openssh-10.0p1-7.fc44

List of Findings

Error: SHELLCHECK_WARNING (CWE-758): [#def1]
/etc/profile.d/gnome-ssh-askpass.sh:1:1: error[SC2148]: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
#    1|-> SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
#    2|   export SSH_ASKPASS

Error: GCC_ANALYZER_WARNING: [#def2]
openssh-10.0p1/addr.c:239:9: warning[-Wanalyzer-overlapping-buffers]: overlapping buffers passed as arguments to ‘memcpy’
openssh-10.0p1/addr.c:361:1: enter_function: entry to ‘addr_host_to_all1s’
openssh-10.0p1/addr.c:365:13: call_function: calling ‘addr_hostmask’ from ‘addr_host_to_all1s’
openssh-10.0p1/addr.c:365:13: return_function: returning to ‘addr_host_to_all1s’ from ‘addr_hostmask’
openssh-10.0p1/addr.c:365:12: branch_false: following ‘false’ branch...
openssh-10.0p1/addr.c:367:13: branch_false: ...to here
openssh-10.0p1/addr.c:367:13: call_function: calling ‘addr_or’ from ‘addr_host_to_all1s’
#  237|   		return (-1);
#  238|   
#  239|-> 	memcpy(dst, a, sizeof(*dst));
#  240|   	switch (a->af) {
#  241|   	case AF_INET:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def3]
openssh-10.0p1/addrmatch.c:71:21: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.0p1/addrmatch.c:60:25: acquire_memory: allocated here
openssh-10.0p1/addrmatch.c:60:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/addrmatch.c:62:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.0p1/addrmatch.c:63:23: branch_true: ...to here
openssh-10.0p1/addrmatch.c:66:20: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:71:21: branch_false: ...to here
openssh-10.0p1/addrmatch.c:71:21: danger: ‘list’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   69|   		}
#   70|   		/* Prefer CIDR address matching */
#   71|-> 		r = addr_pton_cidr(cp, &match_addr, &masklen);
#   72|   		if (r == -2) {
#   73|   			debug2_f("inconsistent mask length for "

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
openssh-10.0p1/addrmatch.c:73:25: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.0p1/addrmatch.c:60:25: acquire_memory: allocated here
openssh-10.0p1/addrmatch.c:60:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/addrmatch.c:62:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.0p1/addrmatch.c:63:23: branch_true: ...to here
openssh-10.0p1/addrmatch.c:66:20: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:71:21: branch_false: ...to here
openssh-10.0p1/addrmatch.c:73:25: danger: ‘list’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   71|   		r = addr_pton_cidr(cp, &match_addr, &masklen);
#   72|   		if (r == -2) {
#   73|-> 			debug2_f("inconsistent mask length for "
#   74|   			    "match network \"%.100s\"", cp);
#   75|   			ret = -2;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
openssh-10.0p1/addrmatch.c:78:45: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.0p1/addrmatch.c:56:13: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:60:25: branch_false: ...to here
openssh-10.0p1/addrmatch.c:60:25: acquire_memory: allocated here
openssh-10.0p1/addrmatch.c:60:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/addrmatch.c:62:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.0p1/addrmatch.c:63:23: branch_true: ...to here
openssh-10.0p1/addrmatch.c:66:20: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:71:21: branch_false: ...to here
openssh-10.0p1/addrmatch.c:72:20: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:77:27: branch_false: ...to here
openssh-10.0p1/addrmatch.c:77:27: branch_true: following ‘true’ branch...
openssh-10.0p1/addrmatch.c:78:28: branch_true: ...to here
openssh-10.0p1/addrmatch.c:78:28: branch_true: following ‘true’ branch (when ‘addr’ is non-NULL)...
openssh-10.0p1/addrmatch.c:78:45: branch_true: ...to here
openssh-10.0p1/addrmatch.c:78:45: danger: ‘list’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#   76|   			break;
#   77|   		} else if (r == 0) {
#   78|-> 			if (addr != NULL && addr_netmatch(&try_addr,
#   79|   			    &match_addr, masklen) == 0) {
#   80|    foundit:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
openssh-10.0p1/addrmatch.c:90:45: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.0p1/addrmatch.c:56:13: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:60:25: branch_false: ...to here
openssh-10.0p1/addrmatch.c:60:25: acquire_memory: allocated here
openssh-10.0p1/addrmatch.c:60:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/addrmatch.c:62:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.0p1/addrmatch.c:63:23: branch_true: ...to here
openssh-10.0p1/addrmatch.c:66:20: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:71:21: branch_false: ...to here
openssh-10.0p1/addrmatch.c:72:20: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:77:27: branch_false: ...to here
openssh-10.0p1/addrmatch.c:77:27: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:90:28: branch_false: ...to here
openssh-10.0p1/addrmatch.c:90:28: branch_true: following ‘true’ branch (when ‘addr’ is non-NULL)...
openssh-10.0p1/addrmatch.c:90:45: branch_true: ...to here
openssh-10.0p1/addrmatch.c:90:45: danger: ‘list’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#   88|   		} else {
#   89|   			/* If CIDR parse failed, try wildcard string match */
#   90|-> 			if (addr != NULL && match_pattern(addr, cp) == 1)
#   91|   				goto foundit;
#   92|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def7]
openssh-10.0p1/addrmatch.c:124:25: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.0p1/addrmatch.c:120:25: acquire_memory: allocated here
openssh-10.0p1/addrmatch.c:120:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/addrmatch.c:122:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.0p1/addrmatch.c:123:21: branch_true: ...to here
openssh-10.0p1/addrmatch.c:123:20: branch_true: following ‘true’ branch...
openssh-10.0p1/addrmatch.c:124:25: branch_true: ...to here
openssh-10.0p1/addrmatch.c:124:25: danger: ‘list’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  122|   	while ((cp = strsep(&list, ",")) != NULL) {
#  123|   		if (*cp == '\0') {
#  124|-> 			error_f("empty entry in list \"%.100s\"", o);
#  125|   			ret = -1;
#  126|   			break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
openssh-10.0p1/addrmatch.c:137:25: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.0p1/addrmatch.c:120:25: acquire_memory: allocated here
openssh-10.0p1/addrmatch.c:120:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/addrmatch.c:122:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.0p1/addrmatch.c:123:21: branch_true: ...to here
openssh-10.0p1/addrmatch.c:123:20: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:136:21: branch_false: ...to here
openssh-10.0p1/addrmatch.c:136:20: branch_true: following ‘true’ branch...
openssh-10.0p1/addrmatch.c:137:25: branch_true: ...to here
openssh-10.0p1/addrmatch.c:137:25: danger: ‘list’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  135|   		/* Stop junk from reaching getaddrinfo. +3 is for masklen */
#  136|   		if (strlen(cp) > INET6_ADDRSTRLEN + 3) {
#  137|-> 			error_f("list entry \"%.100s\" too long", cp);
#  138|   			ret = -1;
#  139|   			break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
openssh-10.0p1/addrmatch.c:143:25: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.0p1/addrmatch.c:120:25: acquire_memory: allocated here
openssh-10.0p1/addrmatch.c:120:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/addrmatch.c:122:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.0p1/addrmatch.c:123:21: branch_true: ...to here
openssh-10.0p1/addrmatch.c:123:20: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:136:21: branch_false: ...to here
openssh-10.0p1/addrmatch.c:136:20: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:142:21: branch_false: ...to here
openssh-10.0p1/addrmatch.c:142:20: branch_true: following ‘true’ branch...
openssh-10.0p1/addrmatch.c:143:25: branch_true: ...to here
openssh-10.0p1/addrmatch.c:143:25: danger: ‘list’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  141|   #define VALID_CIDR_CHARS "0123456789abcdefABCDEF.:/"
#  142|   		if (strspn(cp, VALID_CIDR_CHARS) != strlen(cp)) {
#  143|-> 			error_f("list entry \"%.100s\" contains invalid "
#  144|   			    "characters", cp);
#  145|   			ret = -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def10]
openssh-10.0p1/addrmatch.c:149:21: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.0p1/addrmatch.c:120:25: acquire_memory: allocated here
openssh-10.0p1/addrmatch.c:120:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/addrmatch.c:122:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.0p1/addrmatch.c:123:21: branch_true: ...to here
openssh-10.0p1/addrmatch.c:123:20: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:136:21: branch_false: ...to here
openssh-10.0p1/addrmatch.c:136:20: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:142:21: branch_false: ...to here
openssh-10.0p1/addrmatch.c:149:21: danger: ‘list’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  147|   
#  148|   		/* Prefer CIDR address matching */
#  149|-> 		r = addr_pton_cidr(cp, &match_addr, &masklen);
#  150|   		if (r == -1) {
#  151|   			error("Invalid network entry \"%.100s\"", cp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def11]
openssh-10.0p1/addrmatch.c:151:25: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.0p1/addrmatch.c:120:25: acquire_memory: allocated here
openssh-10.0p1/addrmatch.c:120:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/addrmatch.c:122:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.0p1/addrmatch.c:123:21: branch_true: ...to here
openssh-10.0p1/addrmatch.c:123:20: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:136:21: branch_false: ...to here
openssh-10.0p1/addrmatch.c:136:20: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:142:21: branch_false: ...to here
openssh-10.0p1/addrmatch.c:151:25: danger: ‘list’ leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  149|   		r = addr_pton_cidr(cp, &match_addr, &masklen);
#  150|   		if (r == -1) {
#  151|-> 			error("Invalid network entry \"%.100s\"", cp);
#  152|   			ret = -1;
#  153|   			break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def12]
openssh-10.0p1/addrmatch.c:155:25: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.0p1/addrmatch.c:120:25: acquire_memory: allocated here
openssh-10.0p1/addrmatch.c:120:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/addrmatch.c:122:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.0p1/addrmatch.c:123:21: branch_true: ...to here
openssh-10.0p1/addrmatch.c:123:20: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:136:21: branch_false: ...to here
openssh-10.0p1/addrmatch.c:136:20: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:142:21: branch_false: ...to here
openssh-10.0p1/addrmatch.c:150:20: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:154:27: branch_false: ...to here
openssh-10.0p1/addrmatch.c:155:25: danger: ‘list’ leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  153|   			break;
#  154|   		} else if (r == -2) {
#  155|-> 			error("Inconsistent mask length for "
#  156|   			    "network \"%.100s\"", cp);
#  157|   			ret = -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def13]
openssh-10.0p1/addrmatch.c:160:29: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
openssh-10.0p1/addrmatch.c:116:13: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:120:25: branch_false: ...to here
openssh-10.0p1/addrmatch.c:120:25: acquire_memory: allocated here
openssh-10.0p1/addrmatch.c:120:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/addrmatch.c:122:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.0p1/addrmatch.c:123:21: branch_true: ...to here
openssh-10.0p1/addrmatch.c:123:20: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:136:21: branch_false: ...to here
openssh-10.0p1/addrmatch.c:136:20: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:142:21: branch_false: ...to here
openssh-10.0p1/addrmatch.c:150:20: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:154:27: branch_false: ...to here
openssh-10.0p1/addrmatch.c:154:27: branch_false: following ‘false’ branch...
openssh-10.0p1/addrmatch.c:159:28: branch_false: ...to here
openssh-10.0p1/addrmatch.c:160:29: danger: ‘list’ leaks here; was allocated at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2)
#  158|   			break;
#  159|   		} else if (r == 0 && addr != NULL) {
#  160|-> 			if (addr_netmatch(&try_addr, &match_addr,
#  161|   			    masklen) == 0)
#  162|   				ret = 1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def14]
openssh-10.0p1/audit-linux.c:173:17: warning[-Wanalyzer-malloc-leak]: leak of ‘audit_encode_nv_string("key_id", *cert.key_id, 0)’
openssh-10.0p1/audit-linux.c:148:12: branch_false: following ‘false’ branch...
openssh-10.0p1/audit-linux.c:155:15: branch_false: ...to here
openssh-10.0p1/audit-linux.c:167:12: branch_true: following ‘true’ branch (when ‘cert’ is non-NULL)...
openssh-10.0p1/audit-linux.c:170:57: branch_true: ...to here
openssh-10.0p1/audit-linux.c:170:24: acquire_memory: allocated here
openssh-10.0p1/audit-linux.c:171:20: branch_false: following ‘false’ branch...
openssh-10.0p1/audit-linux.c:174:77: branch_false: ...to here
openssh-10.0p1/audit-linux.c:173:17: danger: ‘audit_encode_nv_string("key_id", *cert.key_id, 0)’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  171|   		if (pbuf == NULL)
#  172|   			goto out;
#  173|-> 		snprintf(buf, sizeof(buf), "cert %s cert_serial=%llu cert_issuer_alg=\"%s\" cert_issuer_fp=\"%s\"",
#  174|   			pbuf, (unsigned long long)cert->serial, sshkey_type(cert->signature_key), issuer_fp);
#  175|   		free(pbuf);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def15]
openssh-10.0p1/auth-krb5.c:268:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openssh-10.0p1/auth-krb5.c:246:12: branch_true: following ‘true’ branch...
openssh-10.0p1/auth-krb5.c:247:30: branch_true: ...to here
openssh-10.0p1/auth-krb5.c:256:20: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-krb5.c:259:23: branch_false: ...to here
openssh-10.0p1/auth-krb5.c:264:27: branch_true: following ‘true’ branch...
openssh-10.0p1/auth-krb5.c:266:25: branch_true: ...to here
openssh-10.0p1/auth-krb5.c:268:25: danger: dereference of NULL ‘strchr(&krb5_ccname, 58)’
#  266|   			strncpy(krb5_ccname, authctxt->krb5_ccname, sizeof(krb5_ccname) - 10);
#  267|   			krb5_ccname_dir_start = strchr(krb5_ccname, ':') + 1;
#  268|-> 			*krb5_ccname_dir_start++ = '\0';
#  269|   			if (strcmp(krb5_ccname, "DIR") == 0) {
#  270|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def16]
openssh-10.0p1/auth-krb5.c:361:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openssh-10.0p1/auth-krb5.c:335:12: branch_false: following ‘false’ branch (when ‘template’ is non-NULL)...
openssh-10.0p1/auth-krb5.c:338:36: branch_false: ...to here
openssh-10.0p1/auth-krb5.c:341:16: branch_true: following ‘true’ branch (when ‘p_n’ is non-NULL)...
openssh-10.0p1/auth-krb5.c:343:18: branch_true: ...to here
openssh-10.0p1/auth-krb5.c:344:20: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-krb5.c:347:21: branch_false: ...to here
openssh-10.0p1/auth-krb5.c:347:20: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-krb5.c:354:25: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-krb5.c:360:31: branch_false: ...to here
openssh-10.0p1/auth-krb5.c:361:25: danger: dereference of NULL ‘strchr(p_n, 125)’
#  359|   		} else {
#  360|   			p_o = strchr(p_n, '}') + 1;
#  361|-> 			*p_o = '\0';
#  362|   			debug_f("unsupported token %s in %s", p_n, template);
#  363|   			/* unknown token, fallback to the default */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def17]
openssh-10.0p1/auth-options.c:230:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.0p1/auth-options.c:850:1: enter_function: entry to ‘sshauthopt_deserialise’
openssh-10.0p1/auth-options.c:857:21: acquire_memory: allocated here
openssh-10.0p1/auth-options.c:857:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:867:9: branch_true: following ‘true’ branch...
openssh-10.0p1/auth-options.c:867:9: branch_true: ...to here
openssh-10.0p1/auth-options.c:910:9: call_function: calling ‘sshauthopt_free’ from ‘sshauthopt_deserialise’
#  228|   	free(opts->permitlisten);
#  229|   
#  230|-> 	freezero(opts, sizeof(*opts));
#  231|   }
#  232|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def18]
openssh-10.0p1/auth-options.c:669:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sshauthopt_new()’
openssh-10.0p1/auth-options.c:661:1: enter_function: entry to ‘sshauthopt_copy’
openssh-10.0p1/auth-options.c:665:20: call_function: calling ‘sshauthopt_new’ from ‘sshauthopt_copy’
openssh-10.0p1/auth-options.c:665:20: return_function: returning to ‘sshauthopt_copy’ from ‘sshauthopt_new’
openssh-10.0p1/auth-options.c:665:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:669:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:688:9: branch_true: following ‘true’ branch...
openssh-10.0p1/auth-options.c:688:9: call_function: calling ‘sshauthopt_free’ from ‘sshauthopt_copy’
#  667|   
#  668|   #define OPTSCALAR(x) ret->x = orig->x
#  669|-> 	OPTSCALAR(permit_port_forwarding_flag);
#  670|   	OPTSCALAR(permit_agent_forwarding_flag);
#  671|   	OPTSCALAR(permit_x11_forwarding_flag);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def19]
openssh-10.0p1/auth-options.c:754:26: warning[-Wanalyzer-malloc-leak]: leak of ‘a’
openssh-10.0p1/auth-options.c:741:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:742:18: branch_false: ...to here
openssh-10.0p1/auth-options.c:741:13: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:744:13: branch_false: ...to here
openssh-10.0p1/auth-options.c:744:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:748:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:749:12: branch_true: following ‘true’ branch (when ‘n != 0’)...
openssh-10.0p1/auth-options.c:749:27: branch_true: ...to here
openssh-10.0p1/auth-options.c:749:27: acquire_memory: allocated here
openssh-10.0p1/auth-options.c:749:13: branch_false: following ‘false’ branch (when ‘a’ is non-NULL)...
openssh-10.0p1/auth-options.c:753:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:753:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-options.c:754:50: branch_true: ...to here
openssh-10.0p1/auth-options.c:754:26: danger: ‘a’ leaks here; was allocated at [(9)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/8)
#  752|   	}
#  753|   	for (i = 0; i < n; i++) {
#  754|-> 		if ((r = sshbuf_get_cstring(b, &a[i], NULL)) != 0)
#  755|   			goto out;
#  756|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def20]
openssh-10.0p1/auth-options.c:867:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.0p1/auth-options.c:857:21: acquire_memory: allocated here
openssh-10.0p1/auth-options.c:857:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:867:9: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  865|   		opts->x = f; \
#  866|   	} while (0)
#  867|-> 	OPT_FLAG(permit_port_forwarding_flag);
#  868|   	OPT_FLAG(permit_agent_forwarding_flag);
#  869|   	OPT_FLAG(permit_x11_forwarding_flag);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def21]
openssh-10.0p1/auth-options.c:868:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.0p1/auth-options.c:857:21: acquire_memory: allocated here
openssh-10.0p1/auth-options.c:857:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:867:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:868:9: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  866|   	} while (0)
#  867|   	OPT_FLAG(permit_port_forwarding_flag);
#  868|-> 	OPT_FLAG(permit_agent_forwarding_flag);
#  869|   	OPT_FLAG(permit_x11_forwarding_flag);
#  870|   	OPT_FLAG(permit_pty_flag);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def22]
openssh-10.0p1/auth-options.c:869:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.0p1/auth-options.c:857:21: acquire_memory: allocated here
openssh-10.0p1/auth-options.c:857:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:867:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:868:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:868:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:869:9: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  867|   	OPT_FLAG(permit_port_forwarding_flag);
#  868|   	OPT_FLAG(permit_agent_forwarding_flag);
#  869|-> 	OPT_FLAG(permit_x11_forwarding_flag);
#  870|   	OPT_FLAG(permit_pty_flag);
#  871|   	OPT_FLAG(permit_user_rc);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def23]
openssh-10.0p1/auth-options.c:870:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.0p1/auth-options.c:857:21: acquire_memory: allocated here
openssh-10.0p1/auth-options.c:857:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:867:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:868:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:868:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:869:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:869:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:870:9: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  868|   	OPT_FLAG(permit_agent_forwarding_flag);
#  869|   	OPT_FLAG(permit_x11_forwarding_flag);
#  870|-> 	OPT_FLAG(permit_pty_flag);
#  871|   	OPT_FLAG(permit_user_rc);
#  872|   	OPT_FLAG(restricted);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def24]
openssh-10.0p1/auth-options.c:871:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.0p1/auth-options.c:857:21: acquire_memory: allocated here
openssh-10.0p1/auth-options.c:857:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:867:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:868:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:868:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:869:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:869:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:870:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:870:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:871:9: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  869|   	OPT_FLAG(permit_x11_forwarding_flag);
#  870|   	OPT_FLAG(permit_pty_flag);
#  871|-> 	OPT_FLAG(permit_user_rc);
#  872|   	OPT_FLAG(restricted);
#  873|   	OPT_FLAG(cert_authority);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def25]
openssh-10.0p1/auth-options.c:872:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.0p1/auth-options.c:857:21: acquire_memory: allocated here
openssh-10.0p1/auth-options.c:857:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:867:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:868:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:868:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:869:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:869:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:870:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:870:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:871:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:871:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:872:9: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  870|   	OPT_FLAG(permit_pty_flag);
#  871|   	OPT_FLAG(permit_user_rc);
#  872|-> 	OPT_FLAG(restricted);
#  873|   	OPT_FLAG(cert_authority);
#  874|   	OPT_FLAG(no_require_user_presence);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def26]
openssh-10.0p1/auth-options.c:873:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.0p1/auth-options.c:857:21: acquire_memory: allocated here
openssh-10.0p1/auth-options.c:857:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:867:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:868:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:868:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:869:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:869:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:870:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:870:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:871:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:871:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:872:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:872:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:873:9: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  871|   	OPT_FLAG(permit_user_rc);
#  872|   	OPT_FLAG(restricted);
#  873|-> 	OPT_FLAG(cert_authority);
#  874|   	OPT_FLAG(no_require_user_presence);
#  875|   	OPT_FLAG(require_verify);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def27]
openssh-10.0p1/auth-options.c:874:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.0p1/auth-options.c:857:21: acquire_memory: allocated here
openssh-10.0p1/auth-options.c:857:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:867:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:868:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:868:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:869:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:869:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:870:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:870:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:871:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:871:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:872:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:872:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:873:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:873:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:874:9: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#  872|   	OPT_FLAG(restricted);
#  873|   	OPT_FLAG(cert_authority);
#  874|-> 	OPT_FLAG(no_require_user_presence);
#  875|   	OPT_FLAG(require_verify);
#  876|   #undef OPT_FLAG

Error: GCC_ANALYZER_WARNING (CWE-401): [#def28]
openssh-10.0p1/auth-options.c:875:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.0p1/auth-options.c:857:21: acquire_memory: allocated here
openssh-10.0p1/auth-options.c:857:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:867:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:868:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:868:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:869:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:869:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:870:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:870:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:871:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:871:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:872:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:872:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:873:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:873:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:874:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:874:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:875:9: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/0)
#  873|   	OPT_FLAG(cert_authority);
#  874|   	OPT_FLAG(no_require_user_presence);
#  875|-> 	OPT_FLAG(require_verify);
#  876|   #undef OPT_FLAG
#  877|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def29]
openssh-10.0p1/auth-options.c:879:18: warning[-Wanalyzer-malloc-leak]: leak of ‘opts’
openssh-10.0p1/auth-options.c:857:21: acquire_memory: allocated here
openssh-10.0p1/auth-options.c:857:12: branch_false: following ‘false’ branch (when ‘opts’ is non-NULL)...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:867:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:867:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:868:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:868:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:869:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:869:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:870:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:870:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:871:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:871:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:872:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:872:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:873:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:873:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:874:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:874:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:875:9: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-options.c:875:9: branch_false: ...to here
openssh-10.0p1/auth-options.c:879:18: danger: ‘opts’ leaks here; was allocated at [(1)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/0)
#  877|   
#  878|   	/* Simple integer options */
#  879|-> 	if ((r = sshbuf_get_u64(m, &opts->valid_before)) != 0)
#  880|   		goto out;
#  881|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def30]
openssh-10.0p1/auth-pam.c:413:23: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.0p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.0p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.0p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.0p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.0p1/auth-pam.c:413:23: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  411|   	if ((reply = calloc(n, sizeof(*reply))) == NULL)
#  412|   		return PAM_CONV_ERR;
#  413|-> 	if ((buffer = sshbuf_new()) == NULL) {
#  414|   		free(reply);
#  415|   		return PAM_CONV_ERR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def31]
openssh-10.0p1/auth-pam.c:422:34: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.0p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.0p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.0p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.0p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.0p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:422:34: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  420|   		case PAM_PROMPT_ECHO_OFF:
#  421|   		case PAM_PROMPT_ECHO_ON:
#  422|-> 			if ((r = sshbuf_put_cstring(buffer,
#  423|   			    PAM_MSG_MEMBER(msg, i, msg))) != 0)
#  424|   				fatal("%s: buffer error: %s",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def32]
openssh-10.0p1/auth-pam.c:424:33: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.0p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.0p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.0p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.0p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.0p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:422:28: branch_true: following ‘true’ branch...
openssh-10.0p1/auth-pam.c:424:33: branch_true: ...to here
openssh-10.0p1/auth-pam.c:424:33: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#  422|   			if ((r = sshbuf_put_cstring(buffer,
#  423|   			    PAM_MSG_MEMBER(msg, i, msg))) != 0)
#  424|-> 				fatal("%s: buffer error: %s",
#  425|   				    __func__, ssh_err(r));
#  426|   			if (ssh_msg_send(ctxt->pam_csock,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def33]
openssh-10.0p1/auth-pam.c:426:29: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.0p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.0p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.0p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.0p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.0p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:422:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:427:29: branch_false: ...to here
openssh-10.0p1/auth-pam.c:426:29: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
#  424|   				fatal("%s: buffer error: %s",
#  425|   				    __func__, ssh_err(r));
#  426|-> 			if (ssh_msg_send(ctxt->pam_csock,
#  427|   			    PAM_MSG_MEMBER(msg, i, msg_style), buffer) == -1)
#  428|   				goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def34]
openssh-10.0p1/auth-pam.c:430:29: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.0p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.0p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.0p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.0p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.0p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:422:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:427:29: branch_false: ...to here
openssh-10.0p1/auth-pam.c:426:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:430:29: branch_false: ...to here
openssh-10.0p1/auth-pam.c:430:29: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/4)
#  428|   				goto fail;
#  429|   
#  430|-> 			if (ssh_msg_recv(ctxt->pam_csock, buffer) == -1)
#  431|   				goto fail;
#  432|   			if ((r = sshbuf_get_u8(buffer, &status)) != 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def35]
openssh-10.0p1/auth-pam.c:432:34: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.0p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.0p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.0p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.0p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.0p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:422:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:427:29: branch_false: ...to here
openssh-10.0p1/auth-pam.c:426:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:430:29: branch_false: ...to here
openssh-10.0p1/auth-pam.c:430:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:432:34: branch_false: ...to here
openssh-10.0p1/auth-pam.c:432:34: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/4)
#  430|   			if (ssh_msg_recv(ctxt->pam_csock, buffer) == -1)
#  431|   				goto fail;
#  432|-> 			if ((r = sshbuf_get_u8(buffer, &status)) != 0)
#  433|   				fatal("%s: buffer error: %s",
#  434|   				    __func__, ssh_err(r));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def36]
openssh-10.0p1/auth-pam.c:433:33: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.0p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.0p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.0p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.0p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.0p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:422:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:427:29: branch_false: ...to here
openssh-10.0p1/auth-pam.c:426:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:430:29: branch_false: ...to here
openssh-10.0p1/auth-pam.c:430:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:432:34: branch_false: ...to here
openssh-10.0p1/auth-pam.c:432:28: branch_true: following ‘true’ branch...
openssh-10.0p1/auth-pam.c:433:33: branch_true: ...to here
openssh-10.0p1/auth-pam.c:433:33: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/4)
#  431|   				goto fail;
#  432|   			if ((r = sshbuf_get_u8(buffer, &status)) != 0)
#  433|-> 				fatal("%s: buffer error: %s",
#  434|   				    __func__, ssh_err(r));
#  435|   			if (status != PAM_AUTHTOK)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def37]
openssh-10.0p1/auth-pam.c:437:34: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.0p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.0p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.0p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.0p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.0p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:422:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:427:29: branch_false: ...to here
openssh-10.0p1/auth-pam.c:426:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:430:29: branch_false: ...to here
openssh-10.0p1/auth-pam.c:430:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:432:34: branch_false: ...to here
openssh-10.0p1/auth-pam.c:432:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:435:29: branch_false: ...to here
openssh-10.0p1/auth-pam.c:435:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:438:35: branch_false: ...to here
openssh-10.0p1/auth-pam.c:437:34: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/4)
#  435|   			if (status != PAM_AUTHTOK)
#  436|   				goto fail;
#  437|-> 			if ((r = sshbuf_get_cstring(buffer,
#  438|   			    &reply[i].resp, NULL)) != 0)
#  439|   				fatal("%s: buffer error: %s",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def38]
openssh-10.0p1/auth-pam.c:439:33: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.0p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.0p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.0p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.0p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.0p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:444:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:449:29: branch_false: ...to here
openssh-10.0p1/auth-pam.c:448:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:455:17: branch_false: ...to here
openssh-10.0p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:422:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:427:29: branch_false: ...to here
openssh-10.0p1/auth-pam.c:426:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:430:29: branch_false: ...to here
openssh-10.0p1/auth-pam.c:430:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:432:34: branch_false: ...to here
openssh-10.0p1/auth-pam.c:432:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:435:29: branch_false: ...to here
openssh-10.0p1/auth-pam.c:435:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:438:35: branch_false: ...to here
openssh-10.0p1/auth-pam.c:437:28: branch_true: following ‘true’ branch...
openssh-10.0p1/auth-pam.c:439:33: branch_true: ...to here
openssh-10.0p1/auth-pam.c:439:33: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/4)
#  437|   			if ((r = sshbuf_get_cstring(buffer,
#  438|   			    &reply[i].resp, NULL)) != 0)
#  439|-> 				fatal("%s: buffer error: %s",
#  440|   				    __func__, ssh_err(r));
#  441|   			break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def39]
openssh-10.0p1/auth-pam.c:444:34: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.0p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.0p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.0p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.0p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.0p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:444:34: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/4)
#  442|   		case PAM_ERROR_MSG:
#  443|   		case PAM_TEXT_INFO:
#  444|-> 			if ((r = sshbuf_put_cstring(buffer,
#  445|   			    PAM_MSG_MEMBER(msg, i, msg))) != 0)
#  446|   				fatal("%s: buffer error: %s",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def40]
openssh-10.0p1/auth-pam.c:446:33: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.0p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.0p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.0p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.0p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.0p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:444:28: branch_true: following ‘true’ branch...
openssh-10.0p1/auth-pam.c:446:33: branch_true: ...to here
openssh-10.0p1/auth-pam.c:446:33: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/4)
#  444|   			if ((r = sshbuf_put_cstring(buffer,
#  445|   			    PAM_MSG_MEMBER(msg, i, msg))) != 0)
#  446|-> 				fatal("%s: buffer error: %s",
#  447|   				    __func__, ssh_err(r));
#  448|   			if (ssh_msg_send(ctxt->pam_csock,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def41]
openssh-10.0p1/auth-pam.c:448:29: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.0p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.0p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.0p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.0p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.0p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:444:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:449:29: branch_false: ...to here
openssh-10.0p1/auth-pam.c:448:29: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/4)
#  446|   				fatal("%s: buffer error: %s",
#  447|   				    __func__, ssh_err(r));
#  448|-> 			if (ssh_msg_send(ctxt->pam_csock,
#  449|   			    PAM_MSG_MEMBER(msg, i, msg_style), buffer) == -1)
#  450|   				goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def42]
openssh-10.0p1/auth-pam.c:455:17: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.0p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.0p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.0p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.0p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.0p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/auth-pam.c:418:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:419:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:444:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:449:29: branch_false: ...to here
openssh-10.0p1/auth-pam.c:448:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:455:17: branch_false: ...to here
openssh-10.0p1/auth-pam.c:455:17: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/4)
#  453|   			goto fail;
#  454|   		}
#  455|-> 		sshbuf_reset(buffer);
#  456|   	}
#  457|   	sshbuf_free(buffer);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def43]
openssh-10.0p1/auth-pam.c:457:9: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.0p1/auth-pam.c:403:12: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
openssh-10.0p1/auth-pam.c:408:13: branch_false: ...to here
openssh-10.0p1/auth-pam.c:408:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:411:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:411:22: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:411:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
openssh-10.0p1/auth-pam.c:413:23: branch_false: ...to here
openssh-10.0p1/auth-pam.c:413:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/auth-pam.c:457:9: danger: ‘reply’ leaks here; was allocated at [(5)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/4)
#  455|   		sshbuf_reset(buffer);
#  456|   	}
#  457|-> 	sshbuf_free(buffer);
#  458|   	*resp = reply;
#  459|   	return (PAM_SUCCESS);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def44]
openssh-10.0p1/auth-pam.c:647:34: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.0p1/auth-pam.c:637:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:640:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:640:22: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:640:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/auth-pam.c:643:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:644:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:644:17: branch_true: following ‘true’ branch...
openssh-10.0p1/auth-pam.c:645:17: branch_true: ...to here
openssh-10.0p1/auth-pam.c:647:34: danger: ‘reply’ leaks here; was allocated at [(3)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/2)
#  645|   		case PAM_ERROR_MSG:
#  646|   		case PAM_TEXT_INFO:
#  647|-> 			if ((r = sshbuf_putf(loginmsg, "%s\n",
#  648|   			    PAM_MSG_MEMBER(msg, i, msg))) != 0)
#  649|   				fatal("%s: buffer error: %s",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def45]
openssh-10.0p1/auth-pam.c:649:33: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.0p1/auth-pam.c:637:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:640:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:640:22: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:640:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/auth-pam.c:643:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:644:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:644:17: branch_true: following ‘true’ branch...
openssh-10.0p1/auth-pam.c:645:17: branch_true: ...to here
openssh-10.0p1/auth-pam.c:647:28: branch_true: following ‘true’ branch...
openssh-10.0p1/auth-pam.c:649:33: branch_true: ...to here
openssh-10.0p1/auth-pam.c:649:33: danger: ‘reply’ leaks here; was allocated at [(3)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/2)
#  647|   			if ((r = sshbuf_putf(loginmsg, "%s\n",
#  648|   			    PAM_MSG_MEMBER(msg, i, msg))) != 0)
#  649|-> 				fatal("%s: buffer error: %s",
#  650|   				    __func__, ssh_err(r));
#  651|   			reply[i].resp_retcode = PAM_SUCCESS;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def46]
openssh-10.0p1/auth-pam.c:979:15: warning[-Wanalyzer-malloc-leak]: leak of ‘fake_password(*resp)’
openssh-10.0p1/auth-pam.c:990:1: enter_function: entry to ‘sshpam_respond’
openssh-10.0p1/auth-pam.c:1007:12: branch_false: following ‘false’ branch (when ‘num == 1’)...
openssh-10.0p1/auth-pam.c:1011:23: branch_false: ...to here
openssh-10.0p1/auth-pam.c:1011:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:1013:28: branch_false: ...to here
openssh-10.0p1/auth-pam.c:1019:24: call_function: calling ‘fake_password’ from ‘sshpam_respond’
openssh-10.0p1/auth-pam.c:1019:24: return_function: returning to ‘sshpam_respond’ from ‘fake_password’
openssh-10.0p1/auth-pam.c:979:15: danger: ‘fake_password(*resp)’ leaks here; was allocated at [(10)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/9)
#  977|   		fatal("%s: password length too long: %zu", __func__, l);
#  978|   
#  979|-> 	ret = malloc(l + 1);
#  980|   	if (ret == NULL)
#  981|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def47]
openssh-10.0p1/auth-pam.c:1020:26: warning[-Wanalyzer-malloc-leak]: leak of ‘fake_password(*resp)’
openssh-10.0p1/auth-pam.c:990:1: enter_function: entry to ‘sshpam_respond’
openssh-10.0p1/auth-pam.c:1007:12: branch_false: following ‘false’ branch (when ‘num == 1’)...
openssh-10.0p1/auth-pam.c:1011:23: branch_false: ...to here
openssh-10.0p1/auth-pam.c:1011:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:1013:28: branch_false: ...to here
openssh-10.0p1/auth-pam.c:1019:24: call_function: calling ‘fake_password’ from ‘sshpam_respond’
openssh-10.0p1/auth-pam.c:1019:24: return_function: returning to ‘sshpam_respond’ from ‘fake_password’
openssh-10.0p1/auth-pam.c:1020:26: danger: ‘fake_password(*resp)’ leaks here; was allocated at [(10)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/9)
# 1018|   	} else {
# 1019|   		fake = fake_password(*resp);
# 1020|-> 		if ((r = sshbuf_put_cstring(buffer, fake)) != 0)
# 1021|   			fatal("%s: buffer error: %s", __func__, ssh_err(r));
# 1022|   		free(fake);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def48]
openssh-10.0p1/auth-pam.c:1326:42: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.0p1/auth-pam.c:1307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:1310:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:1310:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/auth-pam.c:1313:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:1314:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:1316:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:1318:35: branch_false: ...to here
openssh-10.0p1/auth-pam.c:1318:46: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:1318:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:1320:25: branch_false: ...to here
openssh-10.0p1/auth-pam.c:1313:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:1314:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:1325:28: branch_true: following ‘true’ branch (when ‘len != 0’)...
openssh-10.0p1/auth-pam.c:1326:42: branch_true: ...to here
openssh-10.0p1/auth-pam.c:1326:42: danger: ‘<unknown>’ leaks here; was allocated at [(11)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/10)
# 1324|   			len = strlen(PAM_MSG_MEMBER(msg, i, msg));
# 1325|   			if (len > 0) {
# 1326|-> 				if ((r = sshbuf_putf(loginmsg, "%s\n",
# 1327|   				    PAM_MSG_MEMBER(msg, i, msg))) != 0)
# 1328|   					fatal("%s: buffer error: %s",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def49]
openssh-10.0p1/auth-pam.c:1326:42: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.0p1/auth-pam.c:1307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:1310:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:1310:22: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:1310:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/auth-pam.c:1313:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:1314:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:1325:28: branch_true: following ‘true’ branch (when ‘len != 0’)...
openssh-10.0p1/auth-pam.c:1326:42: branch_true: ...to here
openssh-10.0p1/auth-pam.c:1326:42: danger: ‘reply’ leaks here; was allocated at [(3)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/2)
# 1324|   			len = strlen(PAM_MSG_MEMBER(msg, i, msg));
# 1325|   			if (len > 0) {
# 1326|-> 				if ((r = sshbuf_putf(loginmsg, "%s\n",
# 1327|   				    PAM_MSG_MEMBER(msg, i, msg))) != 0)
# 1328|   					fatal("%s: buffer error: %s",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def50]
openssh-10.0p1/auth-pam.c:1328:41: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.0p1/auth-pam.c:1307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:1310:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:1310:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/auth-pam.c:1313:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:1314:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:1316:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:1318:35: branch_false: ...to here
openssh-10.0p1/auth-pam.c:1318:46: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:1318:28: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:1320:25: branch_false: ...to here
openssh-10.0p1/auth-pam.c:1313:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:1314:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:1325:28: branch_true: following ‘true’ branch (when ‘len != 0’)...
openssh-10.0p1/auth-pam.c:1326:42: branch_true: ...to here
openssh-10.0p1/auth-pam.c:1326:36: branch_true: following ‘true’ branch...
openssh-10.0p1/auth-pam.c:1328:41: branch_true: ...to here
openssh-10.0p1/auth-pam.c:1328:41: danger: ‘<unknown>’ leaks here; was allocated at [(11)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/10)
# 1326|   				if ((r = sshbuf_putf(loginmsg, "%s\n",
# 1327|   				    PAM_MSG_MEMBER(msg, i, msg))) != 0)
# 1328|-> 					fatal("%s: buffer error: %s",
# 1329|   					    __func__, ssh_err(r));
# 1330|   			}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def51]
openssh-10.0p1/auth-pam.c:1328:41: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
openssh-10.0p1/auth-pam.c:1307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-pam.c:1310:22: branch_false: ...to here
openssh-10.0p1/auth-pam.c:1310:22: acquire_memory: allocated here
openssh-10.0p1/auth-pam.c:1310:12: branch_false: following ‘false’ branch (when ‘reply’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/auth-pam.c:1313:21: branch_true: following ‘true’ branch (when ‘i < n’)...
openssh-10.0p1/auth-pam.c:1314:25: branch_true: ...to here
openssh-10.0p1/auth-pam.c:1325:28: branch_true: following ‘true’ branch (when ‘len != 0’)...
openssh-10.0p1/auth-pam.c:1326:42: branch_true: ...to here
openssh-10.0p1/auth-pam.c:1326:36: branch_true: following ‘true’ branch...
openssh-10.0p1/auth-pam.c:1328:41: branch_true: ...to here
openssh-10.0p1/auth-pam.c:1328:41: danger: ‘reply’ leaks here; was allocated at [(3)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/2)
# 1326|   				if ((r = sshbuf_putf(loginmsg, "%s\n",
# 1327|   				    PAM_MSG_MEMBER(msg, i, msg))) != 0)
# 1328|-> 					fatal("%s: buffer error: %s",
# 1329|   					    __func__, ssh_err(r));
# 1330|   			}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def52]
openssh-10.0p1/auth-rhosts.c:110:25: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.0p1/auth-rhosts.c:68:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:70:13: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:70:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:74:14: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:74:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:80:9: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:81:18: acquire_memory: allocated here
openssh-10.0p1/auth-rhosts.c:81:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:85:16: branch_true: following ‘true’ branch...
 branch_true: ...to here
openssh-10.0p1/auth-rhosts.c:100:20: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:107:25: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:110:25: danger: ‘f’ leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  108|   		    dummy)) {
#  109|   		case 0:
#  110|-> 			auth_debug_add("Found empty line in %.100s.", filename);
#  111|   			continue;
#  112|   		case 1:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def53]
openssh-10.0p1/auth-rhosts.c:120:25: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.0p1/auth-rhosts.c:68:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:70:13: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:70:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:74:14: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:74:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:80:9: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:81:18: acquire_memory: allocated here
openssh-10.0p1/auth-rhosts.c:81:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:85:16: branch_true: following ‘true’ branch...
 branch_true: ...to here
openssh-10.0p1/auth-rhosts.c:100:20: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:107:25: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:120:25: danger: ‘f’ leaks here; was allocated at [(7)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/6)
#  118|   			break;
#  119|   		case 3:
#  120|-> 			auth_debug_add("Found garbage in %.100s.", filename);
#  121|   			continue;
#  122|   		default:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def54]
openssh-10.0p1/auth-rhosts.c:147:25: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.0p1/auth-rhosts.c:68:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:70:13: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:70:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:74:14: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:74:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:80:9: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:81:18: acquire_memory: allocated here
openssh-10.0p1/auth-rhosts.c:81:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:85:16: branch_true: following ‘true’ branch...
 branch_true: ...to here
openssh-10.0p1/auth-rhosts.c:100:20: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:107:25: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:147:25: danger: ‘f’ leaks here; was allocated at [(7)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/6)
#  145|   		if (!host[0] || !user[0]) {
#  146|   			/* We come here if either was '+' or '-'. */
#  147|-> 			auth_debug_add("Ignoring wild host/user names "
#  148|   			    "in %.100s.", filename);
#  149|   			continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def55]
openssh-10.0p1/auth-rhosts.c:153:30: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.0p1/auth-rhosts.c:68:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:70:13: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:70:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:74:14: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:74:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:80:9: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:81:18: acquire_memory: allocated here
openssh-10.0p1/auth-rhosts.c:81:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:85:16: branch_true: following ‘true’ branch...
 branch_true: ...to here
openssh-10.0p1/auth-rhosts.c:100:20: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:107:25: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:145:20: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:152:20: branch_true: following ‘true’ branch...
openssh-10.0p1/auth-rhosts.c:153:38: branch_true: ...to here
openssh-10.0p1/auth-rhosts.c:153:30: danger: ‘f’ leaks here; was allocated at [(7)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/6)
#  151|   		/* Verify that host name matches. */
#  152|   		if (host[0] == '@') {
#  153|-> 			if (!innetgr(host + 1, hostname, NULL, NULL) &&
#  154|   			    !innetgr(host + 1, ipaddr, NULL, NULL))
#  155|   				continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def56]
openssh-10.0p1/auth-rhosts.c:154:30: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.0p1/auth-rhosts.c:68:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:70:13: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:70:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:74:14: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:74:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:80:9: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:81:18: acquire_memory: allocated here
openssh-10.0p1/auth-rhosts.c:81:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:85:16: branch_true: following ‘true’ branch...
 branch_true: ...to here
openssh-10.0p1/auth-rhosts.c:100:20: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:107:25: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:145:20: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:152:20: branch_true: following ‘true’ branch...
openssh-10.0p1/auth-rhosts.c:153:38: branch_true: ...to here
openssh-10.0p1/auth-rhosts.c:153:28: branch_true: following ‘true’ branch...
openssh-10.0p1/auth-rhosts.c:154:30: branch_true: ...to here
openssh-10.0p1/auth-rhosts.c:154:30: danger: ‘f’ leaks here; was allocated at [(7)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/6)
#  152|   		if (host[0] == '@') {
#  153|   			if (!innetgr(host + 1, hostname, NULL, NULL) &&
#  154|-> 			    !innetgr(host + 1, ipaddr, NULL, NULL))
#  155|   				continue;
#  156|   		} else if (strcasecmp(host, hostname) &&

Error: GCC_ANALYZER_WARNING (CWE-401): [#def57]
openssh-10.0p1/auth-rhosts.c:162:30: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.0p1/auth-rhosts.c:68:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:70:13: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:70:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:74:14: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:74:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:80:9: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:81:18: acquire_memory: allocated here
openssh-10.0p1/auth-rhosts.c:81:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:85:16: branch_true: following ‘true’ branch...
 branch_true: ...to here
openssh-10.0p1/auth-rhosts.c:100:20: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:107:25: branch_false: ...to here
openssh-10.0p1/auth-rhosts.c:145:20: branch_false: following ‘false’ branch...
openssh-10.0p1/auth-rhosts.c:161:20: branch_true: following ‘true’ branch...
openssh-10.0p1/auth-rhosts.c:162:38: branch_true: ...to here
openssh-10.0p1/auth-rhosts.c:162:30: danger: ‘f’ leaks here; was allocated at [(7)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/6)
#  160|   		/* Verify that user name matches. */
#  161|   		if (user[0] == '@') {
#  162|-> 			if (!innetgr(user + 1, NULL, client_user, NULL))
#  163|   				continue;
#  164|   		} else if (strcmp(user, client_user) != 0)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def58]
openssh-10.0p1/auth2-chall.c:328:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘response’
openssh-10.0p1/auth2-chall.c:300:12: branch_false: following ‘false’ branch (when ‘authctxt’ is non-NULL)...
openssh-10.0p1/auth2-chall.c:302:9: branch_false: ...to here
openssh-10.0p1/auth2-chall.c:303:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth2-chall.c:305:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth2-chall.c:308:9: branch_false: ...to here
openssh-10.0p1/auth2-chall.c:309:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth2-chall.c:311:22: branch_false: ...to here
openssh-10.0p1/auth2-chall.c:311:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth2-chall.c:313:12: branch_false: ...to here
openssh-10.0p1/auth2-chall.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth2-chall.c:315:12: branch_false: ...to here
openssh-10.0p1/auth2-chall.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth2-chall.c:322:18: branch_false: ...to here
openssh-10.0p1/auth2-chall.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth2-chall.c:325:15: branch_false: ...to here
openssh-10.0p1/auth2-chall.c:327:21: branch_true: following ‘true’ branch...
openssh-10.0p1/auth2-chall.c:328:60: branch_true: ...to here
openssh-10.0p1/auth2-chall.c:328:60: release_memory: ‘response’ is NULL
openssh-10.0p1/auth2-chall.c:328:17: danger: dereference of NULL ‘response + (long unsigned int)i * 8’
#  326|   
#  327|   	for (i = 0; i < nresp; i++) {
#  328|-> 		explicit_bzero(response[i], strlen(response[i]));
#  329|   		free(response[i]);
#  330|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def59]
openssh-10.0p1/auth2-pubkeyfile.c:477:13: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.0p1/auth2-pubkeyfile.c:450:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth2-pubkeyfile.c:461:13: branch_false: ...to here
openssh-10.0p1/auth2-pubkeyfile.c:461:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth2-pubkeyfile.c:465:14: branch_false: ...to here
openssh-10.0p1/auth2-pubkeyfile.c:465:12: branch_false: following ‘false’ branch...
openssh-10.0p1/auth2-pubkeyfile.c:471:9: branch_false: ...to here
openssh-10.0p1/auth2-pubkeyfile.c:472:18: acquire_memory: allocated here
openssh-10.0p1/auth2-pubkeyfile.c:472:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
openssh-10.0p1/auth2-pubkeyfile.c:476:12: branch_false: ...to here
openssh-10.0p1/auth2-pubkeyfile.c:476:12: branch_true: following ‘true’ branch (when ‘strict_modes != 0’)...
openssh-10.0p1/auth2-pubkeyfile.c:477:13: branch_true: ...to here
openssh-10.0p1/auth2-pubkeyfile.c:477:13: danger: ‘f’ leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  475|   	}
#  476|   	if (strict_modes &&
#  477|-> 	    safe_path_fd(fileno(f), file, pw, line, sizeof(line)) != 0) {
#  478|   		fclose(f);
#  479|   		logit("Authentication refused: %s", line);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def60]
openssh-10.0p1/authfd.c:103:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/authfd.c:99:21: acquire_resource: stream socket created here
openssh-10.0p1/authfd.c:99:12: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.0p1/authfd.c:103:13: branch_false: ...to here
openssh-10.0p1/authfd.c:103:13: danger: ‘sock’ leaks here
#  101|   
#  102|   	/* close on exec */
#  103|-> 	if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1 ||
#  104|   	    connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) {
#  105|   		oerrno = errno;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def61]
openssh-10.0p1/authfile.c:183:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(filename, 0)’
openssh-10.0p1/authfile.c:178:12: branch_false: following ‘false’ branch (when ‘pubkeyp’ is NULL)...
openssh-10.0p1/authfile.c:181:19: branch_false: ...to here
openssh-10.0p1/authfile.c:181:19: acquire_resource: opened here
openssh-10.0p1/authfile.c:181:12: branch_false: following ‘false’ branch...
openssh-10.0p1/authfile.c:183:18: branch_false: ...to here
openssh-10.0p1/authfile.c:183:18: danger: ‘open(filename, 0)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  181|   	if ((fd = open(filename, O_RDONLY)) == -1)
#  182|   		return SSH_ERR_SYSTEM_ERROR;
#  183|-> 	if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
#  184|   	    (r = sshkey_parse_pubkey_from_private_fileblob_type(buffer,
#  185|   	    KEY_UNSPEC, &pubkey)) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def62]
openssh-10.0p1/authfile.c:219:18: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "r")’
openssh-10.0p1/authfile.c:212:12: branch_false: following ‘false’ branch (when ‘kp’ is non-NULL)...
openssh-10.0p1/authfile.c:214:9: branch_false: ...to here
openssh-10.0p1/authfile.c:215:12: branch_false: following ‘false’ branch (when ‘commentp’ is NULL)...
openssh-10.0p1/authfile.c:217:18: branch_false: ...to here
openssh-10.0p1/authfile.c:217:18: acquire_resource: opened here
openssh-10.0p1/authfile.c:217:12: branch_false: following ‘false’ branch...
openssh-10.0p1/authfile.c:219:18: branch_false: ...to here
openssh-10.0p1/authfile.c:219:18: danger: ‘fopen(filename, "r")’ leaks here; was opened at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  217|   	if ((f = fopen(filename, "r")) == NULL)
#  218|   		return SSH_ERR_SYSTEM_ERROR;
#  219|-> 	if ((k = sshkey_new(KEY_UNSPEC)) == NULL) {
#  220|   		fclose(f);
#  221|   		return SSH_ERR_ALLOC_FAIL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def63]
openssh-10.0p1/authfile.c:219:18: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "r")’
openssh-10.0p1/authfile.c:212:12: branch_false: following ‘false’ branch (when ‘kp’ is non-NULL)...
openssh-10.0p1/authfile.c:214:9: branch_false: ...to here
openssh-10.0p1/authfile.c:215:12: branch_false: following ‘false’ branch (when ‘commentp’ is NULL)...
openssh-10.0p1/authfile.c:217:18: branch_false: ...to here
openssh-10.0p1/authfile.c:217:18: acquire_memory: allocated here
openssh-10.0p1/authfile.c:217:12: branch_false: following ‘false’ branch...
openssh-10.0p1/authfile.c:219:18: branch_false: ...to here
openssh-10.0p1/authfile.c:219:18: danger: ‘fopen(filename, "r")’ leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#  217|   	if ((f = fopen(filename, "r")) == NULL)
#  218|   		return SSH_ERR_SYSTEM_ERROR;
#  219|-> 	if ((k = sshkey_new(KEY_UNSPEC)) == NULL) {
#  220|   		fclose(f);
#  221|   		return SSH_ERR_ALLOC_FAIL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def64]
openssh-10.0p1/authfile.c:507:18: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.0p1/authfile.c:500:12: branch_false: following ‘false’ branch...
openssh-10.0p1/authfile.c:502:18: branch_false: ...to here
openssh-10.0p1/authfile.c:502:18: acquire_memory: allocated here
openssh-10.0p1/authfile.c:502:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
openssh-10.0p1/authfile.c:507:18: branch_false: ...to here
openssh-10.0p1/authfile.c:507:18: danger: ‘f’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  505|   		goto fail;
#  506|   	}
#  507|-> 	if ((r = sshkey_write(key, f)) != 0)
#  508|   		goto fail;
#  509|   	fprintf(f, " %s\n", comment);

Error: COMPILER_WARNING: [#def65]
openssh-10.0p1/chacha.c:51:31: warning[-Wunterminated-string-initialization]: initializer-string for array of ‘char’ truncates NUL terminator but destination lacks ‘nonstring’ attribute (17 chars into 16 available)
#   51 | static const char sigma[16] = "expand 32-byte k";
#      |                               ^~~~~~~~~~~~~~~~~~
#   49|     c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
#   50|   
#   51|-> static const char sigma[16] = "expand 32-byte k";
#   52|   static const char tau[16] = "expand 16-byte k";
#   53|   

Error: COMPILER_WARNING: [#def66]
openssh-10.0p1/chacha.c:52:29: warning[-Wunterminated-string-initialization]: initializer-string for array of ‘char’ truncates NUL terminator but destination lacks ‘nonstring’ attribute (17 chars into 16 available)
#   52 | static const char tau[16] = "expand 16-byte k";
#      |                             ^~~~~~~~~~~~~~~~~~
#   50|   
#   51|   static const char sigma[16] = "expand 32-byte k";
#   52|-> static const char tau[16] = "expand 16-byte k";
#   53|   
#   54|   void

Error: GCC_ANALYZER_WARNING (CWE-775): [#def67]
openssh-10.0p1/channels.c:513:32: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/channels.c:4157:1: enter_function: entry to ‘channel_setup_local_fwd_listener’
openssh-10.0p1/channels.c:4160:12: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:4164:24: branch_false: ...to here
openssh-10.0p1/channels.c:4164:24: call_function: calling ‘channel_setup_fwd_listener_tcpip’ from ‘channel_setup_local_fwd_listener’
#  511|   			fatal_f("internal error: channels_alloc %d too big",
#  512|   			    sc->channels_alloc);
#  513|-> 		sc->channels = xrecallocarray(sc->channels, sc->channels_alloc,
#  514|   		    sc->channels_alloc + 10, sizeof(*sc->channels));
#  515|   		sc->channels_alloc += 10;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def68]
openssh-10.0p1/channels.c:516:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/channels.c:4157:1: enter_function: entry to ‘channel_setup_local_fwd_listener’
openssh-10.0p1/channels.c:4160:12: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:4164:24: branch_false: ...to here
openssh-10.0p1/channels.c:4164:24: call_function: calling ‘channel_setup_fwd_listener_tcpip’ from ‘channel_setup_local_fwd_listener’
#  514|   		    sc->channels_alloc + 10, sizeof(*sc->channels));
#  515|   		sc->channels_alloc += 10;
#  516|-> 		debug2("channel: expanding %d", sc->channels_alloc);
#  517|   	}
#  518|   	/* Initialize and return new channel. */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def69]
openssh-10.0p1/channels.c:519:35: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/channels.c:4157:1: enter_function: entry to ‘channel_setup_local_fwd_listener’
openssh-10.0p1/channels.c:4160:12: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:4164:24: branch_false: ...to here
openssh-10.0p1/channels.c:4164:24: call_function: calling ‘channel_setup_fwd_listener_tcpip’ from ‘channel_setup_local_fwd_listener’
#  517|   	}
#  518|   	/* Initialize and return new channel. */
#  519|-> 	c = sc->channels[found] = xcalloc(1, sizeof(Channel));
#  520|   	if ((c->input = sshbuf_new()) == NULL ||
#  521|   	    (c->output = sshbuf_new()) == NULL ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def70]
openssh-10.0p1/channels.c:520:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/channels.c:4157:1: enter_function: entry to ‘channel_setup_local_fwd_listener’
openssh-10.0p1/channels.c:4160:12: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:4164:24: branch_false: ...to here
openssh-10.0p1/channels.c:4164:24: call_function: calling ‘channel_setup_fwd_listener_tcpip’ from ‘channel_setup_local_fwd_listener’
#  518|   	/* Initialize and return new channel. */
#  519|   	c = sc->channels[found] = xcalloc(1, sizeof(Channel));
#  520|-> 	if ((c->input = sshbuf_new()) == NULL ||
#  521|   	    (c->output = sshbuf_new()) == NULL ||
#  522|   	    (c->extended = sshbuf_new()) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def71]
openssh-10.0p1/channels.c:521:26: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/channels.c:4157:1: enter_function: entry to ‘channel_setup_local_fwd_listener’
openssh-10.0p1/channels.c:4160:12: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:4164:24: branch_false: ...to here
openssh-10.0p1/channels.c:4164:24: call_function: calling ‘channel_setup_fwd_listener_tcpip’ from ‘channel_setup_local_fwd_listener’
#  519|   	c = sc->channels[found] = xcalloc(1, sizeof(Channel));
#  520|   	if ((c->input = sshbuf_new()) == NULL ||
#  521|-> 	    (c->output = sshbuf_new()) == NULL ||
#  522|   	    (c->extended = sshbuf_new()) == NULL)
#  523|   		fatal_f("sshbuf_new failed");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def72]
openssh-10.0p1/channels.c:522:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/channels.c:4157:1: enter_function: entry to ‘channel_setup_local_fwd_listener’
openssh-10.0p1/channels.c:4160:12: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:4164:24: branch_false: ...to here
openssh-10.0p1/channels.c:4164:24: call_function: calling ‘channel_setup_fwd_listener_tcpip’ from ‘channel_setup_local_fwd_listener’
#  520|   	if ((c->input = sshbuf_new()) == NULL ||
#  521|   	    (c->output = sshbuf_new()) == NULL ||
#  522|-> 	    (c->extended = sshbuf_new()) == NULL)
#  523|   		fatal_f("sshbuf_new failed");
#  524|   	if ((r = sshbuf_set_max_size(c->input, CHAN_INPUT_MAX)) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def73]
openssh-10.0p1/channels.c:523:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/channels.c:4157:1: enter_function: entry to ‘channel_setup_local_fwd_listener’
openssh-10.0p1/channels.c:4160:12: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:4164:24: branch_false: ...to here
openssh-10.0p1/channels.c:4164:24: call_function: calling ‘channel_setup_fwd_listener_tcpip’ from ‘channel_setup_local_fwd_listener’
#  521|   	    (c->output = sshbuf_new()) == NULL ||
#  522|   	    (c->extended = sshbuf_new()) == NULL)
#  523|-> 		fatal_f("sshbuf_new failed");
#  524|   	if ((r = sshbuf_set_max_size(c->input, CHAN_INPUT_MAX)) != 0)
#  525|   		fatal_fr(r, "sshbuf_set_max_size");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def74]
openssh-10.0p1/channels.c:3886:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/channels.c:3793:1: enter_function: entry to ‘channel_setup_fwd_listener_tcpip’
openssh-10.0p1/channels.c:3822:16: call_function: calling ‘channel_fwd_bind_addr’ from ‘channel_setup_fwd_listener_tcpip’
openssh-10.0p1/channels.c:3822:16: return_function: returning to ‘channel_setup_fwd_listener_tcpip’ from ‘channel_fwd_bind_addr’
openssh-10.0p1/channels.c:3824:9: branch_true: following ‘true’ branch...
openssh-10.0p1/channels.c:3824:9: branch_true: ...to here
openssh-10.0p1/channels.c:3836:12: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:3847:12: branch_false: ...to here
openssh-10.0p1/channels.c:3849:26: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/channels.c:3850:25: branch_true: ...to here
openssh-10.0p1/channels.c:3871:20: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:3878:24: branch_false: ...to here
openssh-10.0p1/channels.c:3878:24: acquire_resource: socket created here
openssh-10.0p1/channels.c:3879:20: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.0p1/channels.c:3886:17: branch_false: ...to here
openssh-10.0p1/channels.c:3886:17: danger: ‘sock’ leaks here
# 3884|   		}
# 3885|   
# 3886|-> 		set_reuseaddr(sock);
# 3887|   		if (ai->ai_family == AF_INET6)
# 3888|   			sock_set_v6only(sock);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def75]
openssh-10.0p1/channels.c:3911:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/channels.c:3793:1: enter_function: entry to ‘channel_setup_fwd_listener_tcpip’
openssh-10.0p1/channels.c:3822:16: call_function: calling ‘channel_fwd_bind_addr’ from ‘channel_setup_fwd_listener_tcpip’
openssh-10.0p1/channels.c:3822:16: return_function: returning to ‘channel_setup_fwd_listener_tcpip’ from ‘channel_fwd_bind_addr’
openssh-10.0p1/channels.c:3824:9: branch_true: following ‘true’ branch...
openssh-10.0p1/channels.c:3824:9: branch_true: ...to here
openssh-10.0p1/channels.c:3836:12: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:3847:12: branch_false: ...to here
openssh-10.0p1/channels.c:3849:26: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/channels.c:3850:25: branch_true: ...to here
openssh-10.0p1/channels.c:3871:20: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:3878:24: branch_false: ...to here
openssh-10.0p1/channels.c:3878:24: acquire_resource: socket created here
openssh-10.0p1/channels.c:3879:20: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.0p1/channels.c:3886:17: branch_false: ...to here
openssh-10.0p1/channels.c:3894:20: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:3910:21: branch_false: ...to here
openssh-10.0p1/channels.c:3910:20: branch_true: following ‘true’ branch...
openssh-10.0p1/channels.c:3911:25: branch_true: ...to here
openssh-10.0p1/channels.c:3911:25: danger: ‘sock’ leaks here
# 3909|   		/* Start listening for connections on the socket. */
# 3910|   		if (listen(sock, SSH_LISTEN_BACKLOG) == -1) {
# 3911|-> 			error("listen [%s]:%s: %.100s", ntop, strport,
# 3912|   			    strerror(errno));
# 3913|   			close(sock);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def76]
openssh-10.0p1/channels.c:3913:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/channels.c:3793:1: enter_function: entry to ‘channel_setup_fwd_listener_tcpip’
openssh-10.0p1/channels.c:3822:16: call_function: calling ‘channel_fwd_bind_addr’ from ‘channel_setup_fwd_listener_tcpip’
openssh-10.0p1/channels.c:3822:16: return_function: returning to ‘channel_setup_fwd_listener_tcpip’ from ‘channel_fwd_bind_addr’
openssh-10.0p1/channels.c:3824:9: branch_true: following ‘true’ branch...
openssh-10.0p1/channels.c:3824:9: branch_true: ...to here
openssh-10.0p1/channels.c:3836:12: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:3847:12: branch_false: ...to here
openssh-10.0p1/channels.c:3849:26: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/channels.c:3850:25: branch_true: ...to here
openssh-10.0p1/channels.c:3871:20: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:3878:24: branch_false: ...to here
openssh-10.0p1/channels.c:3878:24: acquire_resource: socket created here
openssh-10.0p1/channels.c:3879:20: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.0p1/channels.c:3886:17: branch_false: ...to here
openssh-10.0p1/channels.c:3894:20: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:3910:21: branch_false: ...to here
openssh-10.0p1/channels.c:3910:20: branch_true: following ‘true’ branch...
openssh-10.0p1/channels.c:3911:25: branch_true: ...to here
openssh-10.0p1/channels.c:3913:25: danger: ‘sock’ leaks here
# 3911|   			error("listen [%s]:%s: %.100s", ntop, strport,
# 3912|   			    strerror(errno));
# 3913|-> 			close(sock);
# 3914|   			continue;
# 3915|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def77]
openssh-10.0p1/channels.c:4618:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/channels.c:4588:16: branch_true: following ‘true’ branch...
openssh-10.0p1/channels.c:4589:25: branch_true: ...to here
openssh-10.0p1/channels.c:4610:29: acquire_resource: socket created here
openssh-10.0p1/channels.c:4610:20: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.0p1/channels.c:4618:21: branch_false: ...to here
openssh-10.0p1/channels.c:4618:21: danger: ‘sock’ leaks here
# 4616|   			continue;
# 4617|   		}
# 4618|-> 		if (set_nonblock(sock) == -1)
# 4619|   			fatal_f("set_nonblock(%d)", sock);
# 4620|   		if (connect(sock, cctx->ai->ai_addr,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def78]
openssh-10.0p1/channels.c:5051:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/channels.c:5008:12: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:5016:13: branch_true: following ‘true’ branch (when ‘display_number < x11_max_displays’)...
openssh-10.0p1/channels.c:5018:17: branch_true: ...to here
openssh-10.0p1/channels.c:5024:20: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:5029:22: branch_false: ...to here
openssh-10.0p1/channels.c:5029:34: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/channels.c:5030:29: branch_true: ...to here
openssh-10.0p1/channels.c:5030:28: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:5033:32: branch_false: ...to here
openssh-10.0p1/channels.c:5033:32: acquire_resource: socket created here
openssh-10.0p1/channels.c:5035:28: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.0p1/channels.c:5050:29: branch_false: ...to here
openssh-10.0p1/channels.c:5050:28: branch_true: following ‘true’ branch...
openssh-10.0p1/channels.c:5051:33: branch_true: ...to here
openssh-10.0p1/channels.c:5051:33: danger: ‘sock’ leaks here
# 5049|   			}
# 5050|   			if (ai->ai_family == AF_INET6)
# 5051|-> 				sock_set_v6only(sock);
# 5052|   			if (x11_use_localhost)
# 5053|   				set_reuseaddr(sock);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def79]
openssh-10.0p1/channels.c:5053:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/channels.c:5008:12: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:5016:13: branch_true: following ‘true’ branch (when ‘display_number < x11_max_displays’)...
openssh-10.0p1/channels.c:5018:17: branch_true: ...to here
openssh-10.0p1/channels.c:5024:20: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:5029:22: branch_false: ...to here
openssh-10.0p1/channels.c:5029:34: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/channels.c:5030:29: branch_true: ...to here
openssh-10.0p1/channels.c:5030:28: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:5033:32: branch_false: ...to here
openssh-10.0p1/channels.c:5033:32: acquire_resource: socket created here
openssh-10.0p1/channels.c:5035:28: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.0p1/channels.c:5050:29: branch_false: ...to here
openssh-10.0p1/channels.c:5050:28: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:5052:28: branch_false: ...to here
openssh-10.0p1/channels.c:5052:28: branch_true: following ‘true’ branch (when ‘x11_use_localhost != 0’)...
openssh-10.0p1/channels.c:5053:33: branch_true: ...to here
openssh-10.0p1/channels.c:5053:33: danger: ‘sock’ leaks here
# 5051|   				sock_set_v6only(sock);
# 5052|   			if (x11_use_localhost)
# 5053|-> 				set_reuseaddr(sock);
# 5054|   			if (bind(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
# 5055|   				debug2_f("bind port %d: %.100s", port,

Error: CPPCHECK_WARNING (CWE-457): [#def80]
openssh-10.0p1/channels.c:5081: warning[uninitvar]: Uninitialized variable: port
# 5079|   			break;
# 5080|   	}
# 5081|-> 	if (display_number >= x11_max_displays || port < X11_BASE_PORT ) {
# 5082|   		error("Failed to allocate internet-domain X11 display socket.");
# 5083|   		return -1;

Error: COMPILER_WARNING (CWE-195): [#def81]
openssh-10.0p1/channels.c: scope_hint: In function ‘connect_local_xsocket_path’
openssh-10.0p1/channels.c:5128:17: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’
# 5128 |         if (len > sizeof addr.sun_path)
#      |                 ^
# 5126|   	memset(&addr, 0, sizeof(addr));
# 5127|   	addr.sun_family = AF_UNIX;
# 5128|-> 	if (len > sizeof addr.sun_path)
# 5129|   		len = sizeof addr.sun_path;
# 5130|   	memcpy(addr.sun_path, pathname, len);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def82]
openssh-10.0p1/channels.c:5131:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/channels.c:5119:12: branch_false: following ‘false’ branch (when ‘len > 0’)...
openssh-10.0p1/channels.c:5121:16: branch_false: ...to here
openssh-10.0p1/channels.c:5121:16: acquire_resource: stream socket created here
openssh-10.0p1/channels.c:5122:12: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.0p1/channels.c:5126:9: branch_false: ...to here
openssh-10.0p1/channels.c:5131:13: danger: ‘sock’ leaks here
# 5129|   		len = sizeof addr.sun_path;
# 5130|   	memcpy(addr.sun_path, pathname, len);
# 5131|-> 	if (connect(sock, (struct sockaddr *)&addr, sizeof addr - (sizeof addr.sun_path - len) ) == 0)
# 5132|   		return sock;
# 5133|   	close(sock);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def83]
openssh-10.0p1/channels.c:5282:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/channels.c:5194:12: branch_false: following ‘false’ branch (when ‘display’ is non-NULL)...
openssh-10.0p1/channels.c:5225:13: branch_false: ...to here
openssh-10.0p1/channels.c:5225:12: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:5226:13: branch_false: ...to here
openssh-10.0p1/channels.c:5225:13: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:5246:9: branch_false: ...to here
openssh-10.0p1/channels.c:5248:12: branch_false: following ‘false’ branch (when ‘cp’ is non-NULL)...
openssh-10.0p1/channels.c:5252:9: branch_false: ...to here
openssh-10.0p1/channels.c:5257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:5258:13: branch_false: ...to here
openssh-10.0p1/channels.c:5257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:5265:9: branch_false: ...to here
openssh-10.0p1/channels.c:5269:12: branch_false: following ‘false’ branch...
openssh-10.0p1/channels.c:5274:14: branch_false: ...to here
openssh-10.0p1/channels.c:5274:26: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/channels.c:5276:24: branch_true: ...to here
openssh-10.0p1/channels.c:5276:24: acquire_resource: socket created here
openssh-10.0p1/channels.c:5277:20: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.0p1/channels.c:5282:21: branch_false: ...to here
openssh-10.0p1/channels.c:5282:21: danger: ‘sock’ leaks here
# 5280|   		}
# 5281|   		/* Connect it to the display. */
# 5282|-> 		if (connect(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
# 5283|   			debug2("connect %.100s port %u: %.100s", buf,
# 5284|   			    X11_BASE_PORT + display_number, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def84]
openssh-10.0p1/cipher-chachapoly-libcrypto.c:50:30: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
openssh-10.0p1/cipher-chachapoly-libcrypto.c:46:12: branch_false: following ‘false’ branch (when ‘keylen == 64’)...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:20: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:20: acquire_memory: allocated here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:12: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:50:30: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:50:30: danger: ‘ctx’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   48|   	if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
#   49|   		return NULL;
#   50|-> 	if ((ctx->main_evp = EVP_CIPHER_CTX_new()) == NULL ||
#   51|   	    (ctx->header_evp = EVP_CIPHER_CTX_new()) == NULL)
#   52|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def85]
openssh-10.0p1/cipher-chachapoly-libcrypto.c:51:32: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
openssh-10.0p1/cipher-chachapoly-libcrypto.c:46:12: branch_false: following ‘false’ branch (when ‘keylen == 64’)...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:20: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:20: acquire_memory: allocated here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:12: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:50:30: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:50:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:51:32: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:51:32: danger: ‘ctx’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#   49|   		return NULL;
#   50|   	if ((ctx->main_evp = EVP_CIPHER_CTX_new()) == NULL ||
#   51|-> 	    (ctx->header_evp = EVP_CIPHER_CTX_new()) == NULL)
#   52|   		goto fail;
#   53|   	if (!EVP_CipherInit(ctx->main_evp, EVP_chacha20(), key, NULL, 1))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def86]
openssh-10.0p1/cipher-chachapoly-libcrypto.c:53:14: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
openssh-10.0p1/cipher-chachapoly-libcrypto.c:46:12: branch_false: following ‘false’ branch (when ‘keylen == 64’)...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:20: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:20: acquire_memory: allocated here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:12: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:50:30: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:50:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:51:32: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:50:13: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:53:14: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:53:14: danger: ‘ctx’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#   51|   	    (ctx->header_evp = EVP_CIPHER_CTX_new()) == NULL)
#   52|   		goto fail;
#   53|-> 	if (!EVP_CipherInit(ctx->main_evp, EVP_chacha20(), key, NULL, 1))
#   54|   		goto fail;
#   55|   	if (!EVP_CipherInit(ctx->header_evp, EVP_chacha20(), key + 32, NULL, 1))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def87]
openssh-10.0p1/cipher-chachapoly-libcrypto.c:55:14: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
openssh-10.0p1/cipher-chachapoly-libcrypto.c:46:12: branch_false: following ‘false’ branch (when ‘keylen == 64’)...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:20: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:20: acquire_memory: allocated here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:12: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:50:30: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:50:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:51:32: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:50:13: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:53:14: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:53:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:55:62: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:55:14: danger: ‘ctx’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#   53|   	if (!EVP_CipherInit(ctx->main_evp, EVP_chacha20(), key, NULL, 1))
#   54|   		goto fail;
#   55|-> 	if (!EVP_CipherInit(ctx->header_evp, EVP_chacha20(), key + 32, NULL, 1))
#   56|   		goto fail;
#   57|   	if (EVP_CIPHER_CTX_iv_length(ctx->header_evp) != 16)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def88]
openssh-10.0p1/cipher-chachapoly-libcrypto.c:70:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
openssh-10.0p1/cipher-chachapoly-libcrypto.c:42:1: enter_function: entry to ‘chachapoly_new’
openssh-10.0p1/cipher-chachapoly-libcrypto.c:46:12: branch_false: following ‘false’ branch (when ‘keylen == 64’)...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:20: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:20: acquire_memory: allocated here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:12: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:50:30: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:50:12: branch_true: following ‘true’ branch...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:52:17: branch_true: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:61:9: call_function: calling ‘chachapoly_free’ from ‘chachapoly_new’
#   68|   	if (cpctx == NULL)
#   69|   		return;
#   70|-> 	EVP_CIPHER_CTX_free(cpctx->main_evp);
#   71|   	EVP_CIPHER_CTX_free(cpctx->header_evp);
#   72|   	freezero(cpctx, sizeof(*cpctx));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def89]
openssh-10.0p1/cipher-chachapoly-libcrypto.c:71:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
openssh-10.0p1/cipher-chachapoly-libcrypto.c:42:1: enter_function: entry to ‘chachapoly_new’
openssh-10.0p1/cipher-chachapoly-libcrypto.c:46:12: branch_false: following ‘false’ branch (when ‘keylen == 64’)...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:20: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:20: acquire_memory: allocated here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:12: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:50:30: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:50:12: branch_true: following ‘true’ branch...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:52:17: branch_true: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:61:9: call_function: calling ‘chachapoly_free’ from ‘chachapoly_new’
#   69|   		return;
#   70|   	EVP_CIPHER_CTX_free(cpctx->main_evp);
#   71|-> 	EVP_CIPHER_CTX_free(cpctx->header_evp);
#   72|   	freezero(cpctx, sizeof(*cpctx));
#   73|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def90]
openssh-10.0p1/cipher-chachapoly-libcrypto.c:72:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
openssh-10.0p1/cipher-chachapoly-libcrypto.c:42:1: enter_function: entry to ‘chachapoly_new’
openssh-10.0p1/cipher-chachapoly-libcrypto.c:46:12: branch_false: following ‘false’ branch (when ‘keylen == 64’)...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:20: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:20: acquire_memory: allocated here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:48:12: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:50:30: branch_false: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:50:12: branch_true: following ‘true’ branch...
openssh-10.0p1/cipher-chachapoly-libcrypto.c:52:17: branch_true: ...to here
openssh-10.0p1/cipher-chachapoly-libcrypto.c:61:9: call_function: calling ‘chachapoly_free’ from ‘chachapoly_new’
#   70|   	EVP_CIPHER_CTX_free(cpctx->main_evp);
#   71|   	EVP_CIPHER_CTX_free(cpctx->header_evp);
#   72|-> 	freezero(cpctx, sizeof(*cpctx));
#   73|   }
#   74|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def91]
openssh-10.0p1/cipher.c:253:30: warning[-Wanalyzer-malloc-leak]: leak of ‘cc’
openssh-10.0p1/cipher.c:239:19: acquire_memory: allocated here
openssh-10.0p1/cipher.c:239:12: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
openssh-10.0p1/cipher.c:242:26: branch_false: ...to here
openssh-10.0p1/cipher.c:245:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:245:13: branch_false: ...to here
openssh-10.0p1/cipher.c:252:12: branch_true: following ‘true’ branch...
openssh-10.0p1/cipher.c:253:30: branch_true: ...to here
openssh-10.0p1/cipher.c:253:30: danger: ‘cc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  251|   	cc->cipher = cipher;
#  252|   	if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
#  253|-> 		cc->cp_ctx = chachapoly_new(key, keylen);
#  254|   		ret = cc->cp_ctx != NULL ? 0 : SSH_ERR_INVALID_ARGUMENT;
#  255|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def92]
openssh-10.0p1/cipher.c:271:16: warning[-Wanalyzer-malloc-leak]: leak of ‘cc’
openssh-10.0p1/cipher.c:239:19: acquire_memory: allocated here
openssh-10.0p1/cipher.c:239:12: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
openssh-10.0p1/cipher.c:242:26: branch_false: ...to here
openssh-10.0p1/cipher.c:245:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:245:13: branch_false: ...to here
openssh-10.0p1/cipher.c:252:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:257:13: branch_false: ...to here
openssh-10.0p1/cipher.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:271:18: branch_false: ...to here
openssh-10.0p1/cipher.c:271:16: danger: ‘cc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  269|   	goto out;
#  270|   #else /* WITH_OPENSSL */
#  271|-> 	type = (*cipher->evptype)();
#  272|   	if ((cc->evp = EVP_CIPHER_CTX_new()) == NULL) {
#  273|   		ret = SSH_ERR_ALLOC_FAIL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def93]
openssh-10.0p1/cipher.c:272:24: warning[-Wanalyzer-malloc-leak]: leak of ‘cc’
openssh-10.0p1/cipher.c:239:19: acquire_memory: allocated here
openssh-10.0p1/cipher.c:239:12: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
openssh-10.0p1/cipher.c:242:26: branch_false: ...to here
openssh-10.0p1/cipher.c:245:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:245:13: branch_false: ...to here
openssh-10.0p1/cipher.c:252:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:257:13: branch_false: ...to here
openssh-10.0p1/cipher.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:271:18: branch_false: ...to here
openssh-10.0p1/cipher.c:272:24: danger: ‘cc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  270|   #else /* WITH_OPENSSL */
#  271|   	type = (*cipher->evptype)();
#  272|-> 	if ((cc->evp = EVP_CIPHER_CTX_new()) == NULL) {
#  273|   		ret = SSH_ERR_ALLOC_FAIL;
#  274|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def94]
openssh-10.0p1/cipher.c:276:13: warning[-Wanalyzer-malloc-leak]: leak of ‘cc’
openssh-10.0p1/cipher.c:239:19: acquire_memory: allocated here
openssh-10.0p1/cipher.c:239:12: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
openssh-10.0p1/cipher.c:242:26: branch_false: ...to here
openssh-10.0p1/cipher.c:245:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:245:13: branch_false: ...to here
openssh-10.0p1/cipher.c:252:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:257:13: branch_false: ...to here
openssh-10.0p1/cipher.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:271:18: branch_false: ...to here
openssh-10.0p1/cipher.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:276:13: branch_false: ...to here
openssh-10.0p1/cipher.c:276:13: danger: ‘cc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  274|   		goto out;
#  275|   	}
#  276|-> 	if (EVP_CipherInit(cc->evp, type, NULL, (u_char *)iv,
#  277|   	    (do_encrypt == CIPHER_ENCRYPT)) == 0) {
#  278|   		ret = SSH_ERR_LIBCRYPTO_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def95]
openssh-10.0p1/cipher.c:282:13: warning[-Wanalyzer-malloc-leak]: leak of ‘cc’
openssh-10.0p1/cipher.c:239:19: acquire_memory: allocated here
openssh-10.0p1/cipher.c:239:12: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
openssh-10.0p1/cipher.c:242:26: branch_false: ...to here
openssh-10.0p1/cipher.c:245:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:245:13: branch_false: ...to here
openssh-10.0p1/cipher.c:252:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:257:13: branch_false: ...to here
openssh-10.0p1/cipher.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:271:18: branch_false: ...to here
openssh-10.0p1/cipher.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:276:13: branch_false: ...to here
openssh-10.0p1/cipher.c:276:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:281:13: branch_false: ...to here
openssh-10.0p1/cipher.c:281:12: branch_true: following ‘true’ branch...
openssh-10.0p1/cipher.c:282:13: branch_true: ...to here
openssh-10.0p1/cipher.c:282:13: danger: ‘cc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  280|   	}
#  281|   	if (cipher_authlen(cipher) &&
#  282|-> 	    EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED,
#  283|   	    -1, (u_char *)iv) <= 0) {
#  284|   		ret = SSH_ERR_LIBCRYPTO_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def96]
openssh-10.0p1/cipher.c:289:21: warning[-Wanalyzer-malloc-leak]: leak of ‘cc’
openssh-10.0p1/cipher.c:239:19: acquire_memory: allocated here
openssh-10.0p1/cipher.c:239:12: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
openssh-10.0p1/cipher.c:242:26: branch_false: ...to here
openssh-10.0p1/cipher.c:245:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:245:13: branch_false: ...to here
openssh-10.0p1/cipher.c:252:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:257:13: branch_false: ...to here
openssh-10.0p1/cipher.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:271:18: branch_false: ...to here
openssh-10.0p1/cipher.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:276:13: branch_false: ...to here
openssh-10.0p1/cipher.c:276:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:281:13: branch_false: ...to here
openssh-10.0p1/cipher.c:288:12: branch_true: following ‘true’ branch...
openssh-10.0p1/cipher.c:289:21: branch_true: ...to here
openssh-10.0p1/cipher.c:289:21: danger: ‘cc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  287|   	klen = EVP_CIPHER_CTX_key_length(cc->evp);
#  288|   	if (klen > 0 && keylen != (u_int)klen) {
#  289|-> 		if (EVP_CIPHER_CTX_set_key_length(cc->evp, keylen) == 0) {
#  290|   			ret = SSH_ERR_LIBCRYPTO_ERROR;
#  291|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def97]
openssh-10.0p1/cipher.c:294:13: warning[-Wanalyzer-malloc-leak]: leak of ‘cc’
openssh-10.0p1/cipher.c:239:19: acquire_memory: allocated here
openssh-10.0p1/cipher.c:239:12: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
openssh-10.0p1/cipher.c:242:26: branch_false: ...to here
openssh-10.0p1/cipher.c:245:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:245:13: branch_false: ...to here
openssh-10.0p1/cipher.c:252:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:257:13: branch_false: ...to here
openssh-10.0p1/cipher.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:271:18: branch_false: ...to here
openssh-10.0p1/cipher.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:276:13: branch_false: ...to here
openssh-10.0p1/cipher.c:276:12: branch_false: following ‘false’ branch...
openssh-10.0p1/cipher.c:281:13: branch_false: ...to here
openssh-10.0p1/cipher.c:294:13: danger: ‘cc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  292|   		}
#  293|   	}
#  294|-> 	if (EVP_CipherInit(cc->evp, NULL, (u_char *)key, NULL, -1) == 0) {
#  295|   		ret = SSH_ERR_LIBCRYPTO_ERROR;
#  296|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def98]
openssh-10.0p1/cipher.c:307:25: warning[-Wanalyzer-malloc-leak]: leak of ‘cc’
openssh-10.0p1/cipher.c:239:19: acquire_memory: allocated here
openssh-10.0p1/cipher.c:239:12: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
openssh-10.0p1/cipher.c:242:26: branch_false: ...to here
openssh-10.0p1/cipher.c:307:25: danger: ‘cc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  305|   		if (cc != NULL) {
#  306|   #ifdef WITH_OPENSSL
#  307|-> 			EVP_CIPHER_CTX_free(cc->evp);
#  308|   #endif /* WITH_OPENSSL */
#  309|   			freezero(cc, sizeof(*cc));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def99]
openssh-10.0p1/cipher.c:309:25: warning[-Wanalyzer-malloc-leak]: leak of ‘cc’
openssh-10.0p1/cipher.c:239:19: acquire_memory: allocated here
openssh-10.0p1/cipher.c:239:12: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
openssh-10.0p1/cipher.c:242:26: branch_false: ...to here
openssh-10.0p1/cipher.c:309:25: danger: ‘cc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  307|   			EVP_CIPHER_CTX_free(cc->evp);
#  308|   #endif /* WITH_OPENSSL */
#  309|-> 			freezero(cc, sizeof(*cc));
#  310|   		}
#  311|   	}

