: branch_false: following 'false' branch (when 'ret == 0')...
sssd-2.11.1/src/sss_client/common.c:764:18: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:764:18: call_function: calling 'sss_cli_sb_get' from 'sss_cli_check_socket'
sssd-2.11.1/src/sss_client/common.c:764:18: return_function: returning to 'sss_cli_check_socket' from 'sss_cli_sb_get'
sssd-2.11.1/src/sss_client/common.c:765:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/common.c:770:11: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:773:15: call_function: calling 'sss_cli_sd_get' from 'sss_cli_check_socket'
sssd-2.11.1/src/sss_client/common.c:773:15: return_function: returning to 'sss_cli_check_socket' from 'sss_cli_sd_get'
sssd-2.11.1/src/sss_client/common.c:774:12: branch_true: following 'true' branch (when 'ret == 0')...
sssd-2.11.1/src/sss_client/common.c:775:17: branch_true: ...to here
sssd-2.11.1/src/sss_client/common.c:775:16: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/common.c:776:17: branch_true: ...to here
sssd-2.11.1/src/sss_client/common.c:775:17: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/common.c:777:17: branch_true: ...to here
sssd-2.11.1/src/sss_client/common.c:775:17: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/common.c:778:17: branch_true: ...to here
sssd-2.11.1/src/sss_client/common.c:778:17: call_function: calling 'sss_cli_close_socket' from 'sss_cli_check_socket'
#   87|   
#   88|       if (sd != -1) {
#   89|->         close(sd);
#   90|           sss_cli_sd_set(-1);
#   91|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def444]
sssd-2.11.1/src/sss_client/common.c:89:9: warning[-Wanalyzer-malloc-leak]: leak of ‘descriptor’
sssd-2.11.1/src/sss_client/common.c:723:24: enter_function: entry to ‘sss_cli_check_socket’
sssd-2.11.1/src/sss_client/common.c:748:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/sss_client/common.c:750:26: branch_true: ...to here
sssd-2.11.1/src/sss_client/common.c:750:26: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/common.c:751:12: branch_false: following ‘false’ branch (when ‘descriptor’ is non-NULL)...
sssd-2.11.1/src/sss_client/common.c:755:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:757:12: branch_false: following ‘false’ branch (when ‘ret == 0’)...
sssd-2.11.1/src/sss_client/common.c:764:18: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:764:18: call_function: calling ‘sss_cli_sb_get’ from ‘sss_cli_check_socket’
sssd-2.11.1/src/sss_client/common.c:764:18: return_function: returning to ‘sss_cli_check_socket’ from ‘sss_cli_sb_get’
sssd-2.11.1/src/sss_client/common.c:765:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/common.c:770:11: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:773:15: call_function: calling ‘sss_cli_sd_get’ from ‘sss_cli_check_socket’
sssd-2.11.1/src/sss_client/common.c:773:15: return_function: returning to ‘sss_cli_check_socket’ from ‘sss_cli_sd_get’
sssd-2.11.1/src/sss_client/common.c:774:12: branch_true: following ‘true’ branch (when ‘ret == 0’)...
sssd-2.11.1/src/sss_client/common.c:775:17: branch_true: ...to here
sssd-2.11.1/src/sss_client/common.c:775:16: branch_true: following ‘true’ branch...
sssd-2.11.1/src/sss_client/common.c:776:17: branch_true: ...to here
sssd-2.11.1/src/sss_client/common.c:775:17: branch_true: following ‘true’ branch...
sssd-2.11.1/src/sss_client/common.c:777:17: branch_true: ...to here
sssd-2.11.1/src/sss_client/common.c:775:17: branch_true: following ‘true’ branch...
sssd-2.11.1/src/sss_client/common.c:778:17: branch_true: ...to here
sssd-2.11.1/src/sss_client/common.c:778:17: call_function: calling ‘sss_cli_close_socket’ from ‘sss_cli_check_socket’
#   87|   
#   88|       if (sd != -1) {
#   89|->         close(sd);
#   90|           sss_cli_sd_set(-1);
#   91|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def445]
sssd-2.11.1/src/sss_client/common.c:535:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'sd'
sssd-2.11.1/src/sss_client/common.c:723:24: enter_function: entry to 'sss_cli_check_socket'
sssd-2.11.1/src/sss_client/common.c:748:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/common.c:764:18: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:764:18: call_function: calling 'sss_cli_sb_get' from 'sss_cli_check_socket'
sssd-2.11.1/src/sss_client/common.c:764:18: return_function: returning to 'sss_cli_check_socket' from 'sss_cli_sb_get'
sssd-2.11.1/src/sss_client/common.c:765:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/common.c:770:11: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:787:9: call_function: calling 'sss_cli_sd_get' from 'sss_cli_check_socket'
sssd-2.11.1/src/sss_client/common.c:787:9: return_function: returning to 'sss_cli_check_socket' from 'sss_cli_sd_get'
sssd-2.11.1/src/sss_client/common.c:797:9: call_function: calling 'sss_cli_sd_get' from 'sss_cli_check_socket'
sssd-2.11.1/src/sss_client/common.c:797:9: return_function: returning to 'sss_cli_check_socket' from 'sss_cli_sd_get'
sssd-2.11.1/src/sss_client/common.c:845:12: call_function: calling 'sss_cli_open_socket' from 'sss_cli_check_socket'
#  533|       if (fd >= 0 && fd <= 2) {
#  534|   #ifdef F_DUPFD
#  535|->         if ((new_fd = fcntl(fd, F_DUPFD, 3)) == -1) {
#  536|               return -1;
#  537|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def446]
sssd-2.11.1/src/sss_client/common.c:535:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sd’
sssd-2.11.1/src/sss_client/common.c:723:24: enter_function: entry to ‘sss_cli_check_socket’
sssd-2.11.1/src/sss_client/common.c:748:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/common.c:764:18: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:764:18: call_function: calling ‘sss_cli_sb_get’ from ‘sss_cli_check_socket’
sssd-2.11.1/src/sss_client/common.c:764:18: return_function: returning to ‘sss_cli_check_socket’ from ‘sss_cli_sb_get’
sssd-2.11.1/src/sss_client/common.c:765:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/common.c:770:11: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:787:9: call_function: calling ‘sss_cli_sd_get’ from ‘sss_cli_check_socket’
sssd-2.11.1/src/sss_client/common.c:787:9: return_function: returning to ‘sss_cli_check_socket’ from ‘sss_cli_sd_get’
sssd-2.11.1/src/sss_client/common.c:797:9: call_function: calling ‘sss_cli_sd_get’ from ‘sss_cli_check_socket’
sssd-2.11.1/src/sss_client/common.c:797:9: return_function: returning to ‘sss_cli_check_socket’ from ‘sss_cli_sd_get’
sssd-2.11.1/src/sss_client/common.c:845:12: call_function: calling ‘sss_cli_open_socket’ from ‘sss_cli_check_socket’
#  533|       if (fd >= 0 && fd <= 2) {
#  534|   #ifdef F_DUPFD
#  535|->         if ((new_fd = fcntl(fd, F_DUPFD, 3)) == -1) {
#  536|               return -1;
#  537|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def447]
sssd-2.11.1/src/sss_client/common.c:591:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'sd'
sssd-2.11.1/src/sss_client/common.c:723:24: enter_function: entry to 'sss_cli_check_socket'
sssd-2.11.1/src/sss_client/common.c:748:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/common.c:764:18: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:764:18: call_function: calling 'sss_cli_sb_get' from 'sss_cli_check_socket'
sssd-2.11.1/src/sss_client/common.c:764:18: return_function: returning to 'sss_cli_check_socket' from 'sss_cli_sb_get'
sssd-2.11.1/src/sss_client/common.c:765:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/common.c:770:11: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:787:9: call_function: calling 'sss_cli_sd_get' from 'sss_cli_check_socket'
sssd-2.11.1/src/sss_client/common.c:787:9: return_function: returning to 'sss_cli_check_socket' from 'sss_cli_sd_get'
sssd-2.11.1/src/sss_client/common.c:797:9: call_function: calling 'sss_cli_sd_get' from 'sss_cli_check_socket'
sssd-2.11.1/src/sss_client/common.c:797:9: return_function: returning to 'sss_cli_check_socket' from 'sss_cli_sd_get'
sssd-2.11.1/src/sss_client/common.c:845:12: call_function: calling 'sss_cli_open_socket' from 'sss_cli_check_socket'
#  589|   #endif
#  590|   
#  591|->     if ((flags = fcntl(new_fd, F_GETFL)) == -1) {
#  592|           close(new_fd);
#  593|           return -1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def448]
sssd-2.11.1/src/sss_client/common.c:591:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sd’
sssd-2.11.1/src/sss_client/common.c:723:24: enter_function: entry to ‘sss_cli_check_socket’
sssd-2.11.1/src/sss_client/common.c:748:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/common.c:764:18: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:764:18: call_function: calling ‘sss_cli_sb_get’ from ‘sss_cli_check_socket’
sssd-2.11.1/src/sss_client/common.c:764:18: return_function: returning to ‘sss_cli_check_socket’ from ‘sss_cli_sb_get’
sssd-2.11.1/src/sss_client/common.c:765:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/common.c:770:11: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:787:9: call_function: calling ‘sss_cli_sd_get’ from ‘sss_cli_check_socket’
sssd-2.11.1/src/sss_client/common.c:787:9: return_function: returning to ‘sss_cli_check_socket’ from ‘sss_cli_sd_get’
sssd-2.11.1/src/sss_client/common.c:797:9: call_function: calling ‘sss_cli_sd_get’ from ‘sss_cli_check_socket’
sssd-2.11.1/src/sss_client/common.c:797:9: return_function: returning to ‘sss_cli_check_socket’ from ‘sss_cli_sd_get’
sssd-2.11.1/src/sss_client/common.c:845:12: call_function: calling ‘sss_cli_open_socket’ from ‘sss_cli_check_socket’
#  589|   #endif
#  590|   
#  591|->     if ((flags = fcntl(new_fd, F_GETFL)) == -1) {
#  592|           close(new_fd);
#  593|           return -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def449]
sssd-2.11.1/src/sss_client/common.c:767:16: warning[-Wanalyzer-malloc-leak]: leak of 'descriptor'
sssd-2.11.1/src/sss_client/common.c:748:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/common.c:750:26: branch_true: ...to here
sssd-2.11.1/src/sss_client/common.c:750:26: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/common.c:751:12: branch_false: following 'false' branch (when 'descriptor' is non-NULL)...
sssd-2.11.1/src/sss_client/common.c:755:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:757:12: branch_false: following 'false' branch (when 'ret == 0')...
sssd-2.11.1/src/sss_client/common.c:764:18: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:765:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/common.c:766:9: branch_true: ...to here
sssd-2.11.1/src/sss_client/common.c:767:16: danger: 'descriptor' leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  765|       if (sss_cli_sb == NULL) {
#  766|           *errnop = EFAULT;
#  767|->         return SSS_STATUS_UNAVAIL;
#  768|       }
#  769|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def450]
sssd-2.11.1/src/sss_client/common.c:767:16: warning[-Wanalyzer-malloc-leak]: leak of ‘descriptor’
sssd-2.11.1/src/sss_client/common.c:748:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/sss_client/common.c:750:26: branch_true: ...to here
sssd-2.11.1/src/sss_client/common.c:750:26: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/common.c:751:12: branch_false: following ‘false’ branch (when ‘descriptor’ is non-NULL)...
sssd-2.11.1/src/sss_client/common.c:755:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:757:12: branch_false: following ‘false’ branch (when ‘ret == 0’)...
sssd-2.11.1/src/sss_client/common.c:764:18: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:765:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/sss_client/common.c:766:9: branch_true: ...to here
sssd-2.11.1/src/sss_client/common.c:767:16: danger: ‘descriptor’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  765|       if (sss_cli_sb == NULL) {
#  766|           *errnop = EFAULT;
#  767|->         return SSS_STATUS_UNAVAIL;
#  768|       }
#  769|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def451]
sssd-2.11.1/src/sss_client/common.c:807:19: warning[-Wanalyzer-malloc-leak]: leak of 'descriptor'
sssd-2.11.1/src/sss_client/common.c:723:24: enter_function: entry to 'sss_cli_check_socket'
sssd-2.11.1/src/sss_client/common.c:748:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/common.c:750:26: branch_true: ...to here
sssd-2.11.1/src/sss_client/common.c:750:26: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/common.c:751:12: branch_false: following 'false' branch (when 'descriptor' is non-NULL)...
sssd-2.11.1/src/sss_client/common.c:755:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:757:12: branch_false: following 'false' branch (when 'ret == 0')...
sssd-2.11.1/src/sss_client/common.c:764:18: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:764:18: call_function: calling 'sss_cli_sb_get' from 'sss_cli_check_socket'
sssd-2.11.1/src/sss_client/common.c:764:18: return_function: returning to 'sss_cli_check_socket' from 'sss_cli_sb_get'
sssd-2.11.1/src/sss_client/common.c:765:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/common.c:770:11: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:787:9: call_function: calling 'sss_cli_sd_get' from 'sss_cli_check_socket'
sssd-2.11.1/src/sss_client/common.c:787:9: return_function: returning to 'sss_cli_check_socket' from 'sss_cli_sd_get'
sssd-2.11.1/src/sss_client/common.c:797:9: call_function: calling 'sss_cli_sd_get' from 'sss_cli_check_socket'
sssd-2.11.1/src/sss_client/common.c:797:9: return_function: returning to 'sss_cli_check_socket' from 'sss_cli_sd_get'
sssd-2.11.1/src/sss_client/common.c:797:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/common.c:801:9: branch_true: ...to here
sssd-2.11.1/src/sss_client/common.c:802:18: call_function: calling 'sss_cli_sd_get' from 'sss_cli_check_socket'
sssd-2.11.1/src/sss_client/common.c:802:18: return_function: returning to 'sss_cli_check_socket' from 'sss_cli_sd_get'
sssd-2.11.1/src/sss_client/common.c:807:19: throw: if 'poll' throws an exception...
