From 697650caa97eaf7623924c75f9fcfec6dd423cd1 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Wed, 23 Apr 2025 17:57:11 +0200 Subject: [PATCH] CVE-2025-4878 Initialize pointers where possible This is mostly mechanical change initializing all the pointers I was able to find with some grep and manual review of sources and examples. Used the following greps (which yield some false positives though): git grep " \w* *\* *\w*;$" git grep " ssh_session \w*;" git grep " ssh_channel \w*;" git grep " struct ssh_iterator \*\w*;" git grep " ssh_bind \w*;" git grep " ssh_key \w*;" git grep " ssh_string \w*;" git grep " ssh_buffer \w*;" git grep " HMACCTX \w*;" git grep " SHACTX \w*;" grep -rinP '^(?!.*=)\s*(?:\w+\s+)*\w+\s*\*\s*\w+\s*;' Signed-off-by: Jakub Jelen Reviewed-by: Andreas Schneider CVE: CVE-2025-4878 Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1] Signed-off-by: Rajeshkumar Ramasamy --- doc/authentication.dox | 10 +++---- doc/command.dox | 2 +- doc/forwarding.dox | 4 +-- doc/guided_tour.dox | 14 +++++----- doc/shell.dox | 2 +- examples/authentication.c | 12 ++++---- examples/connect_ssh.c | 2 +- examples/exec.c | 4 +-- examples/knownhosts.c | 2 +- examples/libssh_scp.c | 11 ++++---- examples/proxy.c | 18 ++++++------ examples/samplesshd-cb.c | 10 +++---- examples/samplesshd-kbdint.c | 16 +++++------ examples/scp_download.c | 4 +-- examples/senddata.c | 4 +-- examples/ssh_client.c | 8 +++--- examples/sshnetcat.c | 6 ++-- src/agent.c | 13 +++++---- src/auth.c | 7 +++-- src/bind.c | 9 +++--- src/buffer.c | 9 +++--- src/callbacks.c | 2 +- src/chachapoly.c | 2 +- src/channels.c | 53 ++++++++++++++++++------------------ src/client.c | 2 +- src/config.c | 4 +-- src/connect.c | 4 +-- src/connector.c | 5 ++-- src/ecdh_crypto.c | 2 +- src/ecdh_gcrypt.c | 10 +++---- src/gcrypt_missing.c | 2 +- src/getpass.c | 4 +-- src/gssapi.c | 28 ++++++++++--------- src/kex.c | 2 +- src/known_hosts.c | 38 +++++++++++++------------- src/knownhosts.c | 14 +++++----- src/legacy.c | 43 +++++++++++++++-------------- src/log.c | 2 +- src/messages.c | 18 ++++++------ src/misc.c | 22 +++++++-------- src/options.c | 12 ++++---- src/packet.c | 4 +-- src/packet_crypt.c | 2 +- src/pki.c | 48 ++++++++++++++++---------------- src/pki_container_openssh.c | 14 +++++----- src/pki_ed25519.c | 6 ++-- src/pki_gcrypt.c | 2 +- src/pki_mbedcrypto.c | 12 ++++---- src/poll.c | 8 +++--- src/server.c | 18 ++++++------ src/session.c | 4 +-- src/sftpserver.c | 12 ++++---- src/string.c | 6 ++-- src/threads/winlocks.c | 2 +- src/wrapper.c | 2 +- 55 files changed, 295 insertions(+), 281 deletions(-) diff --git a/doc/authentication.dox b/doc/authentication.dox index ec6f1936..a8fbd400 100644 --- a/doc/authentication.dox +++ b/doc/authentication.dox @@ -102,7 +102,7 @@ Here is a small example of password authentication: @code int authenticate_password(ssh_session session) { - char *password; + char *password = NULL; int rc; password = getpass("Enter your password: "); @@ -215,7 +215,7 @@ int authenticate_kbdint(ssh_session session) rc = ssh_userauth_kbdint(session, NULL, NULL); while (rc == SSH_AUTH_INFO) { - const char *name, *instruction; + const char *name = NULL, *instruction = NULL; int nprompts, iprompt; name = ssh_userauth_kbdint_getname(session); @@ -228,7 +228,7 @@ int authenticate_kbdint(ssh_session session) printf("%s\n", instruction); for (iprompt = 0; iprompt < nprompts; iprompt++) { - const char *prompt; + const char *prompt = NULL; char echo; prompt = ssh_userauth_kbdint_getprompt(session, iprompt, &echo); @@ -248,7 +248,7 @@ int authenticate_kbdint(ssh_session session) } else { - char *ptr; + char *ptr = NULL; ptr = getpass(prompt); if (ssh_userauth_kbdint_setanswer(session, iprompt, ptr) < 0) @@ -351,7 +351,7 @@ The following example shows how to retrieve and dispose the issue banner: int display_banner(ssh_session session) { int rc; - char *banner; + char *banner = NULL; /* *** Does not work without calling ssh_userauth_none() first *** diff --git a/doc/command.dox b/doc/command.dox index 588151c6..e82748ce 100644 --- a/doc/command.dox +++ b/doc/command.dox @@ -22,7 +22,7 @@ a SSH session that uses this channel: @code int show_remote_files(ssh_session session) { - ssh_channel channel; + ssh_channel channel = NULL; int rc; channel = ssh_channel_new(session); diff --git a/doc/forwarding.dox b/doc/forwarding.dox index bb93c7b1..1949660c 100644 --- a/doc/forwarding.dox +++ b/doc/forwarding.dox @@ -100,7 +100,7 @@ used to retrieve google's home page from the remote SSH server. @code int direct_forwarding(ssh_session session) { - ssh_channel forwarding_channel; + ssh_channel forwarding_channel = NULL; int rc; char *http_get = "GET / HTTP/1.1\nHost: www.google.com\n\n"; int nbytes, nwritten; @@ -161,7 +161,7 @@ local libssh application, which handles them: int web_server(ssh_session session) { int rc; - ssh_channel channel; + ssh_channel channel = NULL; char buffer[256]; int nbytes, nwritten; int port = 0; diff --git a/doc/guided_tour.dox b/doc/guided_tour.dox index 2f1a9b8e..008ccb4e 100644 --- a/doc/guided_tour.dox +++ b/doc/guided_tour.dox @@ -79,7 +79,7 @@ Here is a small example of how to use it: int main() { - ssh_session my_ssh_session; + ssh_session my_ssh_session = NULL; int verbosity = SSH_LOG_PROTOCOL; int port = 22; @@ -126,7 +126,7 @@ Here's an example: int main() { - ssh_session my_ssh_session; + ssh_session my_ssh_session = NULL; int rc; my_ssh_session = ssh_new(); @@ -190,8 +190,8 @@ int verify_knownhost(ssh_session session) ssh_key srv_pubkey = NULL; size_t hlen; char buf[10]; - char *hexa; - char *p; + char *hexa = NULL; + char *p = NULL; int cmp; int rc; @@ -317,9 +317,9 @@ The example below shows an authentication with password: int main() { - ssh_session my_ssh_session; + ssh_session my_ssh_session = NULL; int rc; - char *password; + char *password = NULL; // Open session and set options my_ssh_session = ssh_new(); @@ -380,7 +380,7 @@ The example below shows how to execute a remote command: @code int show_remote_processes(ssh_session session) { - ssh_channel channel; + ssh_channel channel = NULL; int rc; char buffer[256]; int nbytes; diff --git a/doc/shell.dox b/doc/shell.dox index 0693bbcc..03b5a575 100644 --- a/doc/shell.dox +++ b/doc/shell.dox @@ -26,7 +26,7 @@ The code sample below achieves these tasks: @code int shell_session(ssh_session session) { - ssh_channel channel; + ssh_channel channel = NULL; int rc; channel = ssh_channel_new(session); diff --git a/examples/authentication.c b/examples/authentication.c index 9e5b94c9..758666fc 100644 --- a/examples/authentication.c +++ b/examples/authentication.c @@ -30,8 +30,8 @@ int authenticate_kbdint(ssh_session session, const char *password) err = ssh_userauth_kbdint(session, NULL, NULL); while (err == SSH_AUTH_INFO) { - const char *instruction; - const char *name; + const char *instruction = NULL; + const char *name = NULL; char buffer[128]; int i, n; @@ -48,8 +48,8 @@ int authenticate_kbdint(ssh_session session, const char *password) } for (i = 0; i < n; i++) { - const char *answer; - const char *prompt; + const char *answer = NULL; + const char *prompt = NULL; char echo; prompt = ssh_userauth_kbdint_getprompt(session, i, &echo); @@ -58,7 +58,7 @@ int authenticate_kbdint(ssh_session session, const char *password) } if (echo) { - char *p; + char *p = NULL; printf("%s", prompt); @@ -110,7 +110,7 @@ int authenticate_console(ssh_session session) int rc; int method; char