Error: GCC_ANALYZER_WARNING (CWE-404): [#def100]
openssh-10.0p1/clientloop.c:211:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/clientloop.c:210:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/clientloop.c:211:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  209|   
#  210|   	va_start(args, fmt);
#  211|-> 	xvasprintf(&msg, fmt2, args);
#  212|   	va_end(args);
#  213|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def101]
openssh-10.0p1/clientloop.c:414:33: warning[-Wanalyzer-malloc-leak]: leak of ‘popen(cmd, "r")’
openssh-10.0p1/clientloop.c:309:12: branch_false: following ‘false’ branch...
openssh-10.0p1/clientloop.c:315:12: branch_false: ...to here
openssh-10.0p1/clientloop.c:315:12: branch_true: following ‘true’ branch (when ‘xauth_path’ is non-NULL)...
openssh-10.0p1/clientloop.c:315:35: branch_true: ...to here
openssh-10.0p1/clientloop.c:315:13: branch_false: following ‘false’ branch...
openssh-10.0p1/clientloop.c:328:21: branch_false: ...to here
openssh-10.0p1/clientloop.c:402:25: branch_false: following ‘false’ branch (when ‘generated == 0’)...
 branch_false: ...to here
openssh-10.0p1/clientloop.c:409:29: acquire_memory: allocated here
openssh-10.0p1/clientloop.c:410:28: branch_true: following ‘true’ branch...
openssh-10.0p1/clientloop.c:410:34: branch_true: ...to here
openssh-10.0p1/clientloop.c:414:33: danger: ‘popen(cmd, "r")’ leaks here; was allocated at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8)
#  412|   				got_data = 1;
#  413|   			if (f)
#  414|-> 				pclose(f);
#  415|   			free(cmd);
#  416|   		}

Error: COMPILER_WARNING (CWE-563): [#def102]
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:136:21: warning[-Wunused-variable]: unused variable ‘failed’
#  136 |         const char *failed;
#      |                     ^~~~~~
#  134|   passphrase_dialog(char *message, int prompt_type)
#  135|   {
#  136|-> 	const char *failed;
#  137|   	char *passphrase, *local;
#  138|   	int result, grab_tries, grab_server, grab_pointer;

Error: COMPILER_WARNING (CWE-477): [#def103]
openssh-10.0p1/contrib/gnome-ssh-askpass3.c: scope_hint: In function ‘passphrase_dialog’
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:184:17: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_fg’ is deprecated: Use 'gtk_widget_override_color' instead
#  184 |                 gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
#      |                 ^~~~~~~~~~~~~~~~~~~~
/usr/include/gtk-3.0/gtk/gtk.h:277: included_from: Included from here.
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:61: included_from: Included from here.
/usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:749:13: note: declared here
#  749 | void        gtk_widget_modify_fg          (GtkWidget            *widget,
#      |             ^~~~~~~~~~~~~~~~~~~~
#  182|   
#  183|   	if (fg_set)
#  184|-> 		gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
#  185|   	if (bg_set)
#  186|   		gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);

Error: COMPILER_WARNING (CWE-477): [#def104]
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:184:17: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_fg’ is deprecated: Use 'gtk_widget_override_color' instead
#  182|   
#  183|   	if (fg_set)
#  184|-> 		gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
#  185|   	if (bg_set)
#  186|   		gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);

Error: COMPILER_WARNING (CWE-477): [#def105]
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:186:17: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_bg’ is deprecated: Use 'gtk_widget_override_background_color' instead
#  186 |                 gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);
#      |                 ^~~~~~~~~~~~~~~~~~~~
/usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:753:13: note: declared here
#  753 | void        gtk_widget_modify_bg          (GtkWidget            *widget,
#      |             ^~~~~~~~~~~~~~~~~~~~
#  184|   		gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
#  185|   	if (bg_set)
#  186|-> 		gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);
#  187|   
#  188|   	if (prompt_type == PROMPT_ENTRY || prompt_type == PROMPT_NONE) {

Error: COMPILER_WARNING (CWE-477): [#def106]
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:186:17: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_bg’ is deprecated: Use 'gtk_widget_override_background_color' instead
#  184|   		gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
#  185|   	if (bg_set)
#  186|-> 		gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);
#  187|   
#  188|   	if (prompt_type == PROMPT_ENTRY || prompt_type == PROMPT_NONE) {

Error: COMPILER_WARNING (CWE-477): [#def107]
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:191:25: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_fg’ is deprecated: Use 'gtk_widget_override_color' instead
#  191 |                         gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
#      |                         ^~~~~~~~~~~~~~~~~~~~
/usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:749:13: note: declared here
#  749 | void        gtk_widget_modify_fg          (GtkWidget            *widget,
#      |             ^~~~~~~~~~~~~~~~~~~~
#  189|   		entry = gtk_entry_new();
#  190|   		if (fg_set)
#  191|-> 			gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
#  192|   		if (bg_set)
#  193|   			gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);

Error: COMPILER_WARNING (CWE-477): [#def108]
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:191:25: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_fg’ is deprecated: Use 'gtk_widget_override_color' instead
#  189|   		entry = gtk_entry_new();
#  190|   		if (fg_set)
#  191|-> 			gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
#  192|   		if (bg_set)
#  193|   			gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);

Error: COMPILER_WARNING (CWE-477): [#def109]
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:193:25: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_bg’ is deprecated: Use 'gtk_widget_override_background_color' instead
#  193 |                         gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);
#      |                         ^~~~~~~~~~~~~~~~~~~~
/usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:753:13: note: declared here
#  753 | void        gtk_widget_modify_bg          (GtkWidget            *widget,
#      |             ^~~~~~~~~~~~~~~~~~~~
#  191|   			gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
#  192|   		if (bg_set)
#  193|-> 			gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);
#  194|   		gtk_box_pack_start(
#  195|   		    GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),

Error: COMPILER_WARNING (CWE-477): [#def110]
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:193:25: warning[-Wdeprecated-declarations]: ‘gtk_widget_modify_bg’ is deprecated: Use 'gtk_widget_override_background_color' instead
#  191|   			gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
#  192|   		if (bg_set)
#  193|-> 			gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);
#  194|   		gtk_box_pack_start(
#  195|   		    GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),

Error: COMPILER_WARNING (CWE-457): [#def111]
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:243:39: warning[-Wmaybe-uninitialized]: ‘entry’ may be used uninitialized
#  243 |                 passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
#      |                                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
openssh-10.0p1/contrib/gnome-ssh-askpass3.c: scope_hint: In function ‘main’
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:140:45: note: ‘entry’ was declared here
#  140 |         GtkWidget *parent_window, *dialog, *entry, *err;
#      |                                             ^~~~~
#  241|   	/* Report passphrase if user selected OK */
#  242|   	if (prompt_type == PROMPT_ENTRY) {
#  243|-> 		passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
#  244|   		if (result == GTK_RESPONSE_OK) {
#  245|   			local = g_locale_from_utf8(passphrase,

Error: GCC_ANALYZER_WARNING (CWE-688): [#def112]
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:246:29: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:134:1: enter_function: entry to ‘passphrase_dialog’
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:188:12: branch_true: following ‘true’ branch...
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:189:25: branch_true: ...to here
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:242:12: branch_true: following ‘true’ branch (when ‘prompt_type == 0’)...
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:243:30: branch_true: ...to here
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:244:20: branch_true: following ‘true’ branch...
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:246:29: branch_true: ...to here
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:246:29: danger: argument 1 (‘<unknown>’) NULL where non-null expected
#argument 1 of ‘__builtin_strlen’ must be non-null
#  244|   		if (result == GTK_RESPONSE_OK) {
#  245|   			local = g_locale_from_utf8(passphrase,
#  246|-> 			    strlen(passphrase), NULL, NULL, NULL);
#  247|   			if (local != NULL) {
#  248|   				puts(local);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def113]
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:256:17: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:134:1: enter_function: entry to ‘passphrase_dialog’
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:188:12: branch_true: following ‘true’ branch...
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:189:25: branch_true: ...to here
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:242:12: branch_true: following ‘true’ branch (when ‘prompt_type == 0’)...
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:243:30: branch_true: ...to here
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:244:20: branch_false: following ‘false’ branch...
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:256:17: branch_false: ...to here
openssh-10.0p1/contrib/gnome-ssh-askpass3.c:256:17: danger: argument 1 (‘<unknown>’) NULL where non-null expected
#argument 1 of ‘__builtin_strlen’ must be non-null
#  254|   		}
#  255|   		/* Zero passphrase in memory */
#  256|-> 		memset(passphrase, '\b', strlen(passphrase));
#  257|   		gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
#  258|   		memset(passphrase, '\0', strlen(passphrase));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def114]
openssh-10.0p1/digest-openssl.c:122:27: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/digest-openssl.c:114:1: enter_function: entry to ‘ssh_digest_start’
openssh-10.0p1/digest-openssl.c:116:43: call_function: calling ‘ssh_digest_by_alg’ from ‘ssh_digest_start’
openssh-10.0p1/digest-openssl.c:116:43: return_function: returning to ‘ssh_digest_start’ from ‘ssh_digest_by_alg’
openssh-10.0p1/digest-openssl.c:119:12: branch_false: following ‘false’ branch...
openssh-10.0p1/digest-openssl.c:119:39: branch_false: ...to here
openssh-10.0p1/digest-openssl.c:119:39: acquire_memory: allocated here
openssh-10.0p1/digest-openssl.c:119:13: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/digest-openssl.c:121:9: branch_false: ...to here
openssh-10.0p1/digest-openssl.c:122:27: danger: ‘ret’ leaks here; was allocated at [(13)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/12)
#  120|   		return NULL;
#  121|   	ret->alg = alg;
#  122|-> 	if ((ret->mdctx = EVP_MD_CTX_new()) == NULL) {
#  123|   		free(ret);
#  124|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def115]
openssh-10.0p1/digest-openssl.c:126:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/digest-openssl.c:114:1: enter_function: entry to ‘ssh_digest_start’
openssh-10.0p1/digest-openssl.c:116:43: call_function: calling ‘ssh_digest_by_alg’ from ‘ssh_digest_start’
openssh-10.0p1/digest-openssl.c:116:43: return_function: returning to ‘ssh_digest_start’ from ‘ssh_digest_by_alg’
openssh-10.0p1/digest-openssl.c:119:12: branch_false: following ‘false’ branch...
openssh-10.0p1/digest-openssl.c:119:39: branch_false: ...to here
openssh-10.0p1/digest-openssl.c:119:39: acquire_memory: allocated here
openssh-10.0p1/digest-openssl.c:119:13: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/digest-openssl.c:121:9: branch_false: ...to here
openssh-10.0p1/digest-openssl.c:122:12: branch_false: following ‘false’ branch...
openssh-10.0p1/digest-openssl.c:126:43: branch_false: ...to here
openssh-10.0p1/digest-openssl.c:126:13: danger: ‘ret’ leaks here; was allocated at [(13)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/12)
#  124|   		return NULL;
#  125|   	}
#  126|-> 	if (EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) {
#  127|   		ssh_digest_free(ret);
#  128|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def116]
openssh-10.0p1/digest-openssl.c:180:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/digest-openssl.c:114:1: enter_function: entry to ‘ssh_digest_start’
openssh-10.0p1/digest-openssl.c:116:43: call_function: calling ‘ssh_digest_by_alg’ from ‘ssh_digest_start’
openssh-10.0p1/digest-openssl.c:116:43: return_function: returning to ‘ssh_digest_start’ from ‘ssh_digest_by_alg’
openssh-10.0p1/digest-openssl.c:119:12: branch_false: following ‘false’ branch...
openssh-10.0p1/digest-openssl.c:119:39: branch_false: ...to here
openssh-10.0p1/digest-openssl.c:119:39: acquire_memory: allocated here
openssh-10.0p1/digest-openssl.c:119:13: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/digest-openssl.c:121:9: branch_false: ...to here
openssh-10.0p1/digest-openssl.c:122:12: branch_false: following ‘false’ branch...
openssh-10.0p1/digest-openssl.c:126:43: branch_false: ...to here
openssh-10.0p1/digest-openssl.c:126:12: branch_true: following ‘true’ branch...
openssh-10.0p1/digest-openssl.c:127:17: branch_true: ...to here
openssh-10.0p1/digest-openssl.c:127:17: call_function: calling ‘ssh_digest_free’ from ‘ssh_digest_start’
#  178|   	if (ctx == NULL)
#  179|   		return;
#  180|-> 	EVP_MD_CTX_free(ctx->mdctx);
#  181|   	freezero(ctx, sizeof(*ctx));
#  182|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def117]
openssh-10.0p1/digest-openssl.c:181:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/digest-openssl.c:114:1: enter_function: entry to ‘ssh_digest_start’
openssh-10.0p1/digest-openssl.c:116:43: call_function: calling ‘ssh_digest_by_alg’ from ‘ssh_digest_start’
openssh-10.0p1/digest-openssl.c:116:43: return_function: returning to ‘ssh_digest_start’ from ‘ssh_digest_by_alg’
openssh-10.0p1/digest-openssl.c:119:12: branch_false: following ‘false’ branch...
openssh-10.0p1/digest-openssl.c:119:39: branch_false: ...to here
openssh-10.0p1/digest-openssl.c:119:39: acquire_memory: allocated here
openssh-10.0p1/digest-openssl.c:119:13: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/digest-openssl.c:121:9: branch_false: ...to here
openssh-10.0p1/digest-openssl.c:122:12: branch_false: following ‘false’ branch...
openssh-10.0p1/digest-openssl.c:126:43: branch_false: ...to here
openssh-10.0p1/digest-openssl.c:126:12: branch_true: following ‘true’ branch...
openssh-10.0p1/digest-openssl.c:127:17: branch_true: ...to here
openssh-10.0p1/digest-openssl.c:127:17: call_function: calling ‘ssh_digest_free’ from ‘ssh_digest_start’
#  179|   		return;
#  180|   	EVP_MD_CTX_free(ctx->mdctx);
#  181|-> 	freezero(ctx, sizeof(*ctx));
#  182|   }
#  183|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def118]
openssh-10.0p1/fatal.c:43:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/fatal.c:42:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/fatal.c:43:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   41|   
#   42|   	va_start(args, fmt);
#   43|-> 	sshlogv(file, func, line, showfunc, level, suffix, fmt, args);
#   44|   	va_end(args);
#   45|   	cleanup_exit(255);

Error: COMPILER_WARNING: [#def119]
openssh-10.0p1/gss-genr.c: scope_hint: In function ‘ssh_gssapi_kex_mechs’
openssh-10.0p1/gss-genr.c:172:30: warning[-Wstringop-truncation]: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length
#  172 |                         cp = strncpy(s, kex, strlen(kex));
#      |                              ^
openssh-10.0p1/gss-genr.c:172:46: note: length computed here
#  172 |                         cp = strncpy(s, kex, strlen(kex));
#      |                                              ^~~~~~~~~~~
#  170|   			    ssh_digest_bytes(SSH_DIGEST_MD5) * 2);
#  171|   #pragma GCC diagnostic ignored "-Wstringop-overflow"
#  172|-> 			cp = strncpy(s, kex, strlen(kex));
#  173|   #pragma GCC diagnostic pop
#  174|   			for ((p = strsep(&cp, ",")); p && *p != '\0';

Error: GCC_ANALYZER_WARNING (CWE-775): [#def120]
openssh-10.0p1/gss-serv-krb5.c:359:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&file, "r")’
openssh-10.0p1/gss-serv-krb5.c:342:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:342:14: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:346:19: acquire_resource: opened here
openssh-10.0p1/gss-serv-krb5.c:346:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:357:13: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:357:12: branch_true: following ‘true’ branch...
openssh-10.0p1/gss-serv-krb5.c:359:17: branch_true: ...to here
openssh-10.0p1/gss-serv-krb5.c:359:17: danger: ‘fopen(&file, "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  357|   	if (fstat(fileno(fp), &st) == -1) {
#  358|   		/* can happen, but very wierd error so report it */
#  359|-> 		logit("User %s fstat %s failed: %s",
#  360|   		    pw->pw_name, file, strerror(errno));
#  361|   		fclose(fp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def121]
openssh-10.0p1/gss-serv-krb5.c:359:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(&file, "r")’
openssh-10.0p1/gss-serv-krb5.c:342:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:342:14: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:346:19: acquire_memory: allocated here
openssh-10.0p1/gss-serv-krb5.c:346:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:357:13: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:357:12: branch_true: following ‘true’ branch...
openssh-10.0p1/gss-serv-krb5.c:359:17: branch_true: ...to here
openssh-10.0p1/gss-serv-krb5.c:359:17: danger: ‘fopen(&file, "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  357|   	if (fstat(fileno(fp), &st) == -1) {
#  358|   		/* can happen, but very wierd error so report it */
#  359|-> 		logit("User %s fstat %s failed: %s",
#  360|   		    pw->pw_name, file, strerror(errno));
#  361|   		fclose(fp);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def122]
openssh-10.0p1/gss-serv-krb5.c:365:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&file, "r")’
openssh-10.0p1/gss-serv-krb5.c:342:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:342:14: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:346:19: acquire_resource: opened here
openssh-10.0p1/gss-serv-krb5.c:346:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:357:13: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:357:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:364:15: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:364:12: branch_true: following ‘true’ branch...
openssh-10.0p1/gss-serv-krb5.c:365:17: danger: ‘fopen(&file, "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  363|   	}
#  364|   	if (!(st.st_uid == pw->pw_uid || st.st_uid == 0)) {
#  365|-> 		logit("User %s %s is not owned by root or user",
#  366|   		    pw->pw_name, file);
#  367|   		fclose(fp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def123]
openssh-10.0p1/gss-serv-krb5.c:365:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(&file, "r")’
openssh-10.0p1/gss-serv-krb5.c:342:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:342:14: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:346:19: acquire_memory: allocated here
openssh-10.0p1/gss-serv-krb5.c:346:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:357:13: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:357:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:364:15: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:364:12: branch_true: following ‘true’ branch...
openssh-10.0p1/gss-serv-krb5.c:365:17: danger: ‘fopen(&file, "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  363|   	}
#  364|   	if (!(st.st_uid == pw->pw_uid || st.st_uid == 0)) {
#  365|-> 		logit("User %s %s is not owned by root or user",
#  366|   		    pw->pw_name, file);
#  367|   		fclose(fp);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def124]
openssh-10.0p1/gss-serv-krb5.c:373:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&file, "r")’
openssh-10.0p1/gss-serv-krb5.c:342:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:342:14: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:346:19: acquire_resource: opened here
openssh-10.0p1/gss-serv-krb5.c:346:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:357:13: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:357:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:364:15: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:372:12: branch_true: following ‘true’ branch...
openssh-10.0p1/gss-serv-krb5.c:373:17: branch_true: ...to here
openssh-10.0p1/gss-serv-krb5.c:373:17: danger: ‘fopen(&file, "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  371|   	  * check, but we don't want to be deficient if they add a check. */
#  372|   	if (!S_ISREG(st.st_mode)) {
#  373|-> 		logit("User %s %s is not a regular file", pw->pw_name, file);
#  374|   		fclose(fp);
#  375|   		return 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def125]
openssh-10.0p1/gss-serv-krb5.c:373:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(&file, "r")’
openssh-10.0p1/gss-serv-krb5.c:342:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:342:14: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:346:19: acquire_memory: allocated here
openssh-10.0p1/gss-serv-krb5.c:346:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:357:13: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:357:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:364:15: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:372:12: branch_true: following ‘true’ branch...
openssh-10.0p1/gss-serv-krb5.c:373:17: branch_true: ...to here
openssh-10.0p1/gss-serv-krb5.c:373:17: danger: ‘fopen(&file, "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  371|   	  * check, but we don't want to be deficient if they add a check. */
#  372|   	if (!S_ISREG(st.st_mode)) {
#  373|-> 		logit("User %s %s is not a regular file", pw->pw_name, file);
#  374|   		fclose(fp);
#  375|   		return 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def126]
openssh-10.0p1/gss-serv-krb5.c:378:32: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&file, "r")’
openssh-10.0p1/gss-serv-krb5.c:342:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:342:14: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:346:19: acquire_resource: opened here
openssh-10.0p1/gss-serv-krb5.c:346:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:357:13: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:357:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:364:15: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:372:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:378:32: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:378:32: danger: ‘fopen(&file, "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
#  376|   	}
#  377|   	/* file exists; initialize k5users_allowed_cmds (to none!) */
#  378|-> 	k5users_allowed_cmds = xcalloc(++ncommands,
#  379|   	    sizeof(*k5users_allowed_cmds));
#  380|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def127]
openssh-10.0p1/gss-serv-krb5.c:378:32: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(&file, "r")’
openssh-10.0p1/gss-serv-krb5.c:342:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:342:14: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:346:19: acquire_memory: allocated here
openssh-10.0p1/gss-serv-krb5.c:346:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:357:13: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:357:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:364:15: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:372:12: branch_false: following ‘false’ branch...
openssh-10.0p1/gss-serv-krb5.c:378:32: branch_false: ...to here
openssh-10.0p1/gss-serv-krb5.c:378:32: danger: ‘fopen(&file, "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
#  376|   	}
#  377|   	/* file exists; initialize k5users_allowed_cmds (to none!) */
#  378|-> 	k5users_allowed_cmds = xcalloc(++ncommands,
#  379|   	    sizeof(*k5users_allowed_cmds));
#  380|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def128]
openssh-10.0p1/hmac.c:52:26: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/hmac.c:49:20: acquire_memory: allocated here
openssh-10.0p1/hmac.c:49:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/hmac.c:51:9: branch_false: ...to here
openssh-10.0p1/hmac.c:52:26: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   50|   		return NULL;
#   51|   	ret->alg = alg;
#   52|-> 	if ((ret->ictx = ssh_digest_start(alg)) == NULL ||
#   53|   	    (ret->octx = ssh_digest_start(alg)) == NULL ||
#   54|   	    (ret->digest = ssh_digest_start(alg)) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def129]
openssh-10.0p1/hmac.c:53:26: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/hmac.c:49:20: acquire_memory: allocated here
openssh-10.0p1/hmac.c:49:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/hmac.c:51:9: branch_false: ...to here
openssh-10.0p1/hmac.c:52:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hmac.c:53:26: branch_false: ...to here
openssh-10.0p1/hmac.c:53:26: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   51|   	ret->alg = alg;
#   52|   	if ((ret->ictx = ssh_digest_start(alg)) == NULL ||
#   53|-> 	    (ret->octx = ssh_digest_start(alg)) == NULL ||
#   54|   	    (ret->digest = ssh_digest_start(alg)) == NULL)
#   55|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def130]
openssh-10.0p1/hmac.c:54:28: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/hmac.c:49:20: acquire_memory: allocated here
openssh-10.0p1/hmac.c:49:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/hmac.c:51:9: branch_false: ...to here
openssh-10.0p1/hmac.c:52:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hmac.c:53:26: branch_false: ...to here
openssh-10.0p1/hmac.c:52:13: branch_false: following ‘false’ branch...
openssh-10.0p1/hmac.c:54:28: branch_false: ...to here
openssh-10.0p1/hmac.c:54:28: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   52|   	if ((ret->ictx = ssh_digest_start(alg)) == NULL ||
#   53|   	    (ret->octx = ssh_digest_start(alg)) == NULL ||
#   54|-> 	    (ret->digest = ssh_digest_start(alg)) == NULL)
#   55|   		goto fail;
#   56|   	ret->buf_len = ssh_digest_blocksize(ret->ictx);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def131]
openssh-10.0p1/hmac.c:56:24: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/hmac.c:49:20: acquire_memory: allocated here
openssh-10.0p1/hmac.c:49:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/hmac.c:51:9: branch_false: ...to here
openssh-10.0p1/hmac.c:52:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hmac.c:53:26: branch_false: ...to here
openssh-10.0p1/hmac.c:52:13: branch_false: following ‘false’ branch...
openssh-10.0p1/hmac.c:54:28: branch_false: ...to here
openssh-10.0p1/hmac.c:52:13: branch_false: following ‘false’ branch...
openssh-10.0p1/hmac.c:56:24: branch_false: ...to here
openssh-10.0p1/hmac.c:56:24: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#   54|   	    (ret->digest = ssh_digest_start(alg)) == NULL)
#   55|   		goto fail;
#   56|-> 	ret->buf_len = ssh_digest_blocksize(ret->ictx);
#   57|   	if ((ret->buf = calloc(1, ret->buf_len)) == NULL)
#   58|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def132]
openssh-10.0p1/hmac.c:127:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/hmac.c:45:1: enter_function: entry to ‘ssh_hmac_start’
openssh-10.0p1/hmac.c:49:20: acquire_memory: allocated here
openssh-10.0p1/hmac.c:49:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/hmac.c:51:9: branch_false: ...to here
openssh-10.0p1/hmac.c:52:12: branch_true: following ‘true’ branch...
openssh-10.0p1/hmac.c:55:17: branch_true: ...to here
openssh-10.0p1/hmac.c:61:9: call_function: calling ‘ssh_hmac_free’ from ‘ssh_hmac_start’
#  125|   {
#  126|   	if (ctx != NULL) {
#  127|-> 		ssh_digest_free(ctx->ictx);
#  128|   		ssh_digest_free(ctx->octx);
#  129|   		ssh_digest_free(ctx->digest);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def133]
openssh-10.0p1/hmac.c:128:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/hmac.c:45:1: enter_function: entry to ‘ssh_hmac_start’
openssh-10.0p1/hmac.c:49:20: acquire_memory: allocated here
openssh-10.0p1/hmac.c:49:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/hmac.c:51:9: branch_false: ...to here
openssh-10.0p1/hmac.c:52:12: branch_true: following ‘true’ branch...
openssh-10.0p1/hmac.c:55:17: branch_true: ...to here
openssh-10.0p1/hmac.c:61:9: call_function: calling ‘ssh_hmac_free’ from ‘ssh_hmac_start’
#  126|   	if (ctx != NULL) {
#  127|   		ssh_digest_free(ctx->ictx);
#  128|-> 		ssh_digest_free(ctx->octx);
#  129|   		ssh_digest_free(ctx->digest);
#  130|   		if (ctx->buf) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def134]
openssh-10.0p1/hmac.c:129:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/hmac.c:45:1: enter_function: entry to ‘ssh_hmac_start’
openssh-10.0p1/hmac.c:49:20: acquire_memory: allocated here
openssh-10.0p1/hmac.c:49:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/hmac.c:51:9: branch_false: ...to here
openssh-10.0p1/hmac.c:52:12: branch_true: following ‘true’ branch...
openssh-10.0p1/hmac.c:55:17: branch_true: ...to here
openssh-10.0p1/hmac.c:61:9: call_function: calling ‘ssh_hmac_free’ from ‘ssh_hmac_start’
#  127|   		ssh_digest_free(ctx->ictx);
#  128|   		ssh_digest_free(ctx->octx);
#  129|-> 		ssh_digest_free(ctx->digest);
#  130|   		if (ctx->buf) {
#  131|   			explicit_bzero(ctx->buf, ctx->buf_len);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def135]
openssh-10.0p1/hmac.c:134:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/hmac.c:45:1: enter_function: entry to ‘ssh_hmac_start’
openssh-10.0p1/hmac.c:49:20: acquire_memory: allocated here
openssh-10.0p1/hmac.c:49:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/hmac.c:51:9: branch_false: ...to here
openssh-10.0p1/hmac.c:52:12: branch_true: following ‘true’ branch...
openssh-10.0p1/hmac.c:55:17: branch_true: ...to here
openssh-10.0p1/hmac.c:61:9: call_function: calling ‘ssh_hmac_free’ from ‘ssh_hmac_start’
#  132|   			free(ctx->buf);
#  133|   		}
#  134|-> 		freezero(ctx, sizeof(*ctx));
#  135|   	}
#  136|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def136]
openssh-10.0p1/hostfile.c:132:15: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:529:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_resource: opened here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:544:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:544:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:550:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  130|   	u_int len;
#  131|   
#  132|-> 	len = ssh_digest_bytes(SSH_DIGEST_SHA1);
#  133|   
#  134|   	if (name_from_hostfile == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def137]
openssh-10.0p1/hostfile.c:132:15: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:529:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:544:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:544:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:550:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  130|   	u_int len;
#  131|   
#  132|-> 	len = ssh_digest_bytes(SSH_DIGEST_SHA1);
#  133|   
#  134|   	if (name_from_hostfile == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def138]
openssh-10.0p1/hostfile.c:144:20: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:529:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_resource: opened here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:544:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:544:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:550:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  142|   	}
#  143|   
#  144|-> 	if ((ctx = ssh_hmac_start(SSH_DIGEST_SHA1)) == NULL ||
#  145|   	    ssh_hmac_init(ctx, salt, len) < 0 ||
#  146|   	    ssh_hmac_update(ctx, host, strlen(host)) < 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def139]
openssh-10.0p1/hostfile.c:144:20: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:529:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:544:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:544:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:550:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  142|   	}
#  143|   
#  144|-> 	if ((ctx = ssh_hmac_start(SSH_DIGEST_SHA1)) == NULL ||
#  145|   	    ssh_hmac_init(ctx, salt, len) < 0 ||
#  146|   	    ssh_hmac_update(ctx, host, strlen(host)) < 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def140]
openssh-10.0p1/hostfile.c:145:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:529:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_resource: opened here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:544:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:544:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:550:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  143|   
#  144|   	if ((ctx = ssh_hmac_start(SSH_DIGEST_SHA1)) == NULL ||
#  145|-> 	    ssh_hmac_init(ctx, salt, len) < 0 ||
#  146|   	    ssh_hmac_update(ctx, host, strlen(host)) < 0 ||
#  147|   	    ssh_hmac_final(ctx, result, sizeof(result)))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def141]
openssh-10.0p1/hostfile.c:145:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:529:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:544:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:544:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:550:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  143|   
#  144|   	if ((ctx = ssh_hmac_start(SSH_DIGEST_SHA1)) == NULL ||
#  145|-> 	    ssh_hmac_init(ctx, salt, len) < 0 ||
#  146|   	    ssh_hmac_update(ctx, host, strlen(host)) < 0 ||
#  147|   	    ssh_hmac_final(ctx, result, sizeof(result)))

Error: GCC_ANALYZER_WARNING (CWE-775): [#def142]
openssh-10.0p1/hostfile.c:146:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:529:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_resource: opened here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:544:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:544:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:550:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  144|   	if ((ctx = ssh_hmac_start(SSH_DIGEST_SHA1)) == NULL ||
#  145|   	    ssh_hmac_init(ctx, salt, len) < 0 ||
#  146|-> 	    ssh_hmac_update(ctx, host, strlen(host)) < 0 ||
#  147|   	    ssh_hmac_final(ctx, result, sizeof(result)))
#  148|   		fatal_f("ssh_hmac failed");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def143]
openssh-10.0p1/hostfile.c:146:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:529:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:544:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:544:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:550:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  144|   	if ((ctx = ssh_hmac_start(SSH_DIGEST_SHA1)) == NULL ||
#  145|   	    ssh_hmac_init(ctx, salt, len) < 0 ||
#  146|-> 	    ssh_hmac_update(ctx, host, strlen(host)) < 0 ||
#  147|   	    ssh_hmac_final(ctx, result, sizeof(result)))
#  148|   		fatal_f("ssh_hmac failed");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def144]
openssh-10.0p1/hostfile.c:147:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:529:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_resource: opened here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:544:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:544:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:550:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  145|   	    ssh_hmac_init(ctx, salt, len) < 0 ||
#  146|   	    ssh_hmac_update(ctx, host, strlen(host)) < 0 ||
#  147|-> 	    ssh_hmac_final(ctx, result, sizeof(result)))
#  148|   		fatal_f("ssh_hmac failed");
#  149|   	ssh_hmac_free(ctx);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def145]
openssh-10.0p1/hostfile.c:147:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:529:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:544:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:544:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:550:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  145|   	    ssh_hmac_init(ctx, salt, len) < 0 ||
#  146|   	    ssh_hmac_update(ctx, host, strlen(host)) < 0 ||
#  147|-> 	    ssh_hmac_final(ctx, result, sizeof(result)))
#  148|   		fatal_f("ssh_hmac failed");
#  149|   	ssh_hmac_free(ctx);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def146]
openssh-10.0p1/hostfile.c:148:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:529:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_resource: opened here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:544:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:544:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:550:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  146|   	    ssh_hmac_update(ctx, host, strlen(host)) < 0 ||
#  147|   	    ssh_hmac_final(ctx, result, sizeof(result)))
#  148|-> 		fatal_f("ssh_hmac failed");
#  149|   	ssh_hmac_free(ctx);
#  150|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def147]
openssh-10.0p1/hostfile.c:148:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:529:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:544:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:544:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:550:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  146|   	    ssh_hmac_update(ctx, host, strlen(host)) < 0 ||
#  147|   	    ssh_hmac_final(ctx, result, sizeof(result)))
#  148|-> 		fatal_f("ssh_hmac failed");
#  149|   	ssh_hmac_free(ctx);
#  150|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def148]
openssh-10.0p1/hostfile.c:458:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:529:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_resource: opened here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:544:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:544:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:550:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  456|   	char *hashed_host = NULL, *lhost;
#  457|   
#  458|-> 	lhost = xstrdup(host);
#  459|   	lowercase(lhost);
#  460|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def149]
openssh-10.0p1/hostfile.c:458:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:529:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:544:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:544:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:550:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  456|   	char *hashed_host = NULL, *lhost;
#  457|   
#  458|-> 	lhost = xstrdup(host);
#  459|   	lowercase(lhost);
#  460|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def150]
openssh-10.0p1/hostfile.c:459:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:529:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_resource: opened here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:544:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:544:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:550:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  457|   
#  458|   	lhost = xstrdup(host);
#  459|-> 	lowercase(lhost);
#  460|   
#  461|   	if (store_hash) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def151]
openssh-10.0p1/hostfile.c:459:9: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:529:1: enter_function: entry to ‘add_host_to_hostfile’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:544:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:544:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:550:19: call_function: calling ‘write_host_entry’ from ‘add_host_to_hostfile’
#  457|   
#  458|   	lhost = xstrdup(host);
#  459|-> 	lowercase(lhost);
#  460|   
#  461|   	if (store_hash) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def152]
openssh-10.0p1/hostfile.c:542:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_resource: opened here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:542:13: danger: ‘fopen(filename, "a+")’ leaks here; was opened at [(3)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/2)
#  540|   		return 0;
#  541|   	/* Make sure we have a terminating newline. */
#  542|-> 	if (fseek(f, -1L, SEEK_END) == 0 && fgetc(f) != '\n')
#  543|   		addnl = 1;
#  544|   	if (fseek(f, 0L, SEEK_END) != 0 || (addnl && fputc('\n', f) != '\n')) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def153]
openssh-10.0p1/hostfile.c:542:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:542:13: danger: ‘fopen(filename, "a+")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/2)
#  540|   		return 0;
#  541|   	/* Make sure we have a terminating newline. */
#  542|-> 	if (fseek(f, -1L, SEEK_END) == 0 && fgetc(f) != '\n')
#  543|   		addnl = 1;
#  544|   	if (fseek(f, 0L, SEEK_END) != 0 || (addnl && fputc('\n', f) != '\n')) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def154]
openssh-10.0p1/hostfile.c:542:45: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_resource: opened here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:542:12: branch_true: following ‘true’ branch...
openssh-10.0p1/hostfile.c:542:45: branch_true: ...to here
openssh-10.0p1/hostfile.c:542:45: danger: ‘fopen(filename, "a+")’ leaks here; was opened at [(3)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/2)
#  540|   		return 0;
#  541|   	/* Make sure we have a terminating newline. */
#  542|-> 	if (fseek(f, -1L, SEEK_END) == 0 && fgetc(f) != '\n')
#  543|   		addnl = 1;
#  544|   	if (fseek(f, 0L, SEEK_END) != 0 || (addnl && fputc('\n', f) != '\n')) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def155]
openssh-10.0p1/hostfile.c:542:45: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:542:12: branch_true: following ‘true’ branch...
openssh-10.0p1/hostfile.c:542:45: branch_true: ...to here
openssh-10.0p1/hostfile.c:542:45: danger: ‘fopen(filename, "a+")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/2)
#  540|   		return 0;
#  541|   	/* Make sure we have a terminating newline. */
#  542|-> 	if (fseek(f, -1L, SEEK_END) == 0 && fgetc(f) != '\n')
#  543|   		addnl = 1;
#  544|   	if (fseek(f, 0L, SEEK_END) != 0 || (addnl && fputc('\n', f) != '\n')) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def156]
openssh-10.0p1/hostfile.c:544:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_resource: opened here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:544:13: danger: ‘fopen(filename, "a+")’ leaks here; was opened at [(3)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/2)
#  542|   	if (fseek(f, -1L, SEEK_END) == 0 && fgetc(f) != '\n')
#  543|   		addnl = 1;
#  544|-> 	if (fseek(f, 0L, SEEK_END) != 0 || (addnl && fputc('\n', f) != '\n')) {
#  545|   		error("Failed to add terminating newline to %s: %s",
#  546|   		   filename, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def157]
openssh-10.0p1/hostfile.c:544:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:544:13: danger: ‘fopen(filename, "a+")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/2)
#  542|   	if (fseek(f, -1L, SEEK_END) == 0 && fgetc(f) != '\n')
#  543|   		addnl = 1;
#  544|-> 	if (fseek(f, 0L, SEEK_END) != 0 || (addnl && fputc('\n', f) != '\n')) {
#  545|   		error("Failed to add terminating newline to %s: %s",
#  546|   		   filename, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def158]
openssh-10.0p1/hostfile.c:545:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_resource: opened here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:545:17: danger: ‘fopen(filename, "a+")’ leaks here; was opened at [(3)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/2)
#  543|   		addnl = 1;
#  544|   	if (fseek(f, 0L, SEEK_END) != 0 || (addnl && fputc('\n', f) != '\n')) {
#  545|-> 		error("Failed to add terminating newline to %s: %s",
#  546|   		   filename, strerror(errno));
#  547|   		fclose(f);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def159]
openssh-10.0p1/hostfile.c:545:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "a+")’
openssh-10.0p1/hostfile.c:535:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/hostfile.c:537:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:538:13: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:539:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:542:13: branch_false: ...to here
openssh-10.0p1/hostfile.c:545:17: danger: ‘fopen(filename, "a+")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/2)
#  543|   		addnl = 1;
#  544|   	if (fseek(f, 0L, SEEK_END) != 0 || (addnl && fputc('\n', f) != '\n')) {
#  545|-> 		error("Failed to add terminating newline to %s: %s",
#  546|   		   filename, strerror(errno));
#  547|   		fclose(f);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def160]
openssh-10.0p1/hostfile.c:644:19: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.match_keys’
openssh-10.0p1/hostfile.c:629:31: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:629:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:631:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:638:12: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.0p1/hostfile.c:639:18: branch_false: ...to here
openssh-10.0p1/hostfile.c:638:13: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.0p1/hostfile.c:644:19: branch_false: ...to here
openssh-10.0p1/hostfile.c:644:19: danger: ‘ctx.match_keys’ leaks here; was allocated at [(1)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/0)
#  642|   	}
#  643|   
#  644|-> 	if ((fd = mkstemp(temp)) == -1) {
#  645|   		oerrno = errno;
#  646|   		error_f("mkstemp: %s", strerror(oerrno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def161]
openssh-10.0p1/hostfile.c:646:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.match_keys’
openssh-10.0p1/hostfile.c:629:31: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:629:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:631:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:638:12: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.0p1/hostfile.c:639:18: branch_false: ...to here
openssh-10.0p1/hostfile.c:638:13: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.0p1/hostfile.c:644:19: branch_false: ...to here
openssh-10.0p1/hostfile.c:644:12: branch_true: following ‘true’ branch...
openssh-10.0p1/hostfile.c:645:26: branch_true: ...to here
openssh-10.0p1/hostfile.c:646:17: danger: ‘ctx.match_keys’ leaks here; was allocated at [(1)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/0)
#  644|   	if ((fd = mkstemp(temp)) == -1) {
#  645|   		oerrno = errno;
#  646|-> 		error_f("mkstemp: %s", strerror(oerrno));
#  647|   		r = SSH_ERR_SYSTEM_ERROR;
#  648|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def162]
openssh-10.0p1/hostfile.c:652:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.match_keys’
openssh-10.0p1/hostfile.c:629:31: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:629:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:631:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:638:12: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.0p1/hostfile.c:639:18: branch_false: ...to here
openssh-10.0p1/hostfile.c:638:13: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.0p1/hostfile.c:644:19: branch_false: ...to here
openssh-10.0p1/hostfile.c:644:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:650:24: branch_false: ...to here
openssh-10.0p1/hostfile.c:650:12: branch_true: following ‘true’ branch...
openssh-10.0p1/hostfile.c:651:26: branch_true: ...to here
openssh-10.0p1/hostfile.c:652:17: danger: ‘ctx.match_keys’ leaks here; was allocated at [(1)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/0)
#  650|   	if ((ctx.out = fdopen(fd, "w")) == NULL) {
#  651|   		oerrno = errno;
#  652|-> 		close(fd);
#  653|   		error_f("fdopen: %s", strerror(oerrno));
#  654|   		r = SSH_ERR_SYSTEM_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def163]
openssh-10.0p1/hostfile.c:653:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.match_keys’
openssh-10.0p1/hostfile.c:629:31: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:629:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:631:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:638:12: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.0p1/hostfile.c:639:18: branch_false: ...to here
openssh-10.0p1/hostfile.c:638:13: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.0p1/hostfile.c:644:19: branch_false: ...to here
openssh-10.0p1/hostfile.c:644:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:650:24: branch_false: ...to here
openssh-10.0p1/hostfile.c:650:12: branch_true: following ‘true’ branch...
openssh-10.0p1/hostfile.c:651:26: branch_true: ...to here
openssh-10.0p1/hostfile.c:653:17: danger: ‘ctx.match_keys’ leaks here; was allocated at [(1)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/0)
#  651|   		oerrno = errno;
#  652|   		close(fd);
#  653|-> 		error_f("fdopen: %s", strerror(oerrno));
#  654|   		r = SSH_ERR_SYSTEM_ERROR;
#  655|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def164]
openssh-10.0p1/hostfile.c:954:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "r")’
openssh-10.0p1/hostfile.c:951:18: acquire_resource: opened here
openssh-10.0p1/hostfile.c:951:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:954:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:954:9: danger: ‘fopen(path, "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/0)
#  952|   		return SSH_ERR_SYSTEM_ERROR;
#  953|   
#  954|-> 	debug3_f("reading file \"%s\"", path);
#  955|   	r = hostkeys_foreach_file(path, f, callback, ctx, host, ip,
#  956|   	    options, note);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def165]
openssh-10.0p1/hostfile.c:954:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.match_keys’
openssh-10.0p1/hostfile.c:610:1: enter_function: entry to ‘hostfile_replace_entries’
openssh-10.0p1/hostfile.c:629:31: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:629:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:631:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:638:12: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.0p1/hostfile.c:639:18: branch_false: ...to here
openssh-10.0p1/hostfile.c:638:13: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.0p1/hostfile.c:644:19: branch_false: ...to here
openssh-10.0p1/hostfile.c:644:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:650:24: branch_false: ...to here
openssh-10.0p1/hostfile.c:650:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:659:18: branch_false: ...to here
openssh-10.0p1/hostfile.c:659:18: call_function: calling ‘hostkeys_foreach’ from ‘hostfile_replace_entries’
#  952|   		return SSH_ERR_SYSTEM_ERROR;
#  953|   
#  954|-> 	debug3_f("reading file \"%s\"", path);
#  955|   	r = hostkeys_foreach_file(path, f, callback, ctx, host, ip,
#  956|   	    options, note);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def166]
openssh-10.0p1/hostfile.c:954:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.out’
openssh-10.0p1/hostfile.c:610:1: enter_function: entry to ‘hostfile_replace_entries’
openssh-10.0p1/hostfile.c:629:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:631:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:638:12: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.0p1/hostfile.c:639:18: branch_false: ...to here
openssh-10.0p1/hostfile.c:638:13: branch_false: following ‘false’ branch (when ‘r != -1’)...
openssh-10.0p1/hostfile.c:644:19: branch_false: ...to here
openssh-10.0p1/hostfile.c:644:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:650:24: branch_false: ...to here
openssh-10.0p1/hostfile.c:650:24: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:650:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:659:18: branch_false: ...to here
openssh-10.0p1/hostfile.c:659:18: call_function: calling ‘hostkeys_foreach’ from ‘hostfile_replace_entries’
#  952|   		return SSH_ERR_SYSTEM_ERROR;
#  953|   
#  954|-> 	debug3_f("reading file \"%s\"", path);
#  955|   	r = hostkeys_foreach_file(path, f, callback, ctx, host, ip,
#  956|   	    options, note);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def167]
openssh-10.0p1/hostfile.c:954:9: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "r")’
openssh-10.0p1/hostfile.c:951:18: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:951:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:954:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:954:9: danger: ‘fopen(path, "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/0)
#  952|   		return SSH_ERR_SYSTEM_ERROR;
#  953|   
#  954|-> 	debug3_f("reading file \"%s\"", path);
#  955|   	r = hostkeys_foreach_file(path, f, callback, ctx, host, ip,
#  956|   	    options, note);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def168]
openssh-10.0p1/hostfile.c:959:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "r")’
openssh-10.0p1/hostfile.c:945:1: enter_function: entry to ‘hostkeys_foreach’
openssh-10.0p1/hostfile.c:951:18: acquire_resource: opened here
openssh-10.0p1/hostfile.c:951:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:954:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:955:13: call_function: calling ‘hostkeys_foreach_file’ from ‘hostkeys_foreach’
#  957|   	oerrno = errno;
#  958|   	fclose(f);
#  959|-> 	errno = oerrno;
#  960|   	return r;
#  961|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def169]
openssh-10.0p1/hostfile.c:959:9: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "r")’
openssh-10.0p1/hostfile.c:945:1: enter_function: entry to ‘hostkeys_foreach’
openssh-10.0p1/hostfile.c:951:18: acquire_memory: allocated here
openssh-10.0p1/hostfile.c:951:12: branch_false: following ‘false’ branch...
openssh-10.0p1/hostfile.c:954:9: branch_false: ...to here
openssh-10.0p1/hostfile.c:955:13: call_function: calling ‘hostkeys_foreach_file’ from ‘hostkeys_foreach’
#  957|   	oerrno = errno;
#  958|   	fclose(f);
#  959|-> 	errno = oerrno;
#  960|   	return r;
#  961|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def170]
openssh-10.0p1/kex-names.c:116:37: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
openssh-10.0p1/kex-names.c:219:1: enter_function: entry to ‘kex_names_valid’
openssh-10.0p1/kex-names.c:223:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:225:23: acquire_memory: allocated here
openssh-10.0p1/kex-names.c:225:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:227:19: branch_false: ...to here
openssh-10.0p1/kex-names.c:227:38: branch_true: following ‘true’ branch...
openssh-10.0p1/kex-names.c:229:21: call_function: calling ‘kex_alg_by_name’ from ‘kex_names_valid’
#  114|   
#  115|   	if (is_fetched == -1) {
#  116|-> 		EVP_KEM *mlkem768 = EVP_KEM_fetch(NULL, "mlkem768", NULL);
#  117|   		is_fetched = mlkem768 != NULL ? 1 : 0;
#  118|   		EVP_KEM_free(mlkem768);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def171]
openssh-10.0p1/kex-names.c:118:17: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
openssh-10.0p1/kex-names.c:219:1: enter_function: entry to ‘kex_names_valid’
openssh-10.0p1/kex-names.c:223:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:225:23: acquire_memory: allocated here
openssh-10.0p1/kex-names.c:225:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:227:19: branch_false: ...to here
openssh-10.0p1/kex-names.c:227:38: branch_true: following ‘true’ branch...
openssh-10.0p1/kex-names.c:229:21: call_function: calling ‘kex_alg_by_name’ from ‘kex_names_valid’
#  116|   		EVP_KEM *mlkem768 = EVP_KEM_fetch(NULL, "mlkem768", NULL);
#  117|   		is_fetched = mlkem768 != NULL ? 1 : 0;
#  118|-> 		EVP_KEM_free(mlkem768);
#  119|   	}
#  120|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def172]
openssh-10.0p1/kex-names.c:231:33: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
openssh-10.0p1/kex-names.c:219:1: enter_function: entry to ‘kex_names_valid’
openssh-10.0p1/kex-names.c:223:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:225:23: acquire_memory: allocated here
openssh-10.0p1/kex-names.c:225:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:227:19: branch_false: ...to here
openssh-10.0p1/kex-names.c:227:38: branch_true: following ‘true’ branch...
openssh-10.0p1/kex-names.c:229:21: call_function: calling ‘kex_alg_by_name’ from ‘kex_names_valid’
openssh-10.0p1/kex-names.c:229:21: return_function: returning to ‘kex_names_valid’ from ‘kex_alg_by_name’
openssh-10.0p1/kex-names.c:229:20: branch_true: following ‘true’ branch...
openssh-10.0p1/kex-names.c:230:29: branch_true: ...to here
openssh-10.0p1/kex-names.c:230:28: branch_true: following ‘true’ branch...
openssh-10.0p1/kex-names.c:231:33: branch_true: ...to here
openssh-10.0p1/kex-names.c:231:33: danger: ‘cp’ leaks here; was allocated at [(4)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/3)
#  229|   		if (kex_alg_by_name(p) == NULL) {
#  230|   			if (FIPS_mode())
#  231|-> 				error("\"%.100s\" is not allowed in FIPS mode", p);
#  232|   			else
#  233|   				error("Unsupported KEX algorithm \"%.100s\"", p);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def173]
openssh-10.0p1/kex-names.c:233:33: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
openssh-10.0p1/kex-names.c:219:1: enter_function: entry to ‘kex_names_valid’
openssh-10.0p1/kex-names.c:223:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:225:23: acquire_memory: allocated here
openssh-10.0p1/kex-names.c:225:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:227:19: branch_false: ...to here
openssh-10.0p1/kex-names.c:227:38: branch_true: following ‘true’ branch...
openssh-10.0p1/kex-names.c:229:21: call_function: calling ‘kex_alg_by_name’ from ‘kex_names_valid’
openssh-10.0p1/kex-names.c:229:21: return_function: returning to ‘kex_names_valid’ from ‘kex_alg_by_name’
openssh-10.0p1/kex-names.c:229:20: branch_true: following ‘true’ branch...
openssh-10.0p1/kex-names.c:230:29: branch_true: ...to here
openssh-10.0p1/kex-names.c:230:28: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:233:33: branch_false: ...to here
openssh-10.0p1/kex-names.c:233:33: danger: ‘cp’ leaks here; was allocated at [(4)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/3)
#  231|   				error("\"%.100s\" is not allowed in FIPS mode", p);
#  232|   			else
#  233|-> 				error("Unsupported KEX algorithm \"%.100s\"", p);
#  234|   			free(s);
#  235|   			return 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def174]
openssh-10.0p1/kex-names.c:238:9: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
openssh-10.0p1/kex-names.c:223:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:225:23: acquire_memory: allocated here
openssh-10.0p1/kex-names.c:225:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:227:19: branch_false: ...to here
openssh-10.0p1/kex-names.c:238:9: danger: ‘cp’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  236|   		}
#  237|   	}
#  238|-> 	debug3("kex names ok: [%s]", names);
#  239|   	free(s);
#  240|   	return 1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def175]
openssh-10.0p1/kex-names.c:249:19: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
openssh-10.0p1/kex-names.c:260:1: enter_function: entry to ‘kex_names_cat’
openssh-10.0p1/kex-names.c:269:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:271:15: branch_false: ...to here
openssh-10.0p1/kex-names.c:272:25: acquire_memory: allocated here
openssh-10.0p1/kex-names.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:273:20: branch_false: ...to here
openssh-10.0p1/kex-names.c:272:13: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/kex-names.c:277:9: branch_false: ...to here
openssh-10.0p1/kex-names.c:278:38: branch_true: following ‘true’ branch...
openssh-10.0p1/kex-names.c:279:21: call_function: calling ‘kex_has_any_alg’ from ‘kex_names_cat’
#  247|   	char *cp;
#  248|   
#  249|-> 	if ((cp = match_list(proposal, algs, NULL)) == NULL)
#  250|   		return 0;
#  251|   	free(cp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def176]
openssh-10.0p1/kex-names.c:249:19: warning[-Wanalyzer-malloc-leak]: leak of ‘patterns’
openssh-10.0p1/kex-names.c:300:1: enter_function: entry to ‘kex_assemble_names’
openssh-10.0p1/kex-names.c:306:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:309:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:317:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:325:19: branch_false: ...to here
openssh-10.0p1/kex-names.c:325:19: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:334:19: branch_false: ...to here
openssh-10.0p1/kex-names.c:334:19: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:352:37: branch_false: ...to here
openssh-10.0p1/kex-names.c:352:37: acquire_memory: allocated here
openssh-10.0p1/kex-names.c:352:12: branch_false: following ‘false’ branch (when ‘opatterns’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/kex-names.c:357:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.0p1/kex-names.c:358:21: branch_true: ...to here
openssh-10.0p1/kex-names.c:358:20: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:363:17: branch_false: ...to here
openssh-10.0p1/kex-names.c:364:20: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:368:28: branch_false: ...to here
openssh-10.0p1/kex-names.c:368:28: call_function: calling ‘kex_names_cat’ from ‘kex_assemble_names’
openssh-10.0p1/kex-names.c:368:28: return_function: returning to ‘kex_assemble_names’ from ‘kex_names_cat’
openssh-10.0p1/kex-names.c:368:20: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:372:17: branch_false: ...to here
openssh-10.0p1/kex-names.c:357:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.0p1/kex-names.c:358:21: branch_true: ...to here
openssh-10.0p1/kex-names.c:358:20: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:363:17: branch_false: ...to here
openssh-10.0p1/kex-names.c:364:20: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:368:28: branch_false: ...to here
openssh-10.0p1/kex-names.c:368:28: call_function: calling ‘kex_names_cat’ from ‘kex_assemble_names’
#  247|   	char *cp;
#  248|   
#  249|-> 	if ((cp = match_list(proposal, algs, NULL)) == NULL)
#  250|   		return 0;
#  251|   	free(cp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def177]
openssh-10.0p1/kex-names.c:249:19: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/kex-names.c:300:1: enter_function: entry to ‘kex_assemble_names’
openssh-10.0p1/kex-names.c:306:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:309:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:317:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:325:19: branch_false: ...to here
openssh-10.0p1/kex-names.c:325:19: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:334:19: branch_false: ...to here
openssh-10.0p1/kex-names.c:334:19: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:352:37: branch_false: ...to here
openssh-10.0p1/kex-names.c:352:12: branch_false: following ‘false’ branch (when ‘opatterns’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/kex-names.c:357:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.0p1/kex-names.c:358:21: branch_true: ...to here
openssh-10.0p1/kex-names.c:358:20: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:363:17: branch_false: ...to here
openssh-10.0p1/kex-names.c:364:20: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:368:28: branch_false: ...to here
openssh-10.0p1/kex-names.c:368:28: call_function: calling ‘kex_names_cat’ from ‘kex_assemble_names’
openssh-10.0p1/kex-names.c:368:28: return_function: returning to ‘kex_assemble_names’ from ‘kex_names_cat’
openssh-10.0p1/kex-names.c:368:20: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:372:17: branch_false: ...to here
openssh-10.0p1/kex-names.c:357:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.0p1/kex-names.c:358:21: branch_true: ...to here
openssh-10.0p1/kex-names.c:358:20: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:363:17: branch_false: ...to here
openssh-10.0p1/kex-names.c:364:20: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:368:28: branch_false: ...to here
openssh-10.0p1/kex-names.c:368:28: call_function: calling ‘kex_names_cat’ from ‘kex_assemble_names’
#  247|   	char *cp;
#  248|   
#  249|-> 	if ((cp = match_list(proposal, algs, NULL)) == NULL)
#  250|   		return 0;
#  251|   	free(cp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def178]
openssh-10.0p1/kex-names.c:364:33: warning[-Wanalyzer-malloc-leak]: leak of ‘patterns’
openssh-10.0p1/kex-names.c:306:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:309:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:317:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:325:19: branch_false: ...to here
openssh-10.0p1/kex-names.c:325:19: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:334:19: branch_false: ...to here
openssh-10.0p1/kex-names.c:334:19: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:352:37: branch_false: ...to here
openssh-10.0p1/kex-names.c:352:37: acquire_memory: allocated here
openssh-10.0p1/kex-names.c:352:12: branch_false: following ‘false’ branch (when ‘opatterns’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/kex-names.c:357:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.0p1/kex-names.c:358:21: branch_true: ...to here
openssh-10.0p1/kex-names.c:358:20: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:363:17: branch_false: ...to here
openssh-10.0p1/kex-names.c:364:33: danger: ‘patterns’ leaks here; was allocated at [(11)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/10)
#  362|   		}
#  363|   		free(matching);
#  364|-> 		if ((matching = match_filter_allowlist(all, cp)) == NULL) {
#  365|   			r = SSH_ERR_ALLOC_FAIL;
#  366|   			goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def179]
openssh-10.0p1/kex-names.c:364:33: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/kex-names.c:300:1: enter_function: entry to ‘kex_assemble_names’
openssh-10.0p1/kex-names.c:306:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:309:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:317:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:325:19: branch_false: ...to here
openssh-10.0p1/kex-names.c:325:19: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:334:19: branch_false: ...to here
openssh-10.0p1/kex-names.c:334:19: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:352:37: branch_false: ...to here
openssh-10.0p1/kex-names.c:352:12: branch_false: following ‘false’ branch (when ‘opatterns’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/kex-names.c:357:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.0p1/kex-names.c:358:21: branch_true: ...to here
openssh-10.0p1/kex-names.c:358:20: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:363:17: branch_false: ...to here
openssh-10.0p1/kex-names.c:364:20: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:368:28: branch_false: ...to here
openssh-10.0p1/kex-names.c:368:28: call_function: calling ‘kex_names_cat’ from ‘kex_assemble_names’
openssh-10.0p1/kex-names.c:368:28: return_function: returning to ‘kex_assemble_names’ from ‘kex_names_cat’
openssh-10.0p1/kex-names.c:368:20: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:372:17: branch_false: ...to here
openssh-10.0p1/kex-names.c:357:16: branch_true: following ‘true’ branch (when ‘cp’ is non-NULL)...
openssh-10.0p1/kex-names.c:358:21: branch_true: ...to here
openssh-10.0p1/kex-names.c:358:20: branch_false: following ‘false’ branch...
openssh-10.0p1/kex-names.c:363:17: branch_false: ...to here
openssh-10.0p1/kex-names.c:364:33: danger: ‘ret’ leaks here; was allocated at [(24)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/23)
#  362|   		}
#  363|   		free(matching);
#  364|-> 		if ((matching = match_filter_allowlist(all, cp)) == NULL) {
#  365|   			r = SSH_ERR_ALLOC_FAIL;
#  366|   			goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def180]
openssh-10.0p1/kex.c:195:18: warning[-Wanalyzer-malloc-leak]: leak of ‘proposal’
openssh-10.0p1/kex.c:193:25: acquire_memory: allocated here
openssh-10.0p1/kex.c:193:12: branch_false: following ‘false’ branch (when ‘proposal’ is non-NULL)...
openssh-10.0p1/kex.c:195:18: branch_false: ...to here
openssh-10.0p1/kex.c:195:18: danger: ‘proposal’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  193|   	if ((proposal = calloc(PROPOSAL_MAX, sizeof(char *))) == NULL)
#  194|   		return SSH_ERR_ALLOC_FAIL;
#  195|-> 	if ((b = sshbuf_fromb(raw)) == NULL) {
#  196|   		r = SSH_ERR_ALLOC_FAIL;
#  197|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def181]
openssh-10.0p1/kex.c:199:18: warning[-Wanalyzer-malloc-leak]: leak of ‘proposal’
openssh-10.0p1/kex.c:193:25: acquire_memory: allocated here
openssh-10.0p1/kex.c:193:12: branch_false: following ‘false’ branch (when ‘proposal’ is non-NULL)...
openssh-10.0p1/kex.c:195:18: branch_false: ...to here
openssh-10.0p1/kex.c:195:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:199:18: branch_false: ...to here
openssh-10.0p1/kex.c:199:18: danger: ‘proposal’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  197|   		goto out;
#  198|   	}
#  199|-> 	if ((r = sshbuf_consume(b, KEX_COOKIE_LEN)) != 0) { /* skip cookie */
#  200|   		error_fr(r, "consume cookie");
#  201|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def182]
openssh-10.0p1/kex.c:200:17: warning[-Wanalyzer-malloc-leak]: leak of ‘proposal’
openssh-10.0p1/kex.c:193:25: acquire_memory: allocated here
openssh-10.0p1/kex.c:193:12: branch_false: following ‘false’ branch (when ‘proposal’ is non-NULL)...
openssh-10.0p1/kex.c:195:18: branch_false: ...to here
openssh-10.0p1/kex.c:195:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:199:18: branch_false: ...to here
openssh-10.0p1/kex.c:199:12: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:200:17: branch_true: ...to here
openssh-10.0p1/kex.c:200:17: danger: ‘proposal’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  198|   	}
#  199|   	if ((r = sshbuf_consume(b, KEX_COOKIE_LEN)) != 0) { /* skip cookie */
#  200|-> 		error_fr(r, "consume cookie");
#  201|   		goto out;
#  202|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def183]
openssh-10.0p1/kex.c:205:26: warning[-Wanalyzer-malloc-leak]: leak of ‘proposal’
openssh-10.0p1/kex.c:193:25: acquire_memory: allocated here
openssh-10.0p1/kex.c:193:12: branch_false: following ‘false’ branch (when ‘proposal’ is non-NULL)...
openssh-10.0p1/kex.c:195:18: branch_false: ...to here
openssh-10.0p1/kex.c:195:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:199:18: branch_false: ...to here
openssh-10.0p1/kex.c:199:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:204:14: branch_false: ...to here
openssh-10.0p1/kex.c:204:21: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:205:58: branch_true: ...to here
openssh-10.0p1/kex.c:205:26: danger: ‘proposal’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  203|   	/* extract kex init proposal strings */
#  204|   	for (i = 0; i < PROPOSAL_MAX; i++) {
#  205|-> 		if ((r = sshbuf_get_cstring(b, &(proposal[i]), NULL)) != 0) {
#  206|   			error_fr(r, "parse proposal %u", i);
#  207|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def184]
openssh-10.0p1/kex.c:702:26: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.0p1/kex.c:701:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:701:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.0p1/kex.c:702:26: branch_false: ...to here
openssh-10.0p1/kex.c:702:26: danger: ‘kex’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  700|   
#  701|   	if ((kex = calloc(1, sizeof(*kex))) == NULL ||
#  702|-> 	    (kex->peer = sshbuf_new()) == NULL ||
#  703|   	    (kex->my = sshbuf_new()) == NULL ||
#  704|   	    (kex->client_version = sshbuf_new()) == NULL ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def185]
openssh-10.0p1/kex.c:703:24: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.0p1/kex.c:701:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:701:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.0p1/kex.c:702:26: branch_false: ...to here
openssh-10.0p1/kex.c:701:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:703:24: branch_false: ...to here
openssh-10.0p1/kex.c:703:24: danger: ‘kex’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  701|   	if ((kex = calloc(1, sizeof(*kex))) == NULL ||
#  702|   	    (kex->peer = sshbuf_new()) == NULL ||
#  703|-> 	    (kex->my = sshbuf_new()) == NULL ||
#  704|   	    (kex->client_version = sshbuf_new()) == NULL ||
#  705|   	    (kex->server_version = sshbuf_new()) == NULL ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def186]
openssh-10.0p1/kex.c:704:36: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.0p1/kex.c:701:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:701:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.0p1/kex.c:702:26: branch_false: ...to here
openssh-10.0p1/kex.c:701:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:703:24: branch_false: ...to here
openssh-10.0p1/kex.c:701:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:704:36: branch_false: ...to here
openssh-10.0p1/kex.c:704:36: danger: ‘kex’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  702|   	    (kex->peer = sshbuf_new()) == NULL ||
#  703|   	    (kex->my = sshbuf_new()) == NULL ||
#  704|-> 	    (kex->client_version = sshbuf_new()) == NULL ||
#  705|   	    (kex->server_version = sshbuf_new()) == NULL ||
#  706|   	    (kex->session_id = sshbuf_new()) == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def187]
openssh-10.0p1/kex.c:705:36: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.0p1/kex.c:701:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:701:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.0p1/kex.c:702:26: branch_false: ...to here
openssh-10.0p1/kex.c:701:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:703:24: branch_false: ...to here
openssh-10.0p1/kex.c:701:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:704:36: branch_false: ...to here
openssh-10.0p1/kex.c:701:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:705:36: branch_false: ...to here
openssh-10.0p1/kex.c:705:36: danger: ‘kex’ leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  703|   	    (kex->my = sshbuf_new()) == NULL ||
#  704|   	    (kex->client_version = sshbuf_new()) == NULL ||
#  705|-> 	    (kex->server_version = sshbuf_new()) == NULL ||
#  706|   	    (kex->session_id = sshbuf_new()) == NULL) {
#  707|   		kex_free(kex);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def188]
openssh-10.0p1/kex.c:706:32: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.0p1/kex.c:701:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:701:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.0p1/kex.c:702:26: branch_false: ...to here
openssh-10.0p1/kex.c:701:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:703:24: branch_false: ...to here
openssh-10.0p1/kex.c:701:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:704:36: branch_false: ...to here
openssh-10.0p1/kex.c:701:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:705:36: branch_false: ...to here
openssh-10.0p1/kex.c:701:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:706:32: branch_false: ...to here
openssh-10.0p1/kex.c:706:32: danger: ‘kex’ leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  704|   	    (kex->client_version = sshbuf_new()) == NULL ||
#  705|   	    (kex->server_version = sshbuf_new()) == NULL ||
#  706|-> 	    (kex->session_id = sshbuf_new()) == NULL) {
#  707|   		kex_free(kex);
#  708|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def189]
openssh-10.0p1/kex.c:752:9: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.0p1/kex.c:697:1: enter_function: entry to ‘kex_new’
openssh-10.0p1/kex.c:701:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:701:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.0p1/kex.c:702:26: branch_false: ...to here
openssh-10.0p1/kex.c:701:13: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:707:17: branch_true: ...to here
openssh-10.0p1/kex.c:707:17: call_function: calling ‘kex_free’ from ‘kex_new’
#  750|   
#  751|   #ifdef WITH_OPENSSL
#  752|-> 	DH_free(kex->dh);
#  753|   #ifdef OPENSSL_HAS_ECC
#  754|   	EC_KEY_free(kex->ec_client_key);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def190]
openssh-10.0p1/kex.c:754:9: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.0p1/kex.c:697:1: enter_function: entry to ‘kex_new’
openssh-10.0p1/kex.c:701:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:701:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.0p1/kex.c:702:26: branch_false: ...to here
openssh-10.0p1/kex.c:701:13: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:707:17: branch_true: ...to here
openssh-10.0p1/kex.c:707:17: call_function: calling ‘kex_free’ from ‘kex_new’
#  752|   	DH_free(kex->dh);
#  753|   #ifdef OPENSSL_HAS_ECC
#  754|-> 	EC_KEY_free(kex->ec_client_key);
#  755|   #endif /* OPENSSL_HAS_ECC */
#  756|   #endif /* WITH_OPENSSL */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def191]
openssh-10.0p1/kex.c:761:9: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.0p1/kex.c:697:1: enter_function: entry to ‘kex_new’
openssh-10.0p1/kex.c:701:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:701:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.0p1/kex.c:702:26: branch_false: ...to here
openssh-10.0p1/kex.c:701:13: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:707:17: branch_true: ...to here
openssh-10.0p1/kex.c:707:17: call_function: calling ‘kex_free’ from ‘kex_new’
#  759|   		kex->newkeys[mode] = NULL;
#  760|   	}
#  761|-> 	sshbuf_free(kex->peer);
#  762|   	sshbuf_free(kex->my);
#  763|   	sshbuf_free(kex->client_version);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def192]
openssh-10.0p1/kex.c:762:9: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.0p1/kex.c:697:1: enter_function: entry to ‘kex_new’
openssh-10.0p1/kex.c:701:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:701:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.0p1/kex.c:702:26: branch_false: ...to here
openssh-10.0p1/kex.c:701:13: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:707:17: branch_true: ...to here
openssh-10.0p1/kex.c:707:17: call_function: calling ‘kex_free’ from ‘kex_new’
#  760|   	}
#  761|   	sshbuf_free(kex->peer);
#  762|-> 	sshbuf_free(kex->my);
#  763|   	sshbuf_free(kex->client_version);
#  764|   	sshbuf_free(kex->server_version);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def193]
openssh-10.0p1/kex.c:763:9: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.0p1/kex.c:697:1: enter_function: entry to ‘kex_new’
openssh-10.0p1/kex.c:701:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:701:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.0p1/kex.c:702:26: branch_false: ...to here
openssh-10.0p1/kex.c:701:13: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:707:17: branch_true: ...to here
openssh-10.0p1/kex.c:707:17: call_function: calling ‘kex_free’ from ‘kex_new’
#  761|   	sshbuf_free(kex->peer);
#  762|   	sshbuf_free(kex->my);
#  763|-> 	sshbuf_free(kex->client_version);
#  764|   	sshbuf_free(kex->server_version);
#  765|   	sshbuf_free(kex->client_pub);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def194]
openssh-10.0p1/kex.c:764:9: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.0p1/kex.c:697:1: enter_function: entry to ‘kex_new’
openssh-10.0p1/kex.c:701:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:701:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.0p1/kex.c:702:26: branch_false: ...to here
openssh-10.0p1/kex.c:701:13: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:707:17: branch_true: ...to here
openssh-10.0p1/kex.c:707:17: call_function: calling ‘kex_free’ from ‘kex_new’
#  762|   	sshbuf_free(kex->my);
#  763|   	sshbuf_free(kex->client_version);
#  764|-> 	sshbuf_free(kex->server_version);
#  765|   	sshbuf_free(kex->client_pub);
#  766|   	sshbuf_free(kex->session_id);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def195]
openssh-10.0p1/kex.c:765:9: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.0p1/kex.c:697:1: enter_function: entry to ‘kex_new’
openssh-10.0p1/kex.c:701:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:701:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.0p1/kex.c:702:26: branch_false: ...to here
openssh-10.0p1/kex.c:701:13: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:707:17: branch_true: ...to here
openssh-10.0p1/kex.c:707:17: call_function: calling ‘kex_free’ from ‘kex_new’
#  763|   	sshbuf_free(kex->client_version);
#  764|   	sshbuf_free(kex->server_version);
#  765|-> 	sshbuf_free(kex->client_pub);
#  766|   	sshbuf_free(kex->session_id);
#  767|   #ifdef GSSAPI

Error: GCC_ANALYZER_WARNING (CWE-401): [#def196]
openssh-10.0p1/kex.c:766:9: warning[-Wanalyzer-malloc-leak]: leak of ‘kex’
openssh-10.0p1/kex.c:697:1: enter_function: entry to ‘kex_new’
openssh-10.0p1/kex.c:701:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:701:12: branch_false: following ‘false’ branch (when ‘kex’ is non-NULL)...
openssh-10.0p1/kex.c:702:26: branch_false: ...to here
openssh-10.0p1/kex.c:701:13: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:707:17: branch_true: ...to here
openssh-10.0p1/kex.c:707:17: call_function: calling ‘kex_free’ from ‘kex_new’
#  764|   	sshbuf_free(kex->server_version);
#  765|   	sshbuf_free(kex->client_pub);
#  766|-> 	sshbuf_free(kex->session_id);
#  767|   #ifdef GSSAPI
#  768|   	free(kex->gss_host);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def197]
openssh-10.0p1/kex.c:1161:17: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.0p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1141:12: branch_false: ...to here
openssh-10.0p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1146:12: branch_false: ...to here
openssh-10.0p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1150:24: branch_false: ...to here
openssh-10.0p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.0p1/kex.c:1155:19: branch_false: ...to here
openssh-10.0p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/kex.c:1161:17: branch_false: ...to here
openssh-10.0p1/kex.c:1161:17: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/8)
# 1159|   	}
# 1160|   
# 1161|-> 	r =     OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_DIGEST,
# 1162|   		                md, strlen(md)) && /* SN */
# 1163|   		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_KEY,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def198]
openssh-10.0p1/kex.c:1163:17: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.0p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1141:12: branch_false: ...to here
openssh-10.0p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1146:12: branch_false: ...to here
openssh-10.0p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1150:24: branch_false: ...to here
openssh-10.0p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.0p1/kex.c:1155:19: branch_false: ...to here
openssh-10.0p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/kex.c:1161:17: branch_false: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1163:17: branch_true: ...to here
openssh-10.0p1/kex.c:1163:17: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/8)
# 1161|   	r =     OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_DIGEST,
# 1162|   		                md, strlen(md)) && /* SN */
# 1163|-> 		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_KEY,
# 1164|   				sshbuf_ptr(shared_secret), sshbuf_len(shared_secret)) &&
# 1165|   		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_SSHKDF_XCGHASH,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def199]
openssh-10.0p1/kex.c:1164:33: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.0p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1141:12: branch_false: ...to here
openssh-10.0p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1146:12: branch_false: ...to here
openssh-10.0p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1150:24: branch_false: ...to here
openssh-10.0p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.0p1/kex.c:1155:19: branch_false: ...to here
openssh-10.0p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/kex.c:1161:17: branch_false: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1163:17: branch_true: ...to here
openssh-10.0p1/kex.c:1164:33: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/8)
# 1162|   		                md, strlen(md)) && /* SN */
# 1163|   		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_KEY,
# 1164|-> 				sshbuf_ptr(shared_secret), sshbuf_len(shared_secret)) &&
# 1165|   		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_SSHKDF_XCGHASH,
# 1166|   				hash, hashlen) &&

Error: GCC_ANALYZER_WARNING (CWE-401): [#def200]
openssh-10.0p1/kex.c:1165:17: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.0p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1141:12: branch_false: ...to here
openssh-10.0p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1146:12: branch_false: ...to here
openssh-10.0p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1150:24: branch_false: ...to here
openssh-10.0p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.0p1/kex.c:1155:19: branch_false: ...to here
openssh-10.0p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/kex.c:1161:17: branch_false: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1163:17: branch_true: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1165:17: branch_true: ...to here
openssh-10.0p1/kex.c:1165:17: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/8)
# 1163|   		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_KEY,
# 1164|   				sshbuf_ptr(shared_secret), sshbuf_len(shared_secret)) &&
# 1165|-> 		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_SSHKDF_XCGHASH,
# 1166|   				hash, hashlen) &&
# 1167|   		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_SSHKDF_SESSION_ID,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def201]
openssh-10.0p1/kex.c:1167:17: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.0p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1141:12: branch_false: ...to here
openssh-10.0p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1146:12: branch_false: ...to here
openssh-10.0p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1150:24: branch_false: ...to here
openssh-10.0p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.0p1/kex.c:1155:19: branch_false: ...to here
openssh-10.0p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/kex.c:1161:17: branch_false: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1163:17: branch_true: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1165:17: branch_true: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1168:73: branch_true: ...to here
openssh-10.0p1/kex.c:1167:17: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/8)
# 1165|   		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_SSHKDF_XCGHASH,
# 1166|   				hash, hashlen) &&
# 1167|-> 		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
# 1168|   				sshbuf_ptr(kex->session_id), sshbuf_len(kex->session_id)) &&
# 1169|   		OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_SSHKDF_TYPE,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def202]
openssh-10.0p1/kex.c:1168:33: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.0p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1141:12: branch_false: ...to here
openssh-10.0p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1146:12: branch_false: ...to here
openssh-10.0p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1150:24: branch_false: ...to here
openssh-10.0p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.0p1/kex.c:1155:19: branch_false: ...to here
openssh-10.0p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/kex.c:1161:17: branch_false: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1163:17: branch_true: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1165:17: branch_true: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1168:73: branch_true: ...to here
openssh-10.0p1/kex.c:1168:33: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/8)
# 1166|   				hash, hashlen) &&
# 1167|   		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
# 1168|-> 				sshbuf_ptr(kex->session_id), sshbuf_len(kex->session_id)) &&
# 1169|   		OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_SSHKDF_TYPE,
# 1170|   				&keytype, 1);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def203]
openssh-10.0p1/kex.c:1169:17: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.0p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1141:12: branch_false: ...to here
openssh-10.0p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1146:12: branch_false: ...to here
openssh-10.0p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1150:24: branch_false: ...to here
openssh-10.0p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.0p1/kex.c:1155:19: branch_false: ...to here
openssh-10.0p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/kex.c:1161:17: branch_false: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1163:17: branch_true: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1165:17: branch_true: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1168:73: branch_true: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1169:17: branch_true: ...to here
openssh-10.0p1/kex.c:1169:17: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/8)
# 1167|   		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
# 1168|   				sshbuf_ptr(kex->session_id), sshbuf_len(kex->session_id)) &&
# 1169|-> 		OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_SSHKDF_TYPE,
# 1170|   				&keytype, 1);
# 1171|   	if (r != 1) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def204]
openssh-10.0p1/kex.c:1176:18: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.0p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1141:12: branch_false: ...to here
openssh-10.0p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1146:12: branch_false: ...to here
openssh-10.0p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1150:24: branch_false: ...to here
openssh-10.0p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.0p1/kex.c:1155:19: branch_false: ...to here
openssh-10.0p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/kex.c:1161:17: branch_false: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1163:17: branch_true: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1165:17: branch_true: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1168:73: branch_true: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1169:17: branch_true: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1176:18: branch_true: ...to here
openssh-10.0p1/kex.c:1176:18: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/8)
# 1174|   	}
# 1175|   
# 1176|-> 	params = OSSL_PARAM_BLD_to_param(param_bld);
# 1177|   	if (params == NULL) {
# 1178|   		r = SSH_ERR_LIBCRYPTO_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def205]
openssh-10.0p1/kex.c:1181:13: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.0p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1141:12: branch_false: ...to here
openssh-10.0p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1146:12: branch_false: ...to here
openssh-10.0p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1150:24: branch_false: ...to here
openssh-10.0p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.0p1/kex.c:1155:19: branch_false: ...to here
openssh-10.0p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/kex.c:1161:17: branch_false: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1163:17: branch_true: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1165:17: branch_true: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1168:73: branch_true: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1169:17: branch_true: ...to here
openssh-10.0p1/kex.c:1161:17: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1176:18: branch_true: ...to here
openssh-10.0p1/kex.c:1177:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1181:13: branch_false: ...to here
openssh-10.0p1/kex.c:1181:13: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/8)
# 1179|   		goto out;
# 1180|   	}
# 1181|-> 	r = EVP_KDF_derive(ctx, key, key_len, params);
# 1182|   	if (r != 1) {
# 1183|   		r = SSH_ERR_LIBCRYPTO_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def206]
openssh-10.0p1/kex.c:1195:9: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.0p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1141:12: branch_false: ...to here
openssh-10.0p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1146:12: branch_false: ...to here
openssh-10.0p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1150:24: branch_false: ...to here
openssh-10.0p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.0p1/kex.c:1155:19: branch_false: ...to here
openssh-10.0p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/kex.c:1161:17: branch_false: ...to here
openssh-10.0p1/kex.c:1195:9: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/8)
# 1193|   
# 1194|   out:
# 1195|-> 	OSSL_PARAM_BLD_free(param_bld);
# 1196|   	OSSL_PARAM_free(params);
# 1197|   	free (key);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def207]
openssh-10.0p1/kex.c:1196:9: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
openssh-10.0p1/kex.c:1137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1141:12: branch_false: ...to here
openssh-10.0p1/kex.c:1141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1146:12: branch_false: ...to here
openssh-10.0p1/kex.c:1146:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1150:24: branch_false: ...to here
openssh-10.0p1/kex.c:1150:12: branch_false: following ‘false’ branch (when ‘key_len != 0’)...
openssh-10.0p1/kex.c:1155:19: branch_false: ...to here
openssh-10.0p1/kex.c:1156:20: acquire_memory: allocated here
openssh-10.0p1/kex.c:1156:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/kex.c:1161:17: branch_false: ...to here
openssh-10.0p1/kex.c:1196:9: danger: ‘key’ leaks here; was allocated at [(9)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/8)
# 1194|   out:
# 1195|   	OSSL_PARAM_BLD_free(param_bld);
# 1196|-> 	OSSL_PARAM_free(params);
# 1197|   	free (key);
# 1198|   	EVP_KDF_CTX_free(ctx);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def208]
openssh-10.0p1/kex.c:1684:17: warning[-Wanalyzer-malloc-leak]: leak of ‘pub_ser’
openssh-10.0p1/kex.c:1656:12: branch_false: following ‘false’ branch (when ‘k’ is non-NULL)...
openssh-10.0p1/kex.c:1658:20: branch_false: ...to here
openssh-10.0p1/kex.c:1658:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1659:26: branch_false: ...to here
openssh-10.0p1/kex.c:1658:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1660:23: branch_false: ...to here
openssh-10.0p1/kex.c:1658:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1665:27: branch_false: ...to here
openssh-10.0p1/kex.c:1665:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1666:13: branch_false: ...to here
openssh-10.0p1/kex.c:1665:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kex.c:1673:20: branch_false: ...to here
openssh-10.0p1/kex.c:1673:12: branch_true: following ‘true’ branch...
openssh-10.0p1/kex.c:1677:25: branch_true: ...to here
openssh-10.0p1/kex.c:1680:32: acquire_memory: allocated here
openssh-10.0p1/kex.c:1680:20: branch_false: following ‘false’ branch (when ‘pub_ser’ is non-NULL)...
openssh-10.0p1/kex.c:1684:17: branch_false: ...to here
openssh-10.0p1/kex.c:1684:17: danger: ‘pub_ser’ leaks here; was allocated at [(15)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/14)
# 1682|   			goto out;
# 1683|   		}
# 1684|-> 		EC_POINT_point2oct(group,
# 1685|   		    pub,
# 1686|   		    POINT_CONVERSION_UNCOMPRESSED,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def209]
openssh-10.0p1/kexdh.c:143:30: warning[-Wanalyzer-malloc-leak]: leak of ‘kbuf’
openssh-10.0p1/kexdh.c:106:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kexdh.c:111:21: branch_false: ...to here
openssh-10.0p1/kexdh.c:115:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kexdh.c:123:13: branch_false: ...to here
openssh-10.0p1/kexdh.c:124:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kexdh.c:130:20: branch_false: ...to here
openssh-10.0p1/kexdh.c:130:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kexdh.c:135:13: branch_false: ...to here
openssh-10.0p1/kexdh.c:135:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kexdh.c:136:13: branch_false: ...to here
openssh-10.0p1/kexdh.c:135:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kexdh.c:137:13: branch_false: ...to here
openssh-10.0p1/kexdh.c:135:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kexdh.c:142:21: branch_false: ...to here
openssh-10.0p1/kexdh.c:142:21: acquire_memory: allocated here
openssh-10.0p1/kexdh.c:142:12: branch_false: following ‘false’ branch (when ‘kbuf’ is non-NULL)...
openssh-10.0p1/kexdh.c:143:30: branch_false: ...to here
openssh-10.0p1/kexdh.c:143:30: danger: ‘kbuf’ leaks here; was allocated at [(15)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/14)
#  141|   	}
#  142|   	if ((kbuf = malloc(klen)) == NULL ||
#  143|-> 	    (shared_secret = BN_new()) == NULL) {
#  144|   		r = SSH_ERR_ALLOC_FAIL;
#  145|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def210]
openssh-10.0p1/kexdh.c:147:13: warning[-Wanalyzer-malloc-leak]: leak of ‘kbuf’
openssh-10.0p1/kexdh.c:106:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kexdh.c:111:21: branch_false: ...to here
openssh-10.0p1/kexdh.c:115:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kexdh.c:123:13: branch_false: ...to here
openssh-10.0p1/kexdh.c:124:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kexdh.c:130:20: branch_false: ...to here
openssh-10.0p1/kexdh.c:130:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kexdh.c:135:13: branch_false: ...to here
openssh-10.0p1/kexdh.c:135:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kexdh.c:136:13: branch_false: ...to here
openssh-10.0p1/kexdh.c:135:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kexdh.c:137:13: branch_false: ...to here
openssh-10.0p1/kexdh.c:135:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kexdh.c:142:21: branch_false: ...to here
openssh-10.0p1/kexdh.c:142:21: acquire_memory: allocated here
openssh-10.0p1/kexdh.c:142:12: branch_false: following ‘false’ branch (when ‘kbuf’ is non-NULL)...
openssh-10.0p1/kexdh.c:143:30: branch_false: ...to here
openssh-10.0p1/kexdh.c:142:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kexdh.c:147:13: branch_false: ...to here
openssh-10.0p1/kexdh.c:147:13: danger: ‘kbuf’ leaks here; was allocated at [(15)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/14)
#  145|   		goto out;
#  146|   	}
#  147|-> 	if (EVP_PKEY_derive(ctx, kbuf, &klen) != 1 ||
#  148|   	    BN_bin2bn(kbuf, klen, shared_secret) == NULL) {
#  149|   		error_f("Could not derive key");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def211]
openssh-10.0p1/kexecdh.c:249:13: warning[-Wanalyzer-malloc-leak]: leak of ‘kbuf’
openssh-10.0p1/kexecdh.c:185:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kexecdh.c:190:9: branch_false: ...to here
openssh-10.0p1/kexecdh.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kexecdh.c:196:18: branch_false: ...to here
openssh-10.0p1/kexecdh.c:196:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kexecdh.c:201:18: branch_false: ...to here
openssh-10.0p1/kexecdh.c:201:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kexecdh.c:203:9: branch_false: ...to here
openssh-10.0p1/kexecdh.c:204:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kexecdh.c:205:26: branch_false: ...to here
openssh-10.0p1/kexecdh.c:204:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kexecdh.c:209:27: branch_false: ...to here
openssh-10.0p1/kexecdh.c:209:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kexecdh.c:213:13: branch_false: ...to here
openssh-10.0p1/kexecdh.c:213:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kexecdh.c:215:13: branch_false: ...to here
openssh-10.0p1/kexecdh.c:213:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kexecdh.c:217:23: branch_false: ...to here
openssh-10.0p1/kexecdh.c:213:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kexecdh.c:222:13: branch_false: ...to here
openssh-10.0p1/kexecdh.c:222:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kexecdh.c:223:13: branch_false: ...to here
openssh-10.0p1/kexecdh.c:222:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kexecdh.c:225:13: branch_false: ...to here
openssh-10.0p1/kexecdh.c:222:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kexecdh.c:235:9: branch_false: ...to here
openssh-10.0p1/kexecdh.c:237:12: branch_false: following ‘false’ branch...
openssh-10.0p1/kexecdh.c:238:13: branch_false: ...to here
openssh-10.0p1/kexecdh.c:237:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kexecdh.c:239:13: branch_false: ...to here
openssh-10.0p1/kexecdh.c:237:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kexecdh.c:240:13: branch_false: ...to here
openssh-10.0p1/kexecdh.c:237:13: branch_false: following ‘false’ branch...
openssh-10.0p1/kexecdh.c:245:21: branch_false: ...to here
openssh-10.0p1/kexecdh.c:245:21: acquire_memory: allocated here
openssh-10.0p1/kexecdh.c:245:12: branch_false: following ‘false’ branch (when ‘kbuf’ is non-NULL)...
openssh-10.0p1/kexecdh.c:249:13: branch_false: ...to here
openssh-10.0p1/kexecdh.c:249:13: danger: ‘kbuf’ leaks here; was allocated at [(35)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/34)
#  247|   		goto out;
#  248|   	}
#  249|-> 	if (EVP_PKEY_derive(ctx, kbuf, &klen) != 1) {
#  250|   		r = SSH_ERR_LIBCRYPTO_ERROR;
#  251|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def212]
openssh-10.0p1/kexecdh.c:273:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘publen’
#  271|   	BN_clear_free(shared_secret);
#  272|   	freezero(kbuf, klen);
#  273|-> 	freezero(pub, publen);
#  274|   	sshbuf_free(buf);
#  275|   	return r;

