Fixed findings

List of Findings

Error: COMPILER_WARNING (CWE-477): [#def1]
neon-0.36.0/src/ne_ntlm.c: scope_hint: In function 'setup_des_key'
neon-0.36.0/src/ne_ntlm.c:262:3: warning[-Wdeprecated-declarations]: 'DES_set_odd_parity' is deprecated: Since OpenSSL 3.0
#  262 |   DES_set_odd_parity(&key);
#      |   ^~~~~~~~~~~~~~~~~~
neon-0.36.0/src/ne_ntlm.c:171: included_from: Included from here.
/usr/include/openssl/des.h:176:28: note: declared here
#  176 | OSSL_DEPRECATEDIN_3_0 void DES_set_odd_parity(DES_cblock *key);
#      |                            ^~~~~~~~~~~~~~~~~~
#  260|     key[7] =  (key_56[6] << 1) & 0xFF;
#  261|   
#  262|->   DES_set_odd_parity(&key);
#  263|     DES_set_key(&key, ks);
#  264|   }

Error: COMPILER_WARNING (CWE-477): [#def2]
neon-0.36.0/src/ne_ntlm.c:262:3: warning[-Wdeprecated-declarations]: 'DES_set_odd_parity' is deprecated: Since OpenSSL 3.0
#  260|     key[7] =  (key_56[6] << 1) & 0xFF;
#  261|   
#  262|->   DES_set_odd_parity(&key);
#  263|     DES_set_key(&key, ks);
#  264|   }

Error: COMPILER_WARNING (CWE-477): [#def3]
neon-0.36.0/src/ne_ntlm.c:263:3: warning[-Wdeprecated-declarations]: 'DES_set_key' is deprecated: Since OpenSSL 3.0
#  263 |   DES_set_key(&key, ks);
#      |   ^~~~~~~~~~~
/usr/include/openssl/des.h:186:5: note: declared here
#  186 | int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
#      |     ^~~~~~~~~~~
#  261|   
#  262|     DES_set_odd_parity(&key);
#  263|->   DES_set_key(&key, ks);
#  264|   }
#  265|   

Error: COMPILER_WARNING (CWE-477): [#def4]
neon-0.36.0/src/ne_ntlm.c:263:3: warning[-Wdeprecated-declarations]: 'DES_set_key' is deprecated: Since OpenSSL 3.0
#  261|   
#  262|     DES_set_odd_parity(&key);
#  263|->   DES_set_key(&key, ks);
#  264|   }
#  265|   

Error: CPPCHECK_WARNING (CWE-457): [#def5]
neon-0.36.0/src/ne_ntlm.c:277: error[uninitvar]: Uninitialized variable: ks
#  275|     DES_key_schedule ks;
#  276|   
#  277|->   setup_des_key(keys, DESKEY(ks));
#  278|     DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results,
#  279|                     DESKEY(ks), DES_ENCRYPT);

Error: COMPILER_WARNING (CWE-477): [#def6]
neon-0.36.0/src/ne_ntlm.c: scope_hint: In function 'calc_resp'
neon-0.36.0/src/ne_ntlm.c:278:3: warning[-Wdeprecated-declarations]: 'DES_ecb_encrypt' is deprecated: Since OpenSSL 3.0
#  278 |   DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results,
#      |   ^~~~~~~~~~~~~~~
/usr/include/openssl/des.h:105:6: note: declared here
#  105 | void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
#      |      ^~~~~~~~~~~~~~~
#  276|   
#  277|     setup_des_key(keys, DESKEY(ks));
#  278|->   DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results,
#  279|                     DESKEY(ks), DES_ENCRYPT);
#  280|   

Error: COMPILER_WARNING (CWE-477): [#def7]
neon-0.36.0/src/ne_ntlm.c:278:3: warning[-Wdeprecated-declarations]: 'DES_ecb_encrypt' is deprecated: Since OpenSSL 3.0
#  276|   
#  277|     setup_des_key(keys, DESKEY(ks));
#  278|->   DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results,
#  279|                     DESKEY(ks), DES_ENCRYPT);
#  280|   