password[128] = {0}; - char *banner; + char *banner = NULL; // Try to authenticate rc = ssh_userauth_none(session, NULL); diff --git a/examples/connect_ssh.c b/examples/connect_ssh.c index c9e4ef6e..06094272 100644 --- a/examples/connect_ssh.c +++ b/examples/connect_ssh.c @@ -22,7 +22,7 @@ clients must be made or how a client should react. #include ssh_session connect_ssh(const char *host, const char *user,int verbosity){ - ssh_session session; + ssh_session session = NULL; int auth=0; session=ssh_new(); diff --git a/examples/exec.c b/examples/exec.c index 4d5e0c1a..0db84688 100644 --- a/examples/exec.c +++ b/examples/exec.c @@ -5,8 +5,8 @@ #include "examples_common.h" int main(void) { - ssh_session session; - ssh_channel channel; + ssh_session session = NULL; + ssh_channel channel = NULL; char buffer[256]; int nbytes; int rc; diff --git a/examples/knownhosts.c b/examples/knownhosts.c index 2c538dac..44fbbd01 100644 --- a/examples/knownhosts.c +++ b/examples/knownhosts.c @@ -37,7 +37,7 @@ int verify_knownhost(ssh_session session){ char buf[10]; unsigned char *hash = NULL; size_t hlen; - ssh_key srv_pubkey; + ssh_key srv_pubkey = NULL; int rc; rc = ssh_get_server_publickey(session, &srv_pubkey); diff --git a/examples/libssh_scp.c b/examples/libssh_scp.c index ff38b830..b0638525 100644 --- a/examples/libssh_scp.c +++ b/examples/libssh_scp.c @@ -22,9 +22,9 @@ program. #include #include "examples_common.h" -static char **sources; +static char **sources = NULL; static int nsources; -static char *destination; +static char *destination = NULL; static int verbosity = 0; struct location { @@ -114,9 +114,10 @@ static void location_free(struct location *loc) } } -static struct location *parse_location(char *loc) { - struct location *location; - char *ptr; +static struct location *parse_location(char *loc) +{ + struct location *location = NULL; + char *ptr = NULL; location = malloc(sizeof(struct location)); if (location == NULL) { diff --git a/examples/proxy.c b/examples/proxy.c index dcf4d0d7..baebc12f 100644 --- a/examples/proxy.c +++ b/examples/proxy.c @@ -31,8 +31,8 @@ clients must be made or how a client should react. static int authenticated=0; static int tries = 0; static int error = 0; -static ssh_channel chan=NULL; -static char *username; +static ssh_channel chan = NULL; +static char *username = NULL; static ssh_gssapi_creds client_creds = NULL; static int auth_password(ssh_session session, const char *user, @@ -212,11 +212,12 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) { static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL}; #endif /* HAVE_ARGP_H */ -int main(int argc, char **argv){ - ssh_session session; - ssh_bind sshbind; - ssh_event mainloop; - ssh_session client_session; +int main(int argc, char **argv) +{ + ssh_session session = NULL; + ssh_bind sshbind = NULL; + ssh_event mainloop = NULL; + ssh_session client_session = NULL; struct ssh_server_callbacks_struct cb = { .userdata = NULL, @@ -227,7 +228,7 @@ int main(int argc, char **argv){ char buf[2048]; char host[128]=""; - char *ptr; + char *ptr = NULL; int i,r, rc; sshbind=ssh_bind_new(); @@ -344,4 +345,3 @@ int main(int argc, char **argv){ ssh_finalize(); return 0; } - diff --git a/examples/samplesshd-cb.c b/examples/samplesshd-cb.c index f93ab4b4..39efaf9a 100644 --- a/examples/samplesshd-cb.c +++ b/examples/samplesshd-cb.c @@ -215,10 +215,11 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) { static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL}; #endif /* HAVE_ARGP_H */ -int main(int argc, char **argv){ - ssh_session session; - ssh_bind sshbind; - ssh_event mainloop; +int main(int argc, char **argv) +{ + ssh_session session = NULL; + ssh_bind sshbind = NULL; + ssh_event mainloop = NULL; struct ssh_server_callbacks_struct cb = { .userdata = NULL, .auth_password_function = auth_password, @@ -303,4 +304,3 @@ int main(int argc, char **argv){ ssh_finalize(); return 0; } - diff --git a/examples/samplesshd-kbdint.c b/examples/samplesshd-kbdint.c index 522aebd6..88f0458a 100644 --- a/examples/samplesshd-kbdint.c +++ b/examples/samplesshd-kbdint.c @@ -183,8 +183,8 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) { static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL}; #endif /* HAVE_ARGP_H */ -static const char *name; -static const char *instruction; +static const char *name = NULL; +static const char *instruction = NULL; static const char *prompts[2]; static char echo[] = { 1, 0 }; @@ -288,11 +288,12 @@ static int authenticate(ssh_session session) { return 0; } -int main(int argc, char **argv){ - ssh_session session; - ssh_bind sshbind; - ssh_message message; - ssh_channel chan=0; +int main(int argc, char **argv) +{ + ssh_session session = NULL; + ssh_bind sshbind = NULL; + ssh_message message = NULL; + ssh_channel chan = NULL; char buf[2048]; int auth=0; int shell=0; @@ -422,4 +423,3 @@ int main(int argc, char **argv){ ssh_finalize(); return 0; } - diff --git a/examples/scp_download.c b/examples/scp_download.c index 85ccf92b..eda67764 100644 --- a/examples/scp_download.c +++ b/examples/scp_download.c @@ -104,7 +104,7 @@ static int fetch_files(ssh_session session){ int size; char buffer[16384]; int mode; - char *filename; + char *filename = NULL; int r; ssh_scp scp=ssh_scp_new(session, SSH_SCP_READ | SSH_SCP_RECURSIVE, "/tmp/libssh_tests/*"); if(ssh_scp_init(scp) != SSH_OK){ @@ -163,7 +163,7 @@ static int fetch_files(ssh_session session){ } int main(int argc, char **argv){ - ssh_session session; + ssh_session session = NULL; if(opts(argc,argv)<0) return EXIT_FAILURE; session=connect_ssh(host,NULL,verbosity); diff --git a/examples/senddata.c b/examples/senddata.c index 042b462b..1104acdc 100644 --- a/examples/senddata.c +++ b/examples/senddata.c @@ -6,7 +6,7 @@ #define LIMIT 0x100000000UL int main(void) { - ssh_session session; + ssh_session session = NULL; ssh_channel channel; char buffer[1024*1024]; int rc; @@ -47,7 +47,7 @@ int main(void) { if(total > LIMIT) break; } - + if (rc < 0) { printf("error : %s\n",ssh_get_error(session)); ssh_channel_close(channel); diff --git a/examples/ssh_client.c b/examples/ssh_client.c index b0c5a7ff..db226d53 100644 --- a/examples/ssh_client.c +++ b/examples/ssh_client.c @@ -50,7 +50,7 @@ static struct termios terminal; static char *pcap_file = NULL; -static char *proxycommand; +static char *proxycommand = NULL; static int auth_callback(const char *prompt, char *buf, @@ -238,7 +238,7 @@ static void select_loop(ssh_session session,ssh_channel channel) static void shell(ssh_session session) { - ssh_channel channel; + ssh_channel channel = NULL; struct termios terminal_local; int interactive=isatty(0); channel = ssh_channel_new(session); @@ -300,7 +300,7 @@ static void batch_shell(ssh_session session) static int client(ssh_session session) { int auth = 0; - char *banner; + char *banner = NULL; int state; if (user) { @@ -378,7 +378,7 @@ static void cleanup_pcap(void) int main(int argc, char **argv) { - ssh_session session; + ssh_session session = NULL; session = ssh_new(); diff --git a/examples/sshnetcat.c b/examples/sshnetcat.c index 28fb2765..0665d004 100644 --- a/examples/sshnetcat.c +++ b/examples/sshnetcat.c @@ -34,7 +34,7 @@ clients must be made or how a client should react. #include #include "examples_common.h" -char *host; +char *host = NULL; const char *desthost="localhost"; const char *port="22"; @@ -187,7 +187,7 @@ static void forwarding(ssh_session session){ static int client(ssh_session session){ int auth=0; - char *banner; + char *banner = NULL; int state; if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0) @@ -239,7 +239,7 @@ void cleanup_pcap(){ #endif int main(int argc, char **argv){ - ssh_session session; + ssh_session session = NULL; session = ssh_new(); diff --git a/src/agent.c b/src/agent.c index 7704e8f1..cabe9b6b 100644 --- a/src/agent.c +++ b/src/agent.c @@ -418,8 +418,9 @@ ssh_key ssh_agent_get_first_ident(struct ssh_session_struct *session, /* caller has to free commment */ ssh_key ssh_agent_get_next_ident(struct ssh_session_struct *session, - char **comment) { - struct ssh_key_struct *key; + char **comment) +{ + struct ssh_key_struct *key = NULL; struct ssh_string_struct *blob = NULL; struct ssh_string_struct *tmp = NULL; int rc; @@ -488,10 +489,10 @@ ssh_string ssh_agent_sign_data(ssh_session session, const ssh_key pubkey, struct ssh_buffer_struct *data) { - ssh_buffer request; - ssh_buffer reply; - ssh_string key_blob; - ssh_string sig_blob; + ssh_buffer request = NULL; + ssh_buffer reply = NULL; + ssh_string key_blob = NULL; + ssh_string sig_blob = NULL; unsigned int type = 0; unsigned int flags = 0; uint32_t dlen; diff --git a/src/auth.c b/src/auth.c index 993e6dfe..531ab8bd 100644 --- a/src/auth.c +++ b/src/auth.c @@ -191,8 +191,9 @@ static int ssh_userauth_get_response(ssh_session session) { * * This banner should be shown to user prior to authentication */ -SSH_PACKET_CALLBACK(ssh_packet_userauth_banner) { - ssh_string banner; +SSH_PACKET_CALLBACK(ssh_packet_userauth_banner) +{ + ssh_string banner = NULL; (void)type; (void)user; @@ -1299,7 +1300,7 @@ int ssh_userauth_agent_pubkey(ssh_session session, const char *username, ssh_public_key publickey) { - ssh_key key; + ssh_key key = NULL; int rc; key = ssh_key_new(); diff --git a/src/bind.c b/src/bind.c index 63ef3a94..0cf8bea9 100644 --- a/src/bind.c +++ b/src/bind.c @@ -73,7 +73,7 @@ static socket_t bind_socket(ssh_bind sshbind, const char *hostname, int port) { char port_c[6]; - struct addrinfo *ai; + struct addrinfo *ai = NULL; struct addrinfo hints; int opt = 1; socket_t s; @@ -129,8 +129,9 @@ static socket_t bind_socket(ssh_bind sshbind, const char *hostname, return s; } -ssh_bind ssh_bind_new(void) { - ssh_bind ptr; +ssh_bind ssh_bind_new(void) +{ + ssh_bind ptr = NULL; ptr = malloc(sizeof(struct ssh_bind_struct)); if (ptr == NULL) { @@ -249,7 +250,7 @@ static int ssh_bind_import_keys(ssh_bind sshbind) { } int ssh_bind_listen(ssh_bind sshbind) { - const char *host; + const char *host = NULL; socket_t fd; int rc; diff --git a/src/buffer.c b/src/buffer.c index da6e587f..50469e62 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -365,7 +365,8 @@ int ssh_buffer_allocate_size(struct ssh_buffer_struct *buffer, */ void *ssh_buffer_allocate(struct ssh_buffer_struct *buffer, uint32_t len) { - void *ptr; + void *ptr = NULL; + buffer_verify(buffer); if (buffer->used + len < len) { @@ -922,7 +923,7 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, va_list ap) { int rc = SSH_ERROR; - const char *p; + const char *p = NULL; union { uint8_t byte; uint16_t word; @@ -931,7 +932,7 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer, ssh_string string; void *data; } o; - char *cstring; + char *cstring = NULL; bignum b; size_t len; int count; @@ -1086,7 +1087,7 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer, va_list ap) { int rc = SSH_ERROR; - const char *p, *last; + const char *p = NULL, *last = NULL; union { uint8_t *byte; uint16_t *word; diff --git a/src/callbacks.c b/src/callbacks.c index 3ed2f11c..6bfed62a 100644 --- a/src/callbacks.c +++ b/src/callbacks.c @@ -113,7 +113,7 @@ int ssh_add_channel_callbacks(ssh_channel channel, ssh_channel_callbacks cb) int ssh_remove_channel_callbacks(ssh_channel channel, ssh_channel_callbacks cb) { - struct ssh_iterator *it; + struct ssh_iterator *it = NULL; if (channel == NULL || channel->callbacks == NULL){ return SSH_ERROR; diff --git a/src/chachapoly.c b/src/chachapoly.c index 904303ef..6a3aba18 100644 --- a/src/chachapoly.c +++ b/src/chachapoly.c @@ -50,7 +50,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher, void *key, void *IV) { - struct chacha20_poly1305_keysched *sched; + struct chacha20_poly1305_keysched *sched = NULL; uint8_t *u8key = key; (void)IV; diff --git a/src/channels.c b/src/channels.c index b94016f1..ae2f55a5 100644 --- a/src/channels.c +++ b/src/channels.c @@ -141,7 +141,7 @@ uint32_t ssh_channel_new_id(ssh_session session) { */ SSH_PACKET_CALLBACK(ssh_packet_channel_open_conf){ uint32_t channelid=0; - ssh_channel channel; + ssh_channel channel = NULL; int rc; (void)type; (void)user; @@ -202,7 +202,7 @@ error: */ SSH_PACKET_CALLBACK(ssh_packet_channel_open_fail){ - ssh_channel channel; + ssh_channel channel = NULL; char *error = NULL; uint32_t code; int rc; @@ -343,7 +343,7 @@ end: /* return channel with corresponding local id, or NULL if not found */ ssh_channel ssh_channel_from_local(ssh_session session, uint32_t id) { struct ssh_iterator *it; - ssh_channel channel; + ssh_channel channel = NULL; for (it = ssh_list_get_iterator(session->channels); it != NULL ; it=it->next) { channel = ssh_iterator_value(ssh_channel, it); @@ -423,7 +423,7 @@ error: * unknown or the packet is invalid. */ static ssh_channel channel_from_msg(ssh_session session, ssh_buffer packet) { - ssh_channel channel; + ssh_channel channel = NULL; uint32_t chan; int rc; @@ -445,7 +445,7 @@ static ssh_channel channel_from_msg(ssh_session session, ssh_buffer packet) { } SSH_PACKET_CALLBACK(channel_rcv_change_window) { - ssh_channel channel; + ssh_channel channel = NULL; uint32_t bytes; int rc; (void)user; @@ -584,7 +584,7 @@ SSH_PACKET_CALLBACK(channel_rcv_data){ } SSH_PACKET_CALLBACK(channel_rcv_eof) { - ssh_channel channel; + ssh_channel channel = NULL; (void)user; (void)type; @@ -611,8 +611,9 @@ SSH_PACKET_CALLBACK(channel_rcv_eof) { return SSH_PACKET_USED; } -SSH_PACKET_CALLBACK(channel_rcv_close) { - ssh_channel channel; +SSH_PACKET_CALLBACK(channel_rcv_close) +{ + ssh_channel channel = NULL; (void)user; (void)type; @@ -812,7 +813,7 @@ SSH_PACKET_CALLBACK(channel_rcv_request) { */ int channel_default_bufferize(ssh_channel channel, void *data, int len, int is_stderr) { - ssh_session session; + ssh_session session = NULL; if(channel == NULL) { return -1; @@ -946,7 +947,7 @@ int ssh_channel_open_auth_agent(ssh_channel channel){ */ int ssh_channel_open_forward(ssh_channel channel, const char *remotehost, int remoteport, const char *sourcehost, int localport) { - ssh_session session; + ssh_session session = NULL; ssh_buffer payload = NULL; ssh_string str = NULL; int rc = SSH_ERROR; @@ -1002,7 +1003,7 @@ error: */ void ssh_channel_free(ssh_channel channel) { - ssh_session session; + ssh_session session = NULL; if (channel == NULL) { return; @@ -1100,7 +1101,7 @@ void ssh_channel_do_free(ssh_channel channel) * @see ssh_channel_is_eof() */ int ssh_channel_send_eof(ssh_channel channel){ - ssh_session session; + ssh_session session = NULL; int rc = SSH_ERROR; int err; @@ -1153,7 +1154,7 @@ error: */ int ssh_channel_close(ssh_channel channel) { - ssh_session session; + ssh_session session = NULL; int rc = 0; if(channel == NULL) { @@ -1249,7 +1250,7 @@ static int channel_write_common(ssh_channel channel, const void *data, uint32_t len, int is_stderr) { - ssh_session session; + ssh_session session = NULL; uint32_t origlen = len; size_t