Error: COMPILER_WARNING (CWE-195): [#def213]
openssh-10.0p1/kexgssc.c: scope_hint: In function ‘input_kexgssgex_group’
openssh-10.0p1/kexgssc.c:618:28: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘int’ and ‘u_int’ {aka ‘unsigned int’}
#  618 |         if (BN_num_bits(p) < kex->min || BN_num_bits(p) > kex->max)
#      |                            ^
#  616|   		fatal("shpkt_get_bignum2 failed: %s", ssh_err(r));
#  617|   
#  618|-> 	if (BN_num_bits(p) < kex->min || BN_num_bits(p) > kex->max)
#  619|   		fatal("GSSGRP_GEX group out of range: %d !< %d !< %d",
#  620|   		    kex->min, BN_num_bits(p), kex->max);

Error: COMPILER_WARNING (CWE-195): [#def214]
openssh-10.0p1/kexgssc.c:618:57: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘int’ and ‘u_int’ {aka ‘unsigned int’}
#  618 |         if (BN_num_bits(p) < kex->min || BN_num_bits(p) > kex->max)
#      |                                                         ^
#  616|   		fatal("shpkt_get_bignum2 failed: %s", ssh_err(r));
#  617|   
#  618|-> 	if (BN_num_bits(p) < kex->min || BN_num_bits(p) > kex->max)
#  619|   		fatal("GSSGRP_GEX group out of range: %d !< %d !< %d",
#  620|   		    kex->min, BN_num_bits(p), kex->max);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def215]
openssh-10.0p1/krl.c:1068:21: warning[-Wanalyzer-malloc-leak]: leak of ‘ssh_krl_init()’
openssh-10.0p1/krl.c:1275:1: enter_function: entry to ‘ssh_krl_file_contains_key’
openssh-10.0p1/krl.c:1281:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.0p1/krl.c:1283:18: branch_false: ...to here
openssh-10.0p1/krl.c:1283:12: branch_false: following ‘false’ branch...
openssh-10.0p1/krl.c:1287:18: branch_false: ...to here
openssh-10.0p1/krl.c:1287:18: call_function: calling ‘ssh_krl_from_blob’ from ‘ssh_krl_file_contains_key’
# 1066|   	}
# 1067|   	/* Don't modify buffer */
# 1068|-> 	if ((copy = sshbuf_fromb(buf)) == NULL) {
# 1069|   		r = SSH_ERR_ALLOC_FAIL;
# 1070|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def216]
openssh-10.0p1/krl.c:1072:18: warning[-Wanalyzer-malloc-leak]: leak of ‘ssh_krl_init()’
openssh-10.0p1/krl.c:1275:1: enter_function: entry to ‘ssh_krl_file_contains_key’
openssh-10.0p1/krl.c:1281:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.0p1/krl.c:1283:18: branch_false: ...to here
openssh-10.0p1/krl.c:1283:12: branch_false: following ‘false’ branch...
openssh-10.0p1/krl.c:1287:18: branch_false: ...to here
openssh-10.0p1/krl.c:1287:18: call_function: calling ‘ssh_krl_from_blob’ from ‘ssh_krl_file_contains_key’
# 1070|   		goto out;
# 1071|   	}
# 1072|-> 	if ((r = sshbuf_consume(copy, sizeof(KRL_MAGIC) - 1)) != 0 ||
# 1073|   	    (r = sshbuf_get_u32(copy, &format_version)) != 0)
# 1074|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def217]
openssh-10.0p1/krl.c:1073:18: warning[-Wanalyzer-malloc-leak]: leak of ‘ssh_krl_init()’
openssh-10.0p1/krl.c:1275:1: enter_function: entry to ‘ssh_krl_file_contains_key’
openssh-10.0p1/krl.c:1281:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.0p1/krl.c:1283:18: branch_false: ...to here
openssh-10.0p1/krl.c:1283:12: branch_false: following ‘false’ branch...
openssh-10.0p1/krl.c:1287:18: branch_false: ...to here
openssh-10.0p1/krl.c:1287:18: call_function: calling ‘ssh_krl_from_blob’ from ‘ssh_krl_file_contains_key’
# 1071|   	}
# 1072|   	if ((r = sshbuf_consume(copy, sizeof(KRL_MAGIC) - 1)) != 0 ||
# 1073|-> 	    (r = sshbuf_get_u32(copy, &format_version)) != 0)
# 1074|   		goto out;
# 1075|   	if (format_version != KRL_FORMAT_VERSION) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def218]
openssh-10.0p1/krl.c:1076:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ssh_krl_init()’
openssh-10.0p1/krl.c:1275:1: enter_function: entry to ‘ssh_krl_file_contains_key’
openssh-10.0p1/krl.c:1281:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.0p1/krl.c:1283:18: branch_false: ...to here
openssh-10.0p1/krl.c:1283:12: branch_false: following ‘false’ branch...
openssh-10.0p1/krl.c:1287:18: branch_false: ...to here
openssh-10.0p1/krl.c:1287:18: call_function: calling ‘ssh_krl_from_blob’ from ‘ssh_krl_file_contains_key’
# 1074|   		goto out;
# 1075|   	if (format_version != KRL_FORMAT_VERSION) {
# 1076|-> 		error_f("unsupported KRL format version %u", format_version);
# 1077|   		r = SSH_ERR_INVALID_FORMAT;
# 1078|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def219]
openssh-10.0p1/krl.c:1080:18: warning[-Wanalyzer-malloc-leak]: leak of ‘ssh_krl_init()’
openssh-10.0p1/krl.c:1275:1: enter_function: entry to ‘ssh_krl_file_contains_key’
openssh-10.0p1/krl.c:1281:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.0p1/krl.c:1283:18: branch_false: ...to here
openssh-10.0p1/krl.c:1283:12: branch_false: following ‘false’ branch...
openssh-10.0p1/krl.c:1287:18: branch_false: ...to here
openssh-10.0p1/krl.c:1287:18: call_function: calling ‘ssh_krl_from_blob’ from ‘ssh_krl_file_contains_key’
# 1078|   		goto out;
# 1079|   	}
# 1080|-> 	if ((r = sshbuf_get_u64(copy, &krl->krl_version)) != 0 ||
# 1081|   	    (r = sshbuf_get_u64(copy, &krl->generated_date)) != 0 ||
# 1082|   	    (r = sshbuf_get_u64(copy, &krl->flags)) != 0 ||

Error: COMPILER_WARNING: [#def220]
openssh-10.0p1/log.c: scope_hint: In function ‘do_log’
openssh-10.0p1/log.c:404:53: warning[-Wformat-truncation=]: ‘: ’ directive output may be truncated writing 2 bytes into a region of size between 1 and 1024
#  404 |                 snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", msgbuf, suffix);
#      |                                                     ^~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output 3 or more bytes (assuming 1026) into a destination of size 1024
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  402|   	}
#  403|   	if (suffix != NULL) {
#  404|-> 		snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", msgbuf, suffix);
#  405|   		strlcpy(msgbuf, fmtbuf, sizeof(msgbuf));
#  406|   	}

Error: COMPILER_WARNING: [#def221]
openssh-10.0p1/log.c: scope_hint: In function ‘do_log’
openssh-10.0p1/log.c:416:58: warning: ‘
#   ’ directive output may be truncated writing 2 bytes into a region of size between 1 and 1024 [-Wformat-truncation=]
#  416 |                 snprintf(msgbuf, sizeof msgbuf, "%s%s%.*s\r\n",
#      |                                                          ^~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 3 and 1026 bytes into a destination of size 1024
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  414|   		log_handler = tmp_handler;
#  415|   	} else if (log_on_stderr) {
#  416|-> 		snprintf(msgbuf, sizeof msgbuf, "%s%s%.*s\r\n",
#  417|   		    (log_on_stderr > 1) ? progname : "",
#  418|   		    (log_on_stderr > 1) ? ": " : "",

Error: COMPILER_WARNING: [#def222]
openssh-10.0p1/log.c: scope_hint: In function ‘sshlogv’
openssh-10.0p1/log.c:472:67: warning[-Wformat-truncation=]: ‘%ld’ directive output may be truncated writing between 1 and 11 bytes into a region of size between 8 and 111
#  472 |         snprintf(tag, sizeof(tag), "%.48s:%.48s():%d (bin=%s, pid=%ld)",
#      |                                                                   ^~~
openssh-10.0p1/log.c:472:36: note: directive argument in the range [-2147483648, 2147483647]
#  472 |         snprintf(tag, sizeof(tag), "%.48s:%.48s():%d (bin=%s, pid=%ld)",
#      |                                    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output 20 or more bytes (assuming 133) into a destination of size 128
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  470|   		return;
#  471|   
#  472|-> 	snprintf(tag, sizeof(tag), "%.48s:%.48s():%d (bin=%s, pid=%ld)",
#  473|   	    (cp = strrchr(file, '/')) == NULL ? file : cp + 1, func, line,
#  474|   	    argv0 == NULL ? "UNKNOWN" : argv0, (long)getpid());

Error: GCC_ANALYZER_WARNING (CWE-404): [#def223]
openssh-10.0p1/log.c:476:21: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/log.c:447:1: enter_function: entry to ‘sshlogdie’
openssh-10.0p1/log.c:452:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/log.c:453:9: call_function: calling ‘sshlogv’ from ‘sshlogdie’
#  474|   	    argv0 == NULL ? "UNKNOWN" : argv0, (long)getpid());
#  475|   	for (i = 0; i < nlog_verbose; i++) {
#  476|-> 		if (match_pattern_list(tag, log_verbose[i], 0) == 1) {
#  477|   			forced = 1;
#  478|   			break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def224]
openssh-10.0p1/misc.c:635:29: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
openssh-10.0p1/misc.c:617:1: enter_function: entry to ‘convtime’
openssh-10.0p1/misc.c:623:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:625:18: acquire_memory: allocated here
openssh-10.0p1/misc.c:626:12: branch_false: following ‘false’ branch (when ‘os’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/misc.c:629:16: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:630:22: branch_true: ...to here
openssh-10.0p1/misc.c:630:22: call_function: calling ‘scandigits’ from ‘convtime’
openssh-10.0p1/misc.c:630:22: return_function: returning to ‘convtime’ from ‘scandigits’
openssh-10.0p1/misc.c:635:29: danger: ‘p’ leaks here; was allocated at [(4)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/3)
#  633|   			*np = '\0';
#  634|   		}
#  635|-> 		secs = (int)strtonum(p, 0, INT_MAX, &errstr);
#  636|   		if (errstr)
#  637|   			goto fail;

Error: COMPILER_WARNING: [#def225]
openssh-10.0p1/misc.c: scope_hint: In function ‘fmt_timeframe’
openssh-10.0p1/misc.c:712:40: warning[-Wformat-truncation=]: ‘%02llu’ directive output may be truncated writing between 2 and 14 bytes into a region of size 9
#  712 |                 snprintf(buf, TF_LEN, "%02lluw%01ud%02uh", week, day, hrs);
#      |                                        ^~~~~~
openssh-10.0p1/misc.c:712:39: note: directive argument in the range [1, 30500568904943]
#  712 |                 snprintf(buf, TF_LEN, "%02lluw%01ud%02uh", week, day, hrs);
#      |                                       ^~~~~~~~~~~~~~~~~~~
openssh-10.0p1/misc.c:712:39: note: directive argument in the range [0, 6]
openssh-10.0p1/misc.c:712:39: note: directive argument in the range [0, 23]
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 9 and 21 bytes into a destination of size 9
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  710|   
#  711|   	if (week > 0)
#  712|-> 		snprintf(buf, TF_LEN, "%02lluw%01ud%02uh", week, day, hrs);
#  713|   	else if (day > 0)
#  714|   		snprintf(buf, TF_LEN, "%01ud%02uh%02um", day, hrs, min);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def226]
openssh-10.0p1/misc.c:941:16: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(s)’
openssh-10.0p1/misc.c:914:1: enter_function: entry to ‘parse_user_host_port’
openssh-10.0p1/misc.c:922:12: branch_false: following ‘false’ branch (when ‘hostp’ is NULL)...
openssh-10.0p1/misc.c:924:12: branch_false: ...to here
openssh-10.0p1/misc.c:927:27: acquire_memory: allocated here
openssh-10.0p1/misc.c:927:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:930:19: branch_false: ...to here
openssh-10.0p1/misc.c:930:12: branch_false: following ‘false’ branch (when ‘cp’ is NULL)...
openssh-10.0p1/misc.c:939:19: branch_false: ...to here
openssh-10.0p1/misc.c:939:19: call_function: calling ‘hpdelim’ from ‘parse_user_host_port’
openssh-10.0p1/misc.c:939:19: return_function: returning to ‘parse_user_host_port’ from ‘hpdelim’
openssh-10.0p1/misc.c:939:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:941:16: danger: ‘strdup(s)’ leaks here; was allocated at [(4)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/3)
#  939|   	if ((cp = hpdelim(&tmp)) == NULL || *cp == '\0')
#  940|   		goto out;
#  941|-> 	host = xstrdup(cleanhostname(cp));
#  942|   	/* Convert and verify optional port */
#  943|   	if (tmp != NULL && *tmp != '\0') {

Error: GCC_ANALYZER_WARNING (CWE-404): [#def227]
openssh-10.0p1/misc.c:1306:20: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/misc.c:1446:1: enter_function: entry to ‘percent_dollar_expand’
openssh-10.0p1/misc.c:1452:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/misc.c:1453:15: call_function: calling ‘vdollar_percent_expand’ from ‘percent_dollar_expand’
# 1304|   	size_t len;
# 1305|   
# 1306|-> 	if ((buf = sshbuf_new()) == NULL)
# 1307|   		fatal_f("sshbuf_new failed");
# 1308|   	if (parseerror == NULL)

Error: GCC_ANALYZER_WARNING (CWE-404): [#def228]
openssh-10.0p1/misc.c:1307:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/misc.c:1446:1: enter_function: entry to ‘percent_dollar_expand’
openssh-10.0p1/misc.c:1452:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/misc.c:1453:15: call_function: calling ‘vdollar_percent_expand’ from ‘percent_dollar_expand’
# 1305|   
# 1306|   	if ((buf = sshbuf_new()) == NULL)
# 1307|-> 		fatal_f("sshbuf_new failed");
# 1308|   	if (parseerror == NULL)
# 1309|   		fatal_f("null parseerror arg");

Error: GCC_ANALYZER_WARNING (CWE-404): [#def229]
openssh-10.0p1/misc.c:1320:33: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/misc.c:1446:1: enter_function: entry to ‘percent_dollar_expand’
openssh-10.0p1/misc.c:1452:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/misc.c:1453:15: call_function: calling ‘vdollar_percent_expand’ from ‘percent_dollar_expand’
# 1318|   			keys[num_keys].repl = va_arg(ap, char *);
# 1319|   			if (keys[num_keys].repl == NULL) {
# 1320|-> 				fatal_f("NULL replacement for token %s",
# 1321|   				    keys[num_keys].key);
# 1322|   			}

Error: GCC_ANALYZER_WARNING (CWE-404): [#def230]
openssh-10.0p1/misc.c:1325:25: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/misc.c:1446:1: enter_function: entry to ‘percent_dollar_expand’
openssh-10.0p1/misc.c:1452:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/misc.c:1453:15: call_function: calling ‘vdollar_percent_expand’ from ‘percent_dollar_expand’
# 1323|   		}
# 1324|   		if (num_keys == EXPAND_MAX_KEYS && va_arg(ap, char *) != NULL)
# 1325|-> 			fatal_f("too many keys");
# 1326|   		if (num_keys == 0)
# 1327|   			fatal_f("percent expansion without token list");

Error: GCC_ANALYZER_WARNING (CWE-404): [#def231]
openssh-10.0p1/misc.c:1327:25: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/misc.c:1446:1: enter_function: entry to ‘percent_dollar_expand’
openssh-10.0p1/misc.c:1452:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/misc.c:1453:15: call_function: calling ‘vdollar_percent_expand’ from ‘percent_dollar_expand’
# 1325|   			fatal_f("too many keys");
# 1326|   		if (num_keys == 0)
# 1327|-> 			fatal_f("percent expansion without token list");
# 1328|   	}
# 1329|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def232]
openssh-10.0p1/misc.c:1336:33: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/misc.c:1408:1: enter_function: entry to ‘dollar_expand’
openssh-10.0p1/misc.c:1414:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/misc.c:1415:15: call_function: calling ‘vdollar_percent_expand’ from ‘dollar_expand’
# 1334|   			string += 2;  /* skip over '${' */
# 1335|   			if ((varend = strchr(string, '}')) == NULL) {
# 1336|-> 				error_f("environment variable '%s' missing "
# 1337|   				    "closing '}'", string);
# 1338|   				goto out;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def233]
openssh-10.0p1/misc.c:1342:33: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/misc.c:1408:1: enter_function: entry to ‘dollar_expand’
openssh-10.0p1/misc.c:1414:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/misc.c:1415:15: call_function: calling ‘vdollar_percent_expand’ from ‘dollar_expand’
# 1340|   			len = varend - string;
# 1341|   			if (len == 0) {
# 1342|-> 				error_f("zero-length environment variable");
# 1343|   				goto out;
# 1344|   			}

Error: GCC_ANALYZER_WARNING (CWE-404): [#def234]
openssh-10.0p1/misc.c:1345:31: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/misc.c:1408:1: enter_function: entry to ‘dollar_expand’
openssh-10.0p1/misc.c:1414:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/misc.c:1415:15: call_function: calling ‘vdollar_percent_expand’ from ‘dollar_expand’
# 1343|   				goto out;
# 1344|   			}
# 1345|-> 			var = xmalloc(len + 1);
# 1346|   			(void)strlcpy(var, string, len + 1);
# 1347|   			if ((val = getenv(var)) == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-404): [#def235]
openssh-10.0p1/misc.c:1348:33: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/misc.c:1408:1: enter_function: entry to ‘dollar_expand’
openssh-10.0p1/misc.c:1414:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/misc.c:1415:15: call_function: calling ‘vdollar_percent_expand’ from ‘dollar_expand’
# 1346|   			(void)strlcpy(var, string, len + 1);
# 1347|   			if ((val = getenv(var)) == NULL) {
# 1348|-> 				error_f("env var ${%s} has no value", var);
# 1349|   				missingvar = 1;
# 1350|   			} else {

Error: GCC_ANALYZER_WARNING (CWE-404): [#def236]
openssh-10.0p1/misc.c:1351:33: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/misc.c:1408:1: enter_function: entry to ‘dollar_expand’
openssh-10.0p1/misc.c:1414:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/misc.c:1415:15: call_function: calling ‘vdollar_percent_expand’ from ‘dollar_expand’
# 1349|   				missingvar = 1;
# 1350|   			} else {
# 1351|-> 				debug3_f("expand ${%s} -> '%s'", var, val);
# 1352|   				if ((r = sshbuf_put(buf, val, strlen(val))) !=0)
# 1353|   					fatal_fr(r, "sshbuf_put ${}");

Error: GCC_ANALYZER_WARNING (CWE-404): [#def237]
openssh-10.0p1/misc.c:1352:42: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/misc.c:1408:1: enter_function: entry to ‘dollar_expand’
openssh-10.0p1/misc.c:1414:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/misc.c:1415:15: call_function: calling ‘vdollar_percent_expand’ from ‘dollar_expand’
# 1350|   			} else {
# 1351|   				debug3_f("expand ${%s} -> '%s'", var, val);
# 1352|-> 				if ((r = sshbuf_put(buf, val, strlen(val))) !=0)
# 1353|   					fatal_fr(r, "sshbuf_put ${}");
# 1354|   			}

Error: GCC_ANALYZER_WARNING (CWE-404): [#def238]
openssh-10.0p1/misc.c:1367:34: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/misc.c:1427:1: enter_function: entry to ‘percent_expand’
openssh-10.0p1/misc.c:1433:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/misc.c:1434:15: call_function: calling ‘vdollar_percent_expand’ from ‘percent_expand’
# 1365|   		if (*string != '%' || !percent) {
# 1366|    append:
# 1367|-> 			if ((r = sshbuf_put_u8(buf, *string)) != 0)
# 1368|   				fatal_fr(r, "sshbuf_put_u8 %%");
# 1369|   			continue;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def239]
openssh-10.0p1/misc.c:1368:33: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/misc.c:1427:1: enter_function: entry to ‘percent_expand’
openssh-10.0p1/misc.c:1433:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/misc.c:1434:15: call_function: calling ‘vdollar_percent_expand’ from ‘percent_expand’
# 1366|    append:
# 1367|   			if ((r = sshbuf_put_u8(buf, *string)) != 0)
# 1368|-> 				fatal_fr(r, "sshbuf_put_u8 %%");
# 1369|   			continue;
# 1370|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def240]
openssh-10.0p1/misc.c:1550:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dupfd’
openssh-10.0p1/misc.c:1543:31: acquire_resource: opened here
openssh-10.0p1/misc.c:1543:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:1548:16: branch_true: following ‘true’ branch (when ‘dupfd <= 2’)...
openssh-10.0p1/misc.c:1550:21: branch_true: ...to here
openssh-10.0p1/misc.c:1550:21: danger: ‘dupfd’ leaks here; was opened at [(1)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/0)
# 1548|   	while (++dupfd <= STDERR_FILENO) {
# 1549|   		/* Only populate closed fds. */
# 1550|-> 		if (fcntl(dupfd, F_GETFL) == -1 && errno == EBADF) {
# 1551|   			if (dup2(nullfd, dupfd) == -1) {
# 1552|   				fprintf(stderr, "dup2: %s\n", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def241]
openssh-10.0p1/misc.c:1550:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-10.0p1/misc.c:1543:31: acquire_resource: opened here
openssh-10.0p1/misc.c:1543:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:1548:16: branch_true: following ‘true’ branch (when ‘dupfd <= 2’)...
openssh-10.0p1/misc.c:1550:21: branch_true: ...to here
openssh-10.0p1/misc.c:1548:16: branch_true: following ‘true’ branch (when ‘dupfd <= 2’)...
openssh-10.0p1/misc.c:1550:21: branch_true: ...to here
openssh-10.0p1/misc.c:1550:21: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/0)
# 1548|   	while (++dupfd <= STDERR_FILENO) {
# 1549|   		/* Only populate closed fds. */
# 1550|-> 		if (fcntl(dupfd, F_GETFL) == -1 && errno == EBADF) {
# 1551|   			if (dup2(nullfd, dupfd) == -1) {
# 1552|   				fprintf(stderr, "dup2: %s\n", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def242]
openssh-10.0p1/misc.c:1551:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), dupfd)’
openssh-10.0p1/misc.c:1543:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:1548:16: branch_true: following ‘true’ branch (when ‘dupfd <= 2’)...
openssh-10.0p1/misc.c:1550:21: branch_true: ...to here
openssh-10.0p1/misc.c:1550:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:1551:29: acquire_resource: opened here
openssh-10.0p1/misc.c:1551:28: danger: ‘dup2(open("/dev/null", 2), dupfd)’ leaks here; was opened at [(7)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/6)
# 1549|   		/* Only populate closed fds. */
# 1550|   		if (fcntl(dupfd, F_GETFL) == -1 && errno == EBADF) {
# 1551|-> 			if (dup2(nullfd, dupfd) == -1) {
# 1552|   				fprintf(stderr, "dup2: %s\n", strerror(errno));
# 1553|   				exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def243]
openssh-10.0p1/misc.c:1551:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-10.0p1/misc.c:1543:31: acquire_resource: opened here
openssh-10.0p1/misc.c:1543:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:1548:16: branch_true: following ‘true’ branch (when ‘dupfd <= 2’)...
openssh-10.0p1/misc.c:1550:21: branch_true: ...to here
openssh-10.0p1/misc.c:1548:16: branch_true: following ‘true’ branch (when ‘dupfd <= 2’)...
openssh-10.0p1/misc.c:1550:21: branch_true: ...to here
openssh-10.0p1/misc.c:1551:28: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/0)
# 1549|   		/* Only populate closed fds. */
# 1550|   		if (fcntl(dupfd, F_GETFL) == -1 && errno == EBADF) {
# 1551|-> 			if (dup2(nullfd, dupfd) == -1) {
# 1552|   				fprintf(stderr, "dup2: %s\n", strerror(errno));
# 1553|   				exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def244]
openssh-10.0p1/misc.c:1557:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-10.0p1/misc.c:1543:31: acquire_resource: opened here
openssh-10.0p1/misc.c:1543:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:1548:16: branch_true: following ‘true’ branch (when ‘dupfd <= 2’)...
openssh-10.0p1/misc.c:1550:21: branch_true: ...to here
openssh-10.0p1/misc.c:1557:12: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/0)
# 1555|   		}
# 1556|   	}
# 1557|-> 	if (nullfd > STDERR_FILENO)
# 1558|   		close(nullfd);
# 1559|   	/* coverity[leaked_handle : FALSE]*/

Error: GCC_ANALYZER_WARNING (CWE-775): [#def245]
openssh-10.0p1/misc.c:1558:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dupfd’
openssh-10.0p1/misc.c:1543:31: acquire_resource: opened here
openssh-10.0p1/misc.c:1543:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:1548:16: branch_false: following ‘false’ branch (when ‘dupfd > 2’)...
openssh-10.0p1/misc.c:1557:12: branch_false: ...to here
openssh-10.0p1/misc.c:1557:12: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:1558:17: branch_true: ...to here
openssh-10.0p1/misc.c:1558:17: danger: ‘dupfd’ leaks here; was opened at [(1)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/0)
# 1556|   	}
# 1557|   	if (nullfd > STDERR_FILENO)
# 1558|-> 		close(nullfd);
# 1559|   	/* coverity[leaked_handle : FALSE]*/
# 1560|   	/* coverity[leaked_handle : FALSE]*/

Error: GCC_ANALYZER_WARNING (CWE-775): [#def246]
openssh-10.0p1/misc.c:1561:1: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dupfd’
openssh-10.0p1/misc.c:1543:31: acquire_resource: opened here
openssh-10.0p1/misc.c:1543:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:1548:16: branch_false: following ‘false’ branch (when ‘dupfd > 2’)...
openssh-10.0p1/misc.c:1557:12: branch_false: ...to here
openssh-10.0p1/misc.c:1557:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:1561:1: branch_false: ...to here
openssh-10.0p1/misc.c:1561:1: danger: ‘dupfd’ leaks here; was opened at [(1)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/0)
# 1559|   	/* coverity[leaked_handle : FALSE]*/
# 1560|   	/* coverity[leaked_handle : FALSE]*/
# 1561|-> }
# 1562|   
# 1563|   char *

Error: GCC_ANALYZER_WARNING (CWE-404): [#def247]
openssh-10.0p1/misc.c:1594:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/misc.c:1593:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/misc.c:1594:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/0)
# 1592|   
# 1593|   	va_start(ap, fmt);
# 1594|-> 	xvasprintf(&tmp1, fmt, ap);
# 1595|   	va_end(ap);
# 1596|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def248]
openssh-10.0p1/misc.c:1969:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/misc.c:1953:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:1960:16: branch_false: ...to here
openssh-10.0p1/misc.c:1960:16: acquire_resource: stream socket created here
openssh-10.0p1/misc.c:1961:12: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.0p1/misc.c:1967:12: branch_false: ...to here
openssh-10.0p1/misc.c:1967:12: branch_true: following ‘true’ branch (when ‘unlink_first == 1’)...
openssh-10.0p1/misc.c:1968:21: branch_true: ...to here
openssh-10.0p1/misc.c:1968:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:1969:25: danger: ‘sock’ leaks here
# 1967|   	if (unlink_first == 1) {
# 1968|   		if (unlink(path) != 0 && errno != ENOENT)
# 1969|-> 			error("unlink(%s): %.100s", path, strerror(errno));
# 1970|   	}
# 1971|   	if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def249]
openssh-10.0p1/misc.c:1980:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/misc.c:1953:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:1960:16: branch_false: ...to here
openssh-10.0p1/misc.c:1960:16: acquire_resource: stream socket created here
openssh-10.0p1/misc.c:1961:12: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.0p1/misc.c:1967:12: branch_false: ...to here
openssh-10.0p1/misc.c:1971:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:1978:13: branch_false: ...to here
openssh-10.0p1/misc.c:1978:12: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:1979:31: branch_true: ...to here
openssh-10.0p1/misc.c:1980:17: danger: ‘sock’ leaks here
# 1978|   	if (listen(sock, backlog) == -1) {
# 1979|   		saved_errno = errno;
# 1980|-> 		error_f("cannot listen on path %s: %s", path, strerror(errno));
# 1981|   		close(sock);
# 1982|   		unlink(path);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def250]
openssh-10.0p1/misc.c:1981:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/misc.c:1953:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:1960:16: branch_false: ...to here
openssh-10.0p1/misc.c:1960:16: acquire_resource: stream socket created here
openssh-10.0p1/misc.c:1961:12: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.0p1/misc.c:1967:12: branch_false: ...to here
openssh-10.0p1/misc.c:1971:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:1978:13: branch_false: ...to here
openssh-10.0p1/misc.c:1978:12: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:1979:31: branch_true: ...to here
openssh-10.0p1/misc.c:1981:17: danger: ‘sock’ leaks here
# 1979|   		saved_errno = errno;
# 1980|   		error_f("cannot listen on path %s: %s", path, strerror(errno));
# 1981|-> 		close(sock);
# 1982|   		unlink(path);
# 1983|   		errno = saved_errno;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def251]
openssh-10.0p1/misc.c:2058:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 256)’
openssh-10.0p1/misc.c:2057:19: acquire_resource: opened here
openssh-10.0p1/misc.c:2057:12: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2058:17: branch_true: ...to here
openssh-10.0p1/misc.c:2058:17: danger: ‘open("/dev/tty", 256)’ leaks here; was opened at [(1)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/0)
# 2056|   
# 2057|   	if ((fd = open(_PATH_TTY, O_RDONLY | O_NOCTTY)) >= 0) {
# 2058|-> 		close(fd);
# 2059|   		return 0;	/* have controlling terminal */
# 2060|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def252]
openssh-10.0p1/misc.c:2190:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/misc.c:2154:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2188:20: acquire_memory: allocated here
openssh-10.0p1/misc.c:2188:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/misc.c:2190:9: branch_false: ...to here
openssh-10.0p1/misc.c:2190:9: danger: ‘ret’ leaks here; was allocated at [(3)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/2)
# 2188|   	if ((ret = malloc(sshbuf_len(buf) + 1)) == NULL)
# 2189|   		fatal_f("malloc failed");
# 2190|-> 	memcpy(ret, sshbuf_ptr(buf), sshbuf_len(buf));
# 2191|   	ret[sshbuf_len(buf)] = '\0';
# 2192|   	sshbuf_free(buf);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def253]
openssh-10.0p1/misc.c:2190:21: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/misc.c:2154:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2188:20: acquire_memory: allocated here
openssh-10.0p1/misc.c:2188:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/misc.c:2190:9: branch_false: ...to here
openssh-10.0p1/misc.c:2190:21: danger: ‘ret’ leaks here; was allocated at [(3)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/2)
# 2188|   	if ((ret = malloc(sshbuf_len(buf) + 1)) == NULL)
# 2189|   		fatal_f("malloc failed");
# 2190|-> 	memcpy(ret, sshbuf_ptr(buf), sshbuf_len(buf));
# 2191|   	ret[sshbuf_len(buf)] = '\0';
# 2192|   	sshbuf_free(buf);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def254]
openssh-10.0p1/misc.c:2191:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/misc.c:2154:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2188:20: acquire_memory: allocated here
openssh-10.0p1/misc.c:2188:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/misc.c:2190:9: branch_false: ...to here
openssh-10.0p1/misc.c:2191:13: danger: ‘ret’ leaks here; was allocated at [(3)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/2)
# 2189|   		fatal_f("malloc failed");
# 2190|   	memcpy(ret, sshbuf_ptr(buf), sshbuf_len(buf));
# 2191|-> 	ret[sshbuf_len(buf)] = '\0';
# 2192|   	sshbuf_free(buf);
# 2193|   	sshbuf_free(arg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def255]
openssh-10.0p1/misc.c:2192:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/misc.c:2154:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2188:20: acquire_memory: allocated here
openssh-10.0p1/misc.c:2188:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/misc.c:2190:9: branch_false: ...to here
openssh-10.0p1/misc.c:2192:9: danger: ‘ret’ leaks here; was allocated at [(3)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/2)
# 2190|   	memcpy(ret, sshbuf_ptr(buf), sshbuf_len(buf));
# 2191|   	ret[sshbuf_len(buf)] = '\0';
# 2192|-> 	sshbuf_free(buf);
# 2193|   	sshbuf_free(arg);
# 2194|   	return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def256]
openssh-10.0p1/misc.c:2193:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/misc.c:2154:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2188:20: acquire_memory: allocated here
openssh-10.0p1/misc.c:2188:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/misc.c:2190:9: branch_false: ...to here
openssh-10.0p1/misc.c:2193:9: danger: ‘ret’ leaks here; was allocated at [(3)](sarif:/runs/0/results/32/codeFlows/0/threadFlows/0/locations/2)
# 2191|   	ret[sshbuf_len(buf)] = '\0';
# 2192|   	sshbuf_free(buf);
# 2193|-> 	sshbuf_free(arg);
# 2194|   	return ret;
# 2195|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def257]
openssh-10.0p1/misc.c:2355:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2847:25: branch_true: ...to here
openssh-10.0p1/misc.c:2849:25: call_function: calling ‘child_set_env’ from ‘subprocess’
# 2353|   
# 2354|   	if (strchr(name, '=') != NULL) {
# 2355|-> 		error("Invalid environment variable \"%.100s\"", name);
# 2356|   		return;
# 2357|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def258]
openssh-10.0p1/misc.c:2355:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2847:25: branch_true: ...to here
openssh-10.0p1/misc.c:2849:25: call_function: calling ‘child_set_env’ from ‘subprocess’
# 2353|   
# 2354|   	if (strchr(name, '=') != NULL) {
# 2355|-> 		error("Invalid environment variable \"%.100s\"", name);
# 2356|   		return;
# 2357|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def259]
openssh-10.0p1/misc.c:2364:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2847:25: branch_true: ...to here
openssh-10.0p1/misc.c:2849:25: call_function: calling ‘child_set_env’ from ‘subprocess’
# 2362|   	 */
# 2363|   	if ((*envp == NULL) != (*envsizep == 0))
# 2364|-> 		fatal_f("environment size mismatch");
# 2365|   	if (*envp == NULL && *envsizep == 0) {
# 2366|   		*envp = xmalloc(sizeof(char *));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def260]
openssh-10.0p1/misc.c:2364:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2847:25: branch_true: ...to here
openssh-10.0p1/misc.c:2849:25: call_function: calling ‘child_set_env’ from ‘subprocess’
# 2362|   	 */
# 2363|   	if ((*envp == NULL) != (*envsizep == 0))
# 2364|-> 		fatal_f("environment size mismatch");
# 2365|   	if (*envp == NULL && *envsizep == 0) {
# 2366|   		*envp = xmalloc(sizeof(char *));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def261]
openssh-10.0p1/misc.c:2391:41: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2847:25: branch_true: ...to here
openssh-10.0p1/misc.c:2849:25: call_function: calling ‘child_set_env’ from ‘subprocess’
# 2389|   				fatal("child_set_env: too many env vars");
# 2390|   			envsize += 50;
# 2391|-> 			env = (*envp) = xreallocarray(env, envsize, sizeof(char *));
# 2392|   			*envsizep = envsize;
# 2393|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def262]
openssh-10.0p1/misc.c:2391:41: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2847:25: branch_true: ...to here
openssh-10.0p1/misc.c:2849:25: call_function: calling ‘child_set_env’ from ‘subprocess’
# 2389|   				fatal("child_set_env: too many env vars");
# 2390|   			envsize += 50;
# 2391|-> 			env = (*envp) = xreallocarray(env, envsize, sizeof(char *));
# 2392|   			*envsizep = envsize;
# 2393|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def263]
openssh-10.0p1/misc.c:2400:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2847:25: branch_true: ...to here
openssh-10.0p1/misc.c:2849:25: call_function: calling ‘child_set_env’ from ‘subprocess’
# 2398|   	/* Allocate space and format the variable in the appropriate slot. */
# 2399|   	/* XXX xasprintf */
# 2400|-> 	env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1);
# 2401|   	snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value);
# 2402|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def264]
openssh-10.0p1/misc.c:2400:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2847:25: branch_true: ...to here
openssh-10.0p1/misc.c:2849:25: call_function: calling ‘child_set_env’ from ‘subprocess’
# 2398|   	/* Allocate space and format the variable in the appropriate slot. */
# 2399|   	/* XXX xasprintf */
# 2400|-> 	env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1);
# 2401|   	snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value);
# 2402|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def265]
openssh-10.0p1/misc.c:2730:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
# 2728|   #endif
# 2729|   	if (sigaction(signum, &sa, &osa) == -1) {
# 2730|-> 		debug3("sigaction(%s): %s", strsignal(signum), strerror(errno));
# 2731|   		return SIG_ERR;
# 2732|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def266]
openssh-10.0p1/misc.c:2730:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
# 2728|   #endif
# 2729|   	if (sigaction(signum, &sa, &osa) == -1) {
# 2730|-> 		debug3("sigaction(%s): %s", strsignal(signum), strerror(errno));
# 2731|   		return SIG_ERR;
# 2732|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def267]
openssh-10.0p1/misc.c:2730:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[i]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
# 2728|   #endif
# 2729|   	if (sigaction(signum, &sa, &osa) == -1) {
# 2730|-> 		debug3("sigaction(%s): %s", strsignal(signum), strerror(errno));
# 2731|   		return SIG_ERR;
# 2732|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def268]
openssh-10.0p1/misc.c:2746:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 0)’
openssh-10.0p1/misc.c:2741:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2746:12: branch_false: ...to here
openssh-10.0p1/misc.c:2746:12: branch_true: following ‘true’ branch (when ‘do_stdin != 0’)...
openssh-10.0p1/misc.c:2746:26: branch_true: ...to here
openssh-10.0p1/misc.c:2746:26: acquire_resource: opened here
openssh-10.0p1/misc.c:2746:13: danger: ‘dup2(open("/dev/null", 2), 0)’ leaks here; was opened at [(5)](sarif:/runs/0/results/44/codeFlows/0/threadFlows/0/locations/4)
# 2744|   		return -1;
# 2745|   	}
# 2746|-> 	if ((do_stdin && dup2(devnull, STDIN_FILENO) == -1) ||
# 2747|   	    (do_stdout && dup2(devnull, STDOUT_FILENO) == -1) ||
# 2748|   	    (do_stderr && dup2(devnull, STDERR_FILENO) == -1)) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def269]
openssh-10.0p1/misc.c:2747:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 1)’
openssh-10.0p1/misc.c:2741:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2746:12: branch_false: ...to here
openssh-10.0p1/misc.c:2746:13: branch_true: following ‘true’ branch (when ‘do_stdout != 0’)...
openssh-10.0p1/misc.c:2747:27: branch_true: ...to here
openssh-10.0p1/misc.c:2747:27: acquire_resource: opened here
openssh-10.0p1/misc.c:2747:13: danger: ‘dup2(open("/dev/null", 2), 1)’ leaks here; was opened at [(5)](sarif:/runs/0/results/45/codeFlows/0/threadFlows/0/locations/4)
# 2745|   	}
# 2746|   	if ((do_stdin && dup2(devnull, STDIN_FILENO) == -1) ||
# 2747|-> 	    (do_stdout && dup2(devnull, STDOUT_FILENO) == -1) ||
# 2748|   	    (do_stderr && dup2(devnull, STDERR_FILENO) == -1)) {
# 2749|   		error_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def270]
openssh-10.0p1/misc.c:2748:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 2)’
openssh-10.0p1/misc.c:2741:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2746:12: branch_false: ...to here
openssh-10.0p1/misc.c:2746:13: branch_true: following ‘true’ branch (when ‘do_stderr != 0’)...
openssh-10.0p1/misc.c:2748:27: branch_true: ...to here
openssh-10.0p1/misc.c:2748:27: acquire_resource: opened here
openssh-10.0p1/misc.c:2748:13: danger: ‘dup2(open("/dev/null", 2), 2)’ leaks here; was opened at [(5)](sarif:/runs/0/results/46/codeFlows/0/threadFlows/0/locations/4)
# 2746|   	if ((do_stdin && dup2(devnull, STDIN_FILENO) == -1) ||
# 2747|   	    (do_stdout && dup2(devnull, STDOUT_FILENO) == -1) ||
# 2748|-> 	    (do_stderr && dup2(devnull, STDERR_FILENO) == -1)) {
# 2749|   		error_f("dup2: %s", strerror(errno));
# 2750|   		ret = -1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def271]
openssh-10.0p1/misc.c:2749:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-10.0p1/misc.c:2741:24: acquire_resource: opened here
openssh-10.0p1/misc.c:2741:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2746:12: branch_false: ...to here
openssh-10.0p1/misc.c:2749:17: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/47/codeFlows/0/threadFlows/0/locations/0)
# 2747|   	    (do_stdout && dup2(devnull, STDOUT_FILENO) == -1) ||
# 2748|   	    (do_stderr && dup2(devnull, STDERR_FILENO) == -1)) {
# 2749|-> 		error_f("dup2: %s", strerror(errno));
# 2750|   		ret = -1;
# 2751|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def272]
openssh-10.0p1/misc.c:2752:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-10.0p1/misc.c:2741:24: acquire_resource: opened here
openssh-10.0p1/misc.c:2741:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2746:12: branch_false: ...to here
openssh-10.0p1/misc.c:2752:12: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/48/codeFlows/0/threadFlows/0/locations/0)
# 2750|   		ret = -1;
# 2751|   	}
# 2752|-> 	if (devnull > STDERR_FILENO)
# 2753|   		close(devnull);
# 2754|   	/* coverity[leaked_handle : FALSE]*/

Error: GCC_ANALYZER_WARNING (CWE-775): [#def273]
openssh-10.0p1/misc.c:2753:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-10.0p1/misc.c:2741:24: acquire_resource: opened here
openssh-10.0p1/misc.c:2741:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2746:12: branch_false: ...to here
openssh-10.0p1/misc.c:2752:12: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2753:17: branch_true: ...to here
openssh-10.0p1/misc.c:2753:17: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/49/codeFlows/0/threadFlows/0/locations/0)
# 2751|   	}
# 2752|   	if (devnull > STDERR_FILENO)
# 2753|-> 		close(devnull);
# 2754|   	/* coverity[leaked_handle : FALSE]*/
# 2755|   	return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def274]
openssh-10.0p1/misc.c:2784:24: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2923:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2925:23: branch_false: ...to here
openssh-10.0p1/misc.c:2925:23: acquire_memory: allocated here
openssh-10.0p1/misc.c:2925:17: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
openssh-10.0p1/misc.c:2935:9: branch_false: ...to here
openssh-10.0p1/misc.c:2936:12: branch_false: following ‘false’ branch (when ‘child’ is NULL)...
 branch_false: ...to here
openssh-10.0p1/misc.c:2784:24: danger: ‘f’ leaks here; was allocated at [(14)](sarif:/runs/0/results/50/codeFlows/0/threadFlows/0/locations/13)
# 2782|   	if (drop_privs != NULL && (pw == NULL || restore_privs == NULL)) {
# 2783|   		error("%s: inconsistent arguments", tag); /* XXX fatal? */
# 2784|-> 		return 0;
# 2785|   	}
# 2786|   	if (pw == NULL && (pw = getpwuid(getuid())) == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def275]
openssh-10.0p1/misc.c:2836:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2835:12: branch_true: following ‘true’ branch (when ‘restore_privs’ is non-NULL)...
openssh-10.0p1/misc.c:2836:17: branch_true: ...to here
openssh-10.0p1/misc.c:2836:17: danger: ‘p[0]’ leaks here
# 2834|   	}
# 2835|   	if (restore_privs != NULL)
# 2836|-> 		restore_privs();
# 2837|   
# 2838|   	switch ((pid = fork())) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def276]
openssh-10.0p1/misc.c:2836:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2835:12: branch_true: following ‘true’ branch (when ‘restore_privs’ is non-NULL)...
openssh-10.0p1/misc.c:2836:17: branch_true: ...to here
openssh-10.0p1/misc.c:2836:17: danger: ‘p[1]’ leaks here
# 2834|   	}
# 2835|   	if (restore_privs != NULL)
# 2836|-> 		restore_privs();
# 2837|   
# 2838|   	switch ((pid = fork())) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def277]
openssh-10.0p1/misc.c:2840:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2840:17: danger: ‘p[0]’ leaks here
# 2838|   	switch ((pid = fork())) {
# 2839|   	case -1: /* error */
# 2840|-> 		error("%s: fork: %s", tag, strerror(errno));
# 2841|   		close(p[0]);
# 2842|   		close(p[1]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def278]
openssh-10.0p1/misc.c:2840:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2840:17: danger: ‘p[1]’ leaks here
# 2838|   	switch ((pid = fork())) {
# 2839|   	case -1: /* error */
# 2840|-> 		error("%s: fork: %s", tag, strerror(errno));
# 2841|   		close(p[0]);
# 2842|   		close(p[1]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def279]
openssh-10.0p1/misc.c:2841:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2841:17: danger: ‘p[0]’ leaks here
# 2839|   	case -1: /* error */
# 2840|   		error("%s: fork: %s", tag, strerror(errno));
# 2841|-> 		close(p[0]);
# 2842|   		close(p[1]);
# 2843|   		return 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def280]
openssh-10.0p1/misc.c:2841:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2841:17: danger: ‘p[1]’ leaks here
# 2839|   	case -1: /* error */
# 2840|   		error("%s: fork: %s", tag, strerror(errno));
# 2841|-> 		close(p[0]);
# 2842|   		close(p[1]);
# 2843|   		return 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def281]
openssh-10.0p1/misc.c:2842:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2842:17: danger: ‘p[1]’ leaks here
# 2840|   		error("%s: fork: %s", tag, strerror(errno));
# 2841|   		close(p[0]);
# 2842|-> 		close(p[1]);
# 2843|   		return 0;
# 2844|   	case 0: /* child */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def282]
openssh-10.0p1/misc.c:2848:31: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2847:25: branch_true: ...to here
openssh-10.0p1/misc.c:2848:31: danger: ‘p[0]’ leaks here
# 2846|   		if ((flags & SSH_SUBPROCESS_PRESERVE_ENV) == 0) {
# 2847|   			nenv = 5;
# 2848|-> 			env = xcalloc(sizeof(*env), nenv);
# 2849|   			child_set_env(&env, &nenv, "PATH", _PATH_STDPATH);
# 2850|   			child_set_env(&env, &nenv, "USER", pw->pw_name);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def283]
openssh-10.0p1/misc.c:2848:31: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2847:25: branch_true: ...to here
openssh-10.0p1/misc.c:2848:31: danger: ‘p[1]’ leaks here
# 2846|   		if ((flags & SSH_SUBPROCESS_PRESERVE_ENV) == 0) {
# 2847|   			nenv = 5;
# 2848|-> 			env = xcalloc(sizeof(*env), nenv);
# 2849|   			child_set_env(&env, &nenv, "PATH", _PATH_STDPATH);
# 2850|   			child_set_env(&env, &nenv, "USER", pw->pw_name);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def284]
openssh-10.0p1/misc.c:2860:32: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:32: danger: ‘p[0]’ leaks here
# 2858|   			ssh_signal(i, SIG_DFL);
# 2859|   
# 2860|-> 		if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
# 2861|   			error("%s: open %s: %s", tag, _PATH_DEVNULL,
# 2862|   			    strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def285]
openssh-10.0p1/misc.c:2860:32: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:32: danger: ‘p[1]’ leaks here
# 2858|   			ssh_signal(i, SIG_DFL);
# 2859|   
# 2860|-> 		if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
# 2861|   			error("%s: open %s: %s", tag, _PATH_DEVNULL,
# 2862|   			    strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def286]
openssh-10.0p1/misc.c:2861:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2861:25: branch_true: ...to here
openssh-10.0p1/misc.c:2861:25: danger: ‘p[0]’ leaks here
# 2859|   
# 2860|   		if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
# 2861|-> 			error("%s: open %s: %s", tag, _PATH_DEVNULL,
# 2862|   			    strerror(errno));
# 2863|   			_exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def287]
openssh-10.0p1/misc.c:2861:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2861:25: branch_true: ...to here
openssh-10.0p1/misc.c:2861:25: danger: ‘p[1]’ leaks here
# 2859|   
# 2860|   		if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
# 2861|-> 			error("%s: open %s: %s", tag, _PATH_DEVNULL,
# 2862|   			    strerror(errno));
# 2863|   			_exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def288]
openssh-10.0p1/misc.c:2865:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 2), 0)’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:21: acquire_resource: opened here
openssh-10.0p1/misc.c:2865:20: danger: ‘dup2(open("/dev/null", 2), 0)’ leaks here; was opened at [(24)](sarif:/runs/0/results/65/codeFlows/0/threadFlows/0/locations/23)
# 2863|   			_exit(1);
# 2864|   		}
# 2865|-> 		if (dup2(devnull, STDIN_FILENO) == -1) {
# 2866|   			error("%s: dup2: %s", tag, strerror(errno));
# 2867|   			_exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def289]
openssh-10.0p1/misc.c:2865:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:32: acquire_resource: opened here
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(22)](sarif:/runs/0/results/64/codeFlows/0/threadFlows/0/locations/21)
# 2863|   			_exit(1);
# 2864|   		}
# 2865|-> 		if (dup2(devnull, STDIN_FILENO) == -1) {
# 2866|   			error("%s: dup2: %s", tag, strerror(errno));
# 2867|   			_exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def290]
openssh-10.0p1/misc.c:2866:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2866:25: branch_true: ...to here
openssh-10.0p1/misc.c:2866:25: danger: ‘p[0]’ leaks here
# 2864|   		}
# 2865|   		if (dup2(devnull, STDIN_FILENO) == -1) {
# 2866|-> 			error("%s: dup2: %s", tag, strerror(errno));
# 2867|   			_exit(1);
# 2868|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def291]
openssh-10.0p1/misc.c:2866:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2866:25: branch_true: ...to here
openssh-10.0p1/misc.c:2866:25: danger: ‘p[1]’ leaks here
# 2864|   		}
# 2865|   		if (dup2(devnull, STDIN_FILENO) == -1) {
# 2866|-> 			error("%s: dup2: %s", tag, strerror(errno));
# 2867|   			_exit(1);
# 2868|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def292]
openssh-10.0p1/misc.c:2872:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:32: acquire_resource: opened here
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2872:20: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(22)](sarif:/runs/0/results/68/codeFlows/0/threadFlows/0/locations/21)
# 2870|   		/* Set up stdout as requested; leave stderr in place for now. */
# 2871|   		fd = -1;
# 2872|-> 		if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0)
# 2873|   			fd = p[1];
# 2874|   		else if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def293]
openssh-10.0p1/misc.c:2874:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:32: acquire_resource: opened here
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2872:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2874:25: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(22)](sarif:/runs/0/results/69/codeFlows/0/threadFlows/0/locations/21)
# 2872|   		if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0)
# 2873|   			fd = p[1];
# 2874|-> 		else if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0)
# 2875|   			fd = devnull;
# 2876|   		if (fd != -1 && dup2(fd, STDOUT_FILENO) == -1) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def294]
openssh-10.0p1/misc.c:2876:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(fd, 1)’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2872:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2873:25: branch_true: ...to here
openssh-10.0p1/misc.c:2876:20: branch_true: following ‘true’ branch (when ‘fd != -1’)...
openssh-10.0p1/misc.c:2876:33: branch_true: ...to here
openssh-10.0p1/misc.c:2876:33: acquire_resource: opened here
openssh-10.0p1/misc.c:2876:21: danger: ‘dup2(fd, 1)’ leaks here; was opened at [(30)](sarif:/runs/0/results/70/codeFlows/0/threadFlows/0/locations/29)
# 2874|   		else if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0)
# 2875|   			fd = devnull;
# 2876|-> 		if (fd != -1 && dup2(fd, STDOUT_FILENO) == -1) {
# 2877|   			error("%s: dup2: %s", tag, strerror(errno));
# 2878|   			_exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def295]
openssh-10.0p1/misc.c:2877:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2872:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2873:25: branch_true: ...to here
openssh-10.0p1/misc.c:2876:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2877:25: danger: ‘fd’ leaks here
# 2875|   			fd = devnull;
# 2876|   		if (fd != -1 && dup2(fd, STDOUT_FILENO) == -1) {
# 2877|-> 			error("%s: dup2: %s", tag, strerror(errno));
# 2878|   			_exit(1);
# 2879|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def296]
openssh-10.0p1/misc.c:2877:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2872:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2873:25: branch_true: ...to here
openssh-10.0p1/misc.c:2876:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2877:25: danger: ‘p[0]’ leaks here
# 2875|   			fd = devnull;
# 2876|   		if (fd != -1 && dup2(fd, STDOUT_FILENO) == -1) {
# 2877|-> 			error("%s: dup2: %s", tag, strerror(errno));
# 2878|   			_exit(1);
# 2879|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def297]
openssh-10.0p1/misc.c:2877:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2797:13: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2802:14: branch_false: ...to here
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2872:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2874:25: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2876:20: branch_true: ...to here
openssh-10.0p1/misc.c:2876:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2877:25: danger: ‘p[1]’ leaks here
# 2875|   			fd = devnull;
# 2876|   		if (fd != -1 && dup2(fd, STDOUT_FILENO) == -1) {
# 2877|-> 			error("%s: dup2: %s", tag, strerror(errno));
# 2878|   			_exit(1);
# 2879|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def298]
openssh-10.0p1/misc.c:2883:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2797:13: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2802:14: branch_false: ...to here
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:32: acquire_resource: opened here
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2872:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2874:25: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2876:20: branch_true: ...to here
openssh-10.0p1/misc.c:2876:20: branch_true: following ‘true’ branch (when ‘fd != -1’)...
openssh-10.0p1/misc.c:2876:33: branch_true: ...to here
openssh-10.0p1/misc.c:2876:21: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2882:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2883:21: branch_true: ...to here
openssh-10.0p1/misc.c:2883:21: danger: ‘fd’ leaks here; was opened at [(24)](sarif:/runs/0/results/76/codeFlows/0/threadFlows/0/locations/23)
# 2881|   
# 2882|   		if (geteuid() == 0 &&
# 2883|-> 		    initgroups(pw->pw_name, pw->pw_gid) == -1) {
# 2884|   			error("%s: initgroups(%s, %u): %s", tag,
# 2885|   			    pw->pw_name, (u_int)pw->pw_gid, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def299]
openssh-10.0p1/misc.c:2883:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2882:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2883:21: branch_true: ...to here
openssh-10.0p1/misc.c:2883:21: danger: ‘p[0]’ leaks here
# 2881|   
# 2882|   		if (geteuid() == 0 &&
# 2883|-> 		    initgroups(pw->pw_name, pw->pw_gid) == -1) {
# 2884|   			error("%s: initgroups(%s, %u): %s", tag,
# 2885|   			    pw->pw_name, (u_int)pw->pw_gid, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def300]
openssh-10.0p1/misc.c:2883:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2882:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2883:21: branch_true: ...to here
openssh-10.0p1/misc.c:2883:21: danger: ‘p[1]’ leaks here
# 2881|   
# 2882|   		if (geteuid() == 0 &&
# 2883|-> 		    initgroups(pw->pw_name, pw->pw_gid) == -1) {
# 2884|   			error("%s: initgroups(%s, %u): %s", tag,
# 2885|   			    pw->pw_name, (u_int)pw->pw_gid, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def301]
openssh-10.0p1/misc.c:2884:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2797:13: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2802:14: branch_false: ...to here
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:32: acquire_resource: opened here
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2872:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2874:25: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2876:20: branch_true: ...to here
openssh-10.0p1/misc.c:2876:20: branch_true: following ‘true’ branch (when ‘fd != -1’)...
openssh-10.0p1/misc.c:2876:33: branch_true: ...to here
openssh-10.0p1/misc.c:2876:21: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2882:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2883:21: branch_true: ...to here
openssh-10.0p1/misc.c:2882:21: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2884:25: branch_true: ...to here
openssh-10.0p1/misc.c:2884:25: danger: ‘fd’ leaks here; was opened at [(24)](sarif:/runs/0/results/79/codeFlows/0/threadFlows/0/locations/23)
# 2882|   		if (geteuid() == 0 &&
# 2883|   		    initgroups(pw->pw_name, pw->pw_gid) == -1) {
# 2884|-> 			error("%s: initgroups(%s, %u): %s", tag,
# 2885|   			    pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
# 2886|   			_exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def302]
openssh-10.0p1/misc.c:2884:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2882:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2883:21: branch_true: ...to here
openssh-10.0p1/misc.c:2882:21: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2884:25: branch_true: ...to here
openssh-10.0p1/misc.c:2884:25: danger: ‘p[0]’ leaks here
# 2882|   		if (geteuid() == 0 &&
# 2883|   		    initgroups(pw->pw_name, pw->pw_gid) == -1) {
# 2884|-> 			error("%s: initgroups(%s, %u): %s", tag,
# 2885|   			    pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
# 2886|   			_exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def303]
openssh-10.0p1/misc.c:2884:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2882:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2883:21: branch_true: ...to here
openssh-10.0p1/misc.c:2882:21: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2884:25: branch_true: ...to here
openssh-10.0p1/misc.c:2884:25: danger: ‘p[1]’ leaks here
# 2882|   		if (geteuid() == 0 &&
# 2883|   		    initgroups(pw->pw_name, pw->pw_gid) == -1) {
# 2884|-> 			error("%s: initgroups(%s, %u): %s", tag,
# 2885|   			    pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
# 2886|   			_exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def304]
openssh-10.0p1/misc.c:2889:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2797:13: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2802:14: branch_false: ...to here
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:32: acquire_resource: opened here
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2872:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2874:25: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2876:20: branch_true: ...to here
openssh-10.0p1/misc.c:2876:20: branch_true: following ‘true’ branch (when ‘fd != -1’)...
openssh-10.0p1/misc.c:2876:33: branch_true: ...to here
openssh-10.0p1/misc.c:2876:21: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2888:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2889:25: branch_true: ...to here
openssh-10.0p1/misc.c:2889:25: danger: ‘fd’ leaks here; was opened at [(24)](sarif:/runs/0/results/82/codeFlows/0/threadFlows/0/locations/23)
# 2887|   		}
# 2888|   		if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
# 2889|-> 			error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
# 2890|   			    strerror(errno));
# 2891|   			_exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def305]
openssh-10.0p1/misc.c:2889:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2888:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2889:25: branch_true: ...to here
openssh-10.0p1/misc.c:2889:25: danger: ‘p[0]’ leaks here
# 2887|   		}
# 2888|   		if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
# 2889|-> 			error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
# 2890|   			    strerror(errno));
# 2891|   			_exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def306]
openssh-10.0p1/misc.c:2889:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2888:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2889:25: branch_true: ...to here
openssh-10.0p1/misc.c:2889:25: danger: ‘p[1]’ leaks here
# 2887|   		}
# 2888|   		if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
# 2889|-> 			error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
# 2890|   			    strerror(errno));
# 2891|   			_exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def307]
openssh-10.0p1/misc.c:2894:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2797:13: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2802:14: branch_false: ...to here
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:32: acquire_resource: opened here
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2872:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2874:25: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2876:20: branch_true: ...to here
openssh-10.0p1/misc.c:2876:20: branch_true: following ‘true’ branch (when ‘fd != -1’)...
openssh-10.0p1/misc.c:2876:33: branch_true: ...to here
openssh-10.0p1/misc.c:2876:21: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2888:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2893:21: branch_false: ...to here
openssh-10.0p1/misc.c:2893:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2894:25: branch_true: ...to here
openssh-10.0p1/misc.c:2894:25: danger: ‘fd’ leaks here; was opened at [(24)](sarif:/runs/0/results/85/codeFlows/0/threadFlows/0/locations/23)
# 2892|   		}
# 2893|   		if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) {
# 2894|-> 			error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid,
# 2895|   			    strerror(errno));
# 2896|   			_exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def308]
openssh-10.0p1/misc.c:2894:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2888:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2893:21: branch_false: ...to here
openssh-10.0p1/misc.c:2893:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2894:25: branch_true: ...to here
openssh-10.0p1/misc.c:2894:25: danger: ‘p[0]’ leaks here
# 2892|   		}
# 2893|   		if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) {
# 2894|-> 			error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid,
# 2895|   			    strerror(errno));
# 2896|   			_exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def309]
openssh-10.0p1/misc.c:2894:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2888:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2893:21: branch_false: ...to here
openssh-10.0p1/misc.c:2893:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2894:25: branch_true: ...to here
openssh-10.0p1/misc.c:2894:25: danger: ‘p[1]’ leaks here
# 2892|   		}
# 2893|   		if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) {
# 2894|-> 			error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid,
# 2895|   			    strerror(errno));
# 2896|   			_exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def310]
openssh-10.0p1/misc.c:2899:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(0, 2)’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2797:13: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2802:14: branch_false: ...to here
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2872:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2874:25: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2876:20: branch_true: ...to here
openssh-10.0p1/misc.c:2876:20: branch_true: following ‘true’ branch (when ‘fd != -1’)...
openssh-10.0p1/misc.c:2876:33: branch_true: ...to here
openssh-10.0p1/misc.c:2876:21: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2888:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2893:21: branch_false: ...to here
openssh-10.0p1/misc.c:2893:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2899:20: branch_false: ...to here
openssh-10.0p1/misc.c:2899:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2900:21: branch_true: ...to here
openssh-10.0p1/misc.c:2900:21: acquire_resource: opened here
openssh-10.0p1/misc.c:2899:21: danger: ‘dup2(0, 2)’ leaks here; was opened at [(42)](sarif:/runs/0/results/86/codeFlows/0/threadFlows/0/locations/41)
# 2897|   		}
# 2898|   		/* stdin is pointed to /dev/null at this point */
# 2899|-> 		if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 &&
# 2900|   		    dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
# 2901|   			error("%s: dup2: %s", tag, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def311]
openssh-10.0p1/misc.c:2901:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2797:13: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2802:14: branch_false: ...to here
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:32: acquire_resource: opened here
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2872:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2874:25: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2876:20: branch_true: ...to here
openssh-10.0p1/misc.c:2876:20: branch_true: following ‘true’ branch (when ‘fd != -1’)...
openssh-10.0p1/misc.c:2876:33: branch_true: ...to here
openssh-10.0p1/misc.c:2876:21: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2888:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2893:21: branch_false: ...to here
openssh-10.0p1/misc.c:2893:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2899:20: branch_false: ...to here
openssh-10.0p1/misc.c:2899:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2900:21: branch_true: ...to here
openssh-10.0p1/misc.c:2899:21: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2901:25: branch_true: ...to here
openssh-10.0p1/misc.c:2901:25: danger: ‘fd’ leaks here; was opened at [(24)](sarif:/runs/0/results/89/codeFlows/0/threadFlows/0/locations/23)
# 2899|   		if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 &&
# 2900|   		    dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
# 2901|-> 			error("%s: dup2: %s", tag, strerror(errno));
# 2902|   			_exit(1);
# 2903|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def312]
openssh-10.0p1/misc.c:2901:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2797:13: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2802:14: branch_false: ...to here
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2872:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2874:25: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2876:20: branch_true: ...to here
openssh-10.0p1/misc.c:2876:20: branch_true: following ‘true’ branch (when ‘fd != -1’)...
openssh-10.0p1/misc.c:2876:33: branch_true: ...to here
openssh-10.0p1/misc.c:2876:21: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2888:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2893:21: branch_false: ...to here
openssh-10.0p1/misc.c:2893:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2899:20: branch_false: ...to here
openssh-10.0p1/misc.c:2899:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2900:21: branch_true: ...to here
openssh-10.0p1/misc.c:2899:21: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2901:25: branch_true: ...to here
openssh-10.0p1/misc.c:2901:25: danger: ‘p[0]’ leaks here
# 2899|   		if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 &&
# 2900|   		    dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
# 2901|-> 			error("%s: dup2: %s", tag, strerror(errno));
# 2902|   			_exit(1);
# 2903|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def313]
openssh-10.0p1/misc.c:2901:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2797:13: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2802:14: branch_false: ...to here
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2872:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2874:25: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2876:20: branch_true: ...to here
openssh-10.0p1/misc.c:2876:20: branch_true: following ‘true’ branch (when ‘fd != -1’)...
openssh-10.0p1/misc.c:2876:33: branch_true: ...to here
openssh-10.0p1/misc.c:2876:21: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2888:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2893:21: branch_false: ...to here
openssh-10.0p1/misc.c:2893:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2899:20: branch_false: ...to here
openssh-10.0p1/misc.c:2899:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2900:21: branch_true: ...to here
openssh-10.0p1/misc.c:2899:21: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2901:25: branch_true: ...to here
openssh-10.0p1/misc.c:2901:25: danger: ‘p[1]’ leaks here
# 2899|   		if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 &&
# 2900|   		    dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
# 2901|-> 			error("%s: dup2: %s", tag, strerror(errno));
# 2902|   			_exit(1);
# 2903|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def314]
openssh-10.0p1/misc.c:2905:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2797:13: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2802:14: branch_false: ...to here
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:32: acquire_resource: opened here
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2872:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2874:25: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2876:20: branch_true: ...to here
openssh-10.0p1/misc.c:2876:20: branch_true: following ‘true’ branch (when ‘fd != -1’)...
openssh-10.0p1/misc.c:2876:33: branch_true: ...to here
openssh-10.0p1/misc.c:2876:21: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2888:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2893:21: branch_false: ...to here
openssh-10.0p1/misc.c:2893:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2899:20: branch_false: ...to here
openssh-10.0p1/misc.c:2905:21: danger: ‘fd’ leaks here; was opened at [(24)](sarif:/runs/0/results/92/codeFlows/0/threadFlows/0/locations/23)
# 2903|   		}
# 2904|   #ifdef WITH_SELINUX
# 2905|-> 		if (sshd_selinux_setup_env_variables(inetd, the_authctxt) < 0) {
# 2906|   			error ("failed to copy environment:  %s",
# 2907|   			    strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def315]
openssh-10.0p1/misc.c:2905:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2888:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2893:21: branch_false: ...to here
openssh-10.0p1/misc.c:2893:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2899:20: branch_false: ...to here
openssh-10.0p1/misc.c:2905:21: danger: ‘p[0]’ leaks here
# 2903|   		}
# 2904|   #ifdef WITH_SELINUX
# 2905|-> 		if (sshd_selinux_setup_env_variables(inetd, the_authctxt) < 0) {
# 2906|   			error ("failed to copy environment:  %s",
# 2907|   			    strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def316]
openssh-10.0p1/misc.c:2905:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2888:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2893:21: branch_false: ...to here
openssh-10.0p1/misc.c:2893:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2899:20: branch_false: ...to here
openssh-10.0p1/misc.c:2905:21: danger: ‘p[1]’ leaks here
# 2903|   		}
# 2904|   #ifdef WITH_SELINUX
# 2905|-> 		if (sshd_selinux_setup_env_variables(inetd, the_authctxt) < 0) {
# 2906|   			error ("failed to copy environment:  %s",
# 2907|   			    strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def317]
openssh-10.0p1/misc.c:2906:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2797:13: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2802:14: branch_false: ...to here
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:32: acquire_resource: opened here
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2872:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2874:25: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2876:20: branch_true: ...to here
openssh-10.0p1/misc.c:2876:20: branch_true: following ‘true’ branch (when ‘fd != -1’)...
openssh-10.0p1/misc.c:2876:33: branch_true: ...to here
openssh-10.0p1/misc.c:2876:21: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2888:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2893:21: branch_false: ...to here
openssh-10.0p1/misc.c:2893:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2899:20: branch_false: ...to here
openssh-10.0p1/misc.c:2905:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2906:25: branch_true: ...to here
openssh-10.0p1/misc.c:2906:25: danger: ‘fd’ leaks here; was opened at [(24)](sarif:/runs/0/results/95/codeFlows/0/threadFlows/0/locations/23)
# 2904|   #ifdef WITH_SELINUX
# 2905|   		if (sshd_selinux_setup_env_variables(inetd, the_authctxt) < 0) {
# 2906|-> 			error ("failed to copy environment:  %s",
# 2907|   			    strerror(errno));
# 2908|   			_exit(127);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def318]
openssh-10.0p1/misc.c:2906:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2888:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2893:21: branch_false: ...to here
openssh-10.0p1/misc.c:2893:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2899:20: branch_false: ...to here
openssh-10.0p1/misc.c:2905:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2906:25: branch_true: ...to here
openssh-10.0p1/misc.c:2906:25: danger: ‘p[0]’ leaks here
# 2904|   #ifdef WITH_SELINUX
# 2905|   		if (sshd_selinux_setup_env_variables(inetd, the_authctxt) < 0) {
# 2906|-> 			error ("failed to copy environment:  %s",
# 2907|   			    strerror(errno));
# 2908|   			_exit(127);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def319]
openssh-10.0p1/misc.c:2906:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2888:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2893:21: branch_false: ...to here
openssh-10.0p1/misc.c:2893:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2899:20: branch_false: ...to here
openssh-10.0p1/misc.c:2905:20: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2906:25: branch_true: ...to here
openssh-10.0p1/misc.c:2906:25: danger: ‘p[1]’ leaks here
# 2904|   #ifdef WITH_SELINUX
# 2905|   		if (sshd_selinux_setup_env_variables(inetd, the_authctxt) < 0) {
# 2906|-> 			error ("failed to copy environment:  %s",
# 2907|   			    strerror(errno));
# 2908|   			_exit(127);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def320]
openssh-10.0p1/misc.c:2915:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2797:13: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2802:14: branch_false: ...to here
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:32: acquire_resource: opened here
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2872:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2874:25: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2876:20: branch_true: ...to here
openssh-10.0p1/misc.c:2876:20: branch_true: following ‘true’ branch (when ‘fd != -1’)...
openssh-10.0p1/misc.c:2876:33: branch_true: ...to here
openssh-10.0p1/misc.c:2876:21: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2888:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2893:21: branch_false: ...to here
openssh-10.0p1/misc.c:2893:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2899:20: branch_false: ...to here
openssh-10.0p1/misc.c:2905:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2911:21: branch_false: ...to here
openssh-10.0p1/misc.c:2911:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2914:25: branch_false: ...to here
openssh-10.0p1/misc.c:2915:17: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2915:17: branch_true: ...to here
openssh-10.0p1/misc.c:2915:17: danger: ‘fd’ leaks here; was opened at [(24)](sarif:/runs/0/results/98/codeFlows/0/threadFlows/0/locations/23)
# 2913|   		else
# 2914|   			execv(av[0], av);
# 2915|-> 		error("%s %s \"%s\": %s", tag, env == NULL ? "execv" : "execve",
# 2916|   		    command, strerror(errno));
# 2917|   		_exit(127);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def321]
openssh-10.0p1/misc.c:2915:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2888:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2893:21: branch_false: ...to here
openssh-10.0p1/misc.c:2893:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2899:20: branch_false: ...to here
openssh-10.0p1/misc.c:2905:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2911:21: branch_false: ...to here
openssh-10.0p1/misc.c:2911:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2914:25: branch_false: ...to here
openssh-10.0p1/misc.c:2915:17: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2915:17: branch_true: ...to here
openssh-10.0p1/misc.c:2915:17: danger: ‘p[0]’ leaks here
# 2913|   		else
# 2914|   			execv(av[0], av);
# 2915|-> 		error("%s %s \"%s\": %s", tag, env == NULL ? "execv" : "execve",
# 2916|   		    command, strerror(errno));
# 2917|   		_exit(127);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def322]
openssh-10.0p1/misc.c:2915:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2768:1: enter_function: entry to ‘subprocess’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2846:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/misc.c:2857:29: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/misc.c:2858:25: branch_true: ...to here
openssh-10.0p1/misc.c:2858:25: call_function: calling ‘ssh_signal’ from ‘subprocess’
openssh-10.0p1/misc.c:2858:25: return_function: returning to ‘subprocess’ from ‘ssh_signal’
openssh-10.0p1/misc.c:2860:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2865:21: branch_false: ...to here
openssh-10.0p1/misc.c:2865:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2872:20: branch_false: ...to here
openssh-10.0p1/misc.c:2874:25: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2880:17: branch_false: ...to here
openssh-10.0p1/misc.c:2888:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2893:21: branch_false: ...to here
openssh-10.0p1/misc.c:2893:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2899:20: branch_false: ...to here
openssh-10.0p1/misc.c:2905:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2911:21: branch_false: ...to here
openssh-10.0p1/misc.c:2911:20: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2914:25: branch_false: ...to here
openssh-10.0p1/misc.c:2915:17: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2915:17: branch_true: ...to here
openssh-10.0p1/misc.c:2915:17: danger: ‘p[1]’ leaks here
# 2913|   		else
# 2914|   			execv(av[0], av);
# 2915|-> 		error("%s %s \"%s\": %s", tag, env == NULL ? "execv" : "execve",
# 2916|   		    command, strerror(errno));
# 2917|   		_exit(127);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def323]
openssh-10.0p1/misc.c:2922:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2922:9: danger: ‘p[0]’ leaks here
# 2920|   	}
# 2921|   
# 2922|-> 	close(p[1]);
# 2923|   	if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0)
# 2924|   		close(p[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def324]
openssh-10.0p1/misc.c:2922:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2922:9: danger: ‘p[1]’ leaks here
# 2920|   	}
# 2921|   
# 2922|-> 	close(p[1]);
# 2923|   	if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0)
# 2924|   		close(p[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def325]
openssh-10.0p1/misc.c:2924:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2923:12: branch_true: following ‘true’ branch...
openssh-10.0p1/misc.c:2924:17: branch_true: ...to here
openssh-10.0p1/misc.c:2924:17: danger: ‘p[0]’ leaks here
# 2922|   	close(p[1]);
# 2923|   	if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0)
# 2924|-> 		close(p[0]);
# 2925|   	else if ((f = fdopen(p[0], "r")) == NULL) {
# 2926|   		error("%s: fdopen: %s", tag, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def326]
openssh-10.0p1/misc.c:2935:9: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
openssh-10.0p1/misc.c:2802:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2811:14: branch_false: ...to here
openssh-10.0p1/misc.c:2811:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2815:12: branch_false: ...to here
openssh-10.0p1/misc.c:2817:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2822:13: branch_false: ...to here
openssh-10.0p1/misc.c:2828:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2835:12: branch_false: ...to here
openssh-10.0p1/misc.c:2923:12: branch_false: following ‘false’ branch...
openssh-10.0p1/misc.c:2925:23: branch_false: ...to here
openssh-10.0p1/misc.c:2925:23: acquire_memory: allocated here
openssh-10.0p1/misc.c:2925:17: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
openssh-10.0p1/misc.c:2935:9: branch_false: ...to here
openssh-10.0p1/misc.c:2935:9: danger: ‘f’ leaks here; was allocated at [(14)](sarif:/runs/0/results/102/codeFlows/0/threadFlows/0/locations/13)
# 2933|   	}
# 2934|   	/* Success */
# 2935|-> 	debug3_f("%s pid %ld", tag, (long)pid);
# 2936|   	if (child != NULL)
# 2937|   		*child = f;

Error: COMPILER_WARNING (CWE-9001): [#def327]
openssh-10.0p1/ssh-keycat.c:57: included_from: Included from here.
openssh-10.0p1/misc.h:157:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  157 |     __attribute__((__bounded__( __minbytes__, 1, 8)));
#      |     ^~~~~~~~~~~~~
#  155|   /* Functions to extract or store big-endian words of various sizes */
#  156|   u_int64_t	get_u64(const void *)
#  157|->     __attribute__((__bounded__( __minbytes__, 1, 8)));
#  158|   u_int32_t	get_u32(const void *)
#  159|       __attribute__((__bounded__( __minbytes__, 1, 4)));

Error: COMPILER_WARNING (CWE-9001): [#def328]
openssh-10.0p1/misc.h:157:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  155|   /* Functions to extract or store big-endian words of various sizes */
#  156|   u_int64_t	get_u64(const void *)
#  157|->     __attribute__((__bounded__( __minbytes__, 1, 8)));
#  158|   u_int32_t	get_u32(const void *)
#  159|       __attribute__((__bounded__( __minbytes__, 1, 4)));

Error: COMPILER_WARNING (CWE-9001): [#def329]
openssh-10.0p1/misc.h:159:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  159 |     __attribute__((__bounded__( __minbytes__, 1, 4)));
#      |     ^~~~~~~~~~~~~
#  157|       __attribute__((__bounded__( __minbytes__, 1, 8)));
#  158|   u_int32_t	get_u32(const void *)
#  159|->     __attribute__((__bounded__( __minbytes__, 1, 4)));
#  160|   u_int16_t	get_u16(const void *)
#  161|       __attribute__((__bounded__( __minbytes__, 1, 2)));

Error: COMPILER_WARNING (CWE-9001): [#def330]
openssh-10.0p1/misc.h:159:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  157|       __attribute__((__bounded__( __minbytes__, 1, 8)));
#  158|   u_int32_t	get_u32(const void *)
#  159|->     __attribute__((__bounded__( __minbytes__, 1, 4)));
#  160|   u_int16_t	get_u16(const void *)
#  161|       __attribute__((__bounded__( __minbytes__, 1, 2)));

Error: COMPILER_WARNING (CWE-9001): [#def331]
openssh-10.0p1/misc.h:161:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  161 |     __attribute__((__bounded__( __minbytes__, 1, 2)));
#      |     ^~~~~~~~~~~~~
#  159|       __attribute__((__bounded__( __minbytes__, 1, 4)));
#  160|   u_int16_t	get_u16(const void *)
#  161|->     __attribute__((__bounded__( __minbytes__, 1, 2)));
#  162|   void		put_u64(void *, u_int64_t)
#  163|       __attribute__((__bounded__( __minbytes__, 1, 8)));

Error: COMPILER_WARNING (CWE-9001): [#def332]
openssh-10.0p1/misc.h:161:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  159|       __attribute__((__bounded__( __minbytes__, 1, 4)));
#  160|   u_int16_t	get_u16(const void *)
#  161|->     __attribute__((__bounded__( __minbytes__, 1, 2)));
#  162|   void		put_u64(void *, u_int64_t)
#  163|       __attribute__((__bounded__( __minbytes__, 1, 8)));

Error: COMPILER_WARNING (CWE-9001): [#def333]
openssh-10.0p1/misc.h:163:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  163 |     __attribute__((__bounded__( __minbytes__, 1, 8)));
#      |     ^~~~~~~~~~~~~
#  161|       __attribute__((__bounded__( __minbytes__, 1, 2)));
#  162|   void		put_u64(void *, u_int64_t)
#  163|->     __attribute__((__bounded__( __minbytes__, 1, 8)));
#  164|   void		put_u32(void *, u_int32_t)
#  165|       __attribute__((__bounded__( __minbytes__, 1, 4)));

Error: COMPILER_WARNING (CWE-9001): [#def334]
openssh-10.0p1/misc.h:163:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  161|       __attribute__((__bounded__( __minbytes__, 1, 2)));
#  162|   void		put_u64(void *, u_int64_t)
#  163|->     __attribute__((__bounded__( __minbytes__, 1, 8)));
#  164|   void		put_u32(void *, u_int32_t)
#  165|       __attribute__((__bounded__( __minbytes__, 1, 4)));

Error: COMPILER_WARNING (CWE-9001): [#def335]
openssh-10.0p1/misc.h:165:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  165 |     __attribute__((__bounded__( __minbytes__, 1, 4)));
#      |     ^~~~~~~~~~~~~
#  163|       __attribute__((__bounded__( __minbytes__, 1, 8)));
#  164|   void		put_u32(void *, u_int32_t)
#  165|->     __attribute__((__bounded__( __minbytes__, 1, 4)));
#  166|   void		put_u16(void *, u_int16_t)
#  167|       __attribute__((__bounded__( __minbytes__, 1, 2)));