Error: COMPILER_WARNING (CWE-477): [#def8]
neon-0.36.0/src/ne_ntlm.c:282:3: warning[-Wdeprecated-declarations]: 'DES_ecb_encrypt' is deprecated: Since OpenSSL 3.0
#  282 |   DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+8),
#      |   ^~~~~~~~~~~~~~~
/usr/include/openssl/des.h:105:6: note: declared here
#  105 | void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
#      |      ^~~~~~~~~~~~~~~
#  280|   
#  281|     setup_des_key(keys+7, DESKEY(ks));
#  282|->   DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+8),
#  283|                     DESKEY(ks), DES_ENCRYPT);
#  284|   

Error: COMPILER_WARNING (CWE-477): [#def9]
neon-0.36.0/src/ne_ntlm.c:282:3: warning[-Wdeprecated-declarations]: 'DES_ecb_encrypt' is deprecated: Since OpenSSL 3.0
#  280|   
#  281|     setup_des_key(keys+7, DESKEY(ks));
#  282|->   DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+8),
#  283|                     DESKEY(ks), DES_ENCRYPT);
#  284|   

Error: COMPILER_WARNING (CWE-477): [#def10]
neon-0.36.0/src/ne_ntlm.c:286:3: warning[-Wdeprecated-declarations]: 'DES_ecb_encrypt' is deprecated: Since OpenSSL 3.0
#  286 |   DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+16),
#      |   ^~~~~~~~~~~~~~~
/usr/include/openssl/des.h:105:6: note: declared here
#  105 | void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
#      |      ^~~~~~~~~~~~~~~
#  284|   
#  285|     setup_des_key(keys+14, DESKEY(ks));
#  286|->   DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+16),
#  287|                     DESKEY(ks), DES_ENCRYPT);
#  288|   }

Error: COMPILER_WARNING (CWE-477): [#def11]
neon-0.36.0/src/ne_ntlm.c:286:3: warning[-Wdeprecated-declarations]: 'DES_ecb_encrypt' is deprecated: Since OpenSSL 3.0
#  284|   
#  285|     setup_des_key(keys+14, DESKEY(ks));
#  286|->   DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+16),
#  287|                     DESKEY(ks), DES_ENCRYPT);
#  288|   }

Error: CPPCHECK_WARNING (CWE-457): [#def12]
neon-0.36.0/src/ne_ntlm.c:330: error[uninitvar]: Uninitialized variable: ks
#  328|       DES_key_schedule ks;
#  329|   
#  330|->     setup_des_key(pw, DESKEY(ks));
#  331|       DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer,
#  332|                       DESKEY(ks), DES_ENCRYPT);

Error: COMPILER_WARNING (CWE-477): [#def13]
neon-0.36.0/src/ne_ntlm.c: scope_hint: In function 'mkhash'
neon-0.36.0/src/ne_ntlm.c:331:5: warning[-Wdeprecated-declarations]: 'DES_ecb_encrypt' is deprecated: Since OpenSSL 3.0
#  331 |     DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer,
#      |     ^~~~~~~~~~~~~~~
/usr/include/openssl/des.h:105:6: note: declared here
#  105 | void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
#      |      ^~~~~~~~~~~~~~~
#  329|   
#  330|       setup_des_key(pw, DESKEY(ks));
#  331|->     DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer,
#  332|                       DESKEY(ks), DES_ENCRYPT);
#  333|     

Error: COMPILER_WARNING (CWE-477): [#def14]
neon-0.36.0/src/ne_ntlm.c:331:5: warning[-Wdeprecated-declarations]: 'DES_ecb_encrypt' is deprecated: Since OpenSSL 3.0
#  329|   
#  330|       setup_des_key(pw, DESKEY(ks));
#  331|->     DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer,
#  332|                       DESKEY(ks), DES_ENCRYPT);
#  333|     

