rpms/libssh
7
0
Fork 0
Code Issues Pull Requests Releases Activity
c9s
libssh/CVE-2025-4878.patch
Pavol Žáčik 048ffad847
Backport low/medium CVE patches 
Resolves: RHEL-150661
Resolves: CVE-2025-4877
Resolves: CVE-2025-4878
Resolves: CVE-2025-5351
Resolves: CVE-2025-8114
Resolves: CVE-2025-8277
Resolves: CVE-2026-0964
Resolves: CVE-2026-0965
Resolves: CVE-2026-0966
Resolves: CVE-2026-0967
Resolves: CVE-2026-0968
2026-02-19 18:50:28 +01:00

2631 lines
79 KiB
Diff
Raw Permalink Blame History

From 7b948394e1690b5ad9e23a1c9b75fe8cb9f1567b Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 23 Apr 2025 17:57:11 +0200
Subject: [PATCH 1/2] CVE-2025-4878 Initialize pointers where possible
This is mostly mechanical change initializing all the pointers I was able to
find with some grep and manual review of sources and examples.
Used the following greps (which yield some false positives though):
git grep " \w* *\* *\w*;$"
git grep " ssh_session \w*;"
git grep " ssh_channel \w*;"
git grep " struct ssh_iterator \*\w*;"
git grep " ssh_bind \w*;"
git grep " ssh_key \w*;"
git grep " ssh_string \w*;"
git grep " ssh_buffer \w*;"
git grep " HMACCTX \w*;"
git grep " SHACTX \w*;"
grep -rinP '^(?!.*=)\s*(?:\w+\s+)*\w+\s*\*\s*\w+\s*;'
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
doc/authentication.dox | 10 +++----
doc/command.dox | 2 +-
doc/forwarding.dox | 4 +--
doc/guided_tour.dox | 14 ++++-----
doc/shell.dox | 2 +-
examples/authentication.c | 12 ++++----
examples/connect_ssh.c | 2 +-
examples/exec.c | 4 +--
examples/knownhosts.c | 2 +-
examples/libssh_scp.c | 11 ++++----
examples/proxy.c | 18 ++++++------
examples/samplesshd-cb.c | 10 +++----
examples/samplesshd-kbdint.c | 16 +++++------
examples/scp_download.c | 4 +--
examples/senddata.c | 4 +--
examples/ssh_client.c | 8 +++---
examples/sshd_direct-tcpip.c | 14 ++++-----
examples/sshnetcat.c | 6 ++--
src/agent.c | 13 +++++----
src/auth.c | 7 +++--
src/bind.c | 11 ++++----
src/bind_config.c | 4 +--
src/buffer.c | 9 +++---
src/callbacks.c | 2 +-
src/chachapoly.c | 2 +-
src/channels.c | 55 ++++++++++++++++++------------------
src/client.c | 2 +-
src/config.c | 4 +--
src/config_parser.c | 12 ++++----
src/connect.c | 4 +--
src/connector.c | 5 ++--
src/dh_crypto.c | 2 +-
src/ecdh_crypto.c | 14 ++++-----
src/ecdh_gcrypt.c | 10 +++----
src/gcrypt_missing.c | 2 +-
src/getpass.c | 4 +--
src/gssapi.c | 28 +++++++++---------
src/kex.c | 4 +--
src/known_hosts.c | 41 ++++++++++++++-------------
src/knownhosts.c | 18 ++++++------
src/legacy.c | 43 +++++++++++++++-------------
src/libmbedcrypto.c | 2 +-
src/log.c | 2 +-
src/messages.c | 18 ++++++------
src/misc.c | 24 ++++++++--------
src/options.c | 22 +++++++--------
src/packet.c | 6 ++--
src/packet_crypt.c | 2 +-
src/pki.c | 48 +++++++++++++++----------------
src/pki_container_openssh.c | 14 ++++-----
src/pki_crypto.c | 10 +++----
src/pki_ed25519.c | 6 ++--
src/pki_ed25519_common.c | 2 +-
src/pki_gcrypt.c | 12 ++++----
src/pki_mbedcrypto.c | 12 ++++----
src/poll.c | 10 +++----
src/server.c | 17 +++++------
src/session.c | 14 ++++-----
src/sftpserver.c | 12 ++++----
src/string.c | 6 ++--
src/threads/winlocks.c | 2 +-
src/wrapper.c | 2 +-
62 files changed, 348 insertions(+), 334 deletions(-)
diff --git a/doc/authentication.dox b/doc/authentication.dox
index 7d0ab81d..a0b2df84 100644
--- a/doc/authentication.dox
+++ b/doc/authentication.dox
@@ -105,7 +105,7 @@ Here is a small example of password authentication:
@code
int authenticate_password(ssh_session session)
{
- char *password;
+ char *password = NULL;
int rc;
password = getpass("Enter your password: ");
@@ -218,7 +218,7 @@ int authenticate_kbdint(ssh_session session)
rc = ssh_userauth_kbdint(session, NULL, NULL);
while (rc == SSH_AUTH_INFO)
{
- const char *name, *instruction;
+ const char *name = NULL, *instruction = NULL;
int nprompts, iprompt;
name = ssh_userauth_kbdint_getname(session);
@@ -231,7 +231,7 @@ int authenticate_kbdint(ssh_session session)
printf("%s\n", instruction);
for (iprompt = 0; iprompt < nprompts; iprompt++)
{
- const char *prompt;
+ const char *prompt = NULL;
char echo;
prompt = ssh_userauth_kbdint_getprompt(session, iprompt, &echo);
@@ -251,7 +251,7 @@ int authenticate_kbdint(ssh_session session)
}
else
{
- char *ptr;
+ char *ptr = NULL;
ptr = getpass(prompt);
if (ssh_userauth_kbdint_setanswer(session, iprompt, ptr) < 0)
@@ -354,7 +354,7 @@ The following example shows how to retrieve and dispose the issue banner:
int display_banner(ssh_session session)
{
int rc;
- char *banner;
+ char *banner = NULL;
/*
*** Does not work without calling ssh_userauth_none() first ***
diff --git a/doc/command.dox b/doc/command.dox
index 588151c6..e82748ce 100644
--- a/doc/command.dox
+++ b/doc/command.dox
@@ -22,7 +22,7 @@ a SSH session that uses this channel:
@code
int show_remote_files(ssh_session session)
{
- ssh_channel channel;
+ ssh_channel channel = NULL;
int rc;
channel = ssh_channel_new(session);
diff --git a/doc/forwarding.dox b/doc/forwarding.dox
index 2b202b4d..3ca3aa8a 100644
--- a/doc/forwarding.dox
+++ b/doc/forwarding.dox
@@ -100,7 +100,7 @@ used to retrieve google's home page from the remote SSH server.
@code
int direct_forwarding(ssh_session session)
{
- ssh_channel forwarding_channel;
+ ssh_channel forwarding_channel = NULL;
int rc = SSH_ERROR;
char *http_get = "GET / HTTP/1.1\nHost: www.google.com\n\n";
int nbytes, nwritten;
@@ -161,7 +161,7 @@ local libssh application, which handles them:
int web_server(ssh_session session)
{
int rc;
- ssh_channel channel;
+ ssh_channel channel = NULL;
char buffer[256];
int nbytes, nwritten;
int port = 0;
diff --git a/doc/guided_tour.dox b/doc/guided_tour.dox
index 69576f18..60f4087e 100644
--- a/doc/guided_tour.dox
+++ b/doc/guided_tour.dox
@@ -79,7 +79,7 @@ Here is a small example of how to use it:
int main()
{
- ssh_session my_ssh_session;
+ ssh_session my_ssh_session = NULL;
int verbosity = SSH_LOG_PROTOCOL;
int port = 22;
@@ -126,7 +126,7 @@ Here's an example:
int main()
{
- ssh_session my_ssh_session;
+ ssh_session my_ssh_session = NULL;
int rc;
my_ssh_session = ssh_new();
@@ -190,8 +190,8 @@ int verify_knownhost(ssh_session session)
ssh_key srv_pubkey = NULL;
size_t hlen;
char buf[10];
- char *hexa;
- char *p;
+ char *hexa = NULL;
+ char *p = NULL;
int cmp;
int rc;
@@ -317,9 +317,9 @@ The example below shows an authentication with password:
int main()
{
- ssh_session my_ssh_session;
+ ssh_session my_ssh_session = NULL;
int rc;
- char *password;
+ char *password = NULL;
// Open session and set options
my_ssh_session = ssh_new();
@@ -380,7 +380,7 @@ The example below shows how to execute a remote command:
@code
int show_remote_processes(ssh_session session)
{
- ssh_channel channel;
+ ssh_channel channel = NULL;
int rc;
char buffer[256];
int nbytes;
diff --git a/doc/shell.dox b/doc/shell.dox
index d770f27a..54d97888 100644
--- a/doc/shell.dox
+++ b/doc/shell.dox
@@ -26,7 +26,7 @@ The code sample below achieves these tasks:
@code
int shell_session(ssh_session session)
{
- ssh_channel channel;
+ ssh_channel channel = NULL;
int rc;
channel = ssh_channel_new(session);
diff --git a/examples/authentication.c b/examples/authentication.c
index 7c47c8bd..31de7cfc 100644
--- a/examples/authentication.c
+++ b/examples/authentication.c
@@ -30,8 +30,8 @@ int authenticate_kbdint(ssh_session session, const char *password)
err = ssh_userauth_kbdint(session, NULL, NULL);
while (err == SSH_AUTH_INFO) {
- const char *instruction;
- const char *name;
+ const char *instruction = NULL;
+ const char *name = NULL;
char buffer[128];
int i, n;
@@ -48,8 +48,8 @@ int authenticate_kbdint(ssh_session session, const char *password)
}
for (i = 0; i < n; i++) {
- const char *answer;
- const char *prompt;
+ const char *answer = NULL;
+ const char *prompt = NULL;
char echo;
prompt = ssh_userauth_kbdint_getprompt(session, i, &echo);
@@ -58,7 +58,7 @@ int authenticate_kbdint(ssh_session session, const char *password)
}
if (echo) {
- char *p;
+ char *p = NULL;
printf("%s", prompt);
@@ -143,7 +143,7 @@ int authenticate_console(ssh_session session)
int rc;
int method;
char password[128] = {0};
- char *banner;
+ char *banner = NULL;
// Try to authenticate
rc = ssh_userauth_none(session, NULL);
diff --git a/examples/connect_ssh.c b/examples/connect_ssh.c
index c9e4ef6e..06094272 100644
--- a/examples/connect_ssh.c
+++ b/examples/connect_ssh.c
@@ -22,7 +22,7 @@ clients must be made or how a client should react.