Error: COMPILER_WARNING (CWE-9001): [#def336]
openssh-10.0p1/misc.h:165:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  163|       __attribute__((__bounded__( __minbytes__, 1, 8)));
#  164|   void		put_u32(void *, u_int32_t)
#  165|->     __attribute__((__bounded__( __minbytes__, 1, 4)));
#  166|   void		put_u16(void *, u_int16_t)
#  167|       __attribute__((__bounded__( __minbytes__, 1, 2)));

Error: COMPILER_WARNING (CWE-9001): [#def337]
openssh-10.0p1/misc.h:167:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  167 |     __attribute__((__bounded__( __minbytes__, 1, 2)));
#      |     ^~~~~~~~~~~~~
#  165|       __attribute__((__bounded__( __minbytes__, 1, 4)));
#  166|   void		put_u16(void *, u_int16_t)
#  167|->     __attribute__((__bounded__( __minbytes__, 1, 2)));
#  168|   
#  169|   /* Little-endian store/load, used by umac.c */

Error: COMPILER_WARNING (CWE-9001): [#def338]
openssh-10.0p1/misc.h:167:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  165|       __attribute__((__bounded__( __minbytes__, 1, 4)));
#  166|   void		put_u16(void *, u_int16_t)
#  167|->     __attribute__((__bounded__( __minbytes__, 1, 2)));
#  168|   
#  169|   /* Little-endian store/load, used by umac.c */

Error: COMPILER_WARNING (CWE-9001): [#def339]
openssh-10.0p1/misc.h:171:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  171 |     __attribute__((__bounded__(__minbytes__, 1, 4)));
#      |     ^~~~~~~~~~~~~
#  169|   /* Little-endian store/load, used by umac.c */
#  170|   u_int32_t	get_u32_le(const void *)
#  171|->     __attribute__((__bounded__(__minbytes__, 1, 4)));
#  172|   void		put_u32_le(void *, u_int32_t)
#  173|       __attribute__((__bounded__(__minbytes__, 1, 4)));

Error: COMPILER_WARNING (CWE-9001): [#def340]
openssh-10.0p1/misc.h:171:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  169|   /* Little-endian store/load, used by umac.c */
#  170|   u_int32_t	get_u32_le(const void *)
#  171|->     __attribute__((__bounded__(__minbytes__, 1, 4)));
#  172|   void		put_u32_le(void *, u_int32_t)
#  173|       __attribute__((__bounded__(__minbytes__, 1, 4)));

Error: COMPILER_WARNING (CWE-9001): [#def341]
openssh-10.0p1/misc.h:173:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  173 |     __attribute__((__bounded__(__minbytes__, 1, 4)));
#      |     ^~~~~~~~~~~~~
#  171|       __attribute__((__bounded__(__minbytes__, 1, 4)));
#  172|   void		put_u32_le(void *, u_int32_t)
#  173|->     __attribute__((__bounded__(__minbytes__, 1, 4)));
#  174|   
#  175|   struct bwlimit {

Error: COMPILER_WARNING (CWE-9001): [#def342]
openssh-10.0p1/misc.h:173:5: warning[-Wattributes]: ‘bounded’ attribute directive ignored
#  171|       __attribute__((__bounded__(__minbytes__, 1, 4)));
#  172|   void		put_u32_le(void *, u_int32_t)
#  173|->     __attribute__((__bounded__(__minbytes__, 1, 4)));
#  174|   
#  175|   struct bwlimit {

Error: COMPILER_WARNING (CWE-563): [#def343]
openssh-10.0p1/monitor.c:751:32: warning[-Wunused-variable]: unused variable ‘alglen’
#  751 |         size_t datlen, siglen, alglen;
#      |                                ^~~~~~
#  749|   	u_char *p = NULL, *signature = NULL;
#  750|   	char *alg = NULL, *effective_alg;
#  751|-> 	size_t datlen, siglen, alglen;
#  752|   	int r, is_proof = 0;
#  753|   	u_int keyid, compat;

Error: COMPILER_WARNING (CWE-195): [#def344]
openssh-10.0p1/monitor.c: scope_hint: In function ‘mm_answer_sign’
openssh-10.0p1/monitor.c:765:57: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘u_int’ {aka ‘unsigned int’} and ‘int’
#  765 |         if ((keyid = get_hostkey_index(pubkey, 1, ssh)) == -1)
#      |                                                         ^~
#  763|   		fatal_fr(r, "parse");
#  764|   
#  765|-> 	if ((keyid = get_hostkey_index(pubkey, 1, ssh)) == -1)
#  766|   		fatal_f("unknown hostkey");
#  767|   	debug_f("hostkey %s index %d", sshkey_ssh_name(pubkey), keyid);

Error: COMPILER_WARNING (CWE-704): [#def345]
openssh-10.0p1/monitor.c:815:39: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  815 |                         effective_alg = safe_rsa;
#      |                                       ^
#  813|   		if (ssh->compat & SSH_RH_RSASIGSHA && strcmp(alg, "ssh-rsa") == 0
#  814|   				&& (sshkey_type_plain(key->type) == KEY_RSA)) {
#  815|-> 			effective_alg = safe_rsa;
#  816|   		} else {
#  817|   			effective_alg = alg;

Error: COMPILER_WARNING (CWE-704): [#def346]
openssh-10.0p1/monitor.c:815:39: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  813|   		if (ssh->compat & SSH_RH_RSASIGSHA && strcmp(alg, "ssh-rsa") == 0
#  814|   				&& (sshkey_type_plain(key->type) == KEY_RSA)) {
#  815|-> 			effective_alg = safe_rsa;
#  816|   		} else {
#  817|   			effective_alg = alg;

Error: COMPILER_WARNING (CWE-704): [#def347]
openssh-10.0p1/monitor.c:826:39: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  826 |                         effective_alg = safe_rsa;
#      |                                       ^
#  824|   		if (ssh->compat & SSH_RH_RSASIGSHA && strcmp(alg, "ssh-rsa") == 0
#  825|   				&& (sshkey_type_plain(key->type) == KEY_RSA)) {
#  826|-> 			effective_alg = safe_rsa;
#  827|   		} else {
#  828|   			effective_alg = alg;

Error: COMPILER_WARNING (CWE-704): [#def348]
openssh-10.0p1/monitor.c:826:39: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  824|   		if (ssh->compat & SSH_RH_RSASIGSHA && strcmp(alg, "ssh-rsa") == 0
#  825|   				&& (sshkey_type_plain(key->type) == KEY_RSA)) {
#  826|-> 			effective_alg = safe_rsa;
#  827|   		} else {
#  828|   			effective_alg = alg;

Error: COMPILER_WARNING (CWE-195): [#def349]
openssh-10.0p1/monitor.c: scope_hint: In function ‘mm_answer_keyverify’
openssh-10.0p1/monitor.c:1614:18: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘int’ and ‘u_int’ {aka ‘unsigned int’}
# 1614 |         if (type != key_blobtype)
#      |                  ^~
# 1612|   	  !monitor_allowed_key(blob, bloblen))
# 1613|   		fatal_f("bad key, not previously allowed");
# 1614|-> 	if (type != key_blobtype)
# 1615|   		fatal_f("bad key type");
# 1616|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def350]
openssh-10.0p1/monitor.c:1784:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(*<unknown>.ttyfd, 0)’
openssh-10.0p1/monitor.c:1769:12: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1771:9: branch_false: ...to here
openssh-10.0p1/monitor.c:1775:12: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1777:30: branch_false: ...to here
openssh-10.0p1/monitor.c:1779:12: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1780:18: branch_false: ...to here
openssh-10.0p1/monitor.c:1779:13: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1784:13: branch_false: ...to here
openssh-10.0p1/monitor.c:1784:13: acquire_resource: opened here
openssh-10.0p1/monitor.c:1784:12: danger: ‘dup2(*<unknown>.ttyfd, 0)’ leaks here; was opened at [(9)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/8)
# 1782|   
# 1783|   	/* We need to trick ttyslot */
# 1784|-> 	if (dup2(s->ttyfd, 0) == -1)
# 1785|   		fatal_f("dup2");
# 1786|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def351]
openssh-10.0p1/monitor.c:1806:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 0)’
openssh-10.0p1/monitor.c:1769:12: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1771:9: branch_false: ...to here
openssh-10.0p1/monitor.c:1775:12: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1777:30: branch_false: ...to here
openssh-10.0p1/monitor.c:1779:12: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1780:18: branch_false: ...to here
openssh-10.0p1/monitor.c:1779:13: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1784:13: branch_false: ...to here
openssh-10.0p1/monitor.c:1784:12: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1787:41: branch_false: ...to here
openssh-10.0p1/monitor.c:1793:12: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1795:9: branch_false: ...to here
openssh-10.0p1/monitor.c:1799:12: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1800:13: branch_false: ...to here
openssh-10.0p1/monitor.c:1799:13: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1804:20: branch_false: ...to here
openssh-10.0p1/monitor.c:1804:20: acquire_resource: opened here
openssh-10.0p1/monitor.c:1804:12: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1806:12: branch_false: ...to here
openssh-10.0p1/monitor.c:1806:12: danger: ‘open("/dev/null", 0)’ leaks here; was opened at [(17)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/16)
# 1804|   	if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) == -1)
# 1805|   		fatal_f("open(/dev/null): %s", strerror(errno));
# 1806|-> 	if (fd0 != 0)
# 1807|   		error_f("fd0 %d != 0", fd0);
# 1808|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def352]
openssh-10.0p1/monitor.c:1807:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 0)’
openssh-10.0p1/monitor.c:1769:12: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1771:9: branch_false: ...to here
openssh-10.0p1/monitor.c:1775:12: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1777:30: branch_false: ...to here
openssh-10.0p1/monitor.c:1779:12: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1780:18: branch_false: ...to here
openssh-10.0p1/monitor.c:1779:13: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1784:13: branch_false: ...to here
openssh-10.0p1/monitor.c:1784:12: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1787:41: branch_false: ...to here
openssh-10.0p1/monitor.c:1793:12: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1795:9: branch_false: ...to here
openssh-10.0p1/monitor.c:1799:12: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1800:13: branch_false: ...to here
openssh-10.0p1/monitor.c:1799:13: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1804:20: branch_false: ...to here
openssh-10.0p1/monitor.c:1804:20: acquire_resource: opened here
openssh-10.0p1/monitor.c:1804:12: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:1806:12: branch_false: ...to here
openssh-10.0p1/monitor.c:1806:12: branch_true: following ‘true’ branch...
openssh-10.0p1/monitor.c:1807:17: branch_true: ...to here
openssh-10.0p1/monitor.c:1807:17: danger: ‘open("/dev/null", 0)’ leaks here; was opened at [(17)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/16)
# 1805|   		fatal_f("open(/dev/null): %s", strerror(errno));
# 1806|   	if (fd0 != 0)
# 1807|-> 		error_f("fd0 %d != 0", fd0);
# 1808|   
# 1809|   	/* slave side of pty is not needed */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def353]
openssh-10.0p1/monitor.c:2078:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pair[0]’
openssh-10.0p1/monitor.c:2062:12: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:2070:9: branch_false: ...to here
openssh-10.0p1/monitor.c:2070:9: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:2071:9: branch_false: ...to here
openssh-10.0p1/monitor.c:2071:9: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:2072:25: branch_false: ...to here
openssh-10.0p1/monitor.c:2075:12: branch_true: following ‘true’ branch (when ‘do_logfds != 0’)...
openssh-10.0p1/monitor.c:2076:21: branch_true: ...to here
openssh-10.0p1/monitor.c:2076:20: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:2078:17: branch_false: ...to here
openssh-10.0p1/monitor.c:2078:17: danger: ‘pair[0]’ leaks here
# 2076|   		if (pipe(pair) == -1)
# 2077|   			fatal_f("pipe: %s", strerror(errno));
# 2078|-> 		FD_CLOSEONEXEC(pair[0]);
# 2079|   		FD_CLOSEONEXEC(pair[1]);
# 2080|   		mon->m_log_recvfd = pair[0];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def354]
openssh-10.0p1/monitor.c:2078:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pair[1]’
openssh-10.0p1/monitor.c:2062:12: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:2070:9: branch_false: ...to here
openssh-10.0p1/monitor.c:2070:9: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:2071:9: branch_false: ...to here
openssh-10.0p1/monitor.c:2071:9: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:2072:25: branch_false: ...to here
openssh-10.0p1/monitor.c:2075:12: branch_true: following ‘true’ branch (when ‘do_logfds != 0’)...
openssh-10.0p1/monitor.c:2076:21: branch_true: ...to here
openssh-10.0p1/monitor.c:2076:20: branch_false: following ‘false’ branch...
openssh-10.0p1/monitor.c:2078:17: branch_false: ...to here
openssh-10.0p1/monitor.c:2078:17: danger: ‘pair[1]’ leaks here
# 2076|   		if (pipe(pair) == -1)
# 2077|   			fatal_f("pipe: %s", strerror(errno));
# 2078|-> 		FD_CLOSEONEXEC(pair[0]);
# 2079|   		FD_CLOSEONEXEC(pair[1]);
# 2080|   		mon->m_log_recvfd = pair[0];

Error: GCC_ANALYZER_WARNING (CWE-775): [#def355]
openssh-10.0p1/monitor_wrap.c:661:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘tmp1’
openssh-10.0p1/monitor_wrap.c:659:21: acquire_resource: opened here
openssh-10.0p1/monitor_wrap.c:659:12: branch_false: following ‘false’ branch (when ‘tmp1 != -1’)...
openssh-10.0p1/monitor_wrap.c:660:33: branch_false: ...to here
openssh-10.0p1/monitor_wrap.c:659:13: branch_true: following ‘true’ branch (when ‘tmp2 == -1’)...
openssh-10.0p1/monitor_wrap.c:661:17: branch_true: ...to here
openssh-10.0p1/monitor_wrap.c:661:17: danger: ‘tmp1’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  659|   	if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
#  660|   	    (tmp2 = dup(pmonitor->m_recvfd)) == -1) {
#  661|-> 		error_f("cannot allocate fds for pty");
#  662|   		if (tmp1 >= 0)
#  663|   			close(tmp1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def356]
openssh-10.0p1/monitor_wrap.c:663:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘tmp1’
openssh-10.0p1/monitor_wrap.c:659:21: acquire_resource: opened here
openssh-10.0p1/monitor_wrap.c:659:12: branch_false: following ‘false’ branch (when ‘tmp1 != -1’)...
openssh-10.0p1/monitor_wrap.c:660:33: branch_false: ...to here
openssh-10.0p1/monitor_wrap.c:659:13: branch_true: following ‘true’ branch (when ‘tmp2 == -1’)...
openssh-10.0p1/monitor_wrap.c:661:17: branch_true: ...to here
openssh-10.0p1/monitor_wrap.c:662:20: branch_true: following ‘true’ branch (when ‘tmp1 >= 0’)...
openssh-10.0p1/monitor_wrap.c:663:25: branch_true: ...to here
openssh-10.0p1/monitor_wrap.c:663:25: danger: ‘tmp1’ leaks here; was opened at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  661|   		error_f("cannot allocate fds for pty");
#  662|   		if (tmp1 >= 0)
#  663|-> 			close(tmp1);
#  664|   		return 0;
#  665|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def357]
openssh-10.0p1/monitor_wrap.c:664:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘tmp1’
openssh-10.0p1/monitor_wrap.c:659:21: acquire_resource: opened here
openssh-10.0p1/monitor_wrap.c:659:12: branch_false: following ‘false’ branch (when ‘tmp1 != -1’)...
openssh-10.0p1/monitor_wrap.c:660:33: branch_false: ...to here
openssh-10.0p1/monitor_wrap.c:659:13: branch_true: following ‘true’ branch (when ‘tmp2 == -1’)...
openssh-10.0p1/monitor_wrap.c:661:17: branch_true: ...to here
openssh-10.0p1/monitor_wrap.c:662:20: branch_false: following ‘false’ branch (when ‘tmp1 < 0’)...
openssh-10.0p1/monitor_wrap.c:664:24: branch_false: ...to here
openssh-10.0p1/monitor_wrap.c:664:24: danger: ‘tmp1’ leaks here; was opened at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  662|   		if (tmp1 >= 0)
#  663|   			close(tmp1);
#  664|-> 		return 0;
#  665|   	}
#  666|   	close(tmp1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def358]
openssh-10.0p1/monitor_wrap.c:666:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘tmp1’
openssh-10.0p1/monitor_wrap.c:659:21: acquire_resource: opened here
openssh-10.0p1/monitor_wrap.c:659:12: branch_false: following ‘false’ branch (when ‘tmp1 != -1’)...
openssh-10.0p1/monitor_wrap.c:660:33: branch_false: ...to here
openssh-10.0p1/monitor_wrap.c:659:13: branch_false: following ‘false’ branch (when ‘tmp2 != -1’)...
openssh-10.0p1/monitor_wrap.c:666:9: branch_false: ...to here
openssh-10.0p1/monitor_wrap.c:666:9: danger: ‘tmp1’ leaks here; was opened at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  664|   		return 0;
#  665|   	}
#  666|-> 	close(tmp1);
#  667|   	close(tmp2);
#  668|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def359]
openssh-10.0p1/monitor_wrap.c:666:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘tmp2’
openssh-10.0p1/monitor_wrap.c:659:12: branch_false: following ‘false’ branch (when ‘tmp1 != -1’)...
openssh-10.0p1/monitor_wrap.c:660:33: branch_false: ...to here
openssh-10.0p1/monitor_wrap.c:660:21: acquire_resource: opened here
openssh-10.0p1/monitor_wrap.c:659:13: branch_false: following ‘false’ branch (when ‘tmp2 != -1’)...
openssh-10.0p1/monitor_wrap.c:666:9: branch_false: ...to here
openssh-10.0p1/monitor_wrap.c:666:9: danger: ‘tmp2’ leaks here; was opened at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  664|   		return 0;
#  665|   	}
#  666|-> 	close(tmp1);
#  667|   	close(tmp2);
#  668|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def360]
openssh-10.0p1/monitor_wrap.c:667:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘tmp2’
openssh-10.0p1/monitor_wrap.c:659:12: branch_false: following ‘false’ branch (when ‘tmp1 != -1’)...
openssh-10.0p1/monitor_wrap.c:660:33: branch_false: ...to here
openssh-10.0p1/monitor_wrap.c:660:21: acquire_resource: opened here
openssh-10.0p1/monitor_wrap.c:659:13: branch_false: following ‘false’ branch (when ‘tmp2 != -1’)...
openssh-10.0p1/monitor_wrap.c:666:9: branch_false: ...to here
openssh-10.0p1/monitor_wrap.c:667:9: danger: ‘tmp2’ leaks here; was opened at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  665|   	}
#  666|   	close(tmp1);
#  667|-> 	close(tmp2);
#  668|   
#  669|   	if ((m = sshbuf_new()) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def361]
openssh-10.0p1/mux.c:2299:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/mux.c:2291:12: branch_false: following ‘false’ branch...
openssh-10.0p1/mux.c:2296:21: branch_false: ...to here
openssh-10.0p1/mux.c:2296:21: acquire_resource: stream socket created here
openssh-10.0p1/mux.c:2296:12: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.0p1/mux.c:2299:13: branch_false: ...to here
openssh-10.0p1/mux.c:2299:13: danger: ‘sock’ leaks here
# 2297|   		fatal_f("socket(): %s", strerror(errno));
# 2298|   
# 2299|-> 	if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
# 2300|   		switch (muxclient_command) {
# 2301|   		case SSHMUX_COMMAND_OPEN:

Error: COMPILER_WARNING: [#def362]
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c: scope_hint: In function ‘bcrypt_hash’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:77:13: warning[-Wunterminated-string-initialization]: initializer-string for array of ‘unsigned char’ truncates NUL terminator but destination lacks ‘nonstring’ attribute (33 chars into 32 available)
#   77 |             "OxychromaticBlowfishSwatDynamite";
#      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   75|   	blf_ctx state;
#   76|   	uint8_t ciphertext[BCRYPT_HASHSIZE] =
#   77|-> 	    "OxychromaticBlowfishSwatDynamite";
#   78|   	uint32_t cdata[BCRYPT_WORDS];
#   79|   	int i;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def363]
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:84:9: warning[-Wanalyzer-malloc-leak]: leak of ‘countsalt’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:114:1: enter_function: entry to ‘bcrypt_pbkdf’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:127:12: branch_false: following ‘false’ branch (when ‘rounds != 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: following ‘false’ branch (when ‘saltlen <= 1048576’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:12: branch_false: following ‘false’ branch (when ‘countsalt’ is non-NULL)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:134:18: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:143:25: branch_true: following ‘true’ branch (when ‘keylen != 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:144:42: branch_true: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:152:17: call_function: calling ‘bcrypt_hash’ from ‘bcrypt_pbkdf’
#   82|   
#   83|   	/* key expansion */
#   84|-> 	Blowfish_initstate(&state);
#   85|   	Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen);
#   86|   	for (i = 0; i < 64; i++) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def364]
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:85:9: warning[-Wanalyzer-malloc-leak]: leak of ‘countsalt’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:114:1: enter_function: entry to ‘bcrypt_pbkdf’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:127:12: branch_false: following ‘false’ branch (when ‘rounds != 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: following ‘false’ branch (when ‘saltlen <= 1048576’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:12: branch_false: following ‘false’ branch (when ‘countsalt’ is non-NULL)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:134:18: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:143:25: branch_true: following ‘true’ branch (when ‘keylen != 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:144:42: branch_true: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:152:17: call_function: calling ‘bcrypt_hash’ from ‘bcrypt_pbkdf’
#   83|   	/* key expansion */
#   84|   	Blowfish_initstate(&state);
#   85|-> 	Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen);
#   86|   	for (i = 0; i < 64; i++) {
#   87|   		Blowfish_expand0state(&state, sha2salt, shalen);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def365]
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:87:17: warning[-Wanalyzer-malloc-leak]: leak of ‘countsalt’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:114:1: enter_function: entry to ‘bcrypt_pbkdf’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:127:12: branch_false: following ‘false’ branch (when ‘rounds != 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: following ‘false’ branch (when ‘saltlen <= 1048576’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:12: branch_false: following ‘false’ branch (when ‘countsalt’ is non-NULL)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:134:18: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:143:25: branch_true: following ‘true’ branch (when ‘keylen != 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:144:42: branch_true: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:152:17: call_function: calling ‘bcrypt_hash’ from ‘bcrypt_pbkdf’
#   85|   	Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen);
#   86|   	for (i = 0; i < 64; i++) {
#   87|-> 		Blowfish_expand0state(&state, sha2salt, shalen);
#   88|   		Blowfish_expand0state(&state, sha2pass, shalen);
#   89|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def366]
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:88:17: warning[-Wanalyzer-malloc-leak]: leak of ‘countsalt’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:114:1: enter_function: entry to ‘bcrypt_pbkdf’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:127:12: branch_false: following ‘false’ branch (when ‘rounds != 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: following ‘false’ branch (when ‘saltlen <= 1048576’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:12: branch_false: following ‘false’ branch (when ‘countsalt’ is non-NULL)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:134:18: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:143:25: branch_true: following ‘true’ branch (when ‘keylen != 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:144:42: branch_true: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:152:17: call_function: calling ‘bcrypt_hash’ from ‘bcrypt_pbkdf’
#   86|   	for (i = 0; i < 64; i++) {
#   87|   		Blowfish_expand0state(&state, sha2salt, shalen);
#   88|-> 		Blowfish_expand0state(&state, sha2pass, shalen);
#   89|   	}
#   90|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def367]
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:94:28: warning[-Wanalyzer-malloc-leak]: leak of ‘countsalt’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:114:1: enter_function: entry to ‘bcrypt_pbkdf’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:127:12: branch_false: following ‘false’ branch (when ‘rounds != 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: following ‘false’ branch (when ‘saltlen <= 1048576’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:12: branch_false: following ‘false’ branch (when ‘countsalt’ is non-NULL)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:134:18: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:143:25: branch_true: following ‘true’ branch (when ‘keylen != 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:144:42: branch_true: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:152:17: call_function: calling ‘bcrypt_hash’ from ‘bcrypt_pbkdf’
#   92|   	j = 0;
#   93|   	for (i = 0; i < BCRYPT_WORDS; i++)
#   94|-> 		cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext),
#   95|   		    &j);
#   96|   	for (i = 0; i < 64; i++)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def368]
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:97:17: warning[-Wanalyzer-malloc-leak]: leak of ‘countsalt’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:114:1: enter_function: entry to ‘bcrypt_pbkdf’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:127:12: branch_false: following ‘false’ branch (when ‘rounds != 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: following ‘false’ branch (when ‘saltlen <= 1048576’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:12: branch_false: following ‘false’ branch (when ‘countsalt’ is non-NULL)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:134:18: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:143:25: branch_true: following ‘true’ branch (when ‘keylen != 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:144:42: branch_true: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:152:17: call_function: calling ‘bcrypt_hash’ from ‘bcrypt_pbkdf’
#   95|   		    &j);
#   96|   	for (i = 0; i < 64; i++)
#   97|-> 		blf_enc(&state, cdata, BCRYPT_WORDS / 2);
#   98|   
#   99|   	/* copy out */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def369]
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:140:9: warning[-Wanalyzer-malloc-leak]: leak of ‘countsalt’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:127:12: branch_false: following ‘false’ branch (when ‘rounds != 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: following ‘false’ branch (when ‘saltlen <= 1048576’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:12: branch_false: following ‘false’ branch (when ‘countsalt’ is non-NULL)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:134:18: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:140:9: danger: ‘countsalt’ leaks here; was allocated at [(7)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/6)
#  138|   
#  139|   	/* collapse password */
#  140|-> 	crypto_hash_sha512(sha2pass, pass, passlen);
#  141|   
#  142|   	/* generate key, sizeof(out) at a time */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def370]
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:150:17: warning[-Wanalyzer-malloc-leak]: leak of ‘countsalt’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:127:12: branch_false: following ‘false’ branch (when ‘rounds != 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: following ‘false’ branch (when ‘saltlen <= 1048576’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:12: branch_false: following ‘false’ branch (when ‘countsalt’ is non-NULL)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:134:18: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:143:25: branch_true: following ‘true’ branch (when ‘keylen != 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:144:42: branch_true: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:150:17: danger: ‘countsalt’ leaks here; was allocated at [(7)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/6)
#  148|   
#  149|   		/* first round, salt is salt */
#  150|-> 		crypto_hash_sha512(sha2salt, countsalt, saltlen + 4);
#  151|   
#  152|   		bcrypt_hash(sha2pass, sha2salt, tmpout);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def371]
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:157:25: warning[-Wanalyzer-malloc-leak]: leak of ‘countsalt’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:114:1: enter_function: entry to ‘bcrypt_pbkdf’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:127:12: branch_false: following ‘false’ branch (when ‘rounds != 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: following ‘false’ branch (when ‘saltlen <= 1048576’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:12: branch_false: following ‘false’ branch (when ‘countsalt’ is non-NULL)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:134:18: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:143:25: branch_true: following ‘true’ branch (when ‘keylen != 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:144:42: branch_true: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:152:17: call_function: calling ‘bcrypt_hash’ from ‘bcrypt_pbkdf’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:152:17: return_function: returning to ‘bcrypt_pbkdf’ from ‘bcrypt_hash’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:155:29: branch_true: following ‘true’ branch...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:157:25: branch_true: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:157:25: danger: ‘countsalt’ leaks here; was allocated at [(8)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/7)
#  155|   		for (i = 1; i < rounds; i++) {
#  156|   			/* subsequent rounds, salt is previous output */
#  157|-> 			crypto_hash_sha512(sha2salt, tmpout, sizeof(tmpout));
#  158|   			bcrypt_hash(sha2pass, sha2salt, tmpout);
#  159|   			for (j = 0; j < sizeof(out); j++)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def372]
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:177:9: warning[-Wanalyzer-malloc-leak]: leak of ‘countsalt’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:114:1: enter_function: entry to ‘bcrypt_pbkdf’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:127:12: branch_false: following ‘false’ branch (when ‘rounds != 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:129:13: branch_false: following ‘false’ branch (when ‘saltlen <= 1048576’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:26: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:132:12: branch_false: following ‘false’ branch (when ‘countsalt’ is non-NULL)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:134:18: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:143:25: branch_true: following ‘true’ branch (when ‘keylen != 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:144:42: branch_true: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:152:17: call_function: calling ‘bcrypt_hash’ from ‘bcrypt_pbkdf’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:152:17: return_function: returning to ‘bcrypt_pbkdf’ from ‘bcrypt_hash’
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:143:25: branch_false: following ‘false’ branch (when ‘keylen == 0’)...
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:177:9: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bcrypt_pbkdf.c:177:9: danger: ‘countsalt’ leaks here; was allocated at [(8)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/7)
#  175|   
#  176|   	/* zap */
#  177|-> 	freezero(countsalt, saltlen + 4);
#  178|   	explicit_bzero(out, sizeof(out));
#  179|   	explicit_bzero(tmpout, sizeof(tmpout));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def373]
openssh-10.0p1/openbsd-compat/bsd-closefrom.c:139:24: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(&fdpath)’
openssh-10.0p1/openbsd-compat/bsd-closefrom.c:132:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/bsd-closefrom.c:137:66: branch_false: ...to here
openssh-10.0p1/openbsd-compat/bsd-closefrom.c:138:8: branch_true: following ‘true’ branch...
openssh-10.0p1/openbsd-compat/bsd-closefrom.c:138:60: branch_true: ...to here
openssh-10.0p1/openbsd-compat/bsd-closefrom.c:138:60: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/bsd-closefrom.c:138:9: branch_true: following ‘true’ branch...
 branch_true: ...to here
openssh-10.0p1/openbsd-compat/bsd-closefrom.c:139:24: danger: ‘opendir(&fdpath)’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  137|       len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid());
#  138|       if (len > 0 && (size_t)len < sizeof(fdpath) && (dirp = opendir(fdpath))) {
#  139|-> 	while ((dent = readdir(dirp)) != NULL) {
#  140|   	    fd = strtol(dent->d_name, &endp, 10);
#  141|   	    if (dent->d_name != endp && *endp == '\0' &&

Error: GCC_ANALYZER_WARNING (CWE-401): [#def374]
openssh-10.0p1/openbsd-compat/glob.c:741:22: warning[-Wanalyzer-malloc-leak]: leak of ‘g_opendir(pathbuf,  pglob)’
openssh-10.0p1/openbsd-compat/glob.c:700:1: enter_function: entry to ‘glob3’
openssh-10.0p1/openbsd-compat/glob.c:717:12: branch_false: following ‘false’ branch (when ‘pathend <= pathend_last’)...
openssh-10.0p1/openbsd-compat/glob.c:719:9: branch_false: ...to here
openssh-10.0p1/openbsd-compat/glob.c:722:21: call_function: calling ‘g_opendir’ from ‘glob3’
openssh-10.0p1/openbsd-compat/glob.c:722:21: return_function: returning to ‘glob3’ from ‘g_opendir’
openssh-10.0p1/openbsd-compat/glob.c:722:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/glob.c:737:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/glob.c:741:22: danger: ‘g_opendir(pathbuf,  pglob)’ leaks here; was allocated at [(8)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/7)
#  739|   	else
#  740|   		readdirfunc = (struct dirent *(*)(void *))readdir;
#  741|-> 	while ((dp = (*readdirfunc)(dirp))) {
#  742|   		u_char *sc;
#  743|   		Char *dc;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def375]
openssh-10.0p1/openbsd-compat/glob.c:835:17: warning[-Wanalyzer-malloc-leak]: leak of ‘pathv’
openssh-10.0p1/openbsd-compat/glob.c:810:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/glob.c:810:13: branch_false: following ‘false’ branch (when ‘newn <= 2305843009213693950’)...
openssh-10.0p1/openbsd-compat/glob.c:830:30: branch_false: ...to here
openssh-10.0p1/openbsd-compat/glob.c:830:17: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/glob.c:831:12: branch_false: following ‘false’ branch (when ‘pathv’ is non-NULL)...
openssh-10.0p1/openbsd-compat/glob.c:833:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/glob.c:833:12: branch_true: following ‘true’ branch...
openssh-10.0p1/openbsd-compat/glob.c:836:42: branch_true: following ‘true’ branch (when ‘i != 0’)...
openssh-10.0p1/openbsd-compat/glob.c:837:25: branch_true: ...to here
openssh-10.0p1/openbsd-compat/glob.c:843:20: branch_false: following ‘false’ branch (when ‘statv’ is non-NULL)...
openssh-10.0p1/openbsd-compat/glob.c:845:21: branch_false: ...to here
openssh-10.0p1/openbsd-compat/glob.c:835:17: danger: ‘pathv’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  833|   	if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
#  834|   		/* first time around -- clear initial gl_offs items */
#  835|-> 		pathv += pglob->gl_offs;
#  836|   		for (i = pglob->gl_offs; i > 0; i--)
#  837|   			*--pathv = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def376]
openssh-10.0p1/openbsd-compat/glob.c:847:25: warning[-Wanalyzer-malloc-leak]: leak of ‘statv’
openssh-10.0p1/openbsd-compat/glob.c:810:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/glob.c:810:13: branch_false: following ‘false’ branch (when ‘newn <= 2305843009213693950’)...
openssh-10.0p1/openbsd-compat/glob.c:830:30: branch_false: ...to here
openssh-10.0p1/openbsd-compat/glob.c:831:12: branch_false: following ‘false’ branch (when ‘pathv’ is non-NULL)...
openssh-10.0p1/openbsd-compat/glob.c:833:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/glob.c:841:12: branch_true: following ‘true’ branch...
openssh-10.0p1/openbsd-compat/glob.c:842:38: branch_true: ...to here
openssh-10.0p1/openbsd-compat/glob.c:842:25: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/glob.c:843:20: branch_false: following ‘false’ branch (when ‘statv’ is non-NULL)...
openssh-10.0p1/openbsd-compat/glob.c:845:21: branch_false: ...to here
openssh-10.0p1/openbsd-compat/glob.c:845:20: branch_true: following ‘true’ branch...
openssh-10.0p1/openbsd-compat/glob.c:848:50: branch_true: following ‘true’ branch (when ‘i != 0’)...
openssh-10.0p1/openbsd-compat/glob.c:849:33: branch_true: ...to here
openssh-10.0p1/openbsd-compat/glob.c:852:20: branch_false: following ‘false’ branch (when ‘sb’ is non-NULL)...
openssh-10.0p1/openbsd-compat/glob.c:855:25: branch_false: ...to here
openssh-10.0p1/openbsd-compat/glob.c:856:28: branch_true: following ‘true’ branch...
openssh-10.0p1/openbsd-compat/glob.c:847:25: danger: ‘statv’ leaks here; was allocated at [(9)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/8)
#  845|   		if (pglob->gl_statv == NULL && pglob->gl_offs > 0) {
#  846|   			/* first time around -- clear initial gl_offs items */
#  847|-> 			statv += pglob->gl_offs;
#  848|   			for (i = pglob->gl_offs; i > 0; i--)
#  849|   				*--statv = NULL;

Error: COMPILER_WARNING (CWE-477): [#def377]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:68:1: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#   68 | sshd_selinux_send_audit_message(int success, security_context_t default_context,
#      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   66|   /* Send audit message */
#   67|   static int
#   68|-> sshd_selinux_send_audit_message(int success, security_context_t default_context,
#   69|   		       security_context_t selected_context)
#   70|   {

Error: COMPILER_WARNING (CWE-477): [#def378]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:68:1: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#   66|   /* Send audit message */
#   67|   static int
#   68|-> sshd_selinux_send_audit_message(int success, security_context_t default_context,
#   69|   		       security_context_t selected_context)
#   70|   {

Error: COMPILER_WARNING (CWE-477): [#def379]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:69:24: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#   69 |                        security_context_t selected_context)
#      |                        ^~~~~~~~~~~~~~~~~~
#   67|   static int
#   68|   sshd_selinux_send_audit_message(int success, security_context_t default_context,
#   69|-> 		       security_context_t selected_context)
#   70|   {
#   71|   	int rc=0;

Error: COMPILER_WARNING (CWE-477): [#def380]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:69:24: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#   67|   static int
#   68|   sshd_selinux_send_audit_message(int success, security_context_t default_context,
#   69|-> 		       security_context_t selected_context)
#   70|   {
#   71|   	int rc=0;

Error: COMPILER_WARNING (CWE-477): [#def381]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:115:1: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  115 | mls_range_allowed(security_context_t src, security_context_t dst)
#      | ^~~~~~~~~~~~~~~~~
#  113|   
#  114|   static int
#  115|-> mls_range_allowed(security_context_t src, security_context_t dst)
#  116|   {
#  117|   	struct av_decision avd;

Error: COMPILER_WARNING (CWE-477): [#def382]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:115:1: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  113|   
#  114|   static int
#  115|-> mls_range_allowed(security_context_t src, security_context_t dst)
#  116|   {
#  117|   	struct av_decision avd;

Error: COMPILER_WARNING (CWE-477): [#def383]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:142:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  142 |         security_context_t *sc) {
#      |         ^~~~~~~~~~~~~~~~~~
#  140|   static int
#  141|   get_user_context(const char *sename, const char *role, const char *lvl,
#  142|-> 	security_context_t *sc) {
#  143|   #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
#  144|   	if (lvl == NULL || lvl[0] == '\0' || get_default_context_with_level(sename, lvl, NULL, sc) != 0) {

Error: COMPILER_WARNING (CWE-477): [#def384]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:142:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  140|   static int
#  141|   get_user_context(const char *sename, const char *role, const char *lvl,
#  142|-> 	security_context_t *sc) {
#  143|   #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
#  144|   	if (lvl == NULL || lvl[0] == '\0' || get_default_context_with_level(sename, lvl, NULL, sc) != 0) {

Error: COMPILER_WARNING (CWE-477): [#def385]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c: scope_hint: In function ‘get_user_context’
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:180:17: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  180 |                 security_context_t obtained_raw;
#      |                 ^~~~~~~~~~~~~~~~~~
#  178|   		/* verify that the requested range is obtained */
#  179|   		context_t con;
#  180|-> 		security_context_t obtained_raw;
#  181|   		security_context_t requested_raw;
#  182|   		con = context_new(*sc);

Error: COMPILER_WARNING (CWE-477): [#def386]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:180:17: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  178|   		/* verify that the requested range is obtained */
#  179|   		context_t con;
#  180|-> 		security_context_t obtained_raw;
#  181|   		security_context_t requested_raw;
#  182|   		con = context_new(*sc);

Error: COMPILER_WARNING (CWE-477): [#def387]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:181:17: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  181 |                 security_context_t requested_raw;
#      |                 ^~~~~~~~~~~~~~~~~~
#  179|   		context_t con;
#  180|   		security_context_t obtained_raw;
#  181|-> 		security_context_t requested_raw;
#  182|   		con = context_new(*sc);
#  183|   		if (!con) {

Error: COMPILER_WARNING (CWE-477): [#def388]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:181:17: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  179|   		context_t con;
#  180|   		security_context_t obtained_raw;
#  181|-> 		security_context_t requested_raw;
#  182|   		con = context_new(*sc);
#  183|   		if (!con) {

Error: COMPILER_WARNING (CWE-477): [#def389]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c: scope_hint: At top level
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:240:1: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  240 | sshd_selinux_getctxbyname(char *pwname, security_context_t *default_sc,
#      | ^~~~~~~~~~~~~~~~~~~~~~~~~
#  238|   /* Return the default security context for the given username */
#  239|   static int
#  240|-> sshd_selinux_getctxbyname(char *pwname, security_context_t *default_sc,
#  241|       security_context_t *user_sc, int inetd, Authctxt *the_authctxt)
#  242|   {

Error: COMPILER_WARNING (CWE-477): [#def390]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:240:1: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  238|   /* Return the default security context for the given username */
#  239|   static int
#  240|-> sshd_selinux_getctxbyname(char *pwname, security_context_t *default_sc,
#  241|       security_context_t *user_sc, int inetd, Authctxt *the_authctxt)
#  242|   {

Error: COMPILER_WARNING (CWE-477): [#def391]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:241:5: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  241 |     security_context_t *user_sc, int inetd, Authctxt *the_authctxt)
#      |     ^~~~~~~~~~~~~~~~~~
#  239|   static int
#  240|   sshd_selinux_getctxbyname(char *pwname, security_context_t *default_sc,
#  241|->     security_context_t *user_sc, int inetd, Authctxt *the_authctxt)
#  242|   {
#  243|   	char *sename, *lvl;

Error: COMPILER_WARNING (CWE-477): [#def392]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:241:5: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  239|   static int
#  240|   sshd_selinux_getctxbyname(char *pwname, security_context_t *default_sc,
#  241|->     security_context_t *user_sc, int inetd, Authctxt *the_authctxt)
#  242|   {
#  243|   	char *sename, *lvl;

Error: COMPILER_WARNING (CWE-477): [#def393]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c: scope_hint: In function ‘sshd_selinux_getctxbyname’
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:272:25: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  272 |                         security_context_t sshdsc=NULL;
#      |                         ^~~~~~~~~~~~~~~~~~
#  270|   		/* If launched from xinetd, we must use current level */
#  271|   		if (inetd) {
#  272|-> 			security_context_t sshdsc=NULL;
#  273|   
#  274|   			if (getcon_raw(&sshdsc) < 0)

Error: COMPILER_WARNING (CWE-477): [#def394]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:272:25: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  270|   		/* If launched from xinetd, we must use current level */
#  271|   		if (inetd) {
#  272|-> 			security_context_t sshdsc=NULL;
#  273|   
#  274|   			if (getcon_raw(&sshdsc) < 0)

Error: COMPILER_WARNING (CWE-477): [#def395]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:293:33: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  293 |                                 security_context_t default_level_sc = *default_sc;
#      |                                 ^~~~~~~~~~~~~~~~~~
#  291|   
#  292|   			if (r == 0 && reqlvl != NULL && reqlvl[0]) {
#  293|-> 				security_context_t default_level_sc = *default_sc;
#  294|   				if (role != NULL && role[0]) {
#  295|   					if (get_user_context(sename, role, lvl, &default_level_sc) < 0)

Error: COMPILER_WARNING (CWE-477): [#def396]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:293:33: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  291|   
#  292|   			if (r == 0 && reqlvl != NULL && reqlvl[0]) {
#  293|-> 				security_context_t default_level_sc = *default_sc;
#  294|   				if (role != NULL && role[0]) {
#  295|   					if (get_user_context(sename, role, lvl, &default_level_sc) < 0)

Error: COMPILER_WARNING (CWE-477): [#def397]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c: scope_hint: In function ‘sshd_selinux_setup_exec_context’
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:386:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  386 |         security_context_t user_ctx = NULL;
#      |         ^~~~~~~~~~~~~~~~~~
#  384|       int(pam_setenv)(char *, const char *), void *the_authctxt, int use_pam)
#  385|   {
#  386|-> 	security_context_t user_ctx = NULL;
#  387|   	int r = 0;
#  388|   	security_context_t default_ctx = NULL;

Error: COMPILER_WARNING (CWE-477): [#def398]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:386:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  384|       int(pam_setenv)(char *, const char *), void *the_authctxt, int use_pam)
#  385|   {
#  386|-> 	security_context_t user_ctx = NULL;
#  387|   	int r = 0;
#  388|   	security_context_t default_ctx = NULL;

Error: COMPILER_WARNING (CWE-477): [#def399]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:388:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  388 |         security_context_t default_ctx = NULL;
#      |         ^~~~~~~~~~~~~~~~~~
#  386|   	security_context_t user_ctx = NULL;
#  387|   	int r = 0;
#  388|-> 	security_context_t default_ctx = NULL;
#  389|   	Authctxt *authctxt = (Authctxt *) the_authctxt;
#  390|   

Error: COMPILER_WARNING (CWE-477): [#def400]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:388:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  386|   	security_context_t user_ctx = NULL;
#  387|   	int r = 0;
#  388|-> 	security_context_t default_ctx = NULL;
#  389|   	Authctxt *authctxt = (Authctxt *) the_authctxt;
#  390|   

Error: COMPILER_WARNING (CWE-477): [#def401]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c: scope_hint: In function ‘sshd_selinux_copy_context’
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:461:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  461 |         if (getexeccon((security_context_t *)&ctx) != 0) {
#      |         ^~
#  459|   		return;
#  460|   
#  461|-> 	if (getexeccon((security_context_t *)&ctx) != 0) {
#  462|   		logit_f("getexeccon failed with %s", strerror(errno));
#  463|   		return;

Error: COMPILER_WARNING (CWE-477): [#def402]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:461:9: warning[-Wdeprecated-declarations]: ‘security_context_t’ is deprecated
#  459|   		return;
#  460|   
#  461|-> 	if (getexeccon((security_context_t *)&ctx) != 0) {
#  462|   		logit_f("getexeccon failed with %s", strerror(errno));
#  463|   		return;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def403]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:497:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(selinux_openssh_contexts_path(), "r")’
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:485:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: acquire_resource: opened here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:497:17: danger: ‘fopen(selinux_openssh_contexts_path(), "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/2)
#  495|   	if (fstat(fileno(contexts_file), &sb) != 0 ||
#  496|   	    sb.st_uid != 0 || (sb.st_mode & 022) != 0) {
#  497|-> 		logit_f("SELinux context file needs to be owned by root"
#  498|   		    " and not writable by anyone else");
#  499|   		fclose(contexts_file);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def404]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:497:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(selinux_openssh_contexts_path(), "r")’
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:485:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:497:17: danger: ‘fopen(selinux_openssh_contexts_path(), "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/2)
#  495|   	if (fstat(fileno(contexts_file), &sb) != 0 ||
#  496|   	    sb.st_uid != 0 || (sb.st_mode & 022) != 0) {
#  497|-> 		logit_f("SELinux context file needs to be owned by root"
#  498|   		    " and not writable by anyone else");
#  499|   		fclose(contexts_file);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def405]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:515:23: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(selinux_openssh_contexts_path(), "r")’
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:485:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: acquire_resource: opened here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:32: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:503:16: branch_true: following ‘true’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:505:28: branch_true: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:511:20: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:514:17: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:515:23: danger: ‘fopen(selinux_openssh_contexts_path(), "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/2)
#  513|   
#  514|   		cp = line;
#  515|-> 		arg = strdelim(&cp);
#  516|   		if (arg && *arg == '\0')
#  517|   			arg = strdelim(&cp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def406]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:515:23: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(selinux_openssh_contexts_path(), "r")’
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:485:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:32: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:503:16: branch_true: following ‘true’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:505:28: branch_true: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:511:20: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:514:17: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:515:23: danger: ‘fopen(selinux_openssh_contexts_path(), "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/2)
#  513|   
#  514|   		cp = line;
#  515|-> 		arg = strdelim(&cp);
#  516|   		if (arg && *arg == '\0')
#  517|   			arg = strdelim(&cp);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def407]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:517:31: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(selinux_openssh_contexts_path(), "r")’
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:485:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: acquire_resource: opened here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:32: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:503:16: branch_true: following ‘true’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:505:28: branch_true: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:517:31: danger: ‘fopen(selinux_openssh_contexts_path(), "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/2)
#  515|   		arg = strdelim(&cp);
#  516|   		if (arg && *arg == '\0')
#  517|-> 			arg = strdelim(&cp);
#  518|   
#  519|   		if (arg && strcmp(arg, "privsep_preauth") == 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def408]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:517:31: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(selinux_openssh_contexts_path(), "r")’
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:485:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:32: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:503:16: branch_true: following ‘true’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:505:28: branch_true: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:517:31: danger: ‘fopen(selinux_openssh_contexts_path(), "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/2)
#  515|   		arg = strdelim(&cp);
#  516|   		if (arg && *arg == '\0')
#  517|-> 			arg = strdelim(&cp);
#  518|   
#  519|   		if (arg && strcmp(arg, "privsep_preauth") == 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def409]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:520:31: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(selinux_openssh_contexts_path(), "r")’
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:485:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: acquire_resource: opened here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:32: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:503:16: branch_true: following ‘true’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:505:28: branch_true: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:520:31: danger: ‘fopen(selinux_openssh_contexts_path(), "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/2)
#  518|   
#  519|   		if (arg && strcmp(arg, "privsep_preauth") == 0) {
#  520|-> 			arg = strdelim(&cp);
#  521|   			if (!arg || *arg == '\0') {
#  522|   				debug_f("privsep_preauth is empty");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def410]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:520:31: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(selinux_openssh_contexts_path(), "r")’
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:485:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:32: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:503:16: branch_true: following ‘true’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:505:28: branch_true: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:520:31: danger: ‘fopen(selinux_openssh_contexts_path(), "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/2)
#  518|   
#  519|   		if (arg && strcmp(arg, "privsep_preauth") == 0) {
#  520|-> 			arg = strdelim(&cp);
#  521|   			if (!arg || *arg == '\0') {
#  522|   				debug_f("privsep_preauth is empty");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def411]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:522:33: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(selinux_openssh_contexts_path(), "r")’
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:485:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: acquire_resource: opened here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:32: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:503:16: branch_true: following ‘true’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:505:28: branch_true: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:522:33: danger: ‘fopen(selinux_openssh_contexts_path(), "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/2)
#  520|   			arg = strdelim(&cp);
#  521|   			if (!arg || *arg == '\0') {
#  522|-> 				debug_f("privsep_preauth is empty");
#  523|   				fclose(contexts_file);
#  524|   				return;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def412]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:522:33: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(selinux_openssh_contexts_path(), "r")’
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:485:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:32: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:503:16: branch_true: following ‘true’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:505:28: branch_true: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:522:33: danger: ‘fopen(selinux_openssh_contexts_path(), "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/2)
#  520|   			arg = strdelim(&cp);
#  521|   			if (!arg || *arg == '\0') {
#  522|-> 				debug_f("privsep_preauth is empty");
#  523|   				fclose(contexts_file);
#  524|   				return;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def413]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:526:43: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(selinux_openssh_contexts_path(), "r")’
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:485:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: acquire_resource: opened here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:32: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:503:16: branch_true: following ‘true’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:505:28: branch_true: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:521:28: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:526:43: danger: ‘fopen(selinux_openssh_contexts_path(), "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/2)
#  524|   				return;
#  525|   			}
#  526|-> 			preauth_context = xstrdup(arg);
#  527|   		}
#  528|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def414]
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:526:43: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(selinux_openssh_contexts_path(), "r")’
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:485:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:30: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:490:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:496:32: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:495:13: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:503:16: branch_true: following ‘true’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:505:28: branch_true: ...to here
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:521:28: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux-sshd.c:526:43: danger: ‘fopen(selinux_openssh_contexts_path(), "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/2)
#  524|   				return;
#  525|   			}
#  526|-> 			preauth_context = xstrdup(arg);
#  527|   		}
#  528|   	}

Error: COMPILER_WARNING (CWE-1164): [#def415]
openssh-10.0p1/openbsd-compat/port-linux.c:68:1: warning[-Wunused-function]: ‘ssh_selinux_getctxbyname’ defined but not used
#   68 | ssh_selinux_getctxbyname(char *pwname)
#      | ^~~~~~~~~~~~~~~~~~~~~~~~
#   66|   /* Return the default security context for the given username */
#   67|   static char *
#   68|-> ssh_selinux_getctxbyname(char *pwname)
#   69|   {
#   70|   	char *sc = NULL, *sename = NULL, *lvl = NULL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def416]
openssh-10.0p1/openbsd-compat/port-linux.c:286:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(oom_adj_path, "w")’
openssh-10.0p1/openbsd-compat/port-linux.c:281:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux.c:282:19: acquire_resource: opened here
openssh-10.0p1/openbsd-compat/port-linux.c:281:13: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux.c:285:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux.c:285:12: branch_true: following ‘true’ branch...
openssh-10.0p1/openbsd-compat/port-linux.c:286:17: branch_true: ...to here
openssh-10.0p1/openbsd-compat/port-linux.c:286:17: danger: ‘fopen(oom_adj_path, "w")’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  284|   
#  285|   	if (fprintf(fp, "%d\n", oom_adj_save) <= 0)
#  286|-> 		verbose("error writing %s: %s", oom_adj_path, strerror(errno));
#  287|   	else
#  288|   		debug("Set %s to %d", oom_adj_path, oom_adj_save);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def417]
openssh-10.0p1/openbsd-compat/port-linux.c:286:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(oom_adj_path, "w")’
openssh-10.0p1/openbsd-compat/port-linux.c:281:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux.c:282:19: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/port-linux.c:281:13: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux.c:285:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux.c:285:12: branch_true: following ‘true’ branch...
openssh-10.0p1/openbsd-compat/port-linux.c:286:17: branch_true: ...to here
openssh-10.0p1/openbsd-compat/port-linux.c:286:17: danger: ‘fopen(oom_adj_path, "w")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  284|   
#  285|   	if (fprintf(fp, "%d\n", oom_adj_save) <= 0)
#  286|-> 		verbose("error writing %s: %s", oom_adj_path, strerror(errno));
#  287|   	else
#  288|   		debug("Set %s to %d", oom_adj_path, oom_adj_save);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def418]
openssh-10.0p1/openbsd-compat/port-linux.c:288:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(oom_adj_path, "w")’
openssh-10.0p1/openbsd-compat/port-linux.c:281:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux.c:282:19: acquire_resource: opened here
openssh-10.0p1/openbsd-compat/port-linux.c:281:13: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux.c:285:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux.c:285:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux.c:288:17: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux.c:288:17: danger: ‘fopen(oom_adj_path, "w")’ leaks here; was opened at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  286|   		verbose("error writing %s: %s", oom_adj_path, strerror(errno));
#  287|   	else
#  288|-> 		debug("Set %s to %d", oom_adj_path, oom_adj_save);
#  289|   
#  290|   	fclose(fp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def419]
openssh-10.0p1/openbsd-compat/port-linux.c:288:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(oom_adj_path, "w")’
openssh-10.0p1/openbsd-compat/port-linux.c:281:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux.c:282:19: acquire_memory: allocated here
openssh-10.0p1/openbsd-compat/port-linux.c:281:13: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux.c:285:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux.c:285:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux.c:288:17: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux.c:288:17: danger: ‘fopen(oom_adj_path, "w")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  286|   		verbose("error writing %s: %s", oom_adj_path, strerror(errno));
#  287|   	else
#  288|-> 		debug("Set %s to %d", oom_adj_path, oom_adj_save);
#  289|   
#  290|   	fclose(fp);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def420]
openssh-10.0p1/openbsd-compat/port-linux.c:327:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/openbsd-compat/port-linux.c:323:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux.c:326:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/openbsd-compat/port-linux.c:327:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  325|   
#  326|   	va_start(ap, fmt);
#  327|-> 	xvasprintf(&s, fmt, ap);
#  328|   	va_end(ap);
#  329|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def421]
openssh-10.0p1/openbsd-compat/port-linux.c:355:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/openbsd-compat/port-linux.c:323:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux.c:331:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux.c:336:12: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux.c:343:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux.c:349:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux.c:349:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-linux.c:351:19: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux.c:351:19: acquire_resource: datagram socket created here
openssh-10.0p1/openbsd-compat/port-linux.c:351:12: branch_false: following ‘false’ branch (when ‘fd != -1’)...
openssh-10.0p1/openbsd-compat/port-linux.c:355:13: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-linux.c:355:13: danger: ‘fd’ leaks here
#  353|   		goto out;
#  354|   	}
#  355|-> 	if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
#  356|   		error_f("socket \"%s\" connect: %s", path, strerror(errno));
#  357|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def422]
openssh-10.0p1/openbsd-compat/port-net.c:171:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/net/tun", 2)’
openssh-10.0p1/openbsd-compat/port-net.c:152:19: acquire_resource: opened here
openssh-10.0p1/openbsd-compat/port-net.c:152:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-net.c:158:9: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-net.c:169:12: branch_true: following ‘true’ branch (when ‘tun != 2147483647’)...
openssh-10.0p1/openbsd-compat/port-net.c:170:20: branch_true: ...to here
openssh-10.0p1/openbsd-compat/port-net.c:170:20: branch_true: following ‘true’ branch (when ‘tun == 2147483646’)...
openssh-10.0p1/openbsd-compat/port-net.c:171:25: branch_true: ...to here
openssh-10.0p1/openbsd-compat/port-net.c:171:25: danger: ‘open("/dev/net/tun", 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  169|   	if (tun != SSH_TUNID_ANY) {
#  170|   		if (tun > SSH_TUNID_MAX) {
#  171|-> 			debug("%s: invalid tunnel id %x: %s", __func__,
#  172|   			    tun, strerror(errno));
#  173|   			goto failed;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def423]
openssh-10.0p1/openbsd-compat/port-net.c:195:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/net/tun", 2)’
openssh-10.0p1/openbsd-compat/port-net.c:152:19: acquire_resource: opened here
openssh-10.0p1/openbsd-compat/port-net.c:152:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/port-net.c:158:9: branch_false: ...to here
openssh-10.0p1/openbsd-compat/port-net.c:169:12: branch_true: following ‘true’ branch (when ‘tun != 2147483647’)...
openssh-10.0p1/openbsd-compat/port-net.c:170:20: branch_true: ...to here
openssh-10.0p1/openbsd-compat/port-net.c:170:20: branch_true: following ‘true’ branch (when ‘tun == 2147483646’)...
openssh-10.0p1/openbsd-compat/port-net.c:171:25: branch_true: ...to here
openssh-10.0p1/openbsd-compat/port-net.c:195:9: danger: ‘open("/dev/net/tun", 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  193|   
#  194|    failed:
#  195|-> 	close(fd);
#  196|   	return (-1);
#  197|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def424]
openssh-10.0p1/openbsd-compat/readpassphrase.c:94:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 2)’
openssh-10.0p1/openbsd-compat/readpassphrase.c:64:12: branch_false: following ‘false’ branch (when ‘bufsiz != 0’)...
 branch_false: ...to here
openssh-10.0p1/openbsd-compat/readpassphrase.c:70:21: branch_true: following ‘true’ branch (when ‘i != 65’)...
openssh-10.0p1/openbsd-compat/readpassphrase.c:71:17: branch_true: ...to here
openssh-10.0p1/openbsd-compat/readpassphrase.c:79:12: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/readpassphrase.c:80:31: branch_false: ...to here
openssh-10.0p1/openbsd-compat/readpassphrase.c:80:31: acquire_resource: opened here
openssh-10.0p1/openbsd-compat/readpassphrase.c:79:13: branch_false: following ‘false’ branch...
openssh-10.0p1/openbsd-compat/readpassphrase.c:94:12: branch_false: ...to here
openssh-10.0p1/openbsd-compat/readpassphrase.c:94:12: danger: ‘open("/dev/tty", 2)’ leaks here; was opened at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#   92|   	 * generate SIGTTOU, so do it *before* installing the signal handlers.
#   93|   	 */
#   94|-> 	if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
#   95|   		memcpy(&term, &oterm, sizeof(term));
#   96|   		if (!(flags & RPP_ECHO_ON))

Error: COMPILER_WARNING: [#def425]
openssh-10.0p1/openbsd-compat/vis.c: scope_hint: In function ‘stravis’
openssh-10.0p1/openbsd-compat/vis.c:229:23: warning[-Wuse-after-free]: pointer ‘buf_15’ may be used after ‘realloc’
#  229 |                 *outp = buf;
#      |                 ~~~~~~^~~~~
openssh-10.0p1/openbsd-compat/vis.c:227:17: note: call to ‘realloc’ here
#  227 |         *outp = realloc(buf, len + 1);
#      |                 ^~~~~~~~~~~~~~~~~~~~~
#  227|   	*outp = realloc(buf, len + 1);
#  228|   	if (*outp == NULL) {
#  229|-> 		*outp = buf;
#  230|   		errno = serrno;
#  231|   	}

Error: GCC_ANALYZER_WARNING (CWE-404): [#def426]
openssh-10.0p1/packet.c:531:46: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/packet.c:2061:1: enter_function: entry to ‘sshpkt_fatal’
openssh-10.0p1/packet.c:2065:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/packet.c:2066:9: call_function: calling ‘sshpkt_vfatal’ from ‘sshpkt_fatal’
#  529|   		if (ssh_packet_connection_is_on_socket(ssh)) {
#  530|   			sock = ssh->state->connection_in;
#  531|-> 			ssh->remote_ipaddr = get_peer_ipaddr(sock);
#  532|   			ssh->remote_port = get_peer_port(sock);
#  533|   			ssh->local_ipaddr = get_local_ipaddr(sock);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def427]
openssh-10.0p1/packet.c:532:44: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/packet.c:2061:1: enter_function: entry to ‘sshpkt_fatal’
openssh-10.0p1/packet.c:2065:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/packet.c:2066:9: call_function: calling ‘sshpkt_vfatal’ from ‘sshpkt_fatal’
#  530|   			sock = ssh->state->connection_in;
#  531|   			ssh->remote_ipaddr = get_peer_ipaddr(sock);
#  532|-> 			ssh->remote_port = get_peer_port(sock);
#  533|   			ssh->local_ipaddr = get_local_ipaddr(sock);
#  534|   			ssh->local_port = get_local_port(sock);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def428]
openssh-10.0p1/packet.c:533:45: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/packet.c:2061:1: enter_function: entry to ‘sshpkt_fatal’
openssh-10.0p1/packet.c:2065:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/packet.c:2066:9: call_function: calling ‘sshpkt_vfatal’ from ‘sshpkt_fatal’
#  531|   			ssh->remote_ipaddr = get_peer_ipaddr(sock);
#  532|   			ssh->remote_port = get_peer_port(sock);
#  533|-> 			ssh->local_ipaddr = get_local_ipaddr(sock);
#  534|   			ssh->local_port = get_local_port(sock);
#  535|   		} else {

Error: GCC_ANALYZER_WARNING (CWE-404): [#def429]
openssh-10.0p1/packet.c:534:43: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/packet.c:2061:1: enter_function: entry to ‘sshpkt_fatal’
openssh-10.0p1/packet.c:2065:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/packet.c:2066:9: call_function: calling ‘sshpkt_vfatal’ from ‘sshpkt_fatal’
#  532|   			ssh->remote_port = get_peer_port(sock);
#  533|   			ssh->local_ipaddr = get_local_ipaddr(sock);
#  534|-> 			ssh->local_port = get_local_port(sock);
#  535|   		} else {
#  536|   			ssh->remote_ipaddr = xstrdup("UNKNOWN");

Error: GCC_ANALYZER_WARNING (CWE-404): [#def430]
openssh-10.0p1/packet.c:536:46: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/packet.c:2061:1: enter_function: entry to ‘sshpkt_fatal’
openssh-10.0p1/packet.c:2065:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/packet.c:2066:9: call_function: calling ‘sshpkt_vfatal’ from ‘sshpkt_fatal’
#  534|   			ssh->local_port = get_local_port(sock);
#  535|   		} else {
#  536|-> 			ssh->remote_ipaddr = xstrdup("UNKNOWN");
#  537|   			ssh->remote_port = 65535;
#  538|   			ssh->local_ipaddr = xstrdup("UNKNOWN");

Error: GCC_ANALYZER_WARNING (CWE-404): [#def431]
openssh-10.0p1/packet.c:538:45: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/packet.c:2061:1: enter_function: entry to ‘sshpkt_fatal’
openssh-10.0p1/packet.c:2065:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/packet.c:2066:9: call_function: calling ‘sshpkt_vfatal’ from ‘sshpkt_fatal’
#  536|   			ssh->remote_ipaddr = xstrdup("UNKNOWN");
#  537|   			ssh->remote_port = 65535;
#  538|-> 			ssh->local_ipaddr = xstrdup("UNKNOWN");
#  539|   			ssh->local_port = 65535;
#  540|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def432]
openssh-10.0p1/packet.c:2536:18: warning[-Wanalyzer-malloc-leak]: leak of ‘newkey’
openssh-10.0p1/packet.c:2532:23: acquire_memory: allocated here
openssh-10.0p1/packet.c:2532:12: branch_false: following ‘false’ branch (when ‘newkey’ is non-NULL)...
openssh-10.0p1/packet.c:2536:18: branch_false: ...to here
openssh-10.0p1/packet.c:2536:18: danger: ‘newkey’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
# 2534|   		goto out;
# 2535|   	}
# 2536|-> 	if ((r = sshbuf_froms(m, &b)) != 0)
# 2537|   		goto out;
# 2538|   #ifdef DEBUG_PK

Error: GCC_ANALYZER_WARNING (CWE-401): [#def433]
openssh-10.0p1/packet.c:2545:18: warning[-Wanalyzer-malloc-leak]: leak of ‘newkey’
openssh-10.0p1/packet.c:2532:23: acquire_memory: allocated here
openssh-10.0p1/packet.c:2532:12: branch_false: following ‘false’ branch (when ‘newkey’ is non-NULL)...
openssh-10.0p1/packet.c:2536:18: branch_false: ...to here
openssh-10.0p1/packet.c:2536:12: branch_false: following ‘false’ branch...
openssh-10.0p1/packet.c:2542:9: branch_false: ...to here
openssh-10.0p1/packet.c:2545:18: danger: ‘newkey’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
# 2543|   	comp = &newkey->comp;
# 2544|   
# 2545|-> 	if ((r = sshbuf_get_cstring(b, &enc->name, NULL)) != 0 ||
# 2546|   	    (r = sshbuf_get_u32(b, (u_int *)&enc->enabled)) != 0 ||
# 2547|   	    (r = sshbuf_get_u32(b, &enc->block_size)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-476): [#def434]
openssh-10.0p1/readconf.c:814:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘arg’
openssh-10.0p1/readconf.c:2613:1: enter_function: entry to ‘read_config_file_depth’
openssh-10.0p1/readconf.c:2618:15: release_memory: ‘line’ is NULL
openssh-10.0p1/readconf.c:2623:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readconf.c:2626:18: branch_false: ...to here
openssh-10.0p1/readconf.c:2626:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readconf.c:2629:13: branch_false: ...to here
openssh-10.0p1/readconf.c:2646:16: branch_true: following ‘true’ branch...
openssh-10.0p1/readconf.c:2648:17: branch_true: ...to here
openssh-10.0p1/readconf.c:2654:21: call_function: calling ‘process_config_line_depth’ from ‘read_config_file_depth’
#  812|   		    strprefix(attrib, "exec=", 1) != NULL) {
#  813|   			arg = strchr(attrib, '=');
#  814|-> 			*(arg++) = '\0';
#  815|   		} else if ((arg = argv_next(acp, avp)) == NULL) {
#  816|   			error("%.200s line %d: missing argument for Match '%s'",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def435]
openssh-10.0p1/readconf.c:2629:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "r")’
openssh-10.0p1/readconf.c:2623:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readconf.c:2626:18: branch_false: ...to here
openssh-10.0p1/readconf.c:2626:18: acquire_resource: opened here
openssh-10.0p1/readconf.c:2626:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readconf.c:2629:13: branch_false: ...to here
openssh-10.0p1/readconf.c:2629:12: branch_true: following ‘true’ branch...
openssh-10.0p1/readconf.c:2632:21: branch_true: ...to here
openssh-10.0p1/readconf.c:2629:13: danger: ‘fopen(filename, "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
# 2627|   		return 0;
# 2628|   
# 2629|-> 	if (flags & SSHCONF_CHECKPERM) {
# 2630|   		struct stat sb;
# 2631|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def436]
openssh-10.0p1/readconf.c:2629:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "r")’
openssh-10.0p1/readconf.c:2623:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readconf.c:2626:18: branch_false: ...to here
openssh-10.0p1/readconf.c:2626:18: acquire_memory: allocated here
openssh-10.0p1/readconf.c:2626:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readconf.c:2629:13: branch_false: ...to here
openssh-10.0p1/readconf.c:2629:12: branch_true: following ‘true’ branch...
openssh-10.0p1/readconf.c:2632:21: branch_true: ...to here
openssh-10.0p1/readconf.c:2629:13: danger: ‘fopen(filename, "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
# 2627|   		return 0;
# 2628|   
# 2629|-> 	if (flags & SSHCONF_CHECKPERM) {
# 2630|   		struct stat sb;
# 2631|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def437]
openssh-10.0p1/readconf.c:2639:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "r")’
openssh-10.0p1/readconf.c:2623:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readconf.c:2626:18: branch_false: ...to here
openssh-10.0p1/readconf.c:2626:18: acquire_resource: opened here
openssh-10.0p1/readconf.c:2626:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readconf.c:2629:13: branch_false: ...to here
openssh-10.0p1/readconf.c:2639:9: danger: ‘fopen(filename, "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
# 2637|   	}
# 2638|   
# 2639|-> 	debug("Reading configuration data %.200s", filename);
# 2640|   
# 2641|   	/*

Error: GCC_ANALYZER_WARNING (CWE-401): [#def438]
openssh-10.0p1/readconf.c:2639:9: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "r")’
openssh-10.0p1/readconf.c:2623:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readconf.c:2626:18: branch_false: ...to here
openssh-10.0p1/readconf.c:2626:18: acquire_memory: allocated here
openssh-10.0p1/readconf.c:2626:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readconf.c:2629:13: branch_false: ...to here
openssh-10.0p1/readconf.c:2639:9: danger: ‘fopen(filename, "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/2)
# 2637|   	}
# 2638|   
# 2639|-> 	debug("Reading configuration data %.200s", filename);
# 2640|   
# 2641|   	/*

Error: GCC_ANALYZER_WARNING (CWE-775): [#def439]
openssh-10.0p1/readpass.c:68:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/readpass.c:62:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.0p1/readpass.c:64:13: branch_false: ...to here
openssh-10.0p1/readpass.c:64:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readpass.c:68:20: branch_false: ...to here
openssh-10.0p1/readpass.c:68:20: danger: ‘p[0]’ leaks here
#   66|   		return NULL;
#   67|   	}
#   68|-> 	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
#   69|   	if ((pid = fork()) == -1) {
#   70|   		error_f("fork: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def440]
openssh-10.0p1/readpass.c:68:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/readpass.c:62:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.0p1/readpass.c:64:13: branch_false: ...to here
openssh-10.0p1/readpass.c:64:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readpass.c:68:20: branch_false: ...to here
openssh-10.0p1/readpass.c:68:20: danger: ‘p[1]’ leaks here
#   66|   		return NULL;
#   67|   	}
#   68|-> 	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
#   69|   	if ((pid = fork()) == -1) {
#   70|   		error_f("fork: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def441]
openssh-10.0p1/readpass.c:70:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/readpass.c:62:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.0p1/readpass.c:64:13: branch_false: ...to here
openssh-10.0p1/readpass.c:64:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readpass.c:68:20: branch_false: ...to here
openssh-10.0p1/readpass.c:69:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.0p1/readpass.c:70:17: branch_true: ...to here
openssh-10.0p1/readpass.c:70:17: danger: ‘p[0]’ leaks here
#   68|   	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
#   69|   	if ((pid = fork()) == -1) {
#   70|-> 		error_f("fork: %s", strerror(errno));
#   71|   		ssh_signal(SIGCHLD, osigchld);
#   72|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def442]
openssh-10.0p1/readpass.c:70:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/readpass.c:62:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.0p1/readpass.c:64:13: branch_false: ...to here
openssh-10.0p1/readpass.c:64:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readpass.c:68:20: branch_false: ...to here
openssh-10.0p1/readpass.c:69:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.0p1/readpass.c:70:17: branch_true: ...to here
openssh-10.0p1/readpass.c:70:17: danger: ‘p[1]’ leaks here
#   68|   	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
#   69|   	if ((pid = fork()) == -1) {
#   70|-> 		error_f("fork: %s", strerror(errno));
#   71|   		ssh_signal(SIGCHLD, osigchld);
#   72|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def443]
openssh-10.0p1/readpass.c:71:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/readpass.c:62:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.0p1/readpass.c:64:13: branch_false: ...to here
openssh-10.0p1/readpass.c:64:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readpass.c:68:20: branch_false: ...to here
openssh-10.0p1/readpass.c:69:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.0p1/readpass.c:70:17: branch_true: ...to here
openssh-10.0p1/readpass.c:71:17: danger: ‘p[0]’ leaks here
#   69|   	if ((pid = fork()) == -1) {
#   70|   		error_f("fork: %s", strerror(errno));
#   71|-> 		ssh_signal(SIGCHLD, osigchld);
#   72|   		return NULL;
#   73|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def444]
openssh-10.0p1/readpass.c:71:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/readpass.c:62:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.0p1/readpass.c:64:13: branch_false: ...to here
openssh-10.0p1/readpass.c:64:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readpass.c:68:20: branch_false: ...to here
openssh-10.0p1/readpass.c:69:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.0p1/readpass.c:70:17: branch_true: ...to here
openssh-10.0p1/readpass.c:71:17: danger: ‘p[1]’ leaks here
#   69|   	if ((pid = fork()) == -1) {
#   70|   		error_f("fork: %s", strerror(errno));
#   71|-> 		ssh_signal(SIGCHLD, osigchld);
#   72|   		return NULL;
#   73|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def445]
openssh-10.0p1/readpass.c:75:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/readpass.c:62:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.0p1/readpass.c:64:13: branch_false: ...to here
openssh-10.0p1/readpass.c:64:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readpass.c:68:20: branch_false: ...to here
openssh-10.0p1/readpass.c:69:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/readpass.c:74:12: branch_false: ...to here
openssh-10.0p1/readpass.c:74:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/readpass.c:75:17: branch_true: ...to here
openssh-10.0p1/readpass.c:75:17: danger: ‘p[0]’ leaks here
#   73|   	}
#   74|   	if (pid == 0) {
#   75|-> 		close(p[0]);
#   76|   		if (dup2(p[1], STDOUT_FILENO) == -1)
#   77|   			fatal_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def446]
openssh-10.0p1/readpass.c:75:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/readpass.c:62:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.0p1/readpass.c:64:13: branch_false: ...to here
openssh-10.0p1/readpass.c:64:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readpass.c:68:20: branch_false: ...to here
openssh-10.0p1/readpass.c:69:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/readpass.c:74:12: branch_false: ...to here
openssh-10.0p1/readpass.c:74:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/readpass.c:75:17: branch_true: ...to here
openssh-10.0p1/readpass.c:75:17: danger: ‘p[1]’ leaks here
#   73|   	}
#   74|   	if (pid == 0) {
#   75|-> 		close(p[0]);
#   76|   		if (dup2(p[1], STDOUT_FILENO) == -1)
#   77|   			fatal_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def447]
openssh-10.0p1/readpass.c:76:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(p[1], 1)’
openssh-10.0p1/readpass.c:62:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.0p1/readpass.c:64:13: branch_false: ...to here
openssh-10.0p1/readpass.c:64:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readpass.c:68:20: branch_false: ...to here
openssh-10.0p1/readpass.c:69:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/readpass.c:74:12: branch_false: ...to here
openssh-10.0p1/readpass.c:74:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/readpass.c:75:17: branch_true: ...to here
openssh-10.0p1/readpass.c:76:21: acquire_resource: opened here
openssh-10.0p1/readpass.c:76:20: danger: ‘dup2(p[1], 1)’ leaks here; was opened at [(10)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/9)
#   74|   	if (pid == 0) {
#   75|   		close(p[0]);
#   76|-> 		if (dup2(p[1], STDOUT_FILENO) == -1)
#   77|   			fatal_f("dup2: %s", strerror(errno));
#   78|   		if (env_hint != NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def448]
openssh-10.0p1/readpass.c:77:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/readpass.c:62:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.0p1/readpass.c:64:13: branch_false: ...to here
openssh-10.0p1/readpass.c:64:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readpass.c:68:20: branch_false: ...to here
openssh-10.0p1/readpass.c:69:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/readpass.c:74:12: branch_false: ...to here
openssh-10.0p1/readpass.c:74:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/readpass.c:75:17: branch_true: ...to here
openssh-10.0p1/readpass.c:76:20: branch_true: following ‘true’ branch...
openssh-10.0p1/readpass.c:77:25: branch_true: ...to here
openssh-10.0p1/readpass.c:77:25: danger: ‘p[1]’ leaks here
#   75|   		close(p[0]);
#   76|   		if (dup2(p[1], STDOUT_FILENO) == -1)
#   77|-> 			fatal_f("dup2: %s", strerror(errno));
#   78|   		if (env_hint != NULL)
#   79|   			setenv("SSH_ASKPASS_PROMPT", env_hint, 1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def449]
openssh-10.0p1/readpass.c:81:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/readpass.c:62:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.0p1/readpass.c:64:13: branch_false: ...to here
openssh-10.0p1/readpass.c:64:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readpass.c:68:20: branch_false: ...to here
openssh-10.0p1/readpass.c:69:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/readpass.c:74:12: branch_false: ...to here
openssh-10.0p1/readpass.c:74:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/readpass.c:75:17: branch_true: ...to here
openssh-10.0p1/readpass.c:76:20: branch_false: following ‘false’ branch...
openssh-10.0p1/readpass.c:78:20: branch_false: ...to here
openssh-10.0p1/readpass.c:81:17: danger: ‘p[1]’ leaks here
#   79|   			setenv("SSH_ASKPASS_PROMPT", env_hint, 1);
#   80|   		execlp(askpass, askpass, msg, (char *)NULL);
#   81|-> 		fatal_f("exec(%s): %s", askpass, strerror(errno));
#   82|   	}
#   83|   	close(p[1]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def450]
openssh-10.0p1/readpass.c:83:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/readpass.c:62:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.0p1/readpass.c:64:13: branch_false: ...to here
openssh-10.0p1/readpass.c:64:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readpass.c:68:20: branch_false: ...to here
openssh-10.0p1/readpass.c:69:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/readpass.c:74:12: branch_false: ...to here
openssh-10.0p1/readpass.c:74:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/readpass.c:83:9: branch_false: ...to here
openssh-10.0p1/readpass.c:83:9: danger: ‘p[0]’ leaks here
#   81|   		fatal_f("exec(%s): %s", askpass, strerror(errno));
#   82|   	}
#   83|-> 	close(p[1]);
#   84|   
#   85|   	len = 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def451]
openssh-10.0p1/readpass.c:83:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[1]’
openssh-10.0p1/readpass.c:62:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.0p1/readpass.c:64:13: branch_false: ...to here
openssh-10.0p1/readpass.c:64:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readpass.c:68:20: branch_false: ...to here
openssh-10.0p1/readpass.c:69:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/readpass.c:74:12: branch_false: ...to here
openssh-10.0p1/readpass.c:74:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/readpass.c:83:9: branch_false: ...to here
openssh-10.0p1/readpass.c:83:9: danger: ‘p[1]’ leaks here
#   81|   		fatal_f("exec(%s): %s", askpass, strerror(errno));
#   82|   	}
#   83|-> 	close(p[1]);
#   84|   
#   85|   	len = 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def452]
openssh-10.0p1/readpass.c:97:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘p[0]’
openssh-10.0p1/readpass.c:62:12: branch_false: following ‘false’ branch (when ‘askpass’ is non-NULL)...
openssh-10.0p1/readpass.c:64:13: branch_false: ...to here
openssh-10.0p1/readpass.c:64:12: branch_false: following ‘false’ branch...
openssh-10.0p1/readpass.c:68:20: branch_false: ...to here
openssh-10.0p1/readpass.c:69:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/readpass.c:74:12: branch_false: ...to here
openssh-10.0p1/readpass.c:74:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/readpass.c:83:9: branch_false: ...to here
openssh-10.0p1/readpass.c:97:9: danger: ‘p[0]’ leaks here
#   95|   	buf[len] = '\0';
#   96|   
#   97|-> 	close(p[0]);
#   98|   	while ((ret = waitpid(pid, &status, 0)) == -1)
#   99|   		if (errno != EINTR)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def453]
openssh-10.0p1/readpass.c:163:31: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 2)’
openssh-10.0p1/readpass.c:146:17: branch_false: following ‘false’ branch...
openssh-10.0p1/readpass.c:148:18: branch_false: ...to here
openssh-10.0p1/readpass.c:148:17: branch_false: following ‘false’ branch...
openssh-10.0p1/readpass.c:154:17: branch_false: ...to here
openssh-10.0p1/readpass.c:155:25: acquire_resource: opened here
openssh-10.0p1/readpass.c:156:20: branch_true: following ‘true’ branch...
openssh-10.0p1/readpass.c:163:31: branch_true: ...to here
openssh-10.0p1/readpass.c:163:31: danger: ‘open("/dev/tty", 2)’ leaks here; was opened at [(5)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/4)
#  161|   			 * optimistically typed before echo is disabled.
#  162|   			 */
#  163|-> 			(void)write(ttyfd, &cr, 1);
#  164|   			close(ttyfd);
#  165|   		} else {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def454]
openssh-10.0p1/readpass.c:164:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 2)’
openssh-10.0p1/readpass.c:146:17: branch_false: following ‘false’ branch...
openssh-10.0p1/readpass.c:148:18: branch_false: ...to here
openssh-10.0p1/readpass.c:148:17: branch_false: following ‘false’ branch...
openssh-10.0p1/readpass.c:154:17: branch_false: ...to here
openssh-10.0p1/readpass.c:155:25: acquire_resource: opened here
openssh-10.0p1/readpass.c:156:20: branch_true: following ‘true’ branch...
openssh-10.0p1/readpass.c:163:31: branch_true: ...to here
openssh-10.0p1/readpass.c:164:25: danger: ‘open("/dev/tty", 2)’ leaks here; was opened at [(5)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/4)
#  162|   			 */
#  163|   			(void)write(ttyfd, &cr, 1);
#  164|-> 			close(ttyfd);
#  165|   		} else {
#  166|   			debug_f("can't open %s: %s", _PATH_TTY,

Error: GCC_ANALYZER_WARNING (CWE-404): [#def455]
openssh-10.0p1/readpass.c:250:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/readpass.c:249:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/readpass.c:250:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/0)
#  248|   
#  249|   	va_start(args, fmt);
#  250|-> 	xvasprintf(&prompt, fmt, args);
#  251|   	va_end(args);
#  252|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def456]
openssh-10.0p1/readpass.c:314:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/readpass.c:308:12: branch_true: following ‘true’ branch...
openssh-10.0p1/readpass.c:313:17: acquire_resource: ‘va_start’ called here
openssh-10.0p1/readpass.c:314:17: danger: missing call to ‘va_end’ to match ‘va_start’ at [(3)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/2)
#  312|   		*/
#  313|   		va_start(args, fmt);
#  314|-> 		xvasprintf(&msg, fmt, args);
#  315|   		va_end(args);
#  316|   		writemsg(msg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def457]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:107:20: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:234:1: enter_function: entry to ‘sk_enroll’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:243:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:247:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:248:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:254:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:257:21: call_function: calling ‘pack_key_ecdsa’ from ‘sk_enroll’
#  105|   	response->key_handle_len = 0;
#  106|   
#  107|-> 	if ((key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) == NULL) {
#  108|   		skdebug(__func__, "EC_KEY_new_by_curve_name");
#  109|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def458]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:111:13: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:234:1: enter_function: entry to ‘sk_enroll’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:243:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:247:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:248:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:254:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:257:21: call_function: calling ‘pack_key_ecdsa’ from ‘sk_enroll’
#  109|   		goto out;
#  110|   	}
#  111|-> 	if (EC_KEY_generate_key(key) != 1) {
#  112|   		skdebug(__func__, "EC_KEY_generate_key");
#  113|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def459]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:115:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:234:1: enter_function: entry to ‘sk_enroll’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:243:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:247:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:248:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:254:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:257:21: call_function: calling ‘pack_key_ecdsa’ from ‘sk_enroll’
#  113|   		goto out;
#  114|   	}
#  115|-> 	EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE);
#  116|   	if ((bio = BIO_new(BIO_s_mem())) == NULL ||
#  117|   	    (g = EC_KEY_get0_group(key)) == NULL ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def460]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:116:20: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:234:1: enter_function: entry to ‘sk_enroll’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:243:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:247:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:248:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:254:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:257:21: call_function: calling ‘pack_key_ecdsa’ from ‘sk_enroll’
#  114|   	}
#  115|   	EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE);
#  116|-> 	if ((bio = BIO_new(BIO_s_mem())) == NULL ||
#  117|   	    (g = EC_KEY_get0_group(key)) == NULL ||
#  118|   	    (q = EC_KEY_get0_public_key(key)) == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def461]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:117:18: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:234:1: enter_function: entry to ‘sk_enroll’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:243:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:247:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:248:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:254:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:257:21: call_function: calling ‘pack_key_ecdsa’ from ‘sk_enroll’
#  115|   	EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE);
#  116|   	if ((bio = BIO_new(BIO_s_mem())) == NULL ||
#  117|-> 	    (g = EC_KEY_get0_group(key)) == NULL ||
#  118|   	    (q = EC_KEY_get0_public_key(key)) == NULL) {
#  119|   		skdebug(__func__, "couldn't get key parameters");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def462]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:118:18: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:234:1: enter_function: entry to ‘sk_enroll’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:243:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:247:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:248:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:254:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:257:21: call_function: calling ‘pack_key_ecdsa’ from ‘sk_enroll’
#  116|   	if ((bio = BIO_new(BIO_s_mem())) == NULL ||
#  117|   	    (g = EC_KEY_get0_group(key)) == NULL ||
#  118|-> 	    (q = EC_KEY_get0_public_key(key)) == NULL) {
#  119|   		skdebug(__func__, "couldn't get key parameters");
#  120|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def463]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:122:36: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:234:1: enter_function: entry to ‘sk_enroll’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:243:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:247:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:248:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:254:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:257:21: call_function: calling ‘pack_key_ecdsa’ from ‘sk_enroll’
#  120|   		goto out;
#  121|   	}
#  122|-> 	response->public_key_len = EC_POINT_point2oct(g, q,
#  123|   	    POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
#  124|   	if (response->public_key_len == 0 || response->public_key_len > 2048) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def464]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:192:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:234:1: enter_function: entry to ‘sk_enroll’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:243:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:247:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:248:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:254:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:261:21: call_function: calling ‘pack_key_ed25519’ from ‘sk_enroll’
#  190|   	memset(pk, 0, sizeof(pk));
#  191|   	memset(sk, 0, sizeof(sk));
#  192|-> 	crypto_sign_ed25519_keypair(pk, sk);
#  193|   
#  194|   	response->public_key_len = sizeof(pk);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def465]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:255:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:243:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:247:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:248:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:254:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:255:9: danger: ‘response’ leaks here; was allocated at [(5)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/4)
#  253|   	}
#  254|   	response->flags = flags;
#  255|-> 	switch(alg) {
#  256|   	case SSH_SK_ECDSA:
#  257|   		if (pack_key_ecdsa(response) != 0)

