summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta-oe/recipes-support/libssh/libssh/CVE-2025-4878-0001.patch2552
-rw-r--r--meta-oe/recipes-support/libssh/libssh/CVE-2025-4878-0002.patch34
-rw-r--r--meta-oe/recipes-support/libssh/libssh_0.10.6.bb2
3 files changed, 2588 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2025-4878-0001.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2025-4878-0001.patch
new file mode 100644
index 0000000000..22f8733a69
--- /dev/null
+++ b/meta-oe/recipes-support/libssh/libssh/CVE-2025-4878-0001.patch
@@ -0,0 +1,2552 @@
1From 697650caa97eaf7623924c75f9fcfec6dd423cd1 Mon Sep 17 00:00:00 2001
2From: Jakub Jelen <jjelen@redhat.com>
3Date: Wed, 23 Apr 2025 17:57:11 +0200
4Subject: [PATCH] CVE-2025-4878 Initialize pointers where possible
5
6This is mostly mechanical change initializing all the pointers I was able to
7find with some grep and manual review of sources and examples.
8
9Used the following greps (which yield some false positives though):
10
11 git grep " \w* *\* *\w*;$"
12 git grep " ssh_session \w*;"
13 git grep " ssh_channel \w*;"
14 git grep " struct ssh_iterator \*\w*;"
15 git grep " ssh_bind \w*;"
16 git grep " ssh_key \w*;"
17 git grep " ssh_string \w*;"
18 git grep " ssh_buffer \w*;"
19 git grep " HMACCTX \w*;"
20 git grep " SHACTX \w*;"
21 grep -rinP '^(?!.*=)\s*(?:\w+\s+)*\w+\s*\*\s*\w+\s*;'
22
23Signed-off-by: Jakub Jelen <jjelen@redhat.com>
24Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
25
26CVE: CVE-2025-4878
27
28Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1]
29
30Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
31---
32 doc/authentication.dox | 10 +++----
33 doc/command.dox | 2 +-
34 doc/forwarding.dox | 4 +--
35 doc/guided_tour.dox | 14 ++++-----
36 doc/shell.dox | 2 +-
37 examples/authentication.c | 12 ++++----
38 examples/connect_ssh.c | 2 +-
39 examples/exec.c | 4 +--
40 examples/knownhosts.c | 2 +-
41 examples/libssh_scp.c | 11 ++++----
42 examples/proxy.c | 18 ++++++------
43 examples/samplesshd-cb.c | 10 +++----
44 examples/samplesshd-kbdint.c | 16 +++++------
45 examples/scp_download.c | 4 +--
46 examples/senddata.c | 4 +--
47 examples/ssh_client.c | 8 +++---
48 examples/sshd_direct-tcpip.c | 14 ++++-----
49 examples/sshnetcat.c | 6 ++--
50 src/agent.c | 13 +++++----
51 src/auth.c | 7 +++--
52 src/bind.c | 11 ++++----
53 src/bind_config.c | 4 +--
54 src/buffer.c | 9 +++---
55 src/callbacks.c | 2 +-
56 src/chachapoly.c | 2 +-
57 src/channels.c | 55 ++++++++++++++++++------------------
58 src/client.c | 2 +-
59 src/config.c | 4 +--
60 src/config_parser.c | 12 ++++----
61 src/connect.c | 4 +--
62 src/connector.c | 5 ++--
63 src/dh_crypto.c | 2 +-
64 src/ecdh_gcrypt.c | 4 +--
65 src/gcrypt_missing.c | 2 +-
66 src/getpass.c | 4 +--
67 src/gssapi.c | 28 +++++++++---------
68 src/kex.c | 4 +--
69 src/known_hosts.c | 41 ++++++++++++++-------------
70 src/knownhosts.c | 18 ++++++------
71 src/legacy.c | 43 +++++++++++++++-------------
72 src/libmbedcrypto.c | 2 +-
73 src/log.c | 2 +-
74 src/messages.c | 18 ++++++------
75 src/misc.c | 24 ++++++++--------
76 src/options.c | 18 ++++++------
77 src/packet.c | 6 ++--
78 src/packet_crypt.c | 2 +-
79 src/pki.c | 50 ++++++++++++++++----------------
80 src/pki_container_openssh.c | 14 ++++-----
81 src/pki_crypto.c | 8 +++---
82 src/pki_ed25519.c | 6 ++--
83 src/pki_ed25519_common.c | 2 +-
84 src/pki_gcrypt.c | 12 ++++----
85 src/pki_mbedcrypto.c | 12 ++++----
86 src/poll.c | 10 +++----
87 src/server.c | 23 ++++++++-------
88 src/session.c | 14 ++++-----
89 src/sftpserver.c | 12 ++++----
90 src/string.c | 6 ++--
91 src/threads/winlocks.c | 2 +-
92 src/wrapper.c | 2 +-
93 61 files changed, 340 insertions(+), 324 deletions(-)
94
95diff --git a/doc/authentication.dox b/doc/authentication.dox
96index 7d0ab81d..a0b2df84 100644
97--- a/doc/authentication.dox
98+++ b/doc/authentication.dox
99@@ -105,7 +105,7 @@ Here is a small example of password authentication:
100 @code
101 int authenticate_password(ssh_session session)
102 {
103- char *password;
104+ char *password = NULL;
105 int rc;
106
107 password = getpass("Enter your password: ");
108@@ -218,7 +218,7 @@ int authenticate_kbdint(ssh_session session)
109 rc = ssh_userauth_kbdint(session, NULL, NULL);
110 while (rc == SSH_AUTH_INFO)
111 {
112- const char *name, *instruction;
113+ const char *name = NULL, *instruction = NULL;
114 int nprompts, iprompt;
115
116 name = ssh_userauth_kbdint_getname(session);
117@@ -231,7 +231,7 @@ int authenticate_kbdint(ssh_session session)
118 printf("%s\n", instruction);
119 for (iprompt = 0; iprompt < nprompts; iprompt++)
120 {
121- const char *prompt;
122+ const char *prompt = NULL;
123 char echo;
124
125 prompt = ssh_userauth_kbdint_getprompt(session, iprompt, &echo);
126@@ -251,7 +251,7 @@ int authenticate_kbdint(ssh_session session)
127 }
128 else
129 {
130- char *ptr;
131+ char *ptr = NULL;
132
133 ptr = getpass(prompt);
134 if (ssh_userauth_kbdint_setanswer(session, iprompt, ptr) < 0)
135@@ -354,7 +354,7 @@ The following example shows how to retrieve and dispose the issue banner:
136 int display_banner(ssh_session session)
137 {
138 int rc;
139- char *banner;
140+ char *banner = NULL;
141
142 /*
143 *** Does not work without calling ssh_userauth_none() first ***
144diff --git a/doc/command.dox b/doc/command.dox
145index 588151c6..e82748ce 100644
146--- a/doc/command.dox
147+++ b/doc/command.dox
148@@ -22,7 +22,7 @@ a SSH session that uses this channel:
149 @code
150 int show_remote_files(ssh_session session)
151 {
152- ssh_channel channel;
153+ ssh_channel channel = NULL;
154 int rc;
155
156 channel = ssh_channel_new(session);
157diff --git a/doc/forwarding.dox b/doc/forwarding.dox
158index 2b202b4d..3ca3aa8a 100644
159--- a/doc/forwarding.dox
160+++ b/doc/forwarding.dox
161@@ -100,7 +100,7 @@ used to retrieve google's home page from the remote SSH server.