#include <stdio.h>
ssh_session connect_ssh(const char *host, const char *user,int verbosity){
- ssh_session session;
+ ssh_session session = NULL;
int auth=0;
session=ssh_new();
diff --git a/examples/exec.c b/examples/exec.c
index 77d3be47..f90df364 100644
--- a/examples/exec.c
+++ b/examples/exec.c
@@ -5,8 +5,8 @@
#include "examples_common.h"
int main(void) {
- ssh_session session;
- ssh_channel channel;
+ ssh_session session = NULL;
+ ssh_channel channel = NULL;
char buffer[256];
int rbytes, wbytes, total = 0;
int rc;
diff --git a/examples/knownhosts.c b/examples/knownhosts.c
index 0726bfa8..2857a085 100644
--- a/examples/knownhosts.c
+++ b/examples/knownhosts.c
@@ -38,7 +38,7 @@ int verify_knownhost(ssh_session session)
char buf[10];
unsigned char *hash = NULL;
size_t hlen;
- ssh_key srv_pubkey;
+ ssh_key srv_pubkey = NULL;
int rc;
rc = ssh_get_server_publickey(session, &srv_pubkey);
diff --git a/examples/libssh_scp.c b/examples/libssh_scp.c
index 6fdf8a4f..a332e0d2 100644
--- a/examples/libssh_scp.c
+++ b/examples/libssh_scp.c
@@ -26,9 +26,9 @@ program.
#define BUF_SIZE 16384
#endif
-static char **sources;
+static char **sources = NULL;
static int nsources;
-static char *destination;
+static char *destination = NULL;
static int verbosity = 0;
struct location {
@@ -114,9 +114,10 @@ static void location_free(struct location *loc)
}
}
-static struct location *parse_location(char *loc) {
- struct location *location;
- char *ptr;
+static struct location *parse_location(char *loc)
+{
+ struct location *location = NULL;
+ char *ptr = NULL;
location = malloc(sizeof(struct location));
if (location == NULL) {
diff --git a/examples/proxy.c b/examples/proxy.c
index 159a37e5..25451789 100644
--- a/examples/proxy.c
+++ b/examples/proxy.c
@@ -35,8 +35,8 @@ clients must be made or how a client should react.
static int authenticated=0;
static int tries = 0;
static int error = 0;
-static ssh_channel chan=NULL;
-static char *username;
+static ssh_channel chan = NULL;
+static char *username = NULL;
static ssh_gssapi_creds client_creds = NULL;
static int auth_password(ssh_session session, const char *user,
@@ -216,11 +216,12 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
#endif /* HAVE_ARGP_H */
-int main(int argc, char **argv){
- ssh_session session;
- ssh_bind sshbind;
- ssh_event mainloop;
- ssh_session client_session;
+int main(int argc, char **argv)
+{
+ ssh_session session = NULL;
+ ssh_bind sshbind = NULL;
+ ssh_event mainloop = NULL;
+ ssh_session client_session = NULL;
struct ssh_server_callbacks_struct cb = {
.userdata = NULL,
@@ -231,7 +232,7 @@ int main(int argc, char **argv){
char buf[BUF_SIZE];
char host[128]="";
- char *ptr;
+ char *ptr = NULL;
int i,r, rc;
sshbind=ssh_bind_new();
@@ -348,4 +349,3 @@ int main(int argc, char **argv){
ssh_finalize();
return 0;
}
-
diff --git a/examples/samplesshd-cb.c b/examples/samplesshd-cb.c
index e5b48994..693b040d 100644
--- a/examples/samplesshd-cb.c
+++ b/examples/samplesshd-cb.c
@@ -257,10 +257,11 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
#endif /* HAVE_ARGP_H */
-int main(int argc, char **argv){
- ssh_session session;
- ssh_bind sshbind;
- ssh_event mainloop;
+int main(int argc, char **argv)
+{
+ ssh_session session = NULL;
+ ssh_bind sshbind = NULL;
+ ssh_event mainloop = NULL;
struct ssh_server_callbacks_struct cb = {
.userdata = NULL,
.auth_none_function = auth_none,
@@ -353,4 +354,3 @@ int main(int argc, char **argv){
ssh_finalize();
return 0;
}
-
diff --git a/examples/samplesshd-kbdint.c b/examples/samplesshd-kbdint.c
index 9b09cf27..66e41fc7 100644
--- a/examples/samplesshd-kbdint.c
+++ b/examples/samplesshd-kbdint.c
@@ -187,8 +187,8 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
#endif /* HAVE_ARGP_H */
-static const char *name;
-static const char *instruction;
+static const char *name = NULL;
+static const char *instruction = NULL;
static const char *prompts[2];
static char echo[] = { 1, 0 };
@@ -292,11 +292,12 @@ static int authenticate(ssh_session session) {
return 0;
}
-int main(int argc, char **argv){
- ssh_session session;
- ssh_bind sshbind;
- ssh_message message;
- ssh_channel chan=0;
+int main(int argc, char **argv)
+{
+ ssh_session session = NULL;
+ ssh_bind sshbind = NULL;
+ ssh_message message = NULL;
+ ssh_channel chan = NULL;
char buf[BUF_SIZE];
int auth=0;
int shell=0;
@@ -426,4 +427,3 @@ int main(int argc, char **argv){
ssh_finalize();
return 0;
}
-
diff --git a/examples/scp_download.c b/examples/scp_download.c
index e6c1e796..dcaa2cb7 100644
--- a/examples/scp_download.c
+++ b/examples/scp_download.c
@@ -108,7 +108,7 @@ static int fetch_files(ssh_session session){
int size;
char buffer[BUF_SIZE];
int mode;
- char *filename;
+ char *filename = NULL;
int r;
ssh_scp scp=ssh_scp_new(session, SSH_SCP_READ | SSH_SCP_RECURSIVE, "/tmp/libssh_tests/*");
if(ssh_scp_init(scp) != SSH_OK){
@@ -167,7 +167,7 @@ static int fetch_files(ssh_session session){
}
int main(int argc, char **argv){
- ssh_session session;
+ ssh_session session = NULL;
if(opts(argc,argv)<0)
return EXIT_FAILURE;
session=connect_ssh(host,NULL,verbosity);
diff --git a/examples/senddata.c b/examples/senddata.c
index 21181fb9..78383a2b 100644
--- a/examples/senddata.c
+++ b/examples/senddata.c
@@ -6,7 +6,7 @@
#define LIMIT 0x100000000UL
int main(void) {
- ssh_session session;
+ ssh_session session = NULL;
ssh_channel channel;
char buffer[1024*1024];
int rc;
@@ -47,7 +47,7 @@ int main(void) {
if(total > LIMIT)
break;
}
-
+
if (rc < 0) {
printf("error : %s\n",ssh_get_error(session));
ssh_channel_close(channel);
diff --git a/examples/ssh_client.c b/examples/ssh_client.c
index aaf0cb5b..896890c3 100644
--- a/examples/ssh_client.c
+++ b/examples/ssh_client.c
@@ -53,7 +53,7 @@ static struct termios terminal;
static char *pcap_file = NULL;
-static char *proxycommand;
+static char *proxycommand = NULL;
static int auth_callback(const char *prompt,
char *buf,
@@ -252,7 +252,7 @@ static void select_loop(ssh_session session,ssh_channel channel)
static void shell(ssh_session session)
{
- ssh_channel channel;
+ ssh_channel channel = NULL;
struct termios terminal_local;
int interactive=isatty(0);
@@ -324,7 +324,7 @@ static void batch_shell(ssh_session session)
static int client(ssh_session session)
{
int auth = 0;
- char *banner;
+ char *banner = NULL;
int state;
if (user) {
@@ -408,7 +408,7 @@ static void cleanup_pcap(void)
int main(int argc, char **argv)
{
- ssh_session session;
+ ssh_session session = NULL;
ssh_init();
session = ssh_new();
diff --git a/examples/sshd_direct-tcpip.c b/examples/sshd_direct-tcpip.c
index 18a870b9..1230cc8c 100644
--- a/examples/sshd_direct-tcpip.c
+++ b/examples/sshd_direct-tcpip.c
@@ -355,7 +355,7 @@ my_fd_data_function(UNUSED_PARAM(socket_t fd),
{
struct event_fd_data_struct *event_fd_data = (struct event_fd_data_struct *)userdata;
ssh_channel channel = event_fd_data->channel;
- ssh_session session;
+ ssh_session session = NULL;
int len, i, wr;
char buf[BUF_SIZE];
int blocking;
@@ -449,8 +449,8 @@ open_tcp_socket(ssh_message msg)
{
struct sockaddr_in sin;
int forwardsock = -1;
- struct hostent *host;
- const char *dest_hostname;
+ struct hostent *host = NULL;
+ const char *dest_hostname = NULL;
int dest_port;
forwardsock = socket(AF_INET, SOCK_STREAM, 0);
@@ -493,8 +493,8 @@ message_callback(UNUSED_PARAM(ssh_session session),
UNUSED_PARAM(void *userdata))
{
ssh_channel channel;
- int socket_fd, *pFd;
- struct ssh_channel_callbacks_struct *cb_chan;
+ int socket_fd, *pFd = NULL;
+ struct ssh_channel_callbacks_struct *cb_chan = NULL;
struct event_fd_data_struct *event_fd_data;
_ssh_log(SSH_LOG_PACKET, "=== message_callback", "Message type: %d",
@@ -662,8 +662,8 @@ static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
int
main(int argc, char **argv)
{
- ssh_session session;
- ssh_bind sshbind;
+ ssh_session session = NULL;
+ ssh_bind sshbind = NULL;
struct ssh_server_callbacks_struct cb = {
.userdata = NULL,
.auth_password_function = auth_password,
diff --git a/examples/sshnetcat.c b/examples/sshnetcat.c
index 9bc5d52e..6114378e 100644
--- a/examples/sshnetcat.c
+++ b/examples/sshnetcat.c
@@ -39,7 +39,7 @@ clients must be made or how a client should react.