effectivelen; size_t maxpacketlen; @@ -1503,7 +1504,7 @@ void ssh_channel_set_blocking(ssh_channel channel, int blocking) { * @brief handle a SSH_CHANNEL_SUCCESS packet and set the channel state. */ SSH_PACKET_CALLBACK(ssh_packet_channel_success){ - ssh_channel channel; + ssh_channel channel = NULL; (void)type; (void)user; @@ -1533,7 +1534,7 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_success){ * @brief Handle a SSH_CHANNEL_FAILURE packet and set the channel state. */ SSH_PACKET_CALLBACK(ssh_packet_channel_failure){ - ssh_channel channel; + ssh_channel channel = NULL; (void)type; (void)user; @@ -1960,7 +1961,7 @@ static ssh_channel ssh_channel_accept(ssh_session session, int channeltype, #endif ssh_message msg = NULL; ssh_channel channel = NULL; - struct ssh_iterator *iterator; + struct ssh_iterator *iterator = NULL; int t; /* @@ -2590,7 +2591,7 @@ error: */ int channel_read_buffer(ssh_channel channel, ssh_buffer buffer, uint32_t count, int is_stderr) { - ssh_session session; + ssh_session session = NULL; char buffer_tmp[8192]; int r; uint32_t total=0; @@ -2726,7 +2727,7 @@ int ssh_channel_read_timeout(ssh_channel channel, int is_stderr, int timeout_ms) { - ssh_session session; + ssh_session session = NULL; ssh_buffer stdbuf; uint32_t len; struct ssh_channel_read_termination_struct ctx; @@ -2837,7 +2838,7 @@ int ssh_channel_read_timeout(ssh_channel channel, */ int ssh_channel_read_nonblocking(ssh_channel channel, void *dest, uint32_t count, int is_stderr) { - ssh_session session; + ssh_session session = NULL; int to_read; int rc; int blocking; @@ -2940,8 +2941,8 @@ int ssh_channel_poll(ssh_channel channel, int is_stderr){ * @see ssh_channel_is_eof() */ int ssh_channel_poll_timeout(ssh_channel channel, int timeout, int is_stderr){ - ssh_session session; - ssh_buffer stdbuf; + ssh_session session = NULL; + ssh_buffer stdbuf = NULL; struct ssh_channel_read_termination_struct ctx; int rc; @@ -3042,7 +3043,7 @@ int ssh_channel_get_exit_status(ssh_channel channel) { */ static int channel_protocol_select(ssh_channel *rchans, ssh_channel *wchans, ssh_channel *echans, ssh_channel *rout, ssh_channel *wout, ssh_channel *eout) { - ssh_channel chan; + ssh_channel chan = NULL; int i; int j = 0; @@ -3121,7 +3122,7 @@ static int count_ptrs(ssh_channel *ptrs) { */ int ssh_channel_select(ssh_channel *readchans, ssh_channel *writechans, ssh_channel *exceptchans, struct timeval * timeout) { - ssh_channel *rchans, *wchans, *echans; + ssh_channel *rchans = NULL, *wchans = NULL, *echans = NULL; ssh_channel dummy = NULL; ssh_event event = NULL; int rc; @@ -3305,7 +3306,7 @@ int ssh_channel_write_stderr(ssh_channel channel, const void *data, uint32_t len */ int ssh_channel_open_reverse_forward(ssh_channel channel, const char *remotehost, int remoteport, const char *sourcehost, int localport) { - ssh_session session; + ssh_session session = NULL; ssh_buffer payload = NULL; int rc = SSH_ERROR; @@ -3368,7 +3369,7 @@ error: */ int ssh_channel_open_x11(ssh_channel channel, const char *orig_addr, int orig_port) { - ssh_session session; + ssh_session session = NULL; ssh_buffer payload = NULL; int rc = SSH_ERROR; diff --git a/src/client.c b/src/client.c index 1132c0a0..5ece34b8 100644 --- a/src/client.c +++ b/src/client.c @@ -656,7 +656,7 @@ int ssh_get_openssh_version(ssh_session session) { * @param[in] session The SSH session to use. */ void ssh_disconnect(ssh_session session) { - struct ssh_iterator *it; + struct ssh_iterator *it = NULL; int rc; if (session == NULL) { diff --git a/src/config.c b/src/config.c index 7dd3ae8c..8bf2c1a8 100644 --- a/src/config.c +++ b/src/config.c @@ -229,7 +229,7 @@ static enum ssh_config_opcode_e ssh_config_get_opcode(char *keyword) { } static void local_parse_file(ssh_session session, const char *filename, int *parsing, int seen[]) { - FILE *f; + FILE *f = NULL; char line[MAX_LINE_SIZE] = {0}; unsigned int count = 0; @@ -730,7 +730,7 @@ static int ssh_config_parse_line(ssh_session session, const char *line, int ssh_config_parse_file(ssh_session session, const char *filename) { char line[MAX_LINE_SIZE] = {0}; unsigned int count = 0; - FILE *f; + FILE *f = NULL; int parsing; int seen[SOC_END - SOC_UNSUPPORTED] = {0}; diff --git a/src/connect.c b/src/connect.c index d45be04b..a58bd4b0 100644 --- a/src/connect.c +++ b/src/connect.c @@ -355,8 +355,8 @@ socket_t ssh_connect_host_nonblocking(ssh_session session, const char *host, } if (bind_addr) { - struct addrinfo *bind_ai; - struct addrinfo *bind_itr; + struct addrinfo *bind_ai = NULL; + struct addrinfo *bind_itr = NULL; SSH_LOG(SSH_LOG_PACKET, "Resolving %s", bind_addr); diff --git a/src/connector.c b/src/connector.c index 0062785c..868ba1ec 100644 --- a/src/connector.c +++ b/src/connector.c @@ -622,8 +622,9 @@ error: return rc; } -int ssh_connector_remove_event(ssh_connector connector) { - ssh_session session; +int ssh_connector_remove_event(ssh_connector connector) +{ + ssh_session session = NULL; if (connector->in_poll != NULL) { ssh_event_remove_poll(connector->event, connector->in_poll); diff --git a/src/ecdh_crypto.c b/src/ecdh_crypto.c index 7e5f0cc7..43d7fec2 100644 --- a/src/ecdh_crypto.c +++ b/src/ecdh_crypto.c @@ -204,7 +204,7 @@ int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet){ const EC_POINT *ecdh_pubkey; bignum_CTX ctx; /* SSH host keys (rsa,dsa,ecdsa) */ - ssh_key privkey; + ssh_key privkey = NULL; ssh_string sig_blob = NULL; ssh_string pubkey_blob = NULL; int curve; diff --git a/src/ecdh_gcrypt.c b/src/ecdh_gcrypt.c index c1db7f5d..789b06b9 100644 --- a/src/ecdh_gcrypt.c +++ b/src/ecdh_gcrypt.c @@ -128,9 +128,9 @@ int ecdh_build_k(ssh_session session) #else size_t k_len = 0; enum ssh_key_exchange_e kex_type = session->next_crypto->kex_type; - ssh_string s; + ssh_string s = NULL; #endif - ssh_string pubkey_raw; + ssh_string pubkey_raw = NULL; gcry_sexp_t pubkey = NULL; ssh_string privkey = NULL; int rc = SSH_ERROR; @@ -261,12 +261,12 @@ int ecdh_build_k(ssh_session session) int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet) { gpg_error_t err; /* ECDH keys */ - ssh_string q_c_string; - ssh_string q_s_string; + ssh_string q_c_string = NULL; + ssh_string q_s_string = NULL; gcry_sexp_t param = NULL; gcry_sexp_t key = NULL; /* SSH host keys (rsa,dsa,ecdsa) */ - ssh_key privkey; + ssh_key privkey = NULL; ssh_string sig_blob = NULL; ssh_string pubkey_blob = NULL; int rc = SSH_ERROR; diff --git a/src/gcrypt_missing.c b/src/gcrypt_missing.c index 80562317..60d6181c 100644 --- a/src/gcrypt_missing.c +++ b/src/gcrypt_missing.c @@ -47,7 +47,7 @@ int ssh_gcry_dec2bn(bignum *bn, const char *data) { char *ssh_gcry_bn2dec(bignum bn) { bignum bndup, num, ten; - char *ret; + char *ret = NULL; int count, count2; int size, rsize; char decnum; diff --git a/src/getpass.c b/src/getpass.c index 99627665..dceaf4dd 100644 --- a/src/getpass.c +++ b/src/getpass.c @@ -45,7 +45,7 @@ * @return 1 on success, 0 on error. */ static int ssh_gets(const char *prompt, char *buf, size_t len, int verify) { - char *tmp; + char *tmp = NULL; char *ptr = NULL; int ok = 0; @@ -77,7 +77,7 @@ static int ssh_gets(const char *prompt, char *buf, size_t len, int verify) { } if (verify) { - char *key_string; + char *key_string = NULL; key_string = calloc(1, len); if (key_string == NULL) { diff --git a/src/gssapi.c b/src/gssapi.c index e1b37c76..8bbfc0c8 100644 --- a/src/gssapi.c +++ b/src/gssapi.c @@ -190,7 +190,7 @@ int ssh_gssapi_handle_userauth(ssh_session