162 @code
163 int direct_forwarding(ssh_session session)
164 {
165- ssh_channel forwarding_channel;
166+ ssh_channel forwarding_channel = NULL;
167 int rc = SSH_ERROR;
168 char *http_get = "GET / HTTP/1.1\nHost: www.google.com\n\n";
169 int nbytes, nwritten;
170@@ -161,7 +161,7 @@ local libssh application, which handles them:
171 int web_server(ssh_session session)
172 {
173 int rc;
174- ssh_channel channel;
175+ ssh_channel channel = NULL;
176 char buffer[256];
177 int nbytes, nwritten;
178 int port = 0;
179diff --git a/doc/guided_tour.dox b/doc/guided_tour.dox
180index 69576f18..60f4087e 100644
181--- a/doc/guided_tour.dox
182+++ b/doc/guided_tour.dox
183@@ -79,7 +79,7 @@ Here is a small example of how to use it:
184
185 int main()
186 {
187- ssh_session my_ssh_session;
188+ ssh_session my_ssh_session = NULL;
189 int verbosity = SSH_LOG_PROTOCOL;
190 int port = 22;
191
192@@ -126,7 +126,7 @@ Here's an example:
193
194 int main()
195 {
196- ssh_session my_ssh_session;
197+ ssh_session my_ssh_session = NULL;
198 int rc;
199
200 my_ssh_session = ssh_new();
201@@ -190,8 +190,8 @@ int verify_knownhost(ssh_session session)
202 ssh_key srv_pubkey = NULL;
203 size_t hlen;
204 char buf[10];
205- char *hexa;
206- char *p;
207+ char *hexa = NULL;
208+ char *p = NULL;
209 int cmp;
210 int rc;
211
212@@ -317,9 +317,9 @@ The example below shows an authentication with password:
213
214 int main()
215 {
216- ssh_session my_ssh_session;
217+ ssh_session my_ssh_session = NULL;
218 int rc;
219- char *password;
220+ char *password = NULL;
221
222 // Open session and set options
223 my_ssh_session = ssh_new();
224@@ -380,7 +380,7 @@ The example below shows how to execute a remote command:
225 @code
226 int show_remote_processes(ssh_session session)
227 {
228- ssh_channel channel;
229+ ssh_channel channel = NULL;
230 int rc;
231 char buffer[256];
232 int nbytes;
233diff --git a/doc/shell.dox b/doc/shell.dox
234index d770f27a..54d97888 100644
235--- a/doc/shell.dox
236+++ b/doc/shell.dox
237@@ -26,7 +26,7 @@ The code sample below achieves these tasks:
238 @code
239 int shell_session(ssh_session session)
240 {
241- ssh_channel channel;
242+ ssh_channel channel = NULL;
243 int rc;
244
245 channel = ssh_channel_new(session);
246diff --git a/examples/authentication.c b/examples/authentication.c
247index 7c47c8bd..31de7cfc 100644
248--- a/examples/authentication.c
249+++ b/examples/authentication.c
250@@ -30,8 +30,8 @@ int authenticate_kbdint(ssh_session session, const char *password)
251
252 err = ssh_userauth_kbdint(session, NULL, NULL);
253 while (err == SSH_AUTH_INFO) {
254- const char *instruction;
255- const char *name;
256+ const char *instruction = NULL;
257+ const char *name = NULL;
258 char buffer[128];
259 int i, n;
260
261@@ -48,8 +48,8 @@ int authenticate_kbdint(ssh_session session, const char *password)
262 }
263
264 for (i = 0; i < n; i++) {
265- const char *answer;
266- const char *prompt;
267+ const char *answer = NULL;
268+ const char *prompt = NULL;
269 char echo;
270
271 prompt = ssh_userauth_kbdint_getprompt(session, i, &echo);
272@@ -58,7 +58,7 @@ int authenticate_kbdint(ssh_session session, const char *password)
273 }
274
275 if (echo) {
276- char *p;
277+ char *p = NULL;
278
279 printf("%s", prompt);
280
281@@ -143,7 +143,7 @@ int authenticate_console(ssh_session session)
282 int rc;
283 int method;
284 char password[128] = {0};
285- char *banner;
286+ char *banner = NULL;
287
288 // Try to authenticate
289 rc = ssh_userauth_none(session, NULL);
290diff --git a/examples/connect_ssh.c b/examples/connect_ssh.c
291index c9e4ef6e..06094272 100644
292--- a/examples/connect_ssh.c
293+++ b/examples/connect_ssh.c
294@@ -22,7 +22,7 @@ clients must be made or how a client should react.