#define BUF_SIZE 4096
#endif
-char *host;
+char *host = NULL;
const char *desthost="localhost";
const char *port="22";
@@ -193,7 +193,7 @@ static void forwarding(ssh_session session){
static int client(ssh_session session){
int auth=0;
- char *banner;
+ char *banner = NULL;
int state;
if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0)
@@ -245,7 +245,7 @@ void cleanup_pcap(){
#endif
int main(int argc, char **argv){
- ssh_session session;
+ ssh_session session = NULL;
session = ssh_new();
diff --git a/src/agent.c b/src/agent.c
index 4542f424..6a543bbf 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -410,8 +410,9 @@ ssh_key ssh_agent_get_first_ident(struct ssh_session_struct *session,
/* caller has to free comment */
ssh_key ssh_agent_get_next_ident(struct ssh_session_struct *session,
- char **comment) {
- struct ssh_key_struct *key;
+ char **comment)
+{
+ struct ssh_key_struct *key = NULL;
struct ssh_string_struct *blob = NULL;
struct ssh_string_struct *tmp = NULL;
int rc;
@@ -480,10 +481,10 @@ ssh_string ssh_agent_sign_data(ssh_session session,
const ssh_key pubkey,
struct ssh_buffer_struct *data)
{
- ssh_buffer request;
- ssh_buffer reply;
- ssh_string key_blob;
- ssh_string sig_blob;
+ ssh_buffer request = NULL;
+ ssh_buffer reply = NULL;
+ ssh_string key_blob = NULL;
+ ssh_string sig_blob = NULL;
unsigned int type = 0;
unsigned int flags = 0;
uint32_t dlen;
diff --git a/src/auth.c b/src/auth.c
index 08d895a2..e86ea247 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -195,8 +195,9 @@ static int ssh_userauth_get_response(ssh_session session)
*
* This banner should be shown to user prior to authentication
*/
-SSH_PACKET_CALLBACK(ssh_packet_userauth_banner) {
- ssh_string banner;
+SSH_PACKET_CALLBACK(ssh_packet_userauth_banner)
+{
+ ssh_string banner = NULL;
(void)type;
(void)user;
@@ -1395,7 +1396,7 @@ int ssh_userauth_agent_pubkey(ssh_session session,
const char *username,
ssh_public_key publickey)
{
- ssh_key key;
+ ssh_key key = NULL;
int rc;
key = ssh_key_new();
diff --git a/src/bind.c b/src/bind.c
index d947cd78..c5dc8a3f 100644
--- a/src/bind.c
+++ b/src/bind.c
@@ -74,7 +74,7 @@
static socket_t bind_socket(ssh_bind sshbind, const char *hostname,
int port) {
char port_c[6];
- struct addrinfo *ai;
+ struct addrinfo *ai = NULL;
struct addrinfo hints;
int opt = 1;
socket_t s;
@@ -132,8 +132,9 @@ static socket_t bind_socket(ssh_bind sshbind, const char *hostname,
return s;
}
-ssh_bind ssh_bind_new(void) {
- ssh_bind ptr;
+ssh_bind ssh_bind_new(void)
+{
+ ssh_bind ptr = NULL;
ptr = calloc(1, sizeof(struct ssh_bind_struct));
if (ptr == NULL) {
@@ -251,7 +252,7 @@ static int ssh_bind_import_keys(ssh_bind sshbind) {
}
int ssh_bind_listen(ssh_bind sshbind) {
- const char *host;
+ const char *host = NULL;
socket_t fd;
int rc;
@@ -473,7 +474,7 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
return SSH_ERROR;
}
} else {
- char *p;
+ char *p = NULL;
/* If something was set to the session prior to calling this
* function, keep only what is allowed by the options set in
* sshbind */
diff --git a/src/bind_config.c b/src/bind_config.c
index a4c7a8d7..9e4a7fd4 100644
--- a/src/bind_config.c
+++ b/src/bind_config.c
@@ -200,7 +200,7 @@ local_parse_file(ssh_bind bind,
uint8_t *seen,
unsigned int depth)
{
- FILE *f;
+ FILE *f = NULL;
char line[MAX_LINE_SIZE] = {0};
unsigned int count = 0;
int rv;
@@ -626,7 +626,7 @@ int ssh_bind_config_parse_file(ssh_bind bind, const char *filename)
{
char line[MAX_LINE_SIZE] = {0};
unsigned int count = 0;
- FILE *f;
+ FILE *f = NULL;
uint32_t parser_flags;
int rv;
diff --git a/src/buffer.c b/src/buffer.c
index 2744da3f..d631686e 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -370,7 +370,8 @@ int ssh_buffer_allocate_size(struct ssh_buffer_struct *buffer,
*/
void *ssh_buffer_allocate(struct ssh_buffer_struct *buffer, uint32_t len)
{
- void *ptr;
+ void *ptr = NULL;
+
buffer_verify(buffer);
if (buffer->used + len < len) {
@@ -924,7 +925,7 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
va_list ap)
{
int rc = SSH_ERROR;
- const char *p;
+ const char *p = NULL;
union {
uint8_t byte;
uint16_t word;
@@ -933,7 +934,7 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
ssh_string string;
void *data;
} o;
- char *cstring;
+ char *cstring = NULL;
bignum b;
size_t len;
size_t count;
@@ -1092,7 +1093,7 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
va_list ap)
{
int rc = SSH_ERROR;
- const char *p = format, *last;
+ const char *p = format, *last = NULL;
union {
uint8_t *byte;
uint16_t *word;
diff --git a/src/callbacks.c b/src/callbacks.c
index 3ed2f11c..6bfed62a 100644
--- a/src/callbacks.c
+++ b/src/callbacks.c
@@ -113,7 +113,7 @@ int ssh_add_channel_callbacks(ssh_channel channel, ssh_channel_callbacks cb)
int ssh_remove_channel_callbacks(ssh_channel channel, ssh_channel_callbacks cb)
{
- struct ssh_iterator *it;
+ struct ssh_iterator *it = NULL;
if (channel == NULL || channel->callbacks == NULL){
return SSH_ERROR;
diff --git a/src/chachapoly.c b/src/chachapoly.c
index 2cd23854..354a0d26 100644
--- a/src/chachapoly.c
+++ b/src/chachapoly.c
@@ -42,7 +42,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher,
void *key,
void *IV)
{
- struct chacha20_poly1305_keysched *sched;
+ struct chacha20_poly1305_keysched *sched = NULL;
uint8_t *u8key = key;
(void)IV;
diff --git a/src/channels.c b/src/channels.c
index 440707d6..9cc8ab2f 100644
--- a/src/channels.c
+++ b/src/channels.c
@@ -165,7 +165,7 @@ uint32_t ssh_channel_new_id(ssh_session session)
*/
SSH_PACKET_CALLBACK(ssh_packet_channel_open_conf){
uint32_t channelid=0;
- ssh_channel channel;
+ ssh_channel channel = NULL;
int rc;
(void)type;
(void)user;
@@ -226,7 +226,7 @@ error:
*/
SSH_PACKET_CALLBACK(ssh_packet_channel_open_fail){
- ssh_channel channel;
+ ssh_channel channel = NULL;
char *error = NULL;
uint32_t code;
int rc;
@@ -386,7 +386,7 @@ end:
/* return channel with corresponding local id, or NULL if not found */
ssh_channel ssh_channel_from_local(ssh_session session, uint32_t id) {
struct ssh_iterator *it;
- ssh_channel channel;
+ ssh_channel channel = NULL;
for (it = ssh_list_get_iterator(session->channels); it != NULL ; it=it->next) {
channel = ssh_iterator_value(ssh_channel, it);
@@ -471,7 +471,7 @@ error:
*/
static ssh_channel channel_from_msg(ssh_session session, ssh_buffer packet)
{
- ssh_channel channel;
+ ssh_channel channel = NULL;
uint32_t chan;
int rc;
@@ -493,7 +493,7 @@ static ssh_channel channel_from_msg(ssh_session session, ssh_buffer packet)
}
SSH_PACKET_CALLBACK(channel_rcv_change_window) {
- ssh_channel channel;
+ ssh_channel channel = NULL;
uint32_t bytes;
int rc;
(void)user;
@@ -632,7 +632,7 @@ SSH_PACKET_CALLBACK(channel_rcv_data){
}
SSH_PACKET_CALLBACK(channel_rcv_eof) {
- ssh_channel channel;
+ ssh_channel channel = NULL;
(void)user;
(void)type;
@@ -676,8 +676,9 @@ static bool ssh_channel_has_unread_data(ssh_channel channel)
return false;
}
-SSH_PACKET_CALLBACK(channel_rcv_close) {
- ssh_channel channel;
+SSH_PACKET_CALLBACK(channel_rcv_close)
+{
+ ssh_channel channel = NULL;
(void)user;
(void)type;
@@ -902,7 +903,7 @@ int channel_default_bufferize(ssh_channel channel,
void *data, uint32_t len,
bool is_stderr)
{
- ssh_session session;
+ ssh_session session = NULL;
if(channel == NULL) {
return -1;
@@ -1041,7 +1042,7 @@ int ssh_channel_open_auth_agent(ssh_channel channel)
int ssh_channel_open_forward(ssh_channel channel, const char *remotehost,
int remoteport, const char *sourcehost, int localport)
{
- ssh_session session;
+ ssh_session session = NULL;
ssh_buffer payload = NULL;
ssh_string str = NULL;
int rc = SSH_ERROR;
@@ -1179,7 +1180,7 @@ error:
*/
void ssh_channel_free(ssh_channel channel)
{
- ssh_session session;
+ ssh_session session = NULL;
if (channel == NULL) {
return;
@@ -1280,7 +1281,7 @@ void ssh_channel_do_free(ssh_channel channel)
*/
int ssh_channel_send_eof(ssh_channel channel)
{
- ssh_session session;
+ ssh_session session = NULL;
int rc = SSH_ERROR;
int err;
@@ -1341,7 +1342,7 @@ error:
*/
int ssh_channel_close(ssh_channel channel)
{
- ssh_session session;
+ ssh_session session = NULL;
int rc = 0;
if(channel == NULL) {
@@ -1437,7 +1438,7 @@ static int channel_write_common(ssh_channel channel,
const void *data,
uint32_t len, int is_stderr)
{
- ssh_session session;
+ ssh_session session = NULL;
uint32_t origlen = len;
size_t effectivelen;
size_t maxpacketlen;
@@ -1694,7 +1695,7 @@ void ssh_channel_set_blocking(ssh_channel channel, int blocking)
* @brief handle a SSH_CHANNEL_SUCCESS packet and set the channel state.
*/
SSH_PACKET_CALLBACK(ssh_packet_channel_success){
- ssh_channel channel;
+ ssh_channel channel = NULL;
(void)type;
(void)user;
@@ -1724,7 +1725,7 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_success){
* @brief Handle a SSH_CHANNEL_FAILURE packet and set the channel state.