sssd-2.11.1/src/sss_client/common.c:807:19: danger: 'descriptor' leaks here; was allocated at [(4)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/3)
#  805|           do {
#  806|               errno = 0;
#  807|->             res = poll(&pfd, 1, timeout);
#  808|               error = errno;
#  809|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def452]
sssd-2.11.1/src/sss_client/common.c:807:19: warning[-Wanalyzer-malloc-leak]: leak of ‘descriptor’
sssd-2.11.1/src/sss_client/common.c:723:24: enter_function: entry to ‘sss_cli_check_socket’
sssd-2.11.1/src/sss_client/common.c:748:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/sss_client/common.c:750:26: branch_true: ...to here
sssd-2.11.1/src/sss_client/common.c:750:26: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/common.c:751:12: branch_false: following ‘false’ branch (when ‘descriptor’ is non-NULL)...
sssd-2.11.1/src/sss_client/common.c:755:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:757:12: branch_false: following ‘false’ branch (when ‘ret == 0’)...
sssd-2.11.1/src/sss_client/common.c:764:18: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:764:18: call_function: calling ‘sss_cli_sb_get’ from ‘sss_cli_check_socket’
sssd-2.11.1/src/sss_client/common.c:764:18: return_function: returning to ‘sss_cli_check_socket’ from ‘sss_cli_sb_get’
sssd-2.11.1/src/sss_client/common.c:765:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/common.c:770:11: branch_false: ...to here
sssd-2.11.1/src/sss_client/common.c:787:9: call_function: calling ‘sss_cli_sd_get’ from ‘sss_cli_check_socket’
sssd-2.11.1/src/sss_client/common.c:787:9: return_function: returning to ‘sss_cli_check_socket’ from ‘sss_cli_sd_get’
sssd-2.11.1/src/sss_client/common.c:797:9: call_function: calling ‘sss_cli_sd_get’ from ‘sss_cli_check_socket’
sssd-2.11.1/src/sss_client/common.c:797:9: return_function: returning to ‘sss_cli_check_socket’ from ‘sss_cli_sd_get’
sssd-2.11.1/src/sss_client/common.c:797:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/sss_client/common.c:801:9: branch_true: ...to here
sssd-2.11.1/src/sss_client/common.c:802:18: call_function: calling ‘sss_cli_sd_get’ from ‘sss_cli_check_socket’
sssd-2.11.1/src/sss_client/common.c:802:18: return_function: returning to ‘sss_cli_check_socket’ from ‘sss_cli_sd_get’
sssd-2.11.1/src/sss_client/common.c:807:19: throw: if ‘poll’ throws an exception...
sssd-2.11.1/src/sss_client/common.c:807:19: danger: ‘descriptor’ leaks here; was allocated at [(4)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/3)
#  805|           do {
#  806|               errno = 0;
#  807|->             res = poll(&pfd, 1, timeout);
#  808|               error = errno;
#  809|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def453]
sssd-2.11.1/src/sss_client/idmap/sss_nss_idmap.c:405:5: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
sssd-2.11.1/src/sss_client/idmap/sss_nss_idmap.c:721:5: enter_function: entry to 'sss_nss_getlistbycert_timeout'
sssd-2.11.1/src/sss_client/idmap/sss_nss_idmap.c:734:11: call_function: calling 'sss_nss_getyyybyxxx' from 'sss_nss_getlistbycert_timeout'
#  403|   
#  404|   done:
#  405|->     sss_nss_unlock();
#  406|       free(repbuf);
#  407|       if (ret != EOK) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def454]
sssd-2.11.1/src/sss_client/idmap/sss_nss_idmap.c:405:5: warning[-Wanalyzer-malloc-leak]: leak of 'out.d.names'
sssd-2.11.1/src/sss_client/idmap/sss_nss_idmap.c:721:5: enter_function: entry to 'sss_nss_getlistbycert_timeout'
sssd-2.11.1/src/sss_client/idmap/sss_nss_idmap.c:734:11: call_function: calling 'sss_nss_getyyybyxxx' from 'sss_nss_getlistbycert_timeout'
#  403|   
#  404|   done:
#  405|->     sss_nss_unlock();
#  406|       free(repbuf);
#  407|       if (ret != EOK) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def455]
sssd-2.11.1/src/sss_client/idmap/sss_nss_idmap.c:405:5: warning[-Wanalyzer-malloc-leak]: leak of 'out.d.str'
sssd-2.11.1/src/sss_client/idmap/sss_nss_idmap.c:693:5: enter_function: entry to 'sss_nss_getnamebycert_timeout'
sssd-2.11.1/src/sss_client/idmap/sss_nss_idmap.c:706:11: call_function: calling 'sss_nss_getyyybyxxx' from 'sss_nss_getnamebycert_timeout'
#  403|   
#  404|   done:
#  405|->     sss_nss_unlock();
#  406|       free(repbuf);
#  407|       if (ret != EOK) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def456]
sssd-2.11.1/src/sss_client/idmap/sss_nss_idmap.c:405:5: warning[-Wanalyzer-malloc-leak]: leak of 'out.types'
sssd-2.11.1/src/sss_client/idmap/sss_nss_idmap.c:721:5: enter_function: entry to 'sss_nss_getlistbycert_timeout'
sssd-2.11.1/src/sss_client/idmap/sss_nss_idmap.c:734:11: call_function: calling 'sss_nss_getyyybyxxx' from 'sss_nss_getlistbycert_timeout'
#  403|   
#  404|   done:
#  405|->     sss_nss_unlock();
#  406|       free(repbuf);
#  407|       if (ret != EOK) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def457]
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:98:14: warning[-Wanalyzer-malloc-leak]: leak of 'p'
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:81:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:85:10: branch_true: ...to here
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:86:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:86:8: branch_false: ...to here
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:93:12: branch_false: following 'false' branch (when 'p' is non-NULL)...
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:98:14: branch_false: ...to here
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:98:14: throw: if 'sss_nss_mc_getpwnam' throws an exception...
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:98:14: danger: 'p' leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#   96|           }
#   97|           buf = p;
#   98|->         rc = sss_nss_mc_getpwnam(name, len, &pwd, buf, buflen);
#   99|       } while (rc == ERANGE);
#  100|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def458]
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:139:14: warning[-Wanalyzer-malloc-leak]: leak of 'p'
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:122:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:126:10: branch_true: ...to here
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:127:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:127:8: branch_false: ...to here
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:134:12: branch_false: following 'false' branch (when 'p' is non-NULL)...
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:139:14: branch_false: ...to here
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:139:14: throw: if 'sss_nss_mc_getgrnam' throws an exception...
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:139:14: danger: 'p' leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  137|           }
#  138|           buf = p;
#  139|->         rc = sss_nss_mc_getgrnam(name, len, &grp, buf, buflen);
#  140|       } while (rc == ERANGE);
#  141|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def459]
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:174:14: warning[-Wanalyzer-malloc-leak]: leak of 'p'
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:163:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:163:8: branch_true: ...to here
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:169:12: branch_false: following 'false' branch (when 'p' is non-NULL)...
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:174:14: branch_false: ...to here
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:174:14: throw: if 'sss_nss_mc_getpwuid' throws an exception...
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:174:14: danger: 'p' leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  172|           }
#  173|           buf = p;
#  174|->         rc = sss_nss_mc_getpwuid(uid, &pwd, buf, buflen);
#  175|       } while (rc == ERANGE);
#  176|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def460]
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:215:14: warning[-Wanalyzer-malloc-leak]: leak of 'p'
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:204:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:204:8: branch_true: ...to here
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:210:12: branch_false: following 'false' branch (when 'p' is non-NULL)...
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:215:14: branch_false: ...to here
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:215:14: throw: if 'sss_nss_mc_getgrgid' throws an exception...
sssd-2.11.1/src/sss_client/nfs/sss_nfs_client.c:215:14: danger: 'p' leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  213|           }
#  214|           buf = p;
#  215|->         rc = sss_nss_mc_getgrgid(gid, &grp, buf, buflen);
#  216|       } while (rc == ERANGE);
#  217|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def461]
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:343:5: warning[-Wanalyzer-malloc-leak]: leak of 'data'
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:279:1: enter_function: entry to '_nss_sss_getnetbyaddr_r'
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:309:8: branch_false: following 'false' branch (when 'type == 2')...
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:316:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:316:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:325:12: branch_false: ...to here
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:325:12: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:326:8: branch_false: following 'false' branch (when 'data' is non-NULL)...
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:332:5: call_function: inlined call to 'safealign_memcpy' from '_nss_sss_getnetbyaddr_r'
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:343:5: throw: if 'sss_nss_lock' throws an exception...
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:343:5: danger: 'data' leaks here; was allocated at [(6)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/5)
#  341|       rd.len = data_len;
#  342|   
#  343|->     sss_nss_lock();
#  344|   
#  345|       nret = sss_nss_make_request(SSS_NSS_GETNETBYADDR, &rd,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def462]
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:345:12: warning[-Wanalyzer-malloc-leak]: leak of 'data'
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:279:1: enter_function: entry to '_nss_sss_getnetbyaddr_r'
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:309:8: branch_false: following 'false' branch (when 'type == 2')...
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:316:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:316:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:325:12: branch_false: ...to here
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:325:12: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:326:8: branch_false: following 'false' branch (when 'data' is non-NULL)...
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:332:5: call_function: inlined call to 'safealign_memcpy' from '_nss_sss_getnetbyaddr_r'
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:345:12: throw: if 'sss_nss_make_request' throws an exception...
sssd-2.11.1/src/sss_client/nss_ipnetworks.c:345:12: danger: 'data' leaks here; was allocated at [(6)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/5)
#  343|       sss_nss_lock();
#  344|   
#  345|->     nret = sss_nss_make_request(SSS_NSS_GETNETBYADDR, &rd,
#  346|                                   &repbuf, &replen, errnop);
#  347|       free(data);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def463]
sssd-2.11.1/src/sss_client/nss_mc_common.c:353:9: warning[-Wanalyzer-null-argument]: use of NULL 'copy_rec' where non-null expected
sssd-2.11.1/src/sss_client/nss_mc_common.c:322:21: branch_true: following 'true' branch (when 'count != 0')...
sssd-2.11.1/src/sss_client/nss_mc_common.c:323:15: branch_true: ...to here
sssd-2.11.1/src/sss_client/nss_mc_common.c:331:12: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/nss_mc_common.c:336:12: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/nss_mc_common.c:342:12: branch_false: following 'false' branch (when 'buf_size >= rec_len')...
sssd-2.11.1/src/sss_client/nss_mc_common.c:353:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/nss_mc_common.c:353:9: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/nss_mc_common.c:353:9: branch_true: ...to here
sssd-2.11.1/src/sss_client/nss_mc_common.c:353:9: danger: argument 1 ('copy_rec') NULL where non-null expected
#  351|           /* we cannot access data directly, we must copy data and then
#  352|            * access the copy */
#  353|->         MEMCPY_WITH_BARRIERS(copy_ok, copy_rec, rec, rec_len);
#  354|   
#  355|           /* we must check data is consistent again after the copy */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def464]
sssd-2.11.1/src/sss_client/nss_netgroup.c:194:12: warning[-Wanalyzer-malloc-leak]: leak of 'name'
sssd-2.11.1/src/sss_client/nss_netgroup.c:171:8: branch_false: following 'false' branch (when 'netgroup' is non-NULL)...
sssd-2.11.1/src/sss_client/nss_netgroup.c:173:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/nss_netgroup.c:179:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/nss_netgroup.c:184:19: branch_false: ...to here
sssd-2.11.1/src/sss_client/nss_netgroup.c:184:12: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/nss_netgroup.c:185:8: branch_false: following 'false' branch (when 'name' is non-NULL)...
sssd-2.11.1/src/sss_client/nss_netgroup.c:189:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/nss_netgroup.c:194:12: throw: if 'sss_nss_make_request' throws an exception...
sssd-2.11.1/src/sss_client/nss_netgroup.c:194:12: danger: 'name' leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  192|       rd.len = name_len + 1;
#  193|   
#  194|->     nret = sss_nss_make_request(SSS_NSS_SETNETGRENT, &rd,
#  195|                                   &repbuf, &replen, &errnop);
#  196|       free(name);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def465]
sssd-2.11.1/src/sss_client/nss_services.c:329:5: warning[-Wanalyzer-malloc-leak]: leak of 'data'
sssd-2.11.1/src/sss_client/nss_services.c:290:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/nss_services.c:295:8: branch_false: ...to here
sssd-2.11.1/src/sss_client/nss_services.c:295:8: branch_false: following 'false' branch (when 'port != 0')...
sssd-2.11.1/src/sss_client/nss_services.c:300:8: branch_false: ...to here
sssd-2.11.1/src/sss_client/nss_services.c:309:12: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/nss_services.c:310:8: branch_false: following 'false' branch (when 'data' is non-NULL)...
sssd-2.11.1/src/sss_client/nss_services.c:315:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/nss_services.c:321:8: branch_false: following 'false' branch (when 'protocol' is NULL)...
sssd-2.11.1/src/sss_client/nss_services.c:325:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/nss_services.c:329:5: throw: if 'sss_nss_lock' throws an exception...
sssd-2.11.1/src/sss_client/nss_services.c:329:5: danger: 'data' leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  327|       rd.data = data;
#  328|   
#  329|->     sss_nss_lock();
#  330|   
#  331|       nret = sss_nss_make_request(SSS_NSS_GETSERVBYPORT, &rd,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def466]
sssd-2.11.1/src/sss_client/nss_services.c:331:12: warning[-Wanalyzer-malloc-leak]: leak of 'data'
sssd-2.11.1/src/sss_client/nss_services.c:290:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/nss_services.c:295:8: branch_false: ...to here
sssd-2.11.1/src/sss_client/nss_services.c:295:8: branch_false: following 'false' branch (when 'port != 0')...
sssd-2.11.1/src/sss_client/nss_services.c:300:8: branch_false: ...to here
sssd-2.11.1/src/sss_client/nss_services.c:309:12: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/nss_services.c:310:8: branch_false: following 'false' branch (when 'data' is non-NULL)...