295 #include <stdio.h>
296
297 ssh_session connect_ssh(const char *host, const char *user,int verbosity){
298- ssh_session session;
299+ ssh_session session = NULL;
300 int auth=0;
301
302 session=ssh_new();
303diff --git a/examples/exec.c b/examples/exec.c
304index 77d3be47..f90df364 100644
305--- a/examples/exec.c
306+++ b/examples/exec.c
307@@ -5,8 +5,8 @@
308 #include "examples_common.h"
309
310 int main(void) {
311- ssh_session session;
312- ssh_channel channel;
313+ ssh_session session = NULL;
314+ ssh_channel channel = NULL;
315 char buffer[256];
316 int rbytes, wbytes, total = 0;
317 int rc;
318diff --git a/examples/knownhosts.c b/examples/knownhosts.c
319index 0726bfa8..2857a085 100644
320--- a/examples/knownhosts.c
321+++ b/examples/knownhosts.c
322@@ -38,7 +38,7 @@ int verify_knownhost(ssh_session session)
323 char buf[10];
324 unsigned char *hash = NULL;
325 size_t hlen;
326- ssh_key srv_pubkey;
327+ ssh_key srv_pubkey = NULL;
328 int rc;
329
330 rc = ssh_get_server_publickey(session, &srv_pubkey);
331diff --git a/examples/libssh_scp.c b/examples/libssh_scp.c
332index 6fdf8a4f..a332e0d2 100644
333--- a/examples/libssh_scp.c
334+++ b/examples/libssh_scp.c
335@@ -26,9 +26,9 @@ program.
336 #define BUF_SIZE 16384
337 #endif
338
339-static char **sources;
340+static char **sources = NULL;
341 static int nsources;
342-static char *destination;
343+static char *destination = NULL;
344 static int verbosity = 0;
345
346 struct location {
347@@ -114,9 +114,10 @@ static void location_free(struct location *loc)
348 }
349 }
350
351-static struct location *parse_location(char *loc) {
352- struct location *location;
353- char *ptr;
354+static struct location *parse_location(char *loc)
355+{
356+ struct location *location = NULL;
357+ char *ptr = NULL;
358
359 location = malloc(sizeof(struct location));
360 if (location == NULL) {
361diff --git a/examples/proxy.c b/examples/proxy.c
362index 159a37e5..25451789 100644
363--- a/examples/proxy.c
364+++ b/examples/proxy.c
365@@ -35,8 +35,8 @@ clients must be made or how a client should react.
366 static int authenticated=0;
367 static int tries = 0;
368 static int error = 0;
369-static ssh_channel chan=NULL;
370-static char *username;
371+static ssh_channel chan = NULL;
372+static char *username = NULL;
373 static ssh_gssapi_creds client_creds = NULL;
374
375 static int auth_password(ssh_session session, const char *user,
376@@ -216,11 +216,12 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
377 static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
378 #endif /* HAVE_ARGP_H */
379
380-int main(int argc, char **argv){
381- ssh_session session;
382- ssh_bind sshbind;
383- ssh_event mainloop;
384- ssh_session client_session;
385+int main(int argc, char **argv)
386+{
387+ ssh_session session = NULL;
388+ ssh_bind sshbind = NULL;
389+ ssh_event mainloop = NULL;
390+ ssh_session client_session = NULL;
391
392 struct ssh_server_callbacks_struct cb = {
393 .userdata = NULL,
394@@ -231,7 +232,7 @@ int main(int argc, char **argv){
395
396 char buf[BUF_SIZE];
397 char host[128]="";
398- char *ptr;
399+ char *ptr = NULL;
400 int i,r, rc;
401
402 sshbind=ssh_bind_new();
403@@ -348,4 +349,3 @@ int main(int argc, char **argv){
404 ssh_finalize();
405 return 0;
406 }
407-
408diff --git a/examples/samplesshd-cb.c b/examples/samplesshd-cb.c
409index e5b48994..693b040d 100644
410--- a/examples/samplesshd-cb.c
411+++ b/examples/samplesshd-cb.c
412@@ -257,10 +257,11 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
413 static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
414 #endif /* HAVE_ARGP_H */
415
416-int main(int argc, char **argv){
417- ssh_session session;
418- ssh_bind sshbind;
419- ssh_event mainloop;
420+int main(int argc, char **argv)
421+{
422+ ssh_session session = NULL;
423+ ssh_bind sshbind = NULL;
424+ ssh_event mainloop = NULL;
425 struct ssh_server_callbacks_struct cb = {
426 .userdata = NULL,
427 .auth_none_function = auth_none,
428@@ -353,4 +354,3 @@ int main(int argc, char **argv){
429 ssh_finalize();
430 return 0;
431 }
432-
433diff --git a/examples/samplesshd-kbdint.c b/examples/samplesshd-kbdint.c
434index 6608306c..141088c2 100644
435--- a/examples/samplesshd-kbdint.c
436+++ b/examples/samplesshd-kbdint.c
437@@ -187,8 +187,8 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
438 static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
439 #endif /* HAVE_ARGP_H */
440
441-static const char *name;
442-static const char *instruction;
443+static const char *name = NULL;
444+static const char *instruction = NULL;
445 static const char *prompts[2];
446 static char echo[] = { 1, 0 };
447
448@@ -292,11 +292,12 @@ static int authenticate(ssh_session session) {