*/
SSH_PACKET_CALLBACK(ssh_packet_channel_failure){
- ssh_channel channel;
+ ssh_channel channel = NULL;
(void)type;
(void)user;
@@ -1863,7 +1864,7 @@ error:
int ssh_channel_request_pty_size(ssh_channel channel, const char *terminal,
int col, int row)
{
- ssh_session session;
+ ssh_session session = NULL;
ssh_buffer buffer = NULL;
int rc = SSH_ERROR;
@@ -2174,7 +2175,7 @@ static ssh_channel ssh_channel_accept(ssh_session session, int channeltype,
#endif
ssh_message msg = NULL;
ssh_channel channel = NULL;
- struct ssh_iterator *iterator;
+ struct ssh_iterator *iterator = NULL;
int t;
/*
@@ -2836,7 +2837,7 @@ error:
int channel_read_buffer(ssh_channel channel, ssh_buffer buffer, uint32_t count,
int is_stderr)
{
- ssh_session session;
+ ssh_session session = NULL;
char *buffer_tmp = NULL;
int r;
uint32_t total=0;
@@ -2977,7 +2978,7 @@ int ssh_channel_read_timeout(ssh_channel channel,
int is_stderr,
int timeout_ms)
{
- ssh_session session;
+ ssh_session session = NULL;
ssh_buffer stdbuf;
uint32_t len;
struct ssh_channel_read_termination_struct ctx;
@@ -3101,7 +3102,7 @@ int ssh_channel_read_nonblocking(ssh_channel channel,
uint32_t count,
int is_stderr)
{
- ssh_session session;
+ ssh_session session = NULL;
uint32_t to_read;
int rc;
int blocking;
@@ -3211,8 +3212,8 @@ int ssh_channel_poll(ssh_channel channel, int is_stderr)
*/
int ssh_channel_poll_timeout(ssh_channel channel, int timeout, int is_stderr)
{
- ssh_session session;
- ssh_buffer stdbuf;
+ ssh_session session = NULL;
+ ssh_buffer stdbuf = NULL;
struct ssh_channel_read_termination_struct ctx;
size_t len;
int rc;
@@ -3339,7 +3340,7 @@ channel_protocol_select(ssh_channel *rchans, ssh_channel *wchans,
ssh_channel *echans, ssh_channel *rout,
ssh_channel *wout, ssh_channel *eout)
{
- ssh_channel chan;
+ ssh_channel chan = NULL;
int i;
int j = 0;
@@ -3420,7 +3421,7 @@ static size_t count_ptrs(ssh_channel *ptrs)
int ssh_channel_select(ssh_channel *readchans, ssh_channel *writechans,
ssh_channel *exceptchans, struct timeval * timeout)
{
- ssh_channel *rchans, *wchans, *echans;
+ ssh_channel *rchans = NULL, *wchans = NULL, *echans = NULL;
ssh_channel dummy = NULL;
ssh_event event = NULL;
int rc;
@@ -3607,7 +3608,7 @@ int ssh_channel_write_stderr(ssh_channel channel, const void *data, uint32_t len
int ssh_channel_open_reverse_forward(ssh_channel channel, const char *remotehost,
int remoteport, const char *sourcehost, int localport)
{
- ssh_session session;
+ ssh_session session = NULL;
ssh_buffer payload = NULL;
int rc = SSH_ERROR;
@@ -3671,7 +3672,7 @@ error:
int ssh_channel_open_x11(ssh_channel channel,
const char *orig_addr, int orig_port)
{
- ssh_session session;
+ ssh_session session = NULL;
ssh_buffer payload = NULL;
int rc = SSH_ERROR;
diff --git a/src/client.c b/src/client.c
index 90f5ad53..38c62417 100644
--- a/src/client.c
+++ b/src/client.c
@@ -750,7 +750,7 @@ ssh_session_set_disconnect_message(ssh_session session, const char *message)
void
ssh_disconnect(ssh_session session)
{
- struct ssh_iterator *it;
+ struct ssh_iterator *it = NULL;
int rc;
if (session == NULL) {
diff --git a/src/config.c b/src/config.c
index aab6dc5d..94b70d58 100644
--- a/src/config.c
+++ b/src/config.c
@@ -203,7 +203,7 @@ local_parse_file(ssh_session session,
unsigned int depth,
bool global)
{
- FILE *f;
+ FILE *f = NULL;
char line[MAX_LINE_SIZE] = {0};
unsigned int count = 0;
int rv;
@@ -1201,7 +1201,7 @@ int ssh_config_parse_file(ssh_session session, const char *filename)
{
char line[MAX_LINE_SIZE] = {0};
unsigned int count = 0;
- FILE *f;
+ FILE *f = NULL;
int parsing, rv;
bool global = 0;
diff --git a/src/config_parser.c b/src/config_parser.c
index f5f1b851..5555f6fd 100644
--- a/src/config_parser.c
+++ b/src/config_parser.c
@@ -39,8 +39,8 @@
*/
char *ssh_config_get_cmd(char **str)
{
- register char *c;
- char *r;
+ register char *c = NULL;
+ char *r = NULL;
/* Ignore leading spaces */
for (c = *str; *c; c++) {
@@ -76,7 +76,7 @@ out:
*/
char *ssh_config_get_token(char **str)
{
- register char *c;
+ register char *c = NULL;
bool had_equal = false;
char *r = NULL;
@@ -125,7 +125,7 @@ out:
long ssh_config_get_long(char **str, long notfound)
{
- char *p, *endp;
+ char *p = NULL, *endp = NULL;
long i;
p = ssh_config_get_token(str);
@@ -142,7 +142,7 @@ long ssh_config_get_long(char **str, long notfound)
const char *ssh_config_get_str_tok(char **str, const char *def)
{
- char *p;
+ char *p = NULL;
p = ssh_config_get_token(str);
if (p && *p) {
@@ -154,7 +154,7 @@ const char *ssh_config_get_str_tok(char **str, const char *def)
int ssh_config_get_yesno(char **str, int notfound)
{
- const char *p;
+ const char *p = NULL;
p = ssh_config_get_str_tok(str, NULL);
if (p == NULL) {
diff --git a/src/connect.c b/src/connect.c
index 15cae644..2d09af5e 100644
--- a/src/connect.c
+++ b/src/connect.c
@@ -194,8 +194,8 @@ socket_t ssh_connect_host_nonblocking(ssh_session session, const char *host,
}
if (bind_addr) {
- struct addrinfo *bind_ai;
- struct addrinfo *bind_itr;
+ struct addrinfo *bind_ai = NULL;
+ struct addrinfo *bind_itr = NULL;
SSH_LOG(SSH_LOG_PACKET, "Resolving %s", bind_addr);
diff --git a/src/connector.c b/src/connector.c
index c9f2cf03..365030f2 100644
--- a/src/connector.c
+++ b/src/connector.c
@@ -632,8 +632,9 @@ error:
return rc;
}
-int ssh_connector_remove_event(ssh_connector connector) {
- ssh_session session;
+int ssh_connector_remove_event(ssh_connector connector)
+{
+ ssh_session session = NULL;
if (connector->in_poll != NULL) {
ssh_event_remove_poll(connector->event, connector->in_poll);
diff --git a/src/dh_crypto.c b/src/dh_crypto.c
index bcf817d4..85249bfc 100644
--- a/src/dh_crypto.c
+++ b/src/dh_crypto.c
@@ -404,7 +404,7 @@ done:
*/
int ssh_dh_init_common(struct ssh_crypto_struct *crypto)
{
- struct dh_ctx *ctx;
+ struct dh_ctx *ctx = NULL;
int rc;
ctx = calloc(1, sizeof(*ctx));
diff --git a/src/ecdh_crypto.c b/src/ecdh_crypto.c
index 56bf4c06..178d9060 100644
--- a/src/ecdh_crypto.c
+++ b/src/ecdh_crypto.c
@@ -415,17 +415,17 @@ int ecdh_build_k(ssh_session session) {
*/
SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
/* ECDH keys */
- ssh_string q_c_string;
- ssh_string q_s_string;
+ ssh_string q_c_string = NULL;
+ ssh_string q_s_string = NULL;
/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
* https://github.com/openssl/openssl/pull/16624
* #if OPENSSL_VERSION_NUMBER < 0x30000000L
*/
#if 1
- EC_KEY *ecdh_key;
- const EC_GROUP *group;
- const EC_POINT *ecdh_pubkey;
- bignum_CTX ctx;
+ EC_KEY *ecdh_key = NULL;
+ const EC_GROUP *group = NULL;
+ const EC_POINT *ecdh_pubkey = NULL;
+ bignum_CTX ctx = NULL;
int curve;
int len;
#else
@@ -437,7 +437,7 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
const char *curve = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
/* SSH host keys (rsa,dsa,ecdsa) */
- ssh_key privkey;
+ ssh_key privkey = NULL;
enum ssh_digest_e digest = SSH_DIGEST_AUTO;
ssh_string sig_blob = NULL;
ssh_string pubkey_blob = NULL;
diff --git a/src/ecdh_gcrypt.c b/src/ecdh_gcrypt.c
index ae8022e8..722428c2 100644
--- a/src/ecdh_gcrypt.c
+++ b/src/ecdh_gcrypt.c
@@ -132,9 +132,9 @@ int ecdh_build_k(ssh_session session)
#else
size_t k_len = 0;
enum ssh_key_exchange_e kex_type = session->next_crypto->kex_type;
- ssh_string s;
+ ssh_string s = NULL;
#endif
- ssh_string pubkey_raw;
+ ssh_string pubkey_raw = NULL;
gcry_sexp_t pubkey = NULL;
ssh_string privkey = NULL;
int rc = SSH_ERROR;
@@ -267,12 +267,12 @@ int ecdh_build_k(ssh_session session)
SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
gpg_error_t err;
/* ECDH keys */
- ssh_string q_c_string;
- ssh_string q_s_string;
+ ssh_string q_c_string = NULL;
+ ssh_string q_s_string = NULL;
gcry_sexp_t param = NULL;
gcry_sexp_t key = NULL;
/* SSH host keys (rsa,dsa,ecdsa) */
- ssh_key privkey;
+ ssh_key privkey = NULL;
enum ssh_digest_e digest = SSH_DIGEST_AUTO;
ssh_string sig_blob = NULL;
ssh_string pubkey_blob = NULL;
diff --git a/src/gcrypt_missing.c b/src/gcrypt_missing.c
index e931ec5b..56dcfb6d 100644
--- a/src/gcrypt_missing.c
+++ b/src/gcrypt_missing.c
@@ -47,7 +47,7 @@ int ssh_gcry_dec2bn(bignum *bn, const char *data) {
char *ssh_gcry_bn2dec(bignum bn) {
bignum bndup, num, ten;
- char *ret;
+ char *ret = NULL;
int count, count2;
int size, rsize;
char decnum;
diff --git a/src/getpass.c b/src/getpass.c
index 6be33c77..c19c4bc0 100644
--- a/src/getpass.c
+++ b/src/getpass.c
@@ -46,7 +46,7 @@
*/
static int ssh_gets(const char *prompt, char *buf, size_t len, int verify)
{
- char *tmp;
+ char *tmp = NULL;
char *ptr = NULL;
int ok = 0;
@@ -78,7 +78,7 @@ static int ssh_gets(const char *prompt, char *buf, size_t len, int verify)
}
if (verify) {
- char *key_string;
+ char *key_string = NULL;
key_string = calloc(1, len);
if (key_string == NULL) {
diff --git a/src/gssapi.c b/src/gssapi.c
index c7844fd1..934ba0a8 100644
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -196,7 +196,7 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user,
gss_name_t server_name; /* local server fqdn */
OM_uint32 maj_stat, min_stat;
size_t i;
- char *ptr;
+ char *ptr = NULL;
gss_OID_set supported; /* oids supported by server */
gss_OID_set both_supported; /* oids supported by both client and server */
gss_OID_set selected; /* oid selected for authentication */
@@ -341,7 +341,7 @@ static char *ssh_gssapi_name_to_char(gss_name_t name)
{
gss_buffer_desc buffer;
OM_uint32 maj_stat, min_stat;
- char *ptr;
+ char *ptr = NULL;
maj_stat = gss_display_name(&min_stat, name, &buffer, NULL);
ssh_gssapi_log_error(SSH_LOG_DEBUG,
"converting name",
@@ -359,9 +359,10 @@ static char *ssh_gssapi_name_to_char(gss_name_t name)
}
-SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
- ssh_string token;
- char *hexa;
+SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server)
+{
+ ssh_string token = NULL;
+ char *hexa = NULL;
OM_uint32 maj_stat, min_stat;
gss_buffer_desc input_token, output_token = GSS_C_EMPTY_BUFFER;
gss_name_t client_name = GSS_C_NO_NAME;
@@ -385,7 +386,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