Error: GCC_ANALYZER_WARNING (CWE-415): [#def466]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:280:17: warning[-Wanalyzer-double-free]: double-‘free’ of ‘*response.public_key’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:234:1: enter_function: entry to ‘sk_enroll’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:243:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:247:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:248:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:250:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:254:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:261:21: call_function: calling ‘pack_key_ed25519’ from ‘sk_enroll’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:261:21: return_function: returning to ‘sk_enroll’ from ‘pack_key_ed25519’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:261:20: branch_true: following ‘true’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:262:25: branch_true: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:280:17: danger: second ‘free’ here; first ‘free’ was at [(18)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/17)
#  278|    out:
#  279|   	if (response != NULL) {
#  280|-> 		free(response->public_key);
#  281|   		free(response->key_handle);
#  282|   		free(response->signature);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def467]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:326:20: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:482:1: enter_function: entry to ‘sk_sign’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:492:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:496:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:497:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:503:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:510:21: call_function: calling ‘sig_ecdsa’ from ‘sk_sign’
#  324|   
#  325|   	/* Decode EC_KEY from key handle */
#  326|-> 	if ((bio = BIO_new(BIO_s_mem())) == NULL ||
#  327|   	    BIO_write(bio, key_handle, key_handle_len) != (int)key_handle_len) {
#  328|   		skdebug(__func__, "BIO setup failed");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def468]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:327:13: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:482:1: enter_function: entry to ‘sk_sign’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:492:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:496:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:497:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:503:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:510:21: call_function: calling ‘sig_ecdsa’ from ‘sk_sign’
#  325|   	/* Decode EC_KEY from key handle */
#  326|   	if ((bio = BIO_new(BIO_s_mem())) == NULL ||
#  327|-> 	    BIO_write(bio, key_handle, key_handle_len) != (int)key_handle_len) {
#  328|   		skdebug(__func__, "BIO setup failed");
#  329|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def469]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:331:19: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:482:1: enter_function: entry to ‘sk_sign’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:492:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:496:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:497:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:503:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:510:21: call_function: calling ‘sig_ecdsa’ from ‘sk_sign’
#  329|   		goto out;
#  330|   	}
#  331|-> 	if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, "")) == NULL) {
#  332|   		skdebug(__func__, "PEM_read_bio_PrivateKey failed");
#  333|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def470]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:336:17: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:482:1: enter_function: entry to ‘sk_sign’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:492:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:496:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:497:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:503:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:510:21: call_function: calling ‘sig_ecdsa’ from ‘sk_sign’
#  334|   	}
#  335|   	if (EVP_PKEY_base_id(pk) != EVP_PKEY_EC) {
#  336|-> 		skdebug(__func__, "Not an EC key: %d", EVP_PKEY_base_id(pk));
#  337|   		goto out;
#  338|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def471]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:339:19: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:482:1: enter_function: entry to ‘sk_sign’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:492:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:496:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:497:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:503:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:510:21: call_function: calling ‘sig_ecdsa’ from ‘sk_sign’
#  337|   		goto out;
#  338|   	}
#  339|-> 	if ((ec = EVP_PKEY_get1_EC_KEY(pk)) == NULL) {
#  340|   		skdebug(__func__, "EVP_PKEY_get1_EC_KEY failed");
#  341|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def472]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:350:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:482:1: enter_function: entry to ‘sk_sign’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:492:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:496:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:497:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:503:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:510:21: call_function: calling ‘sig_ecdsa’ from ‘sk_sign’
#  348|   	/* Prepare data to be signed */
#  349|   	dump("message", message, message_len);
#  350|-> 	SHA256Init(&ctx);
#  351|   	SHA256Update(&ctx, (const u_char *)application, strlen(application));
#  352|   	SHA256Final(apphash, &ctx);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def473]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:429:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:482:1: enter_function: entry to ‘sk_sign’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:492:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:496:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:497:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:503:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:516:21: call_function: calling ‘sig_ed25519’ from ‘sk_sign’
#  427|   	/* Prepare data to be signed */
#  428|   	dump("message", message, message_len);
#  429|-> 	SHA256Init(&ctx);
#  430|   	SHA256Update(&ctx, (const u_char *)application, strlen(application));
#  431|   	SHA256Final(apphash, &ctx);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def474]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:430:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:482:1: enter_function: entry to ‘sk_sign’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:492:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:496:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:497:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:503:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:516:21: call_function: calling ‘sig_ed25519’ from ‘sk_sign’
#  428|   	dump("message", message, message_len);
#  429|   	SHA256Init(&ctx);
#  430|-> 	SHA256Update(&ctx, (const u_char *)application, strlen(application));
#  431|   	SHA256Final(apphash, &ctx);
#  432|   	dump("apphash", apphash, sizeof(apphash));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def475]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:431:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:482:1: enter_function: entry to ‘sk_sign’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:492:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:496:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:497:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:503:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:516:21: call_function: calling ‘sig_ed25519’ from ‘sk_sign’
#  429|   	SHA256Init(&ctx);
#  430|   	SHA256Update(&ctx, (const u_char *)application, strlen(application));
#  431|-> 	SHA256Final(apphash, &ctx);
#  432|   	dump("apphash", apphash, sizeof(apphash));
#  433|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def476]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:451:13: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:482:1: enter_function: entry to ‘sk_sign’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:492:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:496:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:497:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:503:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:516:21: call_function: calling ‘sig_ed25519’ from ‘sk_sign’
#  449|   	/* create and encode signature */
#  450|   	smlen = sizeof(signbuf);
#  451|-> 	if (crypto_sign_ed25519(sig, &smlen, signbuf, sizeof(signbuf),
#  452|   	    key_handle) != 0) {
#  453|   		skdebug(__func__, "crypto_sign_ed25519 failed");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def477]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:503:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:492:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:496:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:497:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:503:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:503:9: danger: ‘response’ leaks here; was allocated at [(5)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/4)
#  501|   		goto out;
#  502|   	}
#  503|-> 	SHA256Init(&ctx);
#  504|   	SHA256Update(&ctx, data, datalen);
#  505|   	SHA256Final(message, &ctx);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def478]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:504:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:492:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:496:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:497:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:503:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:504:9: danger: ‘response’ leaks here; was allocated at [(5)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/4)
#  502|   	}
#  503|   	SHA256Init(&ctx);
#  504|-> 	SHA256Update(&ctx, data, datalen);
#  505|   	SHA256Final(message, &ctx);
#  506|   	response->flags = flags;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def479]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:505:9: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:492:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:496:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:497:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:503:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:505:9: danger: ‘response’ leaks here; was allocated at [(5)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/4)
#  503|   	SHA256Init(&ctx);
#  504|   	SHA256Update(&ctx, data, datalen);
#  505|-> 	SHA256Final(message, &ctx);
#  506|   	response->flags = flags;
#  507|   	response->counter = 0x12345678;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def480]
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:523:24: warning[-Wanalyzer-malloc-leak]: leak of ‘response’
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:492:12: branch_false: following ‘false’ branch (when ‘sign_response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:496:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:497:12: branch_false: following ‘false’ branch...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:25: acquire_memory: allocated here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:499:12: branch_false: following ‘false’ branch (when ‘response’ is non-NULL)...
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:503:9: branch_false: ...to here
openssh-10.0p1/regress/misc/sk-dummy/sk-dummy.c:523:24: danger: ‘response’ leaks here; was allocated at [(5)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/4)
#  521|   	default:
#  522|   		skdebug(__func__, "unsupported key type %d", alg);
#  523|-> 		return -1;
#  524|   	}
#  525|   	*sign_response = response;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def481]
openssh-10.0p1/scp.c:1004:21: warning[-Wanalyzer-malloc-leak]: leak of ‘active’
openssh-10.0p1/scp.c:1675:1: enter_function: entry to ‘sink’
openssh-10.0p1/scp.c:1703:12: branch_false: following ‘false’ branch (when ‘argc == 1’)...
openssh-10.0p1/scp.c:1707:9: branch_false: ...to here
openssh-10.0p1/scp.c:1708:12: branch_false: following ‘false’ branch...
openssh-10.0p1/scp.c:1711:9: branch_false: ...to here
openssh-10.0p1/scp.c:1714:12: branch_true: following ‘true’ branch...
openssh-10.0p1/scp.c:1719:21: call_function: calling ‘brace_expand’ from ‘sink’
# 1002|   		else
# 1003|   			cp2 = cp;
# 1004|-> 		if (append(xstrdup(cp2), &done, &ndone) != 0) {
# 1005|   			free(cp);
# 1006|   			goto fail;

Error: COMPILER_WARNING: [#def482]
openssh-10.0p1/scp.c: scope_hint: In function ‘rsource’
openssh-10.0p1/scp.c:1556:56: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 2 and 4095
# 1556 |                 (void) snprintf(path, sizeof path, "%s/%s", name, dp->d_name);
#      |                                                        ^~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 2 and 4350 bytes into a destination of size 4096
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
# 1554|   			continue;
# 1555|   		}
# 1556|-> 		(void) snprintf(path, sizeof path, "%s/%s", name, dp->d_name);
# 1557|   		vect[0] = path;
# 1558|   		source(1, vect);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def483]
openssh-10.0p1/scp.c:2162:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/scp.c:2150:12: branch_false: following ‘false’ branch...
openssh-10.0p1/scp.c:2160:12: branch_true: following ‘true’ branch...
openssh-10.0p1/scp.c:2161:17: branch_true: ...to here
openssh-10.0p1/scp.c:2161:17: acquire_resource: ‘va_start’ called here
openssh-10.0p1/scp.c:2162:17: danger: missing call to ‘va_end’ to match ‘va_start’ at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
# 2160|   	if (!iamremote) {
# 2161|   		va_start(ap, fmt);
# 2162|-> 		vfmprintf(stderr, fmt, ap);
# 2163|   		va_end(ap);
# 2164|   		fprintf(stderr, "\n");

Error: GCC_ANALYZER_WARNING (CWE-404): [#def484]
openssh-10.0p1/scp.c:2195:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/scp.c:2180:12: branch_false: following ‘false’ branch (when ‘fmt’ is non-NULL)...
openssh-10.0p1/scp.c:2189:9: branch_false: ...to here
openssh-10.0p1/scp.c:2191:12: branch_false: following ‘false’ branch...
openssh-10.0p1/scp.c:2194:9: branch_false: ...to here
openssh-10.0p1/scp.c:2194:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/scp.c:2195:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
# 2193|   
# 2194|   	va_start(ap, fmt);
# 2195|-> 	vasnmprintf(&emsg, INT_MAX, NULL, fmt, ap);
# 2196|   	va_end(ap);
# 2197|   	return -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def485]
openssh-10.0p1/sftp-glob.c:155:24: warning[-Wanalyzer-malloc-leak]: leak of ‘s’
openssh-10.0p1/sftp-glob.c:137:1: enter_function: entry to ‘sftp_glob’
openssh-10.0p1/sftp-glob.c:154:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp-glob.c:167:13: branch_false: ...to here
openssh-10.0p1/sftp-glob.c:167:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sftp-glob.c:168:13: branch_true: ...to here
openssh-10.0p1/sftp-glob.c:167:13: branch_true: following ‘true’ branch...
openssh-10.0p1/sftp-glob.c:168:38: branch_true: ...to here
openssh-10.0p1/sftp-glob.c:167:13: branch_true: following ‘true’ branch...
openssh-10.0p1/sftp-glob.c:169:13: branch_true: ...to here
openssh-10.0p1/sftp-glob.c:167:13: branch_true: following ‘true’ branch...
openssh-10.0p1/sftp-glob.c:169:42: branch_true: ...to here
openssh-10.0p1/sftp-glob.c:167:13: branch_true: following ‘true’ branch (when ‘s’ is non-NULL)...
openssh-10.0p1/sftp-glob.c:170:18: branch_true: ...to here
openssh-10.0p1/sftp-glob.c:167:13: branch_true: following ‘true’ branch (when ‘l != 0’)...
openssh-10.0p1/sftp-glob.c:170:38: branch_true: ...to here
openssh-10.0p1/sftp-glob.c:167:13: branch_true: following ‘true’ branch...
openssh-10.0p1/sftp-glob.c:171:21: branch_true: ...to here
openssh-10.0p1/sftp-glob.c:171:21: call_function: calling ‘fudge_stat’ from ‘sftp_glob’
openssh-10.0p1/sftp-glob.c:171:21: return_function: returning to ‘sftp_glob’ from ‘fudge_stat’
openssh-10.0p1/sftp-glob.c:171:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sftp-glob.c:173:28: branch_true: following ‘true’ branch (when ‘s’ is non-NULL)...
openssh-10.0p1/sftp-glob.c:174:40: branch_true: ...to here
openssh-10.0p1/sftp-glob.c:155:24: danger: ‘s’ leaks here; was allocated at [(25)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/24)
#  153|   
#  154|   	if ((r = glob(pattern, flags | GLOB_ALTDIRFUNC, errfunc, pglob)) != 0)
#  155|-> 		return r;
#  156|   	/*
#  157|   	 * When both GLOB_NOCHECK and GLOB_MARK are active, a single gl_pathv

Error: CPPCHECK_WARNING (CWE-401): [#def486]
openssh-10.0p1/sftp-glob.c:173: error[memleakOnRealloc]: Common realloc mistake: 's' nulled but not freed upon failure
#  171|   		if (fudge_stat(s, &sb) == 0 && S_ISDIR(sb.st_mode)) {
#  172|   			/* NOCHECK on a directory; annotate */
#  173|-> 			if ((s = realloc(s, l + 2)) != NULL) {
#  174|   				memcpy(s + l, "/", 2);
#  175|   				pglob->gl_pathv[0] = s;

Error: CPPCHECK_WARNING (CWE-401): [#def487]
openssh-10.0p1/sftp-server.c:833: error[memleakOnRealloc]: Common realloc mistake: 'buf' nulled but not freed upon failure
#  831|   	if (len > buflen) {
#  832|   		debug3_f("allocate %zu => %u", buflen, len);
#  833|-> 		if ((buf = realloc(buf, len)) == NULL)
#  834|   			fatal_f("realloc failed");
#  835|   		buflen = len;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def488]
openssh-10.0p1/sftp.c:1497:27: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
openssh-10.0p1/sftp.c:2208:1: enter_function: entry to ‘interactive_loop’
openssh-10.0p1/sftp.c:2252:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2254:20: branch_false: ...to here
openssh-10.0p1/sftp.c:2256:12: branch_false: following ‘false’ branch (when ‘file1’ is NULL)...
openssh-10.0p1/sftp.c:2289:9: branch_false: ...to here
openssh-10.0p1/sftp.c:2300:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2305:20: branch_false: ...to here
openssh-10.0p1/sftp.c:2305:20: branch_true: following ‘true’ branch (when ‘el’ is NULL)...
openssh-10.0p1/sftp.c:2306:28: branch_true: ...to here
openssh-10.0p1/sftp.c:2343:23: call_function: calling ‘parse_dispatch_command’ from ‘interactive_loop’
#argument 1 of ‘__builtin_strlen’ must be non-null
# 1495|   	case I_LLS:
# 1496|   		/* Skip ls command and following whitespace */
# 1497|-> 		cp = cp + strlen(cmd) + strspn(cp, WHITESPACE);
# 1498|   	case I_SHELL:
# 1499|   		/* Uses the rest of the line */

Error: GCC_ANALYZER_WARNING (CWE-476): [#def489]
openssh-10.0p1/sftp.c:2168:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openssh-10.0p1/sftp.c:2137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2141:18: branch_false: ...to here
openssh-10.0p1/sftp.c:2162:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2166:19: branch_false: ...to here
openssh-10.0p1/sftp.c:2166:19: branch_true: following ‘true’ branch...
openssh-10.0p1/sftp.c:2168:21: danger: dereference of NULL ‘makeargv(xmalloc((long unsigned int)(len + 1)), &argc, 1, 0, 0)’
# 2166|   	} else if (carg == 1 && cursor > 0 && line[cursor - 1] != ' ')  {
# 2167|   		/* Handle the command parsing */
# 2168|-> 		if (complete_cmd_parse(el, argv[0], argc == carg,
# 2169|   		    quote, terminated) != 0)
# 2170|   			ret = CC_REDISPLAY;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def490]
openssh-10.0p1/sftp.c:2193:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openssh-10.0p1/sftp.c:2137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2141:18: branch_false: ...to here
openssh-10.0p1/sftp.c:2162:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2166:19: branch_false: ...to here
openssh-10.0p1/sftp.c:2171:19: branch_true: following ‘true’ branch...
openssh-10.0p1/sftp.c:2177:20: branch_true: ...to here
openssh-10.0p1/sftp.c:2180:29: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2190:26: branch_false: ...to here
openssh-10.0p1/sftp.c:2193:26: danger: dereference of NULL ‘makeargv(xmalloc((long unsigned int)(len + 1)), &argc, 1, 0, 0)’
# 2191|   			cmdarg++;
# 2192|   
# 2193|-> 		remote = complete_is_remote(argv[0], cmdarg);
# 2194|   
# 2195|   		if ((remote == REMOTE || remote == LOCAL) &&

Error: GCC_ANALYZER_WARNING (CWE-775): [#def491]
openssh-10.0p1/sftp.c:2387:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(c_out, 0)’
openssh-10.0p1/sftp.c:2378:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2380:22: branch_false: ...to here
openssh-10.0p1/sftp.c:2384:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2386:18: branch_false: ...to here
openssh-10.0p1/sftp.c:2386:17: branch_true: following ‘true’ branch...
openssh-10.0p1/sftp.c:2387:22: branch_true: ...to here
openssh-10.0p1/sftp.c:2387:22: acquire_resource: opened here
openssh-10.0p1/sftp.c:2387:20: danger: ‘dup2(c_out, 0)’ leaks here; was opened at [(7)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/6)
# 2385|   		fatal("fork: %s", strerror(errno));
# 2386|   	else if (sshpid == 0) {
# 2387|-> 		if ((dup2(c_in, STDIN_FILENO) == -1) ||
# 2388|   		    (dup2(c_out, STDOUT_FILENO) == -1)) {
# 2389|   			fprintf(stderr, "dup2: %s\n", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def492]
openssh-10.0p1/sftp.c:2387:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(c_out, 1)’
openssh-10.0p1/sftp.c:2378:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2380:22: branch_false: ...to here
openssh-10.0p1/sftp.c:2384:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2386:18: branch_false: ...to here
openssh-10.0p1/sftp.c:2386:17: branch_true: following ‘true’ branch...
openssh-10.0p1/sftp.c:2387:22: branch_true: ...to here
openssh-10.0p1/sftp.c:2387:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2388:22: branch_false: ...to here
openssh-10.0p1/sftp.c:2388:22: acquire_resource: opened here
openssh-10.0p1/sftp.c:2387:21: danger: ‘dup2(c_out, 1)’ leaks here; was opened at [(9)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/8)
# 2385|   		fatal("fork: %s", strerror(errno));
# 2386|   	else if (sshpid == 0) {
# 2387|-> 		if ((dup2(c_in, STDIN_FILENO) == -1) ||
# 2388|   		    (dup2(c_out, STDOUT_FILENO) == -1)) {
# 2389|   			fprintf(stderr, "dup2: %s\n", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def493]
openssh-10.0p1/sftp.c:2393:17: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘in’
openssh-10.0p1/sftp.c:2438:1: enter_function: entry to ‘main’
openssh-10.0p1/sftp.c:2471:16: branch_true: following ‘true’ branch (when ‘ch != -1’)...
openssh-10.0p1/sftp.c:2473:17: branch_true: ...to here
openssh-10.0p1/sftp.c:2471:16: branch_false: following ‘false’ branch (when ‘ch == -1’)...
openssh-10.0p1/sftp.c:2601:9: branch_false: ...to here
openssh-10.0p1/sftp.c:2603:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2606:12: branch_false: ...to here
openssh-10.0p1/sftp.c:2611:12: branch_false: following ‘false’ branch (when ‘sftp_direct’ is non-NULL)...
openssh-10.0p1/sftp.c:2663:26: branch_false: ...to here
openssh-10.0p1/sftp.c:2663:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2665:21: branch_false: ...to here
openssh-10.0p1/sftp.c:2665:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2667:17: branch_false: ...to here
openssh-10.0p1/sftp.c:2667:17: call_function: calling ‘connect_to_server’ from ‘main’
# 2391|   		}
# 2392|   		close(*in);
# 2393|-> 		close(*out);
# 2394|   		close(c_in);
# 2395|   		close(c_out);

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def494]
openssh-10.0p1/sftp.c:2395:17: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘c_out’
openssh-10.0p1/sftp.c:2378:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2380:22: branch_false: ...to here
openssh-10.0p1/sftp.c:2384:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2386:18: branch_false: ...to here
openssh-10.0p1/sftp.c:2386:17: branch_true: following ‘true’ branch...
openssh-10.0p1/sftp.c:2387:22: branch_true: ...to here
openssh-10.0p1/sftp.c:2387:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2388:22: branch_false: ...to here
openssh-10.0p1/sftp.c:2387:21: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2392:17: branch_false: ...to here
openssh-10.0p1/sftp.c:2394:17: release_resource: first ‘close’ here
openssh-10.0p1/sftp.c:2395:17: danger: second ‘close’ here; first ‘close’ was at [(11)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/10)
# 2393|   		close(*out);
# 2394|   		close(c_in);
# 2395|-> 		close(c_out);
# 2396|   
# 2397|   		/*

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def495]
openssh-10.0p1/sftp.c:2419:9: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘c_out’
openssh-10.0p1/sftp.c:2378:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2380:22: branch_false: ...to here
openssh-10.0p1/sftp.c:2384:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2386:18: branch_false: ...to here
openssh-10.0p1/sftp.c:2386:17: branch_false: following ‘false’ branch...
openssh-10.0p1/sftp.c:2411:9: branch_false: ...to here
openssh-10.0p1/sftp.c:2418:9: release_resource: first ‘close’ here
openssh-10.0p1/sftp.c:2419:9: danger: second ‘close’ here; first ‘close’ was at [(7)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/6)
# 2417|   	ssh_signal(SIGCHLD, sigchld_handler);
# 2418|   	close(c_in);
# 2419|-> 	close(c_out);
# 2420|   }
# 2421|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def496]
openssh-10.0p1/sk-usbhid.c:148:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.0p1/sk-usbhid.c:173:1: enter_function: entry to ‘sk_open’
openssh-10.0p1/sk-usbhid.c:178:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:182:19: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:182:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:186:25: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:186:25: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:186:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sk-usbhid.c:191:24: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:191:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sk-usbhid.c:192:17: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:192:17: call_function: calling ‘skdebug’ from ‘sk_open’
#  146|   
#  147|   	va_start(ap, fmt);
#  148|-> 	xvasprintf(&msg, fmt, ap);
#  149|   	va_end(ap);
#  150|   	debug("%s: %s", func, msg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def497]
openssh-10.0p1/sk-usbhid.c:148:9: warning[-Wanalyzer-malloc-leak]: leak of ‘device’
openssh-10.0p1/sk-usbhid.c:834:1: enter_function: entry to ‘ssh_sk_enroll’
openssh-10.0p1/sk-usbhid.c:852:12: branch_false: following ‘false’ branch (when ‘enroll_response’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:856:9: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:858:13: call_function: calling ‘check_enroll_options’ from ‘ssh_sk_enroll’
#  146|   
#  147|   	va_start(ap, fmt);
#  148|-> 	xvasprintf(&msg, fmt, ap);
#  149|   	va_end(ap);
#  150|   	debug("%s: %s", func, msg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def498]
openssh-10.0p1/sk-usbhid.c:148:9: warning[-Wanalyzer-malloc-leak]: leak of ‘skv’
openssh-10.0p1/sk-usbhid.c:221:1: enter_function: entry to ‘sk_openv’
openssh-10.0p1/sk-usbhid.c:228:20: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:228:12: branch_false: following ‘false’ branch (when ‘skv’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:232:21: branch_true: following ‘true’ branch (when ‘i < ndevs’)...
openssh-10.0p1/sk-usbhid.c:233:27: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:233:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sk-usbhid.c:234:25: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:234:25: call_function: calling ‘skdebug’ from ‘sk_openv’
#  146|   
#  147|   	va_start(ap, fmt);
#  148|-> 	xvasprintf(&msg, fmt, ap);
#  149|   	va_end(ap);
#  150|   	debug("%s: %s", func, msg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def499]
openssh-10.0p1/sk-usbhid.c:148:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sk’
openssh-10.0p1/sk-usbhid.c:173:1: enter_function: entry to ‘sk_open’
openssh-10.0p1/sk-usbhid.c:178:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:182:19: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:182:19: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:182:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:186:25: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:186:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sk-usbhid.c:187:17: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:187:17: call_function: calling ‘skdebug’ from ‘sk_open’
#  146|   
#  147|   	va_start(ap, fmt);
#  148|-> 	xvasprintf(&msg, fmt, ap);
#  149|   	va_end(ap);
#  150|   	debug("%s: %s", func, msg);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def500]
openssh-10.0p1/sk-usbhid.c:148:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/sk-usbhid.c:147:9: acquire_resource: ‘va_start’ called here
openssh-10.0p1/sk-usbhid.c:148:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  146|   
#  147|   	va_start(ap, fmt);
#  148|-> 	xvasprintf(&msg, fmt, ap);
#  149|   	va_end(ap);
#  150|   	debug("%s: %s", func, msg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def501]
openssh-10.0p1/sk-usbhid.c:150:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.0p1/sk-usbhid.c:173:1: enter_function: entry to ‘sk_open’
openssh-10.0p1/sk-usbhid.c:178:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:182:19: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:182:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:186:25: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:186:25: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:186:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sk-usbhid.c:191:24: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:191:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sk-usbhid.c:192:17: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:192:17: call_function: calling ‘skdebug’ from ‘sk_open’
#  148|   	xvasprintf(&msg, fmt, ap);
#  149|   	va_end(ap);
#  150|-> 	debug("%s: %s", func, msg);
#  151|   	free(msg);
#  152|   #elif defined(SK_DEBUG)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def502]
openssh-10.0p1/sk-usbhid.c:150:9: warning[-Wanalyzer-malloc-leak]: leak of ‘skv’
openssh-10.0p1/sk-usbhid.c:221:1: enter_function: entry to ‘sk_openv’
openssh-10.0p1/sk-usbhid.c:228:20: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:228:12: branch_false: following ‘false’ branch (when ‘skv’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:232:21: branch_true: following ‘true’ branch (when ‘i < ndevs’)...
openssh-10.0p1/sk-usbhid.c:233:27: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:233:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sk-usbhid.c:234:25: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:234:25: call_function: calling ‘skdebug’ from ‘sk_openv’
#  148|   	xvasprintf(&msg, fmt, ap);
#  149|   	va_end(ap);
#  150|-> 	debug("%s: %s", func, msg);
#  151|   	free(msg);
#  152|   #elif defined(SK_DEBUG)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def503]
openssh-10.0p1/sk-usbhid.c:150:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sk’
openssh-10.0p1/sk-usbhid.c:173:1: enter_function: entry to ‘sk_open’
openssh-10.0p1/sk-usbhid.c:178:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:182:19: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:182:19: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:182:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:186:25: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:186:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sk-usbhid.c:187:17: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:187:17: call_function: calling ‘skdebug’ from ‘sk_open’
#  148|   	xvasprintf(&msg, fmt, ap);
#  149|   	va_end(ap);
#  150|-> 	debug("%s: %s", func, msg);
#  151|   	free(msg);
#  152|   #elif defined(SK_DEBUG)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def504]
openssh-10.0p1/sk-usbhid.c:191:24: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.0p1/sk-usbhid.c:178:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:182:19: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:182:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:186:25: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:186:25: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:186:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sk-usbhid.c:191:24: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:191:24: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/4)
#  189|   		return NULL;
#  190|   	}
#  191|-> 	if ((sk->dev = fido_dev_new()) == NULL) {
#  192|   		skdebug(__func__, "fido_dev_new failed");
#  193|   		free(sk->path);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def505]
openssh-10.0p1/sk-usbhid.c:191:24: warning[-Wanalyzer-malloc-leak]: leak of ‘skv’
openssh-10.0p1/sk-usbhid.c:221:1: enter_function: entry to ‘sk_openv’
openssh-10.0p1/sk-usbhid.c:228:20: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:228:12: branch_false: following ‘false’ branch (when ‘skv’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:232:21: branch_true: following ‘true’ branch (when ‘i < ndevs’)...
openssh-10.0p1/sk-usbhid.c:233:27: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:233:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sk-usbhid.c:235:41: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:235:41: call_function: calling ‘sk_open’ from ‘sk_openv’
#  189|   		return NULL;
#  190|   	}
#  191|-> 	if ((sk->dev = fido_dev_new()) == NULL) {
#  192|   		skdebug(__func__, "fido_dev_new failed");
#  193|   		free(sk->path);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def506]
openssh-10.0p1/sk-usbhid.c:191:24: warning[-Wanalyzer-malloc-leak]: leak of ‘sk’
openssh-10.0p1/sk-usbhid.c:178:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:182:19: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:182:19: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:182:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:186:25: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:186:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sk-usbhid.c:191:24: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:191:24: danger: ‘sk’ leaks here; was allocated at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2)
#  189|   		return NULL;
#  190|   	}
#  191|-> 	if ((sk->dev = fido_dev_new()) == NULL) {
#  192|   		skdebug(__func__, "fido_dev_new failed");
#  193|   		free(sk->path);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def507]
openssh-10.0p1/sk-usbhid.c:197:18: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.0p1/sk-usbhid.c:178:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:182:19: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:182:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:186:25: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:186:25: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:186:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sk-usbhid.c:191:24: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:191:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sk-usbhid.c:197:41: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:197:18: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/4)
#  195|   		return NULL;
#  196|   	}
#  197|-> 	if ((r = fido_dev_open(sk->dev, sk->path)) != FIDO_OK) {
#  198|   		skdebug(__func__, "fido_dev_open %s failed: %s", sk->path,
#  199|   		    fido_strerr(r));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def508]
openssh-10.0p1/sk-usbhid.c:197:18: warning[-Wanalyzer-malloc-leak]: leak of ‘skv’
openssh-10.0p1/sk-usbhid.c:221:1: enter_function: entry to ‘sk_openv’
openssh-10.0p1/sk-usbhid.c:228:20: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:228:12: branch_false: following ‘false’ branch (when ‘skv’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:232:21: branch_true: following ‘true’ branch (when ‘i < ndevs’)...
openssh-10.0p1/sk-usbhid.c:233:27: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:233:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sk-usbhid.c:235:41: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:235:41: call_function: calling ‘sk_open’ from ‘sk_openv’
#  195|   		return NULL;
#  196|   	}
#  197|-> 	if ((r = fido_dev_open(sk->dev, sk->path)) != FIDO_OK) {
#  198|   		skdebug(__func__, "fido_dev_open %s failed: %s", sk->path,
#  199|   		    fido_strerr(r));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def509]
openssh-10.0p1/sk-usbhid.c:197:18: warning[-Wanalyzer-malloc-leak]: leak of ‘sk’
openssh-10.0p1/sk-usbhid.c:178:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:182:19: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:182:19: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:182:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:186:25: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:186:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sk-usbhid.c:191:24: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:191:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sk-usbhid.c:197:41: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:197:18: danger: ‘sk’ leaks here; was allocated at [(3)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/2)
#  195|   		return NULL;
#  196|   	}
#  197|-> 	if ((r = fido_dev_open(sk->dev, sk->path)) != FIDO_OK) {
#  198|   		skdebug(__func__, "fido_dev_open %s failed: %s", sk->path,
#  199|   		    fido_strerr(r));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def510]
openssh-10.0p1/sk-usbhid.c:198:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.0p1/sk-usbhid.c:178:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:182:19: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:182:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:186:25: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:186:25: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:186:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sk-usbhid.c:191:24: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:191:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sk-usbhid.c:197:41: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:197:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sk-usbhid.c:198:17: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:198:17: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/4)
#  196|   	}
#  197|   	if ((r = fido_dev_open(sk->dev, sk->path)) != FIDO_OK) {
#  198|-> 		skdebug(__func__, "fido_dev_open %s failed: %s", sk->path,
#  199|   		    fido_strerr(r));
#  200|   		fido_dev_free(&sk->dev);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def511]
openssh-10.0p1/sk-usbhid.c:198:17: warning[-Wanalyzer-malloc-leak]: leak of ‘sk’
openssh-10.0p1/sk-usbhid.c:178:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:182:19: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:182:19: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:182:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:186:25: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:186:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sk-usbhid.c:191:24: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:191:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sk-usbhid.c:197:41: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:197:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sk-usbhid.c:198:17: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:198:17: danger: ‘sk’ leaks here; was allocated at [(3)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/2)
#  196|   	}
#  197|   	if ((r = fido_dev_open(sk->dev, sk->path)) != FIDO_OK) {
#  198|-> 		skdebug(__func__, "fido_dev_open %s failed: %s", sk->path,
#  199|   		    fido_strerr(r));
#  200|   		fido_dev_free(&sk->dev);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def512]
openssh-10.0p1/sk-usbhid.c:200:17: warning[-Wanalyzer-malloc-leak]: leak of ‘sk’
openssh-10.0p1/sk-usbhid.c:178:12: branch_false: following ‘false’ branch (when ‘path’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:182:19: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:182:19: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:182:12: branch_false: following ‘false’ branch (when ‘sk’ is non-NULL)...
openssh-10.0p1/sk-usbhid.c:186:25: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:186:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sk-usbhid.c:191:24: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:191:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sk-usbhid.c:197:41: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:197:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sk-usbhid.c:198:17: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:200:17: danger: ‘sk’ leaks here; was allocated at [(3)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/2)
#  198|   		skdebug(__func__, "fido_dev_open %s failed: %s", sk->path,
#  199|   		    fido_strerr(r));
#  200|-> 		fido_dev_free(&sk->dev);
#  201|   		free(sk->path);
#  202|   		free(sk);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def513]
openssh-10.0p1/sk-usbhid.c:213:9: warning[-Wanalyzer-malloc-leak]: leak of ‘skv’
openssh-10.0p1/sk-usbhid.c:221:1: enter_function: entry to ‘sk_openv’
openssh-10.0p1/sk-usbhid.c:228:20: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:228:12: branch_false: following ‘false’ branch (when ‘skv’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:233:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sk-usbhid.c:234:25: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:240:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:241:29: branch_true: following ‘true’ branch (when ‘i < ndevs’)...
openssh-10.0p1/sk-usbhid.c:242:37: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:242:25: call_function: inlined call to ‘sk_close’ from ‘sk_openv’
 branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:242:25: call_function: inlined call to ‘sk_close’ from ‘sk_openv’
#  211|   	if (sk == NULL)
#  212|   		return;
#  213|-> 	fido_dev_cancel(sk->dev); /* cancel any pending operation */
#  214|   	fido_dev_close(sk->dev);
#  215|   	fido_dev_free(&sk->dev);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def514]
openssh-10.0p1/sk-usbhid.c:214:9: warning[-Wanalyzer-malloc-leak]: leak of ‘skv’
openssh-10.0p1/sk-usbhid.c:221:1: enter_function: entry to ‘sk_openv’
openssh-10.0p1/sk-usbhid.c:228:20: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:228:12: branch_false: following ‘false’ branch (when ‘skv’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:233:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sk-usbhid.c:234:25: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:240:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:241:29: branch_true: following ‘true’ branch (when ‘i < ndevs’)...
openssh-10.0p1/sk-usbhid.c:242:37: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:242:25: call_function: inlined call to ‘sk_close’ from ‘sk_openv’
 branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:242:25: call_function: inlined call to ‘sk_close’ from ‘sk_openv’
#  212|   		return;
#  213|   	fido_dev_cancel(sk->dev); /* cancel any pending operation */
#  214|-> 	fido_dev_close(sk->dev);
#  215|   	fido_dev_free(&sk->dev);
#  216|   	free(sk->path);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def515]
openssh-10.0p1/sk-usbhid.c:215:9: warning[-Wanalyzer-malloc-leak]: leak of ‘skv’
openssh-10.0p1/sk-usbhid.c:221:1: enter_function: entry to ‘sk_openv’
openssh-10.0p1/sk-usbhid.c:228:20: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:228:12: branch_false: following ‘false’ branch (when ‘skv’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:233:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sk-usbhid.c:234:25: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:240:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:241:29: branch_true: following ‘true’ branch (when ‘i < ndevs’)...
openssh-10.0p1/sk-usbhid.c:242:37: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:242:25: call_function: inlined call to ‘sk_close’ from ‘sk_openv’
 branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:242:25: call_function: inlined call to ‘sk_close’ from ‘sk_openv’
#  213|   	fido_dev_cancel(sk->dev); /* cancel any pending operation */
#  214|   	fido_dev_close(sk->dev);
#  215|-> 	fido_dev_free(&sk->dev);
#  216|   	free(sk->path);
#  217|   	free(sk);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def516]
openssh-10.0p1/sk-usbhid.c:233:27: warning[-Wanalyzer-malloc-leak]: leak of ‘skv’
openssh-10.0p1/sk-usbhid.c:228:20: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:228:12: branch_false: following ‘false’ branch (when ‘skv’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:232:21: branch_true: following ‘true’ branch (when ‘i < ndevs’)...
openssh-10.0p1/sk-usbhid.c:233:27: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:233:27: danger: ‘skv’ leaks here; was allocated at [(1)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/0)
#  231|   	}
#  232|   	for (i = 0; i < ndevs; i++) {
#  233|-> 		if ((di = fido_dev_info_ptr(devlist, i)) == NULL)
#  234|   			skdebug(__func__, "fido_dev_info_ptr failed");
#  235|   		else if ((skv[*nopen] = sk_open(fido_dev_info_path(di))) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def517]
openssh-10.0p1/sk-usbhid.c:235:41: warning[-Wanalyzer-malloc-leak]: leak of ‘skv’
openssh-10.0p1/sk-usbhid.c:228:20: acquire_memory: allocated here
openssh-10.0p1/sk-usbhid.c:228:12: branch_false: following ‘false’ branch (when ‘skv’ is non-NULL)...
 branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:232:21: branch_true: following ‘true’ branch (when ‘i < ndevs’)...
openssh-10.0p1/sk-usbhid.c:233:27: branch_true: ...to here
openssh-10.0p1/sk-usbhid.c:233:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sk-usbhid.c:235:41: branch_false: ...to here
openssh-10.0p1/sk-usbhid.c:235:41: danger: ‘skv’ leaks here; was allocated at [(1)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/0)
#  233|   		if ((di = fido_dev_info_ptr(devlist, i)) == NULL)
#  234|   			skdebug(__func__, "fido_dev_info_ptr failed");
#  235|-> 		else if ((skv[*nopen] = sk_open(fido_dev_info_path(di))) == NULL)
#  236|   			skdebug(__func__, "sk_open failed");
#  237|   		else

Error: GCC_ANALYZER_WARNING (CWE-401): [#def518]
openssh-10.0p1/ssh-add.c:271:9: warning[-Wanalyzer-malloc-leak]: leak of ‘pin’
openssh-10.0p1/ssh-add.c:848:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-add.c:903:25: call_function: calling ‘stringlist_append’ from ‘main’
openssh-10.0p1/ssh-add.c:903:25: return_function: returning to ‘main’ from ‘stringlist_append’
openssh-10.0p1/ssh-add.c:889:16: branch_false: following ‘false’ branch (when ‘ch == -1’)...
openssh-10.0p1/ssh-add.c:984:9: branch_false: ...to here
openssh-10.0p1/ssh-add.c:986:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-add.c:988:17: branch_false: ...to here
openssh-10.0p1/ssh-add.c:988:17: branch_false: following ‘false’ branch (when ‘xflag == 0’)...
openssh-10.0p1/ssh-add.c:992:19: branch_false: ...to here
openssh-10.0p1/ssh-add.c:992:19: branch_false: following ‘false’ branch (when ‘lflag == 0’)...
openssh-10.0p1/ssh-add.c:996:19: branch_false: ...to here
openssh-10.0p1/ssh-add.c:996:19: branch_false: following ‘false’ branch (when ‘Dflag == 0’)...
openssh-10.0p1/ssh-add.c:1003:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1023:12: branch_false: following ‘false’ branch (when ‘Tflag == 0’)...
openssh-10.0p1/ssh-add.c:1031:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1031:12: branch_false: following ‘false’ branch (when ‘pkcs11provider’ is NULL)...
openssh-10.0p1/ssh-add.c:1048:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1048:12: branch_false: following ‘false’ branch (when ‘do_download == 0’)...
openssh-10.0p1/ssh-add.c:1056:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1056:12: branch_false: following ‘false’ branch (when ‘argc != 0’)...
 branch_false: ...to here
openssh-10.0p1/ssh-add.c:1084:29: branch_true: following ‘true’ branch (when ‘i < argc’)...
openssh-10.0p1/ssh-add.c:1085:29: branch_true: ...to here
openssh-10.0p1/ssh-add.c:1085:29: call_function: calling ‘do_file’ from ‘main’
#  269|   		/* pin is freed in the update_card() */
#  270|   	}
#  271|-> 	pkcs11_uri_cleanup(uri);
#  272|   
#  273|   	return update_card(agent_fd, adding, pkcs11_uri, qflag, 1, 0,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def519]
openssh-10.0p1/ssh-add.c:305:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(filename, 0)’
openssh-10.0p1/ssh-add.c:848:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-add.c:903:25: call_function: calling ‘stringlist_append’ from ‘main’
openssh-10.0p1/ssh-add.c:903:25: return_function: returning to ‘main’ from ‘stringlist_append’
openssh-10.0p1/ssh-add.c:889:16: branch_false: following ‘false’ branch (when ‘ch == -1’)...
openssh-10.0p1/ssh-add.c:984:9: branch_false: ...to here
openssh-10.0p1/ssh-add.c:986:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-add.c:988:17: branch_false: ...to here
openssh-10.0p1/ssh-add.c:988:17: branch_false: following ‘false’ branch (when ‘xflag == 0’)...
openssh-10.0p1/ssh-add.c:992:19: branch_false: ...to here
openssh-10.0p1/ssh-add.c:992:19: branch_false: following ‘false’ branch (when ‘lflag == 0’)...
openssh-10.0p1/ssh-add.c:996:19: branch_false: ...to here
openssh-10.0p1/ssh-add.c:996:19: branch_false: following ‘false’ branch (when ‘Dflag == 0’)...
openssh-10.0p1/ssh-add.c:1003:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1023:12: branch_false: following ‘false’ branch (when ‘Tflag == 0’)...
openssh-10.0p1/ssh-add.c:1031:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1031:12: branch_false: following ‘false’ branch (when ‘pkcs11provider’ is NULL)...
openssh-10.0p1/ssh-add.c:1048:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1048:12: branch_false: following ‘false’ branch (when ‘do_download == 0’)...
openssh-10.0p1/ssh-add.c:1056:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1056:12: branch_false: following ‘false’ branch (when ‘argc != 0’)...
 branch_false: ...to here
openssh-10.0p1/ssh-add.c:1084:29: branch_true: following ‘true’ branch (when ‘i < argc’)...
openssh-10.0p1/ssh-add.c:1085:29: branch_true: ...to here
openssh-10.0p1/ssh-add.c:1085:29: call_function: calling ‘do_file’ from ‘main’
#  303|   	 * will occur multiple times, so check perms first and bail if wrong.
#  304|   	 */
#  305|-> 	if (fd != STDIN_FILENO) {
#  306|   		if (sshkey_perm_ok(fd, filename) != 0) {
#  307|   			close(fd);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def520]
openssh-10.0p1/ssh-add.c:306:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(filename, 0)’
openssh-10.0p1/ssh-add.c:848:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-add.c:903:25: call_function: calling ‘stringlist_append’ from ‘main’
openssh-10.0p1/ssh-add.c:903:25: return_function: returning to ‘main’ from ‘stringlist_append’
openssh-10.0p1/ssh-add.c:889:16: branch_false: following ‘false’ branch (when ‘ch == -1’)...
openssh-10.0p1/ssh-add.c:984:9: branch_false: ...to here
openssh-10.0p1/ssh-add.c:986:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-add.c:988:17: branch_false: ...to here
openssh-10.0p1/ssh-add.c:988:17: branch_false: following ‘false’ branch (when ‘xflag == 0’)...
openssh-10.0p1/ssh-add.c:992:19: branch_false: ...to here
openssh-10.0p1/ssh-add.c:992:19: branch_false: following ‘false’ branch (when ‘lflag == 0’)...
openssh-10.0p1/ssh-add.c:996:19: branch_false: ...to here
openssh-10.0p1/ssh-add.c:996:19: branch_false: following ‘false’ branch (when ‘Dflag == 0’)...
openssh-10.0p1/ssh-add.c:1003:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1023:12: branch_false: following ‘false’ branch (when ‘Tflag == 0’)...
openssh-10.0p1/ssh-add.c:1031:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1031:12: branch_false: following ‘false’ branch (when ‘pkcs11provider’ is NULL)...
openssh-10.0p1/ssh-add.c:1048:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1048:12: branch_false: following ‘false’ branch (when ‘do_download == 0’)...
openssh-10.0p1/ssh-add.c:1056:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1056:12: branch_false: following ‘false’ branch (when ‘argc != 0’)...
 branch_false: ...to here
openssh-10.0p1/ssh-add.c:1084:29: branch_true: following ‘true’ branch (when ‘i < argc’)...
openssh-10.0p1/ssh-add.c:1085:29: branch_true: ...to here
openssh-10.0p1/ssh-add.c:1085:29: call_function: calling ‘do_file’ from ‘main’
#  304|   	 */
#  305|   	if (fd != STDIN_FILENO) {
#  306|-> 		if (sshkey_perm_ok(fd, filename) != 0) {
#  307|   			close(fd);
#  308|   			return -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def521]
openssh-10.0p1/ssh-add.c:511:18: warning[-Wanalyzer-malloc-leak]: leak of ‘pin’
openssh-10.0p1/ssh-add.c:848:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-add.c:903:25: call_function: calling ‘stringlist_append’ from ‘main’
openssh-10.0p1/ssh-add.c:903:25: return_function: returning to ‘main’ from ‘stringlist_append’
openssh-10.0p1/ssh-add.c:889:16: branch_false: following ‘false’ branch (when ‘ch == -1’)...
openssh-10.0p1/ssh-add.c:984:9: branch_false: ...to here
openssh-10.0p1/ssh-add.c:986:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-add.c:988:17: branch_false: ...to here
openssh-10.0p1/ssh-add.c:988:17: branch_false: following ‘false’ branch (when ‘xflag == 0’)...
openssh-10.0p1/ssh-add.c:992:19: branch_false: ...to here
openssh-10.0p1/ssh-add.c:992:19: branch_false: following ‘false’ branch (when ‘lflag == 0’)...
openssh-10.0p1/ssh-add.c:996:19: branch_false: ...to here
openssh-10.0p1/ssh-add.c:996:19: branch_false: following ‘false’ branch (when ‘Dflag == 0’)...
openssh-10.0p1/ssh-add.c:1003:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1023:12: branch_false: following ‘false’ branch (when ‘Tflag == 0’)...
openssh-10.0p1/ssh-add.c:1031:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1031:12: branch_false: following ‘false’ branch (when ‘pkcs11provider’ is NULL)...
openssh-10.0p1/ssh-add.c:1048:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1048:12: branch_false: following ‘false’ branch (when ‘do_download == 0’)...
openssh-10.0p1/ssh-add.c:1056:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1056:12: branch_false: following ‘false’ branch (when ‘argc != 0’)...
 branch_false: ...to here
openssh-10.0p1/ssh-add.c:1084:29: branch_true: following ‘true’ branch (when ‘i < argc’)...
openssh-10.0p1/ssh-add.c:1085:29: branch_true: ...to here
openssh-10.0p1/ssh-add.c:1085:29: call_function: calling ‘do_file’ from ‘main’
#  509|   	}
#  510|   
#  511|-> 	if ((r = ssh_update_card(agent_fd, add, id, pin == NULL ? "" : pin,
#  512|   	    lifetime, confirm, dest_constraints, ndest_constraints,
#  513|   	    cert_only, certs, ncerts)) == 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def522]
openssh-10.0p1/ssh-add.c:520:17: warning[-Wanalyzer-malloc-leak]: leak of ‘pin’
openssh-10.0p1/ssh-add.c:848:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-add.c:903:25: call_function: calling ‘stringlist_append’ from ‘main’
openssh-10.0p1/ssh-add.c:903:25: return_function: returning to ‘main’ from ‘stringlist_append’
openssh-10.0p1/ssh-add.c:889:16: branch_false: following ‘false’ branch (when ‘ch == -1’)...
openssh-10.0p1/ssh-add.c:984:9: branch_false: ...to here
openssh-10.0p1/ssh-add.c:986:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-add.c:988:17: branch_false: ...to here
openssh-10.0p1/ssh-add.c:988:17: branch_false: following ‘false’ branch (when ‘xflag == 0’)...
openssh-10.0p1/ssh-add.c:992:19: branch_false: ...to here
openssh-10.0p1/ssh-add.c:992:19: branch_false: following ‘false’ branch (when ‘lflag == 0’)...
openssh-10.0p1/ssh-add.c:996:19: branch_false: ...to here
openssh-10.0p1/ssh-add.c:996:19: branch_false: following ‘false’ branch (when ‘Dflag == 0’)...
openssh-10.0p1/ssh-add.c:1003:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1023:12: branch_false: following ‘false’ branch (when ‘Tflag == 0’)...
openssh-10.0p1/ssh-add.c:1031:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1031:12: branch_false: following ‘false’ branch (when ‘pkcs11provider’ is NULL)...
openssh-10.0p1/ssh-add.c:1048:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1048:12: branch_false: following ‘false’ branch (when ‘do_download == 0’)...
openssh-10.0p1/ssh-add.c:1056:12: branch_false: ...to here
openssh-10.0p1/ssh-add.c:1056:12: branch_false: following ‘false’ branch (when ‘argc != 0’)...
 branch_false: ...to here
openssh-10.0p1/ssh-add.c:1084:29: branch_true: following ‘true’ branch (when ‘i < argc’)...
openssh-10.0p1/ssh-add.c:1085:29: branch_true: ...to here
openssh-10.0p1/ssh-add.c:1085:29: call_function: calling ‘do_file’ from ‘main’
#  518|   		}
#  519|   	} else {
#  520|-> 		fprintf(stderr, "Could not %s card \"%s\": %s\n",
#  521|   		    add ? "add" : "remove", id, ssh_err(r));
#  522|   		ret = -1;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def523]
openssh-10.0p1/ssh-agent.c:281:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
openssh-10.0p1/ssh-agent.c:1550:1: enter_function: entry to ‘add_p11_identity’
openssh-10.0p1/ssh-agent.c:1567:32: call_function: calling ‘dup_dest_constraints’ from ‘add_p11_identity’
#  279|   		    &(out->keys[i]))) != 0)
#  280|   			fatal_fr(r, "copy key");
#  281|-> 		out->key_is_ca[i] = dch->key_is_ca[i];
#  282|   	}
#  283|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def524]
openssh-10.0p1/ssh-agent.c:1609:25: warning[-Wanalyzer-malloc-leak]: leak of ‘module_path’
openssh-10.0p1/ssh-agent.c:2094:1: enter_function: entry to ‘after_poll’
openssh-10.0p1/ssh-agent.c:2099:21: branch_true: following ‘true’ branch (when ‘i < npfd’)...
openssh-10.0p1/ssh-agent.c:2100:24: branch_true: ...to here
openssh-10.0p1/ssh-agent.c:2100:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-agent.c:2110:20: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-agent.c:2115:32: branch_false: ...to here
openssh-10.0p1/ssh-agent.c:2128:28: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-agent.c:2129:29: branch_true: ...to here
openssh-10.0p1/ssh-agent.c:2129:29: call_function: calling ‘handle_conn_read’ from ‘after_poll’
# 1607|   	if (module_path != NULL) { /* do not validate default NULL path in URI */
# 1608|   		if (realpath(module_path, canonical_provider) == NULL) {
# 1609|-> 			verbose("failed PKCS#11 provider \"%.100s\": realpath: %s",
# 1610|   			    module_path, strerror(errno));
# 1611|   			free(module_path);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def525]
openssh-10.0p1/ssh-ecdsa-sk.c:178:18: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:234:1: enter_function: entry to ‘ssh_ecdsa_sk_verify’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:291:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:344:28: branch_true: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:344:28: call_function: calling ‘webauthn_check_prepare_hash’ from ‘ssh_ecdsa_sk_verify’
#  176|   	struct sshbuf *chall = NULL, *m = NULL;
#  177|   
#  178|-> 	if ((m = sshbuf_new()) == NULL ||
#  179|   	    (chall = sshbuf_from(data, datalen)) == NULL) {
#  180|   		r = SSH_ERR_ALLOC_FAIL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def526]
openssh-10.0p1/ssh-ecdsa-sk.c:179:22: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:234:1: enter_function: entry to ‘ssh_ecdsa_sk_verify’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:291:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:344:28: branch_true: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:344:28: call_function: calling ‘webauthn_check_prepare_hash’ from ‘ssh_ecdsa_sk_verify’
#  177|   
#  178|   	if ((m = sshbuf_new()) == NULL ||
#  179|-> 	    (chall = sshbuf_from(data, datalen)) == NULL) {
#  180|   		r = SSH_ERR_ALLOC_FAIL;
#  181|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def527]
openssh-10.0p1/ssh-ecdsa-sk.c:189:48: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:234:1: enter_function: entry to ‘ssh_ecdsa_sk_verify’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:291:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:344:28: branch_true: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:344:28: call_function: calling ‘webauthn_check_prepare_hash’ from ‘ssh_ecdsa_sk_verify’
#  187|   	if (strchr(origin, '\"') != NULL ||
#  188|   	    (flags & 0x40) != 0 /* AD */ ||
#  189|-> 	    ((flags & 0x80) == 0 /* ED */) != (sshbuf_len(extensions) == 0)) {
#  190|   		r = SSH_ERR_INVALID_FORMAT;
#  191|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def528]
openssh-10.0p1/ssh-ecdsa-sk.c:203:18: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:234:1: enter_function: entry to ‘ssh_ecdsa_sk_verify’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:291:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:344:28: branch_true: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:344:28: call_function: calling ‘webauthn_check_prepare_hash’ from ‘ssh_ecdsa_sk_verify’
#  201|   #define WEBAUTHN_1	"\",\"origin\":\""
#  202|   #define WEBAUTHN_2	"\""
#  203|-> 	if ((r = sshbuf_put(m, WEBAUTHN_0, sizeof(WEBAUTHN_0) - 1)) != 0 ||
#  204|   	    (r = sshbuf_dtourlb64(chall, m, 0)) != 0 ||
#  205|   	    (r = sshbuf_put(m, WEBAUTHN_1, sizeof(WEBAUTHN_1) - 1)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def529]
openssh-10.0p1/ssh-ecdsa-sk.c:204:18: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:234:1: enter_function: entry to ‘ssh_ecdsa_sk_verify’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:291:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:344:28: branch_true: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:344:28: call_function: calling ‘webauthn_check_prepare_hash’ from ‘ssh_ecdsa_sk_verify’
#  202|   #define WEBAUTHN_2	"\""
#  203|   	if ((r = sshbuf_put(m, WEBAUTHN_0, sizeof(WEBAUTHN_0) - 1)) != 0 ||
#  204|-> 	    (r = sshbuf_dtourlb64(chall, m, 0)) != 0 ||
#  205|   	    (r = sshbuf_put(m, WEBAUTHN_1, sizeof(WEBAUTHN_1) - 1)) != 0 ||
#  206|   	    (r = sshbuf_put(m, origin, strlen(origin))) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def530]
openssh-10.0p1/ssh-ecdsa-sk.c:205:18: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:234:1: enter_function: entry to ‘ssh_ecdsa_sk_verify’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:291:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:344:28: branch_true: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:344:28: call_function: calling ‘webauthn_check_prepare_hash’ from ‘ssh_ecdsa_sk_verify’
#  203|   	if ((r = sshbuf_put(m, WEBAUTHN_0, sizeof(WEBAUTHN_0) - 1)) != 0 ||
#  204|   	    (r = sshbuf_dtourlb64(chall, m, 0)) != 0 ||
#  205|-> 	    (r = sshbuf_put(m, WEBAUTHN_1, sizeof(WEBAUTHN_1) - 1)) != 0 ||
#  206|   	    (r = sshbuf_put(m, origin, strlen(origin))) != 0 ||
#  207|   	    (r = sshbuf_put(m, WEBAUTHN_2, sizeof(WEBAUTHN_2) - 1)) != 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def531]
openssh-10.0p1/ssh-ecdsa-sk.c:206:18: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:234:1: enter_function: entry to ‘ssh_ecdsa_sk_verify’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:291:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:344:28: branch_true: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:344:28: call_function: calling ‘webauthn_check_prepare_hash’ from ‘ssh_ecdsa_sk_verify’
#  204|   	    (r = sshbuf_dtourlb64(chall, m, 0)) != 0 ||
#  205|   	    (r = sshbuf_put(m, WEBAUTHN_1, sizeof(WEBAUTHN_1) - 1)) != 0 ||
#  206|-> 	    (r = sshbuf_put(m, origin, strlen(origin))) != 0 ||
#  207|   	    (r = sshbuf_put(m, WEBAUTHN_2, sizeof(WEBAUTHN_2) - 1)) != 0)
#  208|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def532]
openssh-10.0p1/ssh-ecdsa-sk.c:207:18: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:234:1: enter_function: entry to ‘ssh_ecdsa_sk_verify’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:291:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:344:28: branch_true: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:344:28: call_function: calling ‘webauthn_check_prepare_hash’ from ‘ssh_ecdsa_sk_verify’
#  205|   	    (r = sshbuf_put(m, WEBAUTHN_1, sizeof(WEBAUTHN_1) - 1)) != 0 ||
#  206|   	    (r = sshbuf_put(m, origin, strlen(origin))) != 0 ||
#  207|-> 	    (r = sshbuf_put(m, WEBAUTHN_2, sizeof(WEBAUTHN_2) - 1)) != 0)
#  208|   		goto out;
#  209|   #ifdef DEBUG_SK

Error: GCC_ANALYZER_WARNING (CWE-401): [#def533]
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/8)
#  270|   		goto out;
#  271|   	}
#  272|-> 	if (sshbuf_get_cstring(b, &ktype, NULL) != 0) {
#  273|   		ret = SSH_ERR_INVALID_FORMAT;
#  274|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def534]
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/8)
#  280|   		goto out;
#  281|   	}
#  282|-> 	if (sshbuf_froms(b, &sigbuf) != 0 ||
#  283|   	    sshbuf_get_u8(b, &sig_flags) != 0 ||
#  284|   	    sshbuf_get_u32(b, &sig_counter) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def535]
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/8)
#  281|   	}
#  282|   	if (sshbuf_froms(b, &sigbuf) != 0 ||
#  283|-> 	    sshbuf_get_u8(b, &sig_flags) != 0 ||
#  284|   	    sshbuf_get_u32(b, &sig_counter) != 0) {
#  285|   		ret = SSH_ERR_INVALID_FORMAT;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def536]
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/8)
#  282|   	if (sshbuf_froms(b, &sigbuf) != 0 ||
#  283|   	    sshbuf_get_u8(b, &sig_flags) != 0 ||
#  284|-> 	    sshbuf_get_u32(b, &sig_counter) != 0) {
#  285|   		ret = SSH_ERR_INVALID_FORMAT;
#  286|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def537]
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/8)
#  287|   	}
#  288|   	if (is_webauthn) {
#  289|-> 		if (sshbuf_get_cstring(b, &webauthn_origin, NULL) != 0 ||
#  290|   		    sshbuf_froms(b, &webauthn_wrapper) != 0 ||
#  291|   		    sshbuf_froms(b, &webauthn_exts) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def538]
openssh-10.0p1/ssh-ecdsa-sk.c:290:21: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:290:21: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/8)
#  288|   	if (is_webauthn) {
#  289|   		if (sshbuf_get_cstring(b, &webauthn_origin, NULL) != 0 ||
#  290|-> 		    sshbuf_froms(b, &webauthn_wrapper) != 0 ||
#  291|   		    sshbuf_froms(b, &webauthn_exts) != 0) {
#  292|   			ret = SSH_ERR_INVALID_FORMAT;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def539]
openssh-10.0p1/ssh-ecdsa-sk.c:291:21: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_true: following ‘true’ branch (when ‘is_webauthn != 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_true: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:20: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:290:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:289:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:291:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:291:21: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/8)
#  289|   		if (sshbuf_get_cstring(b, &webauthn_origin, NULL) != 0 ||
#  290|   		    sshbuf_froms(b, &webauthn_wrapper) != 0 ||
#  291|-> 		    sshbuf_froms(b, &webauthn_exts) != 0) {
#  292|   			ret = SSH_ERR_INVALID_FORMAT;
#  293|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def540]
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/8)
#  294|   		}
#  295|   	}
#  296|-> 	if (sshbuf_len(b) != 0) {
#  297|   		ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
#  298|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def541]
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/8)
#  300|   
#  301|   	/* parse signature */
#  302|-> 	if (sshbuf_get_bignum2(sigbuf, &sig_r) != 0 ||
#  303|   	    sshbuf_get_bignum2(sigbuf, &sig_s) != 0) {
#  304|   		ret = SSH_ERR_INVALID_FORMAT;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def542]
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/8)
#  301|   	/* parse signature */
#  302|   	if (sshbuf_get_bignum2(sigbuf, &sig_r) != 0 ||
#  303|-> 	    sshbuf_get_bignum2(sigbuf, &sig_s) != 0) {
#  304|   		ret = SSH_ERR_INVALID_FORMAT;
#  305|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def543]
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/8)
#  305|   		goto out;
#  306|   	}
#  307|-> 	if (sshbuf_len(sigbuf) != 0) {
#  308|   		ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
#  309|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def544]
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/8)
#  326|   	}
#  327|   #endif
#  328|-> 	if ((esig = ECDSA_SIG_new()) == NULL) {
#  329|   		ret = SSH_ERR_ALLOC_FAIL;
#  330|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def545]
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/8)
#  330|   		goto out;
#  331|   	}
#  332|-> 	if (!ECDSA_SIG_set0(esig, sig_r, sig_s)) {
#  333|   		ret = SSH_ERR_LIBCRYPTO_ERROR;
#  334|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def546]
openssh-10.0p1/ssh-ecdsa-sk.c:339:32: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:32: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/8)
#  337|   
#  338|   	/* Reconstruct data that was supposedly signed */
#  339|-> 	if ((original_signed = sshbuf_new()) == NULL) {
#  340|   		ret = SSH_ERR_ALLOC_FAIL;
#  341|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def547]
openssh-10.0p1/ssh-ecdsa-sk.c:348:27: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:348:27: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/8)
#  346|   		    msghash, sizeof(msghash))) != 0)
#  347|   			goto out;
#  348|-> 	} else if ((ret = ssh_digest_memory(SSH_DIGEST_SHA256, data, dlen,
#  349|   	    msghash, sizeof(msghash))) != 0)
#  350|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def548]
openssh-10.0p1/ssh-ecdsa-sk.c:352:20: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:352:20: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/8)
#  350|   		goto out;
#  351|   	/* Application value is hashed before signature */
#  352|-> 	if ((ret = ssh_digest_memory(SSH_DIGEST_SHA256, key->sk_application,
#  353|   	    strlen(key->sk_application), apphash, sizeof(apphash))) != 0)
#  354|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def549]
openssh-10.0p1/ssh-ecdsa-sk.c:361:20: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:20: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/8)
#  359|   	sshbuf_dump_data(msghash, sizeof(msghash), stderr);
#  360|   #endif
#  361|-> 	if ((ret = sshbuf_put(original_signed,
#  362|   	    apphash, sizeof(apphash))) != 0 ||
#  363|   	    (ret = sshbuf_put_u8(original_signed, sig_flags)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def550]
openssh-10.0p1/ssh-ecdsa-sk.c:363:20: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:363:20: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/8)
#  361|   	if ((ret = sshbuf_put(original_signed,
#  362|   	    apphash, sizeof(apphash))) != 0 ||
#  363|-> 	    (ret = sshbuf_put_u8(original_signed, sig_flags)) != 0 ||
#  364|   	    (ret = sshbuf_put_u32(original_signed, sig_counter)) != 0 ||
#  365|   	    (ret = sshbuf_putb(original_signed, webauthn_exts)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def551]
openssh-10.0p1/ssh-ecdsa-sk.c:364:20: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:364:20: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/8)
#  362|   	    apphash, sizeof(apphash))) != 0 ||
#  363|   	    (ret = sshbuf_put_u8(original_signed, sig_flags)) != 0 ||
#  364|-> 	    (ret = sshbuf_put_u32(original_signed, sig_counter)) != 0 ||
#  365|   	    (ret = sshbuf_putb(original_signed, webauthn_exts)) != 0 ||
#  366|   	    (ret = sshbuf_put(original_signed, msghash, sizeof(msghash))) != 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def552]
openssh-10.0p1/ssh-ecdsa-sk.c:365:20: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:365:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:365:20: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/8)
#  363|   	    (ret = sshbuf_put_u8(original_signed, sig_flags)) != 0 ||
#  364|   	    (ret = sshbuf_put_u32(original_signed, sig_counter)) != 0 ||
#  365|-> 	    (ret = sshbuf_putb(original_signed, webauthn_exts)) != 0 ||
#  366|   	    (ret = sshbuf_put(original_signed, msghash, sizeof(msghash))) != 0)
#  367|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def553]
openssh-10.0p1/ssh-ecdsa-sk.c:366:20: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:365:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:366:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:366:20: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/8)
#  364|   	    (ret = sshbuf_put_u32(original_signed, sig_counter)) != 0 ||
#  365|   	    (ret = sshbuf_putb(original_signed, webauthn_exts)) != 0 ||
#  366|-> 	    (ret = sshbuf_put(original_signed, msghash, sizeof(msghash))) != 0)
#  367|   		goto out;
#  368|   	details->sk_counter = sig_counter;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def554]
openssh-10.0p1/ssh-ecdsa-sk.c:375:23: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:365:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:366:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:368:9: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:375:23: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/8)
#  373|   #endif
#  374|   
#  375|-> 	if ((md_ctx = EVP_MD_CTX_new()) == NULL) {
#  376|   		ret = SSH_ERR_ALLOC_FAIL;
#  377|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def555]
openssh-10.0p1/ssh-ecdsa-sk.c:379:20: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:365:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:366:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:368:9: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:375:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:379:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:379:20: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/8)
#  377|   		goto out;
#  378|   	}
#  379|-> 	if ((len = i2d_ECDSA_SIG(esig, NULL)) <= 0) {
#  380|   		len = 0;
#  381|   		ret = SSH_ERR_LIBCRYPTO_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def556]
openssh-10.0p1/ssh-ecdsa-sk.c:389:13: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:365:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:366:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:368:9: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:375:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:379:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:379:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:384:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:384:21: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:384:12: branch_false: following ‘false’ branch (when ‘sigb’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:388:9: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:389:13: danger: ‘cp’ leaks here; was allocated at [(57)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/56)
#  387|   	}
#  388|   	cp = sigb; /* ASN1_item_i2d increments the pointer past the object */
#  389|-> 	if (i2d_ECDSA_SIG(esig, &cp) != len) {
#  390|   		ret = SSH_ERR_LIBCRYPTO_ERROR;
#  391|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def557]
openssh-10.0p1/ssh-ecdsa-sk.c:389:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:365:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:366:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:368:9: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:375:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:379:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:379:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:384:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:384:12: branch_false: following ‘false’ branch (when ‘sigb’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:388:9: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:389:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/32/codeFlows/0/threadFlows/0/locations/8)
#  387|   	}
#  388|   	cp = sigb; /* ASN1_item_i2d increments the pointer past the object */
#  389|-> 	if (i2d_ECDSA_SIG(esig, &cp) != len) {
#  390|   		ret = SSH_ERR_LIBCRYPTO_ERROR;
#  391|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def558]
openssh-10.0p1/ssh-ecdsa-sk.c:398:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:365:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:366:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:368:9: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:375:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:379:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:379:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:384:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:384:12: branch_false: following ‘false’ branch (when ‘sigb’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:388:9: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:389:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:399:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:398:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/33/codeFlows/0/threadFlows/0/locations/8)
#  396|   #endif
#  397|   	/* Verify it */
#  398|-> 	if (EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL,
#  399|   	    key->pkey) != 1) {
#  400|   		ret = SSH_ERR_LIBCRYPTO_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def559]
openssh-10.0p1/ssh-ecdsa-sk.c:403:17: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:365:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:366:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:368:9: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:375:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:379:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:379:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:384:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:384:12: branch_false: following ‘false’ branch (when ‘sigb’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:388:9: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:389:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:399:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:398:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:403:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:403:17: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/35/codeFlows/0/threadFlows/0/locations/8)
#  401|   		goto out;
#  402|   	}
#  403|-> 	switch (EVP_DigestVerify(md_ctx, sigb, len,
#  404|   	    sshbuf_ptr(original_signed), sshbuf_len(original_signed))) {
#  405|   	case 1:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def560]
openssh-10.0p1/ssh-ecdsa-sk.c:404:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:272:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:276:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:278:17: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:283:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:284:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:282:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:288:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:296:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:296:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:303:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:302:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:307:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:328:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:328:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:332:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:332:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:336:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:339:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:343:12: branch_false: following ‘false’ branch (when ‘is_webauthn == 0’)...
openssh-10.0p1/ssh-ecdsa-sk.c:348:27: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:348:19: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:353:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:352:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:361:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:363:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:364:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:365:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:366:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:361:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:368:9: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:375:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:379:20: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:379:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:384:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:384:12: branch_false: following ‘false’ branch (when ‘sigb’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:388:9: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:389:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:399:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:398:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:403:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:404:13: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/37/codeFlows/0/threadFlows/0/locations/8)
#  402|   	}
#  403|   	switch (EVP_DigestVerify(md_ctx, sigb, len,
#  404|-> 	    sshbuf_ptr(original_signed), sshbuf_len(original_signed))) {
#  405|   	case 1:
#  406|   		ret = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def561]
openssh-10.0p1/ssh-ecdsa-sk.c:425:9: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ecdsa-sk.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:257:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:262:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:262:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:266:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:266:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:268:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa-sk.c:268:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa-sk.c:272:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa-sk.c:425:9: danger: ‘details’ leaks here; was allocated at [(9)](sarif:/runs/0/results/38/codeFlows/0/threadFlows/0/locations/8)
#  423|   	explicit_bzero(msghash, sizeof(msghash));
#  424|   	explicit_bzero(apphash, sizeof(apphash));
#  425|-> 	sshkey_sig_details_free(details);
#  426|   	sshbuf_free(webauthn_wrapper);
#  427|   	sshbuf_free(webauthn_exts);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def562]
openssh-10.0p1/ssh-ecdsa.c:455:13: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
openssh-10.0p1/ssh-ecdsa.c:399:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa.c:399:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa.c:404:51: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa.c:404:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa.c:408:18: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa.c:408:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa.c:410:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa.c:410:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa.c:411:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa.c:410:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa.c:415:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa.c:415:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ecdsa.c:419:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa.c:419:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa.c:425:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa.c:425:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa.c:426:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa.c:425:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa.c:430:13: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa.c:430:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa.c:435:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa.c:435:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa.c:439:14: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa.c:439:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa.c:443:17: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa.c:445:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ecdsa.c:450:21: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa.c:450:21: acquire_memory: allocated here
openssh-10.0p1/ssh-ecdsa.c:450:12: branch_false: following ‘false’ branch (when ‘sigb’ is non-NULL)...
openssh-10.0p1/ssh-ecdsa.c:454:9: branch_false: ...to here
openssh-10.0p1/ssh-ecdsa.c:455:13: danger: ‘cp’ leaks here; was allocated at [(29)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/28)
#  453|   	}
#  454|   	cp = sigb; /* ASN1_item_i2d increments the pointer past the object */
#  455|-> 	if (i2d_ECDSA_SIG(esig, &cp) != len) {
#  456|   		ret = SSH_ERR_LIBCRYPTO_ERROR;
#  457|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def563]
openssh-10.0p1/ssh-ed25519-sk.c:203:24: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:203:24: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/28)
#  201|   	details->sk_counter = sig_counter;
#  202|   	details->sk_flags = sig_flags;
#  203|-> 	if ((encoded = sshbuf_new()) == NULL) {
#  204|   		r = SSH_ERR_ALLOC_FAIL;
#  205|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def564]
openssh-10.0p1/ssh-ed25519-sk.c:207:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/28)
#  205|   		goto out;
#  206|   	}
#  207|-> 	if (sshbuf_put(encoded, sigblob, len) != 0 ||
#  208|   	    sshbuf_put(encoded, apphash, sizeof(apphash)) != 0 ||
#  209|   	    sshbuf_put_u8(encoded, sig_flags) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def565]
openssh-10.0p1/ssh-ed25519-sk.c:208:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:208:13: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/28)
#  206|   	}
#  207|   	if (sshbuf_put(encoded, sigblob, len) != 0 ||
#  208|-> 	    sshbuf_put(encoded, apphash, sizeof(apphash)) != 0 ||
#  209|   	    sshbuf_put_u8(encoded, sig_flags) != 0 ||
#  210|   	    sshbuf_put_u32(encoded, sig_counter) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def566]
openssh-10.0p1/ssh-ed25519-sk.c:209:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:209:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:209:13: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/28)
#  207|   	if (sshbuf_put(encoded, sigblob, len) != 0 ||
#  208|   	    sshbuf_put(encoded, apphash, sizeof(apphash)) != 0 ||
#  209|-> 	    sshbuf_put_u8(encoded, sig_flags) != 0 ||
#  210|   	    sshbuf_put_u32(encoded, sig_counter) != 0 ||
#  211|   	    sshbuf_put(encoded, msghash, sizeof(msghash)) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def567]
openssh-10.0p1/ssh-ed25519-sk.c:210:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:209:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:210:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:210:13: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/28)
#  208|   	    sshbuf_put(encoded, apphash, sizeof(apphash)) != 0 ||
#  209|   	    sshbuf_put_u8(encoded, sig_flags) != 0 ||
#  210|-> 	    sshbuf_put_u32(encoded, sig_counter) != 0 ||
#  211|   	    sshbuf_put(encoded, msghash, sizeof(msghash)) != 0) {
#  212|   		r = SSH_ERR_ALLOC_FAIL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def568]
openssh-10.0p1/ssh-ed25519-sk.c:211:13: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:209:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:210:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:211:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:211:13: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/28)
#  209|   	    sshbuf_put_u8(encoded, sig_flags) != 0 ||
#  210|   	    sshbuf_put_u32(encoded, sig_counter) != 0 ||
#  211|-> 	    sshbuf_put(encoded, msghash, sizeof(msghash)) != 0) {
#  212|   		r = SSH_ERR_ALLOC_FAIL;
#  213|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def569]
openssh-10.0p1/ssh-ed25519-sk.c:219:14: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:209:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:210:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:211:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:219:14: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:219:14: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/28)
#  217|   	sshbuf_dump(encoded, stderr);
#  218|   #endif
#  219|-> 	sm = sshbuf_ptr(encoded);
#  220|   	smlen = sshbuf_len(encoded);
#  221|   	mlen = smlen;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def570]
openssh-10.0p1/ssh-ed25519-sk.c:220:17: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:209:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:210:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:211:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:219:14: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:220:17: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/28)
#  218|   #endif
#  219|   	sm = sshbuf_ptr(encoded);
#  220|-> 	smlen = sshbuf_len(encoded);
#  221|   	mlen = smlen;
#  222|   	if ((m = malloc(smlen)) == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def571]
openssh-10.0p1/ssh-ed25519-sk.c:226:20: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:209:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:210:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:211:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:219:14: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:222:12: branch_false: following ‘false’ branch (when ‘m’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:227:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:226:20: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/28)
#  224|   		goto out;
#  225|   	}
#  226|-> 	if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
#  227|   	    key->ed25519_pk)) != 0) {
#  228|   		debug2_f("crypto_sign_ed25519_open failed: %d", ret);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def572]
openssh-10.0p1/ssh-ed25519-sk.c:226:20: warning[-Wanalyzer-malloc-leak]: leak of ‘m’
openssh-10.0p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:209:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:210:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:211:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:219:14: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:222:18: acquire_memory: allocated here
openssh-10.0p1/ssh-ed25519-sk.c:222:12: branch_false: following ‘false’ branch (when ‘m’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:227:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:226:20: danger: ‘m’ leaks here; was allocated at [(43)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/42)
#  224|   		goto out;
#  225|   	}
#  226|-> 	if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
#  227|   	    key->ed25519_pk)) != 0) {
#  228|   		debug2_f("crypto_sign_ed25519_open failed: %d", ret);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def573]
openssh-10.0p1/ssh-ed25519-sk.c:228:17: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:209:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:210:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:211:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:219:14: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:222:12: branch_false: following ‘false’ branch (when ‘m’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:227:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:226:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:228:17: branch_true: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:228:17: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/28)
#  226|   	if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
#  227|   	    key->ed25519_pk)) != 0) {
#  228|-> 		debug2_f("crypto_sign_ed25519_open failed: %d", ret);
#  229|   	}
#  230|   	if (ret != 0 || mlen != smlen - len) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def574]
openssh-10.0p1/ssh-ed25519-sk.c:243:17: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:203:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:208:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:209:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:210:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:211:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:207:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:219:14: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:222:12: branch_false: following ‘false’ branch (when ‘m’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:227:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:226:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:230:33: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:243:17: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/28)
#  241|    out:
#  242|   	if (m != NULL)
#  243|-> 		freezero(m, smlen); /* NB mlen may be invalid if r != 0 */
#  244|   	sshkey_sig_details_free(details);
#  245|   	sshbuf_free(b);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def575]
openssh-10.0p1/ssh-ed25519-sk.c:244:9: warning[-Wanalyzer-malloc-leak]: leak of ‘details’
openssh-10.0p1/ssh-ed25519-sk.c:149:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:150:31: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:151:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:152:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:149:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:155:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:155:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:158:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:159:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:160:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:157:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:172:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:172:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ed25519-sk.c:176:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:176:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:180:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:180:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:185:20: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:186:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:184:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:197:24: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:197:24: acquire_memory: allocated here
openssh-10.0p1/ssh-ed25519-sk.c:197:12: branch_false: following ‘false’ branch (when ‘details’ is non-NULL)...
openssh-10.0p1/ssh-ed25519-sk.c:201:9: branch_false: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:203:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-ed25519-sk.c:205:17: branch_true: ...to here
openssh-10.0p1/ssh-ed25519-sk.c:244:9: danger: ‘details’ leaks here; was allocated at [(29)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/28)
#  242|   	if (m != NULL)
#  243|   		freezero(m, smlen); /* NB mlen may be invalid if r != 0 */
#  244|-> 	sshkey_sig_details_free(details);
#  245|   	sshbuf_free(b);
#  246|   	sshbuf_free(encoded);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def576]
openssh-10.0p1/ssh-ed25519.c:176:20: warning[-Wanalyzer-malloc-leak]: leak of ‘sig’
openssh-10.0p1/ssh-ed25519.c:163:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/ssh-ed25519.c:164:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:163:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:165:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:163:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:163:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:163:13: branch_false: following ‘false’ branch (when ‘datalen <= 2147483582’)...
openssh-10.0p1/ssh-ed25519.c:168:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:168:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:172:17: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:173:20: acquire_memory: allocated here
openssh-10.0p1/ssh-ed25519.c:173:12: branch_false: following ‘false’ branch (when ‘sig’ is non-NULL)...
openssh-10.0p1/ssh-ed25519.c:177:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:176:20: danger: ‘sig’ leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10)
#  174|   		return SSH_ERR_ALLOC_FAIL;
#  175|   
#  176|-> 	if ((ret = crypto_sign_ed25519(sig, &smlen, data, datalen,
#  177|   	    key->ed25519_sk)) != 0 || smlen <= datalen) {
#  178|   		r = SSH_ERR_INVALID_ARGUMENT; /* XXX better error? */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def577]
openssh-10.0p1/ssh-ed25519.c:263:20: warning[-Wanalyzer-malloc-leak]: leak of ‘m’
openssh-10.0p1/ssh-ed25519.c:223:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/ssh-ed25519.c:224:31: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:225:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:226:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: following ‘false’ branch (when ‘siglen != 0’)...
openssh-10.0p1/ssh-ed25519.c:229:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:229:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:234:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:234:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:236:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:236:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:237:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:236:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:239:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:239:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ed25519.c:243:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:243:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:247:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:247:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:255:9: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:257:12: branch_false: following ‘false’ branch (when ‘sm’ is non-NULL)...
openssh-10.0p1/ssh-ed25519.c:257:50: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:257:50: acquire_memory: allocated here
openssh-10.0p1/ssh-ed25519.c:257:13: branch_false: following ‘false’ branch (when ‘m’ is non-NULL)...
openssh-10.0p1/ssh-ed25519.c:261:9: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:263:20: danger: ‘m’ leaks here; was allocated at [(27)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/26)
#  261|   	memcpy(sm, sigblob, len);
#  262|   	memcpy(sm+len, data, dlen);
#  263|-> 	if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
#  264|   	    key->ed25519_pk)) != 0) {
#  265|   		debug2_f("crypto_sign_ed25519_open failed: %d", ret);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def578]
openssh-10.0p1/ssh-ed25519.c:263:20: warning[-Wanalyzer-malloc-leak]: leak of ‘sm’
openssh-10.0p1/ssh-ed25519.c:223:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/ssh-ed25519.c:224:31: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:225:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:226:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: following ‘false’ branch (when ‘siglen != 0’)...
openssh-10.0p1/ssh-ed25519.c:229:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:229:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:234:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:234:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:236:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:236:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:237:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:236:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:239:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:239:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ed25519.c:243:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:243:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:247:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:247:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:255:9: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:257:19: acquire_memory: allocated here
openssh-10.0p1/ssh-ed25519.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:263:20: danger: ‘sm’ leaks here; was allocated at [(25)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/24)
#  261|   	memcpy(sm, sigblob, len);
#  262|   	memcpy(sm+len, data, dlen);
#  263|-> 	if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
#  264|   	    key->ed25519_pk)) != 0) {
#  265|   		debug2_f("crypto_sign_ed25519_open failed: %d", ret);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def579]
openssh-10.0p1/ssh-ed25519.c:265:17: warning[-Wanalyzer-malloc-leak]: leak of ‘sm’
openssh-10.0p1/ssh-ed25519.c:223:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/ssh-ed25519.c:224:31: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:225:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:226:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: following ‘false’ branch (when ‘siglen != 0’)...
openssh-10.0p1/ssh-ed25519.c:229:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:229:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:234:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:234:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:236:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:236:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:237:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:236:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:239:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:239:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ed25519.c:243:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:243:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:247:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:247:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:255:9: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:257:19: acquire_memory: allocated here
openssh-10.0p1/ssh-ed25519.c:257:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:263:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-ed25519.c:265:17: branch_true: ...to here
openssh-10.0p1/ssh-ed25519.c:265:17: danger: ‘sm’ leaks here; was allocated at [(25)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/24)
#  263|   	if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
#  264|   	    key->ed25519_pk)) != 0) {
#  265|-> 		debug2_f("crypto_sign_ed25519_open failed: %d", ret);
#  266|   	}
#  267|   	if (ret != 0 || mlen != dlen) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def580]
openssh-10.0p1/ssh-ed25519.c:276:17: warning[-Wanalyzer-malloc-leak]: leak of ‘sm’
openssh-10.0p1/ssh-ed25519.c:223:12: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
openssh-10.0p1/ssh-ed25519.c:224:31: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:225:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:226:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:223:13: branch_false: following ‘false’ branch (when ‘siglen != 0’)...
openssh-10.0p1/ssh-ed25519.c:229:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:229:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:234:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:234:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:236:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:236:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:237:18: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:236:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:239:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:239:12: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/ssh-ed25519.c:243:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:243:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:247:13: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:247:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-ed25519.c:255:9: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:257:19: acquire_memory: allocated here
openssh-10.0p1/ssh-ed25519.c:257:12: branch_false: following ‘false’ branch (when ‘sm’ is non-NULL)...
openssh-10.0p1/ssh-ed25519.c:257:50: branch_false: ...to here
openssh-10.0p1/ssh-ed25519.c:257:13: branch_true: following ‘true’ branch (when ‘m’ is NULL)...
openssh-10.0p1/ssh-ed25519.c:259:17: branch_true: ...to here
openssh-10.0p1/ssh-ed25519.c:276:17: danger: ‘sm’ leaks here; was allocated at [(25)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/24)
#  274|    out:
#  275|   	if (sm != NULL)
#  276|-> 		freezero(sm, smlen);
#  277|   	if (m != NULL)
#  278|   		freezero(m, smlen); /* NB mlen may be invalid if r != 0 */