449 return 0;
450 }
451
452-int main(int argc, char **argv){
453- ssh_session session;
454- ssh_bind sshbind;
455- ssh_message message;
456- ssh_channel chan=0;
457+int main(int argc, char **argv)
458+{
459+ ssh_session session = NULL;
460+ ssh_bind sshbind = NULL;
461+ ssh_message message = NULL;
462+ ssh_channel chan = NULL;
463 char buf[BUF_SIZE];
464 int auth=0;
465 int shell=0;
466@@ -426,4 +427,3 @@ int main(int argc, char **argv){
467 ssh_finalize();
468 return 0;
469 }
470-
471diff --git a/examples/scp_download.c b/examples/scp_download.c
472index e6c1e796..dcaa2cb7 100644
473--- a/examples/scp_download.c
474+++ b/examples/scp_download.c
475@@ -108,7 +108,7 @@ static int fetch_files(ssh_session session){
476 int size;
477 char buffer[BUF_SIZE];
478 int mode;
479- char *filename;
480+ char *filename = NULL;
481 int r;
482 ssh_scp scp=ssh_scp_new(session, SSH_SCP_READ | SSH_SCP_RECURSIVE, "/tmp/libssh_tests/*");
483 if(ssh_scp_init(scp) != SSH_OK){
484@@ -167,7 +167,7 @@ static int fetch_files(ssh_session session){
485 }
486
487 int main(int argc, char **argv){
488- ssh_session session;
489+ ssh_session session = NULL;
490 if(opts(argc,argv)<0)
491 return EXIT_FAILURE;
492 session=connect_ssh(host,NULL,verbosity);
493diff --git a/examples/senddata.c b/examples/senddata.c
494index 21181fb9..78383a2b 100644
495--- a/examples/senddata.c
496+++ b/examples/senddata.c
497@@ -6,7 +6,7 @@
498 #define LIMIT 0x100000000UL
499
500 int main(void) {
501- ssh_session session;
502+ ssh_session session = NULL;
503 ssh_channel channel;
504 char buffer[1024*1024];
505 int rc;
506@@ -47,7 +47,7 @@ int main(void) {
507 if(total > LIMIT)
508 break;
509 }
510-
511+
512 if (rc < 0) {
513 printf("error : %s\n",ssh_get_error(session));
514 ssh_channel_close(channel);
515diff --git a/examples/ssh_client.c b/examples/ssh_client.c
516index aaf0cb5b..896890c3 100644
517--- a/examples/ssh_client.c
518+++ b/examples/ssh_client.c
519@@ -53,7 +53,7 @@ static struct termios terminal;
520
521 static char *pcap_file = NULL;
522
523-static char *proxycommand;
524+static char *proxycommand = NULL;
525
526 static int auth_callback(const char *prompt,
527 char *buf,
528@@ -252,7 +252,7 @@ static void select_loop(ssh_session session,ssh_channel channel)
529
530 static void shell(ssh_session session)
531 {
532- ssh_channel channel;
533+ ssh_channel channel = NULL;
534 struct termios terminal_local;
535 int interactive=isatty(0);
536
537@@ -324,7 +324,7 @@ static void batch_shell(ssh_session session)
538 static int client(ssh_session session)
539 {
540 int auth = 0;
541- char *banner;
542+ char *banner = NULL;
543 int state;
544
545 if (user) {
546@@ -408,7 +408,7 @@ static void cleanup_pcap(void)
547
548 int main(int argc, char **argv)
549 {
550- ssh_session session;
551+ ssh_session session = NULL;
552
553 ssh_init();
554 session = ssh_new();
555diff --git a/examples/sshd_direct-tcpip.c b/examples/sshd_direct-tcpip.c
556index b0e29796..152377e9 100644
557--- a/examples/sshd_direct-tcpip.c
558+++ b/examples/sshd_direct-tcpip.c
559@@ -358,7 +358,7 @@ my_fd_data_function(UNUSED_PARAM(socket_t fd),
560 {
561 struct event_fd_data_struct *event_fd_data = (struct event_fd_data_struct *)userdata;
562 ssh_channel channel = event_fd_data->channel;
563- ssh_session session;
564+ ssh_session session = NULL;
565 int len, i, wr;
566 char buf[BUF_SIZE];
567 int blocking;
568@@ -452,8 +452,8 @@ open_tcp_socket(ssh_message msg)
569 {
570 struct sockaddr_in sin;
571 int forwardsock = -1;
572- struct hostent *host;
573- const char *dest_hostname;
574+ struct hostent *host = NULL;
575+ const char *dest_hostname = NULL;
576 int dest_port;
577
578 forwardsock = socket(AF_INET, SOCK_STREAM, 0);
579@@ -496,8 +496,8 @@ message_callback(UNUSED_PARAM(ssh_session session),
580 UNUSED_PARAM(void *userdata))
581 {
582 ssh_channel channel;
583- int socket_fd, *pFd;
584- struct ssh_channel_callbacks_struct *cb_chan;
585+ int socket_fd, *pFd = NULL;
586+ struct ssh_channel_callbacks_struct *cb_chan = NULL;
587 struct event_fd_data_struct *event_fd_data;
588
589 _ssh_log(SSH_LOG_PACKET, "=== message_callback", "Message type: %d",
590@@ -665,8 +665,8 @@ static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
591 int
592 main(int argc, char **argv)
593 {
594- ssh_session session;
595- ssh_bind sshbind;
596+ ssh_session session = NULL;
597+ ssh_bind sshbind = NULL;
598 struct ssh_server_callbacks_struct cb = {
599 .userdata = NULL,
600 .auth_password_function = auth_password,
601diff --git a/examples/sshnetcat.c b/examples/sshnetcat.c
602index 59b0a289..8a1153a6 100644
603--- a/examples/sshnetcat.c
604+++ b/examples/sshnetcat.c
605@@ -39,7 +39,7 @@ clients must be made or how a client should react.