}
if (ssh_callbacks_exists(session->server_callbacks, gssapi_accept_sec_ctx_function)){
- ssh_string out_token=NULL;
+ ssh_string out_token = NULL;
rc = session->server_callbacks->gssapi_accept_sec_ctx_function(session,
token, &out_token, session->server_callbacks->userdata);
if (rc == SSH_ERROR){
@@ -507,7 +508,7 @@ static ssh_buffer ssh_gssapi_build_mic(ssh_session session)
SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_mic)
{
- ssh_string mic_token;
+ ssh_string mic_token = NULL;
OM_uint32 maj_stat, min_stat;
gss_buffer_desc mic_buf = GSS_C_EMPTY_BUFFER;
gss_buffer_desc mic_token_buf = GSS_C_EMPTY_BUFFER;
@@ -669,7 +670,7 @@ static int ssh_gssapi_match(ssh_session session, gss_OID_set *valid_oids)
gss_name_t client_id = GSS_C_NO_NAME;
gss_OID oid;
unsigned int i;
- char *ptr;
+ char *ptr = NULL;
int ret;
if (session->gssapi->client.client_deleg_creds == NULL) {
@@ -865,11 +866,11 @@ static gss_OID ssh_gssapi_oid_from_string(ssh_string oid_s)
SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){
int rc;
- ssh_string oid_s;
+ ssh_string oid_s = NULL;
gss_uint32 maj_stat, min_stat;
gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
- char *hexa;
+ char *hexa = NULL;
(void)type;
(void)user;
@@ -986,10 +987,11 @@ static int ssh_gssapi_send_mic(ssh_session session)
return ssh_packet_send(session);
}
-SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){
+SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client)
+{
int rc;
- ssh_string token;
- char *hexa;
+ ssh_string token = NULL;
+ char *hexa = NULL;
OM_uint32 maj_stat, min_stat;
gss_buffer_desc input_token, output_token = GSS_C_EMPTY_BUFFER;
(void)user;
diff --git a/src/kex.c b/src/kex.c
index 2a397d23..f71482fd 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -328,7 +328,7 @@ static int cmp_first_kex_algo(const char *client_str,
size_t client_kex_len;
size_t server_kex_len;
- char *colon;
+ char *colon = NULL;
int is_wrong = 1;
@@ -760,7 +760,7 @@ char *ssh_client_select_hostkeys(ssh_session session)
int ssh_set_client_kex(ssh_session session)
{
struct ssh_kex_struct *client = &session->next_crypto->client_kex;
- const char *wanted;
+ const char *wanted = NULL;
int ok;
int i;
diff --git a/src/known_hosts.c b/src/known_hosts.c
index 84e15572..f660a6f3 100644
--- a/src/known_hosts.c
+++ b/src/known_hosts.c
@@ -79,8 +79,8 @@ static struct ssh_tokens_st *ssh_get_knownhost_line(FILE **file,
const char **found_type)
{
char buffer[MAX_LINE_SIZE] = {0};
- char *ptr;
- struct ssh_tokens_st *tokens;
+ char *ptr = NULL;
+ struct ssh_tokens_st *tokens = NULL;
if (*file == NULL) {
*file = fopen(filename,"r");
@@ -149,7 +149,7 @@ static struct ssh_tokens_st *ssh_get_knownhost_line(FILE **file,
static int check_public_key(ssh_session session, char **tokens) {
ssh_string pubkey_blob = NULL;
ssh_buffer pubkey_buffer;
- char *pubkey_64;
+ char *pubkey_64 = NULL;
int rc;
/* ssh-dss or ssh-rsa */
@@ -205,11 +205,11 @@ static int match_hashed_host(const char *host, const char *sourcehash)
* hash := HMAC_SHA1(key=salt,data=host)
*/
unsigned char buffer[256] = {0};
- ssh_buffer salt;
- ssh_buffer hash;
- HMACCTX mac;
- char *source;
- char *b64hash;
+ ssh_buffer salt = NULL;
+ ssh_buffer hash = NULL;
+ HMACCTX mac = NULL;
+ char *source = NULL;
+ char *b64hash = NULL;
int match, rc;
size_t size;
@@ -304,14 +304,14 @@ static int match_hashed_host(const char *host, const char *sourcehash)
int ssh_is_server_known(ssh_session session)
{
FILE *file = NULL;
- char *host;
- char *hostport;
- const char *type;
+ char *host = NULL;
+ char *hostport = NULL;
+ const char *type = NULL;
int match;
int i = 0;
- char *files[3];
+ char *files[3] = {0};
- struct ssh_tokens_st *tokens;
+ struct ssh_tokens_st *tokens = NULL;
int ret = SSH_SERVER_NOT_KNOWN;
@@ -443,12 +443,13 @@ int ssh_is_server_known(ssh_session session)
* @deprecated Please use ssh_session_export_known_hosts_entry()
* @brief This function is deprecated.
*/
-char * ssh_dump_knownhost(ssh_session session) {
+char *ssh_dump_knownhost(ssh_session session)
+{
ssh_key server_pubkey = NULL;
- char *host;
- char *hostport;
- char *buffer;
- char *b64_key;
+ char *host = NULL;
+ char *hostport = NULL;
+ char *buffer = NULL;
+ char *b64_key = NULL;
int rc;
if (session->opts.host == NULL) {
@@ -513,9 +514,9 @@ char * ssh_dump_knownhost(ssh_session session) {
*/
int ssh_write_knownhost(ssh_session session)
{
- FILE *file;
+ FILE *file = NULL;
char *buffer = NULL;
- char *dir;
+ char *dir = NULL;
int rc;
if (session->opts.knownhosts == NULL) {
diff --git a/src/knownhosts.c b/src/knownhosts.c
index 94618fe2..62777ad2 100644
--- a/src/knownhosts.c
+++ b/src/knownhosts.c
@@ -61,7 +61,7 @@ static int hash_hostname(const char *name,
size_t *hash_size)
{
int rc;
- HMACCTX mac_ctx;
+ HMACCTX mac_ctx = NULL;
mac_ctx = hmac_init(salt, salt_size, SSH_HMAC_SHA1);
if (mac_ctx == NULL) {
@@ -81,8 +81,8 @@ static int hash_hostname(const char *name,
static int match_hashed_hostname(const char *host, const char *hashed_host)
{
- char *hashed;
- char *b64_hash;
+ char *hashed = NULL;
+ char *b64_hash = NULL;
ssh_buffer salt = NULL;
ssh_buffer hash = NULL;
unsigned char hashed_buf[256] = {0};
@@ -229,7 +229,7 @@ static int ssh_known_hosts_read_entries(const char *match,
char line[MAX_LINE_SIZE];
size_t lineno = 0;
size_t len = 0;
- FILE *fp;
+ FILE *fp = NULL;
int rc;
fp = fopen(filename, "r");
@@ -288,7 +288,7 @@ static int ssh_known_hosts_read_entries(const char *match,
for (it = ssh_list_get_iterator(*entries);
it != NULL;
it = it->next) {
- struct ssh_knownhosts_entry *entry2;
+ struct ssh_knownhosts_entry *entry2 = NULL;
int cmp;
entry2 = ssh_iterator_value(struct ssh_knownhosts_entry *, it);
cmp = ssh_known_hosts_entries_compare(entry, entry2);
@@ -312,8 +312,8 @@ error:
static char *ssh_session_get_host_port(ssh_session session)
{
- char *host_port;
- char *host;
+ char *host_port = NULL;
+ char *host = NULL;
if (session->opts.host == NULL) {
ssh_set_error(session,
@@ -537,7 +537,7 @@ char *ssh_known_hosts_get_algorithms_names(ssh_session session)
char *host_port = NULL;
size_t count;
bool needcomma = false;
- char *names;
+ char *names = NULL;
int rc;
@@ -645,7 +645,7 @@ int ssh_known_hosts_parse_line(const char *hostname,
{
struct ssh_knownhosts_entry *e = NULL;
char *known_host = NULL;
- char *p;
+ char *p = NULL;
char *save_tok = NULL;
enum ssh_keytypes_e key_type;
int match = 0;
diff --git a/src/legacy.c b/src/legacy.c
index 7b165dbe..7359040c 100644
--- a/src/legacy.c
+++ b/src/legacy.c
@@ -48,7 +48,7 @@ int ssh_auth_list(ssh_session session) {
int ssh_userauth_offer_pubkey(ssh_session session, const char *username,
int type, ssh_string publickey)
{
- ssh_key key;
+ ssh_key key = NULL;
int rc;
(void) type; /* unused */
@@ -70,7 +70,7 @@ int ssh_userauth_pubkey(ssh_session session,
ssh_string publickey,
ssh_private_key privatekey)
{
- ssh_key key;
+ ssh_key key = NULL;
int rc;
(void) publickey; /* unused */
@@ -389,10 +389,11 @@ void publickey_free(ssh_public_key key) {
SAFE_FREE(key);
}
-ssh_public_key publickey_from_privatekey(ssh_private_key prv) {
- struct ssh_public_key_struct *p;
- ssh_key privkey;
- ssh_key pubkey;
+ssh_public_key publickey_from_privatekey(ssh_private_key prv)
+{
+ struct ssh_public_key_struct *p = NULL;
+ ssh_key privkey = NULL;
+ ssh_key pubkey = NULL;
int rc;
privkey = ssh_key_new();
@@ -434,8 +435,8 @@ ssh_private_key privatekey_from_file(ssh_session session,
const char *passphrase) {
ssh_auth_callback auth_fn = NULL;
void *auth_data = NULL;
- ssh_private_key privkey;
- ssh_key key;
+ ssh_private_key privkey = NULL;
+ ssh_key key = NULL;
int rc;
(void) type; /* unused */
@@ -510,7 +511,7 @@ void privatekey_free(ssh_private_key prv) {
ssh_string publickey_from_file(ssh_session session, const char *filename,
int *type) {
- ssh_key key;
+ ssh_key key = NULL;
ssh_string key_str = NULL;
int rc;
@@ -543,9 +544,10 @@ int ssh_type_from_name(const char *name) {
return ssh_key_type_from_name(name);
}
-ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s) {
- struct ssh_public_key_struct *pubkey;
- ssh_key key;
+ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s)
+{
+ struct ssh_public_key_struct *pubkey = NULL;
+ ssh_key key = NULL;
int rc;
(void) session; /* unused */
@@ -579,9 +581,10 @@ ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s) {
return pubkey;
}
-ssh_string publickey_to_string(ssh_public_key pubkey) {
- ssh_key key;
- ssh_string key_blob;
+ssh_string publickey_to_string(ssh_public_key pubkey)
+{
+ ssh_key key = NULL;
+ ssh_string key_blob = NULL;
int rc;
if (pubkey == NULL) {
@@ -624,11 +627,11 @@ int ssh_publickey_to_file(ssh_session session,
ssh_string pubkey,
int type)
{
- FILE *fp;
- char *user;
+ FILE *fp = NULL;
+ char *user = NULL;
char buffer[1024];
char host[256];
- unsigned char *pubkey_64;
+ unsigned char *pubkey_64 = NULL;
size_t len;
int rc;
if(session==NULL)
@@ -695,9 +698,9 @@ int ssh_try_publickey_from_file(ssh_session session,
const char *keyfile,
ssh_string *publickey,
int *type) {
- char *pubkey_file;
+ char *pubkey_file = NULL;
size_t len;
- ssh_string pubkey_string;
+ ssh_string pubkey_string = NULL;
int pubkey_type;
if (session == NULL || keyfile == NULL || publickey == NULL || type == NULL) {
diff --git a/src/libmbedcrypto.c b/src/libmbedcrypto.c
index 5e6d2465..f15eac0d 100644
--- a/src/libmbedcrypto.c
+++ b/src/libmbedcrypto.c
@@ -133,7 +133,7 @@ cipher_init(struct ssh_cipher_struct *cipher,
void *IV)
{
const mbedtls_cipher_info_t *cipher_info = NULL;
- mbedtls_cipher_context_t *ctx;
+ mbedtls_cipher_context_t *ctx = NULL;
size_t key_bitlen = 0;
size_t iv_size = 0;
int rc;
diff --git a/src/log.c b/src/log.c
index 8ce1e71e..8369ebc7 100644
--- a/src/log.c
+++ b/src/log.c
@@ -44,7 +44,7 @@
static LIBSSH_THREAD int ssh_log_level;
static LIBSSH_THREAD ssh_logging_callback ssh_log_cb;
-static LIBSSH_THREAD void *ssh_log_userdata;
+static LIBSSH_THREAD void *ssh_log_userdata = NULL;
/**
* @defgroup libssh_log The SSH logging functions.