Error: COMPILER_WARNING: [#def581]
openssh-10.0p1/ssh-keycat.c:39:9: warning: ‘_GNU_SOURCE’ redefined
#   39 | #define _GNU_SOURCE
#      |         ^~~~~~~~~~~
<command-line>: note: this is the location of the previous definition
#   37|   */
#   38|   
#   39|-> #define _GNU_SOURCE
#   40|   
#   41|   #include "config.h"

Error: COMPILER_WARNING: [#def582]
openssh-10.0p1/ssh-keycat.c:39:9: warning[warning]: ‘_GNU_SOURCE’ redefined
#   37|   */
#   38|   
#   39|-> #define _GNU_SOURCE
#   40|   
#   41|   #include "config.h"

Error: COMPILER_WARNING: [#def583]
openssh-10.0p1/ssh-keygen.c: scope_hint: In function ‘do_convert_to’
openssh-10.0p1/ssh-keygen.c:370:41: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 1024 bytes into a region of size 39
#  370 |             "%u-bit %s, converted by %s@%s from OpenSSH",
#      |                                         ^~
#  371 |             sshkey_size(k), sshkey_type(k),
#  372 |             pw->pw_name, hostname);
#      |                          ~~~~~~~~        
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output 36 or more bytes (assuming 1060) into a destination of size 61
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  368|   	/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
#  369|   	snprintf(comment, sizeof(comment),
#  370|-> 	    "%u-bit %s, converted by %s@%s from OpenSSH",
#  371|   	    sshkey_size(k), sshkey_type(k),
#  372|   	    pw->pw_name, hostname);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def584]
openssh-10.0p1/ssh-keygen.c:653:21: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&identity_file, "r")’
openssh-10.0p1/ssh-keygen.c:673:1: enter_function: entry to ‘do_convert_from_ssh2’
openssh-10.0p1/ssh-keygen.c:682:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:684:19: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:684:19: acquire_resource: opened here
openssh-10.0p1/ssh-keygen.c:684:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:686:9: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:687:24: call_function: calling ‘get_line’ from ‘do_convert_from_ssh2’
#  651|   
#  652|   	line[0] = '\0';
#  653|-> 	while ((c = fgetc(fp)) != EOF) {
#  654|   		if (pos >= len - 1)
#  655|   			fatal("input line too long.");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def585]
openssh-10.0p1/ssh-keygen.c:653:21: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(&identity_file, "r")’
openssh-10.0p1/ssh-keygen.c:673:1: enter_function: entry to ‘do_convert_from_ssh2’
openssh-10.0p1/ssh-keygen.c:682:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:684:19: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:684:19: acquire_memory: allocated here
openssh-10.0p1/ssh-keygen.c:684:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:686:9: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:687:24: call_function: calling ‘get_line’ from ‘do_convert_from_ssh2’
#  651|   
#  652|   	line[0] = '\0';
#  653|-> 	while ((c = fgetc(fp)) != EOF) {
#  654|   		if (pos >= len - 1)
#  655|   			fatal("input line too long.");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def586]
openssh-10.0p1/ssh-keygen.c:658:29: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&identity_file, "r")’
openssh-10.0p1/ssh-keygen.c:673:1: enter_function: entry to ‘do_convert_from_ssh2’
openssh-10.0p1/ssh-keygen.c:682:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:684:19: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:684:19: acquire_resource: opened here
openssh-10.0p1/ssh-keygen.c:684:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:686:9: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:687:24: call_function: calling ‘get_line’ from ‘do_convert_from_ssh2’
#  656|   		switch (c) {
#  657|   		case '\r':
#  658|-> 			c = fgetc(fp);
#  659|   			if (c != EOF && c != '\n' && ungetc(c, fp) == EOF)
#  660|   				fatal("unget: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def587]
openssh-10.0p1/ssh-keygen.c:658:29: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(&identity_file, "r")’
openssh-10.0p1/ssh-keygen.c:673:1: enter_function: entry to ‘do_convert_from_ssh2’
openssh-10.0p1/ssh-keygen.c:682:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:684:19: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:684:19: acquire_memory: allocated here
openssh-10.0p1/ssh-keygen.c:684:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:686:9: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:687:24: call_function: calling ‘get_line’ from ‘do_convert_from_ssh2’
#  656|   		switch (c) {
#  657|   		case '\r':
#  658|-> 			c = fgetc(fp);
#  659|   			if (c != EOF && c != '\n' && ungetc(c, fp) == EOF)
#  660|   				fatal("unget: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def588]
openssh-10.0p1/ssh-keygen.c:659:54: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&identity_file, "r")’
openssh-10.0p1/ssh-keygen.c:673:1: enter_function: entry to ‘do_convert_from_ssh2’
openssh-10.0p1/ssh-keygen.c:682:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:684:19: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:684:19: acquire_resource: opened here
openssh-10.0p1/ssh-keygen.c:684:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:686:9: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:687:24: call_function: calling ‘get_line’ from ‘do_convert_from_ssh2’
#  657|   		case '\r':
#  658|   			c = fgetc(fp);
#  659|-> 			if (c != EOF && c != '\n' && ungetc(c, fp) == EOF)
#  660|   				fatal("unget: %s", strerror(errno));
#  661|   			return pos;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def589]
openssh-10.0p1/ssh-keygen.c:659:54: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(&identity_file, "r")’
openssh-10.0p1/ssh-keygen.c:673:1: enter_function: entry to ‘do_convert_from_ssh2’
openssh-10.0p1/ssh-keygen.c:682:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:684:19: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:684:19: acquire_memory: allocated here
openssh-10.0p1/ssh-keygen.c:684:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:686:9: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:687:24: call_function: calling ‘get_line’ from ‘do_convert_from_ssh2’
#  657|   		case '\r':
#  658|   			c = fgetc(fp);
#  659|-> 			if (c != EOF && c != '\n' && ungetc(c, fp) == EOF)
#  660|   				fatal("unget: %s", strerror(errno));
#  661|   			return pos;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def590]
openssh-10.0p1/ssh-keygen.c:660:33: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&identity_file, "r")’
openssh-10.0p1/ssh-keygen.c:673:1: enter_function: entry to ‘do_convert_from_ssh2’
openssh-10.0p1/ssh-keygen.c:682:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:684:19: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:684:19: acquire_resource: opened here
openssh-10.0p1/ssh-keygen.c:684:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:686:9: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:687:24: call_function: calling ‘get_line’ from ‘do_convert_from_ssh2’
#  658|   			c = fgetc(fp);
#  659|   			if (c != EOF && c != '\n' && ungetc(c, fp) == EOF)
#  660|-> 				fatal("unget: %s", strerror(errno));
#  661|   			return pos;
#  662|   		case '\n':

Error: GCC_ANALYZER_WARNING (CWE-401): [#def591]
openssh-10.0p1/ssh-keygen.c:660:33: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(&identity_file, "r")’
openssh-10.0p1/ssh-keygen.c:673:1: enter_function: entry to ‘do_convert_from_ssh2’
openssh-10.0p1/ssh-keygen.c:682:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:684:19: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:684:19: acquire_memory: allocated here
openssh-10.0p1/ssh-keygen.c:684:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:686:9: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:687:24: call_function: calling ‘get_line’ from ‘do_convert_from_ssh2’
#  658|   			c = fgetc(fp);
#  659|   			if (c != EOF && c != '\n' && ungetc(c, fp) == EOF)
#  660|-> 				fatal("unget: %s", strerror(errno));
#  661|   			return pos;
#  662|   		case '\n':

Error: GCC_ANALYZER_WARNING (CWE-775): [#def592]
openssh-10.0p1/ssh-keygen.c:732:23: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&identity_file, "r")’
openssh-10.0p1/ssh-keygen.c:730:19: acquire_resource: opened here
openssh-10.0p1/ssh-keygen.c:730:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:732:23: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:732:23: danger: ‘fopen(&identity_file, "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  730|   	if ((fp = fopen(identity_file, "r")) == NULL)
#  731|   		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
#  732|-> 	if ((pubkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL)) == NULL) {
#  733|   		fatal_f("%s is not a recognised public key format",
#  734|   		    identity_file);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def593]
openssh-10.0p1/ssh-keygen.c:732:23: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(&identity_file, "r")’
openssh-10.0p1/ssh-keygen.c:730:19: acquire_memory: allocated here
openssh-10.0p1/ssh-keygen.c:730:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:732:23: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:732:23: danger: ‘fopen(&identity_file, "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  730|   	if ((fp = fopen(identity_file, "r")) == NULL)
#  731|   		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
#  732|-> 	if ((pubkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL)) == NULL) {
#  733|   		fatal_f("%s is not a recognised public key format",
#  734|   		    identity_file);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def594]
openssh-10.0p1/ssh-keygen.c:780:20: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&identity_file, "r")’
openssh-10.0p1/ssh-keygen.c:778:19: acquire_resource: opened here
openssh-10.0p1/ssh-keygen.c:778:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:780:20: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:780:20: danger: ‘fopen(&identity_file, "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#  778|   	if ((fp = fopen(identity_file, "r")) == NULL)
#  779|   		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
#  780|-> 	if ((rsa = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL)) != NULL) {
#  781|   		if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
#  782|   			fatal("sshkey_new failed");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def595]
openssh-10.0p1/ssh-keygen.c:780:20: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(&identity_file, "r")’
openssh-10.0p1/ssh-keygen.c:778:19: acquire_memory: allocated here
openssh-10.0p1/ssh-keygen.c:778:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:780:20: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:780:20: danger: ‘fopen(&identity_file, "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/0)
#  778|   	if ((fp = fopen(identity_file, "r")) == NULL)
#  779|   		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
#  780|-> 	if ((rsa = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL)) != NULL) {
#  781|   		if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
#  782|   			fatal("sshkey_new failed");

Error: COMPILER_WARNING: [#def596]
openssh-10.0p1/ssh-keygen.c: scope_hint: In function ‘do_gen_all_hostkeys’
openssh-10.0p1/ssh-keygen.c:1180:55: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 1024 bytes into a region of size 1023
# 1180 |                 snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
#      |                                                       ^~
# 1181 |                     hostname);
#      |                     ~~~~~~~~                           
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output 2 or more bytes (assuming 1026) into a destination of size 1024
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
# 1178|   		if ((r = sshkey_from_private(private, &public)) != 0)
# 1179|   			fatal_fr(r, "sshkey_from_private");
# 1180|-> 		snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
# 1181|   		    hostname);
# 1182|   		if ((r = sshkey_save_private(private, prv_tmp, "",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def597]
openssh-10.0p1/ssh-keygen.c:1408:18: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx.out’
openssh-10.0p1/ssh-keygen.c:1374:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:1377:9: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:1388:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keygen.c:1389:20: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:1390:21: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:1389:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:1391:21: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:1389:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:1392:21: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:1389:21: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:1394:17: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:1395:20: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:1397:32: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:1397:32: acquire_memory: allocated here
openssh-10.0p1/ssh-keygen.c:1397:20: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:1402:34: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:1408:18: danger: ‘ctx.out’ leaks here; was allocated at [(15)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/14)
# 1406|   	foreach_options = find_host ? HKF_WANT_MATCH : 0;
# 1407|   	foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0;
# 1408|-> 	if ((r = hostkeys_foreach(identity_file, (find_host || !hash_hosts) ?
# 1409|   	    known_hosts_find_delete : known_hosts_hash, &ctx, name, NULL,
# 1410|   	    foreach_options, 0)) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def598]
openssh-10.0p1/ssh-keygen.c:3063:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘out’
openssh-10.0p1/ssh-keygen.c:3028:21: branch_false: following ‘false’ branch (when ‘i >= nopts’)...
openssh-10.0p1/ssh-keygen.c:3053:13: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:3053:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
openssh-10.0p1/ssh-keygen.c:3055:25: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:3055:25: acquire_resource: opened here
openssh-10.0p1/ssh-keygen.c:3055:17: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:3059:9: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:3061:12: branch_true: following ‘true’ branch (when ‘moduli_bits == 0’)...
 branch_true: ...to here
openssh-10.0p1/ssh-keygen.c:3063:13: danger: ‘out’ leaks here; was opened at [(5)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/4)
# 3061|   	if (moduli_bits == 0)
# 3062|   		moduli_bits = DEFAULT_BITS;
# 3063|-> 	if (gen_candidates(out, memory, moduli_bits, start) != 0)
# 3064|   		fatal("modulus candidate generation failed");
# 3065|   #else /* WITH_OPENSSL */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def599]
openssh-10.0p1/ssh-keygen.c:3063:13: warning[-Wanalyzer-malloc-leak]: leak of ‘out’
openssh-10.0p1/ssh-keygen.c:3028:21: branch_false: following ‘false’ branch (when ‘i >= nopts’)...
openssh-10.0p1/ssh-keygen.c:3053:13: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:3053:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
openssh-10.0p1/ssh-keygen.c:3055:25: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:3055:25: acquire_memory: allocated here
openssh-10.0p1/ssh-keygen.c:3055:17: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:3059:9: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:3061:12: branch_true: following ‘true’ branch (when ‘moduli_bits == 0’)...
 branch_true: ...to here
openssh-10.0p1/ssh-keygen.c:3063:13: danger: ‘out’ leaks here; was allocated at [(5)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/4)
# 3061|   	if (moduli_bits == 0)
# 3062|   		moduli_bits = DEFAULT_BITS;
# 3063|-> 	if (gen_candidates(out, memory, moduli_bits, start) != 0)
# 3064|   		fatal("modulus candidate generation failed");
# 3065|   #else /* WITH_OPENSSL */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def600]
openssh-10.0p1/ssh-keygen.c:3123:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘in’
openssh-10.0p1/ssh-keygen.c:3112:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keygen.c:3113:27: acquire_resource: opened here
openssh-10.0p1/ssh-keygen.c:3113:20: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:3120:13: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:3120:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
openssh-10.0p1/ssh-keygen.c:3122:25: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:3122:17: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keygen.c:3123:17: branch_true: ...to here
openssh-10.0p1/ssh-keygen.c:3123:17: danger: ‘in’ leaks here; was opened at [(3)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/2)
# 3121|   		out = stdout;
# 3122|   	else if ((out = fopen(out_file, "a")) == NULL) {
# 3123|-> 		fatal("Couldn't open moduli file \"%s\": %s",
# 3124|   		    out_file, strerror(errno));
# 3125|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def601]
openssh-10.0p1/ssh-keygen.c:3123:17: warning[-Wanalyzer-malloc-leak]: leak of ‘in’
openssh-10.0p1/ssh-keygen.c:3112:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keygen.c:3113:27: acquire_memory: allocated here
openssh-10.0p1/ssh-keygen.c:3113:20: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:3120:13: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:3120:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
openssh-10.0p1/ssh-keygen.c:3122:25: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:3122:17: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keygen.c:3123:17: branch_true: ...to here
openssh-10.0p1/ssh-keygen.c:3123:17: danger: ‘in’ leaks here; was allocated at [(3)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/2)
# 3121|   		out = stdout;
# 3122|   	else if ((out = fopen(out_file, "a")) == NULL) {
# 3123|-> 		fatal("Couldn't open moduli file \"%s\": %s",
# 3124|   		    out_file, strerror(errno));
# 3125|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def602]
openssh-10.0p1/ssh-keygen.c:3127:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘in’
openssh-10.0p1/ssh-keygen.c:3112:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keygen.c:3113:27: acquire_resource: opened here
openssh-10.0p1/ssh-keygen.c:3113:20: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:3120:13: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:3120:12: branch_true: following ‘true’ branch (when the strings are equal)...
openssh-10.0p1/ssh-keygen.c:3121:17: branch_true: ...to here
openssh-10.0p1/ssh-keygen.c:3127:13: branch_false: following ‘false’ branch (when ‘prime_tests == 0’)...
openssh-10.0p1/ssh-keygen.c:3127:13: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:3127:13: danger: ‘in’ leaks here; was opened at [(3)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/2)
# 3125|   	}
# 3126|   	setvbuf(out, NULL, _IOLBF, 0);
# 3127|-> 	if (prime_test(in, out, prime_tests == 0 ? 100 : prime_tests,
# 3128|   	    generator_wanted, checkpoint,
# 3129|   	    start_lineno, lines_to_process) != 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def603]
openssh-10.0p1/ssh-keygen.c:3127:13: warning[-Wanalyzer-malloc-leak]: leak of ‘in’
openssh-10.0p1/ssh-keygen.c:3112:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keygen.c:3113:27: acquire_memory: allocated here
openssh-10.0p1/ssh-keygen.c:3113:20: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keygen.c:3120:13: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:3120:12: branch_true: following ‘true’ branch (when the strings are equal)...
openssh-10.0p1/ssh-keygen.c:3121:17: branch_true: ...to here
openssh-10.0p1/ssh-keygen.c:3127:13: branch_false: following ‘false’ branch (when ‘prime_tests == 0’)...
openssh-10.0p1/ssh-keygen.c:3127:13: branch_false: ...to here
openssh-10.0p1/ssh-keygen.c:3127:13: danger: ‘in’ leaks here; was allocated at [(3)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/2)
# 3125|   	}
# 3126|   	setvbuf(out, NULL, _IOLBF, 0);
# 3127|-> 	if (prime_test(in, out, prime_tests == 0 ? 100 : prime_tests,
# 3128|   	    generator_wanted, checkpoint,
# 3129|   	    start_lineno, lines_to_process) != 0)

Error: COMPILER_WARNING: [#def604]
openssh-10.0p1/ssh-keygen.c: scope_hint: In function ‘main’
openssh-10.0p1/ssh-keygen.c:3980:55: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 1024 bytes into a region of size 1023
# 3980 |                 snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname);
#      |                                                       ^~                ~~~~~~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output 2 or more bytes (assuming 1026) into a destination of size 1024
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
# 3978|   	} else {
# 3979|   		/* Create default comment field for the passphrase. */
# 3980|-> 		snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname);
# 3981|   	}
# 3982|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def605]
openssh-10.0p1/ssh-keysign.c:196:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keysign.c:196:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:196:17: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  194|   	/* Leave /dev/null fd iff it is attached to stderr */
#  195|   	if (fd > 2)
#  196|-> 		close(fd);
#  197|   
#  198|   	for (i = 0; i < NUM_KEYTYPES; i++)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def606]
openssh-10.0p1/ssh-keysign.c:206:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:206:23: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  204|   	key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
#  205|   #endif
#  206|-> 	key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
#  207|   	key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
#  208|   	key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def607]
openssh-10.0p1/ssh-keysign.c:207:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:207:23: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  205|   #endif
#  206|   	key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
#  207|-> 	key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
#  208|   	key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY);
#  209|   	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def608]
openssh-10.0p1/ssh-keysign.c:207:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:206:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:207:23: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/8)
#  205|   #endif
#  206|   	key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
#  207|-> 	key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
#  208|   	key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY);
#  209|   	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def609]
openssh-10.0p1/ssh-keysign.c:208:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:208:23: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  206|   	key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
#  207|   	key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
#  208|-> 	key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY);
#  209|   	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  210|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def610]
openssh-10.0p1/ssh-keysign.c:208:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:206:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:208:23: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/8)
#  206|   	key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
#  207|   	key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
#  208|-> 	key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY);
#  209|   	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  210|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def611]
openssh-10.0p1/ssh-keysign.c:208:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:207:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:208:23: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/8)
#  206|   	key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
#  207|   	key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
#  208|-> 	key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY);
#  209|   	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  210|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def612]
openssh-10.0p1/ssh-keysign.c:209:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:209:23: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
#  207|   	key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
#  208|   	key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY);
#  209|-> 	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  210|   
#  211|   	if ((pw = getpwuid(getuid())) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def613]
openssh-10.0p1/ssh-keysign.c:209:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:206:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:209:23: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/8)
#  207|   	key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
#  208|   	key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY);
#  209|-> 	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  210|   
#  211|   	if ((pw = getpwuid(getuid())) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def614]
openssh-10.0p1/ssh-keysign.c:209:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:207:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:209:23: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/8)
#  207|   	key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
#  208|   	key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY);
#  209|-> 	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  210|   
#  211|   	if ((pw = getpwuid(getuid())) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def615]
openssh-10.0p1/ssh-keysign.c:209:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:208:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:209:23: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/8)
#  207|   	key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
#  208|   	key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY);
#  209|-> 	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  210|   
#  211|   	if ((pw = getpwuid(getuid())) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def616]
openssh-10.0p1/ssh-keysign.c:211:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:211:19: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/2)
#  209|   	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  210|   
#  211|-> 	if ((pw = getpwuid(getuid())) == NULL)
#  212|   		fatal("getpwuid failed");
#  213|   	pw = pwcopy(pw);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def617]
openssh-10.0p1/ssh-keysign.c:211:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:206:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:19: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/8)
#  209|   	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  210|   
#  211|-> 	if ((pw = getpwuid(getuid())) == NULL)
#  212|   		fatal("getpwuid failed");
#  213|   	pw = pwcopy(pw);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def618]
openssh-10.0p1/ssh-keysign.c:211:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:207:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:19: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/8)
#  209|   	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  210|   
#  211|-> 	if ((pw = getpwuid(getuid())) == NULL)
#  212|   		fatal("getpwuid failed");
#  213|   	pw = pwcopy(pw);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def619]
openssh-10.0p1/ssh-keysign.c:211:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:208:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:19: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/8)
#  209|   	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  210|   
#  211|-> 	if ((pw = getpwuid(getuid())) == NULL)
#  212|   		fatal("getpwuid failed");
#  213|   	pw = pwcopy(pw);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def620]
openssh-10.0p1/ssh-keysign.c:211:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:19: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/8)
#  209|   	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
#  210|   
#  211|-> 	if ((pw = getpwuid(getuid())) == NULL)
#  212|   		fatal("getpwuid failed");
#  213|   	pw = pwcopy(pw);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def621]
openssh-10.0p1/ssh-keysign.c:212:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:211:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keysign.c:212:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:212:17: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/2)
#  210|   
#  211|   	if ((pw = getpwuid(getuid())) == NULL)
#  212|-> 		fatal("getpwuid failed");
#  213|   	pw = pwcopy(pw);
#  214|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def622]
openssh-10.0p1/ssh-keysign.c:212:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:206:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keysign.c:212:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:212:17: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/8)
#  210|   
#  211|   	if ((pw = getpwuid(getuid())) == NULL)
#  212|-> 		fatal("getpwuid failed");
#  213|   	pw = pwcopy(pw);
#  214|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def623]
openssh-10.0p1/ssh-keysign.c:212:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:207:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keysign.c:212:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:212:17: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/8)
#  210|   
#  211|   	if ((pw = getpwuid(getuid())) == NULL)
#  212|-> 		fatal("getpwuid failed");
#  213|   	pw = pwcopy(pw);
#  214|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def624]
openssh-10.0p1/ssh-keysign.c:212:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:208:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keysign.c:212:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:212:17: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/8)
#  210|   
#  211|   	if ((pw = getpwuid(getuid())) == NULL)
#  212|-> 		fatal("getpwuid failed");
#  213|   	pw = pwcopy(pw);
#  214|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def625]
openssh-10.0p1/ssh-keysign.c:212:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keysign.c:212:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:212:17: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/8)
#  210|   
#  211|   	if ((pw = getpwuid(getuid())) == NULL)
#  212|-> 		fatal("getpwuid failed");
#  213|   	pw = pwcopy(pw);
#  214|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def626]
openssh-10.0p1/ssh-keysign.c:213:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:213:14: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/2)
#  211|   	if ((pw = getpwuid(getuid())) == NULL)
#  212|   		fatal("getpwuid failed");
#  213|-> 	pw = pwcopy(pw);
#  214|   
#  215|   	permanently_set_uid(pw);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def627]
openssh-10.0p1/ssh-keysign.c:213:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:206:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:213:14: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/8)
#  211|   	if ((pw = getpwuid(getuid())) == NULL)
#  212|   		fatal("getpwuid failed");
#  213|-> 	pw = pwcopy(pw);
#  214|   
#  215|   	permanently_set_uid(pw);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def628]
openssh-10.0p1/ssh-keysign.c:213:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:207:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:213:14: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/8)
#  211|   	if ((pw = getpwuid(getuid())) == NULL)
#  212|   		fatal("getpwuid failed");
#  213|-> 	pw = pwcopy(pw);
#  214|   
#  215|   	permanently_set_uid(pw);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def629]
openssh-10.0p1/ssh-keysign.c:213:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:208:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:213:14: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/8)
#  211|   	if ((pw = getpwuid(getuid())) == NULL)
#  212|   		fatal("getpwuid failed");
#  213|-> 	pw = pwcopy(pw);
#  214|   
#  215|   	permanently_set_uid(pw);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def630]
openssh-10.0p1/ssh-keysign.c:213:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:213:14: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/8)
#  211|   	if ((pw = getpwuid(getuid())) == NULL)
#  212|   		fatal("getpwuid failed");
#  213|-> 	pw = pwcopy(pw);
#  214|   
#  215|   	permanently_set_uid(pw);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def631]
openssh-10.0p1/ssh-keysign.c:215:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:215:9: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/2)
#  213|   	pw = pwcopy(pw);
#  214|   
#  215|-> 	permanently_set_uid(pw);
#  216|   
#  217|   	seed_rng();

Error: GCC_ANALYZER_WARNING (CWE-775): [#def632]
openssh-10.0p1/ssh-keysign.c:215:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:206:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:215:9: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/8)
#  213|   	pw = pwcopy(pw);
#  214|   
#  215|-> 	permanently_set_uid(pw);
#  216|   
#  217|   	seed_rng();

Error: GCC_ANALYZER_WARNING (CWE-775): [#def633]
openssh-10.0p1/ssh-keysign.c:215:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:207:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:215:9: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/8)
#  213|   	pw = pwcopy(pw);
#  214|   
#  215|-> 	permanently_set_uid(pw);
#  216|   
#  217|   	seed_rng();

Error: GCC_ANALYZER_WARNING (CWE-775): [#def634]
openssh-10.0p1/ssh-keysign.c:215:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:208:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:215:9: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/8)
#  213|   	pw = pwcopy(pw);
#  214|   
#  215|-> 	permanently_set_uid(pw);
#  216|   
#  217|   	seed_rng();

Error: GCC_ANALYZER_WARNING (CWE-775): [#def635]
openssh-10.0p1/ssh-keysign.c:215:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:215:9: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/8)
#  213|   	pw = pwcopy(pw);
#  214|   
#  215|-> 	permanently_set_uid(pw);
#  216|   
#  217|   	seed_rng();

Error: GCC_ANALYZER_WARNING (CWE-775): [#def636]
openssh-10.0p1/ssh-keysign.c:217:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:217:9: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/33/codeFlows/0/threadFlows/0/locations/2)
#  215|   	permanently_set_uid(pw);
#  216|   
#  217|-> 	seed_rng();
#  218|   
#  219|   #ifdef DEBUG_SSH_KEYSIGN

Error: GCC_ANALYZER_WARNING (CWE-775): [#def637]
openssh-10.0p1/ssh-keysign.c:217:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:206:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:217:9: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/35/codeFlows/0/threadFlows/0/locations/8)
#  215|   	permanently_set_uid(pw);
#  216|   
#  217|-> 	seed_rng();
#  218|   
#  219|   #ifdef DEBUG_SSH_KEYSIGN

Error: GCC_ANALYZER_WARNING (CWE-775): [#def638]
openssh-10.0p1/ssh-keysign.c:217:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:207:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:217:9: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/8)
#  215|   	permanently_set_uid(pw);
#  216|   
#  217|-> 	seed_rng();
#  218|   
#  219|   #ifdef DEBUG_SSH_KEYSIGN

Error: GCC_ANALYZER_WARNING (CWE-775): [#def639]
openssh-10.0p1/ssh-keysign.c:217:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:208:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:217:9: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/32/codeFlows/0/threadFlows/0/locations/8)
#  215|   	permanently_set_uid(pw);
#  216|   
#  217|-> 	seed_rng();
#  218|   
#  219|   #ifdef DEBUG_SSH_KEYSIGN

Error: GCC_ANALYZER_WARNING (CWE-775): [#def640]
openssh-10.0p1/ssh-keysign.c:217:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:217:9: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/34/codeFlows/0/threadFlows/0/locations/8)
#  215|   	permanently_set_uid(pw);
#  216|   
#  217|-> 	seed_rng();
#  218|   
#  219|   #ifdef DEBUG_SSH_KEYSIGN

Error: GCC_ANALYZER_WARNING (CWE-775): [#def641]
openssh-10.0p1/ssh-keysign.c:224:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:224:9: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/36/codeFlows/0/threadFlows/0/locations/2)
#  222|   
#  223|   	/* verify that ssh-keysign is enabled by the admin */
#  224|-> 	initialize_options(&options);
#  225|   	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  226|   	    &options, 0, NULL);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def642]
openssh-10.0p1/ssh-keysign.c:224:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:206:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:224:9: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/39/codeFlows/0/threadFlows/0/locations/8)
#  222|   
#  223|   	/* verify that ssh-keysign is enabled by the admin */
#  224|-> 	initialize_options(&options);
#  225|   	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  226|   	    &options, 0, NULL);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def643]
openssh-10.0p1/ssh-keysign.c:224:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:207:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:224:9: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/38/codeFlows/0/threadFlows/0/locations/8)
#  222|   
#  223|   	/* verify that ssh-keysign is enabled by the admin */
#  224|-> 	initialize_options(&options);
#  225|   	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  226|   	    &options, 0, NULL);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def644]
openssh-10.0p1/ssh-keysign.c:224:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:208:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:224:9: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/40/codeFlows/0/threadFlows/0/locations/8)
#  222|   
#  223|   	/* verify that ssh-keysign is enabled by the admin */
#  224|-> 	initialize_options(&options);
#  225|   	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  226|   	    &options, 0, NULL);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def645]
openssh-10.0p1/ssh-keysign.c:224:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:224:9: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/37/codeFlows/0/threadFlows/0/locations/8)
#  222|   
#  223|   	/* verify that ssh-keysign is enabled by the admin */
#  224|-> 	initialize_options(&options);
#  225|   	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  226|   	    &options, 0, NULL);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def646]
openssh-10.0p1/ssh-keysign.c:225:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:225:15: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/45/codeFlows/0/threadFlows/0/locations/2)
#  223|   	/* verify that ssh-keysign is enabled by the admin */
#  224|   	initialize_options(&options);
#  225|-> 	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  226|   	    &options, 0, NULL);
#  227|   	(void)fill_default_options(&options);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def647]
openssh-10.0p1/ssh-keysign.c:225:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:206:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:225:15: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/43/codeFlows/0/threadFlows/0/locations/8)
#  223|   	/* verify that ssh-keysign is enabled by the admin */
#  224|   	initialize_options(&options);
#  225|-> 	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  226|   	    &options, 0, NULL);
#  227|   	(void)fill_default_options(&options);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def648]
openssh-10.0p1/ssh-keysign.c:225:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:207:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:225:15: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/44/codeFlows/0/threadFlows/0/locations/8)
#  223|   	/* verify that ssh-keysign is enabled by the admin */
#  224|   	initialize_options(&options);
#  225|-> 	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  226|   	    &options, 0, NULL);
#  227|   	(void)fill_default_options(&options);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def649]
openssh-10.0p1/ssh-keysign.c:225:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:208:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:225:15: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/42/codeFlows/0/threadFlows/0/locations/8)
#  223|   	/* verify that ssh-keysign is enabled by the admin */
#  224|   	initialize_options(&options);
#  225|-> 	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  226|   	    &options, 0, NULL);
#  227|   	(void)fill_default_options(&options);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def650]
openssh-10.0p1/ssh-keysign.c:225:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:225:15: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/41/codeFlows/0/threadFlows/0/locations/8)
#  223|   	/* verify that ssh-keysign is enabled by the admin */
#  224|   	initialize_options(&options);
#  225|-> 	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  226|   	    &options, 0, NULL);
#  227|   	(void)fill_default_options(&options);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def651]
openssh-10.0p1/ssh-keysign.c:227:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:227:15: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/50/codeFlows/0/threadFlows/0/locations/2)
#  225|   	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  226|   	    &options, 0, NULL);
#  227|-> 	(void)fill_default_options(&options);
#  228|   	if (options.enable_ssh_keysign != 1)
#  229|   		fatal("ssh-keysign not enabled in %s",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def652]
openssh-10.0p1/ssh-keysign.c:227:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:206:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:227:15: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/49/codeFlows/0/threadFlows/0/locations/8)
#  225|   	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  226|   	    &options, 0, NULL);
#  227|-> 	(void)fill_default_options(&options);
#  228|   	if (options.enable_ssh_keysign != 1)
#  229|   		fatal("ssh-keysign not enabled in %s",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def653]
openssh-10.0p1/ssh-keysign.c:227:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:207:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:227:15: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/48/codeFlows/0/threadFlows/0/locations/8)
#  225|   	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  226|   	    &options, 0, NULL);
#  227|-> 	(void)fill_default_options(&options);
#  228|   	if (options.enable_ssh_keysign != 1)
#  229|   		fatal("ssh-keysign not enabled in %s",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def654]
openssh-10.0p1/ssh-keysign.c:227:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:208:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:227:15: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/47/codeFlows/0/threadFlows/0/locations/8)
#  225|   	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  226|   	    &options, 0, NULL);
#  227|-> 	(void)fill_default_options(&options);
#  228|   	if (options.enable_ssh_keysign != 1)
#  229|   		fatal("ssh-keysign not enabled in %s",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def655]
openssh-10.0p1/ssh-keysign.c:227:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:227:15: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/46/codeFlows/0/threadFlows/0/locations/8)
#  225|   	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", "",
#  226|   	    &options, 0, NULL);
#  227|-> 	(void)fill_default_options(&options);
#  228|   	if (options.enable_ssh_keysign != 1)
#  229|   		fatal("ssh-keysign not enabled in %s",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def656]
openssh-10.0p1/ssh-keysign.c:229:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:228:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keysign.c:229:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:229:17: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/51/codeFlows/0/threadFlows/0/locations/2)
#  227|   	(void)fill_default_options(&options);
#  228|   	if (options.enable_ssh_keysign != 1)
#  229|-> 		fatal("ssh-keysign not enabled in %s",
#  230|   		    _PATH_HOST_CONFIG_FILE);
#  231|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def657]
openssh-10.0p1/ssh-keysign.c:229:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:206:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:228:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keysign.c:229:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:229:17: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/54/codeFlows/0/threadFlows/0/locations/8)
#  227|   	(void)fill_default_options(&options);
#  228|   	if (options.enable_ssh_keysign != 1)
#  229|-> 		fatal("ssh-keysign not enabled in %s",
#  230|   		    _PATH_HOST_CONFIG_FILE);
#  231|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def658]
openssh-10.0p1/ssh-keysign.c:229:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:207:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:228:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keysign.c:229:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:229:17: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/55/codeFlows/0/threadFlows/0/locations/8)
#  227|   	(void)fill_default_options(&options);
#  228|   	if (options.enable_ssh_keysign != 1)
#  229|-> 		fatal("ssh-keysign not enabled in %s",
#  230|   		    _PATH_HOST_CONFIG_FILE);
#  231|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def659]
openssh-10.0p1/ssh-keysign.c:229:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:208:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:228:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keysign.c:229:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:229:17: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/53/codeFlows/0/threadFlows/0/locations/8)
#  227|   	(void)fill_default_options(&options);
#  228|   	if (options.enable_ssh_keysign != 1)
#  229|-> 		fatal("ssh-keysign not enabled in %s",
#  230|   		    _PATH_HOST_CONFIG_FILE);
#  231|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def660]
openssh-10.0p1/ssh-keysign.c:229:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:228:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keysign.c:229:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:229:17: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/52/codeFlows/0/threadFlows/0/locations/8)
#  227|   	(void)fill_default_options(&options);
#  228|   	if (options.enable_ssh_keysign != 1)
#  229|-> 		fatal("ssh-keysign not enabled in %s",
#  230|   		    _PATH_HOST_CONFIG_FILE);
#  231|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def661]
openssh-10.0p1/ssh-keysign.c:232:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:228:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:232:13: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:232:13: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/58/codeFlows/0/threadFlows/0/locations/2)
#  230|   		    _PATH_HOST_CONFIG_FILE);
#  231|   
#  232|-> 	if (pledge("stdio dns", NULL) != 0)
#  233|   		fatal("%s: pledge: %s", __progname, strerror(errno));
#  234|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def662]
openssh-10.0p1/ssh-keysign.c:232:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:206:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:228:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:232:13: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:232:13: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/57/codeFlows/0/threadFlows/0/locations/8)
#  230|   		    _PATH_HOST_CONFIG_FILE);
#  231|   
#  232|-> 	if (pledge("stdio dns", NULL) != 0)
#  233|   		fatal("%s: pledge: %s", __progname, strerror(errno));
#  234|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def663]
openssh-10.0p1/ssh-keysign.c:232:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:207:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:228:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:232:13: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:232:13: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/56/codeFlows/0/threadFlows/0/locations/8)
#  230|   		    _PATH_HOST_CONFIG_FILE);
#  231|   
#  232|-> 	if (pledge("stdio dns", NULL) != 0)
#  233|   		fatal("%s: pledge: %s", __progname, strerror(errno));
#  234|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def664]
openssh-10.0p1/ssh-keysign.c:232:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:208:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:228:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:232:13: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:232:13: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/60/codeFlows/0/threadFlows/0/locations/8)
#  230|   		    _PATH_HOST_CONFIG_FILE);
#  231|   
#  232|-> 	if (pledge("stdio dns", NULL) != 0)
#  233|   		fatal("%s: pledge: %s", __progname, strerror(errno));
#  234|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def665]
openssh-10.0p1/ssh-keysign.c:232:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:228:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:232:13: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:232:13: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/59/codeFlows/0/threadFlows/0/locations/8)
#  230|   		    _PATH_HOST_CONFIG_FILE);
#  231|   
#  232|-> 	if (pledge("stdio dns", NULL) != 0)
#  233|   		fatal("%s: pledge: %s", __progname, strerror(errno));
#  234|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def666]
openssh-10.0p1/ssh-keysign.c:233:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:19: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:228:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:232:13: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:232:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keysign.c:233:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:233:17: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/61/codeFlows/0/threadFlows/0/locations/2)
#  231|   
#  232|   	if (pledge("stdio dns", NULL) != 0)
#  233|-> 		fatal("%s: pledge: %s", __progname, strerror(errno));
#  234|   
#  235|   	for (i = found = 0; i < NUM_KEYTYPES; i++) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def667]
openssh-10.0p1/ssh-keysign.c:233:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[0]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:206:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:228:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:232:13: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:232:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keysign.c:233:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:233:17: danger: ‘key_fd[0]’ leaks here; was opened at [(9)](sarif:/runs/0/results/65/codeFlows/0/threadFlows/0/locations/8)
#  231|   
#  232|   	if (pledge("stdio dns", NULL) != 0)
#  233|-> 		fatal("%s: pledge: %s", __progname, strerror(errno));
#  234|   
#  235|   	for (i = found = 0; i < NUM_KEYTYPES; i++) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def668]
openssh-10.0p1/ssh-keysign.c:233:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[1]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:207:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:228:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:232:13: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:232:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keysign.c:233:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:233:17: danger: ‘key_fd[1]’ leaks here; was opened at [(9)](sarif:/runs/0/results/63/codeFlows/0/threadFlows/0/locations/8)
#  231|   
#  232|   	if (pledge("stdio dns", NULL) != 0)
#  233|-> 		fatal("%s: pledge: %s", __progname, strerror(errno));
#  234|   
#  235|   	for (i = found = 0; i < NUM_KEYTYPES; i++) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def669]
openssh-10.0p1/ssh-keysign.c:233:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[2]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:208:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:228:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:232:13: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:232:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keysign.c:233:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:233:17: danger: ‘key_fd[2]’ leaks here; was opened at [(9)](sarif:/runs/0/results/62/codeFlows/0/threadFlows/0/locations/8)
#  231|   
#  232|   	if (pledge("stdio dns", NULL) != 0)
#  233|-> 		fatal("%s: pledge: %s", __progname, strerror(errno));
#  234|   
#  235|   	for (i = found = 0; i < NUM_KEYTYPES; i++) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def670]
openssh-10.0p1/ssh-keysign.c:233:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘key_fd[3]’
openssh-10.0p1/ssh-keysign.c:188:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:192:19: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:192:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:195:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:198:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
openssh-10.0p1/ssh-keysign.c:199:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:209:23: acquire_resource: opened here
openssh-10.0p1/ssh-keysign.c:211:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:213:14: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:228:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-keysign.c:232:13: branch_false: ...to here
openssh-10.0p1/ssh-keysign.c:232:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-keysign.c:233:17: branch_true: ...to here
openssh-10.0p1/ssh-keysign.c:233:17: danger: ‘key_fd[3]’ leaks here; was opened at [(9)](sarif:/runs/0/results/64/codeFlows/0/threadFlows/0/locations/8)
#  231|   
#  232|   	if (pledge("stdio dns", NULL) != 0)
#  233|-> 		fatal("%s: pledge: %s", __progname, strerror(errno));
#  234|   
#  235|   	for (i = found = 0; i < NUM_KEYTYPES; i++) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def671]
openssh-10.0p1/ssh-pkcs11.c:211:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.0p1/ssh-pkcs11.c:1734:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1749:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1751:35: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1751:35: acquire_memory: allocated here
openssh-10.0p1/ssh-pkcs11.c:1762:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1766:18: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1766:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
#  209|   
#  210|   	TAILQ_FOREACH(p, &pkcs11_providers, next) {
#  211|-> 		debug("check %p %s (%s)", p, p->name, p->module->module_path);
#  212|   		if (!strcmp(module_path, p->module->module_path))
#  213|   			return (p->module);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def672]
openssh-10.0p1/ssh-pkcs11.c:212:22: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘module_path’ where non-null expected
openssh-10.0p1/ssh-pkcs11.c:1734:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1749:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1751:35: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1751:35: acquire_memory: this call could return NULL
openssh-10.0p1/ssh-pkcs11.c:1762:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1766:18: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1766:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
#  210|   	TAILQ_FOREACH(p, &pkcs11_providers, next) {
#  211|   		debug("check %p %s (%s)", p, p->name, p->module->module_path);
#  212|-> 		if (!strcmp(module_path, p->module->module_path))
#  213|   			return (p->module);
#  214|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def673]
openssh-10.0p1/ssh-pkcs11.c:1759:13: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.0p1/ssh-pkcs11.c:1749:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1751:35: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1751:35: acquire_memory: allocated here
openssh-10.0p1/ssh-pkcs11.c:1759:13: danger: ‘provider_module’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
# 1757|   		provider_module = strdup(uri->module_path);
# 1758|   	}
# 1759|-> 	p = xcalloc(1, sizeof(*p));
# 1760|   	p->name = pkcs11_uri_get(uri);
# 1761|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def674]
openssh-10.0p1/ssh-pkcs11.c:1760:19: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.0p1/ssh-pkcs11.c:1749:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1751:35: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1751:35: acquire_memory: allocated here
openssh-10.0p1/ssh-pkcs11.c:1760:19: danger: ‘provider_module’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
# 1758|   	}
# 1759|   	p = xcalloc(1, sizeof(*p));
# 1760|-> 	p->name = pkcs11_uri_get(uri);
# 1761|   
# 1762|   	if (lib_contains_symbol(provider_module, "C_GetFunctionList") != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def675]
openssh-10.0p1/ssh-pkcs11.c:1762:13: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.0p1/ssh-pkcs11.c:1749:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1751:35: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1751:35: acquire_memory: allocated here
openssh-10.0p1/ssh-pkcs11.c:1762:13: danger: ‘provider_module’ leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
# 1760|   	p->name = pkcs11_uri_get(uri);
# 1761|   
# 1762|-> 	if (lib_contains_symbol(provider_module, "C_GetFunctionList") != 0) {
# 1763|   		error("provider %s is not a PKCS11 library", provider_module);
# 1764|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def676]
openssh-10.0p1/ssh-pkcs11.c:1763:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.0p1/ssh-pkcs11.c:1749:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1751:35: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1751:35: acquire_memory: allocated here
openssh-10.0p1/ssh-pkcs11.c:1762:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1763:17: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1763:17: danger: ‘provider_module’ leaks here; was allocated at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
# 1761|   
# 1762|   	if (lib_contains_symbol(provider_module, "C_GetFunctionList") != 0) {
# 1763|-> 		error("provider %s is not a PKCS11 library", provider_module);
# 1764|   		goto fail;
# 1765|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def677]
openssh-10.0p1/ssh-pkcs11.c:1768:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.0p1/ssh-pkcs11.c:1734:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1749:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1751:35: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1751:35: acquire_memory: allocated here
openssh-10.0p1/ssh-pkcs11.c:1762:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1766:18: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1766:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1766:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.0p1/ssh-pkcs11.c:1766:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1767:15: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1766:13: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1768:17: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1768:17: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/3)
# 1766|   	if ((m = pkcs11_provider_lookup_module(provider_module)) != NULL
# 1767|   	   && m->valid) {
# 1768|-> 		debug_f("provider module already initialized: %s", provider_module);
# 1769|   		free(provider_module);
# 1770|   		/* Skip the initialization of PKCS#11 module */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def678]
openssh-10.0p1/ssh-pkcs11.c:1779:21: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.0p1/ssh-pkcs11.c:1734:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1749:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1751:35: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1751:35: acquire_memory: allocated here
openssh-10.0p1/ssh-pkcs11.c:1762:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1766:18: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1766:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1766:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.0p1/ssh-pkcs11.c:1766:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1779:21: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1779:21: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/3)
# 1777|   		return 0;
# 1778|   	} else {
# 1779|-> 		m = xcalloc(1, sizeof(*m));
# 1780|   		p->module = m;
# 1781|   		m->refcount++;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def679]
openssh-10.0p1/ssh-pkcs11.c:1786:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.0p1/ssh-pkcs11.c:1734:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1749:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1751:35: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1751:35: acquire_memory: allocated here
openssh-10.0p1/ssh-pkcs11.c:1762:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1766:18: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1766:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1766:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.0p1/ssh-pkcs11.c:1766:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1779:21: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1785:12: branch_true: following ‘true’ branch (when ‘handle’ is NULL)...
openssh-10.0p1/ssh-pkcs11.c:1786:17: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1786:17: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/3)
# 1784|   	/* open shared pkcs11-library */
# 1785|   	if ((handle = dlopen(provider_module, RTLD_NOW)) == NULL) {
# 1786|-> 		error("dlopen %s failed: %s", provider_module, dlerror());
# 1787|   		goto fail;
# 1788|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def680]
openssh-10.0p1/ssh-pkcs11.c:1790:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.0p1/ssh-pkcs11.c:1734:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1749:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1751:35: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1751:35: acquire_memory: allocated here
openssh-10.0p1/ssh-pkcs11.c:1762:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1766:18: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1766:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1766:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.0p1/ssh-pkcs11.c:1766:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1779:21: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1785:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.0p1/ssh-pkcs11.c:1789:32: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1789:12: branch_true: following ‘true’ branch (when ‘getfunctionlist’ is NULL)...
openssh-10.0p1/ssh-pkcs11.c:1790:17: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1790:17: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/3)
# 1788|   	}
# 1789|   	if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL)
# 1790|-> 		fatal("dlsym(C_GetFunctionList) failed: %s", dlerror());
# 1791|   	p->module->handle = handle;
# 1792|   	/* setup the pkcs11 callbacks */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def681]
openssh-10.0p1/ssh-pkcs11.c:1793:19: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.0p1/ssh-pkcs11.c:1734:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1749:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1751:35: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1751:35: acquire_memory: allocated here
openssh-10.0p1/ssh-pkcs11.c:1762:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1766:18: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1766:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1766:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.0p1/ssh-pkcs11.c:1766:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1779:21: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1785:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.0p1/ssh-pkcs11.c:1789:32: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1789:12: branch_false: following ‘false’ branch (when ‘getfunctionlist’ is non-NULL)...
openssh-10.0p1/ssh-pkcs11.c:1791:9: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1793:19: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/3)
# 1791|   	p->module->handle = handle;
# 1792|   	/* setup the pkcs11 callbacks */
# 1793|-> 	if ((rv = (*getfunctionlist)(&f)) != CKR_OK) {
# 1794|   		error("C_GetFunctionList for provider %s failed: %lu",
# 1795|   		    provider_module, rv);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def682]
openssh-10.0p1/ssh-pkcs11.c:1794:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.0p1/ssh-pkcs11.c:1734:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1749:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1751:35: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1751:35: acquire_memory: allocated here
openssh-10.0p1/ssh-pkcs11.c:1762:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1766:18: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1766:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1766:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.0p1/ssh-pkcs11.c:1766:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1779:21: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1785:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.0p1/ssh-pkcs11.c:1789:32: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1789:12: branch_false: following ‘false’ branch (when ‘getfunctionlist’ is non-NULL)...
openssh-10.0p1/ssh-pkcs11.c:1791:9: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1793:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1794:17: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1794:17: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/3)
# 1792|   	/* setup the pkcs11 callbacks */
# 1793|   	if ((rv = (*getfunctionlist)(&f)) != CKR_OK) {
# 1794|-> 		error("C_GetFunctionList for provider %s failed: %lu",
# 1795|   		    provider_module, rv);
# 1796|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def683]
openssh-10.0p1/ssh-pkcs11.c:1799:19: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.0p1/ssh-pkcs11.c:1734:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1749:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1751:35: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1751:35: acquire_memory: allocated here
openssh-10.0p1/ssh-pkcs11.c:1762:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1766:18: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1766:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1766:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.0p1/ssh-pkcs11.c:1766:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1779:21: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1785:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.0p1/ssh-pkcs11.c:1789:32: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1789:12: branch_false: following ‘false’ branch (when ‘getfunctionlist’ is non-NULL)...
openssh-10.0p1/ssh-pkcs11.c:1791:9: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1793:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1798:9: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1799:19: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/3)
# 1797|   	}
# 1798|   	m->function_list = f;
# 1799|-> 	if ((rv = f->C_Initialize(NULL)) != CKR_OK) {
# 1800|   		error("C_Initialize for provider %s failed: %lu",
# 1801|   		    provider_module, rv);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def684]
openssh-10.0p1/ssh-pkcs11.c:1800:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.0p1/ssh-pkcs11.c:1734:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1749:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1751:35: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1751:35: acquire_memory: allocated here
openssh-10.0p1/ssh-pkcs11.c:1762:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1766:18: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1766:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1766:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.0p1/ssh-pkcs11.c:1766:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1779:21: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1785:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.0p1/ssh-pkcs11.c:1789:32: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1789:12: branch_false: following ‘false’ branch (when ‘getfunctionlist’ is non-NULL)...
openssh-10.0p1/ssh-pkcs11.c:1791:9: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1793:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1798:9: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1799:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1800:17: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1800:17: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/3)
# 1798|   	m->function_list = f;
# 1799|   	if ((rv = f->C_Initialize(NULL)) != CKR_OK) {
# 1800|-> 		error("C_Initialize for provider %s failed: %lu",
# 1801|   		    provider_module, rv);
# 1802|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def685]
openssh-10.0p1/ssh-pkcs11.c:1805:19: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.0p1/ssh-pkcs11.c:1734:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1749:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1751:35: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1751:35: acquire_memory: allocated here
openssh-10.0p1/ssh-pkcs11.c:1762:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1766:18: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1766:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1766:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.0p1/ssh-pkcs11.c:1766:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1779:21: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1785:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.0p1/ssh-pkcs11.c:1789:32: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1789:12: branch_false: following ‘false’ branch (when ‘getfunctionlist’ is non-NULL)...
openssh-10.0p1/ssh-pkcs11.c:1791:9: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1793:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1798:9: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1799:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1805:20: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1805:19: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/3)
# 1803|   	}
# 1804|   	need_finalize = 1;
# 1805|-> 	if ((rv = f->C_GetInfo(&m->info)) != CKR_OK) {
# 1806|   		error("C_GetInfo for provider %s failed: %lu",
# 1807|   		    provider_module, rv);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def686]
openssh-10.0p1/ssh-pkcs11.c:1806:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.0p1/ssh-pkcs11.c:1734:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1749:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1751:35: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1751:35: acquire_memory: allocated here
openssh-10.0p1/ssh-pkcs11.c:1762:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1766:18: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1766:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1766:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.0p1/ssh-pkcs11.c:1766:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1779:21: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1785:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.0p1/ssh-pkcs11.c:1789:32: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1789:12: branch_false: following ‘false’ branch (when ‘getfunctionlist’ is non-NULL)...
openssh-10.0p1/ssh-pkcs11.c:1791:9: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1793:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1798:9: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1799:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1805:20: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1805:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1806:17: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1806:17: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/3)
# 1804|   	need_finalize = 1;
# 1805|   	if ((rv = f->C_GetInfo(&m->info)) != CKR_OK) {
# 1806|-> 		error("C_GetInfo for provider %s failed: %lu",
# 1807|   		    provider_module, rv);
# 1808|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def687]
openssh-10.0p1/ssh-pkcs11.c:1813:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.0p1/ssh-pkcs11.c:1734:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1749:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1751:35: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1751:35: acquire_memory: allocated here
openssh-10.0p1/ssh-pkcs11.c:1762:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1766:18: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1766:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1766:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.0p1/ssh-pkcs11.c:1766:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1779:21: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1785:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.0p1/ssh-pkcs11.c:1789:32: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1789:12: branch_false: following ‘false’ branch (when ‘getfunctionlist’ is non-NULL)...
openssh-10.0p1/ssh-pkcs11.c:1791:9: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1793:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1798:9: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1799:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1805:20: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1805:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1810:17: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1810:9: call_function: inlined call to ‘rmspace’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1810:9: call_function: inlined call to ‘rmspace’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1811:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1812:13: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1811:13: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1813:17: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1813:17: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/3)
# 1811|   	if (uri->lib_manuf != NULL &&
# 1812|   	    strncmp(uri->lib_manuf, m->info.manufacturerID, 32)) {
# 1813|-> 		debug_f("Skipping provider %s not matching library_manufacturer",
# 1814|   		    m->info.manufacturerID);
# 1815|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def688]
openssh-10.0p1/ssh-pkcs11.c:1818:9: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.0p1/ssh-pkcs11.c:1734:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1749:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1751:35: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1751:35: acquire_memory: allocated here
openssh-10.0p1/ssh-pkcs11.c:1762:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1766:18: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1766:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1766:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.0p1/ssh-pkcs11.c:1766:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1779:21: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1785:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.0p1/ssh-pkcs11.c:1789:32: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1789:12: branch_false: following ‘false’ branch (when ‘getfunctionlist’ is non-NULL)...
openssh-10.0p1/ssh-pkcs11.c:1791:9: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1793:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1798:9: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1799:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1805:20: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1805:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1810:17: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1810:9: call_function: inlined call to ‘rmspace’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1810:9: call_function: inlined call to ‘rmspace’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1817:9: call_function: inlined call to ‘rmspace’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1817:9: call_function: inlined call to ‘rmspace’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1818:9: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/3)
# 1816|   	}
# 1817|   	rmspace(m->info.libraryDescription, sizeof(m->info.libraryDescription));
# 1818|-> 	debug("provider %s: manufacturerID <%.32s> cryptokiVersion %d.%d"
# 1819|   	    " libraryDescription <%.32s> libraryVersion %d.%d",
# 1820|   	    provider_module,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def689]
openssh-10.0p1/ssh-pkcs11.c:1876:17: warning[-Wanalyzer-malloc-leak]: leak of ‘provider_module’
openssh-10.0p1/ssh-pkcs11.c:1734:1: enter_function: entry to ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1749:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1751:35: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1751:35: acquire_memory: allocated here
openssh-10.0p1/ssh-pkcs11.c:1762:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1766:18: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1766:18: call_function: calling ‘pkcs11_provider_lookup_module’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1766:18: return_function: returning to ‘pkcs11_initialize_provider’ from ‘pkcs11_provider_lookup_module’
openssh-10.0p1/ssh-pkcs11.c:1766:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1779:21: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1785:12: branch_false: following ‘false’ branch (when ‘handle’ is non-NULL)...
openssh-10.0p1/ssh-pkcs11.c:1789:32: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1789:12: branch_false: following ‘false’ branch (when ‘getfunctionlist’ is non-NULL)...
openssh-10.0p1/ssh-pkcs11.c:1791:9: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1793:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1798:9: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1799:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1805:20: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1805:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-pkcs11.c:1810:17: branch_false: ...to here
openssh-10.0p1/ssh-pkcs11.c:1810:9: call_function: inlined call to ‘rmspace’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1810:9: call_function: inlined call to ‘rmspace’ from ‘pkcs11_initialize_provider’
openssh-10.0p1/ssh-pkcs11.c:1811:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1812:13: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1811:13: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1813:17: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1875:13: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-pkcs11.c:1876:17: branch_true: ...to here
openssh-10.0p1/ssh-pkcs11.c:1876:17: danger: ‘provider_module’ leaks here; was allocated at [(4)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/3)
# 1874|   fail:
# 1875|   	if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK)
# 1876|-> 		error("C_Finalize for provider %s failed: %lu",
# 1877|   		    provider_module, rv);
# 1878|   	free(provider_module);

Error: COMPILER_WARNING (CWE-1164): [#def690]
openssh-10.0p1/ssh-pkcs11.c:2011:1: warning[-Wunused-function]: ‘pkcs11_register_provider’ defined but not used
# 2011 | pkcs11_register_provider(char *provider_id, char *pin, struct sshkey ***keyp,
#      | ^~~~~~~~~~~~~~~~~~~~~~~~
# 2009|   
# 2010|   static int
# 2011|-> pkcs11_register_provider(char *provider_id, char *pin, struct sshkey ***keyp,
# 2012|       char ***labelsp, struct pkcs11_provider **providerp, CK_ULONG user)
# 2013|   {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def691]
openssh-10.0p1/ssh-sk-client.c:87:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pair[1], 0)’
openssh-10.0p1/ssh-sk-client.c:61:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-client.c:72:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-client.c:72:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-client.c:76:20: branch_false: ...to here
openssh-10.0p1/ssh-sk-client.c:77:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/ssh-sk-client.c:86:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-client.c:86:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/ssh-sk-client.c:87:22: branch_true: ...to here
openssh-10.0p1/ssh-sk-client.c:87:22: acquire_resource: opened here
openssh-10.0p1/ssh-sk-client.c:87:20: danger: ‘dup2(pair[1], 0)’ leaks here; was opened at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#   85|   	}
#   86|   	if (pid == 0) {
#   87|-> 		if ((dup2(pair[1], STDIN_FILENO) == -1) ||
#   88|   		    (dup2(pair[1], STDOUT_FILENO) == -1)) {
#   89|   			error_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def692]
openssh-10.0p1/ssh-sk-client.c:87:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pair[1], 1)’
openssh-10.0p1/ssh-sk-client.c:61:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-client.c:72:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-client.c:72:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-client.c:76:20: branch_false: ...to here
openssh-10.0p1/ssh-sk-client.c:77:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/ssh-sk-client.c:86:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-client.c:86:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/ssh-sk-client.c:87:22: branch_true: ...to here
openssh-10.0p1/ssh-sk-client.c:87:20: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-client.c:88:22: branch_false: ...to here
openssh-10.0p1/ssh-sk-client.c:88:22: acquire_resource: opened here
openssh-10.0p1/ssh-sk-client.c:87:21: danger: ‘dup2(pair[1], 1)’ leaks here; was opened at [(11)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/10)
#   85|   	}
#   86|   	if (pid == 0) {
#   87|-> 		if ((dup2(pair[1], STDIN_FILENO) == -1) ||
#   88|   		    (dup2(pair[1], STDOUT_FILENO) == -1)) {
#   89|   			error_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-404): [#def693]
openssh-10.0p1/ssh-sk-helper.c:63:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/ssh-sk-helper.c:213:1: enter_function: entry to ‘process_load_resident’
openssh-10.0p1/ssh-sk-helper.c:222:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:225:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:225:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:226:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:225:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:227:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:225:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:228:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:225:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:230:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:230:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:233:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:233:9: call_function: calling ‘null_empty’ from ‘process_load_resident’
openssh-10.0p1/ssh-sk-helper.c:233:9: return_function: returning to ‘process_load_resident’ from ‘null_empty’
openssh-10.0p1/ssh-sk-helper.c:234:9: call_function: calling ‘null_empty’ from ‘process_load_resident’
openssh-10.0p1/ssh-sk-helper.c:234:9: return_function: returning to ‘process_load_resident’ from ‘null_empty’
openssh-10.0p1/ssh-sk-helper.c:236:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-sk-helper.c:238:24: branch_true: ...to here
openssh-10.0p1/ssh-sk-helper.c:238:24: call_function: calling ‘reply_error’ from ‘process_load_resident’
#   61|   
#   62|   	va_start(ap, fmt);
#   63|-> 	xvasprintf(&msg, fmt, ap);
#   64|   	va_end(ap);
#   65|   	debug("%s: %s", __progname, msg);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def694]
openssh-10.0p1/ssh-sk-helper.c:102:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:337:24: call_function: calling ‘process_sign’ from ‘main’
#  100|   	char *provider = NULL, *pin = NULL;
#  101|   
#  102|-> 	if ((r = sshbuf_froms(req, &kbuf)) != 0 ||
#  103|   	    (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  104|   	    (r = sshbuf_get_string_direct(req, &message, &msglen)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def695]
openssh-10.0p1/ssh-sk-helper.c:103:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:337:24: call_function: calling ‘process_sign’ from ‘main’
#  101|   
#  102|   	if ((r = sshbuf_froms(req, &kbuf)) != 0 ||
#  103|-> 	    (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  104|   	    (r = sshbuf_get_string_direct(req, &message, &msglen)) != 0 ||
#  105|   	    (r = sshbuf_get_cstring(req, NULL, NULL)) != 0 || /* alg */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def696]
openssh-10.0p1/ssh-sk-helper.c:104:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:337:24: call_function: calling ‘process_sign’ from ‘main’
#  102|   	if ((r = sshbuf_froms(req, &kbuf)) != 0 ||
#  103|   	    (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  104|-> 	    (r = sshbuf_get_string_direct(req, &message, &msglen)) != 0 ||
#  105|   	    (r = sshbuf_get_cstring(req, NULL, NULL)) != 0 || /* alg */
#  106|   	    (r = sshbuf_get_u32(req, &compat)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def697]
openssh-10.0p1/ssh-sk-helper.c:105:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:337:24: call_function: calling ‘process_sign’ from ‘main’
#  103|   	    (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  104|   	    (r = sshbuf_get_string_direct(req, &message, &msglen)) != 0 ||
#  105|-> 	    (r = sshbuf_get_cstring(req, NULL, NULL)) != 0 || /* alg */
#  106|   	    (r = sshbuf_get_u32(req, &compat)) != 0 ||
#  107|   	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def698]
openssh-10.0p1/ssh-sk-helper.c:106:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:337:24: call_function: calling ‘process_sign’ from ‘main’
#  104|   	    (r = sshbuf_get_string_direct(req, &message, &msglen)) != 0 ||
#  105|   	    (r = sshbuf_get_cstring(req, NULL, NULL)) != 0 || /* alg */
#  106|-> 	    (r = sshbuf_get_u32(req, &compat)) != 0 ||
#  107|   	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0)
#  108|   		fatal_r(r, "%s: parse", __progname);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def699]
openssh-10.0p1/ssh-sk-helper.c:107:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:337:24: call_function: calling ‘process_sign’ from ‘main’
#  105|   	    (r = sshbuf_get_cstring(req, NULL, NULL)) != 0 || /* alg */
#  106|   	    (r = sshbuf_get_u32(req, &compat)) != 0 ||
#  107|-> 	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0)
#  108|   		fatal_r(r, "%s: parse", __progname);
#  109|   	if (sshbuf_len(req) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def700]
openssh-10.0p1/ssh-sk-helper.c:108:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:337:24: call_function: calling ‘process_sign’ from ‘main’
#  106|   	    (r = sshbuf_get_u32(req, &compat)) != 0 ||
#  107|   	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0)
#  108|-> 		fatal_r(r, "%s: parse", __progname);
#  109|   	if (sshbuf_len(req) != 0)
#  110|   		fatal("%s: trailing data in request", __progname);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def701]
openssh-10.0p1/ssh-sk-helper.c:158:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:340:24: call_function: calling ‘process_enroll’ from ‘main’
#  156|   	struct sshkey *key;
#  157|   
#  158|-> 	if ((attest = sshbuf_new()) == NULL ||
#  159|   	    (kbuf = sshbuf_new()) == NULL)
#  160|   		fatal("%s: sshbuf_new failed", __progname);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def702]
openssh-10.0p1/ssh-sk-helper.c:159:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:340:24: call_function: calling ‘process_enroll’ from ‘main’
#  157|   
#  158|   	if ((attest = sshbuf_new()) == NULL ||
#  159|-> 	    (kbuf = sshbuf_new()) == NULL)
#  160|   		fatal("%s: sshbuf_new failed", __progname);
#  161|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def703]
openssh-10.0p1/ssh-sk-helper.c:160:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:340:24: call_function: calling ‘process_enroll’ from ‘main’
#  158|   	if ((attest = sshbuf_new()) == NULL ||
#  159|   	    (kbuf = sshbuf_new()) == NULL)
#  160|-> 		fatal("%s: sshbuf_new failed", __progname);
#  161|   
#  162|   	if ((r = sshbuf_get_u32(req, &type)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def704]
openssh-10.0p1/ssh-sk-helper.c:162:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:340:24: call_function: calling ‘process_enroll’ from ‘main’
#  160|   		fatal("%s: sshbuf_new failed", __progname);
#  161|   
#  162|-> 	if ((r = sshbuf_get_u32(req, &type)) != 0 ||
#  163|   	    (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  164|   	    (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def705]
openssh-10.0p1/ssh-sk-helper.c:163:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:340:24: call_function: calling ‘process_enroll’ from ‘main’
#  161|   
#  162|   	if ((r = sshbuf_get_u32(req, &type)) != 0 ||
#  163|-> 	    (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  164|   	    (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
#  165|   	    (r = sshbuf_get_cstring(req, &application, NULL)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def706]
openssh-10.0p1/ssh-sk-helper.c:164:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:340:24: call_function: calling ‘process_enroll’ from ‘main’
#  162|   	if ((r = sshbuf_get_u32(req, &type)) != 0 ||
#  163|   	    (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  164|-> 	    (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
#  165|   	    (r = sshbuf_get_cstring(req, &application, NULL)) != 0 ||
#  166|   	    (r = sshbuf_get_cstring(req, &userid, NULL)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def707]
openssh-10.0p1/ssh-sk-helper.c:165:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:340:24: call_function: calling ‘process_enroll’ from ‘main’
#  163|   	    (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  164|   	    (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
#  165|-> 	    (r = sshbuf_get_cstring(req, &application, NULL)) != 0 ||
#  166|   	    (r = sshbuf_get_cstring(req, &userid, NULL)) != 0 ||
#  167|   	    (r = sshbuf_get_u8(req, &flags)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def708]
openssh-10.0p1/ssh-sk-helper.c:166:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:340:24: call_function: calling ‘process_enroll’ from ‘main’
#  164|   	    (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
#  165|   	    (r = sshbuf_get_cstring(req, &application, NULL)) != 0 ||
#  166|-> 	    (r = sshbuf_get_cstring(req, &userid, NULL)) != 0 ||
#  167|   	    (r = sshbuf_get_u8(req, &flags)) != 0 ||
#  168|   	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def709]
openssh-10.0p1/ssh-sk-helper.c:222:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:343:24: call_function: calling ‘process_load_resident’ from ‘main’
#  220|   	u_int flags;
#  221|   
#  222|-> 	if ((kbuf = sshbuf_new()) == NULL)
#  223|   		fatal("%s: sshbuf_new failed", __progname);
#  224|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def710]
openssh-10.0p1/ssh-sk-helper.c:223:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:343:24: call_function: calling ‘process_load_resident’ from ‘main’
#  221|   
#  222|   	if ((kbuf = sshbuf_new()) == NULL)
#  223|-> 		fatal("%s: sshbuf_new failed", __progname);
#  224|   
#  225|   	if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def711]
openssh-10.0p1/ssh-sk-helper.c:225:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:343:24: call_function: calling ‘process_load_resident’ from ‘main’
#  223|   		fatal("%s: sshbuf_new failed", __progname);
#  224|   
#  225|-> 	if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  226|   	    (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
#  227|   	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def712]
openssh-10.0p1/ssh-sk-helper.c:226:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:343:24: call_function: calling ‘process_load_resident’ from ‘main’
#  224|   
#  225|   	if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  226|-> 	    (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
#  227|   	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0 ||
#  228|   	    (r = sshbuf_get_u32(req, &flags)) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def713]
openssh-10.0p1/ssh-sk-helper.c:227:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:343:24: call_function: calling ‘process_load_resident’ from ‘main’
#  225|   	if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
#  226|   	    (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
#  227|-> 	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0 ||
#  228|   	    (r = sshbuf_get_u32(req, &flags)) != 0)
#  229|   		fatal_r(r, "%s: parse", __progname);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def714]
openssh-10.0p1/ssh-sk-helper.c:228:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:343:24: call_function: calling ‘process_load_resident’ from ‘main’
#  226|   	    (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
#  227|   	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0 ||
#  228|-> 	    (r = sshbuf_get_u32(req, &flags)) != 0)
#  229|   		fatal_r(r, "%s: parse", __progname);
#  230|   	if (sshbuf_len(req) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def715]
openssh-10.0p1/ssh-sk-helper.c:229:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:274:1: enter_function: entry to ‘main’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:343:24: call_function: calling ‘process_load_resident’ from ‘main’
#  227|   	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0 ||
#  228|   	    (r = sshbuf_get_u32(req, &flags)) != 0)
#  229|-> 		fatal_r(r, "%s: parse", __progname);
#  230|   	if (sshbuf_len(req) != 0)
#  231|   		fatal("%s: trailing data in request", __progname);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def716]
openssh-10.0p1/ssh-sk-helper.c:308:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.0p1/ssh-sk-helper.c:307:19: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_true: following ‘true’ branch (when ‘out == -1’)...
openssh-10.0p1/ssh-sk-helper.c:308:17: branch_true: ...to here
openssh-10.0p1/ssh-sk-helper.c:308:17: danger: ‘in’ leaks here; was opened at [(1)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/0)
#  306|   	closefrom(STDERR_FILENO + 1);
#  307|   	if ((in = dup(STDIN_FILENO)) == -1 || (out = dup(STDOUT_FILENO)) == -1)
#  308|-> 		fatal("%s: dup: %s", __progname, strerror(errno));
#  309|   	close(STDIN_FILENO);
#  310|   	close(STDOUT_FILENO);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def717]
openssh-10.0p1/ssh-sk-helper.c:309:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.0p1/ssh-sk-helper.c:307:19: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:309:9: danger: ‘in’ leaks here; was opened at [(1)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/0)
#  307|   	if ((in = dup(STDIN_FILENO)) == -1 || (out = dup(STDOUT_FILENO)) == -1)
#  308|   		fatal("%s: dup: %s", __progname, strerror(errno));
#  309|-> 	close(STDIN_FILENO);
#  310|   	close(STDOUT_FILENO);
#  311|   	sanitise_stdfd(); /* resets to /dev/null */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def718]
openssh-10.0p1/ssh-sk-helper.c:309:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:309:9: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/2)
#  307|   	if ((in = dup(STDIN_FILENO)) == -1 || (out = dup(STDOUT_FILENO)) == -1)
#  308|   		fatal("%s: dup: %s", __progname, strerror(errno));
#  309|-> 	close(STDIN_FILENO);
#  310|   	close(STDOUT_FILENO);
#  311|   	sanitise_stdfd(); /* resets to /dev/null */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def719]
openssh-10.0p1/ssh-sk-helper.c:310:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.0p1/ssh-sk-helper.c:307:19: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:310:9: danger: ‘in’ leaks here; was opened at [(1)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/0)
#  308|   		fatal("%s: dup: %s", __progname, strerror(errno));
#  309|   	close(STDIN_FILENO);
#  310|-> 	close(STDOUT_FILENO);
#  311|   	sanitise_stdfd(); /* resets to /dev/null */
#  312|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def720]
openssh-10.0p1/ssh-sk-helper.c:310:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:310:9: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/2)
#  308|   		fatal("%s: dup: %s", __progname, strerror(errno));
#  309|   	close(STDIN_FILENO);
#  310|-> 	close(STDOUT_FILENO);
#  311|   	sanitise_stdfd(); /* resets to /dev/null */
#  312|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def721]
openssh-10.0p1/ssh-sk-helper.c:311:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.0p1/ssh-sk-helper.c:307:19: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:311:9: danger: ‘in’ leaks here; was opened at [(1)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/0)
#  309|   	close(STDIN_FILENO);
#  310|   	close(STDOUT_FILENO);
#  311|-> 	sanitise_stdfd(); /* resets to /dev/null */
#  312|   
#  313|   	if ((req = sshbuf_new()) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def722]
openssh-10.0p1/ssh-sk-helper.c:311:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:311:9: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/2)
#  309|   	close(STDIN_FILENO);
#  310|   	close(STDOUT_FILENO);
#  311|-> 	sanitise_stdfd(); /* resets to /dev/null */
#  312|   
#  313|   	if ((req = sshbuf_new()) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def723]
openssh-10.0p1/ssh-sk-helper.c:313:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.0p1/ssh-sk-helper.c:307:19: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:313:20: danger: ‘in’ leaks here; was opened at [(1)](sarif:/runs/0/results/32/codeFlows/0/threadFlows/0/locations/0)
#  311|   	sanitise_stdfd(); /* resets to /dev/null */
#  312|   
#  313|-> 	if ((req = sshbuf_new()) == NULL)
#  314|   		fatal("%s: sshbuf_new failed", __progname);
#  315|   	if (ssh_msg_recv(in, req) < 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def724]
openssh-10.0p1/ssh-sk-helper.c:313:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:20: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/33/codeFlows/0/threadFlows/0/locations/2)
#  311|   	sanitise_stdfd(); /* resets to /dev/null */
#  312|   
#  313|-> 	if ((req = sshbuf_new()) == NULL)
#  314|   		fatal("%s: sshbuf_new failed", __progname);
#  315|   	if (ssh_msg_recv(in, req) < 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def725]
openssh-10.0p1/ssh-sk-helper.c:314:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.0p1/ssh-sk-helper.c:307:19: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-sk-helper.c:314:17: branch_true: ...to here
openssh-10.0p1/ssh-sk-helper.c:314:17: danger: ‘in’ leaks here; was opened at [(1)](sarif:/runs/0/results/34/codeFlows/0/threadFlows/0/locations/0)
#  312|   
#  313|   	if ((req = sshbuf_new()) == NULL)
#  314|-> 		fatal("%s: sshbuf_new failed", __progname);
#  315|   	if (ssh_msg_recv(in, req) < 0)
#  316|   		fatal("ssh_msg_recv failed");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def726]
openssh-10.0p1/ssh-sk-helper.c:314:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-sk-helper.c:314:17: branch_true: ...to here
openssh-10.0p1/ssh-sk-helper.c:314:17: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/35/codeFlows/0/threadFlows/0/locations/2)
#  312|   
#  313|   	if ((req = sshbuf_new()) == NULL)
#  314|-> 		fatal("%s: sshbuf_new failed", __progname);
#  315|   	if (ssh_msg_recv(in, req) < 0)
#  316|   		fatal("ssh_msg_recv failed");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def727]
openssh-10.0p1/ssh-sk-helper.c:315:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.0p1/ssh-sk-helper.c:307:19: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:13: danger: ‘in’ leaks here; was opened at [(1)](sarif:/runs/0/results/36/codeFlows/0/threadFlows/0/locations/0)
#  313|   	if ((req = sshbuf_new()) == NULL)
#  314|   		fatal("%s: sshbuf_new failed", __progname);
#  315|-> 	if (ssh_msg_recv(in, req) < 0)
#  316|   		fatal("ssh_msg_recv failed");
#  317|   	close(in);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def728]
openssh-10.0p1/ssh-sk-helper.c:315:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:13: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/37/codeFlows/0/threadFlows/0/locations/2)
#  313|   	if ((req = sshbuf_new()) == NULL)
#  314|   		fatal("%s: sshbuf_new failed", __progname);
#  315|-> 	if (ssh_msg_recv(in, req) < 0)
#  316|   		fatal("ssh_msg_recv failed");
#  317|   	close(in);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def729]
openssh-10.0p1/ssh-sk-helper.c:316:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-sk-helper.c:316:17: branch_true: ...to here
openssh-10.0p1/ssh-sk-helper.c:316:17: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/38/codeFlows/0/threadFlows/0/locations/2)
#  314|   		fatal("%s: sshbuf_new failed", __progname);
#  315|   	if (ssh_msg_recv(in, req) < 0)
#  316|-> 		fatal("ssh_msg_recv failed");
#  317|   	close(in);
#  318|   	debug_f("received message len %zu", sshbuf_len(req));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def730]
openssh-10.0p1/ssh-sk-helper.c:317:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:317:9: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/39/codeFlows/0/threadFlows/0/locations/2)
#  315|   	if (ssh_msg_recv(in, req) < 0)
#  316|   		fatal("ssh_msg_recv failed");
#  317|-> 	close(in);
#  318|   	debug_f("received message len %zu", sshbuf_len(req));
#  319|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def731]
openssh-10.0p1/ssh-sk-helper.c:318:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:318:9: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/40/codeFlows/0/threadFlows/0/locations/2)
#  316|   		fatal("ssh_msg_recv failed");
#  317|   	close(in);
#  318|-> 	debug_f("received message len %zu", sshbuf_len(req));
#  319|   
#  320|   	if ((r = sshbuf_get_u8(req, &version)) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def732]
openssh-10.0p1/ssh-sk-helper.c:320:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:18: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/42/codeFlows/0/threadFlows/0/locations/2)
#  318|   	debug_f("received message len %zu", sshbuf_len(req));
#  319|   
#  320|-> 	if ((r = sshbuf_get_u8(req, &version)) != 0)
#  321|   		fatal_r(r, "%s: parse version", __progname);
#  322|   	if (version != SSH_SK_HELPER_VERSION) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def733]
openssh-10.0p1/ssh-sk-helper.c:321:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-sk-helper.c:321:17: branch_true: ...to here
openssh-10.0p1/ssh-sk-helper.c:321:17: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/43/codeFlows/0/threadFlows/0/locations/2)
#  319|   
#  320|   	if ((r = sshbuf_get_u8(req, &version)) != 0)
#  321|-> 		fatal_r(r, "%s: parse version", __progname);
#  322|   	if (version != SSH_SK_HELPER_VERSION) {
#  323|   		fatal("unsupported version: received %d, expected %d",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def734]
openssh-10.0p1/ssh-sk-helper.c:323:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-sk-helper.c:323:17: branch_true: ...to here
openssh-10.0p1/ssh-sk-helper.c:323:17: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/45/codeFlows/0/threadFlows/0/locations/2)
#  321|   		fatal_r(r, "%s: parse version", __progname);
#  322|   	if (version != SSH_SK_HELPER_VERSION) {
#  323|-> 		fatal("unsupported version: received %d, expected %d",
#  324|   		    version, SSH_SK_HELPER_VERSION);
#  325|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def735]
openssh-10.0p1/ssh-sk-helper.c:327:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:18: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/46/codeFlows/0/threadFlows/0/locations/2)
#  325|   	}
#  326|   
#  327|-> 	if ((r = sshbuf_get_u32(req, &rtype)) != 0 ||
#  328|   	    (r = sshbuf_get_u8(req, &log_stderr)) != 0 ||
#  329|   	    (r = sshbuf_get_u32(req, &ll)) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def736]
openssh-10.0p1/ssh-sk-helper.c:328:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:328:18: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/47/codeFlows/0/threadFlows/0/locations/2)
#  326|   
#  327|   	if ((r = sshbuf_get_u32(req, &rtype)) != 0 ||
#  328|-> 	    (r = sshbuf_get_u8(req, &log_stderr)) != 0 ||
#  329|   	    (r = sshbuf_get_u32(req, &ll)) != 0)
#  330|   		fatal_r(r, "%s: parse", __progname);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def737]
openssh-10.0p1/ssh-sk-helper.c:329:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:329:18: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/48/codeFlows/0/threadFlows/0/locations/2)
#  327|   	if ((r = sshbuf_get_u32(req, &rtype)) != 0 ||
#  328|   	    (r = sshbuf_get_u8(req, &log_stderr)) != 0 ||
#  329|-> 	    (r = sshbuf_get_u32(req, &ll)) != 0)
#  330|   		fatal_r(r, "%s: parse", __progname);
#  331|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def738]
openssh-10.0p1/ssh-sk-helper.c:330:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:330:17: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/49/codeFlows/0/threadFlows/0/locations/2)
#  328|   	    (r = sshbuf_get_u8(req, &log_stderr)) != 0 ||
#  329|   	    (r = sshbuf_get_u32(req, &ll)) != 0)
#  330|-> 		fatal_r(r, "%s: parse", __progname);
#  331|   
#  332|   	if (!vflag && log_level_name((LogLevel)ll) != NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def739]
openssh-10.0p1/ssh-sk-helper.c:332:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_true: following ‘true’ branch (when ‘vflag == 0’)...
openssh-10.0p1/ssh-sk-helper.c:332:23: branch_true: ...to here
openssh-10.0p1/ssh-sk-helper.c:332:23: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/51/codeFlows/0/threadFlows/0/locations/2)
#  330|   		fatal_r(r, "%s: parse", __progname);
#  331|   
#  332|-> 	if (!vflag && log_level_name((LogLevel)ll) != NULL)
#  333|   		log_init(__progname, (LogLevel)ll, log_facility, log_stderr);
#  334|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def740]
openssh-10.0p1/ssh-sk-helper.c:333:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-sk-helper.c:333:17: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/52/codeFlows/0/threadFlows/0/locations/2)
#  331|   
#  332|   	if (!vflag && log_level_name((LogLevel)ll) != NULL)
#  333|-> 		log_init(__progname, (LogLevel)ll, log_facility, log_stderr);
#  334|   
#  335|   	switch (rtype) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def741]
openssh-10.0p1/ssh-sk-helper.c:346:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh-sk-helper.c:307:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh-sk-helper.c:307:54: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:307:54: acquire_resource: opened here
openssh-10.0p1/ssh-sk-helper.c:307:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh-sk-helper.c:309:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:313:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:315:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:315:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:317:9: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:320:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:322:13: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:322:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:327:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:328:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:329:18: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:327:13: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk-helper.c:332:12: branch_false: ...to here
openssh-10.0p1/ssh-sk-helper.c:346:17: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/53/codeFlows/0/threadFlows/0/locations/2)
#  344|   		break;
#  345|   	default:
#  346|-> 		fatal("%s: unsupported request type %u", __progname, rtype);
#  347|   	}
#  348|   	sshbuf_free(req);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def742]
openssh-10.0p1/ssh-sk.c:122:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/ssh-sk.c:113:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:117:20: acquire_memory: allocated here
openssh-10.0p1/ssh-sk.c:117:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/ssh-sk.c:121:26: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:121:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-sk.c:122:17: branch_true: ...to here
openssh-10.0p1/ssh-sk.c:122:17: danger: ‘ret’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  120|   	}
#  121|   	if ((ret->path = strdup(path)) == NULL) {
#  122|-> 		error_f("strdup failed");
#  123|   		goto fail;
#  124|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def743]
openssh-10.0p1/ssh-sk.c:137:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.0p1/ssh-sk.c:113:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:117:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/ssh-sk.c:121:26: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:121:26: acquire_memory: allocated here
openssh-10.0p1/ssh-sk.c:121:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:126:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:126:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:137:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:137:13: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  135|   #endif
#  136|   	}
#  137|-> 	if (lib_contains_symbol(path, "sk_api_version") != 0) {
#  138|   		error("provider %s is not an OpenSSH FIDO library", path);
#  139|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def744]
openssh-10.0p1/ssh-sk.c:137:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/ssh-sk.c:113:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:117:20: acquire_memory: allocated here
openssh-10.0p1/ssh-sk.c:117:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/ssh-sk.c:121:26: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:121:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:126:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:126:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:137:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:137:13: danger: ‘ret’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  135|   #endif
#  136|   	}
#  137|-> 	if (lib_contains_symbol(path, "sk_api_version") != 0) {
#  138|   		error("provider %s is not an OpenSSH FIDO library", path);
#  139|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def745]
openssh-10.0p1/ssh-sk.c:138:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.0p1/ssh-sk.c:113:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:117:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/ssh-sk.c:121:26: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:121:26: acquire_memory: allocated here
openssh-10.0p1/ssh-sk.c:121:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:126:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:126:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:137:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:137:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-sk.c:138:17: branch_true: ...to here
openssh-10.0p1/ssh-sk.c:138:17: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
#  136|   	}
#  137|   	if (lib_contains_symbol(path, "sk_api_version") != 0) {
#  138|-> 		error("provider %s is not an OpenSSH FIDO library", path);
#  139|   		goto fail;
#  140|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def746]
openssh-10.0p1/ssh-sk.c:138:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/ssh-sk.c:113:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:117:20: acquire_memory: allocated here
openssh-10.0p1/ssh-sk.c:117:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/ssh-sk.c:121:26: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:121:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:126:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:126:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:137:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:137:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-sk.c:138:17: branch_true: ...to here
openssh-10.0p1/ssh-sk.c:138:17: danger: ‘ret’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  136|   	}
#  137|   	if (lib_contains_symbol(path, "sk_api_version") != 0) {
#  138|-> 		error("provider %s is not an OpenSSH FIDO library", path);
#  139|   		goto fail;
#  140|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def747]
openssh-10.0p1/ssh-sk.c:142:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.0p1/ssh-sk.c:113:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:117:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/ssh-sk.c:121:26: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:121:26: acquire_memory: allocated here
openssh-10.0p1/ssh-sk.c:121:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:126:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:126:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:137:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:141:30: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:141:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-sk.c:142:17: branch_true: ...to here
openssh-10.0p1/ssh-sk.c:142:17: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/4)
#  140|   	}
#  141|   	if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL)
#  142|-> 		fatal("Provider \"%s\" dlopen failed: %s", path, dlerror());
#  143|   	if ((ret->sk_api_version = dlsym(ret->dlhandle,
#  144|   	    "sk_api_version")) == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def748]
openssh-10.0p1/ssh-sk.c:142:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/ssh-sk.c:113:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:117:20: acquire_memory: allocated here
openssh-10.0p1/ssh-sk.c:117:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/ssh-sk.c:121:26: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:121:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:126:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:126:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:137:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:141:30: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:141:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-sk.c:142:17: branch_true: ...to here
openssh-10.0p1/ssh-sk.c:142:17: danger: ‘ret’ leaks here; was allocated at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
#  140|   	}
#  141|   	if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL)
#  142|-> 		fatal("Provider \"%s\" dlopen failed: %s", path, dlerror());
#  143|   	if ((ret->sk_api_version = dlsym(ret->dlhandle,
#  144|   	    "sk_api_version")) == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def749]
openssh-10.0p1/ssh-sk.c:145:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.0p1/ssh-sk.c:113:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:117:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/ssh-sk.c:121:26: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:121:26: acquire_memory: allocated here
openssh-10.0p1/ssh-sk.c:121:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:126:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:126:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:137:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:141:30: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:143:36: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:143:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-sk.c:145:17: branch_true: ...to here
openssh-10.0p1/ssh-sk.c:145:17: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/4)
#  143|   	if ((ret->sk_api_version = dlsym(ret->dlhandle,
#  144|   	    "sk_api_version")) == NULL) {
#  145|-> 		error("Provider \"%s\" dlsym(sk_api_version) failed: %s",
#  146|   		    path, dlerror());
#  147|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def750]
openssh-10.0p1/ssh-sk.c:145:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/ssh-sk.c:113:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:117:20: acquire_memory: allocated here
openssh-10.0p1/ssh-sk.c:117:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/ssh-sk.c:121:26: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:121:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:126:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:126:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:137:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:141:30: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:143:36: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:143:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-sk.c:145:17: branch_true: ...to here
openssh-10.0p1/ssh-sk.c:145:17: danger: ‘ret’ leaks here; was allocated at [(3)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/2)
#  143|   	if ((ret->sk_api_version = dlsym(ret->dlhandle,
#  144|   	    "sk_api_version")) == NULL) {
#  145|-> 		error("Provider \"%s\" dlsym(sk_api_version) failed: %s",
#  146|   		    path, dlerror());
#  147|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def751]
openssh-10.0p1/ssh-sk.c:149:19: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.0p1/ssh-sk.c:113:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:117:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/ssh-sk.c:121:26: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:121:26: acquire_memory: allocated here
openssh-10.0p1/ssh-sk.c:121:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:126:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:126:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:137:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:141:30: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:143:36: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:143:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:149:19: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:149:19: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/4)
#  147|   		goto fail;
#  148|   	}
#  149|-> 	version = ret->sk_api_version();
#  150|   	debug_f("provider %s implements version 0x%08lx", ret->path,
#  151|   	    (u_long)version);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def752]
openssh-10.0p1/ssh-sk.c:149:19: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/ssh-sk.c:113:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:117:20: acquire_memory: allocated here
openssh-10.0p1/ssh-sk.c:117:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/ssh-sk.c:121:26: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:121:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:126:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:126:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:137:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:141:30: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:143:36: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:143:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:149:19: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:149:19: danger: ‘ret’ leaks here; was allocated at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2)
#  147|   		goto fail;
#  148|   	}
#  149|-> 	version = ret->sk_api_version();
#  150|   	debug_f("provider %s implements version 0x%08lx", ret->path,
#  151|   	    (u_long)version);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def753]
openssh-10.0p1/ssh-sk.c:150:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
openssh-10.0p1/ssh-sk.c:113:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:117:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/ssh-sk.c:121:26: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:121:26: acquire_memory: allocated here
openssh-10.0p1/ssh-sk.c:121:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:126:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:126:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:137:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:141:30: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:143:36: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:143:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:149:19: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:150:9: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/4)
#  148|   	}
#  149|   	version = ret->sk_api_version();
#  150|-> 	debug_f("provider %s implements version 0x%08lx", ret->path,
#  151|   	    (u_long)version);
#  152|   	if ((version & SSH_SK_VERSION_MAJOR_MASK) != SSH_SK_VERSION_MAJOR) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def754]
openssh-10.0p1/ssh-sk.c:150:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/ssh-sk.c:113:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:117:20: acquire_memory: allocated here
openssh-10.0p1/ssh-sk.c:117:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/ssh-sk.c:121:26: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:121:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:126:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:126:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:137:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:141:30: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:143:36: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:143:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:149:19: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:150:9: danger: ‘ret’ leaks here; was allocated at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2)
#  148|   	}
#  149|   	version = ret->sk_api_version();
#  150|-> 	debug_f("provider %s implements version 0x%08lx", ret->path,
#  151|   	    (u_long)version);
#  152|   	if ((version & SSH_SK_VERSION_MAJOR_MASK) != SSH_SK_VERSION_MAJOR) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def755]
openssh-10.0p1/ssh-sk.c:153:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/ssh-sk.c:113:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:117:20: acquire_memory: allocated here
openssh-10.0p1/ssh-sk.c:117:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/ssh-sk.c:121:26: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:121:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:126:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:126:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:137:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:141:30: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:143:36: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:143:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:149:19: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:152:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-sk.c:153:17: branch_true: ...to here
openssh-10.0p1/ssh-sk.c:153:17: danger: ‘ret’ leaks here; was allocated at [(3)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/2)
#  151|   	    (u_long)version);
#  152|   	if ((version & SSH_SK_VERSION_MAJOR_MASK) != SSH_SK_VERSION_MAJOR) {
#  153|-> 		error("Provider \"%s\" implements unsupported "
#  154|   		    "version 0x%08lx (supported: 0x%08lx)",
#  155|   		    path, (u_long)version, (u_long)SSH_SK_VERSION_MAJOR);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def756]
openssh-10.0p1/ssh-sk.c:159:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/ssh-sk.c:113:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:117:20: acquire_memory: allocated here
openssh-10.0p1/ssh-sk.c:117:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/ssh-sk.c:121:26: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:121:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:126:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:126:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:137:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:141:30: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:143:36: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:143:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:149:19: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:152:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:158:37: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:158:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-sk.c:159:17: branch_true: ...to here
openssh-10.0p1/ssh-sk.c:159:17: danger: ‘ret’ leaks here; was allocated at [(3)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/2)
#  157|   	}
#  158|   	if ((ret->sk_enroll = dlsym(ret->dlhandle, "sk_enroll")) == NULL) {
#  159|-> 		error("Provider %s dlsym(sk_enroll) failed: %s",
#  160|   		    path, dlerror());
#  161|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def757]
openssh-10.0p1/ssh-sk.c:164:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/ssh-sk.c:113:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:117:20: acquire_memory: allocated here
openssh-10.0p1/ssh-sk.c:117:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/ssh-sk.c:121:26: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:121:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:126:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:126:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:137:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:141:30: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:143:36: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:143:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:149:19: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:152:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:158:37: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:158:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:163:35: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:163:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-sk.c:164:17: branch_true: ...to here
openssh-10.0p1/ssh-sk.c:164:17: danger: ‘ret’ leaks here; was allocated at [(3)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/2)
#  162|   	}
#  163|   	if ((ret->sk_sign = dlsym(ret->dlhandle, "sk_sign")) == NULL) {
#  164|-> 		error("Provider \"%s\" dlsym(sk_sign) failed: %s",
#  165|   		    path, dlerror());
#  166|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def758]
openssh-10.0p1/ssh-sk.c:170:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/ssh-sk.c:113:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:117:20: acquire_memory: allocated here
openssh-10.0p1/ssh-sk.c:117:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/ssh-sk.c:121:26: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:121:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:126:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:126:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:137:13: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:137:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:141:30: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:141:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:143:36: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:143:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:149:19: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:152:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:158:37: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:158:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:163:35: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:163:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh-sk.c:168:49: branch_false: ...to here
openssh-10.0p1/ssh-sk.c:168:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh-sk.c:170:17: branch_true: ...to here
openssh-10.0p1/ssh-sk.c:170:17: danger: ‘ret’ leaks here; was allocated at [(3)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/2)
#  168|   	if ((ret->sk_load_resident_keys = dlsym(ret->dlhandle,
#  169|   	    "sk_load_resident_keys")) == NULL) {
#  170|-> 		error("Provider \"%s\" dlsym(sk_load_resident_keys) "
#  171|   		    "failed: %s", path, dlerror());
#  172|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def759]
openssh-10.0p1/ssh.c:2055:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.0p1/ssh.c:2047:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh.c:2050:9: branch_false: ...to here
openssh-10.0p1/ssh.c:2053:19: acquire_resource: opened here
openssh-10.0p1/ssh.c:2053:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh.c:2054:20: branch_false: ...to here
openssh-10.0p1/ssh.c:2053:13: branch_true: following ‘true’ branch (when ‘out == -1’)...
openssh-10.0p1/ssh.c:2055:17: branch_true: ...to here
openssh-10.0p1/ssh.c:2055:17: danger: ‘in’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
# 2053|   	if ((in = dup(STDIN_FILENO)) == -1 ||
# 2054|   	    (out = dup(STDOUT_FILENO)) == -1)
# 2055|-> 		fatal_f("dup() in/out failed");
# 2056|   	if ((c = channel_connect_stdio_fwd(ssh, options.stdio_forward_host,
# 2057|   	    options.stdio_forward_port, in, out,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def760]
openssh-10.0p1/ssh.c:2056:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.0p1/ssh.c:2047:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh.c:2050:9: branch_false: ...to here
openssh-10.0p1/ssh.c:2053:19: acquire_resource: opened here
openssh-10.0p1/ssh.c:2053:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh.c:2054:20: branch_false: ...to here
openssh-10.0p1/ssh.c:2053:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh.c:2056:18: branch_false: ...to here
openssh-10.0p1/ssh.c:2056:18: danger: ‘in’ leaks here; was opened at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
# 2054|   	    (out = dup(STDOUT_FILENO)) == -1)
# 2055|   		fatal_f("dup() in/out failed");
# 2056|-> 	if ((c = channel_connect_stdio_fwd(ssh, options.stdio_forward_host,
# 2057|   	    options.stdio_forward_port, in, out,
# 2058|   	    CHANNEL_NONBLOCK_STDIO)) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def761]
openssh-10.0p1/ssh.c:2056:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh.c:2047:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh.c:2050:9: branch_false: ...to here
openssh-10.0p1/ssh.c:2053:12: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/ssh.c:2054:20: branch_false: ...to here
openssh-10.0p1/ssh.c:2054:20: acquire_resource: opened here
openssh-10.0p1/ssh.c:2053:13: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/ssh.c:2056:18: branch_false: ...to here
openssh-10.0p1/ssh.c:2056:18: danger: ‘out’ leaks here; was opened at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
# 2054|   	    (out = dup(STDOUT_FILENO)) == -1)
# 2055|   		fatal_f("dup() in/out failed");
# 2056|-> 	if ((c = channel_connect_stdio_fwd(ssh, options.stdio_forward_host,
# 2057|   	    options.stdio_forward_port, in, out,
# 2058|   	    CHANNEL_NONBLOCK_STDIO)) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def762]
openssh-10.0p1/ssh.c:2255:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘err’
openssh-10.0p1/ssh.c:2246:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh.c:2247:22: branch_true: ...to here
openssh-10.0p1/ssh.c:2252:15: acquire_resource: opened here
openssh-10.0p1/ssh.c:2254:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh.c:2255:17: branch_true: ...to here
openssh-10.0p1/ssh.c:2255:17: danger: ‘err’ leaks here; was opened at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
# 2253|   
# 2254|   	if (in == -1 || out == -1 || err == -1)
# 2255|-> 		fatal("dup() in/out/err failed");
# 2256|   
# 2257|   	window = CHAN_SES_WINDOW_DEFAULT;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def763]
openssh-10.0p1/ssh.c:2255:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.0p1/ssh.c:2246:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh.c:2247:22: branch_true: ...to here
openssh-10.0p1/ssh.c:2247:22: acquire_resource: opened here
openssh-10.0p1/ssh.c:2254:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh.c:2255:17: branch_true: ...to here
openssh-10.0p1/ssh.c:2255:17: danger: ‘in’ leaks here; was opened at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
# 2253|   
# 2254|   	if (in == -1 || out == -1 || err == -1)
# 2255|-> 		fatal("dup() in/out/err failed");
# 2256|   
# 2257|   	window = CHAN_SES_WINDOW_DEFAULT;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def764]
openssh-10.0p1/ssh.c:2255:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh.c:2246:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh.c:2247:22: branch_true: ...to here
openssh-10.0p1/ssh.c:2251:15: acquire_resource: opened here
openssh-10.0p1/ssh.c:2254:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh.c:2255:17: branch_true: ...to here
openssh-10.0p1/ssh.c:2255:17: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
# 2253|   
# 2254|   	if (in == -1 || out == -1 || err == -1)
# 2255|-> 		fatal("dup() in/out/err failed");
# 2256|   
# 2257|   	window = CHAN_SES_WINDOW_DEFAULT;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def765]
openssh-10.0p1/ssh.c:2263:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘err’
openssh-10.0p1/ssh.c:2246:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh.c:2247:22: branch_true: ...to here
openssh-10.0p1/ssh.c:2252:15: acquire_resource: opened here
openssh-10.0p1/ssh.c:2254:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh.c:2254:13: branch_false: ...to here
openssh-10.0p1/ssh.c:2254:13: branch_false: following ‘false’ branch (when ‘err != -1’)...
openssh-10.0p1/ssh.c:2259:13: branch_false: ...to here
openssh-10.0p1/ssh.c:2263:13: danger: ‘err’ leaks here; was opened at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2)
# 2261|   		packetmax >>= 1;
# 2262|   	}
# 2263|-> 	c = channel_new(ssh,
# 2264|   	    "session", SSH_CHANNEL_OPENING, in, out, err,
# 2265|   	    window, packetmax, CHAN_EXTENDED_WRITE,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def766]
openssh-10.0p1/ssh.c:2263:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.0p1/ssh.c:2246:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh.c:2249:22: branch_false: ...to here
openssh-10.0p1/ssh.c:2249:22: acquire_resource: opened here
openssh-10.0p1/ssh.c:2254:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh.c:2263:13: danger: ‘in’ leaks here; was opened at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2)
# 2261|   		packetmax >>= 1;
# 2262|   	}
# 2263|-> 	c = channel_new(ssh,
# 2264|   	    "session", SSH_CHANNEL_OPENING, in, out, err,
# 2265|   	    window, packetmax, CHAN_EXTENDED_WRITE,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def767]
openssh-10.0p1/ssh.c:2263:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/ssh.c:2246:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh.c:2247:22: branch_true: ...to here
openssh-10.0p1/ssh.c:2251:15: acquire_resource: opened here
openssh-10.0p1/ssh.c:2254:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh.c:2263:13: danger: ‘out’ leaks here; was opened at [(3)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/2)
# 2261|   		packetmax >>= 1;
# 2262|   	}
# 2263|-> 	c = channel_new(ssh,
# 2264|   	    "session", SSH_CHANNEL_OPENING, in, out, err,
# 2265|   	    window, packetmax, CHAN_EXTENDED_WRITE,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def768]
openssh-10.0p1/ssh_api.c:552:30: warning[-Wanalyzer-malloc-leak]: leak of ‘avail’
openssh-10.0p1/ssh_api.c:538:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:540:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:541:31: acquire_memory: allocated here
openssh-10.0p1/ssh_api.c:541:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:545:18: branch_false: ...to here
openssh-10.0p1/ssh_api.c:546:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.0p1/ssh_api.c:550:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:551:16: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh_api.c:552:30: danger: ‘avail’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  550|   	*replace = '\0';
#  551|   	while ((alg = strsep(&avail, ",")) && *alg != '\0') {
#  552|-> 		if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC)
#  553|   			continue;
#  554|   		nid = sshkey_ecdsa_nid_from_name(alg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def769]
openssh-10.0p1/ssh_api.c:552:30: warning[-Wanalyzer-malloc-leak]: leak of ‘replace’
openssh-10.0p1/ssh_api.c:538:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:540:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:541:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:545:18: branch_false: ...to here
openssh-10.0p1/ssh_api.c:546:24: acquire_memory: allocated here
openssh-10.0p1/ssh_api.c:546:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.0p1/ssh_api.c:550:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:551:16: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh_api.c:552:30: danger: ‘replace’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  550|   	*replace = '\0';
#  551|   	while ((alg = strsep(&avail, ",")) && *alg != '\0') {
#  552|-> 		if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC)
#  553|   			continue;
#  554|   		nid = sshkey_ecdsa_nid_from_name(alg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def770]
openssh-10.0p1/ssh_api.c:554:23: warning[-Wanalyzer-malloc-leak]: leak of ‘avail’
openssh-10.0p1/ssh_api.c:538:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:540:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:541:31: acquire_memory: allocated here
openssh-10.0p1/ssh_api.c:541:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:545:18: branch_false: ...to here
openssh-10.0p1/ssh_api.c:546:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.0p1/ssh_api.c:550:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:551:16: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh_api.c:554:23: danger: ‘avail’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  552|   		if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC)
#  553|   			continue;
#  554|-> 		nid = sshkey_ecdsa_nid_from_name(alg);
#  555|   		TAILQ_FOREACH(k, &ssh->public_keys, next) {
#  556|   			if (k->key->type != ktype &&