606 #define BUF_SIZE 4096
607 #endif
608
609-char *host;
610+char *host = NULL;
611 const char *desthost="localhost";
612 const char *port="22";
613
614@@ -193,7 +193,7 @@ static void forwarding(ssh_session session){
615
616 static int client(ssh_session session){
617 int auth=0;
618- char *banner;
619+ char *banner = NULL;
620 int state;
621
622 if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0)
623@@ -246,7 +246,7 @@ void cleanup_pcap(void)
624 #endif
625
626 int main(int argc, char **argv){
627- ssh_session session;
628+ ssh_session session = NULL;
629
630 session = ssh_new();
631
632diff --git a/src/agent.c b/src/agent.c
633index 6e3d7d79..c81b0805 100644
634--- a/src/agent.c
635+++ b/src/agent.c
636@@ -424,8 +424,9 @@ ssh_key ssh_agent_get_first_ident(struct ssh_session_struct *session,
637
638 /* caller has to free comment */
639 ssh_key ssh_agent_get_next_ident(struct ssh_session_struct *session,
640- char **comment) {
641- struct ssh_key_struct *key;
642+ char **comment)
643+{
644+ struct ssh_key_struct *key = NULL;
645 struct ssh_string_struct *blob = NULL;
646 struct ssh_string_struct *tmp = NULL;
647 int rc;
648@@ -494,10 +495,10 @@ ssh_string ssh_agent_sign_data(ssh_session session,
649 const ssh_key pubkey,
650 struct ssh_buffer_struct *data)
651 {
652- ssh_buffer request;
653- ssh_buffer reply;
654- ssh_string key_blob;
655- ssh_string sig_blob;
656+ ssh_buffer request = NULL;
657+ ssh_buffer reply = NULL;
658+ ssh_string key_blob = NULL;
659+ ssh_string sig_blob = NULL;
660 unsigned int type = 0;
661 unsigned int flags = 0;
662 uint32_t dlen;
663diff --git a/src/auth.c b/src/auth.c
664index 4feb6558..98022311 100644
665--- a/src/auth.c
666+++ b/src/auth.c
667@@ -195,8 +195,9 @@ static int ssh_userauth_get_response(ssh_session session)
668 *
669 * This banner should be shown to user prior to authentication
670 */
671-SSH_PACKET_CALLBACK(ssh_packet_userauth_banner) {
672- ssh_string banner;
673+SSH_PACKET_CALLBACK(ssh_packet_userauth_banner)
674+{
675+ ssh_string banner = NULL;
676 (void)type;
677 (void)user;
678
679@@ -1398,7 +1399,7 @@ int ssh_userauth_agent_pubkey(ssh_session session,
680 const char *username,
681 ssh_public_key publickey)
682 {
683- ssh_key key;
684+ ssh_key key = NULL;
685 int rc;
686
687 key = ssh_key_new();
688diff --git a/src/bind.c b/src/bind.c
689index a91e6747..c331006a 100644
690--- a/src/bind.c
691+++ b/src/bind.c
692@@ -74,7 +74,7 @@
693 static socket_t bind_socket(ssh_bind sshbind, const char *hostname,
694 int port) {
695 char port_c[6];
696- struct addrinfo *ai;
697+ struct addrinfo *ai = NULL;
698 struct addrinfo hints;
699 int opt = 1;
700 socket_t s;
701@@ -132,8 +132,9 @@ static socket_t bind_socket(ssh_bind sshbind, const char *hostname,
702 return s;
703 }
704
705-ssh_bind ssh_bind_new(void) {
706- ssh_bind ptr;
707+ssh_bind ssh_bind_new(void)
708+{
709+ ssh_bind ptr = NULL;
710
711 ptr = calloc(1, sizeof(struct ssh_bind_struct));
712 if (ptr == NULL) {
713@@ -251,7 +252,7 @@ static int ssh_bind_import_keys(ssh_bind sshbind) {
714 }
715
716 int ssh_bind_listen(ssh_bind sshbind) {
717- const char *host;
718+ const char *host = NULL;
719 socket_t fd;
720 int rc;
721
722@@ -475,7 +476,7 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd)
723 return SSH_ERROR;
724 }
725 } else {
726- char *p;
727+ char *p = NULL;
728 /* If something was set to the session prior to calling this
729 * function, keep only what is allowed by the options set in
730 * sshbind */
731diff --git a/src/bind_config.c b/src/bind_config.c
732index 27c42c95..ed42cbe3 100644
733--- a/src/bind_config.c
734+++ b/src/bind_config.c
735@@ -200,7 +200,7 @@ local_parse_file(ssh_bind bind,
736 uint8_t *seen,
737 unsigned int depth)
738 {
739- FILE *f;
740+ FILE *f = NULL;
741 char line[MAX_LINE_SIZE] = {0};
742 unsigned int count = 0;
743 int rv;
744@@ -626,7 +626,7 @@ int ssh_bind_config_parse_file(ssh_bind bind, const char *filename)
745 {
746 char line[MAX_LINE_SIZE] = {0};
747 unsigned int count = 0;
748- FILE *f;
749+ FILE *f = NULL;
750 uint32_t parser_flags;
751 int rv;
752
753diff --git a/src/buffer.c b/src/buffer.c
754index 8991e006..62fda334 100644
755--- a/src/buffer.c
756+++ b/src/buffer.c
757@@ -371,7 +371,8 @@ int ssh_buffer_allocate_size(struct ssh_buffer_struct *buffer,
758 */
759 void *ssh_buffer_allocate(struct ssh_buffer_struct *buffer, uint32_t len)
760 {
761- void *ptr;
762+ void *ptr = NULL;
763+
764 buffer_verify(buffer);
765
766 if (buffer->used + len < len) {
767@@ -925,7 +926,7 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
768 va_list ap)
769 {
770 int rc = SSH_ERROR;
771- const char *p;
772+ const char *p = NULL;
773 union {
774 uint8_t byte;
775 uint16_t word;
776@@ -934,7 +935,7 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
777 ssh_string string;
778 void *data;
779 } o;
780- char *cstring;