sssd-2.11.1/src/sss_client/nss_services.c:315:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/nss_services.c:321:8: branch_false: following 'false' branch (when 'protocol' is NULL)...
sssd-2.11.1/src/sss_client/nss_services.c:325:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/nss_services.c:331:12: throw: if 'sss_nss_make_request' throws an exception...
sssd-2.11.1/src/sss_client/nss_services.c:331:12: danger: 'data' leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  329|       sss_nss_lock();
#  330|   
#  331|->     nret = sss_nss_make_request(SSS_NSS_GETSERVBYPORT, &rd,
#  332|                                   &repbuf, &replen, errnop);
#  333|       free(data);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def467]
sssd-2.11.1/src/sss_client/pam_sss.c:104:5: warning[-Wanalyzer-malloc-leak]: leak of 'answer'
sssd-2.11.1/src/sss_client/pam_sss.c:2749:12: enter_function: entry to 'get_authtok_for_password_change'
sssd-2.11.1/src/sss_client/pam_sss.c:2761:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2820:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2820:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2821:13: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2822:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2826:17: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2841:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2850:15: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2850:15: call_function: calling 'prompt_new_password' from 'get_authtok_for_password_change'
#  102|   #endif
#  103|   
#  104|->     pam_vsyslog(pamh, LOG_AUTHPRIV|level, fmt, ap);
#  105|   
#  106|       va_end(ap);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def468]
sssd-2.11.1/src/sss_client/pam_sss.c:104:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/sss_client/pam_sss.c:363:16: enter_function: entry to 'display_pw_reset_message'
sssd-2.11.1/src/sss_client/pam_sss.c:384:8: branch_false: following 'false' branch (when 'filename' is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss.c:389:11: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:391:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:398:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:404:11: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:405:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/sss_client/pam_sss.c:411:10: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:411:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:412:9: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:412:9: call_function: calling 'logger' from 'display_pw_reset_message'
#  102|   #endif
#  103|   
#  104|->     pam_vsyslog(pamh, LOG_AUTHPRIV|level, fmt, ap);
#  105|   
#  106|       va_end(ap);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def469]
sssd-2.11.1/src/sss_client/pam_sss.c:289:13: warning[-Wanalyzer-malloc-leak]: leak of 'answer'
sssd-2.11.1/src/sss_client/pam_sss.c:2749:12: enter_function: entry to 'get_authtok_for_password_change'
sssd-2.11.1/src/sss_client/pam_sss.c:2761:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2820:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2820:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2821:13: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2822:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2826:17: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2841:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2850:15: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2850:15: call_function: calling 'prompt_new_password' from 'get_authtok_for_password_change'
#  287|           mesg[0] = (const struct pam_message *) pam_msg;
#  288|   
#  289|->         ret=conv->conv(1, mesg, &resp,
#  290|                          conv->appdata_ptr);
#  291|           free(pam_msg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def470]
sssd-2.11.1/src/sss_client/pam_sss.c:289:13: warning[-Wanalyzer-malloc-leak]: leak of 'pam_msg'
sssd-2.11.1/src/sss_client/pam_sss.c:2551:12: enter_function: entry to 'get_authtok_for_authentication'
sssd-2.11.1/src/sss_client/pam_sss.c:2558:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2559:18: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2570:12: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2572:19: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2572:19: call_function: calling 'prompt_oauth2' from 'get_authtok_for_authentication'
#  287|           mesg[0] = (const struct pam_message *) pam_msg;
#  288|   
#  289|->         ret=conv->conv(1, mesg, &resp,
#  290|                          conv->appdata_ptr);
#  291|           free(pam_msg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def471]
sssd-2.11.1/src/sss_client/pam_sss.c:308:21: warning[-Wanalyzer-malloc-leak]: leak of 'answer'
sssd-2.11.1/src/sss_client/pam_sss.c:2749:12: enter_function: entry to 'get_authtok_for_password_change'
sssd-2.11.1/src/sss_client/pam_sss.c:2761:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2820:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2820:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2821:13: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2822:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2826:17: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2841:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2850:15: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2850:15: call_function: calling 'prompt_new_password' from 'get_authtok_for_password_change'
#  306|                   if (null_strcmp(answer, resp[0].resp) != 0) {
#  307|                       logger(pamh, LOG_NOTICE, "Passwords do not match.");
#  308|->                     sss_erase_mem_securely((void *)resp[0].resp, strlen(resp[0].resp));
#  309|                       free(resp[0].resp);
#  310|                       if (answer != NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def472]
sssd-2.11.1/src/sss_client/pam_sss.c:311:25: warning[-Wanalyzer-malloc-leak]: leak of 'answer'
sssd-2.11.1/src/sss_client/pam_sss.c:2749:12: enter_function: entry to 'get_authtok_for_password_change'
sssd-2.11.1/src/sss_client/pam_sss.c:2761:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2820:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2820:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2821:13: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2822:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2826:17: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2841:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2850:15: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2850:15: call_function: calling 'prompt_new_password' from 'get_authtok_for_password_change'
#  309|                       free(resp[0].resp);
#  310|                       if (answer != NULL) {
#  311|->                         sss_erase_mem_securely((void *) answer, strlen(answer));
#  312|                           free(answer);
#  313|                           answer = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def473]
sssd-2.11.1/src/sss_client/pam_sss.c:326:17: warning[-Wanalyzer-malloc-leak]: leak of 'answer'
sssd-2.11.1/src/sss_client/pam_sss.c:2749:12: enter_function: entry to 'get_authtok_for_password_change'
sssd-2.11.1/src/sss_client/pam_sss.c:2761:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2820:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2820:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2821:13: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2822:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2826:17: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2841:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2850:15: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2850:15: call_function: calling 'prompt_new_password' from 'get_authtok_for_password_change'
#  324|                       goto failed;
#  325|                   }
#  326|->                 sss_erase_mem_securely((void *)resp[0].resp, strlen(resp[0].resp));
#  327|                   free(resp[0].resp);
#  328|               } else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def474]
sssd-2.11.1/src/sss_client/pam_sss.c:334:21: warning[-Wanalyzer-malloc-leak]: leak of 'answer'
sssd-2.11.1/src/sss_client/pam_sss.c:2551:12: enter_function: entry to 'get_authtok_for_authentication'
sssd-2.11.1/src/sss_client/pam_sss.c:2558:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2559:18: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2570:12: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2572:19: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2572:19: call_function: calling 'prompt_oauth2' from 'get_authtok_for_authentication'
#  332|                   } else {
#  333|                       answer = strndup(resp[0].resp, MAX_AUTHTOK_SIZE);
#  334|->                     sss_erase_mem_securely((void *)resp[0].resp, strlen(resp[0].resp));
#  335|                       free(resp[0].resp);
#  336|                       if(answer == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def475]
sssd-2.11.1/src/sss_client/pam_sss.c:441:17: warning[-Wanalyzer-malloc-leak]: leak of 'msg_buf'
sssd-2.11.1/src/sss_client/pam_sss.c:384:8: branch_false: following 'false' branch (when 'filename' is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss.c:389:11: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:391:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:398:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:404:11: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:405:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/sss_client/pam_sss.c:411:10: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:411:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:418:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:418:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:427:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:433:22: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:433:15: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/pam_sss.c:434:8: branch_false: following 'false' branch (when 'msg_buf' is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss.c:440:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:441:17: throw: if 'sss_atomic_io_s' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss.c:441:17: danger: 'msg_buf' leaks here; was allocated at [(15)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/14)
#  439|   
#  440|       errno = 0;
#  441|->     total_len = sss_atomic_read_s(fd, msg_buf, stat_buf.st_size);
#  442|       if (total_len == -1) {
#  443|           ret = errno;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def476]
sssd-2.11.1/src/sss_client/pam_sss.c:1646:9: warning[-Wanalyzer-malloc-leak]: leak of 'answer'
sssd-2.11.1/src/sss_client/pam_sss.c:2749:12: enter_function: entry to 'get_authtok_for_password_change'
sssd-2.11.1/src/sss_client/pam_sss.c:2761:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2762:14: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2765:12: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2766:21: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2777:19: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2794:45: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2794:19: call_function: calling 'prompt_password' from 'get_authtok_for_password_change'
# 1644|       } else {
# 1645|           pi->pam_authtok = strdup(answer);
# 1646|->         sss_erase_mem_securely((void *)answer, strlen(answer));
# 1647|           free(answer);
# 1648|           answer=NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def477]
sssd-2.11.1/src/sss_client/pam_sss.c:2708:18: warning[-Wanalyzer-malloc-leak]: leak of 'authtok_type'
sssd-2.11.1/src/sss_client/pam_sss.c:2701:20: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/pam_sss.c:2702:8: branch_false: following 'false' branch (when 'authtok_type' is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss.c:2706:21: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2708:18: throw: if 'pam_set_data' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss.c:2708:18: danger: 'authtok_type' leaks here; was allocated at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
# 2706|       *authtok_type = pi->pam_authtok_type;
# 2707|   
# 2708|->     pam_status = pam_set_data(pamh, PAM_SSS_AUTHOK_TYPE, authtok_type,
# 2709|                                 free_exp_data);
# 2710|       if (pam_status != PAM_SUCCESS) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def478]
sssd-2.11.1/src/sss_client/pam_sss.c:2723:18: warning[-Wanalyzer-malloc-leak]: leak of 'authtok_size'
sssd-2.11.1/src/sss_client/pam_sss.c:2702:8: branch_false: following 'false' branch (when 'authtok_type' is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss.c:2706:21: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2710:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2716:20: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2716:20: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/pam_sss.c:2717:8: branch_false: following 'false' branch (when 'authtok_size' is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss.c:2721:21: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2723:18: throw: if 'pam_set_data' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss.c:2723:18: danger: 'authtok_size' leaks here; was allocated at [(5)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/4)
# 2721|       *authtok_size = pi->pam_authtok_size;
# 2722|   
# 2723|->     pam_status = pam_set_data(pamh, PAM_SSS_AUTHOK_SIZE, authtok_size,
# 2724|                                 free_exp_data);
# 2725|       if (pam_status != PAM_SUCCESS) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def479]
sssd-2.11.1/src/sss_client/pam_sss.c:2738:18: warning[-Wanalyzer-malloc-leak]: leak of 'authtok_data'
sssd-2.11.1/src/sss_client/pam_sss.c:2702:8: branch_false: following 'false' branch (when 'authtok_type' is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss.c:2706:21: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2710:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2716:20: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2717:8: branch_false: following 'false' branch (when 'authtok_size' is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss.c:2721:21: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2725:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss.c:2731:20: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2731:20: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/pam_sss.c:2732:8: branch_false: following 'false' branch (when 'authtok_data' is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss.c:2736:26: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss.c:2738:18: throw: if 'pam_set_data' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss.c:2738:18: danger: 'authtok_data' leaks here; was allocated at [(9)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/8)
# 2736|       memcpy(authtok_data, pi->pam_authtok, pi->pam_authtok_size);
# 2737|   
# 2738|->     pam_status = pam_set_data(pamh, PAM_SSS_AUTHOK_DATA, authtok_data,
# 2739|                                 free_exp_data);
# 2740|       if (pam_status != PAM_SUCCESS) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def480]
sssd-2.11.1/src/sss_client/pam_sss_gss.c:79:11: warning[-Wanalyzer-malloc-leak]: leak of 'ccache'
/usr/include/security/pam_modules.h:34:5: enter_function: entry to 'pam_sm_authenticate'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:533:11: call_function: calling 'sss_cli_getenv' from 'pam_sm_authenticate'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:533:11: return_function: returning to 'pam_sm_authenticate' from 'sss_cli_getenv'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:534:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:539:11: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:543:19: call_function: calling 'get_item_as_string' from 'pam_sm_authenticate'
#   77|       int ret;
#   78|   
#   79|->     ret = pam_get_item(pamh, item, (void *)&str);
#   80|       if (ret != PAM_SUCCESS || str == NULL || str[0] == '\0') {
#   81|           return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def481]
sssd-2.11.1/src/sss_client/pam_sss_gss.c:224:11: warning[-Wanalyzer-malloc-leak]: leak of 'data'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:206:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:210:19: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:214:22: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:215:8: branch_false: following 'false' branch (when 'data' is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:219:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:224:11: throw: if 'sss_pam_make_request' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:224:11: danger: 'data' leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  222|       req_data.data = data;
#  223|   
#  224|->     ret = sss_pam_make_request(SSS_GSSAPI_INIT, &req_data, &reply, &reply_len,
#  225|                                  &ret_errno);
#  226|       free(data);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def482]
sssd-2.11.1/src/sss_client/pam_sss_gss.c:281:11: warning[-Wanalyzer-malloc-leak]: leak of 'domain'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:270:14: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:281:11: throw: if 'sss_readrep_copy_string' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:281:11: danger: 'domain' leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  279|   
#  280|       dlen = reply_len;
#  281|->     ret = sss_readrep_copy_string(buf, &pctr, &reply_len, &dlen, &username,
#  282|                                     NULL);
#  283|       if (ret != EOK) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def483]
sssd-2.11.1/src/sss_client/pam_sss_gss.c:281:11: warning[-Wanalyzer-malloc-leak]: leak of 'target'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:271:14: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:47: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:9: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:280:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:281:11: throw: if 'sss_readrep_copy_string' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:281:11: danger: 'target' leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  279|   
#  280|       dlen = reply_len;
#  281|->     ret = sss_readrep_copy_string(buf, &pctr, &reply_len, &dlen, &username,
#  282|                                     NULL);
#  283|       if (ret != EOK) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def484]
sssd-2.11.1/src/sss_client/pam_sss_gss.c:281:11: warning[-Wanalyzer-malloc-leak]: leak of 'upn'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:272:11: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:47: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:9: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:280:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:281:11: throw: if 'sss_readrep_copy_string' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:281:11: danger: 'upn' leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  279|   
#  280|       dlen = reply_len;
#  281|->     ret = sss_readrep_copy_string(buf, &pctr, &reply_len, &dlen, &username,
#  282|                                     NULL);
#  283|       if (ret != EOK) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def485]
sssd-2.11.1/src/sss_client/pam_sss_gss.c:281:11: warning[-Wanalyzer-malloc-leak]: leak of 'username'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:269:16: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:281:11: throw: if 'sss_readrep_copy_string' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:281:11: danger: 'username' leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  279|   
#  280|       dlen = reply_len;
#  281|->     ret = sss_readrep_copy_string(buf, &pctr, &reply_len, &dlen, &username,
#  282|                                     NULL);
#  283|       if (ret != EOK) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def486]
sssd-2.11.1/src/sss_client/pam_sss_gss.c:288:11: warning[-Wanalyzer-malloc-leak]: leak of 'domain'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:270:14: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:283:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:287:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:288:11: throw: if 'sss_readrep_copy_string' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:288:11: danger: 'domain' leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  286|   
#  287|       dlen = reply_len;
#  288|->     ret = sss_readrep_copy_string(buf, &pctr, &reply_len, &dlen, &domain, NULL);
#  289|       if (ret != EOK) {
#  290|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def487]
sssd-2.11.1/src/sss_client/pam_sss_gss.c:288:11: warning[-Wanalyzer-malloc-leak]: leak of 'target'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:271:14: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:47: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:9: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:280:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:283:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:287:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:288:11: throw: if 'sss_readrep_copy_string' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:288:11: danger: 'target' leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  286|   