Error: COMPILER_WARNING (CWE-477): [#def15]
neon-0.36.0/src/ne_ntlm.c:335:5: warning[-Wdeprecated-declarations]: 'DES_ecb_encrypt' is deprecated: Since OpenSSL 3.0
#  335 |     DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer+8),
#      |     ^~~~~~~~~~~~~~~
/usr/include/openssl/des.h:105:6: note: declared here
#  105 | void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
#      |      ^~~~~~~~~~~~~~~
#  333|     
#  334|       setup_des_key(pw+7, DESKEY(ks));
#  335|->     DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer+8),
#  336|                       DESKEY(ks), DES_ENCRYPT);
#  337|   

Error: COMPILER_WARNING (CWE-477): [#def16]
neon-0.36.0/src/ne_ntlm.c:335:5: warning[-Wdeprecated-declarations]: 'DES_ecb_encrypt' is deprecated: Since OpenSSL 3.0
#  333|     
#  334|       setup_des_key(pw+7, DESKEY(ks));
#  335|->     DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer+8),
#  336|                       DESKEY(ks), DES_ENCRYPT);
#  337|   

Error: COMPILER_WARNING (CWE-477): [#def17]
neon-0.36.0/src/ne_ntlm.c:355:5: warning[-Wdeprecated-declarations]: 'MD4_Init' is deprecated: Since OpenSSL 3.0
#  355 |     MD4_Init(&md4);
#      |     ^~~~~~~~
neon-0.36.0/src/ne_ntlm.c:172: included_from: Included from here.
/usr/include/openssl/md4.h:50:27: note: declared here
#   50 | OSSL_DEPRECATEDIN_3_0 int MD4_Init(MD4_CTX *c);
#      |                           ^~~~~~~~
#  353|       }
#  354|   
#  355|->     MD4_Init(&md4);
#  356|       MD4_Update(&md4, pw, 2*len);
#  357|       MD4_Final(ntbuffer, &md4);

Error: COMPILER_WARNING (CWE-477): [#def18]
neon-0.36.0/src/ne_ntlm.c:355:5: warning[-Wdeprecated-declarations]: 'MD4_Init' is deprecated: Since OpenSSL 3.0
#  353|       }
#  354|   
#  355|->     MD4_Init(&md4);
#  356|       MD4_Update(&md4, pw, 2*len);
#  357|       MD4_Final(ntbuffer, &md4);

Error: COMPILER_WARNING (CWE-477): [#def19]
neon-0.36.0/src/ne_ntlm.c:356:5: warning[-Wdeprecated-declarations]: 'MD4_Update' is deprecated: Since OpenSSL 3.0
#  356 |     MD4_Update(&md4, pw, 2*len);
#      |     ^~~~~~~~~~
/usr/include/openssl/md4.h:51:27: note: declared here
#   51 | OSSL_DEPRECATEDIN_3_0 int MD4_Update(MD4_CTX *c, const void *data, size_t len);
#      |                           ^~~~~~~~~~
#  354|   
#  355|       MD4_Init(&md4);
#  356|->     MD4_Update(&md4, pw, 2*len);
#  357|       MD4_Final(ntbuffer, &md4);
#  358|   

Error: COMPILER_WARNING (CWE-477): [#def20]
neon-0.36.0/src/ne_ntlm.c:356:5: warning[-Wdeprecated-declarations]: 'MD4_Update' is deprecated: Since OpenSSL 3.0
#  354|   
#  355|       MD4_Init(&md4);
#  356|->     MD4_Update(&md4, pw, 2*len);
#  357|       MD4_Final(ntbuffer, &md4);
#  358|   

Error: COMPILER_WARNING (CWE-477): [#def21]
neon-0.36.0/src/ne_ntlm.c:357:5: warning[-Wdeprecated-declarations]: 'MD4_Final' is deprecated: Since OpenSSL 3.0
#  357 |     MD4_Final(ntbuffer, &md4);
#      |     ^~~~~~~~~
/usr/include/openssl/md4.h:52:27: note: declared here
#   52 | OSSL_DEPRECATEDIN_3_0 int MD4_Final(unsigned char *md, MD4_CTX *c);
#      |                           ^~~~~~~~~
#  355|       MD4_Init(&md4);
#  356|       MD4_Update(&md4, pw, 2*len);
#  357|->     MD4_Final(ntbuffer, &md4);
#  358|   
#  359|       memset(ntbuffer+16, 0, 5);