session, const char *user, uint32_t n gss_name_t server_name; /* local server fqdn */ OM_uint32 maj_stat, min_stat; size_t i; - char *ptr; + char *ptr = NULL; gss_OID_set supported; /* oids supported by server */ gss_OID_set both_supported; /* oids supported by both client and server */ gss_OID_set selected; /* oid selected for authentication */ @@ -313,7 +313,7 @@ int ssh_gssapi_handle_userauth(ssh_session session, const char *user, uint32_t n static char *ssh_gssapi_name_to_char(gss_name_t name){ gss_buffer_desc buffer; OM_uint32 maj_stat, min_stat; - char *ptr; + char *ptr = NULL; maj_stat = gss_display_name(&min_stat, name, &buffer, NULL); ssh_gssapi_log_error(SSH_LOG_WARNING, "converting name", @@ -327,9 +327,10 @@ static char *ssh_gssapi_name_to_char(gss_name_t name){ } -SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){ - ssh_string token; - char *hexa; +SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server) +{ + ssh_string token = NULL; + char *hexa = NULL; OM_uint32 maj_stat, min_stat; gss_buffer_desc input_token, output_token = GSS_C_EMPTY_BUFFER; gss_name_t client_name = GSS_C_NO_NAME; @@ -353,7 +354,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){ } if (ssh_callbacks_exists(session->server_callbacks, gssapi_accept_sec_ctx_function)){ - ssh_string out_token=NULL; + ssh_string out_token = NULL; rc = session->server_callbacks->gssapi_accept_sec_ctx_function(session, token, &out_token, session->server_callbacks->userdata); if (rc == SSH_ERROR){ @@ -457,7 +458,7 @@ static ssh_buffer ssh_gssapi_build_mic(ssh_session session){ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_mic) { - ssh_string mic_token; + ssh_string mic_token = NULL; OM_uint32 maj_stat, min_stat; gss_buffer_desc mic_buf = GSS_C_EMPTY_BUFFER; gss_buffer_desc mic_token_buf = GSS_C_EMPTY_BUFFER; @@ -616,7 +617,7 @@ static int ssh_gssapi_match(ssh_session session, gss_OID_set *valid_oids) gss_name_t client_id = GSS_C_NO_NAME; gss_OID oid; unsigned int i; - char *ptr; + char *ptr = NULL; int ret; if (session->gssapi->client.client_deleg_creds == NULL) { @@ -789,11 +790,11 @@ static gss_OID ssh_gssapi_oid_from_string(ssh_string oid_s){ } SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){ - ssh_string oid_s; + ssh_string oid_s = NULL; gss_uint32 maj_stat, min_stat; gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; - char *hexa; + char *hexa = NULL; (void)type; (void)user; @@ -899,9 +900,10 @@ static int ssh_gssapi_send_mic(ssh_session session){ return ssh_packet_send(session); } -SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){ - ssh_string token; - char *hexa; +SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client) +{ + ssh_string token = NULL; + char *hexa = NULL; OM_uint32 maj_stat, min_stat; gss_buffer_desc input_token, output_token = GSS_C_EMPTY_BUFFER; (void)user; diff --git a/src/kex.c b/src/kex.c index c100d908..35272b14 100644 --- a/src/kex.c +++ b/src/kex.c @@ -765,7 +765,7 @@ char *ssh_client_select_hostkeys(ssh_session session) int ssh_set_client_kex(ssh_session session) { struct ssh_kex_struct *client= &session->next_crypto->client_kex; - const char *wanted; + const char *wanted = NULL; int ok; int i; diff --git a/src/known_hosts.c b/src/known_hosts.c index 407e1de5..dddfd8a5 100644 --- a/src/known_hosts.c +++ b/src/known_hosts.c @@ -98,8 +98,8 @@ static void tokens_free(char **tokens) { static char **ssh_get_knownhost_line(FILE **file, const char *filename, const char **found_type) { char buffer[4096] = {0}; - char *ptr; - char **tokens; + char *ptr = NULL; + char **tokens = NULL; if(*file == NULL){ *file = fopen(filename,"r"); @@ -165,7 +165,7 @@ static char **ssh_get_knownhost_line(FILE **file, const char *filename, static int check_public_key(ssh_session session, char **tokens) { ssh_string pubkey_blob = NULL; ssh_buffer pubkey_buffer; - char *pubkey_64; + char *pubkey_64 = NULL; int rc; /* ssh-dss or ssh-rsa */ @@ -221,11 +221,11 @@ static int match_hashed_host(const char *host, const char *sourcehash) * hash := HMAC_SHA1(key=salt,data=host) */ unsigned char buffer[256] = {0}; - ssh_buffer salt; - ssh_buffer hash; - HMACCTX mac; - char *source; - char *b64hash; + ssh_buffer salt = NULL; + ssh_buffer hash = NULL; + HMACCTX mac = NULL; + char *source = NULL; + char *b64hash = NULL; int match; unsigned int size; @@ -308,12 +308,12 @@ static int match_hashed_host(const char *host, const char *sourcehash) int ssh_is_server_known(ssh_session session) { FILE *file = NULL; char **tokens; - char *host; - char *hostport; - const char *type; + char *host = NULL; + char *hostport = NULL; + const char *type = NULL; int match; int i=0; - char * files[3]; + char * files[3] = {0}; int ret = SSH_SERVER_NOT_KNOWN; if (session->opts.knownhosts == NULL) { @@ -445,11 +445,11 @@ int ssh_is_server_known(ssh_session session) { */ char * ssh_dump_knownhost(ssh_session session) { ssh_key server_pubkey = NULL; - char *host; - char *hostport; + char *host = NULL; + char *hostport = NULL; size_t len = 4096; - char *buffer; - char *b64_key; + char *buffer = NULL; + char *b64_key = NULL; int rc; if (session->opts.host == NULL) { @@ -513,9 +513,9 @@ char * ssh_dump_knownhost(ssh_session session) { * @brief This function is deprecated */ int ssh_write_knownhost(ssh_session session) { - FILE *file; - char *buffer; - char *dir; + FILE *file = NULL; + char *buffer = NULL; + char *dir = NULL; if (session->opts.knownhosts == NULL) { if (ssh_options_apply(session) < 0) { diff --git a/src/knownhosts.c b/src/knownhosts.c index 3ea22970..2abdb4b6 100644 --- a/src/knownhosts.c +++ b/src/knownhosts.c @@ -55,7 +55,7 @@ static int hash_hostname(const char *name, unsigned char **hash, unsigned int *hash_size) { - HMACCTX mac_ctx; + HMACCTX mac_ctx = NULL; mac_ctx = hmac_init(salt, salt_size, SSH_HMAC_SHA1); if (mac_ctx == NULL) { @@ -70,8 +70,8 @@ static int hash_hostname(const char *name, static int match_hashed_hostname(const char *host, const char *hashed_host) { - char *hashed; - char *b64_hash; + char *hashed = NULL; + char *b64_hash = NULL; ssh_buffer salt = NULL; ssh_buffer hash = NULL; unsigned char hashed_buf[256] = {0}; @@ -195,7 +195,7 @@ static int ssh_known_hosts_read_entries(const char *match, char line[8192]; size_t lineno = 0; size_t len = 0; - FILE *fp; + FILE *fp = NULL; int rc; fp = fopen(filename, "r"); @@ -253,8 +253,8 @@ error: static char *ssh_session_get_host_port(ssh_session session) { - char *host_port; - char *host; + char *host_port = NULL; + char *host = NULL; if (session->opts.host == NULL) { ssh_set_error(session, @@ -410,7 +410,7 @@ int ssh_known_hosts_parse_line(const char *hostname, { struct ssh_knownhosts_entry *e = NULL; char *known_host = NULL; - char *p; + char *p = NULL; enum ssh_keytypes_e key_type; int match = 0; int rc = SSH_OK; diff --git a/src/legacy.c b/src/legacy.c index c35ec337..b1c8e150 100644 --- a/src/legacy.c +++ b/src/legacy.c @@ -48,7 +48,7 @@ int ssh_auth_list(ssh_session session) { int ssh_userauth_offer_pubkey(ssh_session session, const char *username, int type, ssh_string publickey) { - ssh_key key; + ssh_key key = NULL; int rc; (void) type; /* unused */ @@ -70,7 +70,7 @@ int ssh_userauth_pubkey(ssh_session session, ssh_string publickey, ssh_private_key privatekey) { - ssh_key key; + ssh_key key = NULL; int rc; (void) publickey; /* unused */ @@ -373,10 +373,11 @@ void publickey_free(ssh_public_key key) { SAFE_FREE(key); } -ssh_public_key