#  287|       dlen = reply_len;
#  288|->     ret = sss_readrep_copy_string(buf, &pctr, &reply_len, &dlen, &domain, NULL);
#  289|       if (ret != EOK) {
#  290|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def488]
sssd-2.11.1/src/sss_client/pam_sss_gss.c:288:11: warning[-Wanalyzer-malloc-leak]: leak of 'upn'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:272:11: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:47: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:9: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:280:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:283:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:287:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:288:11: throw: if 'sss_readrep_copy_string' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:288:11: danger: 'upn' leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  286|   
#  287|       dlen = reply_len;
#  288|->     ret = sss_readrep_copy_string(buf, &pctr, &reply_len, &dlen, &domain, NULL);
#  289|       if (ret != EOK) {
#  290|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def489]
sssd-2.11.1/src/sss_client/pam_sss_gss.c:294:11: warning[-Wanalyzer-malloc-leak]: leak of 'target'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:271:14: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:47: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:9: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:280:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:283:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:287:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:289:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:293:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:294:11: throw: if 'sss_readrep_copy_string' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:294:11: danger: 'target' leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  292|   
#  293|       dlen = reply_len;
#  294|->     ret = sss_readrep_copy_string(buf, &pctr, &reply_len, &dlen, &target, NULL);
#  295|       if (ret != EOK) {
#  296|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def490]
sssd-2.11.1/src/sss_client/pam_sss_gss.c:294:11: warning[-Wanalyzer-malloc-leak]: leak of 'upn'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:272:11: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:47: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:9: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:280:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:283:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:287:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:289:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:293:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:294:11: throw: if 'sss_readrep_copy_string' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:294:11: danger: 'upn' leaks here; was allocated at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#  292|   
#  293|       dlen = reply_len;
#  294|->     ret = sss_readrep_copy_string(buf, &pctr, &reply_len, &dlen, &target, NULL);
#  295|       if (ret != EOK) {
#  296|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def491]
sssd-2.11.1/src/sss_client/pam_sss_gss.c:300:11: warning[-Wanalyzer-malloc-leak]: leak of 'upn'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:272:11: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:47: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:273:9: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:280:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:283:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:287:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:289:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:293:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:295:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:299:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:300:11: throw: if 'sss_readrep_copy_string' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:300:11: danger: 'upn' leaks here; was allocated at [(1)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/0)
#  298|   
#  299|       dlen = reply_len;
#  300|->     ret = sss_readrep_copy_string(buf, &pctr, &reply_len, &dlen, &upn, NULL);
#  301|       if (ret != EOK) {
#  302|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def492]
sssd-2.11.1/src/sss_client/pam_sss_gss.c:381:11: warning[-Wanalyzer-malloc-leak]: leak of 'data'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:369:12: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:370:8: branch_false: following 'false' branch (when 'data' is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:374:5: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:381:11: throw: if 'sss_pam_make_request' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:381:11: danger: 'data' leaks here; was allocated at [(1)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/0)
#  379|   
#  380|       req_data.data = data;
#  381|->     ret = sss_pam_make_request(SSS_GSSAPI_SEC_CTX, &req_data, (uint8_t**)_reply,
#  382|                                  _reply_len, &ret_errno);
#  383|       free(data);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def493]
sssd-2.11.1/src/sss_client/pam_sss_gss.c:546:9: warning[-Wanalyzer-malloc-leak]: leak of 'ccache'
/usr/include/security/pam_modules.h:34:5: enter_function: entry to 'pam_sm_authenticate'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:533:11: call_function: calling 'sss_cli_getenv' from 'pam_sm_authenticate'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:533:11: return_function: returning to 'pam_sm_authenticate' from 'sss_cli_getenv'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:534:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:539:11: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:543:19: call_function: calling 'get_item_as_string' from 'pam_sm_authenticate'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:543:19: return_function: returning to 'pam_sm_authenticate' from 'get_item_as_string'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:544:16: call_function: calling 'get_item_as_string' from 'pam_sm_authenticate'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:544:16: return_function: returning to 'pam_sm_authenticate' from 'get_item_as_string'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:545:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:546:9: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:546:9: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:546:9: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:546:9: throw: if 'pam_syslog' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:546:9: danger: 'ccache' leaks here; was allocated at [(6)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/5)
#  544|       pam_user = get_item_as_string(pamh, PAM_USER);
#  545|       if (pam_service == NULL || pam_user == NULL) {
#  546|->         ERROR(pamh, "Unable to get PAM data!");
#  547|           ret = EINVAL;
#  548|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def494]
sssd-2.11.1/src/sss_client/pam_sss_gss.c:585:5: warning[-Wanalyzer-malloc-leak]: leak of 'ccache'
/usr/include/security/pam_modules.h:34:5: enter_function: entry to 'pam_sm_authenticate'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:533:11: call_function: calling 'sss_cli_getenv' from 'pam_sm_authenticate'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:533:11: return_function: returning to 'pam_sm_authenticate' from 'sss_cli_getenv'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:534:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:539:11: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:543:19: call_function: calling 'get_item_as_string' from 'pam_sm_authenticate'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:543:19: return_function: returning to 'pam_sm_authenticate' from 'get_item_as_string'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:544:16: call_function: calling 'get_item_as_string' from 'pam_sm_authenticate'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:544:16: return_function: returning to 'pam_sm_authenticate' from 'get_item_as_string'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:545:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:546:9: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:585:5: throw: if 'sss_pam_lock' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:585:5: danger: 'ccache' leaks here; was allocated at [(6)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/5)
#  583|   
#  584|   done:
#  585|->     sss_pam_lock();
#  586|       sss_cli_close_socket();
#  587|       sss_pam_unlock();

Error: GCC_ANALYZER_WARNING (CWE-401): [#def495]
sssd-2.11.1/src/sss_client/pam_sss_gss.c:586:5: warning[-Wanalyzer-malloc-leak]: leak of 'ccache'
/usr/include/security/pam_modules.h:34:5: enter_function: entry to 'pam_sm_authenticate'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:533:11: call_function: calling 'sss_cli_getenv' from 'pam_sm_authenticate'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:533:11: return_function: returning to 'pam_sm_authenticate' from 'sss_cli_getenv'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:534:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:539:11: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:543:19: call_function: calling 'get_item_as_string' from 'pam_sm_authenticate'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:543:19: return_function: returning to 'pam_sm_authenticate' from 'get_item_as_string'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:544:16: call_function: calling 'get_item_as_string' from 'pam_sm_authenticate'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:544:16: return_function: returning to 'pam_sm_authenticate' from 'get_item_as_string'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:545:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:546:9: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:586:5: throw: if 'sss_cli_close_socket' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:586:5: danger: 'ccache' leaks here; was allocated at [(6)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/5)
#  584|   done:
#  585|       sss_pam_lock();
#  586|->     sss_cli_close_socket();
#  587|       sss_pam_unlock();
#  588|       free(username);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def496]
sssd-2.11.1/src/sss_client/pam_sss_gss.c:587:5: warning[-Wanalyzer-malloc-leak]: leak of 'ccache'
/usr/include/security/pam_modules.h:34:5: enter_function: entry to 'pam_sm_authenticate'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:533:11: call_function: calling 'sss_cli_getenv' from 'pam_sm_authenticate'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:533:11: return_function: returning to 'pam_sm_authenticate' from 'sss_cli_getenv'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:534:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:539:11: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:543:19: call_function: calling 'get_item_as_string' from 'pam_sm_authenticate'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:543:19: return_function: returning to 'pam_sm_authenticate' from 'get_item_as_string'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:544:16: call_function: calling 'get_item_as_string' from 'pam_sm_authenticate'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:544:16: return_function: returning to 'pam_sm_authenticate' from 'get_item_as_string'
sssd-2.11.1/src/sss_client/pam_sss_gss.c:545:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:546:9: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss_gss.c:587:5: throw: if 'sss_pam_unlock' throws an exception...
sssd-2.11.1/src/sss_client/pam_sss_gss.c:587:5: danger: 'ccache' leaks here; was allocated at [(6)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/5)
#  585|       sss_pam_lock();
#  586|       sss_cli_close_socket();
#  587|->     sss_pam_unlock();
#  588|       free(username);
#  589|       free(domain);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def497]
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:211:11: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to 'pc_list_from_response'
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to 'safealign_memcpy' from 'pc_list_from_response'
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following 'false' branch (when 'str' is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling 'pc_list_add_password' from 'pc_list_from_response'
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:562:19: return_function: returning to 'pc_list_from_response' from 'pc_list_add_password'
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:564:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:28: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following 'false' branch (when 'str' is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling 'pc_list_add_password' from 'pc_list_from_response'
#  209|       for (c = 0; *pc_list != NULL && (*pc_list)[c] != NULL; c++); /* just counting */
#  210|   
#  211|->     pcl = realloc(*pc_list, (c + 2) * sizeof(struct prompt_config *));
#  212|       if (pcl == NULL) {
#  213|           return ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def498]
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:211:11: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to ‘pc_list_from_response’
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to ‘safealign_memcpy’ from ‘pc_list_from_response’
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling ‘pc_list_add_password’ from ‘pc_list_from_response’
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:562:19: return_function: returning to ‘pc_list_from_response’ from ‘pc_list_add_password’
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:564:16: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:28: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling ‘pc_list_add_password’ from ‘pc_list_from_response’
#  209|       for (c = 0; *pc_list != NULL && (*pc_list)[c] != NULL; c++); /* just counting */
#  210|   
#  211|->     pcl = realloc(*pc_list, (c + 2) * sizeof(struct prompt_config *));
#  212|       if (pcl == NULL) {
#  213|           return ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def499]
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:215:5: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to 'pc_list_from_response'
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to 'safealign_memcpy' from 'pc_list_from_response'
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following 'false' branch (when 'str' is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling 'pc_list_add_password' from 'pc_list_from_response'
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:562:19: return_function: returning to 'pc_list_from_response' from 'pc_list_add_password'
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:564:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:28: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following 'false' branch (when 'str' is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling 'pc_list_add_password' from 'pc_list_from_response'
#  213|           return ENOMEM;
#  214|       }
#  215|->     pcl[c] = pc;
#  216|       pcl[c + 1] = NULL;
#  217|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def500]
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:215:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to ‘pc_list_from_response’
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to ‘safealign_memcpy’ from ‘pc_list_from_response’
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling ‘pc_list_add_password’ from ‘pc_list_from_response’
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:562:19: return_function: returning to ‘pc_list_from_response’ from ‘pc_list_add_password’
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:564:16: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:28: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling ‘pc_list_add_password’ from ‘pc_list_from_response’
#  213|           return ENOMEM;
#  214|       }
#  215|->     pcl[c] = pc;
#  216|       pcl[c + 1] = NULL;
#  217|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def501]
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:221:1: warning[-Wanalyzer-malloc-leak]: leak of 'pcl'
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to 'pc_list_from_response'
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to 'safealign_memcpy' from 'pc_list_from_response'
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:569:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:573:13: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:575:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:580:16: branch_false: following 'false' branch (when 'str' is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:584:16: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:586:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:591:13: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:593:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:599:16: branch_false: following 'false' branch (when 'str2' is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:604:16: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:606:19: call_function: calling 'pc_list_add_2fa' from 'pc_list_from_response'
#  219|   
#  220|       return EOK;
#  221|-> }
#  222|   
#  223|   #define DEFAULT_PASSWORD_PROMPT _("Password: ")

Error: GCC_ANALYZER_WARNING (CWE-401): [#def502]
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:221:1: warning[-Wanalyzer-malloc-leak]: leak of ‘pcl’
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to ‘pc_list_from_response’
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to ‘safealign_memcpy’ from ‘pc_list_from_response’
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:569:16: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:573:13: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:575:16: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:580:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:584:16: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:586:16: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:591:13: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:593:16: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:599:16: branch_false: following ‘false’ branch (when ‘str2’ is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:604:16: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:606:19: call_function: calling ‘pc_list_add_2fa’ from ‘pc_list_from_response’
#  219|   
#  220|       return EOK;
#  221|-> }
#  222|   
#  223|   #define DEFAULT_PASSWORD_PROMPT _("Password: ")

Error: GCC_ANALYZER_WARNING (CWE-401): [#def503]
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:252:8: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to 'pc_list_from_response'
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to 'safealign_memcpy' from 'pc_list_from_response'
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following 'false' branch (when 'str' is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling 'pc_list_add_password' from 'pc_list_from_response'
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:562:19: return_function: returning to 'pc_list_from_response' from 'pc_list_add_password'
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:564:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:28: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following 'false' branch (when 'str' is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling 'pc_list_add_password' from 'pc_list_from_response'
#  250|   
#  251|       ret = pc_list_add_pc(pc_list, pc);
#  252|->     if (ret != EOK) {
#  253|           goto done;
#  254|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def504]
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:252:8: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:514:9: enter_function: entry to ‘pc_list_from_response’
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:527:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:532:5: call_function: inlined call to ‘safealign_memcpy’ from ‘pc_list_from_response’
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling ‘pc_list_add_password’ from ‘pc_list_from_response’
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:562:19: return_function: returning to ‘pc_list_from_response’ from ‘pc_list_add_password’
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:564:16: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:28: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:534:17: branch_true: following ‘true’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:18: branch_true: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:537:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:541:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:545:16: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:549:13: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:551:16: branch_false: following ‘false’ branch...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:556:16: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)...