781+ char *cstring = NULL;
782 bignum b;
783 size_t len;
784 size_t count;
785@@ -1093,7 +1094,7 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
786 va_list ap)
787 {
788 int rc = SSH_ERROR;
789- const char *p = format, *last;
790+ const char *p = format, *last = NULL;
791 union {
792 uint8_t *byte;
793 uint16_t *word;
794diff --git a/src/callbacks.c b/src/callbacks.c
795index 3ed2f11c..6bfed62a 100644
796--- a/src/callbacks.c
797+++ b/src/callbacks.c
798@@ -113,7 +113,7 @@ int ssh_add_channel_callbacks(ssh_channel channel, ssh_channel_callbacks cb)
799
800 int ssh_remove_channel_callbacks(ssh_channel channel, ssh_channel_callbacks cb)
801 {
802- struct ssh_iterator *it;
803+ struct ssh_iterator *it = NULL;
804
805 if (channel == NULL || channel->callbacks == NULL){
806 return SSH_ERROR;
807diff --git a/src/chachapoly.c b/src/chachapoly.c
808index 2cd23854..354a0d26 100644
809--- a/src/chachapoly.c
810+++ b/src/chachapoly.c
811@@ -42,7 +42,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher,
812 void *key,
813 void *IV)
814 {
815- struct chacha20_poly1305_keysched *sched;
816+ struct chacha20_poly1305_keysched *sched = NULL;
817 uint8_t *u8key = key;
818 (void)IV;
819
820diff --git a/src/channels.c b/src/channels.c
821index ab6915a2..8290dbd1 100644
822--- a/src/channels.c
823+++ b/src/channels.c
824@@ -165,7 +165,7 @@ uint32_t ssh_channel_new_id(ssh_session session)
825 */
826 SSH_PACKET_CALLBACK(ssh_packet_channel_open_conf){
827 uint32_t channelid=0;
828- ssh_channel channel;
829+ ssh_channel channel = NULL;
830 int rc;
831 (void)type;
832 (void)user;
833@@ -226,7 +226,7 @@ error:
834 */
835 SSH_PACKET_CALLBACK(ssh_packet_channel_open_fail){
836
837- ssh_channel channel;
838+ ssh_channel channel = NULL;
839 char *error = NULL;
840 uint32_t code;
841 int rc;
842@@ -386,7 +386,7 @@ end:
843 /* return channel with corresponding local id, or NULL if not found */
844 ssh_channel ssh_channel_from_local(ssh_session session, uint32_t id) {
845 struct ssh_iterator *it;
846- ssh_channel channel;
847+ ssh_channel channel = NULL;
848
849 for (it = ssh_list_get_iterator(session->channels); it != NULL ; it=it->next) {
850 channel = ssh_iterator_value(ssh_channel, it);
851@@ -471,7 +471,7 @@ error:
852 */
853 static ssh_channel channel_from_msg(ssh_session session, ssh_buffer packet)
854 {
855- ssh_channel channel;
856+ ssh_channel channel = NULL;
857 uint32_t chan;
858 int rc;
859
860@@ -493,7 +493,7 @@ static ssh_channel channel_from_msg(ssh_session session, ssh_buffer packet)
861 }
862
863 SSH_PACKET_CALLBACK(channel_rcv_change_window) {
864- ssh_channel channel;
865+ ssh_channel channel = NULL;
866 uint32_t bytes;
867 int rc;
868 (void)user;
869@@ -632,7 +632,7 @@ SSH_PACKET_CALLBACK(channel_rcv_data){
870 }
871
872 SSH_PACKET_CALLBACK(channel_rcv_eof) {
873- ssh_channel channel;
874+ ssh_channel channel = NULL;
875 (void)user;
876 (void)type;
877
878@@ -676,8 +676,9 @@ static bool ssh_channel_has_unread_data(ssh_channel channel)
879 return false;
880 }
881
882-SSH_PACKET_CALLBACK(channel_rcv_close) {
883- ssh_channel channel;
884+SSH_PACKET_CALLBACK(channel_rcv_close)
885+{
886+ ssh_channel channel = NULL;
887 (void)user;
888 (void)type;
889
890@@ -902,7 +903,7 @@ int channel_default_bufferize(ssh_channel channel,
891 void *data, uint32_t len,
892 bool is_stderr)
893 {
894- ssh_session session;
895+ ssh_session session = NULL;
896
897 if(channel == NULL) {
898 return -1;
899@@ -1041,7 +1042,7 @@ int ssh_channel_open_auth_agent(ssh_channel channel)
900 int ssh_channel_open_forward(ssh_channel channel, const char *remotehost,
901 int remoteport, const char *sourcehost, int localport)
902 {
903- ssh_session session;
904+ ssh_session session = NULL;
905 ssh_buffer payload = NULL;
906 ssh_string str = NULL;
907 int rc = SSH_ERROR;
908@@ -1179,7 +1180,7 @@ error:
909 */
910 void ssh_channel_free(ssh_channel channel)
911 {
912- ssh_session session;
913+ ssh_session session = NULL;
914
915 if (channel == NULL) {
916 return;
917@@ -1280,7 +1281,7 @@ void ssh_channel_do_free(ssh_channel channel)
918 */
919 int ssh_channel_send_eof(ssh_channel channel)
920 {
921- ssh_session session;
922+ ssh_session session = NULL;
923 int rc = SSH_ERROR;
924 int err;
925
926@@ -1341,7 +1342,7 @@ error:
927 */
928 int ssh_channel_close(ssh_channel channel)
929 {
930- ssh_session session;
931+ ssh_session session = NULL;
932 int rc = 0;
933
934 if(channel == NULL) {
935@@ -1437,7 +1438,7 @@ static int channel_write_common(ssh_channel channel,
936 const void *data,
937 uint32_t len, int is_stderr)
938 {
939- ssh_session session;
940+ ssh_session session = NULL;
941 uint32_t origlen = len;
942 size_t effectivelen;
943 size_t maxpacketlen;
944@@ -1694,7 +1695,7 @@ void ssh_channel_set_blocking(ssh_channel channel, int blocking)
945 * @brief handle a SSH_CHANNEL_SUCCESS packet and set the channel state.