Error: COMPILER_WARNING (CWE-477): [#def22]
neon-0.36.0/src/ne_ntlm.c:357:5: warning[-Wdeprecated-declarations]: 'MD4_Final' is deprecated: Since OpenSSL 3.0
#  355|       MD4_Init(&md4);
#  356|       MD4_Update(&md4, pw, 2*len);
#  357|->     MD4_Final(ntbuffer, &md4);
#  358|   
#  359|       memset(ntbuffer+16, 0, 5);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def23]
neon-0.36.0/src/ne_openssl.c:464:11: warning[-Wanalyzer-null-dereference]: dereference of NULL 'chain'
neon-0.36.0/src/ne_openssl.c:727:5: enter_function: entry to 'ne__negotiate_ssl'
neon-0.36.0/src/ne_openssl.c:743:8: branch_false: following 'false' branch...
neon-0.36.0/src/ne_openssl.c:756:11: branch_false: ...to here
neon-0.36.0/src/ne_openssl.c:769:9: branch_false: following 'false' branch...
neon-0.36.0/src/ne_openssl.c:774:9: branch_false: ...to here
neon-0.36.0/src/ne_openssl.c:780:36: call_function: calling 'make_chain' from 'ne__negotiate_ssl'
neon-0.36.0/src/ne_openssl.c:780:36: return_function: returning to 'ne__negotiate_ssl' from 'make_chain'
neon-0.36.0/src/ne_openssl.c:784:13: call_function: calling 'check_certificate' from 'ne__negotiate_ssl'
#  462|   static int check_certificate(ne_session *sess, SSL *ssl, ne_ssl_certificate *chain)
#  463|   {
#  464|->     X509 *cert = chain->subject;
#  465|       int ret, failures = sess->ssl_context->failures;
#  466|   

Error: COMPILER_WARNING (CWE-704): [#def24]
neon-0.36.0/src/ne_session.c: scope_hint: In function 'set_hostinfo'
neon-0.36.0/src/ne_session.c:190:23: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  190 |             && (scope = strstr(v6start, V6_SCOPE_SEP)) != NULL)
#      |                       ^
#  188|   
#  189|           if (hlen >= V6_SCOPE_MINLEN
#  190|->             && (scope = strstr(v6start, V6_SCOPE_SEP)) != NULL)
#  191|               v6end = scope;
#  192|           else

Error: COMPILER_WARNING (CWE-704): [#def25]
neon-0.36.0/src/ne_session.c:190:23: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  188|   
#  189|           if (hlen >= V6_SCOPE_MINLEN
#  190|->             && (scope = strstr(v6start, V6_SCOPE_SEP)) != NULL)
#  191|               v6end = scope;
#  192|           else

Error: COMPILER_WARNING (CWE-704): [#def26]
neon-0.36.0/src/ne_socket.c: scope_hint: In function 'ne_addr_resolve'
neon-0.36.0/src/ne_socket.c:1022:37: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
# 1022 |     if (hostname[0] == '[' && ((pnt = strchr(hostname, ']')) != NULL)) {
#      |                                     ^
# 1020|   
# 1021|   #ifdef AF_INET6
# 1022|->     if (hostname[0] == '[' && ((pnt = strchr(hostname, ']')) != NULL)) {
# 1023|   	char *hn = ne_strdup(hostname + 1);
# 1024|   	hn[pnt - hostname - 1] = '\0';

Error: COMPILER_WARNING (CWE-704): [#def27]
neon-0.36.0/src/ne_socket.c:1022:37: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
# 1020|   
# 1021|   #ifdef AF_INET6
# 1022|->     if (hostname[0] == '[' && ((pnt = strchr(hostname, ']')) != NULL)) {
# 1023|   	char *hn = ne_strdup(hostname + 1);
# 1024|   	hn[pnt - hostname - 1] = '\0';