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:560:16: branch_false: ...to here
sssd-2.11.1/src/sss_client/pam_sss_prompt_config.c:562:19: call_function: calling ‘pc_list_add_password’ from ‘pc_list_from_response’
#  250|   
#  251|       ret = pc_list_add_pc(pc_list, pc);
#  252|->     if (ret != EOK) {
#  253|           goto done;
#  254|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def505]
sssd-2.11.1/src/sss_client/sssd_pac.c:100:9: warning[-Wanalyzer-malloc-leak]: leak of 'data'
sssd-2.11.1/src/sss_client/sssd_pac.c:87:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/sssd_pac.c:91:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/sssd_pac.c:91:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/sssd_pac.c:92:16: branch_true: ...to here
sssd-2.11.1/src/sss_client/sssd_pac.c:92:16: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/sssd_pac.c:93:12: branch_false: following 'false' branch (when 'data' is non-NULL)...
sssd-2.11.1/src/sss_client/sssd_pac.c:96:22: branch_false: ...to here
sssd-2.11.1/src/sss_client/sssd_pac.c:99:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/sssd_pac.c:100:9: branch_true: ...to here
sssd-2.11.1/src/sss_client/sssd_pac.c:100:9: throw: if 'krb5_free_data_contents' throws an exception...
sssd-2.11.1/src/sss_client/sssd_pac.c:100:9: danger: 'data' leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#   98|   
#   99|       if (sssdctx->data.data != NULL) {
#  100|->         krb5_free_data_contents(kcontext, &sssdctx->data);
#  101|       }
#  102|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def506]
sssd-2.11.1/src/sss_client/sssd_pac.c:283:12: warning[-Wanalyzer-malloc-leak]: leak of 'data.data'
sssd-2.11.1/src/sss_client/sssd_pac.c:262:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/sssd_pac.c:266:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/sssd_pac.c:266:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/sssd_pac.c:268:9: branch_true: ...to here
sssd-2.11.1/src/sss_client/sssd_pac.c:269:21: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/sssd_pac.c:270:12: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/sssd_pac.c:273:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/sssd_pac.c:283:12: throw: if 'krb5_ser_unpack_int32' throws an exception...
sssd-2.11.1/src/sss_client/sssd_pac.c:283:12: danger: 'data.data' leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  281|   
#  282|       /* verified */
#  283|->     code = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  284|       if (code != 0) {
#  285|           free(data.data);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def507]
sssd-2.11.1/src/sss_client/sssd_pac.c:290:9: warning[-Wanalyzer-malloc-leak]: leak of 'data.data'
sssd-2.11.1/src/sss_client/sssd_pac.c:262:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/sssd_pac.c:266:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/sssd_pac.c:266:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/sssd_pac.c:268:9: branch_true: ...to here
sssd-2.11.1/src/sss_client/sssd_pac.c:269:21: acquire_memory: allocated here
sssd-2.11.1/src/sss_client/sssd_pac.c:270:12: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/sssd_pac.c:273:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/sssd_pac.c:284:8: branch_false: following 'false' branch...
sssd-2.11.1/src/sss_client/sssd_pac.c:289:9: branch_false: ...to here
sssd-2.11.1/src/sss_client/sssd_pac.c:289:8: branch_true: following 'true' branch...
sssd-2.11.1/src/sss_client/sssd_pac.c:290:9: branch_true: ...to here
sssd-2.11.1/src/sss_client/sssd_pac.c:290:9: throw: if 'krb5_free_data_contents' throws an exception...
sssd-2.11.1/src/sss_client/sssd_pac.c:290:9: danger: 'data.data' leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#  288|   
#  289|       if (sssdctx->data.data != NULL) {
#  290|->         krb5_free_data_contents(kcontext, &sssdctx->data);
#  291|       }
#  292|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def508]
sssd-2.11.1/src/tools/common/sss_process.c:67:13: warning[-Wanalyzer-file-leak]: leak of FILE 'fopen("/run/sssd/sssd.pid", "r")'
sssd-2.11.1/src/tools/common/sss_process.c:53:16: acquire_resource: opened here
sssd-2.11.1/src/tools/common/sss_process.c:54:8: branch_false: following 'false' branch...
sssd-2.11.1/src/tools/common/sss_process.c:61:13: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:63:8: branch_true: following 'true' branch...
sssd-2.11.1/src/tools/common/sss_process.c:65:15: branch_true: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:66:12: branch_true: following 'true' branch (when 'ret != 0')...
sssd-2.11.1/src/tools/common/sss_process.c:67:13: branch_true: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:67:13: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/tools/common/sss_process.c:67:13: danger: 'fopen("/run/sssd/sssd.pid", "r")' leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   65|           ret = ferror(pid_file);
#   66|           if (ret != 0) {
#   67|->             DEBUG(SSSDBG_CRIT_FAILURE, "Unable to read from file \"%s\": %s\n",
#   68|                     SSSD_PIDFILE, strerror(ret));
#   69|           } else {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def509]
sssd-2.11.1/src/tools/common/sss_process.c:67:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen("/run/sssd/sssd.pid", "r")’
sssd-2.11.1/src/tools/common/sss_process.c:53:16: acquire_resource: opened here
sssd-2.11.1/src/tools/common/sss_process.c:54:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/tools/common/sss_process.c:61:13: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:63:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/tools/common/sss_process.c:65:15: branch_true: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:66:12: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/tools/common/sss_process.c:67:13: branch_true: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:67:13: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/tools/common/sss_process.c:67:13: danger: ‘fopen("/run/sssd/sssd.pid", "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   65|           ret = ferror(pid_file);
#   66|           if (ret != 0) {
#   67|->             DEBUG(SSSDBG_CRIT_FAILURE, "Unable to read from file \"%s\": %s\n",
#   68|                     SSSD_PIDFILE, strerror(ret));
#   69|           } else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def510]
sssd-2.11.1/src/tools/common/sss_process.c:67:13: warning[-Wanalyzer-malloc-leak]: leak of 'fopen("/run/sssd/sssd.pid", "r")'
sssd-2.11.1/src/tools/common/sss_process.c:53:16: acquire_memory: allocated here
sssd-2.11.1/src/tools/common/sss_process.c:54:8: branch_false: following 'false' branch...
sssd-2.11.1/src/tools/common/sss_process.c:61:13: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:63:8: branch_true: following 'true' branch...
sssd-2.11.1/src/tools/common/sss_process.c:65:15: branch_true: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:66:12: branch_true: following 'true' branch (when 'ret != 0')...
sssd-2.11.1/src/tools/common/sss_process.c:67:13: branch_true: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:67:13: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/tools/common/sss_process.c:67:13: danger: 'fopen("/run/sssd/sssd.pid", "r")' leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   65|           ret = ferror(pid_file);
#   66|           if (ret != 0) {
#   67|->             DEBUG(SSSDBG_CRIT_FAILURE, "Unable to read from file \"%s\": %s\n",
#   68|                     SSSD_PIDFILE, strerror(ret));
#   69|           } else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def511]
sssd-2.11.1/src/tools/common/sss_process.c:67:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen("/run/sssd/sssd.pid", "r")’
sssd-2.11.1/src/tools/common/sss_process.c:53:16: acquire_memory: allocated here
sssd-2.11.1/src/tools/common/sss_process.c:54:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/tools/common/sss_process.c:61:13: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:63:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/tools/common/sss_process.c:65:15: branch_true: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:66:12: branch_true: following ‘true’ branch (when ‘ret != 0’)...
sssd-2.11.1/src/tools/common/sss_process.c:67:13: branch_true: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:67:13: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/tools/common/sss_process.c:67:13: danger: ‘fopen("/run/sssd/sssd.pid", "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   65|           ret = ferror(pid_file);
#   66|           if (ret != 0) {
#   67|->             DEBUG(SSSDBG_CRIT_FAILURE, "Unable to read from file \"%s\": %s\n",
#   68|                     SSSD_PIDFILE, strerror(ret));
#   69|           } else {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def512]
sssd-2.11.1/src/tools/common/sss_process.c:70:13: warning[-Wanalyzer-file-leak]: leak of FILE 'fopen("/run/sssd/sssd.pid", "r")'
sssd-2.11.1/src/tools/common/sss_process.c:53:16: acquire_resource: opened here
sssd-2.11.1/src/tools/common/sss_process.c:54:8: branch_false: following 'false' branch...
sssd-2.11.1/src/tools/common/sss_process.c:61:13: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:63:8: branch_true: following 'true' branch...
sssd-2.11.1/src/tools/common/sss_process.c:65:15: branch_true: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:66:12: branch_false: following 'false' branch (when 'ret == 0')...
sssd-2.11.1/src/tools/common/sss_process.c:70:13: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:70:13: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/tools/common/sss_process.c:70:13: danger: 'fopen("/run/sssd/sssd.pid", "r")' leaks here; was opened at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   68|                     SSSD_PIDFILE, strerror(ret));
#   69|           } else {
#   70|->             DEBUG(SSSDBG_CRIT_FAILURE, "File \"%s\" contains invalid pid.\n",
#   71|                     SSSD_PIDFILE);
#   72|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def513]
sssd-2.11.1/src/tools/common/sss_process.c:70:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen("/run/sssd/sssd.pid", "r")’
sssd-2.11.1/src/tools/common/sss_process.c:53:16: acquire_resource: opened here
sssd-2.11.1/src/tools/common/sss_process.c:54:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/tools/common/sss_process.c:61:13: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:63:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/tools/common/sss_process.c:65:15: branch_true: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:66:12: branch_false: following ‘false’ branch (when ‘ret == 0’)...
sssd-2.11.1/src/tools/common/sss_process.c:70:13: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:70:13: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/tools/common/sss_process.c:70:13: danger: ‘fopen("/run/sssd/sssd.pid", "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   68|                     SSSD_PIDFILE, strerror(ret));
#   69|           } else {
#   70|->             DEBUG(SSSDBG_CRIT_FAILURE, "File \"%s\" contains invalid pid.\n",
#   71|                     SSSD_PIDFILE);
#   72|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def514]
sssd-2.11.1/src/tools/common/sss_process.c:70:13: warning[-Wanalyzer-malloc-leak]: leak of 'fopen("/run/sssd/sssd.pid", "r")'
sssd-2.11.1/src/tools/common/sss_process.c:53:16: acquire_memory: allocated here
sssd-2.11.1/src/tools/common/sss_process.c:54:8: branch_false: following 'false' branch...
sssd-2.11.1/src/tools/common/sss_process.c:61:13: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:63:8: branch_true: following 'true' branch...
sssd-2.11.1/src/tools/common/sss_process.c:65:15: branch_true: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:66:12: branch_false: following 'false' branch (when 'ret == 0')...
sssd-2.11.1/src/tools/common/sss_process.c:70:13: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:70:13: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/tools/common/sss_process.c:70:13: danger: 'fopen("/run/sssd/sssd.pid", "r")' leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#   68|                     SSSD_PIDFILE, strerror(ret));
#   69|           } else {
#   70|->             DEBUG(SSSDBG_CRIT_FAILURE, "File \"%s\" contains invalid pid.\n",
#   71|                     SSSD_PIDFILE);
#   72|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def515]
sssd-2.11.1/src/tools/common/sss_process.c:70:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen("/run/sssd/sssd.pid", "r")’
sssd-2.11.1/src/tools/common/sss_process.c:53:16: acquire_memory: allocated here
sssd-2.11.1/src/tools/common/sss_process.c:54:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/tools/common/sss_process.c:61:13: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:63:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/tools/common/sss_process.c:65:15: branch_true: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:66:12: branch_false: following ‘false’ branch (when ‘ret == 0’)...
sssd-2.11.1/src/tools/common/sss_process.c:70:13: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:70:13: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/tools/common/sss_process.c:70:13: danger: ‘fopen("/run/sssd/sssd.pid", "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#   68|                     SSSD_PIDFILE, strerror(ret));
#   69|           } else {
#   70|->             DEBUG(SSSDBG_CRIT_FAILURE, "File \"%s\" contains invalid pid.\n",
#   71|                     SSSD_PIDFILE);
#   72|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def516]
sssd-2.11.1/src/tools/common/sss_process.c:76:9: warning[-Wanalyzer-file-leak]: leak of FILE 'fopen("/run/sssd/sssd.pid", "r")'
sssd-2.11.1/src/tools/common/sss_process.c:53:16: acquire_resource: opened here
sssd-2.11.1/src/tools/common/sss_process.c:54:8: branch_false: following 'false' branch...
sssd-2.11.1/src/tools/common/sss_process.c:61:13: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:63:8: branch_false: following 'false' branch...
sssd-2.11.1/src/tools/common/sss_process.c:75:8: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:75:8: branch_true: following 'true' branch...
sssd-2.11.1/src/tools/common/sss_process.c:76:9: branch_true: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:76:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/tools/common/sss_process.c:76:9: danger: 'fopen("/run/sssd/sssd.pid", "r")' leaks here; was opened at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#   74|       }
#   75|       if (fsize == 0) {
#   76|->         DEBUG(SSSDBG_CRIT_FAILURE, "File \"%s\" contains no pid.\n",
#   77|                 SSSD_PIDFILE);
#   78|           ret = EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def517]
sssd-2.11.1/src/tools/common/sss_process.c:76:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen("/run/sssd/sssd.pid", "r")’
sssd-2.11.1/src/tools/common/sss_process.c:53:16: acquire_resource: opened here
sssd-2.11.1/src/tools/common/sss_process.c:54:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/tools/common/sss_process.c:61:13: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:63:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/tools/common/sss_process.c:75:8: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:75:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/tools/common/sss_process.c:76:9: branch_true: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:76:9: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/tools/common/sss_process.c:76:9: danger: ‘fopen("/run/sssd/sssd.pid", "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#   74|       }
#   75|       if (fsize == 0) {
#   76|->         DEBUG(SSSDBG_CRIT_FAILURE, "File \"%s\" contains no pid.\n",
#   77|                 SSSD_PIDFILE);
#   78|           ret = EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def518]
sssd-2.11.1/src/tools/common/sss_process.c:76:9: warning[-Wanalyzer-malloc-leak]: leak of 'fopen("/run/sssd/sssd.pid", "r")'
sssd-2.11.1/src/tools/common/sss_process.c:53:16: acquire_memory: allocated here
sssd-2.11.1/src/tools/common/sss_process.c:54:8: branch_false: following 'false' branch...
