OpenScanHub - Task log

Task #119269 - added.err

back to task #119269
download

Error: CPPCHECK_WARNING (CWE-476):
openssh-10.3p1/libcrux_mlkem768_sha3.h:555: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ptr
#  553|   static inline char *malloc_and_init(size_t sz, char *init) {
#  554|     char *ptr = (char *)malloc(sz);
#  555|->   memcpy(ptr, init, sz);
#  556|     return ptr;
#  557|   }

Error: GCC_ANALYZER_WARNING (CWE-476):
openssh-10.3p1/readconf.c:3507:13: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘s’
openssh-10.3p1/readconf.c:3540:1: enter_function: entry to ‘parse_jump’
openssh-10.3p1/readconf.c:3543:15: release_memory: ‘tmp_user’ is NULL
openssh-10.3p1/readconf.c:3543:33: release_memory: ‘tmp_user’ is NULL
openssh-10.3p1/readconf.c:3546:12: branch_false: following ‘false’ branch...
openssh-10.3p1/readconf.c:3554:16: branch_false: ...to here
openssh-10.3p1/readconf.c:3555:12: branch_false: following ‘false’ branch (when ‘cp’ is NULL)...
openssh-10.3p1/readconf.c:3557:9: branch_false: ...to here
openssh-10.3p1/readconf.c:3563:20: branch_true: following ‘true’ branch (when ‘cp’ is NULL)...
openssh-10.3p1/readconf.c:3568:21: branch_true: ...to here
openssh-10.3p1/readconf.c:3568:21: call_function: calling ‘parse_ssh_uri’ from ‘parse_jump’
openssh-10.3p1/readconf.c:3568:21: return_function: returning to ‘parse_jump’ from ‘parse_ssh_uri’
openssh-10.3p1/readconf.c:3569:20: branch_false: following ‘false’ branch...
openssh-10.3p1/readconf.c:3572:20: branch_true: following ‘true’ branch (when ‘strict != 0’)...
openssh-10.3p1/readconf.c:3573:30: branch_true: ...to here
openssh-10.3p1/readconf.c:3573:30: release_memory: ‘tmp_user’ is NULL
openssh-10.3p1/readconf.c:3573:30: call_function: calling ‘ssh_valid_hostname’ from ‘parse_jump’
# 3505|   	size_t i;
# 3506|   
# 3507|-> 	if (*s == '-')
# 3508|   		return 0;
# 3509|   	for (i = 0; s[i] != 0; i++) {

Error: COMPILER_WARNING (CWE-563):
openssh-10.3p1/sshd-session.c: scope_hint: In function ‘cleanup_exit’
openssh-10.3p1/sshd-session.c:1580:20: warning[-Wunused-variable]: unused variable ‘auth_attempted’
# 1580 |         extern int auth_attempted; /* monitor.c */
#      |                    ^~~~~~~~~~~~~~
# 1578|   		_exit(i);
# 1579|   	in_cleanup = 1;
# 1580|-> 	extern int auth_attempted; /* monitor.c */
# 1581|   
# 1582|   	if (the_active_state != NULL && the_authctxt != NULL) {

Issues can be reported to the mailing list. User documentation can be found on the wiki.