diff --git a/src/messages.c b/src/messages.c
index 91d23e7d..ceb42b2c 100644
--- a/src/messages.c
+++ b/src/messages.c
@@ -479,7 +479,7 @@ static void ssh_message_queue(ssh_session session, ssh_message message)
*/
ssh_message ssh_message_pop_head(ssh_session session){
ssh_message msg=NULL;
- struct ssh_iterator *i;
+ struct ssh_iterator *i = NULL;
if(session->ssh_message_list == NULL)
return NULL;
i=ssh_list_get_iterator(session->ssh_message_list);
@@ -493,7 +493,7 @@ ssh_message ssh_message_pop_head(ssh_session session){
/* Returns 1 if there is a message available */
static int ssh_message_termination(void *s){
ssh_session session = s;
- struct ssh_iterator *it;
+ struct ssh_iterator *it = NULL;
if(session->session_state == SSH_SESSION_STATE_ERROR)
return 1;
it = ssh_list_get_iterator(session->ssh_message_list);
@@ -694,7 +694,7 @@ static ssh_buffer ssh_msg_userauth_build_digest(ssh_session session,
ssh_string algo)
{
struct ssh_crypto_struct *crypto = NULL;
- ssh_buffer buffer;
+ ssh_buffer buffer = NULL;
ssh_string str=NULL;
int rc;
@@ -933,9 +933,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
#ifdef WITH_GSSAPI
if (strcmp(method, "gssapi-with-mic") == 0) {
uint32_t n_oid;
- ssh_string *oids;
- ssh_string oid;
- char *hexa;
+ ssh_string *oids = NULL;
+ ssh_string oid = NULL;
+ char *hexa = NULL;
int i;
ssh_buffer_get_u32(packet, &n_oid);
n_oid=ntohl(n_oid);
@@ -1019,7 +1019,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
uint32_t nanswers;
uint32_t i;
- ssh_string tmp;
+ ssh_string tmp = NULL;
int rc;
ssh_message msg = NULL;
@@ -1251,7 +1251,7 @@ end:
* @returns SSH_OK on success, SSH_ERROR if an error occurred.
*/
int ssh_message_channel_request_open_reply_accept_channel(ssh_message msg, ssh_channel chan) {
- ssh_session session;
+ ssh_session session = NULL;
int rc;
if (msg == NULL) {
@@ -1302,7 +1302,7 @@ int ssh_message_channel_request_open_reply_accept_channel(ssh_message msg, ssh_c
* @returns NULL in case of error
*/
ssh_channel ssh_message_channel_request_open_reply_accept(ssh_message msg) {
- ssh_channel chan;
+ ssh_channel chan = NULL;
int rc;
if (msg == NULL) {
diff --git a/src/misc.c b/src/misc.c
index bef417b7..7bb431b6 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -393,7 +393,7 @@ int ssh_is_ipaddr(const char *str)
char *ssh_lowercase(const char* str)
{
- char *new, *p;
+ char *new = NULL, *p = NULL;
if (str == NULL) {
return NULL;
@@ -447,7 +447,7 @@ char *ssh_hostport(const char *host, int port)
char *ssh_get_hexa(const unsigned char *what, size_t len)
{
const char h[] = "0123456789abcdef";
- char *hexa;
+ char *hexa = NULL;
size_t i;
size_t hlen = len * 3;
@@ -716,7 +716,7 @@ struct ssh_list *ssh_list_new(void)
void ssh_list_free(struct ssh_list *list)
{
- struct ssh_iterator *ptr, *next;
+ struct ssh_iterator *ptr = NULL, *next = NULL;
if (!list)
return;
ptr = list->root;
@@ -737,7 +737,7 @@ struct ssh_iterator *ssh_list_get_iterator(const struct ssh_list *list)
struct ssh_iterator *ssh_list_find(const struct ssh_list *list, void *value)
{
- struct ssh_iterator *it;
+ struct ssh_iterator *it = NULL;
for (it = ssh_list_get_iterator(list); it != NULL ; it = it->next)
if (it->data == value)
@@ -826,7 +826,7 @@ int ssh_list_prepend(struct ssh_list *list, const void *data)
void ssh_list_remove(struct ssh_list *list, struct ssh_iterator *iterator)
{
- struct ssh_iterator *ptr, *prev;
+ struct ssh_iterator *ptr = NULL, *prev = NULL;
if (list == NULL) {
return;
@@ -967,7 +967,7 @@ char *ssh_dirname (const char *path)
char *ssh_basename (const char *path)
{
char *new = NULL;
- const char *s;
+ const char *s = NULL;
size_t len;
if (path == NULL || *path == '\0') {
@@ -1105,8 +1105,8 @@ int ssh_mkdirs(const char *pathname, mode_t mode)
*/
char *ssh_path_expand_tilde(const char *d)
{
- char *h = NULL, *r;
- const char *p;
+ char *h = NULL, *r = NULL;
+ const char *p = NULL;
size_t ld;
size_t lh = 0;
@@ -1121,7 +1121,7 @@ char *ssh_path_expand_tilde(const char *d)
#ifdef _WIN32
return strdup(d);
#else
- struct passwd *pw;
+ struct passwd *pw = NULL;
size_t s = p - d;
char u[128];
@@ -1182,7 +1182,7 @@ char *ssh_path_expand_escape(ssh_session session, const char *s)
char *buf = NULL;
char *r = NULL;
char *x = NULL;
- const char *p;
+ const char *p = NULL;
size_t i, l;
r = ssh_path_expand_tilde(s);
@@ -1335,8 +1335,8 @@ char *ssh_path_expand_escape(ssh_session session, const char *s)
*/
int ssh_analyze_banner(ssh_session session, int server)
{
- const char *banner;
- const char *openssh;
+ const char *banner = NULL;
+ const char *openssh = NULL;
if (server) {
banner = session->clientbanner;
diff --git a/src/options.c b/src/options.c
index 5e97d8fd..a8023fbf 100644
--- a/src/options.c
+++ b/src/options.c
@@ -67,7 +67,7 @@
*/
int ssh_options_copy(ssh_session src, ssh_session *dest)
{
- ssh_session new;
+ ssh_session new = NULL;
struct ssh_iterator *it = NULL;
struct ssh_list *list = NULL;
char *id = NULL;
@@ -540,8 +540,8 @@ int ssh_options_set_algo(ssh_session session,
int ssh_options_set(ssh_session session, enum ssh_options_e type,
const void *value)
{
- const char *v;
- char *p, *q;
+ const char *v = NULL;
+ char *p = NULL, *q = NULL;
long int i;
unsigned int u;
int rc;
@@ -1227,7 +1227,7 @@ int ssh_options_get_port(ssh_session session, unsigned int* port_target) {
*/
int ssh_options_get(ssh_session session, enum ssh_options_e type, char** value)
{
- char* src = NULL;
+ char *src = NULL;
if (session == NULL) {
return SSH_ERROR;
@@ -1249,7 +1249,7 @@ int ssh_options_get(ssh_session session, enum ssh_options_e type, char** value)
break;
}
case SSH_OPTIONS_IDENTITY: {
- struct ssh_iterator *it;
+ struct ssh_iterator *it = NULL;
it = ssh_list_get_iterator(session->opts.identity);
if (it == NULL) {
it = ssh_list_get_iterator(session->opts.identity_non_exp);
@@ -1502,7 +1502,7 @@ int ssh_options_getopt(ssh_session session, int *argcptr, char **argv)
*/
int ssh_options_parse_config(ssh_session session, const char *filename)
{
- char *expanded_filename;
+ char *expanded_filename = NULL;
int r;
if (session == NULL) {
@@ -1548,7 +1548,7 @@ out:
int ssh_options_apply(ssh_session session)
{
- char *tmp;
+ char *tmp = NULL;
int rc;
if (session->opts.sshdir == NULL) {
@@ -1843,8 +1843,8 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
const void *value)
{
bool allowed;
- char *p, *q;
- const char *v;
+ char *p = NULL, *q = NULL;
+ const char *v = NULL;
int i, rc;
char **wanted_methods = sshbind->wanted_methods;
@@ -2266,7 +2266,7 @@ static char *ssh_bind_options_expand_escape(ssh_bind sshbind, const char *s)
char *buf = NULL;
char *r = NULL;
char *x = NULL;
- const char *p;
+ const char *p = NULL;
size_t i, l;
r = ssh_path_expand_tilde(s);
@@ -2372,7 +2372,7 @@ static char *ssh_bind_options_expand_escape(ssh_bind sshbind, const char *s)
int ssh_bind_options_parse_config(ssh_bind sshbind, const char *filename)
{
int rc = 0;
- char *expanded_filename;
+ char *expanded_filename = NULL;
if (sshbind == NULL) {
return -1;
diff --git a/src/packet.c b/src/packet.c
index 1bb7b02d..891d120c 100644
--- a/src/packet.c
+++ b/src/packet.c
@@ -1423,8 +1423,8 @@ error:
static void ssh_packet_socket_controlflow_callback(int code, void *userdata)
{
ssh_session session = userdata;
- struct ssh_iterator *it;
- ssh_channel channel;
+ struct ssh_iterator *it = NULL;
+ ssh_channel channel = NULL;
if (code == SSH_SOCKET_FLOW_WRITEWONTBLOCK) {
SSH_LOG(SSH_LOG_TRACE, "sending channel_write_wontblock callback");
@@ -1885,7 +1885,7 @@ int ssh_packet_send(ssh_session session)
/* We finished the key exchange so we can try to send our queue now */
if (rc == SSH_OK && type == SSH2_MSG_NEWKEYS) {
- struct ssh_iterator *it;
+ struct ssh_iterator *it = NULL;
if (session->flags & SSH_SESSION_FLAG_KEX_STRICT) {
/* reset packet sequence number when running in strict kex mode */
diff --git a/src/packet_crypt.c b/src/packet_crypt.c
index fe3f489e..96e9586c 100644
--- a/src/packet_crypt.c
+++ b/src/packet_crypt.c
@@ -262,7 +262,7 @@ int ssh_packet_hmac_verify(ssh_session session,
{
struct ssh_crypto_struct *crypto = NULL;
unsigned char hmacbuf[DIGEST_MAX_LEN] = {0};
- HMACCTX ctx;
+ HMACCTX ctx = NULL;
size_t hmaclen = DIGEST_MAX_LEN;
uint32_t seq;
int cmp;
diff --git a/src/pki.c b/src/pki.c
index 512201d9..08a84c2f 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -360,7 +360,7 @@ enum ssh_digest_e ssh_key_hash_from_name(const char *name)