sssd-2.11.1/src/tools/common/sss_process.c:61:13: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:63:8: branch_false: following 'false' branch...
sssd-2.11.1/src/tools/common/sss_process.c:75:8: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:75:8: branch_true: following 'true' branch...
sssd-2.11.1/src/tools/common/sss_process.c:76:9: branch_true: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:76:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/tools/common/sss_process.c:76:9: danger: 'fopen("/run/sssd/sssd.pid", "r")' leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#   74|       }
#   75|       if (fsize == 0) {
#   76|->         DEBUG(SSSDBG_CRIT_FAILURE, "File \"%s\" contains no pid.\n",
#   77|                 SSSD_PIDFILE);
#   78|           ret = EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def519]
sssd-2.11.1/src/tools/common/sss_process.c:76:9: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen("/run/sssd/sssd.pid", "r")’
sssd-2.11.1/src/tools/common/sss_process.c:53:16: acquire_memory: allocated here
sssd-2.11.1/src/tools/common/sss_process.c:54:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/tools/common/sss_process.c:61:13: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:63:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/tools/common/sss_process.c:75:8: branch_false: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:75:8: branch_true: following ‘true’ branch...
sssd-2.11.1/src/tools/common/sss_process.c:76:9: branch_true: ...to here
sssd-2.11.1/src/tools/common/sss_process.c:76:9: throw: if ‘sss_debug_fn’ throws an exception...
sssd-2.11.1/src/tools/common/sss_process.c:76:9: danger: ‘fopen("/run/sssd/sssd.pid", "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#   74|       }
#   75|       if (fsize == 0) {
#   76|->         DEBUG(SSSDBG_CRIT_FAILURE, "File \"%s\" contains no pid.\n",
#   77|                 SSSD_PIDFILE);
#   78|           ret = EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def520]
sssd-2.11.1/src/tools/sss_seed.c:290:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(filename, 0)’
sssd-2.11.1/src/tools/sss_seed.c:274:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/tools/sss_seed.c:280:10: branch_false: ...to here
sssd-2.11.1/src/tools/sss_seed.c:280:10: acquire_resource: opened here
sssd-2.11.1/src/tools/sss_seed.c:281:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/tools/sss_seed.c:289:5: branch_false: ...to here
sssd-2.11.1/src/tools/sss_seed.c:290:11: throw: if ‘sss_atomic_io_s’ throws an exception...
sssd-2.11.1/src/tools/sss_seed.c:290:11: danger: ‘open(filename, 0)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  288|   
#  289|       errno = 0;
#  290|->     len = sss_atomic_read_s(fd, buf, PASS_MAX + 1);
#  291|       if (len == -1) {
#  292|           ret = errno;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def521]
sssd-2.11.1/src/tools/sssctl/sssctl_user_checks.c:191:14: warning[-Wanalyzer-malloc-leak]: leak of ‘buffer’
sssd-2.11.1/src/tools/sssctl/sssctl_user_checks.c:170:8: branch_false: following ‘false’ branch (when ‘dl_handle’ is non-NULL)...
sssd-2.11.1/src/tools/sssctl/sssctl_user_checks.c:176:22: branch_false: ...to here
sssd-2.11.1/src/tools/sssctl/sssctl_user_checks.c:177:8: branch_false: following ‘false’ branch (when ‘sss_getpwnam_r’ is non-NULL)...
sssd-2.11.1/src/tools/sssctl/sssctl_user_checks.c:184:14: branch_false: ...to here
sssd-2.11.1/src/tools/sssctl/sssctl_user_checks.c:184:14: acquire_memory: allocated here
sssd-2.11.1/src/tools/sssctl/sssctl_user_checks.c:185:8: branch_false: following ‘false’ branch (when ‘buffer’ is non-NULL)...
sssd-2.11.1/src/tools/sssctl/sssctl_user_checks.c:191:14: branch_false: ...to here
sssd-2.11.1/src/tools/sssctl/sssctl_user_checks.c:191:14: throw: if the called function throws an exception...
sssd-2.11.1/src/tools/sssctl/sssctl_user_checks.c:191:14: danger: ‘buffer’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  189|       }
#  190|   
#  191|->     status = sss_getpwnam_r(user, &pwd, buffer, buflen, &nss_errno);
#  192|       if (status != NSS_STATUS_SUCCESS) {
#  193|           ERROR("sss_getpwnam_r failed with [%d].\n", status);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def522]
sssd-2.11.1/src/tools/tools_mc_util.c:92:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(mc_filename, 2)’
sssd-2.11.1/src/tools/tools_mc_util.c:74:8: branch_false: following ‘false’ branch (when ‘mc_filename’ is non-NULL)...
sssd-2.11.1/src/tools/tools_mc_util.c:78:13: branch_false: ...to here
sssd-2.11.1/src/tools/tools_mc_util.c:78:13: acquire_resource: opened here
sssd-2.11.1/src/tools/tools_mc_util.c:79:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/tools/tools_mc_util.c:92:11: branch_false: ...to here
sssd-2.11.1/src/tools/tools_mc_util.c:92:11: throw: if ‘sss_br_lock_file’ throws an exception...
sssd-2.11.1/src/tools/tools_mc_util.c:92:11: danger: ‘open(mc_filename, 2)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   90|       }
#   91|   
#   92|->     ret = sss_br_lock_file(mc_fd, 0, 1, retries, t);
#   93|       if (ret == EACCES) {
#   94|           DEBUG(SSSDBG_TRACE_FUNC,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def523]
sssd-2.11.1/src/util/backup_file.c:57:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(src_file, 0)'
sssd-2.11.1/src/util/backup_file.c:40:14: acquire_resource: opened here
sssd-2.11.1/src/util/backup_file.c:41:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/backup_file.c:48:15: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:49:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/backup_file.c:49:8: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:55:17: branch_true: following 'true' branch (when 'i != 10')...
sssd-2.11.1/src/util/backup_file.c:56:12: branch_true: ...to here
sssd-2.11.1/src/util/backup_file.c:56:12: branch_true: following 'true' branch (when 'i == 0')...
sssd-2.11.1/src/util/backup_file.c:57:24: branch_true: ...to here
sssd-2.11.1/src/util/backup_file.c:57:24: throw: if 'talloc_asprintf' throws an exception...
sssd-2.11.1/src/util/backup_file.c:57:24: danger: 'open(src_file, 0)' leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   55|       for (i = 0; i < 10; i++) {
#   56|           if (i == 0) {
#   57|->             dst_file = talloc_asprintf(tmp_ctx, "%s.bak", src_file);
#   58|           } else {
#   59|               dst_file = talloc_asprintf(tmp_ctx, "%s.bak%d", src_file, i);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def524]
sssd-2.11.1/src/util/backup_file.c:59:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(src_file, 0)'
sssd-2.11.1/src/util/backup_file.c:40:14: acquire_resource: opened here
sssd-2.11.1/src/util/backup_file.c:41:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/backup_file.c:48:15: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:49:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/backup_file.c:49:8: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:55:17: branch_true: following 'true' branch (when 'i != 10')...
sssd-2.11.1/src/util/backup_file.c:56:12: branch_true: ...to here
sssd-2.11.1/src/util/backup_file.c:56:12: branch_true: following 'true' branch (when 'i == 0')...
sssd-2.11.1/src/util/backup_file.c:57:24: branch_true: ...to here
sssd-2.11.1/src/util/backup_file.c:61:12: branch_false: following 'false' branch (when 'dst_file' is non-NULL)...
sssd-2.11.1/src/util/backup_file.c:66:9: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:70:12: branch_false: following 'false' branch...
sssd-2.11.1/src/util/backup_file.c:72:12: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:72:12: branch_false: following 'false' branch (when 'ret == 17')...
sssd-2.11.1/src/util/backup_file.c:55:25: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:55:17: branch_true: following 'true' branch (when 'i != 10')...
sssd-2.11.1/src/util/backup_file.c:56:12: branch_true: ...to here
sssd-2.11.1/src/util/backup_file.c:59:24: throw: if 'talloc_asprintf' throws an exception...
sssd-2.11.1/src/util/backup_file.c:59:24: danger: 'open(src_file, 0)' leaks here; was opened at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   57|               dst_file = talloc_asprintf(tmp_ctx, "%s.bak", src_file);
#   58|           } else {
#   59|->             dst_file = talloc_asprintf(tmp_ctx, "%s.bak%d", src_file, i);
#   60|           }
#   61|           if (!dst_file) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def525]
sssd-2.11.1/src/util/backup_file.c:67:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(src_file, 0)'
sssd-2.11.1/src/util/backup_file.c:40:14: acquire_resource: opened here
sssd-2.11.1/src/util/backup_file.c:41:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/backup_file.c:48:15: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:49:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/backup_file.c:49:8: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:55:17: branch_true: following 'true' branch (when 'i != 10')...
sssd-2.11.1/src/util/backup_file.c:56:12: branch_true: ...to here
sssd-2.11.1/src/util/backup_file.c:56:12: branch_true: following 'true' branch (when 'i == 0')...
sssd-2.11.1/src/util/backup_file.c:57:24: branch_true: ...to here
sssd-2.11.1/src/util/backup_file.c:61:12: branch_false: following 'false' branch (when 'dst_file' is non-NULL)...
sssd-2.11.1/src/util/backup_file.c:66:9: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:67:18: throw: if 'open' throws an exception...
sssd-2.11.1/src/util/backup_file.c:67:18: danger: 'open(src_file, 0)' leaks here; was opened at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   65|   
#   66|           errno = 0;
#   67|->         dst_fd = open(dst_file, O_CREAT|O_EXCL|O_WRONLY, 0600);
#   68|           ret = errno;
#   69|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def526]
sssd-2.11.1/src/util/backup_file.c:73:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(src_file, 0)'
sssd-2.11.1/src/util/backup_file.c:40:14: acquire_resource: opened here
sssd-2.11.1/src/util/backup_file.c:41:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/backup_file.c:48:15: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:49:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/backup_file.c:49:8: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:55:17: branch_true: following 'true' branch (when 'i != 10')...
sssd-2.11.1/src/util/backup_file.c:56:12: branch_true: ...to here
sssd-2.11.1/src/util/backup_file.c:56:12: branch_true: following 'true' branch (when 'i == 0')...
sssd-2.11.1/src/util/backup_file.c:57:24: branch_true: ...to here
sssd-2.11.1/src/util/backup_file.c:61:12: branch_false: following 'false' branch (when 'dst_file' is non-NULL)...
sssd-2.11.1/src/util/backup_file.c:66:9: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:70:12: branch_false: following 'false' branch...
sssd-2.11.1/src/util/backup_file.c:72:12: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:73:13: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/util/backup_file.c:73:13: danger: 'open(src_file, 0)' leaks here; was opened at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#   71|   
#   72|           if (ret != EEXIST) {
#   73|->             DEBUG(dbglvl, "Error (%d [%s]) opening destination file %s\n",
#   74|                              ret, strerror(ret), dst_file);
#   75|               goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def527]
sssd-2.11.1/src/util/backup_file.c:79:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(src_file, 0)'
sssd-2.11.1/src/util/backup_file.c:40:14: acquire_resource: opened here
sssd-2.11.1/src/util/backup_file.c:41:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/backup_file.c:48:15: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:49:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/backup_file.c:49:8: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:55:17: branch_true: following 'true' branch (when 'i != 10')...
sssd-2.11.1/src/util/backup_file.c:56:12: branch_true: ...to here
sssd-2.11.1/src/util/backup_file.c:56:12: branch_true: following 'true' branch (when 'i == 0')...
sssd-2.11.1/src/util/backup_file.c:57:24: branch_true: ...to here
sssd-2.11.1/src/util/backup_file.c:61:12: branch_false: following 'false' branch (when 'dst_file' is non-NULL)...
sssd-2.11.1/src/util/backup_file.c:66:9: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:78:8: branch_true: following 'true' branch (when 'ret != 0')...
sssd-2.11.1/src/util/backup_file.c:79:9: branch_true: ...to here
sssd-2.11.1/src/util/backup_file.c:79:9: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/util/backup_file.c:79:9: danger: 'open(src_file, 0)' leaks here; was opened at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#   77|       }
#   78|       if (ret != 0) {
#   79|->         DEBUG(dbglvl, "Error (%d [%s]) opening destination file %s\n",
#   80|                          ret, strerror(ret), dst_file);
#   81|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def528]
sssd-2.11.1/src/util/backup_file.c:87:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(src_file, 0)'
sssd-2.11.1/src/util/backup_file.c:40:14: acquire_resource: opened here
sssd-2.11.1/src/util/backup_file.c:41:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/backup_file.c:48:15: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:49:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/backup_file.c:49:8: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:55:17: branch_true: following 'true' branch (when 'i != 10')...
sssd-2.11.1/src/util/backup_file.c:56:12: branch_true: ...to here
sssd-2.11.1/src/util/backup_file.c:56:12: branch_true: following 'true' branch (when 'i == 0')...
sssd-2.11.1/src/util/backup_file.c:57:24: branch_true: ...to here
sssd-2.11.1/src/util/backup_file.c:61:12: branch_false: following 'false' branch (when 'dst_file' is non-NULL)...
sssd-2.11.1/src/util/backup_file.c:66:9: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:78:8: branch_false: following 'false' branch (when 'ret == 0')...