946 */
947 SSH_PACKET_CALLBACK(ssh_packet_channel_success){
948- ssh_channel channel;
949+ ssh_channel channel = NULL;
950 (void)type;
951 (void)user;
952
953@@ -1724,7 +1725,7 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_success){
954 * @brief Handle a SSH_CHANNEL_FAILURE packet and set the channel state.
955 */
956 SSH_PACKET_CALLBACK(ssh_packet_channel_failure){
957- ssh_channel channel;
958+ ssh_channel channel = NULL;
959 (void)type;
960 (void)user;
961
962@@ -1863,7 +1864,7 @@ error:
963 int ssh_channel_request_pty_size(ssh_channel channel, const char *terminal,
964 int col, int row)
965 {
966- ssh_session session;
967+ ssh_session session = NULL;
968 ssh_buffer buffer = NULL;
969 int rc = SSH_ERROR;
970
971@@ -2174,7 +2175,7 @@ static ssh_channel ssh_channel_accept(ssh_session session, int channeltype,
972 #endif
973 ssh_message msg = NULL;
974 ssh_channel channel = NULL;
975- struct ssh_iterator *iterator;
976+ struct ssh_iterator *iterator = NULL;
977 int t;
978
979 /*
980@@ -2838,7 +2839,7 @@ error:
981 int channel_read_buffer(ssh_channel channel, ssh_buffer buffer, uint32_t count,
982 int is_stderr)
983 {
984- ssh_session session;
985+ ssh_session session = NULL;
986 char *buffer_tmp = NULL;
987 int r;
988 uint32_t total=0;
989@@ -2979,7 +2980,7 @@ int ssh_channel_read_timeout(ssh_channel channel,
990 int is_stderr,
991 int timeout_ms)
992 {
993- ssh_session session;
994+ ssh_session session = NULL;
995 ssh_buffer stdbuf;
996 uint32_t len;
997 struct ssh_channel_read_termination_struct ctx;
998@@ -3103,7 +3104,7 @@ int ssh_channel_read_nonblocking(ssh_channel channel,
999 uint32_t count,
1000 int is_stderr)
1001 {
1002- ssh_session session;
1003+ ssh_session session = NULL;
1004 uint32_t to_read;
1005 int rc;
1006 int blocking;
1007@@ -3213,8 +3214,8 @@ int ssh_channel_poll(ssh_channel channel, int is_stderr)
1008 */
1009 int ssh_channel_poll_timeout(ssh_channel channel, int timeout, int is_stderr)
1010 {
1011- ssh_session session;
1012- ssh_buffer stdbuf;
1013+ ssh_session session = NULL;
1014+ ssh_buffer stdbuf = NULL;
1015 struct ssh_channel_read_termination_struct ctx;
1016 size_t len;
1017 int rc;
1018@@ -3341,7 +3342,7 @@ channel_protocol_select(ssh_channel *rchans, ssh_channel *wchans,
1019 ssh_channel *echans, ssh_channel *rout,
1020 ssh_channel *wout, ssh_channel *eout)
1021 {
1022- ssh_channel chan;
1023+ ssh_channel chan = NULL;
1024 int i;
1025 int j = 0;
1026
1027@@ -3422,7 +3423,7 @@ static size_t count_ptrs(ssh_channel *ptrs)
1028 int ssh_channel_select(ssh_channel *readchans, ssh_channel *writechans,
1029 ssh_channel *exceptchans, struct timeval * timeout)
1030 {
1031- ssh_channel *rchans, *wchans, *echans;
1032+ ssh_channel *rchans = NULL, *wchans = NULL, *echans = NULL;
1033 ssh_channel dummy = NULL;
1034 ssh_event event = NULL;
1035 int rc;
1036@@ -3615,7 +3616,7 @@ int ssh_channel_write_stderr(ssh_channel channel, const void *data, uint32_t len
1037 int ssh_channel_open_reverse_forward(ssh_channel channel, const char *remotehost,
1038 int remoteport, const char *sourcehost, int localport)
1039 {
1040- ssh_session session;
1041+ ssh_session session = NULL;
1042 ssh_buffer payload = NULL;
1043 int rc = SSH_ERROR;
1044
1045@@ -3679,7 +3680,7 @@ error:
1046 int ssh_channel_open_x11(ssh_channel channel,
1047 const char *orig_addr, int orig_port)
1048 {
1049- ssh_session session;
1050+ ssh_session session = NULL;
1051 ssh_buffer payload = NULL;
1052 int rc = SSH_ERROR;
1053
1054diff --git a/src/client.c b/src/client.c
1055index e912090e..0cfca1c4 100644
1056--- a/src/client.c
1057+++ b/src/client.c
1058@@ -748,7 +748,7 @@ ssh_session_set_disconnect_message(ssh_session session, const char *message)
1059 void
1060 ssh_disconnect(ssh_session session)
1061 {
1062- struct ssh_iterator *it;
1063+ struct ssh_iterator *it = NULL;
1064 int rc;
1065
1066 if (session == NULL) {
1067diff --git a/src/config.c b/src/config.c
1068index c5c40125..d4d8d419 100644
1069--- a/src/config.c
1070+++ b/src/config.c
1071@@ -203,7 +203,7 @@ local_parse_file(ssh_session session,
1072 unsigned int depth,
1073 bool global)