Error: COMPILER_WARNING (CWE-704): [#def28]
neon-0.36.0/src/ne_string.c: scope_hint: In function 'ne_qtoken'
neon-0.36.0/src/ne_string.c:70:22: warning[-Wdiscarded-qualifiers]: initialization discards 'const' qualifier from pointer target type
#   70 |         char *quot = strchr(quotes, *pnt);
#      |                      ^~~~~~
#   68|   
#   69|       for (pnt = *str; *pnt != '\0'; pnt++) {
#   70|-> 	char *quot = strchr(quotes, *pnt);
#   71|   	
#   72|   	if (quot) {

Error: COMPILER_WARNING (CWE-704): [#def29]
neon-0.36.0/src/ne_string.c:70:22: warning[-Wdiscarded-qualifiers]: initialization discards 'const' qualifier from pointer target type
#   68|   
#   69|       for (pnt = *str; *pnt != '\0'; pnt++) {
#   70|-> 	char *quot = strchr(quotes, *pnt);
#   71|   	
#   72|   	if (quot) {

Error: COMPILER_WARNING (CWE-704): [#def30]
neon-0.36.0/src/ne_xml.c: scope_hint: In function 'ne_xml_get_attr'
neon-0.36.0/src/ne_xml.c:698:21: warning[-Wdiscarded-qualifiers]: initialization discards 'const' qualifier from pointer target type
#  698 |         char *pnt = strchr(attrs[n], ':');
#      |                     ^~~~~~
#  696|   
#  697|       for (n = 0; attrs[n] != NULL; n += 2) {
#  698|-> 	char *pnt = strchr(attrs[n], ':');
#  699|   
#  700|   	if (!nspace && !pnt && strcmp(attrs[n], name) == 0) {

Error: COMPILER_WARNING (CWE-704): [#def31]
neon-0.36.0/src/ne_xml.c:698:21: warning[-Wdiscarded-qualifiers]: initialization discards 'const' qualifier from pointer target type
#  696|   
#  697|       for (n = 0; attrs[n] != NULL; n += 2) {
#  698|-> 	char *pnt = strchr(attrs[n], ':');
#  699|   
#  700|   	if (!nspace && !pnt && strcmp(attrs[n], name) == 0) {

Scan Properties

analyzer-version-clippy	1.95.0
analyzer-version-cppcheck	2.20.0
analyzer-version-gcc	16.1.1
analyzer-version-gcc-analyzer	16.1.1
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.95.0
diffbase-analyzer-version-cppcheck	2.20.0
diffbase-analyzer-version-gcc	16.1.1
diffbase-analyzer-version-gcc-analyzer	16.1.1
diffbase-analyzer-version-shellcheck	0.11.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-66.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20260524.213755.g3c6d0be.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	neon-0.37.1-1.fc45
diffbase-store-results-to	/tmp/tmp0gd5qcsu/neon-0.37.1-1.fc45.tar.xz
diffbase-time-created	2026-06-01 15:11:42
diffbase-time-finished	2026-06-01 15:13:00
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'shellcheck,cppcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmp0gd5qcsu/neon-0.37.1-1.fc45.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp0gd5qcsu/neon-0.37.1-1.fc45.src.rpm'
diffbase-tool-version	csmock-3.8.5.20260529.133039.g6f3b5c6-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-66.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20260524.213755.g3c6d0be.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	neon-0.36.0-4.fc44
store-results-to	/tmp/tmp1_0g7hl2/neon-0.36.0-4.fc44.tar.xz
time-created	2026-06-01 15:09:39
time-finished	2026-06-01 15:11:25
title	Fixed findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'shellcheck,cppcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmp1_0g7hl2/neon-0.36.0-4.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp1_0g7hl2/neon-0.36.0-4.fc44.src.rpm'
tool-version	csmock-3.8.5.20260529.133039.g6f3b5c6-1.el9