sssd-2.11.1/src/util/backup_file.c:78:8: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:87:19: throw: if 'sss_atomic_io_s' throws an exception...
sssd-2.11.1/src/util/backup_file.c:87:19: danger: 'open(src_file, 0)' leaks here; was opened at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#   85|       while (1) {
#   86|           errno = 0;
#   87|->         numread = sss_atomic_read_s(src_fd, buf, BUFFER_SIZE);
#   88|           if (numread < 0) {
#   89|               ret = errno;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def529]
sssd-2.11.1/src/util/backup_file.c:116:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(src_file, 0)'
sssd-2.11.1/src/util/backup_file.c:40:14: acquire_resource: opened here
sssd-2.11.1/src/util/backup_file.c:41:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/backup_file.c:48:15: branch_false: ...to here
sssd-2.11.1/src/util/backup_file.c:49:8: branch_true: following 'true' branch...
sssd-2.11.1/src/util/backup_file.c:51:9: branch_true: ...to here
sssd-2.11.1/src/util/backup_file.c:116:8: branch_true: following 'true' branch...
sssd-2.11.1/src/util/backup_file.c:116:23: branch_true: ...to here
sssd-2.11.1/src/util/backup_file.c:116:23: danger: 'open(src_file, 0)' leaks here; was opened at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  114|   
#  115|   done:
#  116|->     if (src_fd != -1) close(src_fd);
#  117|       if (dst_fd != -1) close(dst_fd);
#  118|       talloc_free(tmp_ctx);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def530]
sssd-2.11.1/src/util/child_common.c:780:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'ret'
sssd-2.11.1/src/util/child_common.c:899:6: enter_function: entry to 'exec_child_ex'
sssd-2.11.1/src/util/child_common.c:921:11: acquire_resource: opened here
sssd-2.11.1/src/util/child_common.c:922:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/util/child_common.c:930:8: branch_false: ...to here
sssd-2.11.1/src/util/child_common.c:930:8: branch_false: following 'false' branch (when 'pipefd_from_child' is NULL)...
sssd-2.11.1/src/util/child_common.c:941:11: branch_false: ...to here
sssd-2.11.1/src/util/child_common.c:941:11: call_function: calling 'prepare_child_argv' from 'exec_child_ex'
#  778|       argv  = talloc_array(mem_ctx, char *, argc);
#  779|       if (argv == NULL) {
#  780|->         DEBUG(SSSDBG_CRIT_FAILURE, "talloc_array failed.\n");
#  781|           return ENOMEM;
#  782|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def531]
sssd-2.11.1/src/util/child_common.c:789:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'ret'
sssd-2.11.1/src/util/child_common.c:899:6: enter_function: entry to 'exec_child_ex'
sssd-2.11.1/src/util/child_common.c:921:11: acquire_resource: opened here
sssd-2.11.1/src/util/child_common.c:922:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/util/child_common.c:930:8: branch_false: ...to here
sssd-2.11.1/src/util/child_common.c:930:8: branch_false: following 'false' branch (when 'pipefd_from_child' is NULL)...
sssd-2.11.1/src/util/child_common.c:941:11: branch_false: ...to here
sssd-2.11.1/src/util/child_common.c:941:11: call_function: calling 'prepare_child_argv' from 'exec_child_ex'
#  787|       if (extra_argv) {
#  788|           for (i = 0; extra_argv[i]; i++) {
#  789|->             argv[--argc] = talloc_strdup(argv, extra_argv[i]);
#  790|               if (argv[argc] == NULL) {
#  791|                   ret = ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def532]
sssd-2.11.1/src/util/child_common.c:798:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'ret'
sssd-2.11.1/src/util/child_common.c:956:6: enter_function: entry to 'exec_child'
sssd-2.11.1/src/util/child_common.c:960:5: call_function: calling 'exec_child_ex' from 'exec_child'
#  796|   
#  797|       if (!extra_args_only) {
#  798|->         argv[--argc] = talloc_asprintf(argv, "--debug-level=%#.4x",
#  799|                                     debug_level);
#  800|           if (argv[argc] == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def533]
sssd-2.11.1/src/util/child_common.c:805:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'ret'
sssd-2.11.1/src/util/child_common.c:956:6: enter_function: entry to 'exec_child'
sssd-2.11.1/src/util/child_common.c:960:5: call_function: calling 'exec_child_ex' from 'exec_child'
#  803|           }
#  804|   
#  805|->         argv[--argc] = talloc_asprintf(argv, "--backtrace=%d",
#  806|                                          sss_get_debug_backtrace_enable() ? 1 : 0);
#  807|           if (argv[argc] == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def534]
sssd-2.11.1/src/util/child_common.c:806:40: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'ret'
sssd-2.11.1/src/util/child_common.c:956:6: enter_function: entry to 'exec_child'
sssd-2.11.1/src/util/child_common.c:960:5: call_function: calling 'exec_child_ex' from 'exec_child'
#  804|   
#  805|           argv[--argc] = talloc_asprintf(argv, "--backtrace=%d",
#  806|->                                        sss_get_debug_backtrace_enable() ? 1 : 0);
#  807|           if (argv[argc] == NULL) {
#  808|               ret = ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def535]
sssd-2.11.1/src/util/child_common.c:813:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'ret'
sssd-2.11.1/src/util/child_common.c:956:6: enter_function: entry to 'exec_child'
sssd-2.11.1/src/util/child_common.c:960:5: call_function: calling 'exec_child_ex' from 'exec_child'
#  811|   
#  812|           if (sss_logger == FILES_LOGGER) {
#  813|->             argv[--argc] = talloc_asprintf(argv, "--debug-fd=%d",
#  814|                                              child_debug_fd);
#  815|               if (argv[argc] == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def536]
sssd-2.11.1/src/util/child_common.c:820:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'ret'
sssd-2.11.1/src/util/child_common.c:956:6: enter_function: entry to 'exec_child'
sssd-2.11.1/src/util/child_common.c:960:5: call_function: calling 'exec_child_ex' from 'exec_child'
#  818|               }
#  819|           } else {
#  820|->             argv[--argc] = talloc_asprintf(argv, "--logger=%s",
#  821|                                              sss_logger_str[sss_logger]);
#  822|               if (argv[argc] == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def537]
sssd-2.11.1/src/util/child_common.c:828:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'ret'
sssd-2.11.1/src/util/child_common.c:956:6: enter_function: entry to 'exec_child'
sssd-2.11.1/src/util/child_common.c:960:5: call_function: calling 'exec_child_ex' from 'exec_child'
#  826|           }
#  827|   
#  828|->         argv[--argc] = talloc_asprintf(argv, "--debug-timestamps=%d",
#  829|                                          debug_timestamps);
#  830|           if (argv[argc] == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def538]
sssd-2.11.1/src/util/child_common.c:931:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'ret'
sssd-2.11.1/src/util/child_common.c:921:11: acquire_resource: opened here
sssd-2.11.1/src/util/child_common.c:922:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/util/child_common.c:930:8: branch_false: ...to here
sssd-2.11.1/src/util/child_common.c:930:8: branch_true: following 'true' branch (when 'pipefd_from_child' is non-NULL)...
sssd-2.11.1/src/util/child_common.c:931:9: branch_true: ...to here
sssd-2.11.1/src/util/child_common.c:931:9: throw: if 'close' throws an exception...
sssd-2.11.1/src/util/child_common.c:931:9: danger: 'ret' leaks here; was opened at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  929|       /* some helpers, like 'selinux_child', do not write a response */
#  930|       if (pipefd_from_child != NULL) {
#  931|->         close(pipefd_from_child[0]);
#  932|           ret = dup2(pipefd_from_child[1], child_out_fd);
#  933|           if (ret == -1) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def539]
sssd-2.11.1/src/util/child_common.c:935:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'ret'
sssd-2.11.1/src/util/child_common.c:921:11: acquire_resource: opened here
sssd-2.11.1/src/util/child_common.c:922:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/util/child_common.c:930:8: branch_false: ...to here
sssd-2.11.1/src/util/child_common.c:930:8: branch_true: following 'true' branch (when 'pipefd_from_child' is non-NULL)...
sssd-2.11.1/src/util/child_common.c:931:9: branch_true: ...to here
sssd-2.11.1/src/util/child_common.c:933:12: branch_true: following 'true' branch (when 'ret == -1')...
sssd-2.11.1/src/util/child_common.c:934:19: branch_true: ...to here
sssd-2.11.1/src/util/child_common.c:935:13: throw: if 'sss_debug_fn' throws an exception...
sssd-2.11.1/src/util/child_common.c:935:13: danger: 'ret' leaks here; was opened at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  933|           if (ret == -1) {
#  934|               err = errno;
#  935|->             DEBUG(SSSDBG_CRIT_FAILURE,
#  936|                     "dup2 failed [%d][%s].\n", err, strerror(err));
#  937|               exit(EXIT_FAILURE);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def540]
sssd-2.11.1/src/util/debug.c:248:11: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/util/debug.c:266:6: enter_function: entry to 'sss_vdebug_fn'
sssd-2.11.1/src/util/debug.c:287:8: branch_true: following 'true' branch...
sssd-2.11.1/src/util/debug.c:288:14: branch_true: ...to here
sssd-2.11.1/src/util/debug.c:296:9: acquire_resource: 'va_copy' called here
sssd-2.11.1/src/util/debug.c:317:19: call_function: calling 'journal_send' from 'sss_vdebug_fn'
#  246|        * source code location and other tracking data.
#  247|        */
#  248|->     res = sd_journal_send_with_location(
#  249|               code_file, code_line, function,
#  250|               "MESSAGE=%s", message,

Error: GCC_ANALYZER_WARNING (CWE-404): [#def541]
sssd-2.11.1/src/util/debug.c:322:13: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/util/debug.c:287:8: branch_true: following 'true' branch...
sssd-2.11.1/src/util/debug.c:288:14: branch_true: ...to here
sssd-2.11.1/src/util/debug.c:296:9: acquire_resource: 'va_copy' called here
sssd-2.11.1/src/util/debug.c:319:12: branch_true: following 'true' branch (when 'ret != 0')...
sssd-2.11.1/src/util/debug.c:321:13: branch_true: ...to here
sssd-2.11.1/src/util/debug.c:322:13: throw: if 'fflush' throws an exception...
sssd-2.11.1/src/util/debug.c:322:13: danger: missing call to 'va_end' to match 'va_copy' at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  320|               /* Emergency fallback, send to STDERR */
#  321|               vfprintf(stderr, format, ap_fallback);
#  322|->             fflush(stderr);
#  323|           }
#  324|           va_end(ap_fallback);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def542]
sssd-2.11.1/src/util/debug.c:345:13: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/util/debug.c:367:6: enter_function: entry to 'sss_debug_fn'
sssd-2.11.1/src/util/debug.c:375:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/util/debug.c:376:5: call_function: calling 'sss_vdebug_fn' from 'sss_debug_fn'
#  343|           }
#  344|           if (debug_microseconds == SSSDBG_MICROSECONDS_ENABLED) {
#  345|->             sss_debug_backtrace_printf(level, "%s:%.6ld): ",
#  346|                                          last_time_str, tv.tv_usec);
#  347|           } else {

Error: GCC_ANALYZER_WARNING (CWE-404): [#def543]
sssd-2.11.1/src/util/debug.c:348:13: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/util/debug.c:367:6: enter_function: entry to 'sss_debug_fn'
sssd-2.11.1/src/util/debug.c:375:5: acquire_resource: 'va_start' called here
sssd-2.11.1/src/util/debug.c:376:5: call_function: calling 'sss_vdebug_fn' from 'sss_debug_fn'
#  346|                                          last_time_str, tv.tv_usec);
#  347|           } else {
#  348|->             sss_debug_backtrace_printf(level, "%s): ", last_time_str);
#  349|           }
#  350|       }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def544]
sssd-2.11.1/src/util/debug.c:352:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
sssd-2.11.1/src/util/debug.c:476:6: enter_function: entry to '_sss_talloc_log_fn'
sssd-2.11.1/src/util/debug.c:478:5: call_function: calling 'sss_debug_fn' from '_sss_talloc_log_fn'
#  350|       }
#  351|   
#  352|->     sss_debug_backtrace_printf(level, "[%s] [%s] (%#.4x): ",
#  353|                                  debug_prg_name, function, level);
#  354|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def545]
sssd-2.11.1/src/util/debug.c:422:17: warning[-Wanalyzer-file-leak]: leak of FILE 'fopen(logpath, "a")'
sssd-2.11.1/src/util/debug.c:397:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/util/debug.c:401:9: branch_false: ...to here
sssd-2.11.1/src/util/debug.c:405:9: acquire_resource: opened here
sssd-2.11.1/src/util/debug.c:406:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/debug.c:412:5: branch_false: ...to here
sssd-2.11.1/src/util/debug.c:415:8: branch_false: following 'false' branch (when 'debug_fd != -1')...
sssd-2.11.1/src/util/debug.c:421:7: branch_false: ...to here
sssd-2.11.1/src/util/debug.c:421:7: branch_true: following 'true' branch (when 'want_cloexec != 0')...
sssd-2.11.1/src/util/debug.c:422:17: branch_true: ...to here
sssd-2.11.1/src/util/debug.c:422:17: throw: if 'fcntl' throws an exception...
sssd-2.11.1/src/util/debug.c:422:17: danger: 'fopen(logpath, "a")' leaks here; was opened at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  420|   
#  421|       if(want_cloexec) {
#  422|->         flags = fcntl(debug_fd, F_GETFD, 0);
#  423|           (void) fcntl(debug_fd, F_SETFD, flags | FD_CLOEXEC);
#  424|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def546]
sssd-2.11.1/src/util/debug.c:422:17: warning[-Wanalyzer-malloc-leak]: leak of 'fopen(logpath, "a")'
sssd-2.11.1/src/util/debug.c:397:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/util/debug.c:401:9: branch_false: ...to here
sssd-2.11.1/src/util/debug.c:405:9: acquire_memory: allocated here
sssd-2.11.1/src/util/debug.c:406:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/debug.c:412:5: branch_false: ...to here
sssd-2.11.1/src/util/debug.c:415:8: branch_false: following 'false' branch (when 'debug_fd != -1')...