Error: GCC_ANALYZER_WARNING (CWE-401): [#def771]
openssh-10.0p1/ssh_api.c:554:23: warning[-Wanalyzer-malloc-leak]: leak of ‘replace’
openssh-10.0p1/ssh_api.c:538:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:540:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:541:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:545:18: branch_false: ...to here
openssh-10.0p1/ssh_api.c:546:24: acquire_memory: allocated here
openssh-10.0p1/ssh_api.c:546:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.0p1/ssh_api.c:550:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:551:16: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh_api.c:554:23: danger: ‘replace’ leaks here; was allocated at [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4)
#  552|   		if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC)
#  553|   			continue;
#  554|-> 		nid = sshkey_ecdsa_nid_from_name(alg);
#  555|   		TAILQ_FOREACH(k, &ssh->public_keys, next) {
#  556|   			if (k->key->type != ktype &&

Error: GCC_ANALYZER_WARNING (CWE-401): [#def772]
openssh-10.0p1/ssh_api.c:557:31: warning[-Wanalyzer-malloc-leak]: leak of ‘avail’
openssh-10.0p1/ssh_api.c:538:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:540:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:541:31: acquire_memory: allocated here
openssh-10.0p1/ssh_api.c:541:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:545:18: branch_false: ...to here
openssh-10.0p1/ssh_api.c:546:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.0p1/ssh_api.c:550:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:551:16: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh_api.c:557:31: danger: ‘avail’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  555|   		TAILQ_FOREACH(k, &ssh->public_keys, next) {
#  556|   			if (k->key->type != ktype &&
#  557|-> 			    (!sshkey_is_cert(k->key) ||
#  558|   			    k->key->type != sshkey_type_plain(ktype)))
#  559|   				continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def773]
openssh-10.0p1/ssh_api.c:557:31: warning[-Wanalyzer-malloc-leak]: leak of ‘replace’
openssh-10.0p1/ssh_api.c:538:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:540:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:541:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:545:18: branch_false: ...to here
openssh-10.0p1/ssh_api.c:546:24: acquire_memory: allocated here
openssh-10.0p1/ssh_api.c:546:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.0p1/ssh_api.c:550:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:551:16: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh_api.c:557:31: danger: ‘replace’ leaks here; was allocated at [(5)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/4)
#  555|   		TAILQ_FOREACH(k, &ssh->public_keys, next) {
#  556|   			if (k->key->type != ktype &&
#  557|-> 			    (!sshkey_is_cert(k->key) ||
#  558|   			    k->key->type != sshkey_type_plain(ktype)))
#  559|   				continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def774]
openssh-10.0p1/ssh_api.c:558:45: warning[-Wanalyzer-malloc-leak]: leak of ‘avail’
openssh-10.0p1/ssh_api.c:538:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:540:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:541:31: acquire_memory: allocated here
openssh-10.0p1/ssh_api.c:541:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:545:18: branch_false: ...to here
openssh-10.0p1/ssh_api.c:546:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.0p1/ssh_api.c:550:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:551:16: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh_api.c:558:45: danger: ‘avail’ leaks here; was allocated at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
#  556|   			if (k->key->type != ktype &&
#  557|   			    (!sshkey_is_cert(k->key) ||
#  558|-> 			    k->key->type != sshkey_type_plain(ktype)))
#  559|   				continue;
#  560|   			if (sshkey_type_plain(k->key->type) == KEY_ECDSA &&

Error: GCC_ANALYZER_WARNING (CWE-401): [#def775]
openssh-10.0p1/ssh_api.c:558:45: warning[-Wanalyzer-malloc-leak]: leak of ‘replace’
openssh-10.0p1/ssh_api.c:538:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:540:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:541:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:545:18: branch_false: ...to here
openssh-10.0p1/ssh_api.c:546:24: acquire_memory: allocated here
openssh-10.0p1/ssh_api.c:546:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.0p1/ssh_api.c:550:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:551:16: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh_api.c:558:45: danger: ‘replace’ leaks here; was allocated at [(5)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/4)
#  556|   			if (k->key->type != ktype &&
#  557|   			    (!sshkey_is_cert(k->key) ||
#  558|-> 			    k->key->type != sshkey_type_plain(ktype)))
#  559|   				continue;
#  560|   			if (sshkey_type_plain(k->key->type) == KEY_ECDSA &&

Error: GCC_ANALYZER_WARNING (CWE-401): [#def776]
openssh-10.0p1/ssh_api.c:560:29: warning[-Wanalyzer-malloc-leak]: leak of ‘avail’
openssh-10.0p1/ssh_api.c:538:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:540:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:541:31: acquire_memory: allocated here
openssh-10.0p1/ssh_api.c:541:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:545:18: branch_false: ...to here
openssh-10.0p1/ssh_api.c:546:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.0p1/ssh_api.c:550:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:551:16: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh_api.c:560:29: danger: ‘avail’ leaks here; was allocated at [(3)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/2)
#  558|   			    k->key->type != sshkey_type_plain(ktype)))
#  559|   				continue;
#  560|-> 			if (sshkey_type_plain(k->key->type) == KEY_ECDSA &&
#  561|   			    k->key->ecdsa_nid != nid)
#  562|   				continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def777]
openssh-10.0p1/ssh_api.c:560:29: warning[-Wanalyzer-malloc-leak]: leak of ‘replace’
openssh-10.0p1/ssh_api.c:538:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:540:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:541:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:545:18: branch_false: ...to here
openssh-10.0p1/ssh_api.c:546:24: acquire_memory: allocated here
openssh-10.0p1/ssh_api.c:546:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.0p1/ssh_api.c:550:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:551:16: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh_api.c:560:29: danger: ‘replace’ leaks here; was allocated at [(5)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/4)
#  558|   			    k->key->type != sshkey_type_plain(ktype)))
#  559|   				continue;
#  560|-> 			if (sshkey_type_plain(k->key->type) == KEY_ECDSA &&
#  561|   			    k->key->ecdsa_nid != nid)
#  562|   				continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def778]
openssh-10.0p1/ssh_api.c:571:17: warning[-Wanalyzer-malloc-leak]: leak of ‘avail’
openssh-10.0p1/ssh_api.c:538:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:540:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:541:31: acquire_memory: allocated here
openssh-10.0p1/ssh_api.c:541:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:545:18: branch_false: ...to here
openssh-10.0p1/ssh_api.c:546:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.0p1/ssh_api.c:550:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:551:16: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh_api.c:564:28: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:566:25: branch_false: ...to here
openssh-10.0p1/ssh_api.c:570:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh_api.c:571:17: branch_true: ...to here
openssh-10.0p1/ssh_api.c:571:17: danger: ‘avail’ leaks here; was allocated at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2)
#  569|   	}
#  570|   	if (*replace != '\0') {
#  571|-> 		debug2_f("orig/%d    %s", ssh->kex->server, orig);
#  572|   		debug2_f("replace/%d %s", ssh->kex->server, replace);
#  573|   		free(orig);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def779]
openssh-10.0p1/ssh_api.c:572:17: warning[-Wanalyzer-malloc-leak]: leak of ‘avail’
openssh-10.0p1/ssh_api.c:538:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:540:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:541:31: acquire_memory: allocated here
openssh-10.0p1/ssh_api.c:541:12: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:545:18: branch_false: ...to here
openssh-10.0p1/ssh_api.c:546:12: branch_false: following ‘false’ branch (when ‘replace’ is non-NULL)...
openssh-10.0p1/ssh_api.c:550:9: branch_false: ...to here
openssh-10.0p1/ssh_api.c:551:16: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh_api.c:564:28: branch_false: following ‘false’ branch...
openssh-10.0p1/ssh_api.c:566:25: branch_false: ...to here
openssh-10.0p1/ssh_api.c:570:12: branch_true: following ‘true’ branch...
openssh-10.0p1/ssh_api.c:571:17: branch_true: ...to here
openssh-10.0p1/ssh_api.c:572:17: danger: ‘avail’ leaks here; was allocated at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2)
#  570|   	if (*replace != '\0') {
#  571|   		debug2_f("orig/%d    %s", ssh->kex->server, orig);
#  572|-> 		debug2_f("replace/%d %s", ssh->kex->server, replace);
#  573|   		free(orig);
#  574|   		proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = replace;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def780]
openssh-10.0p1/sshbuf-getput-basic.c:376:18: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
openssh-10.0p1/sshbuf-getput-basic.c:366:12: branch_false: following ‘false’ branch (when ‘len >= 0’)...
openssh-10.0p1/sshbuf-getput-basic.c:370:12: branch_false: ...to here
openssh-10.0p1/sshbuf-getput-basic.c:370:12: branch_false: following ‘false’ branch (when ‘len != 0’)...
openssh-10.0p1/sshbuf-getput-basic.c:374:9: branch_false: ...to here
openssh-10.0p1/sshbuf-getput-basic.c:375:9: acquire_resource: ‘va_copy’ called here
openssh-10.0p1/sshbuf-getput-basic.c:376:18: danger: missing call to ‘va_end’ to match ‘va_copy’ at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  374|   	va_end(ap2);
#  375|   	VA_COPY(ap2, ap);
#  376|-> 	if ((r = sshbuf_reserve(buf, (size_t)len + 1, &p)) < 0)
#  377|   		goto out;
#  378|   	if ((r = vsnprintf((char *)p, len + 1, fmt, ap2)) != len) {

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def781]
openssh-10.0p1/sshbuf-io.c:110:17: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘open(path, 577, 420)’
openssh-10.0p1/sshbuf-io.c:105:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshbuf-io.c:107:13: branch_false: ...to here
openssh-10.0p1/sshbuf-io.c:107:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshbuf-io.c:108:52: branch_false: ...to here
openssh-10.0p1/sshbuf-io.c:108:52: release_resource: first ‘close’ here
openssh-10.0p1/sshbuf-io.c:107:13: branch_true: following ‘true’ branch...
openssh-10.0p1/sshbuf-io.c:109:26: branch_true: ...to here
openssh-10.0p1/sshbuf-io.c:110:17: danger: second ‘close’ here; first ‘close’ was at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  108|   	    sshbuf_len(buf)) != sshbuf_len(buf) || close(fd) != 0) {
#  109|   		oerrno = errno;
#  110|-> 		close(fd);
#  111|   		unlink(path);
#  112|   		errno = oerrno;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def782]
openssh-10.0p1/sshbuf-misc.c:107:13: warning[-Wanalyzer-malloc-leak]: leak of ‘s’
openssh-10.0p1/sshbuf-misc.c:105:18: acquire_memory: allocated here
openssh-10.0p1/sshbuf-misc.c:105:12: branch_false: following ‘false’ branch (when ‘s’ is non-NULL)...
openssh-10.0p1/sshbuf-misc.c:107:13: branch_false: ...to here
openssh-10.0p1/sshbuf-misc.c:107:13: danger: ‘s’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  105|   	if ((s = malloc(slen)) == NULL)
#  106|   		return SSH_ERR_ALLOC_FAIL;
#  107|-> 	if (b64_ntop(sshbuf_ptr(d), sshbuf_len(d), s, slen) == -1) {
#  108|   		r = SSH_ERR_INTERNAL_ERROR;
#  109|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def783]
openssh-10.0p1/sshconnect.c:97:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[0]’
openssh-10.0p1/sshconnect.c:196:1: enter_function: entry to ‘ssh_proxy_connect’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:212:26: call_function: calling ‘expand_proxy_command’ from ‘ssh_proxy_connect’
#   95|   
#   96|   	snprintf(strport, sizeof strport, "%d", port);
#   97|-> 	xasprintf(&tmp, "exec %s", proxy_command);
#   98|   	ret = percent_expand(tmp,
#   99|   	    "h", host,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def784]
openssh-10.0p1/sshconnect.c:97:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[1]’
openssh-10.0p1/sshconnect.c:196:1: enter_function: entry to ‘ssh_proxy_connect’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:212:26: call_function: calling ‘expand_proxy_command’ from ‘ssh_proxy_connect’
#   95|   
#   96|   	snprintf(strport, sizeof strport, "%d", port);
#   97|-> 	xasprintf(&tmp, "exec %s", proxy_command);
#   98|   	ret = percent_expand(tmp,
#   99|   	    "h", host,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def785]
openssh-10.0p1/sshconnect.c:97:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[0]’
openssh-10.0p1/sshconnect.c:196:1: enter_function: entry to ‘ssh_proxy_connect’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:212:26: call_function: calling ‘expand_proxy_command’ from ‘ssh_proxy_connect’
#   95|   
#   96|   	snprintf(strport, sizeof strport, "%d", port);
#   97|-> 	xasprintf(&tmp, "exec %s", proxy_command);
#   98|   	ret = percent_expand(tmp,
#   99|   	    "h", host,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def786]
openssh-10.0p1/sshconnect.c:97:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[1]’
openssh-10.0p1/sshconnect.c:196:1: enter_function: entry to ‘ssh_proxy_connect’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:212:26: call_function: calling ‘expand_proxy_command’ from ‘ssh_proxy_connect’
#   95|   
#   96|   	snprintf(strport, sizeof strport, "%d", port);
#   97|-> 	xasprintf(&tmp, "exec %s", proxy_command);
#   98|   	ret = percent_expand(tmp,
#   99|   	    "h", host,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def787]
openssh-10.0p1/sshconnect.c:98:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[0]’
openssh-10.0p1/sshconnect.c:196:1: enter_function: entry to ‘ssh_proxy_connect’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:212:26: call_function: calling ‘expand_proxy_command’ from ‘ssh_proxy_connect’
#   96|   	snprintf(strport, sizeof strport, "%d", port);
#   97|   	xasprintf(&tmp, "exec %s", proxy_command);
#   98|-> 	ret = percent_expand(tmp,
#   99|   	    "h", host,
#  100|   	    "k", keyalias,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def788]
openssh-10.0p1/sshconnect.c:98:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[1]’
openssh-10.0p1/sshconnect.c:196:1: enter_function: entry to ‘ssh_proxy_connect’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:212:26: call_function: calling ‘expand_proxy_command’ from ‘ssh_proxy_connect’
#   96|   	snprintf(strport, sizeof strport, "%d", port);
#   97|   	xasprintf(&tmp, "exec %s", proxy_command);
#   98|-> 	ret = percent_expand(tmp,
#   99|   	    "h", host,
#  100|   	    "k", keyalias,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def789]
openssh-10.0p1/sshconnect.c:98:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[0]’
openssh-10.0p1/sshconnect.c:196:1: enter_function: entry to ‘ssh_proxy_connect’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:212:26: call_function: calling ‘expand_proxy_command’ from ‘ssh_proxy_connect’
#   96|   	snprintf(strport, sizeof strport, "%d", port);
#   97|   	xasprintf(&tmp, "exec %s", proxy_command);
#   98|-> 	ret = percent_expand(tmp,
#   99|   	    "h", host,
#  100|   	    "k", keyalias,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def790]
openssh-10.0p1/sshconnect.c:98:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[1]’
openssh-10.0p1/sshconnect.c:196:1: enter_function: entry to ‘ssh_proxy_connect’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:212:26: call_function: calling ‘expand_proxy_command’ from ‘ssh_proxy_connect’
#   96|   	snprintf(strport, sizeof strport, "%d", port);
#   97|   	xasprintf(&tmp, "exec %s", proxy_command);
#   98|-> 	ret = percent_expand(tmp,
#   99|   	    "h", host,
#  100|   	    "k", keyalias,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def791]
openssh-10.0p1/sshconnect.c:140:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(sp[0], 0)’
openssh-10.0p1/sshconnect.c:125:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:129:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:134:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:137:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:139:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect.c:140:29: branch_true: ...to here
openssh-10.0p1/sshconnect.c:140:29: acquire_resource: opened here
openssh-10.0p1/sshconnect.c:140:28: danger: ‘dup2(sp[0], 0)’ leaks here; was opened at [(7)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/6)
#  138|   		/* Redirect stdin and stdout. */
#  139|   		if (sp[0] != 0) {
#  140|-> 			if (dup2(sp[0], 0) == -1)
#  141|   				perror("dup2 stdin");
#  142|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def792]
openssh-10.0p1/sshconnect.c:144:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(sp[0], 1)’
openssh-10.0p1/sshconnect.c:125:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:129:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:134:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:137:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:143:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect.c:144:29: branch_true: ...to here
openssh-10.0p1/sshconnect.c:144:29: acquire_resource: opened here
openssh-10.0p1/sshconnect.c:144:28: danger: ‘dup2(sp[0], 1)’ leaks here; was opened at [(7)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/6)
#  142|   		}
#  143|   		if (sp[0] != 1) {
#  144|-> 			if (dup2(sp[0], 1) == -1)
#  145|   				perror("dup2 stdout");
#  146|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def793]
openssh-10.0p1/sshconnect.c:209:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect.c:209:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:209:17: danger: ‘pin[0]’ leaks here
#  207|   	/* Create pipes for communicating with the proxy. */
#  208|   	if (pipe(pin) == -1 || pipe(pout) == -1)
#  209|-> 		fatal("Could not create pipes to communicate with the proxy: %.100s",
#  210|   		    strerror(errno));
#  211|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def794]
openssh-10.0p1/sshconnect.c:209:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[1]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect.c:209:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:209:17: danger: ‘pin[1]’ leaks here
#  207|   	/* Create pipes for communicating with the proxy. */
#  208|   	if (pipe(pin) == -1 || pipe(pout) == -1)
#  209|-> 		fatal("Could not create pipes to communicate with the proxy: %.100s",
#  210|   		    strerror(errno));
#  211|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def795]
openssh-10.0p1/sshconnect.c:214:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:214:9: danger: ‘pin[0]’ leaks here
#  212|   	command_string = expand_proxy_command(proxy_command, options.user,
#  213|   	    host, host_arg, port);
#  214|-> 	debug("Executing proxy command: %.500s", command_string);
#  215|   
#  216|   	/* Fork and execute the proxy command. */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def796]
openssh-10.0p1/sshconnect.c:214:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[1]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:214:9: danger: ‘pin[1]’ leaks here
#  212|   	command_string = expand_proxy_command(proxy_command, options.user,
#  213|   	    host, host_arg, port);
#  214|-> 	debug("Executing proxy command: %.500s", command_string);
#  215|   
#  216|   	/* Fork and execute the proxy command. */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def797]
openssh-10.0p1/sshconnect.c:214:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:214:9: danger: ‘pout[0]’ leaks here
#  212|   	command_string = expand_proxy_command(proxy_command, options.user,
#  213|   	    host, host_arg, port);
#  214|-> 	debug("Executing proxy command: %.500s", command_string);
#  215|   
#  216|   	/* Fork and execute the proxy command. */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def798]
openssh-10.0p1/sshconnect.c:214:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[1]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:214:9: danger: ‘pout[1]’ leaks here
#  212|   	command_string = expand_proxy_command(proxy_command, options.user,
#  213|   	    host, host_arg, port);
#  214|-> 	debug("Executing proxy command: %.500s", command_string);
#  215|   
#  216|   	/* Fork and execute the proxy command. */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def799]
openssh-10.0p1/sshconnect.c:221:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:221:17: danger: ‘pin[0]’ leaks here
#  219|   
#  220|   		/* Redirect stdin and stdout. */
#  221|-> 		close(pin[1]);
#  222|   		if (pin[0] != 0) {
#  223|   			if (dup2(pin[0], 0) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def800]
openssh-10.0p1/sshconnect.c:221:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[1]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:221:17: danger: ‘pin[1]’ leaks here
#  219|   
#  220|   		/* Redirect stdin and stdout. */
#  221|-> 		close(pin[1]);
#  222|   		if (pin[0] != 0) {
#  223|   			if (dup2(pin[0], 0) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def801]
openssh-10.0p1/sshconnect.c:221:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:221:17: danger: ‘pout[0]’ leaks here
#  219|   
#  220|   		/* Redirect stdin and stdout. */
#  221|-> 		close(pin[1]);
#  222|   		if (pin[0] != 0) {
#  223|   			if (dup2(pin[0], 0) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def802]
openssh-10.0p1/sshconnect.c:221:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[1]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:221:17: danger: ‘pout[1]’ leaks here
#  219|   
#  220|   		/* Redirect stdin and stdout. */
#  221|-> 		close(pin[1]);
#  222|   		if (pin[0] != 0) {
#  223|   			if (dup2(pin[0], 0) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def803]
openssh-10.0p1/sshconnect.c:223:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pin[0], 0)’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:222:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect.c:223:29: branch_true: ...to here
openssh-10.0p1/sshconnect.c:223:29: acquire_resource: opened here
openssh-10.0p1/sshconnect.c:223:28: danger: ‘dup2(pin[0], 0)’ leaks here; was opened at [(11)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/10)
#  221|   		close(pin[1]);
#  222|   		if (pin[0] != 0) {
#  223|-> 			if (dup2(pin[0], 0) == -1)
#  224|   				perror("dup2 stdin");
#  225|   			close(pin[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def804]
openssh-10.0p1/sshconnect.c:224:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:222:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect.c:223:29: branch_true: ...to here
openssh-10.0p1/sshconnect.c:223:28: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect.c:224:33: branch_true: ...to here
openssh-10.0p1/sshconnect.c:224:33: danger: ‘pin[0]’ leaks here
#  222|   		if (pin[0] != 0) {
#  223|   			if (dup2(pin[0], 0) == -1)
#  224|-> 				perror("dup2 stdin");
#  225|   			close(pin[0]);
#  226|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def805]
openssh-10.0p1/sshconnect.c:224:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:222:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect.c:223:29: branch_true: ...to here
openssh-10.0p1/sshconnect.c:223:28: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect.c:224:33: branch_true: ...to here
openssh-10.0p1/sshconnect.c:224:33: danger: ‘pout[0]’ leaks here
#  222|   		if (pin[0] != 0) {
#  223|   			if (dup2(pin[0], 0) == -1)
#  224|-> 				perror("dup2 stdin");
#  225|   			close(pin[0]);
#  226|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def806]
openssh-10.0p1/sshconnect.c:224:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[1]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:222:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect.c:223:29: branch_true: ...to here
openssh-10.0p1/sshconnect.c:223:28: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect.c:224:33: branch_true: ...to here
openssh-10.0p1/sshconnect.c:224:33: danger: ‘pout[1]’ leaks here
#  222|   		if (pin[0] != 0) {
#  223|   			if (dup2(pin[0], 0) == -1)
#  224|-> 				perror("dup2 stdin");
#  225|   			close(pin[0]);
#  226|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def807]
openssh-10.0p1/sshconnect.c:225:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:222:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect.c:223:29: branch_true: ...to here
openssh-10.0p1/sshconnect.c:225:25: danger: ‘pin[0]’ leaks here
#  223|   			if (dup2(pin[0], 0) == -1)
#  224|   				perror("dup2 stdin");
#  225|-> 			close(pin[0]);
#  226|   		}
#  227|   		close(pout[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def808]
openssh-10.0p1/sshconnect.c:225:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:222:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect.c:223:29: branch_true: ...to here
openssh-10.0p1/sshconnect.c:225:25: danger: ‘pout[0]’ leaks here
#  223|   			if (dup2(pin[0], 0) == -1)
#  224|   				perror("dup2 stdin");
#  225|-> 			close(pin[0]);
#  226|   		}
#  227|   		close(pout[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def809]
openssh-10.0p1/sshconnect.c:225:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[1]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:222:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect.c:223:29: branch_true: ...to here
openssh-10.0p1/sshconnect.c:225:25: danger: ‘pout[1]’ leaks here
#  223|   			if (dup2(pin[0], 0) == -1)
#  224|   				perror("dup2 stdin");
#  225|-> 			close(pin[0]);
#  226|   		}
#  227|   		close(pout[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def810]
openssh-10.0p1/sshconnect.c:227:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:222:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:227:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:227:17: danger: ‘pin[0]’ leaks here
#  225|   			close(pin[0]);
#  226|   		}
#  227|-> 		close(pout[0]);
#  228|   		if (dup2(pout[1], 1) == -1)
#  229|   			perror("dup2 stdout");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def811]
openssh-10.0p1/sshconnect.c:227:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:222:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:227:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:227:17: danger: ‘pout[0]’ leaks here
#  225|   			close(pin[0]);
#  226|   		}
#  227|-> 		close(pout[0]);
#  228|   		if (dup2(pout[1], 1) == -1)
#  229|   			perror("dup2 stdout");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def812]
openssh-10.0p1/sshconnect.c:227:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[1]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:222:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:227:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:227:17: danger: ‘pout[1]’ leaks here
#  225|   			close(pin[0]);
#  226|   		}
#  227|-> 		close(pout[0]);
#  228|   		if (dup2(pout[1], 1) == -1)
#  229|   			perror("dup2 stdout");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def813]
openssh-10.0p1/sshconnect.c:228:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(pout[1], 1)’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:222:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:227:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:228:21: acquire_resource: opened here
openssh-10.0p1/sshconnect.c:228:20: danger: ‘dup2(pout[1], 1)’ leaks here; was opened at [(11)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/10)
#  226|   		}
#  227|   		close(pout[0]);
#  228|-> 		if (dup2(pout[1], 1) == -1)
#  229|   			perror("dup2 stdout");
#  230|   		/* Cannot be 1 because pin allocated two descriptors. */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def814]
openssh-10.0p1/sshconnect.c:229:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:222:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:227:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:228:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect.c:229:25: branch_true: ...to here
openssh-10.0p1/sshconnect.c:229:25: danger: ‘pin[0]’ leaks here
#  227|   		close(pout[0]);
#  228|   		if (dup2(pout[1], 1) == -1)
#  229|-> 			perror("dup2 stdout");
#  230|   		/* Cannot be 1 because pin allocated two descriptors. */
#  231|   		close(pout[1]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def815]
openssh-10.0p1/sshconnect.c:229:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[1]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:222:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:227:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:228:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect.c:229:25: branch_true: ...to here
openssh-10.0p1/sshconnect.c:229:25: danger: ‘pout[1]’ leaks here
#  227|   		close(pout[0]);
#  228|   		if (dup2(pout[1], 1) == -1)
#  229|-> 			perror("dup2 stdout");
#  230|   		/* Cannot be 1 because pin allocated two descriptors. */
#  231|   		close(pout[1]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def816]
openssh-10.0p1/sshconnect.c:231:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:222:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:227:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:231:17: danger: ‘pin[0]’ leaks here
#  229|   			perror("dup2 stdout");
#  230|   		/* Cannot be 1 because pin allocated two descriptors. */
#  231|-> 		close(pout[1]);
#  232|   
#  233|   		/*

Error: GCC_ANALYZER_WARNING (CWE-775): [#def817]
openssh-10.0p1/sshconnect.c:231:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[1]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:222:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:227:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:231:17: danger: ‘pout[1]’ leaks here
#  229|   			perror("dup2 stdout");
#  230|   		/* Cannot be 1 because pin allocated two descriptors. */
#  231|-> 		close(pout[1]);
#  232|   
#  233|   		/*

Error: GCC_ANALYZER_WARNING (CWE-775): [#def818]
openssh-10.0p1/sshconnect.c:238:48: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:222:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:227:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:237:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect.c:238:48: danger: ‘pin[0]’ leaks here
#  236|   		 */
#  237|   		if (!debug_flag && options.control_path != NULL &&
#  238|-> 		    options.control_persist && stdfd_devnull(0, 0, 1) == -1)
#  239|   			error_f("stdfd_devnull failed");
#  240|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def819]
openssh-10.0p1/sshconnect.c:239:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:222:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:227:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:237:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect.c:237:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect.c:239:25: branch_true: ...to here
openssh-10.0p1/sshconnect.c:239:25: danger: ‘pin[0]’ leaks here
#  237|   		if (!debug_flag && options.control_path != NULL &&
#  238|   		    options.control_persist && stdfd_devnull(0, 0, 1) == -1)
#  239|-> 			error_f("stdfd_devnull failed");
#  240|   
#  241|   		argv[0] = shell;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def820]
openssh-10.0p1/sshconnect.c:250:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:222:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:227:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:250:17: danger: ‘pin[0]’ leaks here
#  248|   		 * extra privileges above.
#  249|   		 */
#  250|-> 		ssh_signal(SIGPIPE, SIG_DFL);
#  251|   		execv(argv[0], argv);
#  252|   		perror(argv[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def821]
openssh-10.0p1/sshconnect.c:252:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect.c:221:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:222:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:227:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:252:17: danger: ‘pin[0]’ leaks here
#  250|   		ssh_signal(SIGPIPE, SIG_DFL);
#  251|   		execv(argv[0], argv);
#  252|-> 		perror(argv[0]);
#  253|   		exit(1);
#  254|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def822]
openssh-10.0p1/sshconnect.c:257:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect.c:256:12: branch_false: ...to here
openssh-10.0p1/sshconnect.c:256:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.0p1/sshconnect.c:257:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:257:17: danger: ‘pin[0]’ leaks here
#  255|   	/* Parent. */
#  256|   	if (pid == -1)
#  257|-> 		fatal("fork failed: %.100s", strerror(errno));
#  258|   	else
#  259|   		proxy_command_pid = pid; /* save pid to clean up later */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def823]
openssh-10.0p1/sshconnect.c:257:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[1]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect.c:256:12: branch_false: ...to here
openssh-10.0p1/sshconnect.c:256:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.0p1/sshconnect.c:257:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:257:17: danger: ‘pin[1]’ leaks here
#  255|   	/* Parent. */
#  256|   	if (pid == -1)
#  257|-> 		fatal("fork failed: %.100s", strerror(errno));
#  258|   	else
#  259|   		proxy_command_pid = pid; /* save pid to clean up later */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def824]
openssh-10.0p1/sshconnect.c:257:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect.c:256:12: branch_false: ...to here
openssh-10.0p1/sshconnect.c:256:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.0p1/sshconnect.c:257:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:257:17: danger: ‘pout[0]’ leaks here
#  255|   	/* Parent. */
#  256|   	if (pid == -1)
#  257|-> 		fatal("fork failed: %.100s", strerror(errno));
#  258|   	else
#  259|   		proxy_command_pid = pid; /* save pid to clean up later */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def825]
openssh-10.0p1/sshconnect.c:257:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[1]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect.c:256:12: branch_false: ...to here
openssh-10.0p1/sshconnect.c:256:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.0p1/sshconnect.c:257:17: branch_true: ...to here
openssh-10.0p1/sshconnect.c:257:17: danger: ‘pout[1]’ leaks here
#  255|   	/* Parent. */
#  256|   	if (pid == -1)
#  257|-> 		fatal("fork failed: %.100s", strerror(errno));
#  258|   	else
#  259|   		proxy_command_pid = pid; /* save pid to clean up later */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def826]
openssh-10.0p1/sshconnect.c:262:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect.c:256:12: branch_false: ...to here
openssh-10.0p1/sshconnect.c:256:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect.c:259:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:262:9: danger: ‘pin[0]’ leaks here
#  260|   
#  261|   	/* Close child side of the descriptors. */
#  262|-> 	close(pin[0]);
#  263|   	close(pout[1]);
#  264|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def827]
openssh-10.0p1/sshconnect.c:262:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[1]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect.c:256:12: branch_false: ...to here
openssh-10.0p1/sshconnect.c:256:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect.c:259:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:262:9: danger: ‘pin[1]’ leaks here
#  260|   
#  261|   	/* Close child side of the descriptors. */
#  262|-> 	close(pin[0]);
#  263|   	close(pout[1]);
#  264|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def828]
openssh-10.0p1/sshconnect.c:262:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect.c:256:12: branch_false: ...to here
openssh-10.0p1/sshconnect.c:256:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect.c:259:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:262:9: danger: ‘pout[0]’ leaks here
#  260|   
#  261|   	/* Close child side of the descriptors. */
#  262|-> 	close(pin[0]);
#  263|   	close(pout[1]);
#  264|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def829]
openssh-10.0p1/sshconnect.c:262:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[1]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect.c:256:12: branch_false: ...to here
openssh-10.0p1/sshconnect.c:256:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect.c:259:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:262:9: danger: ‘pout[1]’ leaks here
#  260|   
#  261|   	/* Close child side of the descriptors. */
#  262|-> 	close(pin[0]);
#  263|   	close(pout[1]);
#  264|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def830]
openssh-10.0p1/sshconnect.c:263:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[1]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect.c:256:12: branch_false: ...to here
openssh-10.0p1/sshconnect.c:256:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect.c:259:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:263:9: danger: ‘pin[1]’ leaks here
#  261|   	/* Close child side of the descriptors. */
#  262|   	close(pin[0]);
#  263|-> 	close(pout[1]);
#  264|   
#  265|   	/* Free the command name. */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def831]
openssh-10.0p1/sshconnect.c:263:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect.c:256:12: branch_false: ...to here
openssh-10.0p1/sshconnect.c:256:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect.c:259:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:263:9: danger: ‘pout[0]’ leaks here
#  261|   	/* Close child side of the descriptors. */
#  262|   	close(pin[0]);
#  263|-> 	close(pout[1]);
#  264|   
#  265|   	/* Free the command name. */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def832]
openssh-10.0p1/sshconnect.c:263:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[1]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect.c:256:12: branch_false: ...to here
openssh-10.0p1/sshconnect.c:256:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect.c:259:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:263:9: danger: ‘pout[1]’ leaks here
#  261|   	/* Close child side of the descriptors. */
#  262|   	close(pin[0]);
#  263|-> 	close(pout[1]);
#  264|   
#  265|   	/* Free the command name. */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def833]
openssh-10.0p1/sshconnect.c:269:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pin[1]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect.c:256:12: branch_false: ...to here
openssh-10.0p1/sshconnect.c:256:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect.c:259:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:269:13: danger: ‘pin[1]’ leaks here
#  267|   
#  268|   	/* Set the connection file descriptors. */
#  269|-> 	if (ssh_packet_set_connection(ssh, pout[0], pin[1]) == NULL)
#  270|   		return -1; /* ssh_packet_set_connection logs error */
#  271|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def834]
openssh-10.0p1/sshconnect.c:269:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pout[0]’
openssh-10.0p1/sshconnect.c:208:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:208:32: branch_false: ...to here
openssh-10.0p1/sshconnect.c:208:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:212:26: branch_false: ...to here
openssh-10.0p1/sshconnect.c:217:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect.c:256:12: branch_false: ...to here
openssh-10.0p1/sshconnect.c:256:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect.c:259:17: branch_false: ...to here
openssh-10.0p1/sshconnect.c:269:13: danger: ‘pout[0]’ leaks here
#  267|   
#  268|   	/* Set the connection file descriptors. */
#  269|-> 	if (ssh_packet_set_connection(ssh, pout[0], pin[1]) == NULL)
#  270|   		return -1; /* ssh_packet_set_connection logs error */
#  271|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def835]
openssh-10.0p1/sshconnect.c:367:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
openssh-10.0p1/sshconnect.c:362:16: acquire_resource: socket created here
openssh-10.0p1/sshconnect.c:363:12: branch_false: following ‘false’ branch (when ‘sock != -1’)...
openssh-10.0p1/sshconnect.c:367:15: branch_false: ...to here
openssh-10.0p1/sshconnect.c:367:15: danger: ‘sock’ leaks here
#  365|   		return -1;
#  366|   	}
#  367|-> 	(void)fcntl(sock, F_SETFD, FD_CLOEXEC);
#  368|   
#  369|   	/* Use interactive QOS (if specified) until authentication completed */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def836]
openssh-10.0p1/sshconnect.c:559:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.0p1/sshconnect.c:552:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:555:20: branch_false: ...to here
openssh-10.0p1/sshconnect.c:555:19: branch_true: following ‘true’ branch (when the strings are equal)...
openssh-10.0p1/sshconnect.c:556:27: branch_true: ...to here
openssh-10.0p1/sshconnect.c:556:27: acquire_resource: opened here
openssh-10.0p1/sshconnect.c:556:20: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/sshconnect.c:557:28: branch_false: ...to here
openssh-10.0p1/sshconnect.c:556:21: branch_true: following ‘true’ branch (when ‘out == -1’)...
openssh-10.0p1/sshconnect.c:558:28: branch_true: ...to here
openssh-10.0p1/sshconnect.c:558:28: branch_true: following ‘true’ branch (when ‘in >= 0’)...
openssh-10.0p1/sshconnect.c:559:33: branch_true: ...to here
openssh-10.0p1/sshconnect.c:559:33: danger: ‘in’ leaks here; was opened at [(5)](sarif:/runs/0/results/53/codeFlows/0/threadFlows/0/locations/4)
#  557|   		    (out = dup(STDOUT_FILENO)) == -1) {
#  558|   			if (in >= 0)
#  559|-> 				close(in);
#  560|   			error_f("dup() in/out failed");
#  561|   			return -1; /* ssh_packet_set_connection logs error */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def837]
openssh-10.0p1/sshconnect.c:560:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.0p1/sshconnect.c:552:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:555:20: branch_false: ...to here
openssh-10.0p1/sshconnect.c:555:19: branch_true: following ‘true’ branch (when the strings are equal)...
openssh-10.0p1/sshconnect.c:556:27: branch_true: ...to here
openssh-10.0p1/sshconnect.c:556:27: acquire_resource: opened here
openssh-10.0p1/sshconnect.c:556:20: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/sshconnect.c:557:28: branch_false: ...to here
openssh-10.0p1/sshconnect.c:556:21: branch_true: following ‘true’ branch (when ‘out == -1’)...
openssh-10.0p1/sshconnect.c:558:28: branch_true: ...to here
openssh-10.0p1/sshconnect.c:558:28: branch_false: following ‘false’ branch (when ‘in < 0’)...
openssh-10.0p1/sshconnect.c:560:25: branch_false: ...to here
openssh-10.0p1/sshconnect.c:560:25: danger: ‘in’ leaks here; was opened at [(5)](sarif:/runs/0/results/54/codeFlows/0/threadFlows/0/locations/4)
#  558|   			if (in >= 0)
#  559|   				close(in);
#  560|-> 			error_f("dup() in/out failed");
#  561|   			return -1; /* ssh_packet_set_connection logs error */
#  562|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def838]
openssh-10.0p1/sshconnect.c:563:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘in’
openssh-10.0p1/sshconnect.c:552:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:555:20: branch_false: ...to here
openssh-10.0p1/sshconnect.c:555:19: branch_true: following ‘true’ branch (when the strings are equal)...
openssh-10.0p1/sshconnect.c:556:27: branch_true: ...to here
openssh-10.0p1/sshconnect.c:556:27: acquire_resource: opened here
openssh-10.0p1/sshconnect.c:556:20: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/sshconnect.c:557:28: branch_false: ...to here
openssh-10.0p1/sshconnect.c:556:21: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/sshconnect.c:563:21: branch_false: ...to here
openssh-10.0p1/sshconnect.c:563:21: danger: ‘in’ leaks here; was opened at [(5)](sarif:/runs/0/results/57/codeFlows/0/threadFlows/0/locations/4)
#  561|   			return -1; /* ssh_packet_set_connection logs error */
#  562|   		}
#  563|-> 		if ((ssh_packet_set_connection(ssh, in, out)) == NULL)
#  564|   			return -1; /* ssh_packet_set_connection logs error */
#  565|   		return 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def839]
openssh-10.0p1/sshconnect.c:563:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘out’
openssh-10.0p1/sshconnect.c:552:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect.c:555:20: branch_false: ...to here
openssh-10.0p1/sshconnect.c:555:19: branch_true: following ‘true’ branch (when the strings are equal)...
openssh-10.0p1/sshconnect.c:556:27: branch_true: ...to here
openssh-10.0p1/sshconnect.c:556:20: branch_false: following ‘false’ branch (when ‘in != -1’)...
openssh-10.0p1/sshconnect.c:557:28: branch_false: ...to here
openssh-10.0p1/sshconnect.c:557:28: acquire_resource: opened here
openssh-10.0p1/sshconnect.c:556:21: branch_false: following ‘false’ branch (when ‘out != -1’)...
openssh-10.0p1/sshconnect.c:563:21: branch_false: ...to here
openssh-10.0p1/sshconnect.c:563:21: danger: ‘out’ leaks here; was opened at [(7)](sarif:/runs/0/results/56/codeFlows/0/threadFlows/0/locations/6)
#  561|   			return -1; /* ssh_packet_set_connection logs error */
#  562|   		}
#  563|-> 		if ((ssh_packet_set_connection(ssh, in, out)) == NULL)
#  564|   			return -1; /* ssh_packet_set_connection logs error */
#  565|   		return 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def840]
openssh-10.0p1/sshconnect2.c:2204:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.0p1/sshconnect2.c:2219:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2204:24: danger: ‘from[0]’ leaks here
# 2202|   	if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
# 2203|   		error_f("not installed: %s", strerror(errno));
# 2204|-> 		return -1;
# 2205|   	}
# 2206|   	if (fflush(stdout) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def841]
openssh-10.0p1/sshconnect2.c:2204:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.0p1/sshconnect2.c:2219:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2204:24: danger: ‘from[1]’ leaks here
# 2202|   	if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
# 2203|   		error_f("not installed: %s", strerror(errno));
# 2204|-> 		return -1;
# 2205|   	}
# 2206|   	if (fflush(stdout) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def842]
openssh-10.0p1/sshconnect2.c:2204:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect2.c:2215:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2204:24: danger: ‘to[0]’ leaks here
# 2202|   	if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
# 2203|   		error_f("not installed: %s", strerror(errno));
# 2204|-> 		return -1;
# 2205|   	}
# 2206|   	if (fflush(stdout) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def843]
openssh-10.0p1/sshconnect2.c:2204:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect2.c:2215:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2204:24: danger: ‘to[1]’ leaks here
# 2202|   	if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
# 2203|   		error_f("not installed: %s", strerror(errno));
# 2204|-> 		return -1;
# 2205|   	}
# 2206|   	if (fflush(stdout) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def844]
openssh-10.0p1/sshconnect2.c:2215:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect2.c:2215:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2215:17: danger: ‘to[0]’ leaks here
# 2213|   	}
# 2214|   	if (pipe(from) == -1) {
# 2215|-> 		error_f("pipe: %s", strerror(errno));
# 2216|   		return -1;
# 2217|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def845]
openssh-10.0p1/sshconnect2.c:2215:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect2.c:2215:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2215:17: danger: ‘to[1]’ leaks here
# 2213|   	}
# 2214|   	if (pipe(from) == -1) {
# 2215|-> 		error_f("pipe: %s", strerror(errno));
# 2216|   		return -1;
# 2217|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def846]
openssh-10.0p1/sshconnect2.c:2219:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.0p1/sshconnect2.c:2219:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2219:17: danger: ‘from[0]’ leaks here
# 2217|   	}
# 2218|   	if ((pid = fork()) == -1) {
# 2219|-> 		error_f("fork: %s", strerror(errno));
# 2220|   		return -1;
# 2221|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def847]
openssh-10.0p1/sshconnect2.c:2219:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.0p1/sshconnect2.c:2219:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2219:17: danger: ‘from[1]’ leaks here
# 2217|   	}
# 2218|   	if ((pid = fork()) == -1) {
# 2219|-> 		error_f("fork: %s", strerror(errno));
# 2220|   		return -1;
# 2221|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def848]
openssh-10.0p1/sshconnect2.c:2219:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.0p1/sshconnect2.c:2219:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2219:17: danger: ‘to[0]’ leaks here
# 2217|   	}
# 2218|   	if ((pid = fork()) == -1) {
# 2219|-> 		error_f("fork: %s", strerror(errno));
# 2220|   		return -1;
# 2221|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def849]
openssh-10.0p1/sshconnect2.c:2219:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_true: following ‘true’ branch (when ‘pid == -1’)...
openssh-10.0p1/sshconnect2.c:2219:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2219:17: danger: ‘to[1]’ leaks here
# 2217|   	}
# 2218|   	if ((pid = fork()) == -1) {
# 2219|-> 		error_f("fork: %s", strerror(errno));
# 2220|   		return -1;
# 2221|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def850]
openssh-10.0p1/sshconnect2.c:2222:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2222:20: danger: ‘from[0]’ leaks here
# 2220|   		return -1;
# 2221|   	}
# 2222|-> 	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
# 2223|   	if (pid == 0) {
# 2224|   		close(from[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def851]
openssh-10.0p1/sshconnect2.c:2222:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2222:20: danger: ‘from[1]’ leaks here
# 2220|   		return -1;
# 2221|   	}
# 2222|-> 	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
# 2223|   	if (pid == 0) {
# 2224|   		close(from[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def852]
openssh-10.0p1/sshconnect2.c:2222:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2222:20: danger: ‘to[0]’ leaks here
# 2220|   		return -1;
# 2221|   	}
# 2222|-> 	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
# 2223|   	if (pid == 0) {
# 2224|   		close(from[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def853]
openssh-10.0p1/sshconnect2.c:2222:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2222:20: danger: ‘to[1]’ leaks here
# 2220|   		return -1;
# 2221|   	}
# 2222|-> 	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
# 2223|   	if (pid == 0) {
# 2224|   		close(from[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def854]
openssh-10.0p1/sshconnect2.c:2224:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect2.c:2224:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2224:17: danger: ‘from[0]’ leaks here
# 2222|   	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
# 2223|   	if (pid == 0) {
# 2224|-> 		close(from[0]);
# 2225|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2226|   			fatal_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def855]
openssh-10.0p1/sshconnect2.c:2224:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect2.c:2224:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2224:17: danger: ‘from[1]’ leaks here
# 2222|   	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
# 2223|   	if (pid == 0) {
# 2224|-> 		close(from[0]);
# 2225|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2226|   			fatal_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def856]
openssh-10.0p1/sshconnect2.c:2224:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect2.c:2224:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2224:17: danger: ‘to[0]’ leaks here
# 2222|   	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
# 2223|   	if (pid == 0) {
# 2224|-> 		close(from[0]);
# 2225|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2226|   			fatal_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def857]
openssh-10.0p1/sshconnect2.c:2224:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect2.c:2224:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2224:17: danger: ‘to[1]’ leaks here
# 2222|   	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
# 2223|   	if (pid == 0) {
# 2224|-> 		close(from[0]);
# 2225|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2226|   			fatal_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def858]
openssh-10.0p1/sshconnect2.c:2225:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(from[1], 1)’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect2.c:2224:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2225:21: acquire_resource: opened here
openssh-10.0p1/sshconnect2.c:2225:20: danger: ‘dup2(from[1], 1)’ leaks here; was opened at [(15)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/14)
# 2223|   	if (pid == 0) {
# 2224|   		close(from[0]);
# 2225|-> 		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2226|   			fatal_f("dup2: %s", strerror(errno));
# 2227|   		close(to[1]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def859]
openssh-10.0p1/sshconnect2.c:2226:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect2.c:2224:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2225:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect2.c:2226:25: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2226:25: danger: ‘from[1]’ leaks here
# 2224|   		close(from[0]);
# 2225|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2226|-> 			fatal_f("dup2: %s", strerror(errno));
# 2227|   		close(to[1]);
# 2228|   		if (dup2(to[0], STDIN_FILENO) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def860]
openssh-10.0p1/sshconnect2.c:2226:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect2.c:2224:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2225:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect2.c:2226:25: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2226:25: danger: ‘to[0]’ leaks here
# 2224|   		close(from[0]);
# 2225|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2226|-> 			fatal_f("dup2: %s", strerror(errno));
# 2227|   		close(to[1]);
# 2228|   		if (dup2(to[0], STDIN_FILENO) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def861]
openssh-10.0p1/sshconnect2.c:2226:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect2.c:2224:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2225:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect2.c:2226:25: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2226:25: danger: ‘to[1]’ leaks here
# 2224|   		close(from[0]);
# 2225|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2226|-> 			fatal_f("dup2: %s", strerror(errno));
# 2227|   		close(to[1]);
# 2228|   		if (dup2(to[0], STDIN_FILENO) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def862]
openssh-10.0p1/sshconnect2.c:2227:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect2.c:2224:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2225:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2227:17: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2227:17: danger: ‘from[1]’ leaks here
# 2225|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2226|   			fatal_f("dup2: %s", strerror(errno));
# 2227|-> 		close(to[1]);
# 2228|   		if (dup2(to[0], STDIN_FILENO) == -1)
# 2229|   			fatal_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def863]
openssh-10.0p1/sshconnect2.c:2227:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect2.c:2224:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2225:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2227:17: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2227:17: danger: ‘to[0]’ leaks here
# 2225|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2226|   			fatal_f("dup2: %s", strerror(errno));
# 2227|-> 		close(to[1]);
# 2228|   		if (dup2(to[0], STDIN_FILENO) == -1)
# 2229|   			fatal_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def864]
openssh-10.0p1/sshconnect2.c:2227:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect2.c:2224:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2225:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2227:17: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2227:17: danger: ‘to[1]’ leaks here
# 2225|   		if (dup2(from[1], STDOUT_FILENO) == -1)
# 2226|   			fatal_f("dup2: %s", strerror(errno));
# 2227|-> 		close(to[1]);
# 2228|   		if (dup2(to[0], STDIN_FILENO) == -1)
# 2229|   			fatal_f("dup2: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def865]
openssh-10.0p1/sshconnect2.c:2228:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(to[0], 0)’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect2.c:2224:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2225:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2227:17: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2228:21: acquire_resource: opened here
openssh-10.0p1/sshconnect2.c:2228:20: danger: ‘dup2(to[0], 0)’ leaks here; was opened at [(17)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/16)
# 2226|   			fatal_f("dup2: %s", strerror(errno));
# 2227|   		close(to[1]);
# 2228|-> 		if (dup2(to[0], STDIN_FILENO) == -1)
# 2229|   			fatal_f("dup2: %s", strerror(errno));
# 2230|   		close(from[1]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def866]
openssh-10.0p1/sshconnect2.c:2229:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect2.c:2224:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2225:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2227:17: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2228:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect2.c:2229:25: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2229:25: danger: ‘from[1]’ leaks here
# 2227|   		close(to[1]);
# 2228|   		if (dup2(to[0], STDIN_FILENO) == -1)
# 2229|-> 			fatal_f("dup2: %s", strerror(errno));
# 2230|   		close(from[1]);
# 2231|   		close(to[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def867]
openssh-10.0p1/sshconnect2.c:2229:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect2.c:2224:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2225:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2227:17: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2228:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect2.c:2229:25: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2229:25: danger: ‘to[0]’ leaks here
# 2227|   		close(to[1]);
# 2228|   		if (dup2(to[0], STDIN_FILENO) == -1)
# 2229|-> 			fatal_f("dup2: %s", strerror(errno));
# 2230|   		close(from[1]);
# 2231|   		close(to[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def868]
openssh-10.0p1/sshconnect2.c:2230:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect2.c:2224:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2225:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2227:17: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2228:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2230:17: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2230:17: danger: ‘from[1]’ leaks here
# 2228|   		if (dup2(to[0], STDIN_FILENO) == -1)
# 2229|   			fatal_f("dup2: %s", strerror(errno));
# 2230|-> 		close(from[1]);
# 2231|   		close(to[0]);
# 2232|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def869]
openssh-10.0p1/sshconnect2.c:2230:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect2.c:2224:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2225:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2227:17: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2228:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2230:17: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2230:17: danger: ‘to[0]’ leaks here
# 2228|   		if (dup2(to[0], STDIN_FILENO) == -1)
# 2229|   			fatal_f("dup2: %s", strerror(errno));
# 2230|-> 		close(from[1]);
# 2231|   		close(to[0]);
# 2232|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def870]
openssh-10.0p1/sshconnect2.c:2231:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect2.c:2224:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2225:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2227:17: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2228:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2230:17: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2231:17: danger: ‘to[0]’ leaks here
# 2229|   			fatal_f("dup2: %s", strerror(errno));
# 2230|   		close(from[1]);
# 2231|-> 		close(to[0]);
# 2232|   
# 2233|   		if (dup2(sock, STDERR_FILENO + 1) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def871]
openssh-10.0p1/sshconnect2.c:2233:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(ssh_packet_get_connection_in(ssh), 3)’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshconnect2.c:2224:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2225:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2227:17: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2228:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2230:17: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2233:21: acquire_resource: opened here
openssh-10.0p1/sshconnect2.c:2233:20: danger: ‘dup2(ssh_packet_get_connection_in(ssh), 3)’ leaks here; was opened at [(19)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/18)
# 2231|   		close(to[0]);
# 2232|   
# 2233|-> 		if (dup2(sock, STDERR_FILENO + 1) == -1)
# 2234|   			fatal_f("dup2: %s", strerror(errno));
# 2235|   		sock = STDERR_FILENO + 1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def872]
openssh-10.0p1/sshconnect2.c:2246:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2246:9: danger: ‘from[0]’ leaks here
# 2244|   		    strerror(errno));
# 2245|   	}
# 2246|-> 	close(from[1]);
# 2247|   	close(to[0]);
# 2248|   	sock = STDERR_FILENO + 1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def873]
openssh-10.0p1/sshconnect2.c:2246:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2246:9: danger: ‘from[1]’ leaks here
# 2244|   		    strerror(errno));
# 2245|   	}
# 2246|-> 	close(from[1]);
# 2247|   	close(to[0]);
# 2248|   	sock = STDERR_FILENO + 1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def874]
openssh-10.0p1/sshconnect2.c:2246:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2246:9: danger: ‘to[0]’ leaks here
# 2244|   		    strerror(errno));
# 2245|   	}
# 2246|-> 	close(from[1]);
# 2247|   	close(to[0]);
# 2248|   	sock = STDERR_FILENO + 1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def875]
openssh-10.0p1/sshconnect2.c:2246:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2246:9: danger: ‘to[1]’ leaks here
# 2244|   		    strerror(errno));
# 2245|   	}
# 2246|-> 	close(from[1]);
# 2247|   	close(to[0]);
# 2248|   	sock = STDERR_FILENO + 1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def876]
openssh-10.0p1/sshconnect2.c:2247:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2247:9: danger: ‘from[0]’ leaks here
# 2245|   	}
# 2246|   	close(from[1]);
# 2247|-> 	close(to[0]);
# 2248|   	sock = STDERR_FILENO + 1;
# 2249|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def877]
openssh-10.0p1/sshconnect2.c:2247:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2247:9: danger: ‘to[0]’ leaks here
# 2245|   	}
# 2246|   	close(from[1]);
# 2247|-> 	close(to[0]);
# 2248|   	sock = STDERR_FILENO + 1;
# 2249|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def878]
openssh-10.0p1/sshconnect2.c:2247:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2247:9: danger: ‘to[1]’ leaks here
# 2245|   	}
# 2246|   	close(from[1]);
# 2247|-> 	close(to[0]);
# 2248|   	sock = STDERR_FILENO + 1;
# 2249|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def879]
openssh-10.0p1/sshconnect2.c:2250:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2250:18: danger: ‘from[0]’ leaks here
# 2248|   	sock = STDERR_FILENO + 1;
# 2249|   
# 2250|-> 	if ((b = sshbuf_new()) == NULL)
# 2251|   		fatal_f("sshbuf_new failed");
# 2252|   	/* send # of sock, data to be signed */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def880]
openssh-10.0p1/sshconnect2.c:2250:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2250:18: danger: ‘to[1]’ leaks here
# 2248|   	sock = STDERR_FILENO + 1;
# 2249|   
# 2250|-> 	if ((b = sshbuf_new()) == NULL)
# 2251|   		fatal_f("sshbuf_new failed");
# 2252|   	/* send # of sock, data to be signed */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def881]
openssh-10.0p1/sshconnect2.c:2251:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2250:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect2.c:2251:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2251:17: danger: ‘from[0]’ leaks here
# 2249|   
# 2250|   	if ((b = sshbuf_new()) == NULL)
# 2251|-> 		fatal_f("sshbuf_new failed");
# 2252|   	/* send # of sock, data to be signed */
# 2253|   	if ((r = sshbuf_put_u32(b, sock)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def882]
openssh-10.0p1/sshconnect2.c:2251:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2250:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect2.c:2251:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2251:17: danger: ‘to[1]’ leaks here
# 2249|   
# 2250|   	if ((b = sshbuf_new()) == NULL)
# 2251|-> 		fatal_f("sshbuf_new failed");
# 2252|   	/* send # of sock, data to be signed */
# 2253|   	if ((r = sshbuf_put_u32(b, sock)) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-775): [#def883]
openssh-10.0p1/sshconnect2.c:2253:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2250:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2253:18: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2253:18: danger: ‘from[0]’ leaks here
# 2251|   		fatal_f("sshbuf_new failed");
# 2252|   	/* send # of sock, data to be signed */
# 2253|-> 	if ((r = sshbuf_put_u32(b, sock)) != 0 ||
# 2254|   	    (r = sshbuf_put_string(b, data, datalen)) != 0)
# 2255|   		fatal_fr(r, "buffer error");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def884]
openssh-10.0p1/sshconnect2.c:2253:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2250:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2253:18: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2253:18: danger: ‘to[1]’ leaks here
# 2251|   		fatal_f("sshbuf_new failed");
# 2252|   	/* send # of sock, data to be signed */
# 2253|-> 	if ((r = sshbuf_put_u32(b, sock)) != 0 ||
# 2254|   	    (r = sshbuf_put_string(b, data, datalen)) != 0)
# 2255|   		fatal_fr(r, "buffer error");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def885]
openssh-10.0p1/sshconnect2.c:2254:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2250:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2253:18: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2253:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2254:18: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2254:18: danger: ‘from[0]’ leaks here
# 2252|   	/* send # of sock, data to be signed */
# 2253|   	if ((r = sshbuf_put_u32(b, sock)) != 0 ||
# 2254|-> 	    (r = sshbuf_put_string(b, data, datalen)) != 0)
# 2255|   		fatal_fr(r, "buffer error");
# 2256|   	if (ssh_msg_send(to[1], version, b) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def886]
openssh-10.0p1/sshconnect2.c:2254:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2250:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2253:18: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2253:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2254:18: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2254:18: danger: ‘to[1]’ leaks here
# 2252|   	/* send # of sock, data to be signed */
# 2253|   	if ((r = sshbuf_put_u32(b, sock)) != 0 ||
# 2254|-> 	    (r = sshbuf_put_string(b, data, datalen)) != 0)
# 2255|   		fatal_fr(r, "buffer error");
# 2256|   	if (ssh_msg_send(to[1], version, b) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def887]
openssh-10.0p1/sshconnect2.c:2255:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2250:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2253:18: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2255:17: danger: ‘from[0]’ leaks here
# 2253|   	if ((r = sshbuf_put_u32(b, sock)) != 0 ||
# 2254|   	    (r = sshbuf_put_string(b, data, datalen)) != 0)
# 2255|-> 		fatal_fr(r, "buffer error");
# 2256|   	if (ssh_msg_send(to[1], version, b) == -1)
# 2257|   		fatal_f("couldn't send request");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def888]
openssh-10.0p1/sshconnect2.c:2255:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2250:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2253:18: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2255:17: danger: ‘to[1]’ leaks here
# 2253|   	if ((r = sshbuf_put_u32(b, sock)) != 0 ||
# 2254|   	    (r = sshbuf_put_string(b, data, datalen)) != 0)
# 2255|-> 		fatal_fr(r, "buffer error");
# 2256|   	if (ssh_msg_send(to[1], version, b) == -1)
# 2257|   		fatal_f("couldn't send request");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def889]
openssh-10.0p1/sshconnect2.c:2256:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2250:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2253:18: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2253:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2254:18: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2253:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2256:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2256:13: danger: ‘from[0]’ leaks here
# 2254|   	    (r = sshbuf_put_string(b, data, datalen)) != 0)
# 2255|   		fatal_fr(r, "buffer error");
# 2256|-> 	if (ssh_msg_send(to[1], version, b) == -1)
# 2257|   		fatal_f("couldn't send request");
# 2258|   	sshbuf_reset(b);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def890]
openssh-10.0p1/sshconnect2.c:2256:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘to[1]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2250:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2253:18: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2253:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2254:18: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2253:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2256:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2256:13: danger: ‘to[1]’ leaks here
# 2254|   	    (r = sshbuf_put_string(b, data, datalen)) != 0)
# 2255|   		fatal_fr(r, "buffer error");
# 2256|-> 	if (ssh_msg_send(to[1], version, b) == -1)
# 2257|   		fatal_f("couldn't send request");
# 2258|   	sshbuf_reset(b);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def891]
openssh-10.0p1/sshconnect2.c:2257:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2250:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2253:18: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2253:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2254:18: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2253:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2256:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2256:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshconnect2.c:2257:17: branch_true: ...to here
openssh-10.0p1/sshconnect2.c:2257:17: danger: ‘from[0]’ leaks here
# 2255|   		fatal_fr(r, "buffer error");
# 2256|   	if (ssh_msg_send(to[1], version, b) == -1)
# 2257|-> 		fatal_f("couldn't send request");
# 2258|   	sshbuf_reset(b);
# 2259|   	r = ssh_msg_recv(from[0], b);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def892]
openssh-10.0p1/sshconnect2.c:2258:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2250:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2253:18: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2253:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2254:18: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2253:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2256:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2256:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2258:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2258:9: danger: ‘from[0]’ leaks here
# 2256|   	if (ssh_msg_send(to[1], version, b) == -1)
# 2257|   		fatal_f("couldn't send request");
# 2258|-> 	sshbuf_reset(b);
# 2259|   	r = ssh_msg_recv(from[0], b);
# 2260|   	close(from[0]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def893]
openssh-10.0p1/sshconnect2.c:2259:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘from[0]’
openssh-10.0p1/sshconnect2.c:2202:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2206:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2206:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2210:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2210:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2214:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2214:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2218:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2218:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshconnect2.c:2222:20: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2223:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
openssh-10.0p1/sshconnect2.c:2246:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2250:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2253:18: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2253:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2254:18: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2253:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2256:13: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2256:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshconnect2.c:2258:9: branch_false: ...to here
openssh-10.0p1/sshconnect2.c:2259:13: danger: ‘from[0]’ leaks here
# 2257|   		fatal_f("couldn't send request");
# 2258|   	sshbuf_reset(b);
# 2259|-> 	r = ssh_msg_recv(from[0], b);
# 2260|   	close(from[0]);
# 2261|   	close(to[1]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def894]
openssh-10.0p1/sshd-auth.c:656:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock_in’
openssh-10.0p1/sshd-auth.c:604:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-auth.c:608:9: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:612:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd-auth.c:627:13: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:638:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-auth.c:644:13: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:644:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-auth.c:653:38: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:653:38: acquire_resource: opened here
openssh-10.0p1/sshd-auth.c:656:13: danger: ‘sock_in’ leaks here; was opened at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#  654|   	}
#  655|   
#  656|-> 	if (stdfd_devnull(1, 1, 0) == -1)
#  657|   		error("stdfd_devnull failed");
#  658|   	debug("network sockets: %d, %d", sock_in, sock_out);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def895]
openssh-10.0p1/sshd-auth.c:656:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock_out’
openssh-10.0p1/sshd-auth.c:604:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-auth.c:608:9: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:612:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd-auth.c:627:13: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:638:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-auth.c:644:13: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:644:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd-auth.c:649:27: branch_true: ...to here
openssh-10.0p1/sshd-auth.c:650:28: acquire_resource: opened here
openssh-10.0p1/sshd-auth.c:656:13: danger: ‘sock_out’ leaks here; was opened at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8)
#  654|   	}
#  655|   
#  656|-> 	if (stdfd_devnull(1, 1, 0) == -1)
#  657|   		error("stdfd_devnull failed");
#  658|   	debug("network sockets: %d, %d", sock_in, sock_out);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def896]
openssh-10.0p1/sshd-auth.c:657:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock_in’
openssh-10.0p1/sshd-auth.c:604:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-auth.c:608:9: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:612:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd-auth.c:627:13: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:638:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-auth.c:644:13: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:644:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-auth.c:653:38: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:653:38: acquire_resource: opened here
openssh-10.0p1/sshd-auth.c:656:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd-auth.c:657:17: branch_true: ...to here
openssh-10.0p1/sshd-auth.c:657:17: danger: ‘sock_in’ leaks here; was opened at [(9)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/8)
#  655|   
#  656|   	if (stdfd_devnull(1, 1, 0) == -1)
#  657|-> 		error("stdfd_devnull failed");
#  658|   	debug("network sockets: %d, %d", sock_in, sock_out);
#  659|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def897]
openssh-10.0p1/sshd-auth.c:657:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock_out’
openssh-10.0p1/sshd-auth.c:604:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-auth.c:608:9: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:612:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd-auth.c:627:13: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:638:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-auth.c:644:13: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:644:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd-auth.c:649:27: branch_true: ...to here
openssh-10.0p1/sshd-auth.c:650:28: acquire_resource: opened here
openssh-10.0p1/sshd-auth.c:656:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd-auth.c:657:17: branch_true: ...to here
openssh-10.0p1/sshd-auth.c:657:17: danger: ‘sock_out’ leaks here; was opened at [(9)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/8)
#  655|   
#  656|   	if (stdfd_devnull(1, 1, 0) == -1)
#  657|-> 		error("stdfd_devnull failed");
#  658|   	debug("network sockets: %d, %d", sock_in, sock_out);
#  659|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def898]
openssh-10.0p1/sshd-auth.c:658:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock_in’
openssh-10.0p1/sshd-auth.c:604:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-auth.c:608:9: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:612:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd-auth.c:627:13: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:638:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-auth.c:644:13: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:644:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-auth.c:653:38: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:653:38: acquire_resource: opened here
openssh-10.0p1/sshd-auth.c:658:9: danger: ‘sock_in’ leaks here; was opened at [(9)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/8)
#  656|   	if (stdfd_devnull(1, 1, 0) == -1)
#  657|   		error("stdfd_devnull failed");
#  658|-> 	debug("network sockets: %d, %d", sock_in, sock_out);
#  659|   
#  660|   	/*