publickey_from_privatekey(ssh_private_key prv) { - struct ssh_public_key_struct *p; - ssh_key privkey; - ssh_key pubkey; +ssh_public_key publickey_from_privatekey(ssh_private_key prv) +{ + struct ssh_public_key_struct *p = NULL; + ssh_key privkey = NULL; + ssh_key pubkey = NULL; int rc; privkey = ssh_key_new(); @@ -410,8 +411,8 @@ ssh_private_key privatekey_from_file(ssh_session session, const char *passphrase) { ssh_auth_callback auth_fn = NULL; void *auth_data = NULL; - ssh_private_key privkey; - ssh_key key; + ssh_private_key privkey = NULL; + ssh_key key = NULL; int rc; (void) type; /* unused */ @@ -476,7 +477,7 @@ void privatekey_free(ssh_private_key prv) { ssh_string publickey_from_file(ssh_session session, const char *filename, int *type) { - ssh_key key; + ssh_key key = NULL; ssh_string key_str = NULL; int rc; @@ -509,9 +510,10 @@ int ssh_type_from_name(const char *name) { return ssh_key_type_from_name(name); } -ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s) { - struct ssh_public_key_struct *pubkey; - ssh_key key; +ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s) +{ + struct ssh_public_key_struct *pubkey = NULL; + ssh_key key = NULL; int rc; (void) session; /* unused */ @@ -540,9 +542,10 @@ ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s) { return pubkey; } -ssh_string publickey_to_string(ssh_public_key pubkey) { - ssh_key key; - ssh_string key_blob; +ssh_string publickey_to_string(ssh_public_key pubkey) +{ + ssh_key key = NULL; + ssh_string key_blob = NULL; int rc; key = ssh_key_new(); @@ -573,11 +576,11 @@ int ssh_publickey_to_file(ssh_session session, ssh_string pubkey, int type) { - FILE *fp; - char *user; + FILE *fp = NULL; + char *user = NULL; char buffer[1024]; char host[256]; - unsigned char *pubkey_64; + unsigned char *pubkey_64 = NULL; size_t len; int rc; if(session==NULL) @@ -640,9 +643,9 @@ int ssh_try_publickey_from_file(ssh_session session, const char *keyfile, ssh_string *publickey, int *type) { - char *pubkey_file; + char *pubkey_file = NULL; size_t len; - ssh_string pubkey_string; + ssh_string pubkey_string = NULL; int pubkey_type; if (session == NULL || keyfile == NULL || publickey == NULL || type == NULL) { diff --git a/src/log.c b/src/log.c index a8664b16..b26ed8be 100644 --- a/src/log.c +++ b/src/log.c @@ -40,7 +40,7 @@ static LIBSSH_THREAD int ssh_log_level; static LIBSSH_THREAD ssh_logging_callback ssh_log_cb; -static LIBSSH_THREAD void *ssh_log_userdata; +static LIBSSH_THREAD void *ssh_log_userdata = NULL; /** * @defgroup libssh_log The SSH logging functions. diff --git a/src/messages.c b/src/messages.c index 400b8e9b..a0e185bb 100644 --- a/src/messages.c +++ b/src/messages.c @@ -452,7 +452,7 @@ void ssh_message_queue(ssh_session session, ssh_message message){ */ ssh_message ssh_message_pop_head(ssh_session session){ ssh_message msg=NULL; - struct ssh_iterator *i; + struct ssh_iterator *i = NULL; if(session->ssh_message_list == NULL) return NULL; i=ssh_list_get_iterator(session->ssh_message_list); @@ -466,7 +466,7 @@ ssh_message ssh_message_pop_head(ssh_session session){ /* Returns 1 if there is a message available */ static int ssh_message_termination(void *s){ ssh_session session = s; - struct ssh_iterator *it; + struct ssh_iterator *it = NULL; if(session->session_state == SSH_SESSION_STATE_ERROR) return 1; it = ssh_list_get_iterator(session->ssh_message_list); @@ -658,7 +658,7 @@ static ssh_buffer ssh_msg_userauth_build_digest(ssh_session session, struct ssh_crypto_struct *crypto = session->current_crypto ? session->current_crypto : session->next_crypto; - ssh_buffer buffer; + ssh_buffer buffer = NULL; ssh_string str=NULL; int rc; @@ -867,9 +867,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){ #ifdef WITH_GSSAPI if (strcmp(method, "gssapi-with-mic") == 0) { uint32_t n_oid; - ssh_string *oids; - ssh_string oid; - char *hexa; + ssh_string *oids = NULL; + ssh_string oid = NULL; + char *hexa = NULL; int i; ssh_buffer_get_u32(packet, &n_oid); n_oid=ntohl(n_oid); @@ -953,7 +953,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){ uint32_t nanswers; uint32_t i; - ssh_string tmp; + ssh_string tmp = NULL; int rc; ssh_message msg = NULL; @@ -1175,7 +1175,7 @@ end: } int ssh_message_channel_request_open_reply_accept_channel(ssh_message msg, ssh_channel chan) { - ssh_session session; + ssh_session session = NULL; int rc; if (msg == NULL) { @@ -1216,7 +1216,7 @@ int ssh_message_channel_request_open_reply_accept_channel(ssh_message msg, ssh_c ssh_channel ssh_message_channel_request_open_reply_accept(ssh_message msg) { - ssh_channel chan; + ssh_channel chan = NULL; int rc; if (msg == NULL) { diff --git a/src/misc.c b/src/misc.c index 9842b7f4..3601ffb5 100644 --- a/src/misc.c +++ b/src/misc.c @@ -334,7 +334,7 @@ int ssh_is_ipaddr(const char *str) { #endif /* _WIN32 */ char *ssh_lowercase(const char* str) { - char *new, *p; + char *new = NULL, *p = NULL; if (str == NULL) { return NULL; @@ -407,7 +407,7 @@ struct ssh_list *ssh_list_new(void) { } void ssh_list_free(struct ssh_list *list){ - struct ssh_iterator *ptr,*next; + struct ssh_iterator *ptr = NULL, *next = NULL; if(!list) return; ptr=list->root; @@ -426,7 +426,7 @@ struct ssh_iterator *ssh_list_get_iterator(const struct ssh_list *list){ } struct ssh_iterator *ssh_list_find(const struct ssh_list *list, void *value){ - struct ssh_iterator *it; + struct ssh_iterator *it = NULL; for(it = ssh_list_get_iterator(list); it != NULL ;it=it->next) if(it->data==value) return it; @@ -496,7 +496,7 @@ int ssh_list_prepend(struct ssh_list *list, const void *data){ } void ssh_list_remove(struct ssh_list *list, struct ssh_iterator *iterator){ - struct ssh_iterator *ptr,*prev; + struct ssh_iterator *ptr = NULL, *prev = NULL; prev=NULL; ptr=list->root; while(ptr && ptr != iterator){ @@ -616,7 +616,7 @@ char *ssh_dirname (const char *path) { */ char *ssh_basename (const char *path) { char *new = NULL; - const char *s; + const char *s = NULL; size_t len; if (path == NULL || *path == '\0') { @@ -685,8 +685,8 @@ int ssh_mkdir(const char *pathname, mode_t mode) { * @return The expanded directory, NULL on error. */ char *ssh_path_expand_tilde(const char *d) { - char *h = NULL, *r; - const char *p; + char *h = NULL, *r = NULL; + const char *p = NULL; size_t ld; size_t lh = 0; @@ -701,7 +701,7 @@ char *ssh_path_expand_tilde(const char *d) { #ifdef _WIN32 return strdup(d); #else - struct passwd *pw; + struct passwd *pw = NULL; size_t s = p - d; char u[128]; @@ -757,7 +757,7 @@ char *ssh_path_expand_escape(ssh_session session, const char *s) { char host[NI_MAXHOST]; char buf[MAX_BUF_SIZE]; char *r, *x = NULL; - const char *p; + const char *p = NULL; size_t i, l; r = ssh_path_expand_tilde(s); @@ -867,8 +867,8 @@ char *ssh_path_expand_escape(ssh_session session, const char *s) { */ int ssh_analyze_banner(ssh_session session, int server) { - const char *banner; - const char *openssh; + const char *banner = NULL; + const char *openssh = NULL; if (server) { banner = session->clientbanner; diff --git a/src/options.c b/src/options.c index 5f9d3c26..6d0f111a 100644 --- a/src/options.c +++ b/src/options.c @@ -63,7 +63,7 @@ * @see ssh_session_connect() */ int ssh_options_copy(ssh_session src, ssh_session *dest) { - ssh_session new; + ssh_session new = NULL; int i; if (src == NULL || dest == NULL) { @@ -399,8 +399,8 @@ int ssh_options_set_algo(ssh_session session, */ int ssh_options_set(ssh_session session, enum ssh_options_e type, const void *value) { - const