sssd-2.11.1/src/util/debug.c:421:7: branch_false: ...to here
sssd-2.11.1/src/util/debug.c:421:7: branch_true: following 'true' branch (when 'want_cloexec != 0')...
sssd-2.11.1/src/util/debug.c:422:17: branch_true: ...to here
sssd-2.11.1/src/util/debug.c:422:17: throw: if 'fcntl' throws an exception...
sssd-2.11.1/src/util/debug.c:422:17: danger: 'fopen(logpath, "a")' leaks here; was allocated at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
#  420|   
#  421|       if(want_cloexec) {
#  422|->         flags = fcntl(debug_fd, F_GETFD, 0);
#  423|           (void) fcntl(debug_fd, F_SETFD, flags | FD_CLOEXEC);
#  424|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def547]
sssd-2.11.1/src/util/debug.c:423:16: warning[-Wanalyzer-file-leak]: leak of FILE 'fopen(logpath, "a")'
sssd-2.11.1/src/util/debug.c:397:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/util/debug.c:401:9: branch_false: ...to here
sssd-2.11.1/src/util/debug.c:405:9: acquire_resource: opened here
sssd-2.11.1/src/util/debug.c:406:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/debug.c:412:5: branch_false: ...to here
sssd-2.11.1/src/util/debug.c:415:8: branch_false: following 'false' branch (when 'debug_fd != -1')...
sssd-2.11.1/src/util/debug.c:421:7: branch_false: ...to here
sssd-2.11.1/src/util/debug.c:421:7: branch_true: following 'true' branch (when 'want_cloexec != 0')...
sssd-2.11.1/src/util/debug.c:422:17: branch_true: ...to here
sssd-2.11.1/src/util/debug.c:423:16: throw: if 'fcntl' throws an exception...
sssd-2.11.1/src/util/debug.c:423:16: danger: 'fopen(logpath, "a")' leaks here; was opened at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
#  421|       if(want_cloexec) {
#  422|           flags = fcntl(debug_fd, F_GETFD, 0);
#  423|->         (void) fcntl(debug_fd, F_SETFD, flags | FD_CLOEXEC);
#  424|       }
#  425|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def548]
sssd-2.11.1/src/util/debug.c:423:16: warning[-Wanalyzer-malloc-leak]: leak of 'fopen(logpath, "a")'
sssd-2.11.1/src/util/debug.c:397:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/util/debug.c:401:9: branch_false: ...to here
sssd-2.11.1/src/util/debug.c:405:9: acquire_memory: allocated here
sssd-2.11.1/src/util/debug.c:406:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/debug.c:412:5: branch_false: ...to here
sssd-2.11.1/src/util/debug.c:415:8: branch_false: following 'false' branch (when 'debug_fd != -1')...
sssd-2.11.1/src/util/debug.c:421:7: branch_false: ...to here
sssd-2.11.1/src/util/debug.c:421:7: branch_true: following 'true' branch (when 'want_cloexec != 0')...
sssd-2.11.1/src/util/debug.c:422:17: branch_true: ...to here
sssd-2.11.1/src/util/debug.c:423:16: throw: if 'fcntl' throws an exception...
sssd-2.11.1/src/util/debug.c:423:16: danger: 'fopen(logpath, "a")' leaks here; was allocated at [(3)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/2)
#  421|       if(want_cloexec) {
#  422|           flags = fcntl(debug_fd, F_GETFD, 0);
#  423|->         (void) fcntl(debug_fd, F_SETFD, flags | FD_CLOEXEC);
#  424|       }
#  425|   

Error: GCC_ANALYZER_WARNING (CWE-910): [#def549]
sssd-2.11.1/src/util/debug.c:445:19: warning[-Wanalyzer-double-fclose]: double 'fclose' of FILE '_sss_debug_file'
sssd-2.11.1/src/util/debug.c:440:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/debug.c:442:9: branch_false: ...to here
sssd-2.11.1/src/util/debug.c:442:8: branch_true: following 'true' branch...
sssd-2.11.1/src/util/debug.c:442:8: branch_true: ...to here
sssd-2.11.1/src/util/debug.c:445:19: release_resource: first 'fclose' here
sssd-2.11.1/src/util/debug.c:446:16: branch_true: following 'true' branch...
sssd-2.11.1/src/util/debug.c:447:25: branch_true: ...to here
sssd-2.11.1/src/util/debug.c:454:18: branch_true: following 'true' branch (when 'error == 4')...
sssd-2.11.1/src/util/debug.c:454:18: branch_true: ...to here
sssd-2.11.1/src/util/debug.c:445:19: danger: second 'fclose' here; first 'fclose' was at [(5)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/4)
#  443|           do {
#  444|               error = 0;
#  445|->             ret = fclose(_sss_debug_file);
#  446|               if (ret != 0) {
#  447|                   error = errno;

Error: GCC_ANALYZER_WARNING (CWE-415): [#def550]
sssd-2.11.1/src/util/debug.c:445:19: warning[-Wanalyzer-double-free]: double-'fclose' of '_sss_debug_file'
sssd-2.11.1/src/util/debug.c:440:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/debug.c:442:9: branch_false: ...to here
sssd-2.11.1/src/util/debug.c:442:8: branch_true: following 'true' branch...
sssd-2.11.1/src/util/debug.c:442:8: branch_true: ...to here
sssd-2.11.1/src/util/debug.c:445:19: release_memory: first 'fclose' here
sssd-2.11.1/src/util/debug.c:446:16: branch_true: following 'true' branch...
sssd-2.11.1/src/util/debug.c:447:25: branch_true: ...to here
sssd-2.11.1/src/util/debug.c:454:18: branch_true: following 'true' branch (when 'error == 4')...
sssd-2.11.1/src/util/debug.c:454:18: branch_true: ...to here
sssd-2.11.1/src/util/debug.c:445:19: danger: second 'fclose' here; first 'fclose' was at [(5)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/4)
#  443|           do {
#  444|               error = 0;
#  445|->             ret = fclose(_sss_debug_file);
#  446|               if (ret != 0) {
#  447|                   error = errno;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def551]
sssd-2.11.1/src/util/files.c:143:22: warning[-Wanalyzer-malloc-leak]: leak of 'fdopendir(sss_openat_cloexec(parent_fd,  dir_name, 196608, & ret))'
sssd-2.11.1/src/util/files.c:122:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/files.c:134:15: branch_false: ...to here
sssd-2.11.1/src/util/files.c:134:15: acquire_memory: allocated here
sssd-2.11.1/src/util/files.c:135:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/files.c:135:8: branch_false: ...to here
sssd-2.11.1/src/util/files.c:143:22: throw: if 'readdir' throws an exception...
sssd-2.11.1/src/util/files.c:143:22: danger: 'fdopendir(sss_openat_cloexec(parent_fd,  dir_name, 196608, & ret))' leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  141|       }
#  142|   
#  143|->     while ((result = readdir(rootdir)) != NULL) {
#  144|           if (strcmp(result->d_name, ".") == 0 ||
#  145|               strcmp(result->d_name, "..") == 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def552]
sssd-2.11.1/src/util/find_uid.c:251:22: warning[-Wanalyzer-malloc-leak]: leak of 'opendir("/proc")'
sssd-2.11.1/src/util/find_uid.c:243:16: acquire_memory: allocated here
sssd-2.11.1/src/util/find_uid.c:244:8: branch_false: following 'false' branch...
sssd-2.11.1/src/util/find_uid.c:250:5: branch_false: ...to here
sssd-2.11.1/src/util/find_uid.c:251:22: throw: if 'readdir' throws an exception...
sssd-2.11.1/src/util/find_uid.c:251:22: danger: 'opendir("/proc")' leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  249|   
#  250|       errno = 0;
#  251|->     while ((dirent = readdir(proc_dir)) != NULL) {
#  252|           if (only_numbers(dirent->d_name) != 0) {
#  253|               continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def553]
sssd-2.11.1/src/util/find_uid.c:251:22: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir("/proc")’
sssd-2.11.1/src/util/find_uid.c:243:16: acquire_memory: allocated here
sssd-2.11.1/src/util/find_uid.c:244:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/util/find_uid.c:250:5: branch_false: ...to here
sssd-2.11.1/src/util/find_uid.c:251:22: throw: if ‘readdir’ throws an exception...
sssd-2.11.1/src/util/find_uid.c:251:22: danger: ‘opendir("/proc")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  249|   
#  250|       errno = 0;
#  251|->     while ((dirent = readdir(proc_dir)) != NULL) {
#  252|           if (only_numbers(dirent->d_name) != 0) {
#  253|               continue;

Error: COMPILER_WARNING (CWE-704): [#def554]
sssd-2.11.1/src/util/util.c: scope_hint: In function 'domain_to_basedn'
sssd-2.11.1/src/util/util.c:573:15: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  573 |     while ((p = strchr(s, '.'))) {
#      |               ^
#  571|       dn = talloc_strdup(memctx, "dc=");
#  572|   
#  573|->     while ((p = strchr(s, '.'))) {
#  574|           l = p - s;
#  575|           dn = talloc_asprintf_append_buffer(dn, "%.*s,dc=", l, s);

Error: COMPILER_WARNING (CWE-704): [#def555]
sssd-2.11.1/src/util/util.c:573:15: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  571|       dn = talloc_strdup(memctx, "dc=");
#  572|   
#  573|->     while ((p = strchr(s, '.'))) {
#  574|           l = p - s;
#  575|           dn = talloc_asprintf_append_buffer(dn, "%.*s,dc=", l, s);

Error: COMPILER_WARNING (CWE-704): [#def556]
sssd-2.11.1/src/util/util.c: scope_hint: In function ‘domain_to_basedn’
sssd-2.11.1/src/util/util.c:573:15: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  573 |     while ((p = strchr(s, '.'))) {
#      |               ^
#  571|       dn = talloc_strdup(memctx, "dc=");
#  572|   
#  573|->     while ((p = strchr(s, '.'))) {
#  574|           l = p - s;
#  575|           dn = talloc_asprintf_append_buffer(dn, "%.*s,dc=", l, s);

Error: COMPILER_WARNING (CWE-704): [#def557]
sssd-2.11.1/src/util/util.c:573:15: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  571|       dn = talloc_strdup(memctx, "dc=");
#  572|   
#  573|->     while ((p = strchr(s, '.'))) {
#  574|           l = p - s;
#  575|           dn = talloc_asprintf_append_buffer(dn, "%.*s,dc=", l, s);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def558]
sssd-2.11.1/src/util/util.h:869:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_from_child[1]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:201:1: enter_function: entry to 'ad_machine_account_password_renewal_send'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_true: following 'true' branch (when 'child_pid > 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:280:14: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:286:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:290:12: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:298:14: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:298:14: call_function: inlined call to 'sss_tevent_timeval_current_ofs_time_t' from 'ad_machine_account_password_renewal_send'
#  867|   {
#  868|       uint32_t secs32 = (secs > UINT_MAX ? UINT_MAX : secs);
#  869|->     return tevent_timeval_current_ofs(secs32, 0);
#  870|   }
#  871|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def559]
sssd-2.11.1/src/util/util.h:869:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pipefd_to_child[0]'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:201:1: enter_function: entry to 'ad_machine_account_password_renewal_send'
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:220:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:225:20: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:230:8: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:235:5: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:250:8: branch_true: following 'true' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:251:9: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:255:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:261:11: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:262:8: branch_false: following 'false' branch (when 'ret != -1')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:269:17: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:270:8: branch_false: following 'false' branch (when 'child_pid != 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:278:15: branch_true: following 'true' branch (when 'child_pid > 0')...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:280:14: branch_true: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:281:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:282:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:285:9: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:286:33: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:290:12: branch_false: following 'false' branch...
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:298:14: branch_false: ...to here
sssd-2.11.1/src/providers/ad/ad_machine_pw_renewal.c:298:14: call_function: inlined call to 'sss_tevent_timeval_current_ofs_time_t' from 'ad_machine_account_password_renewal_send'
#  867|   {
#  868|       uint32_t secs32 = (secs > UINT_MAX ? UINT_MAX : secs);
#  869|->     return tevent_timeval_current_ofs(secs32, 0);
#  870|   }
#  871|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def560]
sssd-2.11.1/src/util/util.h:869:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_from_child[1]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:732:20: enter_function: entry to ‘pam_check_cert_send’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:901:14: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:906:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:907:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:911:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:919:14: call_function: inlined call to ‘sss_tevent_timeval_current_ofs_time_t’ from ‘pam_check_cert_send’
#  867|   {
#  868|       uint32_t secs32 = (secs > UINT_MAX ? UINT_MAX : secs);
#  869|->     return tevent_timeval_current_ofs(secs32, 0);
#  870|   }
#  871|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def561]
sssd-2.11.1/src/util/util.h:869:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd_to_child[0]’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:732:20: enter_function: entry to ‘pam_check_cert_send’
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:760:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:764:8: branch_false: following ‘false’ branch (when ‘ca_db’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:770:8: branch_false: following ‘false’ branch (when ‘sss_certmap_ctx’ is non-NULL)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:776:10: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:855:15: branch_true: following ‘true’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:856:9: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:867:8: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:872:5: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:877:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:883:11: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:884:8: branch_false: following ‘false’ branch (when ‘ret != -1’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:891:17: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:892:8: branch_false: following ‘false’ branch (when ‘child_pid != 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:899:15: branch_true: following ‘true’ branch (when ‘child_pid > 0’)...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:901:14: branch_true: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:902:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:903:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:906:9: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:907:33: branch_false: ...to here
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:911:12: branch_false: following ‘false’ branch...
sssd-2.11.1/src/responder/pam/pamsrv_p11.c:919:14: call_function: inlined call to ‘sss_tevent_timeval_current_ofs_time_t’ from ‘pam_check_cert_send’
#  867|   {
#  868|       uint32_t secs32 = (secs > UINT_MAX ? UINT_MAX : secs);
#  869|->     return tevent_timeval_current_ofs(secs32, 0);
#  870|   }
#  871|