Error: GCC_ANALYZER_WARNING (CWE-775): [#def899]
openssh-10.0p1/sshd-auth.c:658:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock_out’
openssh-10.0p1/sshd-auth.c:604:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-auth.c:608:9: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:612:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd-auth.c:627:13: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:638:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-auth.c:644:13: branch_false: ...to here
openssh-10.0p1/sshd-auth.c:644:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd-auth.c:649:27: branch_true: ...to here
openssh-10.0p1/sshd-auth.c:650:28: acquire_resource: opened here
openssh-10.0p1/sshd-auth.c:658:9: danger: ‘sock_out’ leaks here; was opened at [(9)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/8)
#  656|   	if (stdfd_devnull(1, 1, 0) == -1)
#  657|   		error("stdfd_devnull failed");
#  658|-> 	debug("network sockets: %d, %d", sock_in, sock_out);
#  659|   
#  660|   	/*

Error: GCC_ANALYZER_WARNING (CWE-775): [#def900]
openssh-10.0p1/sshd-session.c:471:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(ssh_packet_get_connection_in(ssh), 0)’
openssh-10.0p1/sshd-session.c:422:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshd-session.c:424:17: branch_false: ...to here
openssh-10.0p1/sshd-session.c:424:17: branch_false: following ‘false’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshd-session.c:456:31: branch_false: ...to here
openssh-10.0p1/sshd-session.c:471:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd-session.c:472:21: branch_true: ...to here
openssh-10.0p1/sshd-session.c:472:21: acquire_resource: opened here
openssh-10.0p1/sshd-session.c:471:21: danger: ‘dup2(ssh_packet_get_connection_in(ssh), 0)’ leaks here; was opened at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  469|   		 */
#  470|   
#  471|-> 		if (ssh_packet_get_connection_in(ssh) != STDIN_FILENO &&
#  472|   		    dup2(ssh_packet_get_connection_in(ssh), STDIN_FILENO) == -1)
#  473|   			fatal("dup2 stdin failed: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def901]
openssh-10.0p1/sshd-session.c:474:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(ssh_packet_get_connection_out(ssh), 1)’
openssh-10.0p1/sshd-session.c:422:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshd-session.c:424:17: branch_false: ...to here
openssh-10.0p1/sshd-session.c:424:17: branch_false: following ‘false’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshd-session.c:456:31: branch_false: ...to here
openssh-10.0p1/sshd-session.c:474:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd-session.c:475:21: branch_true: ...to here
openssh-10.0p1/sshd-session.c:475:21: acquire_resource: opened here
openssh-10.0p1/sshd-session.c:474:21: danger: ‘dup2(ssh_packet_get_connection_out(ssh), 1)’ leaks here; was opened at [(7)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/6)
#  472|   		    dup2(ssh_packet_get_connection_in(ssh), STDIN_FILENO) == -1)
#  473|   			fatal("dup2 stdin failed: %s", strerror(errno));
#  474|-> 		if (ssh_packet_get_connection_out(ssh) != STDOUT_FILENO &&
#  475|   		    dup2(ssh_packet_get_connection_out(ssh),
#  476|   		    STDOUT_FILENO) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def902]
openssh-10.0p1/sshd-session.c:480:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(*pmonitor.m_recvfd, 3)’
openssh-10.0p1/sshd-session.c:422:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshd-session.c:424:17: branch_false: ...to here
openssh-10.0p1/sshd-session.c:424:17: branch_false: following ‘false’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshd-session.c:456:31: branch_false: ...to here
openssh-10.0p1/sshd-session.c:480:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd-session.c:481:21: branch_true: ...to here
openssh-10.0p1/sshd-session.c:481:21: acquire_resource: opened here
openssh-10.0p1/sshd-session.c:480:21: danger: ‘dup2(*pmonitor.m_recvfd, 3)’ leaks here; was opened at [(7)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/6)
#  478|   		/* leave stderr as-is */
#  479|   		log_redirect_stderr_to(NULL); /* dup can clobber log fd */
#  480|-> 		if (pmonitor->m_recvfd != PRIVSEP_MONITOR_FD &&
#  481|   		    dup2(pmonitor->m_recvfd, PRIVSEP_MONITOR_FD) == -1)
#  482|   			fatal("dup2 monitor fd: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def903]
openssh-10.0p1/sshd-session.c:483:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(*pmonitor.m_log_sendfd, 4)’
openssh-10.0p1/sshd-session.c:422:12: branch_false: following ‘false’ branch (when ‘pid != -1’)...
openssh-10.0p1/sshd-session.c:424:17: branch_false: ...to here
openssh-10.0p1/sshd-session.c:424:17: branch_false: following ‘false’ branch (when ‘pid == 0’)...
openssh-10.0p1/sshd-session.c:456:31: branch_false: ...to here
openssh-10.0p1/sshd-session.c:483:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd-session.c:484:21: branch_true: ...to here
openssh-10.0p1/sshd-session.c:484:21: acquire_resource: opened here
openssh-10.0p1/sshd-session.c:483:21: danger: ‘dup2(*pmonitor.m_log_sendfd, 4)’ leaks here; was opened at [(7)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/6)
#  481|   		    dup2(pmonitor->m_recvfd, PRIVSEP_MONITOR_FD) == -1)
#  482|   			fatal("dup2 monitor fd: %s", strerror(errno));
#  483|-> 		if (pmonitor->m_log_sendfd != PRIVSEP_LOG_FD &&
#  484|   		    dup2(pmonitor->m_log_sendfd, PRIVSEP_LOG_FD) == -1)
#  485|   			fatal("dup2 log fd: %s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def904]
openssh-10.0p1/sshd-session.c:782:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd-session.c:935:1: enter_function: entry to ‘main’
openssh-10.0p1/sshd-session.c:1092:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1097:12: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1097:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-session.c:1100:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1105:24: acquire_resource: opened here
openssh-10.0p1/sshd-session.c:1105:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd-session.c:1107:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd-session.c:1112:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1115:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd-session.c:1136:13: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1139:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1141:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1142:9: call_function: calling ‘recv_rexec_state’ from ‘main’
#  780|   	struct include_item *item;
#  781|   
#  782|-> 	debug3_f("entering fd = %d", fd);
#  783|   
#  784|   	if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def905]
openssh-10.0p1/sshd-session.c:784:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd-session.c:935:1: enter_function: entry to ‘main’
openssh-10.0p1/sshd-session.c:1092:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1097:12: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1097:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-session.c:1100:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1105:24: acquire_resource: opened here
openssh-10.0p1/sshd-session.c:1105:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd-session.c:1107:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd-session.c:1112:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1115:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd-session.c:1136:13: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1139:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1141:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1142:9: call_function: calling ‘recv_rexec_state’ from ‘main’
#  782|   	debug3_f("entering fd = %d", fd);
#  783|   
#  784|-> 	if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
#  785|   		fatal_f("sshbuf_new failed");
#  786|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def906]
openssh-10.0p1/sshd-session.c:784:50: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd-session.c:935:1: enter_function: entry to ‘main’
openssh-10.0p1/sshd-session.c:1092:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1097:12: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1097:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-session.c:1100:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1105:24: acquire_resource: opened here
openssh-10.0p1/sshd-session.c:1105:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd-session.c:1107:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd-session.c:1112:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1115:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd-session.c:1136:13: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1139:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1141:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1142:9: call_function: calling ‘recv_rexec_state’ from ‘main’
#  782|   	debug3_f("entering fd = %d", fd);
#  783|   
#  784|-> 	if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
#  785|   		fatal_f("sshbuf_new failed");
#  786|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def907]
openssh-10.0p1/sshd-session.c:785:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd-session.c:935:1: enter_function: entry to ‘main’
openssh-10.0p1/sshd-session.c:1092:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1097:12: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1097:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-session.c:1100:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1105:24: acquire_resource: opened here
openssh-10.0p1/sshd-session.c:1105:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd-session.c:1107:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd-session.c:1112:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1115:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd-session.c:1136:13: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1139:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1141:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1142:9: call_function: calling ‘recv_rexec_state’ from ‘main’
#  783|   
#  784|   	if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
#  785|-> 		fatal_f("sshbuf_new failed");
#  786|   
#  787|   	/* receive config */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def908]
openssh-10.0p1/sshd-session.c:788:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd-session.c:935:1: enter_function: entry to ‘main’
openssh-10.0p1/sshd-session.c:1092:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1097:12: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1097:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-session.c:1100:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1105:24: acquire_resource: opened here
openssh-10.0p1/sshd-session.c:1105:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd-session.c:1107:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd-session.c:1112:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1115:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd-session.c:1136:13: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1139:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1141:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1142:9: call_function: calling ‘recv_rexec_state’ from ‘main’
#  786|   
#  787|   	/* receive config */
#  788|-> 	if (ssh_msg_recv(fd, m) == -1)
#  789|   		fatal_f("ssh_msg_recv failed");
#  790|   	if ((r = sshbuf_get_u8(m, &ver)) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def909]
openssh-10.0p1/sshd-session.c:789:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd-session.c:935:1: enter_function: entry to ‘main’
openssh-10.0p1/sshd-session.c:1092:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1097:12: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1097:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-session.c:1100:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1105:24: acquire_resource: opened here
openssh-10.0p1/sshd-session.c:1105:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd-session.c:1107:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd-session.c:1112:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1115:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd-session.c:1136:13: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1139:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1141:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1142:9: call_function: calling ‘recv_rexec_state’ from ‘main’
#  787|   	/* receive config */
#  788|   	if (ssh_msg_recv(fd, m) == -1)
#  789|-> 		fatal_f("ssh_msg_recv failed");
#  790|   	if ((r = sshbuf_get_u8(m, &ver)) != 0)
#  791|   		fatal_fr(r, "parse version");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def910]
openssh-10.0p1/sshd-session.c:790:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd-session.c:935:1: enter_function: entry to ‘main’
openssh-10.0p1/sshd-session.c:1092:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1097:12: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1097:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-session.c:1100:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1105:24: acquire_resource: opened here
openssh-10.0p1/sshd-session.c:1105:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd-session.c:1107:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd-session.c:1112:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1115:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd-session.c:1136:13: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1139:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1141:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1142:9: call_function: calling ‘recv_rexec_state’ from ‘main’
#  788|   	if (ssh_msg_recv(fd, m) == -1)
#  789|   		fatal_f("ssh_msg_recv failed");
#  790|-> 	if ((r = sshbuf_get_u8(m, &ver)) != 0)
#  791|   		fatal_fr(r, "parse version");
#  792|   	if (ver != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def911]
openssh-10.0p1/sshd-session.c:791:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd-session.c:935:1: enter_function: entry to ‘main’
openssh-10.0p1/sshd-session.c:1092:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1097:12: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1097:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-session.c:1100:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1105:24: acquire_resource: opened here
openssh-10.0p1/sshd-session.c:1105:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd-session.c:1107:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd-session.c:1112:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1115:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd-session.c:1136:13: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1139:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1141:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1142:9: call_function: calling ‘recv_rexec_state’ from ‘main’
#  789|   		fatal_f("ssh_msg_recv failed");
#  790|   	if ((r = sshbuf_get_u8(m, &ver)) != 0)
#  791|-> 		fatal_fr(r, "parse version");
#  792|   	if (ver != 0)
#  793|   		fatal_f("rexec version mismatch");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def912]
openssh-10.0p1/sshd-session.c:1108:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd-session.c:1092:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1097:12: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1097:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-session.c:1100:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1105:24: acquire_resource: opened here
openssh-10.0p1/sshd-session.c:1105:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd-session.c:1107:16: branch_true: following ‘true’ branch (when ‘devnull <= 4’)...
openssh-10.0p1/sshd-session.c:1108:32: branch_true: ...to here
openssh-10.0p1/sshd-session.c:1108:20: branch_false: following ‘false’ branch (when ‘devnull != -1’)...
 branch_false: ...to here
openssh-10.0p1/sshd-session.c:1108:20: danger: ‘devnull’ leaks here; was opened at [(5)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/4)
# 1106|   		fatal("open %s: %s", _PATH_DEVNULL, strerror(errno));
# 1107|   	while (devnull < PRIVSEP_MIN_FREE_FD) {
# 1108|-> 		if ((devnull = dup(devnull)) == -1)
# 1109|   			fatal("dup %s: %s", _PATH_DEVNULL, strerror(errno));
# 1110|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def913]
openssh-10.0p1/sshd-session.c:1109:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd-session.c:1092:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1097:12: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1097:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-session.c:1100:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1105:24: acquire_resource: opened here
openssh-10.0p1/sshd-session.c:1105:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd-session.c:1107:16: branch_true: following ‘true’ branch (when ‘devnull <= 4’)...
openssh-10.0p1/sshd-session.c:1108:32: branch_true: ...to here
openssh-10.0p1/sshd-session.c:1108:20: branch_true: following ‘true’ branch (when ‘devnull == -1’)...
openssh-10.0p1/sshd-session.c:1109:25: branch_true: ...to here
openssh-10.0p1/sshd-session.c:1109:25: danger: ‘devnull’ leaks here; was opened at [(5)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/4)
# 1107|   	while (devnull < PRIVSEP_MIN_FREE_FD) {
# 1108|   		if ((devnull = dup(devnull)) == -1)
# 1109|-> 			fatal("dup %s: %s", _PATH_DEVNULL, strerror(errno));
# 1110|   	}
# 1111|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def914]
openssh-10.0p1/sshd-session.c:1112:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd-session.c:1092:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1097:12: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1097:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-session.c:1100:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1105:24: acquire_resource: opened here
openssh-10.0p1/sshd-session.c:1105:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd-session.c:1107:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd-session.c:1112:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1112:9: danger: ‘devnull’ leaks here; was opened at [(5)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/4)
# 1110|   	}
# 1111|   
# 1112|-> 	seed_rng();
# 1113|   
# 1114|   	/* If requested, redirect the logs to the specified logfile. */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def915]
openssh-10.0p1/sshd-session.c:1131:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd-session.c:1092:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1097:12: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1097:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-session.c:1100:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1105:24: acquire_resource: opened here
openssh-10.0p1/sshd-session.c:1105:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd-session.c:1107:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd-session.c:1112:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1115:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd-session.c:1136:13: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1131:9: danger: ‘devnull’ leaks here; was opened at [(5)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/4)
# 1129|   	 * key (unless started from inetd)
# 1130|   	 */
# 1131|-> 	log_init(__progname,
# 1132|   	    options.log_level == SYSLOG_LEVEL_NOT_SET ?
# 1133|   	    SYSLOG_LEVEL_INFO : options.log_level,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def916]
openssh-10.0p1/sshd-session.c:1139:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd-session.c:1092:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1097:12: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1097:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-session.c:1100:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1105:24: acquire_resource: opened here
openssh-10.0p1/sshd-session.c:1105:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd-session.c:1107:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd-session.c:1112:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1115:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd-session.c:1136:13: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1139:20: danger: ‘devnull’ leaks here; was opened at [(5)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/4)
# 1137|   
# 1138|   	/* Fetch our configuration */
# 1139|-> 	if ((cfg = sshbuf_new()) == NULL)
# 1140|   		fatal("sshbuf_new config buf failed");
# 1141|   	setproctitle("%s", "[rexeced]");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def917]
openssh-10.0p1/sshd-session.c:1140:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd-session.c:1092:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1097:12: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1097:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-session.c:1100:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1105:24: acquire_resource: opened here
openssh-10.0p1/sshd-session.c:1105:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd-session.c:1107:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd-session.c:1112:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1115:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd-session.c:1136:13: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1139:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd-session.c:1140:17: branch_true: ...to here
openssh-10.0p1/sshd-session.c:1140:17: danger: ‘devnull’ leaks here; was opened at [(5)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/4)
# 1138|   	/* Fetch our configuration */
# 1139|   	if ((cfg = sshbuf_new()) == NULL)
# 1140|-> 		fatal("sshbuf_new config buf failed");
# 1141|   	setproctitle("%s", "[rexeced]");
# 1142|   	recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg, &timing_secret);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def918]
openssh-10.0p1/sshd-session.c:1141:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd-session.c:1092:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1097:12: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1097:12: branch_false: following ‘false’ branch (when ‘rexeced_flag != 0’)...
openssh-10.0p1/sshd-session.c:1100:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1105:24: acquire_resource: opened here
openssh-10.0p1/sshd-session.c:1105:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd-session.c:1107:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd-session.c:1112:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1115:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd-session.c:1136:13: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1139:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd-session.c:1141:9: branch_false: ...to here
openssh-10.0p1/sshd-session.c:1141:9: danger: ‘devnull’ leaks here; was opened at [(5)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/4)
# 1139|   	if ((cfg = sshbuf_new()) == NULL)
# 1140|   		fatal("sshbuf_new config buf failed");
# 1141|-> 	setproctitle("%s", "[rexeced]");
# 1142|   	recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg, &timing_secret);
# 1143|   	parse_server_config(&options, "rexec", cfg, &includes, NULL, 1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def919]
openssh-10.0p1/sshd.c:830:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘listen_sock’
openssh-10.0p1/sshd.c:826:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/sshd.c:827:21: branch_true: ...to here
openssh-10.0p1/sshd.c:826:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/sshd.c:827:21: branch_true: ...to here
openssh-10.0p1/sshd.c:829:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:832:28: branch_false: ...to here
openssh-10.0p1/sshd.c:840:31: acquire_resource: socket created here
openssh-10.0p1/sshd.c:842:20: branch_false: following ‘false’ branch (when ‘listen_sock != -1’)...
openssh-10.0p1/sshd.c:847:21: branch_false: ...to here
openssh-10.0p1/sshd.c:881:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:884:17: branch_false: ...to here
openssh-10.0p1/sshd.c:826:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/sshd.c:827:21: branch_true: ...to here
openssh-10.0p1/sshd.c:830:25: danger: ‘listen_sock’ leaks here
#  828|   			continue;
#  829|   		if (num_listen_socks >= MAX_LISTEN_SOCKS)
#  830|-> 			fatal("Too many listen sockets. "
#  831|   			    "Enlarge MAX_LISTEN_SOCKS");
#  832|   		if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def920]
openssh-10.0p1/sshd.c:832:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘listen_sock’
openssh-10.0p1/sshd.c:826:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/sshd.c:827:21: branch_true: ...to here
openssh-10.0p1/sshd.c:826:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/sshd.c:827:21: branch_true: ...to here
openssh-10.0p1/sshd.c:829:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:832:28: branch_false: ...to here
openssh-10.0p1/sshd.c:840:31: acquire_resource: socket created here
openssh-10.0p1/sshd.c:842:20: branch_false: following ‘false’ branch (when ‘listen_sock != -1’)...
openssh-10.0p1/sshd.c:847:21: branch_false: ...to here
openssh-10.0p1/sshd.c:881:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:884:17: branch_false: ...to here
openssh-10.0p1/sshd.c:826:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/sshd.c:827:21: branch_true: ...to here
openssh-10.0p1/sshd.c:829:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:832:28: branch_false: ...to here
openssh-10.0p1/sshd.c:832:28: danger: ‘listen_sock’ leaks here
#  830|   			fatal("Too many listen sockets. "
#  831|   			    "Enlarge MAX_LISTEN_SOCKS");
#  832|-> 		if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen,
#  833|   		    ntop, sizeof(ntop), strport, sizeof(strport),
#  834|   		    NI_NUMERICHOST|NI_NUMERICSERV)) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def921]
openssh-10.0p1/sshd.c:835:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘listen_sock’
openssh-10.0p1/sshd.c:826:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/sshd.c:827:21: branch_true: ...to here
openssh-10.0p1/sshd.c:826:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/sshd.c:827:21: branch_true: ...to here
openssh-10.0p1/sshd.c:829:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:832:28: branch_false: ...to here
openssh-10.0p1/sshd.c:840:31: acquire_resource: socket created here
openssh-10.0p1/sshd.c:842:20: branch_false: following ‘false’ branch (when ‘listen_sock != -1’)...
openssh-10.0p1/sshd.c:847:21: branch_false: ...to here
openssh-10.0p1/sshd.c:881:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:884:17: branch_false: ...to here
openssh-10.0p1/sshd.c:826:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/sshd.c:827:21: branch_true: ...to here
openssh-10.0p1/sshd.c:829:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:832:28: branch_false: ...to here
openssh-10.0p1/sshd.c:835:25: danger: ‘listen_sock’ leaks here
#  833|   		    ntop, sizeof(ntop), strport, sizeof(strport),
#  834|   		    NI_NUMERICHOST|NI_NUMERICSERV)) != 0) {
#  835|-> 			error("getnameinfo failed: %.100s",
#  836|   			    ssh_gai_strerror(ret));
#  837|   			continue;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def922]
openssh-10.0p1/sshd.c:842:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor
openssh-10.0p1/sshd.c:826:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/sshd.c:827:21: branch_true: ...to here
openssh-10.0p1/sshd.c:826:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/sshd.c:827:21: branch_true: ...to here
openssh-10.0p1/sshd.c:829:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:832:28: branch_false: ...to here
openssh-10.0p1/sshd.c:840:31: acquire_resource: socket created here
openssh-10.0p1/sshd.c:842:20: branch_false: following ‘false’ branch (when ‘listen_sock != -1’)...
openssh-10.0p1/sshd.c:847:21: branch_false: ...to here
openssh-10.0p1/sshd.c:881:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:884:17: branch_false: ...to here
openssh-10.0p1/sshd.c:826:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/sshd.c:827:21: branch_true: ...to here
openssh-10.0p1/sshd.c:829:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:832:28: branch_false: ...to here
openssh-10.0p1/sshd.c:842:20: danger: leaks here
#  840|   		listen_sock = socket(ai->ai_family, ai->ai_socktype,
#  841|   		    ai->ai_protocol);
#  842|-> 		if (listen_sock == -1) {
#  843|   			/* kernel may not support ipv6 */
#  844|   			verbose("socket: %.100s", strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def923]
openssh-10.0p1/sshd.c:847:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘listen_sock’
openssh-10.0p1/sshd.c:826:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/sshd.c:827:21: branch_true: ...to here
openssh-10.0p1/sshd.c:827:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:829:21: branch_false: ...to here
openssh-10.0p1/sshd.c:829:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:832:28: branch_false: ...to here
openssh-10.0p1/sshd.c:832:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:840:31: branch_false: ...to here
openssh-10.0p1/sshd.c:840:31: acquire_resource: socket created here
openssh-10.0p1/sshd.c:842:20: branch_false: following ‘false’ branch (when ‘listen_sock != -1’)...
openssh-10.0p1/sshd.c:847:21: branch_false: ...to here
openssh-10.0p1/sshd.c:847:21: danger: ‘listen_sock’ leaks here
#  845|   			continue;
#  846|   		}
#  847|-> 		if (set_nonblock(listen_sock) == -1) {
#  848|   			close(listen_sock);
#  849|   			continue;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def924]
openssh-10.0p1/sshd.c:882:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘listen_sock’
openssh-10.0p1/sshd.c:826:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/sshd.c:827:21: branch_true: ...to here
openssh-10.0p1/sshd.c:826:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/sshd.c:827:21: branch_true: ...to here
openssh-10.0p1/sshd.c:829:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:832:28: branch_false: ...to here
openssh-10.0p1/sshd.c:840:31: acquire_resource: socket created here
openssh-10.0p1/sshd.c:842:20: branch_false: following ‘false’ branch (when ‘listen_sock != -1’)...
openssh-10.0p1/sshd.c:847:21: branch_false: ...to here
openssh-10.0p1/sshd.c:881:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:882:25: branch_true: ...to here
openssh-10.0p1/sshd.c:882:25: danger: ‘listen_sock’ leaks here
#  880|   		/* Start listening on the port. */
#  881|   		if (listen(listen_sock, SSH_LISTEN_BACKLOG) == -1)
#  882|-> 			fatal("listen on [%s]:%s: %.100s",
#  883|   			    ntop, strport, strerror(errno));
#  884|   		logit("Server listening on %s port %s%s%s.",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def925]
openssh-10.0p1/sshd.c:884:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘listen_sock’
openssh-10.0p1/sshd.c:826:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/sshd.c:827:21: branch_true: ...to here
openssh-10.0p1/sshd.c:826:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/sshd.c:827:21: branch_true: ...to here
openssh-10.0p1/sshd.c:829:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:832:28: branch_false: ...to here
openssh-10.0p1/sshd.c:840:31: acquire_resource: socket created here
openssh-10.0p1/sshd.c:842:20: branch_false: following ‘false’ branch (when ‘listen_sock != -1’)...
openssh-10.0p1/sshd.c:847:21: branch_false: ...to here
openssh-10.0p1/sshd.c:881:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:884:17: branch_false: ...to here
openssh-10.0p1/sshd.c:884:17: danger: ‘listen_sock’ leaks here
#  882|   			fatal("listen on [%s]:%s: %.100s",
#  883|   			    ntop, strport, strerror(errno));
#  884|-> 		logit("Server listening on %s port %s%s%s.",
#  885|   		    ntop, strport,
#  886|   		    la->rdomain == NULL ? "" : " rdomain ",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def926]
openssh-10.0p1/sshd.c:889:1: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘listen_sock’
openssh-10.0p1/sshd.c:826:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/sshd.c:827:21: branch_true: ...to here
openssh-10.0p1/sshd.c:826:30: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
openssh-10.0p1/sshd.c:827:21: branch_true: ...to here
openssh-10.0p1/sshd.c:829:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:832:28: branch_false: ...to here
openssh-10.0p1/sshd.c:840:31: acquire_resource: socket created here
openssh-10.0p1/sshd.c:842:20: branch_false: following ‘false’ branch (when ‘listen_sock != -1’)...
openssh-10.0p1/sshd.c:847:21: branch_false: ...to here
openssh-10.0p1/sshd.c:881:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:884:17: branch_false: ...to here
openssh-10.0p1/sshd.c:889:1: danger: ‘listen_sock’ leaks here
#  887|   		    la->rdomain == NULL ? "" : la->rdomain);
#  888|   	}
#  889|-> }
#  890|   
#  891|   static void

Error: GCC_ANALYZER_WARNING (CWE-775): [#def927]
openssh-10.0p1/sshd.c:1255:35: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1306:1: enter_function: entry to ‘main’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1595:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1697:9: call_function: calling ‘accumulate_host_timing_secret’ from ‘main’
# 1253|   	int r;
# 1254|   
# 1255|-> 	if (ctx == NULL && (ctx = ssh_digest_start(SSH_DIGEST_SHA512)) == NULL)
# 1256|   		fatal_f("ssh_digest_start");
# 1257|   	if (key == NULL) { /* finalize */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def928]
openssh-10.0p1/sshd.c:1256:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1306:1: enter_function: entry to ‘main’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1595:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1697:9: call_function: calling ‘accumulate_host_timing_secret’ from ‘main’
# 1254|   
# 1255|   	if (ctx == NULL && (ctx = ssh_digest_start(SSH_DIGEST_SHA512)) == NULL)
# 1256|-> 		fatal_f("ssh_digest_start");
# 1257|   	if (key == NULL) { /* finalize */
# 1258|   		/* add server config in case we are using agent for host keys */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def929]
openssh-10.0p1/sshd.c:1259:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1306:1: enter_function: entry to ‘main’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1595:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1697:9: call_function: calling ‘accumulate_host_timing_secret’ from ‘main’
# 1257|   	if (key == NULL) { /* finalize */
# 1258|   		/* add server config in case we are using agent for host keys */
# 1259|-> 		if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg),
# 1260|   		    sshbuf_len(server_cfg)) != 0)
# 1261|   			fatal_f("ssh_digest_update");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def930]
openssh-10.0p1/sshd.c:1259:44: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1306:1: enter_function: entry to ‘main’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1595:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1697:9: call_function: calling ‘accumulate_host_timing_secret’ from ‘main’
# 1257|   	if (key == NULL) { /* finalize */
# 1258|   		/* add server config in case we are using agent for host keys */
# 1259|-> 		if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg),
# 1260|   		    sshbuf_len(server_cfg)) != 0)
# 1261|   			fatal_f("ssh_digest_update");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def931]
openssh-10.0p1/sshd.c:1261:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1306:1: enter_function: entry to ‘main’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1595:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1697:9: call_function: calling ‘accumulate_host_timing_secret’ from ‘main’
# 1259|   		if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg),
# 1260|   		    sshbuf_len(server_cfg)) != 0)
# 1261|-> 			fatal_f("ssh_digest_update");
# 1262|   		len = ssh_digest_bytes(SSH_DIGEST_SHA512);
# 1263|   		hash = xmalloc(len);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def932]
openssh-10.0p1/sshd.c:1262:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1306:1: enter_function: entry to ‘main’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1595:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1697:9: call_function: calling ‘accumulate_host_timing_secret’ from ‘main’
# 1260|   		    sshbuf_len(server_cfg)) != 0)
# 1261|   			fatal_f("ssh_digest_update");
# 1262|-> 		len = ssh_digest_bytes(SSH_DIGEST_SHA512);
# 1263|   		hash = xmalloc(len);
# 1264|   		if (ssh_digest_final(ctx, hash, len) != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def933]
openssh-10.0p1/sshd.c:1263:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1306:1: enter_function: entry to ‘main’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1595:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1697:9: call_function: calling ‘accumulate_host_timing_secret’ from ‘main’
# 1261|   			fatal_f("ssh_digest_update");
# 1262|   		len = ssh_digest_bytes(SSH_DIGEST_SHA512);
# 1263|-> 		hash = xmalloc(len);
# 1264|   		if (ssh_digest_final(ctx, hash, len) != 0)
# 1265|   			fatal_f("ssh_digest_final");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def934]
openssh-10.0p1/sshd.c:1482:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_true: following ‘true’ branch (when ‘devnull <= 4’)...
openssh-10.0p1/sshd.c:1482:32: branch_true: ...to here
openssh-10.0p1/sshd.c:1482:20: branch_false: following ‘false’ branch (when ‘devnull != -1’)...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1482:20: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/2)
# 1480|   		fatal("open %s: %s", _PATH_DEVNULL, strerror(errno));
# 1481|   	while (devnull < REEXEC_MIN_FREE_FD) {
# 1482|-> 		if ((devnull = dup(devnull)) == -1)
# 1483|   			fatal("dup %s: %s", _PATH_DEVNULL, strerror(errno));
# 1484|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def935]
openssh-10.0p1/sshd.c:1483:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_true: following ‘true’ branch (when ‘devnull <= 4’)...
openssh-10.0p1/sshd.c:1482:32: branch_true: ...to here
openssh-10.0p1/sshd.c:1482:20: branch_true: following ‘true’ branch (when ‘devnull == -1’)...
openssh-10.0p1/sshd.c:1483:25: branch_true: ...to here
openssh-10.0p1/sshd.c:1483:25: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/2)
# 1481|   	while (devnull < REEXEC_MIN_FREE_FD) {
# 1482|   		if ((devnull = dup(devnull)) == -1)
# 1483|-> 			fatal("dup %s: %s", _PATH_DEVNULL, strerror(errno));
# 1484|   	}
# 1485|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def936]
openssh-10.0p1/sshd.c:1486:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1486:9: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/2)
# 1484|   	}
# 1485|   
# 1486|-> 	seed_rng();
# 1487|   
# 1488|   	/* If requested, redirect the logs to the specified logfile. */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def937]
openssh-10.0p1/sshd.c:1493:22: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1360:16: branch_true: following ‘true’ branch (when ‘opt != -1’)...
openssh-10.0p1/sshd.c:1362:17: branch_true: ...to here
openssh-10.0p1/sshd.c:1360:16: branch_false: following ‘false’ branch (when ‘opt == -1’)...
openssh-10.0p1/sshd.c:1473:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1473:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1473:59: branch_true: ...to here
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_true: following ‘true’ branch (when ‘logfile’ is non-NULL)...
openssh-10.0p1/sshd.c:1492:70: branch_true: ...to here
openssh-10.0p1/sshd.c:1493:22: danger: ‘devnull’ leaks here; was opened at [(9)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/8)
# 1491|   
# 1492|   		snprintf(pid_s, sizeof(pid_s), "%ld", (unsigned long)getpid());
# 1493|-> 		cp = percent_expand(logfile,
# 1494|   		    "p", pid_s,
# 1495|   		    "P", "sshd",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def938]
openssh-10.0p1/sshd.c:1497:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1360:16: branch_true: following ‘true’ branch (when ‘opt != -1’)...
openssh-10.0p1/sshd.c:1362:17: branch_true: ...to here
openssh-10.0p1/sshd.c:1360:16: branch_false: following ‘false’ branch (when ‘opt == -1’)...
openssh-10.0p1/sshd.c:1473:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1473:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1473:59: branch_true: ...to here
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_true: following ‘true’ branch (when ‘logfile’ is non-NULL)...
openssh-10.0p1/sshd.c:1492:70: branch_true: ...to here
openssh-10.0p1/sshd.c:1497:17: danger: ‘devnull’ leaks here; was opened at [(9)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/8)
# 1495|   		    "P", "sshd",
# 1496|   		    (char *)NULL);
# 1497|-> 		log_redirect_stderr_to(cp);
# 1498|   		free(cp);
# 1499|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def939]
openssh-10.0p1/sshd.c:1505:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1505:9: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/2)
# 1503|   	 * key (unless started from inetd)
# 1504|   	 */
# 1505|-> 	log_init(__progname,
# 1506|   	    options.log_level == SYSLOG_LEVEL_NOT_SET ?
# 1507|   	    SYSLOG_LEVEL_INFO : options.log_level,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def940]
openssh-10.0p1/sshd.c:1529:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1529:9: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/2)
# 1527|   		    "test mode (-T)");
# 1528|   
# 1529|-> 	debug("sshd version %s, %s", SSH_VERSION, SSH_OPENSSL_VERSION);
# 1530|   	if (uname(&utsname) != 0) {
# 1531|   		memset(&utsname, 0, sizeof(utsname));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def941]
openssh-10.0p1/sshd.c:1534:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1534:9: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/2)
# 1532|   		strlcpy(utsname.sysname, "UNKNOWN", sizeof(utsname.sysname));
# 1533|   	}
# 1534|-> 	debug3("Running on %s %s %s %s", utsname.sysname, utsname.release,
# 1535|   	    utsname.version, utsname.machine);
# 1536|   	debug3("Started with: %s", args);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def942]
openssh-10.0p1/sshd.c:1536:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1536:9: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/2)
# 1534|   	debug3("Running on %s %s %s %s", utsname.sysname, utsname.release,
# 1535|   	    utsname.version, utsname.machine);
# 1536|-> 	debug3("Started with: %s", args);
# 1537|   	free(args);
# 1538|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def943]
openssh-10.0p1/sshd.c:1540:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:20: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/2)
# 1538|   
# 1539|   	/* Fetch our configuration */
# 1540|-> 	if ((cfg = sshbuf_new()) == NULL)
# 1541|   		fatal("sshbuf_new config failed");
# 1542|   	if (strcasecmp(config_file_name, "none") != 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def944]
openssh-10.0p1/sshd.c:1541:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1541:17: branch_true: ...to here
openssh-10.0p1/sshd.c:1541:17: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/2)
# 1539|   	/* Fetch our configuration */
# 1540|   	if ((cfg = sshbuf_new()) == NULL)
# 1541|-> 		fatal("sshbuf_new config failed");
# 1542|   	if (strcasecmp(config_file_name, "none") != 0)
# 1543|   		load_server_config(config_file_name, cfg);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def945]
openssh-10.0p1/sshd.c:1543:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1542:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1543:17: branch_true: ...to here
openssh-10.0p1/sshd.c:1543:17: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/2)
# 1541|   		fatal("sshbuf_new config failed");
# 1542|   	if (strcasecmp(config_file_name, "none") != 0)
# 1543|-> 		load_server_config(config_file_name, cfg);
# 1544|   
# 1545|   	parse_server_config(&options, config_file_name, cfg,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def946]
openssh-10.0p1/sshd.c:1545:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1545:9: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/2)
# 1543|   		load_server_config(config_file_name, cfg);
# 1544|   
# 1545|-> 	parse_server_config(&options, config_file_name, cfg,
# 1546|   	    &includes, NULL, 0);
# 1547|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def947]
openssh-10.0p1/sshd.c:1549:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1549:9: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/32/codeFlows/0/threadFlows/0/locations/2)
# 1547|   
# 1548|   	/* Fill in default values for those options not explicitly set. */
# 1549|-> 	fill_default_server_options(&options);
# 1550|   
# 1551|   	/* Check that options are sensible */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def948]
openssh-10.0p1/sshd.c:1555:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1552:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1553:14: branch_true: ...to here
openssh-10.0p1/sshd.c:1552:13: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1554:13: branch_true: ...to here
openssh-10.0p1/sshd.c:1553:13: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1555:17: branch_true: ...to here
openssh-10.0p1/sshd.c:1555:17: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/33/codeFlows/0/threadFlows/0/locations/2)
# 1553|   	    (options.authorized_keys_command != NULL &&
# 1554|   	    strcasecmp(options.authorized_keys_command, "none") != 0))
# 1555|-> 		fatal("AuthorizedKeysCommand set without "
# 1556|   		    "AuthorizedKeysCommandUser");
# 1557|   	if (options.authorized_principals_command_user == NULL &&

Error: GCC_ANALYZER_WARNING (CWE-775): [#def949]
openssh-10.0p1/sshd.c:1560:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1557:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1558:14: branch_true: ...to here
openssh-10.0p1/sshd.c:1557:13: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1559:13: branch_true: ...to here
openssh-10.0p1/sshd.c:1558:13: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1560:17: branch_true: ...to here
openssh-10.0p1/sshd.c:1560:17: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/34/codeFlows/0/threadFlows/0/locations/2)
# 1558|   	    (options.authorized_principals_command != NULL &&
# 1559|   	    strcasecmp(options.authorized_principals_command, "none") != 0))
# 1560|-> 		fatal("AuthorizedPrincipalsCommand set without "
# 1561|   		    "AuthorizedPrincipalsCommandUser");
# 1562|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def950]
openssh-10.0p1/sshd.c:1571:29: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1569:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
openssh-10.0p1/sshd.c:1570:29: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1571:49: branch_true: ...to here
openssh-10.0p1/sshd.c:1571:29: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/35/codeFlows/0/threadFlows/0/locations/2)
# 1569|   	if (options.num_auth_methods != 0) {
# 1570|   		for (i = 0; i < options.num_auth_methods; i++) {
# 1571|-> 			if (auth2_methods_valid(options.auth_methods[i],
# 1572|   			    1) == 0)
# 1573|   				break;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def951]
openssh-10.0p1/sshd.c:1576:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1569:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
openssh-10.0p1/sshd.c:1575:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1576:25: branch_true: ...to here
openssh-10.0p1/sshd.c:1576:25: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/36/codeFlows/0/threadFlows/0/locations/2)
# 1574|   		}
# 1575|   		if (i >= options.num_auth_methods)
# 1576|-> 			fatal("AuthenticationMethods cannot be satisfied by "
# 1577|   			    "enabled authentication methods");
# 1578|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def952]
openssh-10.0p1/sshd.c:1590:36: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1590:36: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/37/codeFlows/0/threadFlows/0/locations/2)
# 1588|   
# 1589|   	/* load host keys */
# 1590|-> 	sensitive_data.host_keys = xcalloc(options.num_host_key_files,
# 1591|   	    sizeof(struct sshkey *));
# 1592|   	sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def953]
openssh-10.0p1/sshd.c:1592:39: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1592:39: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/38/codeFlows/0/threadFlows/0/locations/2)
# 1590|   	sensitive_data.host_keys = xcalloc(options.num_host_key_files,
# 1591|   	    sizeof(struct sshkey *));
# 1592|-> 	sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files,
# 1593|   	    sizeof(struct sshkey *));
# 1594|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def954]
openssh-10.0p1/sshd.c:1599:26: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1595:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1596:21: branch_true: ...to here
openssh-10.0p1/sshd.c:1596:20: branch_false: following ‘false’ branch (when the strings are equal)...
openssh-10.0p1/sshd.c:1599:26: branch_false: ...to here
openssh-10.0p1/sshd.c:1599:26: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/39/codeFlows/0/threadFlows/0/locations/2)
# 1597|   			setenv(SSH_AUTHSOCKET_ENV_NAME,
# 1598|   			    options.host_key_agent, 1);
# 1599|-> 		if ((r = ssh_get_authentication_socket(NULL)) == 0)
# 1600|   			have_agent = 1;
# 1601|   		else

Error: GCC_ANALYZER_WARNING (CWE-775): [#def955]
openssh-10.0p1/sshd.c:1602:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1595:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1596:21: branch_true: ...to here
openssh-10.0p1/sshd.c:1599:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1602:25: branch_false: ...to here
openssh-10.0p1/sshd.c:1602:25: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/40/codeFlows/0/threadFlows/0/locations/2)
# 1600|   			have_agent = 1;
# 1601|   		else
# 1602|-> 			error_r(r, "Could not connect to agent \"%s\"",
# 1603|   			    options.host_key_agent);
# 1604|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def956]
openssh-10.0p1/sshd.c:1612:26: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1595:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1606:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1607:26: branch_true: ...to here
openssh-10.0p1/sshd.c:1610:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1612:26: branch_false: ...to here
openssh-10.0p1/sshd.c:1612:26: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/42/codeFlows/0/threadFlows/0/locations/2)
# 1610|   		if (options.host_key_files[i] == NULL)
# 1611|   			continue;
# 1612|-> 		if ((r = sshkey_load_private(options.host_key_files[i], "",
# 1613|   		    &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
# 1614|   			do_log2_r(r, ll, "Unable to load host key \"%s\"",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def957]
openssh-10.0p1/sshd.c:1614:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1606:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1607:26: branch_true: ...to here
openssh-10.0p1/sshd.c:1610:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1612:26: branch_false: ...to here
openssh-10.0p1/sshd.c:1612:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1612:21: branch_true: ...to here
openssh-10.0p1/sshd.c:1612:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1614:25: branch_true: ...to here
openssh-10.0p1/sshd.c:1614:25: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/43/codeFlows/0/threadFlows/0/locations/2)
# 1612|   		if ((r = sshkey_load_private(options.host_key_files[i], "",
# 1613|   		    &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
# 1614|-> 			do_log2_r(r, ll, "Unable to load host key \"%s\"",
# 1615|   			    options.host_key_files[i]);
# 1616|   		if (FIPS_mode() && key != NULL && (sshkey_type_plain(key->type) == KEY_ED25519_SK

Error: GCC_ANALYZER_WARNING (CWE-775): [#def958]
openssh-10.0p1/sshd.c:1616:52: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1606:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1607:26: branch_true: ...to here
openssh-10.0p1/sshd.c:1610:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1612:26: branch_false: ...to here
openssh-10.0p1/sshd.c:1616:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1616:52: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/45/codeFlows/0/threadFlows/0/locations/2)
# 1614|   			do_log2_r(r, ll, "Unable to load host key \"%s\"",
# 1615|   			    options.host_key_files[i]);
# 1616|-> 		if (FIPS_mode() && key != NULL && (sshkey_type_plain(key->type) == KEY_ED25519_SK
# 1617|   				||  sshkey_type_plain(key->type) == KEY_ED25519)) {
# 1618|   		    logit_f("sshd: Ed25519 keys are not allowed in FIPS mode, skipping %s", options.host_key_files[i]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def959]
openssh-10.0p1/sshd.c:1617:37: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1606:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1607:26: branch_true: ...to here
openssh-10.0p1/sshd.c:1610:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1612:26: branch_false: ...to here
openssh-10.0p1/sshd.c:1616:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1616:21: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1617:58: branch_false: ...to here
openssh-10.0p1/sshd.c:1617:37: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/46/codeFlows/0/threadFlows/0/locations/2)
# 1615|   			    options.host_key_files[i]);
# 1616|   		if (FIPS_mode() && key != NULL && (sshkey_type_plain(key->type) == KEY_ED25519_SK
# 1617|-> 				||  sshkey_type_plain(key->type) == KEY_ED25519)) {
# 1618|   		    logit_f("sshd: Ed25519 keys are not allowed in FIPS mode, skipping %s", options.host_key_files[i]);
# 1619|   		    sshkey_free(key);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def960]
openssh-10.0p1/sshd.c:1618:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1606:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1607:26: branch_true: ...to here
openssh-10.0p1/sshd.c:1610:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1612:26: branch_false: ...to here
openssh-10.0p1/sshd.c:1616:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1618:21: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/47/codeFlows/0/threadFlows/0/locations/2)
# 1616|   		if (FIPS_mode() && key != NULL && (sshkey_type_plain(key->type) == KEY_ED25519_SK
# 1617|   				||  sshkey_type_plain(key->type) == KEY_ED25519)) {
# 1618|-> 		    logit_f("sshd: Ed25519 keys are not allowed in FIPS mode, skipping %s", options.host_key_files[i]);
# 1619|   		    sshkey_free(key);
# 1620|   		    key = NULL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def961]
openssh-10.0p1/sshd.c:1619:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1606:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1607:26: branch_true: ...to here
openssh-10.0p1/sshd.c:1610:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1612:26: branch_false: ...to here
openssh-10.0p1/sshd.c:1616:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1619:21: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/48/codeFlows/0/threadFlows/0/locations/2)
# 1617|   				||  sshkey_type_plain(key->type) == KEY_ED25519)) {
# 1618|   		    logit_f("sshd: Ed25519 keys are not allowed in FIPS mode, skipping %s", options.host_key_files[i]);
# 1619|-> 		    sshkey_free(key);
# 1620|   		    key = NULL;
# 1621|   		    continue;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def962]
openssh-10.0p1/sshd.c:1623:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1606:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1607:26: branch_true: ...to here
openssh-10.0p1/sshd.c:1610:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1612:26: branch_false: ...to here
openssh-10.0p1/sshd.c:1623:21: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/49/codeFlows/0/threadFlows/0/locations/2)
# 1621|   		    continue;
# 1622|   		}
# 1623|-> 		if (sshkey_is_sk(key) &&
# 1624|   		    key->sk_flags & SSH_SK_USER_PRESENCE_REQD) {
# 1625|   			debug("host key %s requires user presence, ignoring",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def963]
openssh-10.0p1/sshd.c:1625:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1606:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1607:26: branch_true: ...to here
openssh-10.0p1/sshd.c:1610:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1612:26: branch_false: ...to here
openssh-10.0p1/sshd.c:1623:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1624:24: branch_true: ...to here
openssh-10.0p1/sshd.c:1623:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1625:25: branch_true: ...to here
openssh-10.0p1/sshd.c:1625:25: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/50/codeFlows/0/threadFlows/0/locations/2)
# 1623|   		if (sshkey_is_sk(key) &&
# 1624|   		    key->sk_flags & SSH_SK_USER_PRESENCE_REQD) {
# 1625|-> 			debug("host key %s requires user presence, ignoring",
# 1626|   			    options.host_key_files[i]);
# 1627|   			key->sk_flags &= ~SSH_SK_USER_PRESENCE_REQD;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def964]
openssh-10.0p1/sshd.c:1630:26: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1606:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1607:26: branch_true: ...to here
openssh-10.0p1/sshd.c:1610:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1612:26: branch_false: ...to here
openssh-10.0p1/sshd.c:1629:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1630:26: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/51/codeFlows/0/threadFlows/0/locations/2)
# 1628|   		}
# 1629|   		if (r == 0 && key != NULL &&
# 1630|-> 		    (r = sshkey_shield_private(key)) != 0) {
# 1631|   			do_log2_r(r, ll, "Unable to shield host key \"%s\"",
# 1632|   			    options.host_key_files[i]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def965]
openssh-10.0p1/sshd.c:1631:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1606:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1607:26: branch_true: ...to here
openssh-10.0p1/sshd.c:1610:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1612:26: branch_false: ...to here
openssh-10.0p1/sshd.c:1629:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1631:25: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/52/codeFlows/0/threadFlows/0/locations/2)
# 1629|   		if (r == 0 && key != NULL &&
# 1630|   		    (r = sshkey_shield_private(key)) != 0) {
# 1631|-> 			do_log2_r(r, ll, "Unable to shield host key \"%s\"",
# 1632|   			    options.host_key_files[i]);
# 1633|   			sshkey_free(key);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def966]
openssh-10.0p1/sshd.c:1633:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:24: acquire_resource: opened here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_false: following ‘false’ branch (when ‘devnull > 4’)...
openssh-10.0p1/sshd.c:1486:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1606:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1607:26: branch_true: ...to here
openssh-10.0p1/sshd.c:1610:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1612:26: branch_false: ...to here
openssh-10.0p1/sshd.c:1629:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1633:25: danger: ‘devnull’ leaks here; was opened at [(3)](sarif:/runs/0/results/54/codeFlows/0/threadFlows/0/locations/2)
# 1631|   			do_log2_r(r, ll, "Unable to shield host key \"%s\"",
# 1632|   			    options.host_key_files[i]);
# 1633|-> 			sshkey_free(key);
# 1634|   			key = NULL;
# 1635|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def967]
openssh-10.0p1/sshd.c:1636:26: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_true: following ‘true’ branch (when ‘devnull <= 4’)...
openssh-10.0p1/sshd.c:1482:32: branch_true: ...to here
openssh-10.0p1/sshd.c:1482:32: acquire_resource: opened here
openssh-10.0p1/sshd.c:1482:20: branch_false: following ‘false’ branch (when ‘devnull != -1’)...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1606:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1607:26: branch_true: ...to here
openssh-10.0p1/sshd.c:1610:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1612:26: branch_false: ...to here
openssh-10.0p1/sshd.c:1636:26: danger: ‘devnull’ leaks here; was opened at [(7)](sarif:/runs/0/results/55/codeFlows/0/threadFlows/0/locations/6)
# 1634|   			key = NULL;
# 1635|   		}
# 1636|-> 		if ((r = sshkey_load_public(options.host_key_files[i],
# 1637|   		    &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
# 1638|   			do_log2_r(r, ll, "Unable to load host key \"%s\"",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def968]
openssh-10.0p1/sshd.c:1638:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_true: following ‘true’ branch (when ‘devnull <= 4’)...
openssh-10.0p1/sshd.c:1482:32: branch_true: ...to here
openssh-10.0p1/sshd.c:1482:32: acquire_resource: opened here
openssh-10.0p1/sshd.c:1482:20: branch_false: following ‘false’ branch (when ‘devnull != -1’)...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1606:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1607:26: branch_true: ...to here
openssh-10.0p1/sshd.c:1610:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1612:26: branch_false: ...to here
openssh-10.0p1/sshd.c:1636:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1636:21: branch_true: ...to here
openssh-10.0p1/sshd.c:1636:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1638:25: branch_true: ...to here
openssh-10.0p1/sshd.c:1638:25: danger: ‘devnull’ leaks here; was opened at [(7)](sarif:/runs/0/results/56/codeFlows/0/threadFlows/0/locations/6)
# 1636|   		if ((r = sshkey_load_public(options.host_key_files[i],
# 1637|   		    &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
# 1638|-> 			do_log2_r(r, ll, "Unable to load host key \"%s\"",
# 1639|   			    options.host_key_files[i]);
# 1640|   		if (pubkey != NULL && key != NULL) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def969]
openssh-10.0p1/sshd.c:1641:30: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_true: following ‘true’ branch (when ‘devnull <= 4’)...
openssh-10.0p1/sshd.c:1482:32: branch_true: ...to here
openssh-10.0p1/sshd.c:1482:32: acquire_resource: opened here
openssh-10.0p1/sshd.c:1482:20: branch_false: following ‘false’ branch (when ‘devnull != -1’)...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1606:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1607:26: branch_true: ...to here
openssh-10.0p1/sshd.c:1610:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1612:26: branch_false: ...to here
openssh-10.0p1/sshd.c:1640:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1641:30: danger: ‘devnull’ leaks here; was opened at [(7)](sarif:/runs/0/results/58/codeFlows/0/threadFlows/0/locations/6)
# 1639|   			    options.host_key_files[i]);
# 1640|   		if (pubkey != NULL && key != NULL) {
# 1641|-> 			if (!sshkey_equal(pubkey, key)) {
# 1642|   				error("Public key for %s does not match "
# 1643|   				    "private key", options.host_key_files[i]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def970]
openssh-10.0p1/sshd.c:1642:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_true: following ‘true’ branch (when ‘devnull <= 4’)...
openssh-10.0p1/sshd.c:1482:32: branch_true: ...to here
openssh-10.0p1/sshd.c:1482:32: acquire_resource: opened here
openssh-10.0p1/sshd.c:1482:20: branch_false: following ‘false’ branch (when ‘devnull != -1’)...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1606:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1607:26: branch_true: ...to here
openssh-10.0p1/sshd.c:1610:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1612:26: branch_false: ...to here
openssh-10.0p1/sshd.c:1640:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1641:28: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1642:33: branch_true: ...to here
openssh-10.0p1/sshd.c:1642:33: danger: ‘devnull’ leaks here; was opened at [(7)](sarif:/runs/0/results/59/codeFlows/0/threadFlows/0/locations/6)
# 1640|   		if (pubkey != NULL && key != NULL) {
# 1641|   			if (!sshkey_equal(pubkey, key)) {
# 1642|-> 				error("Public key for %s does not match "
# 1643|   				    "private key", options.host_key_files[i]);
# 1644|   				sshkey_free(pubkey);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def971]
openssh-10.0p1/sshd.c:1644:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_true: following ‘true’ branch (when ‘devnull <= 4’)...
openssh-10.0p1/sshd.c:1482:32: branch_true: ...to here
openssh-10.0p1/sshd.c:1482:32: acquire_resource: opened here
openssh-10.0p1/sshd.c:1482:20: branch_false: following ‘false’ branch (when ‘devnull != -1’)...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1606:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1607:26: branch_true: ...to here
openssh-10.0p1/sshd.c:1610:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1612:26: branch_false: ...to here
openssh-10.0p1/sshd.c:1640:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1641:28: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1642:33: branch_true: ...to here
openssh-10.0p1/sshd.c:1644:33: danger: ‘devnull’ leaks here; was opened at [(7)](sarif:/runs/0/results/60/codeFlows/0/threadFlows/0/locations/6)
# 1642|   				error("Public key for %s does not match "
# 1643|   				    "private key", options.host_key_files[i]);
# 1644|-> 				sshkey_free(pubkey);
# 1645|   				pubkey = NULL;
# 1646|   			}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def972]
openssh-10.0p1/sshd.c:1649:34: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_true: following ‘true’ branch (when ‘devnull <= 4’)...
openssh-10.0p1/sshd.c:1482:32: branch_true: ...to here
openssh-10.0p1/sshd.c:1482:32: acquire_resource: opened here
openssh-10.0p1/sshd.c:1482:20: branch_false: following ‘false’ branch (when ‘devnull != -1’)...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1606:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1607:26: branch_true: ...to here
openssh-10.0p1/sshd.c:1610:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1612:26: branch_false: ...to here
openssh-10.0p1/sshd.c:1648:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1649:34: danger: ‘devnull’ leaks here; was opened at [(7)](sarif:/runs/0/results/61/codeFlows/0/threadFlows/0/locations/6)
# 1647|   		}
# 1648|   		if (pubkey == NULL && key != NULL) {
# 1649|-> 			if ((r = sshkey_from_private(key, &pubkey)) != 0)
# 1650|   				fatal_r(r, "Could not demote key: \"%s\"",
# 1651|   				    options.host_key_files[i]);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def973]
openssh-10.0p1/sshd.c:1650:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘devnull’
openssh-10.0p1/sshd.c:1473:13: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1476:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1479:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1481:16: branch_true: following ‘true’ branch (when ‘devnull <= 4’)...
openssh-10.0p1/sshd.c:1482:32: branch_true: ...to here
openssh-10.0p1/sshd.c:1482:32: acquire_resource: opened here
openssh-10.0p1/sshd.c:1482:20: branch_false: following ‘false’ branch (when ‘devnull != -1’)...
 branch_false: ...to here
openssh-10.0p1/sshd.c:1489:12: branch_false: following ‘false’ branch (when ‘logfile’ is NULL)...
openssh-10.0p1/sshd.c:1505:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1525:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1529:9: branch_false: ...to here
openssh-10.0p1/sshd.c:1540:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1542:13: branch_false: ...to here
openssh-10.0p1/sshd.c:1581:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1586:12: branch_false: ...to here
openssh-10.0p1/sshd.c:1586:12: branch_false: following ‘false’ branch (when ‘do_dump_cfg == 0’)...
openssh-10.0p1/sshd.c:1590:44: branch_false: ...to here
openssh-10.0p1/sshd.c:1606:21: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1607:26: branch_true: ...to here
openssh-10.0p1/sshd.c:1610:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshd.c:1612:26: branch_false: ...to here
openssh-10.0p1/sshd.c:1648:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1649:28: branch_true: following ‘true’ branch...
openssh-10.0p1/sshd.c:1650:33: branch_true: ...to here
openssh-10.0p1/sshd.c:1650:33: danger: ‘devnull’ leaks here; was opened at [(7)](sarif:/runs/0/results/62/codeFlows/0/threadFlows/0/locations/6)
# 1648|   		if (pubkey == NULL && key != NULL) {
# 1649|   			if ((r = sshkey_from_private(key, &pubkey)) != 0)
# 1650|-> 				fatal_r(r, "Could not demote key: \"%s\"",
# 1651|   				    options.host_key_files[i]);
# 1652|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def974]
openssh-10.0p1/sshpty.c:121:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 258)’
openssh-10.0p1/sshpty.c:119:14: acquire_resource: opened here
openssh-10.0p1/sshpty.c:120:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshpty.c:121:17: branch_true: ...to here
openssh-10.0p1/sshpty.c:121:17: danger: ‘open("/dev/tty", 258)’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  119|   	fd = open(_PATH_TTY, O_RDWR | O_NOCTTY);
#  120|   	if (fd >= 0) {
#  121|-> 		error("Failed to disconnect from controlling tty.");
#  122|   		close(fd);
#  123|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def975]
openssh-10.0p1/sshpty.c:122:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 258)’
openssh-10.0p1/sshpty.c:119:14: acquire_resource: opened here
openssh-10.0p1/sshpty.c:120:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshpty.c:121:17: branch_true: ...to here
openssh-10.0p1/sshpty.c:122:17: danger: ‘open("/dev/tty", 258)’ leaks here; was opened at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  120|   	if (fd >= 0) {
#  121|   		error("Failed to disconnect from controlling tty.");
#  122|-> 		close(fd);
#  123|   	}
#  124|   	/* Make it our controlling tty. */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def976]
openssh-10.0p1/sshpty.c:138:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(tty, 2)’
openssh-10.0p1/sshpty.c:134:14: acquire_resource: opened here
openssh-10.0p1/sshpty.c:135:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshpty.c:138:17: branch_false: ...to here
openssh-10.0p1/sshpty.c:138:17: danger: ‘open(tty, 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  136|   		error("%.100s: %.100s", tty, strerror(errno));
#  137|   	else
#  138|-> 		close(fd);
#  139|   
#  140|   	/* Verify that we now have a controlling tty. */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def977]
openssh-10.0p1/sshpty.c:146:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 1)’
openssh-10.0p1/sshpty.c:141:14: acquire_resource: opened here
openssh-10.0p1/sshpty.c:142:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshpty.c:146:17: branch_false: ...to here
openssh-10.0p1/sshpty.c:146:17: danger: ‘open("/dev/tty", 1)’ leaks here; was opened at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  144|   		    strerror(errno));
#  145|   	else
#  146|-> 		close(fd);
#  147|   }
#  148|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def978]
openssh-10.0p1/sshsig.c:655:26: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:736:1: enter_function: entry to ‘parse_principals_key_and_options’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:784:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:789:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:789:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:791:17: branch_true: ...to here
openssh-10.0p1/sshsig.c:792:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:797:21: branch_false: ...to here
openssh-10.0p1/sshsig.c:797:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:804:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:810:9: branch_false: ...to here
openssh-10.0p1/sshsig.c:810:9: branch_true: following ‘true’ branch (when ‘opts’ is non-NULL)...
openssh-10.0p1/sshsig.c:810:9: branch_true: ...to here
openssh-10.0p1/sshsig.c:811:24: call_function: calling ‘sshsigopt_parse’ from ‘parse_principals_key_and_options’
#  653|   	while (*opts && *opts != ' ' && *opts != '\t') {
#  654|   		/* flag options */
#  655|-> 		if ((r = opt_flag("cert-authority", 0, &opts)) != -1) {
#  656|   			ret->ca = 1;
#  657|   		} else if (opt_match(&opts, "namespaces")) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def979]
openssh-10.0p1/sshsig.c:655:26: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/sshsig.c:648:20: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:648:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/sshsig.c:650:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:650:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:653:16: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:655:26: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  653|   	while (*opts && *opts != ' ' && *opts != '\t') {
#  654|   		/* flag options */
#  655|-> 		if ((r = opt_flag("cert-authority", 0, &opts)) != -1) {
#  656|   			ret->ca = 1;
#  657|   		} else if (opt_match(&opts, "namespaces")) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def980]
openssh-10.0p1/sshsig.c:657:28: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:736:1: enter_function: entry to ‘parse_principals_key_and_options’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:784:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:789:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:789:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:791:17: branch_true: ...to here
openssh-10.0p1/sshsig.c:792:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:797:21: branch_false: ...to here
openssh-10.0p1/sshsig.c:797:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:804:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:810:9: branch_false: ...to here
openssh-10.0p1/sshsig.c:810:9: branch_true: following ‘true’ branch (when ‘opts’ is non-NULL)...
openssh-10.0p1/sshsig.c:810:9: branch_true: ...to here
openssh-10.0p1/sshsig.c:811:24: call_function: calling ‘sshsigopt_parse’ from ‘parse_principals_key_and_options’
#  655|   		if ((r = opt_flag("cert-authority", 0, &opts)) != -1) {
#  656|   			ret->ca = 1;
#  657|-> 		} else if (opt_match(&opts, "namespaces")) {
#  658|   			if (ret->namespaces != NULL) {
#  659|   				errstr = "multiple \"namespaces\" clauses";

Error: GCC_ANALYZER_WARNING (CWE-401): [#def981]
openssh-10.0p1/sshsig.c:657:28: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/sshsig.c:648:20: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:648:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/sshsig.c:650:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:650:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:653:16: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:655:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:657:28: branch_false: ...to here
openssh-10.0p1/sshsig.c:657:28: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  655|   		if ((r = opt_flag("cert-authority", 0, &opts)) != -1) {
#  656|   			ret->ca = 1;
#  657|-> 		} else if (opt_match(&opts, "namespaces")) {
#  658|   			if (ret->namespaces != NULL) {
#  659|   				errstr = "multiple \"namespaces\" clauses";

Error: GCC_ANALYZER_WARNING (CWE-401): [#def982]
openssh-10.0p1/sshsig.c:662:43: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:736:1: enter_function: entry to ‘parse_principals_key_and_options’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:784:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:789:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:789:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:791:17: branch_true: ...to here
openssh-10.0p1/sshsig.c:792:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:797:21: branch_false: ...to here
openssh-10.0p1/sshsig.c:797:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:804:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:810:9: branch_false: ...to here
openssh-10.0p1/sshsig.c:810:9: branch_true: following ‘true’ branch (when ‘opts’ is non-NULL)...
openssh-10.0p1/sshsig.c:810:9: branch_true: ...to here
openssh-10.0p1/sshsig.c:811:24: call_function: calling ‘sshsigopt_parse’ from ‘parse_principals_key_and_options’
#  660|   				goto fail;
#  661|   			}
#  662|-> 			ret->namespaces = opt_dequote(&opts, &errstr);
#  663|   			if (ret->namespaces == NULL)
#  664|   				goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def983]
openssh-10.0p1/sshsig.c:662:43: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/sshsig.c:648:20: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:648:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/sshsig.c:650:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:650:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:653:16: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:655:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:657:28: branch_false: ...to here
openssh-10.0p1/sshsig.c:658:28: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:662:43: branch_false: ...to here
openssh-10.0p1/sshsig.c:662:43: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  660|   				goto fail;
#  661|   			}
#  662|-> 			ret->namespaces = opt_dequote(&opts, &errstr);
#  663|   			if (ret->namespaces == NULL)
#  664|   				goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def984]
openssh-10.0p1/sshsig.c:665:28: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:736:1: enter_function: entry to ‘parse_principals_key_and_options’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:784:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:789:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:789:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:791:17: branch_true: ...to here
openssh-10.0p1/sshsig.c:792:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:797:21: branch_false: ...to here
openssh-10.0p1/sshsig.c:797:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:804:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:810:9: branch_false: ...to here
openssh-10.0p1/sshsig.c:810:9: branch_true: following ‘true’ branch (when ‘opts’ is non-NULL)...
openssh-10.0p1/sshsig.c:810:9: branch_true: ...to here
openssh-10.0p1/sshsig.c:811:24: call_function: calling ‘sshsigopt_parse’ from ‘parse_principals_key_and_options’
#  663|   			if (ret->namespaces == NULL)
#  664|   				goto fail;
#  665|-> 		} else if (opt_match(&opts, "valid-after")) {
#  666|   			if (ret->valid_after != 0) {
#  667|   				errstr = "multiple \"valid-after\" clauses";

Error: GCC_ANALYZER_WARNING (CWE-401): [#def985]
openssh-10.0p1/sshsig.c:665:28: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/sshsig.c:648:20: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:648:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/sshsig.c:650:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:650:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:653:16: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:655:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:657:28: branch_false: ...to here
openssh-10.0p1/sshsig.c:657:27: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:665:28: branch_false: ...to here
openssh-10.0p1/sshsig.c:665:28: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  663|   			if (ret->namespaces == NULL)
#  664|   				goto fail;
#  665|-> 		} else if (opt_match(&opts, "valid-after")) {
#  666|   			if (ret->valid_after != 0) {
#  667|   				errstr = "multiple \"valid-after\" clauses";

Error: GCC_ANALYZER_WARNING (CWE-401): [#def986]
openssh-10.0p1/sshsig.c:670:36: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:736:1: enter_function: entry to ‘parse_principals_key_and_options’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:784:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:789:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:789:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:791:17: branch_true: ...to here
openssh-10.0p1/sshsig.c:792:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:797:21: branch_false: ...to here
openssh-10.0p1/sshsig.c:797:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:804:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:810:9: branch_false: ...to here
openssh-10.0p1/sshsig.c:810:9: branch_true: following ‘true’ branch (when ‘opts’ is non-NULL)...
openssh-10.0p1/sshsig.c:810:9: branch_true: ...to here
openssh-10.0p1/sshsig.c:811:24: call_function: calling ‘sshsigopt_parse’ from ‘parse_principals_key_and_options’
#  668|   				goto fail;
#  669|   			}
#  670|-> 			if ((opt = opt_dequote(&opts, &errstr)) == NULL)
#  671|   				goto fail;
#  672|   			if (parse_absolute_time(opt, &ret->valid_after) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def987]
openssh-10.0p1/sshsig.c:670:36: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/sshsig.c:648:20: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:648:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/sshsig.c:650:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:650:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:653:16: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:655:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:657:28: branch_false: ...to here
openssh-10.0p1/sshsig.c:657:27: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:665:28: branch_false: ...to here
openssh-10.0p1/sshsig.c:666:28: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:670:36: branch_false: ...to here
openssh-10.0p1/sshsig.c:670:36: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  668|   				goto fail;
#  669|   			}
#  670|-> 			if ((opt = opt_dequote(&opts, &errstr)) == NULL)
#  671|   				goto fail;
#  672|   			if (parse_absolute_time(opt, &ret->valid_after) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def988]
openssh-10.0p1/sshsig.c:672:29: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:736:1: enter_function: entry to ‘parse_principals_key_and_options’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:784:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:789:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:789:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:791:17: branch_true: ...to here
openssh-10.0p1/sshsig.c:792:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:797:21: branch_false: ...to here
openssh-10.0p1/sshsig.c:797:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:804:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:810:9: branch_false: ...to here
openssh-10.0p1/sshsig.c:810:9: branch_true: following ‘true’ branch (when ‘opts’ is non-NULL)...
openssh-10.0p1/sshsig.c:810:9: branch_true: ...to here
openssh-10.0p1/sshsig.c:811:24: call_function: calling ‘sshsigopt_parse’ from ‘parse_principals_key_and_options’
#  670|   			if ((opt = opt_dequote(&opts, &errstr)) == NULL)
#  671|   				goto fail;
#  672|-> 			if (parse_absolute_time(opt, &ret->valid_after) != 0 ||
#  673|   			    ret->valid_after == 0) {
#  674|   				free(opt);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def989]
openssh-10.0p1/sshsig.c:672:29: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/sshsig.c:648:20: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:648:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/sshsig.c:650:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:650:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:653:16: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:655:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:657:28: branch_false: ...to here
openssh-10.0p1/sshsig.c:657:27: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:665:28: branch_false: ...to here
openssh-10.0p1/sshsig.c:666:28: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:670:36: branch_false: ...to here
openssh-10.0p1/sshsig.c:670:28: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:672:29: branch_false: ...to here
openssh-10.0p1/sshsig.c:672:29: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/0)
#  670|   			if ((opt = opt_dequote(&opts, &errstr)) == NULL)
#  671|   				goto fail;
#  672|-> 			if (parse_absolute_time(opt, &ret->valid_after) != 0 ||
#  673|   			    ret->valid_after == 0) {
#  674|   				free(opt);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def990]
openssh-10.0p1/sshsig.c:679:28: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:736:1: enter_function: entry to ‘parse_principals_key_and_options’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:784:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:789:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:789:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:791:17: branch_true: ...to here
openssh-10.0p1/sshsig.c:792:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:797:21: branch_false: ...to here
openssh-10.0p1/sshsig.c:797:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:804:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:810:9: branch_false: ...to here
openssh-10.0p1/sshsig.c:810:9: branch_true: following ‘true’ branch (when ‘opts’ is non-NULL)...
openssh-10.0p1/sshsig.c:810:9: branch_true: ...to here
openssh-10.0p1/sshsig.c:811:24: call_function: calling ‘sshsigopt_parse’ from ‘parse_principals_key_and_options’
#  677|   			}
#  678|   			free(opt);
#  679|-> 		} else if (opt_match(&opts, "valid-before")) {
#  680|   			if (ret->valid_before != 0) {
#  681|   				errstr = "multiple \"valid-before\" clauses";

Error: GCC_ANALYZER_WARNING (CWE-401): [#def991]
openssh-10.0p1/sshsig.c:679:28: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/sshsig.c:648:20: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:648:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/sshsig.c:650:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:650:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:653:16: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:655:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:657:28: branch_false: ...to here
openssh-10.0p1/sshsig.c:657:27: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:665:28: branch_false: ...to here
openssh-10.0p1/sshsig.c:665:27: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:679:28: branch_false: ...to here
openssh-10.0p1/sshsig.c:679:28: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/0)
#  677|   			}
#  678|   			free(opt);
#  679|-> 		} else if (opt_match(&opts, "valid-before")) {
#  680|   			if (ret->valid_before != 0) {
#  681|   				errstr = "multiple \"valid-before\" clauses";

Error: GCC_ANALYZER_WARNING (CWE-401): [#def992]
openssh-10.0p1/sshsig.c:684:36: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:736:1: enter_function: entry to ‘parse_principals_key_and_options’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:784:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:789:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:789:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:791:17: branch_true: ...to here
openssh-10.0p1/sshsig.c:792:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:797:21: branch_false: ...to here
openssh-10.0p1/sshsig.c:797:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:804:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:810:9: branch_false: ...to here
openssh-10.0p1/sshsig.c:810:9: branch_true: following ‘true’ branch (when ‘opts’ is non-NULL)...
openssh-10.0p1/sshsig.c:810:9: branch_true: ...to here
openssh-10.0p1/sshsig.c:811:24: call_function: calling ‘sshsigopt_parse’ from ‘parse_principals_key_and_options’
#  682|   				goto fail;
#  683|   			}
#  684|-> 			if ((opt = opt_dequote(&opts, &errstr)) == NULL)
#  685|   				goto fail;
#  686|   			if (parse_absolute_time(opt, &ret->valid_before) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def993]
openssh-10.0p1/sshsig.c:684:36: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/sshsig.c:648:20: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:648:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/sshsig.c:650:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:650:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:653:16: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:655:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:657:28: branch_false: ...to here
openssh-10.0p1/sshsig.c:657:27: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:665:28: branch_false: ...to here
openssh-10.0p1/sshsig.c:665:27: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:679:28: branch_false: ...to here
openssh-10.0p1/sshsig.c:680:28: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:684:36: branch_false: ...to here
openssh-10.0p1/sshsig.c:684:36: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/0)
#  682|   				goto fail;
#  683|   			}
#  684|-> 			if ((opt = opt_dequote(&opts, &errstr)) == NULL)
#  685|   				goto fail;
#  686|   			if (parse_absolute_time(opt, &ret->valid_before) != 0 ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def994]
openssh-10.0p1/sshsig.c:686:29: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
openssh-10.0p1/sshsig.c:648:20: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:648:12: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
openssh-10.0p1/sshsig.c:650:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:650:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:653:16: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:655:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:657:28: branch_false: ...to here
openssh-10.0p1/sshsig.c:657:27: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:665:28: branch_false: ...to here
openssh-10.0p1/sshsig.c:665:27: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:679:28: branch_false: ...to here
openssh-10.0p1/sshsig.c:680:28: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:684:36: branch_false: ...to here
openssh-10.0p1/sshsig.c:684:28: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:686:29: branch_false: ...to here
openssh-10.0p1/sshsig.c:686:29: danger: ‘ret’ leaks here; was allocated at [(1)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/0)
#  684|   			if ((opt = opt_dequote(&opts, &errstr)) == NULL)
#  685|   				goto fail;
#  686|-> 			if (parse_absolute_time(opt, &ret->valid_before) != 0 ||
#  687|   			    ret->valid_before == 0) {
#  688|   				free(opt);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def995]
openssh-10.0p1/sshsig.c:774:21: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:773:12: branch_true: following ‘true’ branch (when ‘required_principal’ is non-NULL)...
openssh-10.0p1/sshsig.c:774:21: branch_true: ...to here
openssh-10.0p1/sshsig.c:774:21: danger: ‘principals’ leaks here; was allocated at [(9)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/8)
#  772|   	 */
#  773|   	if (required_principal != NULL) {
#  774|-> 		if (match_pattern_list(required_principal,
#  775|   		    principals, 0) != 1) {
#  776|   			/* principal didn't match */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def996]
openssh-10.0p1/sshsig.c:780:17: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:773:12: branch_true: following ‘true’ branch (when ‘required_principal’ is non-NULL)...
openssh-10.0p1/sshsig.c:774:21: branch_true: ...to here
openssh-10.0p1/sshsig.c:774:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:780:17: branch_false: ...to here
openssh-10.0p1/sshsig.c:780:17: danger: ‘principals’ leaks here; was allocated at [(9)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/8)
#  778|   			goto out;
#  779|   		}
#  780|-> 		debug_f("%s:%lu: matched principal \"%s\"",
#  781|   		    path, linenum, required_principal);
#  782|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def997]
openssh-10.0p1/sshsig.c:784:20: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:784:20: danger: ‘principals’ leaks here; was allocated at [(9)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/8)
#  782|   	}
#  783|   
#  784|-> 	if ((key = sshkey_new(KEY_UNSPEC)) == NULL) {
#  785|   		error_f("sshkey_new failed");
#  786|   		r = SSH_ERR_ALLOC_FAIL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def998]
openssh-10.0p1/sshsig.c:785:17: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:784:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:785:17: branch_true: ...to here
openssh-10.0p1/sshsig.c:785:17: danger: ‘principals’ leaks here; was allocated at [(9)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/8)
#  783|   
#  784|   	if ((key = sshkey_new(KEY_UNSPEC)) == NULL) {
#  785|-> 		error_f("sshkey_new failed");
#  786|   		r = SSH_ERR_ALLOC_FAIL;
#  787|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def999]
openssh-10.0p1/sshsig.c:789:13: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:784:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:789:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:789:13: danger: ‘principals’ leaks here; was allocated at [(9)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/8)
#  787|   		goto out;
#  788|   	}
#  789|-> 	if (sshkey_read(key, &cp) != 0) {
#  790|   		/* no key? Check for options */
#  791|   		opts = cp;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1000]
openssh-10.0p1/sshsig.c:792:21: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:784:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:789:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:789:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:791:17: branch_true: ...to here
openssh-10.0p1/sshsig.c:792:21: danger: ‘principals’ leaks here; was allocated at [(9)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/8)
#  790|   		/* no key? Check for options */
#  791|   		opts = cp;
#  792|-> 		if (sshkey_advance_past_options(&cp) != 0) {
#  793|   			error("%s:%lu: invalid options", path, linenum);
#  794|   			r = SSH_ERR_INVALID_FORMAT;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1001]
openssh-10.0p1/sshsig.c:793:25: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:784:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:789:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:789:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:791:17: branch_true: ...to here
openssh-10.0p1/sshsig.c:792:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:793:25: branch_true: ...to here
openssh-10.0p1/sshsig.c:793:25: danger: ‘principals’ leaks here; was allocated at [(9)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/8)
#  791|   		opts = cp;
#  792|   		if (sshkey_advance_past_options(&cp) != 0) {
#  793|-> 			error("%s:%lu: invalid options", path, linenum);
#  794|   			r = SSH_ERR_INVALID_FORMAT;
#  795|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1002]
openssh-10.0p1/sshsig.c:798:25: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:784:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:789:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:789:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:791:17: branch_true: ...to here
openssh-10.0p1/sshsig.c:792:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:797:21: branch_false: ...to here
openssh-10.0p1/sshsig.c:798:25: danger: ‘principals’ leaks here; was allocated at [(9)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/8)
#  796|   		}
#  797|   		if (cp == NULL || *cp == '\0') {
#  798|-> 			error("%s:%lu: missing key", path, linenum);
#  799|   			r = SSH_ERR_INVALID_FORMAT;
#  800|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1003]
openssh-10.0p1/sshsig.c:803:17: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:784:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:789:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:789:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:791:17: branch_true: ...to here
openssh-10.0p1/sshsig.c:792:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:797:21: branch_false: ...to here
openssh-10.0p1/sshsig.c:797:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:803:17: danger: ‘principals’ leaks here; was allocated at [(9)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/8)
#  801|   		}
#  802|   		*cp++ = '\0';
#  803|-> 		skip_space(&cp);
#  804|   		if (sshkey_read(key, &cp) != 0) {
#  805|   			error("%s:%lu: invalid key", path, linenum);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1004]
openssh-10.0p1/sshsig.c:804:21: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:784:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:789:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:789:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:791:17: branch_true: ...to here
openssh-10.0p1/sshsig.c:792:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:797:21: branch_false: ...to here
openssh-10.0p1/sshsig.c:797:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:804:21: danger: ‘principals’ leaks here; was allocated at [(9)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/8)
#  802|   		*cp++ = '\0';
#  803|   		skip_space(&cp);
#  804|-> 		if (sshkey_read(key, &cp) != 0) {
#  805|   			error("%s:%lu: invalid key", path, linenum);
#  806|   			r = SSH_ERR_INVALID_FORMAT;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1005]
openssh-10.0p1/sshsig.c:805:25: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:784:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:789:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:789:12: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:791:17: branch_true: ...to here
openssh-10.0p1/sshsig.c:792:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:797:21: branch_false: ...to here
openssh-10.0p1/sshsig.c:797:20: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:804:20: branch_true: following ‘true’ branch...
openssh-10.0p1/sshsig.c:805:25: branch_true: ...to here
openssh-10.0p1/sshsig.c:805:25: danger: ‘principals’ leaks here; was allocated at [(9)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/8)
#  803|   		skip_space(&cp);
#  804|   		if (sshkey_read(key, &cp) != 0) {
#  805|-> 			error("%s:%lu: invalid key", path, linenum);
#  806|   			r = SSH_ERR_INVALID_FORMAT;
#  807|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1006]
openssh-10.0p1/sshsig.c:810:9: warning[-Wanalyzer-malloc-leak]: leak of ‘principals’
openssh-10.0p1/sshsig.c:748:12: branch_false: following ‘false’ branch (when ‘sigoptsp’ is NULL)...
openssh-10.0p1/sshsig.c:750:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:750:12: branch_false: following ‘false’ branch (when ‘keyp’ is NULL)...
openssh-10.0p1/sshsig.c:754:19: branch_false: ...to here
openssh-10.0p1/sshsig.c:755:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:759:20: branch_false: ...to here
openssh-10.0p1/sshsig.c:759:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:764:27: acquire_memory: allocated here
openssh-10.0p1/sshsig.c:764:12: branch_false: following ‘false’ branch (when ‘principals’ is non-NULL)...
openssh-10.0p1/sshsig.c:773:12: branch_false: ...to here
openssh-10.0p1/sshsig.c:784:12: branch_false: following ‘false’ branch...
openssh-10.0p1/sshsig.c:789:13: branch_false: ...to here
openssh-10.0p1/sshsig.c:789:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
openssh-10.0p1/sshsig.c:810:9: danger: ‘principals’ leaks here; was allocated at [(9)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/8)
#  808|   		}
#  809|   	}
#  810|-> 	debug3("%s:%lu: options %s", path, linenum, opts == NULL ? "" : opts);
#  811|   	if ((sigopts = sshsigopt_parse(opts, path, linenum, &reason)) == NULL) {
#  812|   		error("%s:%lu: bad options: %s", path, linenum, reason);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1007]
openssh-10.0p1/utf8.c:83:19: warning[-Wanalyzer-malloc-leak]: leak of ‘dst’
openssh-10.0p1/utf8.c:305:1: enter_function: entry to ‘mprintf’
openssh-10.0p1/utf8.c:311:15: call_function: calling ‘vfmprintf’ from ‘mprintf’
#   81|   	if (tsz > maxsz)
#   82|   		tsz = maxsz;
#   83|-> 	if ((tp = recallocarray(*dst, *sz, tsz, 1)) == NULL)
#   84|   		return -1;
#   85|   	*dp = tp + (*dp - *dst);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1008]
openssh-10.0p1/utf8.c:195:38: warning[-Wanalyzer-malloc-leak]: leak of ‘dst’
openssh-10.0p1/utf8.c:305:1: enter_function: entry to ‘mprintf’
openssh-10.0p1/utf8.c:311:15: call_function: calling ‘vfmprintf’ from ‘mprintf’
#  193|   					break;
#  194|   				}
#  195|-> 				tp = vis(dp, *sp, VIS_OCTAL | VIS_ALL, 0);
#  196|   				width = tp - dp;
#  197|   				total_width += width;