*/
int ssh_key_algorithm_allowed(ssh_session session, const char *type)
{
- const char *allowed_list;
+ const char *allowed_list = NULL;
if (session->client) {
allowed_list = session->opts.pubkey_accepted_types;
@@ -720,7 +720,7 @@ int ssh_key_cmp(const ssh_key k1,
ssh_signature ssh_signature_new(void)
{
- struct ssh_signature_struct *sig;
+ struct ssh_signature_struct *sig = NULL;
sig = malloc(sizeof(struct ssh_signature_struct));
if (sig == NULL) {
@@ -812,7 +812,7 @@ int ssh_pki_import_privkey_base64(const char *b64_key,
void *auth_data,
ssh_key *pkey)
{
- ssh_key key;
+ ssh_key key = NULL;
char *openssh_header = NULL;
if (b64_key == NULL || pkey == NULL) {
@@ -935,8 +935,8 @@ int ssh_pki_import_privkey_file(const char *filename,
void *auth_data,
ssh_key *pkey) {
struct stat sb;
- char *key_buf;
- FILE *file;
+ char *key_buf = NULL;
+ FILE *file = NULL;
off_t size;
int rc;
char err_msg[SSH_ERRNO_MSG_MAX] = {0};
@@ -1084,8 +1084,8 @@ int ssh_pki_export_privkey_file(const ssh_key privkey,
/* temporary function to migrate seemlessly to ssh_key */
ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key)
{
- ssh_public_key pub;
- ssh_key tmp;
+ ssh_public_key pub = NULL;
+ ssh_key tmp = NULL;
if (key == NULL) {
return NULL;
@@ -1122,7 +1122,7 @@ ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key)
ssh_private_key ssh_pki_convert_key_to_privatekey(const ssh_key key)
{
- ssh_private_key privkey;
+ ssh_private_key privkey = NULL;
privkey = calloc(1, sizeof(struct ssh_private_key_struct));
if (privkey == NULL) {
@@ -1512,9 +1512,9 @@ static int pki_import_cert_buffer(ssh_buffer buffer,
enum ssh_keytypes_e type,
ssh_key *pkey)
{
- ssh_buffer cert;
- ssh_string tmp_s;
- const char *type_c;
+ ssh_buffer cert = NULL;
+ ssh_string tmp_s = NULL;
+ const char *type_c = NULL;
ssh_key key = NULL;
int rc;
@@ -2056,7 +2056,7 @@ error:
int ssh_pki_export_privkey_to_pubkey(const ssh_key privkey,
ssh_key *pkey)
{
- ssh_key pubkey;
+ ssh_key pubkey = NULL;
if (privkey == NULL || !ssh_key_is_private(privkey)) {
return SSH_ERROR;
@@ -2094,7 +2094,7 @@ int ssh_pki_export_privkey_to_pubkey(const ssh_key privkey,
int ssh_pki_export_pubkey_blob(const ssh_key key,
ssh_string *pblob)
{
- ssh_string blob;
+ ssh_string blob = NULL;
if (key == NULL) {
return SSH_OK;
@@ -2124,8 +2124,8 @@ int ssh_pki_export_pubkey_blob(const ssh_key key,
int ssh_pki_export_pubkey_base64(const ssh_key key,
char **b64_key)
{
- ssh_string key_blob;
- unsigned char *b64;
+ ssh_string key_blob = NULL;
+ unsigned char *b64 = NULL;
if (key == NULL || b64_key == NULL) {
return SSH_ERROR;
@@ -2152,9 +2152,9 @@ int ssh_pki_export_pubkey_file(const ssh_key key,
{
char key_buf[MAX_LINE_SIZE];
char host[256];
- char *b64_key;
- char *user;
- FILE *fp;
+ char *b64_key = NULL;
+ char *user = NULL;
+ FILE *fp = NULL;
int rc;
if (key == NULL || filename == NULL || *filename == '\0') {
@@ -2215,7 +2215,7 @@ int ssh_pki_export_pubkey_file(const ssh_key key,
* @returns SSH_OK on success, SSH_ERROR otherwise.
**/
int ssh_pki_copy_cert_to_privkey(const ssh_key certkey, ssh_key privkey) {
- ssh_buffer cert_buffer;
+ ssh_buffer cert_buffer = NULL;
int rc;
if (certkey == NULL || privkey == NULL) {
@@ -2250,7 +2250,7 @@ int ssh_pki_export_signature_blob(const ssh_signature sig,
ssh_string *sig_blob)
{
ssh_buffer buf = NULL;
- ssh_string str;
+ ssh_string str = NULL;
int rc;
if (sig == NULL || sig_blob == NULL) {
@@ -2314,7 +2314,7 @@ int ssh_pki_import_signature_blob(const ssh_string sig_blob,
enum ssh_keytypes_e type;
enum ssh_digest_e hash_type;
ssh_string algorithm = NULL, blob = NULL;
- ssh_buffer buf;
+ ssh_buffer buf = NULL;
const char *alg = NULL;
uint8_t flags = 0;
uint32_t counter = 0;
@@ -2674,9 +2674,9 @@ ssh_string ssh_pki_do_sign_agent(ssh_session session,
const ssh_key pubkey)
{
struct ssh_crypto_struct *crypto = NULL;
- ssh_string session_id;
- ssh_string sig_blob;
- ssh_buffer sig_buf;
+ ssh_string session_id = NULL;
+ ssh_string sig_blob = NULL;
+ ssh_buffer sig_buf = NULL;
int rc;
crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_BOTH);
diff --git a/src/pki_container_openssh.c b/src/pki_container_openssh.c
index eed977f8..58d03fc4 100644
--- a/src/pki_container_openssh.c
+++ b/src/pki_container_openssh.c
@@ -234,12 +234,12 @@ ssh_pki_openssh_import(const char *text_key,
bool private)
{
const char *ptr = text_key;
- const char *end;
- char *base64;
+ const char *end = NULL;
+ char *base64 = NULL;
int cmp;
int rc;
int i;
- ssh_buffer buffer = NULL, privkey_buffer=NULL;
+ ssh_buffer buffer = NULL, privkey_buffer = NULL;
char *magic = NULL, *ciphername = NULL, *kdfname = NULL;
uint32_t nkeys = 0, checkint1 = 0, checkint2 = 0xFFFF;
ssh_string kdfoptions = NULL;
@@ -536,16 +536,16 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
ssh_auth_callback auth_fn,
void *auth_data)
{
- ssh_buffer buffer;
+ ssh_buffer buffer = NULL;
ssh_string str = NULL;
ssh_string pubkey_s=NULL;
ssh_buffer privkey_buffer = NULL;
uint32_t rnd;
uint32_t rounds = 16;
- ssh_string salt=NULL;
- ssh_string kdf_options=NULL;
+ ssh_string salt = NULL;
+ ssh_string kdf_options = NULL;
int to_encrypt=0;
- unsigned char *b64;
+ unsigned char *b64 = NULL;
uint32_t str_len, len;
uint8_t padding = 1;
int ok;
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index fa233e70..b99a6e8c 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -2048,9 +2048,9 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
* #if OPENSSL_VERSION_NUMBER >= 0x30000000L
*/
#if 0
- const void *pubkey;
+ const void *pubkey = NULL;
size_t pubkey_len;
- OSSL_PARAM *params, *locate_param;
+ OSSL_PARAM *params = NULL, *locate_param = NULL;
#endif /* OPENSSL_VERSION_NUMBER */
type_s = ssh_string_from_char(pki_key_ecdsa_nid_to_char(key->ecdsa_nid));
@@ -2308,7 +2308,7 @@ static ssh_string pki_ecdsa_signature_to_blob(const ssh_signature sig)
const unsigned char *raw_sig_data = NULL;
size_t raw_sig_len;
- ECDSA_SIG *ecdsa_sig;
+ ECDSA_SIG *ecdsa_sig = NULL;
int rc;
@@ -2625,8 +2625,8 @@ static int pki_signature_from_ecdsa_blob(UNUSED_PARAM(const ssh_key pubkey),
ECDSA_SIG *ecdsa_sig = NULL;
BIGNUM *pr = NULL, *ps = NULL;
- ssh_string r;
- ssh_string s;
+ ssh_string r = NULL;
+ ssh_string s = NULL;
ssh_buffer buf = NULL;
uint32_t rlen;
diff --git a/src/pki_ed25519.c b/src/pki_ed25519.c
index 6a5a4a8a..0674fb63 100644
--- a/src/pki_ed25519.c
+++ b/src/pki_ed25519.c
@@ -62,7 +62,7 @@ int pki_ed25519_sign(const ssh_key privkey,
size_t hlen)
{
int rc;
- uint8_t *buffer;
+ uint8_t *buffer = NULL;
uint64_t dlen = 0;
buffer = malloc(hlen + ED25519_SIG_LEN);
@@ -104,8 +104,8 @@ int pki_ed25519_verify(const ssh_key pubkey,
size_t hlen)
{
uint64_t mlen = 0;
- uint8_t *buffer;
- uint8_t *buffer2;
+ uint8_t *buffer = NULL;
+ uint8_t *buffer2 = NULL;
int rc;
if (pubkey == NULL || sig == NULL ||
diff --git a/src/pki_ed25519_common.c b/src/pki_ed25519_common.c
index 15c9abef..2818a000 100644
--- a/src/pki_ed25519_common.c
+++ b/src/pki_ed25519_common.c
@@ -213,7 +213,7 @@ int pki_ed25519_public_key_to_blob(ssh_buffer buffer, ssh_key key)
*/
ssh_string pki_ed25519_signature_to_blob(ssh_signature sig)
{
- ssh_string sig_blob;
+ ssh_string sig_blob = NULL;
int rc;
#ifdef HAVE_OPENSSL_ED25519
diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c
index 702b9b2b..be527c1c 100644
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -152,7 +152,7 @@ static ssh_string asn1_get_int(ssh_buffer buffer) {
static ssh_string asn1_get_bit_string(ssh_buffer buffer)
{
- ssh_string str;
+ ssh_string str = NULL;
unsigned char type;
uint32_t size;
unsigned char unused, last, *p;
@@ -1882,9 +1882,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC
{
- ssh_string R;
- ssh_string S;
- ssh_buffer b;
+ ssh_string R = NULL;
+ ssh_string S = NULL;
+ ssh_buffer b = NULL;
b = ssh_buffer_new();
if (b == NULL) {
@@ -2054,8 +2054,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
case SSH_KEYTYPE_SK_ECDSA:
#ifdef HAVE_GCRYPT_ECC
{ /* build ecdsa siganature */
- ssh_buffer b;
- ssh_string r, s;
+ ssh_buffer b = NULL;
+ ssh_string r = NULL, s = NULL;
uint32_t rlen;
b = ssh_buffer_new();
diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c
index 045bad50..1a57ab71 100644
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@@ -1078,9 +1078,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521: {