char *v; - char *p, *q; + const char *v = NULL; + char *p = NULL, *q = NULL; long int i; unsigned int u; int rc; @@ -987,7 +987,7 @@ int ssh_options_get_port(ssh_session session, unsigned int* port_target) { */ int ssh_options_get(ssh_session session, enum ssh_options_e type, char** value) { - char* src = NULL; + char *src = NULL; if (session == NULL) { return SSH_ERROR; @@ -1248,7 +1248,7 @@ int ssh_options_getopt(ssh_session session, int *argcptr, char **argv) * @see ssh_options_set_host() */ int ssh_options_parse_config(ssh_session session, const char *filename) { - char *expanded_filename; + char *expanded_filename = NULL; int r; if (session == NULL) { @@ -1292,7 +1292,7 @@ out: int ssh_options_apply(ssh_session session) { struct ssh_iterator *it; - char *tmp; + char *tmp = NULL; int rc; if (session->opts.sshdir == NULL) { diff --git a/src/packet.c b/src/packet.c index 8025a7ff..aa0535e9 100644 --- a/src/packet.c +++ b/src/packet.c @@ -1218,8 +1218,8 @@ error: static void ssh_packet_socket_controlflow_callback(int code, void *userdata) { ssh_session session = userdata; - struct ssh_iterator *it; - ssh_channel channel; + struct ssh_iterator *it = NULL; + ssh_channel channel = NULL; if (code == SSH_SOCKET_FLOW_WRITEWONTBLOCK) { SSH_LOG(SSH_LOG_TRACE, "sending channel_write_wontblock callback"); diff --git a/src/packet_crypt.c b/src/packet_crypt.c index ba1d4af9..63eb6443 100644 --- a/src/packet_crypt.c +++ b/src/packet_crypt.c @@ -205,7 +205,7 @@ int ssh_packet_hmac_verify(ssh_session session, enum ssh_hmac_e type) { unsigned char hmacbuf[DIGEST_MAX_LEN] = {0}; - HMACCTX ctx; + HMACCTX ctx = NULL; unsigned int len; uint32_t seq; diff --git a/src/pki.c b/src/pki.c index 620ac1dd..4c4380ee 100644 --- a/src/pki.c +++ b/src/pki.c @@ -283,7 +283,7 @@ static enum ssh_digest_e ssh_key_hash_from_name(const char *name) */ int ssh_key_algorithm_allowed(ssh_session session, const char *type) { - const char *allowed_list; + const char *allowed_list = NULL; allowed_list = session->opts.pubkey_accepted_types; if (allowed_list == NULL) { @@ -480,7 +480,7 @@ int ssh_key_cmp(const ssh_key k1, ssh_signature ssh_signature_new(void) { - struct ssh_signature_struct *sig; + struct ssh_signature_struct *sig = NULL; sig = malloc(sizeof(struct ssh_signature_struct)); if (sig == NULL) { @@ -561,7 +561,7 @@ int ssh_pki_import_privkey_base64(const char *b64_key, void *auth_data, ssh_key *pkey) { - ssh_key key; + ssh_key key = NULL; int cmp; if (b64_key == NULL || pkey == NULL) { @@ -681,8 +681,8 @@ int ssh_pki_import_privkey_file(const char *filename, void *auth_data, ssh_key *pkey) { struct stat sb; - char *key_buf; - FILE *file; + char *key_buf = NULL; + FILE *file = NULL; off_t size; int rc; @@ -820,8 +820,8 @@ int ssh_pki_export_privkey_file(const ssh_key privkey, /* temporary function to migrate seemlessly to ssh_key */ ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key) { - ssh_public_key pub; - ssh_key tmp; + ssh_public_key pub = NULL; + ssh_key tmp = NULL; if(key == NULL) { return NULL; @@ -853,7 +853,7 @@ ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key) { } ssh_private_key ssh_pki_convert_key_to_privatekey(const ssh_key key) { - ssh_private_key privkey; + ssh_private_key privkey = NULL; privkey = malloc(sizeof(struct ssh_private_key_struct)); if (privkey == NULL) { @@ -1190,9 +1190,9 @@ fail: static int pki_import_cert_buffer(ssh_buffer buffer, enum ssh_keytypes_e type, ssh_key *pkey) { - ssh_buffer cert; - ssh_string type_s; - ssh_key key; + ssh_buffer cert = NULL; + ssh_string type_s = NULL; + ssh_key key = NULL; int rc; key = ssh_key_new(); @@ -1615,7 +1615,7 @@ error: int ssh_pki_export_privkey_to_pubkey(const ssh_key privkey, ssh_key *pkey) { - ssh_key pubkey; + ssh_key pubkey = NULL; if (privkey == NULL || !ssh_key_is_private(privkey)) { return SSH_ERROR; @@ -1653,7 +1653,7 @@ int ssh_pki_export_privkey_to_pubkey(const ssh_key privkey, int ssh_pki_export_pubkey_blob(const ssh_key key, ssh_string *pblob) { - ssh_string blob; + ssh_string blob = NULL; if (key == NULL) { return SSH_OK; @@ -1683,8 +1683,8 @@ int ssh_pki_export_pubkey_blob(const ssh_key key, int ssh_pki_export_pubkey_base64(const ssh_key key, char **b64_key) { - ssh_string key_blob; - unsigned char *b64; + ssh_string key_blob = NULL; + unsigned char *b64 = NULL; if (key == NULL || b64_key == NULL) { return SSH_ERROR; @@ -1711,9 +1711,9 @@ int ssh_pki_export_pubkey_file(const ssh_key key, { char key_buf[4096]; char host[256]; - char *b64_key; - char *user; - FILE *fp; + char *b64_key = NULL; + char *user = NULL; + FILE *fp = NULL; int rc; if (key == NULL || filename == NULL || *filename == '\0') { @@ -1774,7 +1774,7 @@ int ssh_pki_export_pubkey_file(const ssh_key key, * @returns SSH_OK on success, SSH_ERROR otherwise. **/ int ssh_pki_copy_cert_to_privkey(const ssh_key certkey, ssh_key privkey) { - ssh_buffer cert_buffer; + ssh_buffer cert_buffer = NULL; int rc; if (certkey == NULL || privkey == NULL) { @@ -1809,7 +1809,7 @@ int ssh_pki_export_signature_blob(const ssh_signature sig, ssh_string *sig_blob) { ssh_buffer buf = NULL; - ssh_string str; + ssh_string str = NULL; int rc; if (sig == NULL || sig_blob == NULL) { @@ -1869,7 +1869,7 @@ int ssh_pki_import_signature_blob(const ssh_string sig_blob, enum ssh_keytypes_e type; enum ssh_digest_e hash_type; ssh_string algorithm = NULL, blob = NULL; - ssh_buffer buf; + ssh_buffer buf = NULL; const char *alg = NULL; int rc; @@ -2143,9 +2143,9 @@ ssh_string ssh_pki_do_sign_agent(ssh_session session, struct ssh_buffer_struct *buf, const ssh_key pubkey) { struct ssh_crypto_struct *crypto; - ssh_string session_id; - ssh_string sig_blob; - ssh_buffer sig_buf; + ssh_string session_id = NULL; + ssh_string sig_blob = NULL; + ssh_buffer sig_buf = NULL; int rc; if (session->current_crypto) { diff --git a/src/pki_container_openssh.c b/src/pki_container_openssh.c index 3ef54f83..6e473899 100644 --- a/src/pki_container_openssh.c +++ b/src/pki_container_openssh.c @@ -234,12 +234,12 @@ ssh_pki_openssh_import(const char *text_key, bool private) { const char *ptr=text_key; - const char *end; - char *base64; + const char *end = NULL; + char *base64 = NULL; int cmp; int rc; int i; - ssh_buffer buffer = NULL, privkey_buffer=NULL; + ssh_buffer buffer = NULL, privkey_buffer = NULL; char *magic = NULL, *ciphername = NULL, *kdfname = NULL; uint32_t nkeys = 0, checkint1 = 0, checkint2 = 0xFFFF; ssh_string kdfoptions = NULL; @@ -535,14 +535,14 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey, { ssh_buffer buffer; ssh_string str = NULL; - ssh_string pubkey_s=NULL; + ssh_string pubkey_s = NULL; ssh_buffer privkey_buffer = NULL; uint32_t rnd; uint32_t rounds = 16; - ssh_string salt=NULL; - ssh_string kdf_options=NULL; + ssh_string salt = NULL; + ssh_string kdf_options = NULL; int to_encrypt=0; - unsigned char *b64; + unsigned char *b64 = NULL; uint32_t str_len, len; uint8_t padding = 1; int ok; diff --git a/src/pki_ed25519.c b/src/pki_ed25519.c index 981a74b6..c9f07386 100644 --- a/src/pki_ed25519.c +++ b/src/pki_ed25519.c @@ -84,7 +84,7 @@ int pki_ed25519_sign(const ssh_key privkey, size_t hlen) { int rc; - uint8_t *buffer; + uint8_t *buffer = NULL; unsigned long long dlen = 0; buffer = malloc(hlen + ED25519_SIG_LEN); @@ -126,8 +126,8 @@ int pki_ed25519_verify(const ssh_key pubkey, size_t hlen) { unsigned long long mlen = 0; - uint8_t *buffer; - uint8_t *buffer2; + uint8_t *buffer = NULL; + uint8_t *buffer2 = NULL; int rc; if (pubkey == NULL || sig == NULL || diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c index cf9ac781..6c1cb537 100644 --- a/src/pki_gcrypt.c +++ b/src/pki_gcrypt.c @@ -152,7 +152,7 @@ static ssh_string asn1_get_int(ssh_buffer buffer) { static ssh_string asn1_get_bit_string(ssh_buffer buffer) { - ssh_string str; + ssh_string str = NULL; unsigned char type; uint32_t size; unsigned char unused, last, *p; diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c index 57a4ffae..abf36f4e 100644 --- a/src/pki_mbedcrypto.c +++ b/src/pki_mbedcrypto.c @@ -774,9 +774,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig) sig_blob = ssh_string_copy(sig->rsa_sig); break; case SSH_KEYTYPE_ECDSA: { - ssh_string r; - ssh_string s; - ssh_buffer b; + ssh_string r = NULL; + ssh_string s = NULL; + ssh_buffer b = NULL; int rc; b = ssh_buffer_new(); @@ -923,9 +923,9 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, sig->type_c = ssh_key_signature_to_char(type, hash_type); break; case SSH_KEYTYPE_ECDSA: { - ssh_buffer b; - ssh_string r; - ssh_string s; + ssh_buffer b = NULL; + ssh_string r = NULL; + ssh_string s = NULL; size_t rlen; b = ssh_buffer_new(); diff --git a/src/poll.c b/src/poll.c index 0ee8db20..cbeff3df 100644 --- a/src/poll.c +++ b/src/poll.c @@ -468,8 +468,8 @@ void ssh_poll_ctx_free(ssh_poll_ctx ctx) { } static int ssh_poll_ctx_resize(ssh_poll_ctx ctx, size_t new_size) { - ssh_poll_handle *pollptrs; - ssh_pollfd_t *pollfds; + ssh_poll_handle *pollptrs = NULL; + ssh_pollfd_t *pollfds = NULL; pollptrs = realloc(ctx->pollptrs, sizeof(ssh_poll_handle) * new_size); if (pollptrs == NULL) { @@ -741,7 +741,7 @@ static int ssh_event_fd_wrapper_callback(ssh_poll_handle p, socket_t fd, int rev int ssh_event_add_fd(ssh_event event, socket_t fd, short events, ssh_event_callback cb, void *userdata) { ssh_poll_handle p; - struct ssh_event_fd_wrapper *pw; + struct ssh_event_fd_wrapper *pw = NULL; if(event == NULL || event->ctx == NULL || cb == NULL || fd == SSH_INVALID_SOCKET) { @@ -810,7 +810,7 @@ void ssh_event_remove_poll(ssh_event event, ssh_poll_handle p) int ssh_event_add_session(ssh_event event, ssh_session session) { ssh_poll_handle p; #ifdef WITH_SERVER - struct ssh_iterator *iterator; + struct ssh_iterator *iterator = NULL; #endif if(event == NULL || event->ctx == NULL || session == NULL) { diff --git a/src/server.c b/src/server.c index f3d24a7b..90677441 100644 --- a/src/server.c +++ b/src/server.c @@ -85,7 +85,7 @@ static int dh_handshake_server(ssh_session session); static int server_set_kex(ssh_session session) { struct ssh_kex_struct *server = &session->next_crypto->server_kex; int i, j, rc; - const char *wanted; + const char *wanted = NULL; char hostkeys[128] = {0}; enum ssh_keytypes_e keytype; size_t len; @@ -204,9 +204,10 @@ static int ssh_server_kexdh_init(ssh_session session, ssh_buffer packet){ return SSH_OK; } -static int ssh_server_send_extensions(ssh_session session) { +static int ssh_server_send_extensions(ssh_session session) +{ int rc; - const char *hostkey_algorithms; + const char *hostkey_algorithms = NULL; SSH_LOG(SSH_LOG_PACKET, "Sending SSH_MSG_EXT_INFO"); /* @@ -289,8 +290,8 @@ error: } int ssh_get_key_params(ssh_session session, ssh_key *privkey){ - ssh_key pubkey; - ssh_string pubkey_blob; + ssh_key pubkey = NULL; + ssh_string pubkey_blob = NULL; int rc; switch(session->srv.hostkey) { @@ -780,8 +781,9 @@ static int ssh_message_service_request_reply_default(ssh_message msg) { return ssh_message_service_reply_success(msg); } -int ssh_message_service_reply_success(ssh_message msg) { - ssh_session session; +int ssh_message_service_reply_success(ssh_message msg) +{ + ssh_session session = NULL; int rc; if (msg == NULL) { @@ -1111,7 +1113,7 @@ int ssh_message_auth_reply_pk_ok(ssh_message msg, ssh_string algo, ssh_string pu } int ssh_message_auth_reply_pk_ok_simple(ssh_message msg) { - ssh_string algo; + ssh_string algo = NULL; ssh_string pubkey_blob = NULL; int ret; diff --git a/src/session.c b/src/session.c index 3953fe76..daa30fe2 100644 --- a/src/session.c +++ b/src/session.c @@ -56,7 +56,7 @@ * @returns A new ssh_session pointer, NULL on error. */ ssh_session ssh_new(void) { - ssh_session session; + ssh_session session = NULL; char *id = NULL; int rc; @@ -252,7 +252,7 @@ void ssh_free(ssh_session session) { /* options */ if (session->opts.identity) { - char *id; + char *id = NULL; for (id = ssh_list_pop_head(char *, session->opts.identity); id != NULL; diff --git a/src/sftpserver.c b/src/sftpserver.c index dee51534..4a15d032 100644 --- a/src/sftpserver.c +++ b/src/sftpserver.c @@ -291,8 +291,8 @@ void sftp_client_message_free(sftp_client_message msg) { int sftp_reply_name(sftp_client_message msg, const char *name, sftp_attributes attr) { - ssh_buffer out; - ssh_string file; + ssh_buffer out = NULL; + ssh_string file = NULL; out = ssh_buffer_new(); if (out == NULL) { @@ -361,7 +361,7 @@ int sftp_reply_attr(sftp_client_message msg, sftp_attributes attr) { int sftp_reply_names_add(sftp_client_message msg, const char *file, const char *longname, sftp_attributes attr) { - ssh_string name; + ssh_string name = NULL; name = ssh_string_from_char(file); if (name == NULL) { @@ -427,8 +427,8 @@ int sftp_reply_names(sftp_client_message msg) { int sftp_reply_status(sftp_client_message msg, uint32_t status, const char *message) { - ssh_buffer out; - ssh_string s; + ssh_buffer out = NULL; + ssh_string s = NULL; out = ssh_buffer_new(); if (out == NULL) { @@ -484,7 +484,7 @@ int sftp_reply_data(sftp_client_message msg, const void *data, int len) { * valid info (or worse). */ ssh_string sftp_handle_alloc(sftp_session sftp, void *info) { - ssh_string ret; + ssh_string ret = NULL; uint32_t val; int i; diff --git a/src/string.c b/src/string.c index acd3cf48..3e044374 100644 --- a/src/string.c +++ b/src/string.c @@ -106,7 +106,7 @@ int ssh_string_fill(struct ssh_string_struct *s, const void *data, size_t len) { * @note The nul byte is not copied nor counted in the ouput string. */ struct ssh_string_struct *ssh_string_from_char(const char *what) { - struct ssh_string_struct *ptr; + struct ssh_string_struct *ptr = NULL; size_t len; if(what == NULL) { @@ -180,7 +180,7 @@ const char *ssh_string_get_char(struct ssh_string_struct *s) */ char *ssh_string_to_char(struct ssh_string_struct *s) { size_t len; - char *new; + char *new = NULL; if (s == NULL) { return NULL; @@ -219,7 +219,7 @@ void ssh_string_free_char(char *s) { * @return Newly allocated copy of the string, NULL on error. */ struct ssh_string_struct *ssh_string_copy(struct ssh_string_struct *s) { - struct ssh_string_struct *new; + struct ssh_string_struct *new = NULL; size_t len; if (s == NULL) { diff --git a/src/threads/winlocks.c b/src/threads/winlocks.c index a1799531..c1bf1011 100644 --- a/src/threads/winlocks.c +++ b/src/threads/winlocks.c @@ -81,7 +81,7 @@ static struct ssh_threads_callbacks_struct ssh_threads_winlock = void ssh_mutex_lock(SSH_MUTEX *mutex) { - void *rc; + void *rc = NULL; CRITICAL_SECTION *mutex_tmp = NULL; diff --git a/src/wrapper.c b/src/wrapper.c index e580e1cc..6e15d54e 100644 --- a/src/wrapper.c +++ b/src/wrapper.c @@ -133,7 +133,7 @@ static void cipher_free(struct ssh_cipher_struct *cipher) { } struct ssh_crypto_struct *crypto_new(void) { - struct ssh_crypto_struct *crypto; + struct ssh_crypto_struct *crypto = NULL; crypto = malloc(sizeof(struct ssh_crypto_struct)); if (crypto == NULL) { -- 2.35.5