- ssh_string r;
- ssh_string s;
- ssh_buffer b;
+ ssh_string r = NULL;
+ ssh_string s = NULL;
+ ssh_buffer b = NULL;
int rc;
b = ssh_buffer_new();
@@ -1234,9 +1234,9 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
case SSH_KEYTYPE_SK_ECDSA: {
- ssh_buffer b;
- ssh_string r;
- ssh_string s;
+ ssh_buffer b = NULL;
+ ssh_string r = NULL;
+ ssh_string s = NULL;
size_t rlen;
b = ssh_buffer_new();
diff --git a/src/poll.c b/src/poll.c
index 1246f456..ea336003 100644
--- a/src/poll.c
+++ b/src/poll.c
@@ -553,8 +553,8 @@ void ssh_poll_ctx_free(ssh_poll_ctx ctx)
static int ssh_poll_ctx_resize(ssh_poll_ctx ctx, size_t new_size)
{
- ssh_poll_handle *pollptrs;
- ssh_pollfd_t *pollfds;
+ ssh_poll_handle *pollptrs = NULL;
+ ssh_pollfd_t *pollfds = NULL;
pollptrs = realloc(ctx->pollptrs, sizeof(ssh_poll_handle) * new_size);
if (pollptrs == NULL) {
@@ -839,7 +839,7 @@ ssh_event_add_fd(ssh_event event, socket_t fd, short events,
ssh_event_callback cb, void *userdata)
{
ssh_poll_handle p;
- struct ssh_event_fd_wrapper *pw;
+ struct ssh_event_fd_wrapper *pw = NULL;
if(event == NULL || event->ctx == NULL || cb == NULL
|| fd == SSH_INVALID_SOCKET) {
@@ -909,7 +909,7 @@ int ssh_event_add_session(ssh_event event, ssh_session session)
{
ssh_poll_handle p;
#ifdef WITH_SERVER
- struct ssh_iterator *iterator;
+ struct ssh_iterator *iterator = NULL;
#endif
if(event == NULL || event->ctx == NULL || session == NULL) {
@@ -1056,7 +1056,7 @@ int ssh_event_remove_session(ssh_event event, ssh_session session)
register size_t i, used;
int rc = SSH_ERROR;
#ifdef WITH_SERVER
- struct ssh_iterator *iterator;
+ struct ssh_iterator *iterator = NULL;
#endif
if (event == NULL || event->ctx == NULL || session == NULL) {
diff --git a/src/server.c b/src/server.c
index fb6b1190..f974fdfa 100644
--- a/src/server.c
+++ b/src/server.c
@@ -85,8 +85,8 @@ int server_set_kex(ssh_session session)
{
struct ssh_kex_struct *server = &session->next_crypto->server_kex;
int i, j, rc;
- const char *wanted, *allowed;
- char *kept;
+ const char *wanted = NULL, *allowed = NULL;
+ char *kept = NULL;
char hostkeys[128] = {0};
enum ssh_keytypes_e keytype;
size_t len;
@@ -220,9 +220,10 @@ int ssh_server_init_kex(ssh_session session) {
return server_set_kex(session);
}
-static int ssh_server_send_extensions(ssh_session session) {
+static int ssh_server_send_extensions(ssh_session session)
+{
int rc;
- const char *hostkey_algorithms;
+ const char *hostkey_algorithms = NULL;
SSH_LOG(SSH_LOG_PACKET, "Sending SSH_MSG_EXT_INFO");
@@ -287,8 +288,8 @@ ssh_get_key_params(ssh_session session,
ssh_key *privkey,
enum ssh_digest_e *digest)
{
- ssh_key pubkey;
- ssh_string pubkey_blob;
+ ssh_key pubkey = NULL;
+ ssh_string pubkey_blob = NULL;
int rc;
switch(session->srv.hostkey) {
@@ -717,7 +718,7 @@ static int ssh_message_service_request_reply_default(ssh_message msg) {
}
int ssh_message_service_reply_success(ssh_message msg) {
- ssh_session session;
+ ssh_session session = NULL;
int rc;
if (msg == NULL) {
@@ -1064,7 +1065,7 @@ int ssh_message_auth_reply_pk_ok(ssh_message msg, ssh_string algo, ssh_string pu
}
int ssh_message_auth_reply_pk_ok_simple(ssh_message msg) {
- ssh_string algo;
+ ssh_string algo = NULL;
ssh_string pubkey_blob = NULL;
int ret;
diff --git a/src/session.c b/src/session.c
index eb63cdb1..46b00cd5 100644
--- a/src/session.c
+++ b/src/session.c
@@ -58,7 +58,7 @@
*/
ssh_session ssh_new(void)
{
- ssh_session session;
+ ssh_session session = NULL;
char *id = NULL;
int rc;
@@ -280,7 +280,7 @@ void ssh_free(ssh_session session)
/* options */
if (session->opts.identity) {
- char *id;
+ char *id = NULL;
for (id = ssh_list_pop_head(char *, session->opts.identity);
id != NULL;
@@ -291,7 +291,7 @@ void ssh_free(ssh_session session)
}
if (session->opts.identity_non_exp) {
- char *id;
+ char *id = NULL;
for (id = ssh_list_pop_head(char *, session->opts.identity_non_exp);
id != NULL;
@@ -1150,7 +1150,7 @@ int ssh_get_publickey_hash(const ssh_key key,
unsigned char **hash,
size_t *hlen)
{
- ssh_string blob;
+ ssh_string blob = NULL;
unsigned char *h = NULL;
int rc;
@@ -1162,7 +1162,7 @@ int ssh_get_publickey_hash(const ssh_key key,
switch (type) {
case SSH_PUBLICKEY_HASH_SHA1:
{
- SHACTX ctx;
+ SHACTX ctx = NULL;
h = calloc(1, SHA_DIGEST_LEN);
if (h == NULL) {
@@ -1194,7 +1194,7 @@ int ssh_get_publickey_hash(const ssh_key key,
break;
case SSH_PUBLICKEY_HASH_SHA256:
{
- SHA256CTX ctx;
+ SHA256CTX ctx = NULL;
h = calloc(1, SHA256_DIGEST_LEN);
if (h == NULL) {
@@ -1226,7 +1226,7 @@ int ssh_get_publickey_hash(const ssh_key key,
break;
case SSH_PUBLICKEY_HASH_MD5:
{
- MD5CTX ctx;
+ MD5CTX ctx = NULL;
/* In FIPS mode, we cannot use MD5 */
if (ssh_fips_mode()) {
diff --git a/src/sftpserver.c b/src/sftpserver.c
index b3349e16..528ef6f9 100644
--- a/src/sftpserver.c
+++ b/src/sftpserver.c
@@ -299,8 +299,8 @@ void sftp_client_message_free(sftp_client_message msg) {
int sftp_reply_name(sftp_client_message msg, const char *name,
sftp_attributes attr) {
- ssh_buffer out;
- ssh_string file;
+ ssh_buffer out = NULL;
+ ssh_string file = NULL;
out = ssh_buffer_new();
if (out == NULL) {
@@ -369,7 +369,7 @@ int sftp_reply_attr(sftp_client_message msg, sftp_attributes attr) {
int sftp_reply_names_add(sftp_client_message msg, const char *file,
const char *longname, sftp_attributes attr) {
- ssh_string name;
+ ssh_string name = NULL;
name = ssh_string_from_char(file);
if (name == NULL) {
@@ -435,8 +435,8 @@ int sftp_reply_names(sftp_client_message msg) {
int sftp_reply_status(sftp_client_message msg, uint32_t status,
const char *message) {
- ssh_buffer out;
- ssh_string s;
+ ssh_buffer out = NULL;
+ ssh_string s = NULL;
out = ssh_buffer_new();
if (out == NULL) {
@@ -492,7 +492,7 @@ int sftp_reply_data(sftp_client_message msg, const void *data, int len) {
* valid info (or worse).
*/
ssh_string sftp_handle_alloc(sftp_session sftp, void *info) {
- ssh_string ret;
+ ssh_string ret = NULL;
uint32_t val;
uint32_t i;
diff --git a/src/string.c b/src/string.c
index 44403487..0ab9310c 100644
--- a/src/string.c
+++ b/src/string.c
@@ -106,7 +106,7 @@ int ssh_string_fill(struct ssh_string_struct *s, const void *data, size_t len) {
* @note The null byte is not copied nor counted in the output string.
*/
struct ssh_string_struct *ssh_string_from_char(const char *what) {
- struct ssh_string_struct *ptr;
+ struct ssh_string_struct *ptr = NULL;
size_t len;
if(what == NULL) {
@@ -180,7 +180,7 @@ const char *ssh_string_get_char(struct ssh_string_struct *s)
*/
char *ssh_string_to_char(struct ssh_string_struct *s) {
size_t len;
- char *new;
+ char *new = NULL;
if (s == NULL) {
return NULL;
@@ -219,7 +219,7 @@ void ssh_string_free_char(char *s) {
* @return Newly allocated copy of the string, NULL on error.
*/
struct ssh_string_struct *ssh_string_copy(struct ssh_string_struct *s) {
- struct ssh_string_struct *new;
+ struct ssh_string_struct *new = NULL;
size_t len;
if (s == NULL) {
diff --git a/src/threads/winlocks.c b/src/threads/winlocks.c
index da600418..e63635e7 100644
--- a/src/threads/winlocks.c
+++ b/src/threads/winlocks.c
@@ -82,7 +82,7 @@ static struct ssh_threads_callbacks_struct ssh_threads_winlock =
void ssh_mutex_lock(SSH_MUTEX *mutex)
{
- void *rc;
+ void *rc = NULL;
CRITICAL_SECTION *mutex_tmp = NULL;
diff --git a/src/wrapper.c b/src/wrapper.c
index f9727bcf..ecf6fbfe 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -152,7 +152,7 @@ static void cipher_free(struct ssh_cipher_struct *cipher) {
struct ssh_crypto_struct *crypto_new(void)
{
- struct ssh_crypto_struct *crypto;
+ struct ssh_crypto_struct *crypto = NULL;
crypto = malloc(sizeof(struct ssh_crypto_struct));
if (crypto == NULL) {
--
2.53.0
From 5fa0eeef8c6e2cd28214b10ecbb40ae68a3903d8 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 28 Apr 2025 11:04:55 +0200
Subject: [PATCH 2/2] CVE-2025-4878 legacy: Properly check return value to
avoid NULL pointer dereference
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
src/legacy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/legacy.c b/src/legacy.c
index 7359040c..f73ef6cc 100644
--- a/src/legacy.c
+++ b/src/legacy.c
@@ -452,7 +452,7 @@ ssh_private_key privatekey_from_file(ssh_session session,
auth_fn,
auth_data,
&key);
- if (rc == SSH_ERROR) {
+ if (rc != SSH_OK) {
return NULL;
}
--
2.53.0
Reference in New Issue View Git Blame Copy Permalink