1074 {
1075- FILE *f;
1076+ FILE *f = NULL;
1077 char line[MAX_LINE_SIZE] = {0};
1078 unsigned int count = 0;
1079 int rv;
1080@@ -1201,7 +1201,7 @@ int ssh_config_parse_file(ssh_session session, const char *filename)
1081 {
1082 char line[MAX_LINE_SIZE] = {0};
1083 unsigned int count = 0;
1084- FILE *f;
1085+ FILE *f = NULL;
1086 int parsing, rv;
1087 bool global = 0;
1088
1089diff --git a/src/config_parser.c b/src/config_parser.c
1090index b8b94611..e55c76d0 100644
1091--- a/src/config_parser.c
1092+++ b/src/config_parser.c
1093@@ -39,8 +39,8 @@
1094 */
1095 char *ssh_config_get_cmd(char **str)
1096 {
1097- register char *c;
1098- char *r;
1099+ register char *c = NULL;
1100+ char *r = NULL;
1101
1102 /* Ignore leading spaces */
1103 for (c = *str; *c; c++) {
1104@@ -67,7 +67,7 @@ out:
1105 */
1106 char *ssh_config_get_token(char **str)
1107 {
1108- register char *c;
1109+ register char *c = NULL;
1110 bool had_equal = false;
1111 char *r = NULL;
1112
1113@@ -116,7 +116,7 @@ out:
1114
1115 long ssh_config_get_long(char **str, long notfound)
1116 {
1117- char *p, *endp;
1118+ char *p = NULL, *endp = NULL;
1119 long i;
1120
1121 p = ssh_config_get_token(str);
1122@@ -133,7 +133,7 @@ long ssh_config_get_long(char **str, long notfound)
1123
1124 const char *ssh_config_get_str_tok(char **str, const char *def)
1125 {
1126- char *p;
1127+ char *p = NULL;
1128
1129 p = ssh_config_get_token(str);
1130 if (p && *p) {
1131@@ -145,7 +145,7 @@ const char *ssh_config_get_str_tok(char **str, const char *def)
1132
1133 int ssh_config_get_yesno(char **str, int notfound)
1134 {
1135- const char *p;
1136+ const char *p = NULL;
1137
1138 p = ssh_config_get_str_tok(str, NULL);
1139 if (p == NULL) {
1140diff --git a/src/connect.c b/src/connect.c
1141index 15cae644..2d09af5e 100644
1142--- a/src/connect.c
1143+++ b/src/connect.c
1144@@ -194,8 +194,8 @@ socket_t ssh_connect_host_nonblocking(ssh_session session, const char *host,
1145 }
1146
1147 if (bind_addr) {
1148- struct addrinfo *bind_ai;
1149- struct addrinfo *bind_itr;
1150+ struct addrinfo *bind_ai = NULL;
1151+ struct addrinfo *bind_itr = NULL;
1152
1153 SSH_LOG(SSH_LOG_PACKET, "Resolving %s", bind_addr);
1154
1155diff --git a/src/connector.c b/src/connector.c
1156index 56716749..6632cca1 100644
1157--- a/src/connector.c
1158+++ b/src/connector.c
1159@@ -637,8 +637,9 @@ error:
1160 return rc;
1161 }
1162
1163-int ssh_connector_remove_event(ssh_connector connector) {
1164- ssh_session session;
1165+int ssh_connector_remove_event(ssh_connector connector)
1166+{
1167+ ssh_session session = NULL;
1168
1169 if (connector->in_poll != NULL) {
1170 ssh_event_remove_poll(connector->event, connector->in_poll);
1171diff --git a/src/dh_crypto.c b/src/dh_crypto.c
1172index 9ff7ad3c..4dd9b507 100644
1173--- a/src/dh_crypto.c
1174+++ b/src/dh_crypto.c
1175@@ -404,7 +404,7 @@ done:
1176 */
1177 int ssh_dh_init_common(struct ssh_crypto_struct *crypto)
1178 {
1179- struct dh_ctx *ctx;
1180+ struct dh_ctx *ctx = NULL;
1181 int rc;
1182
1183 ctx = calloc(1, sizeof(*ctx));
1184diff --git a/src/ecdh_gcrypt.c b/src/ecdh_gcrypt.c
1185index 3d9d426f..73fcd50f 100644
1186--- a/src/ecdh_gcrypt.c
1187+++ b/src/ecdh_gcrypt.c
1188@@ -132,9 +132,9 @@ int ecdh_build_k(ssh_session session)
1189 #else
1190 size_t k_len = 0;
1191 enum ssh_key_exchange_e kex_type = session->next_crypto->kex_type;
1192- ssh_string s;
1193+ ssh_string s = NULL;
1194 #endif
1195- ssh_string pubkey_raw;
1196+ ssh_string pubkey_raw = NULL;
1197 gcry_sexp_t pubkey = NULL;
1198 ssh_string privkey = NULL;
1199 int rc = SSH_ERROR;
1200diff --git a/src/gcrypt_missing.c b/src/gcrypt_missing.c
1201index e931ec5b..56dcfb6d 100644
1202--- a/src/gcrypt_missing.c
1203+++ b/src/gcrypt_missing.c
1204@@ -47,7 +47,7 @@ int ssh_gcry_dec2bn(bignum *bn, const char *data) {
1205
1206 char *ssh_gcry_bn2dec(bignum bn) {
1207 bignum bndup, num, ten;
1208- char *ret;
1209+ char *ret = NULL;
1210 int count, count2;
1211 int size, rsize;
1212 char decnum;
1213diff --git a/src/getpass.c b/src/getpass.c
1214index 6be33c77..c19c4bc0 100644
1215--- a/src/getpass.c
1216+++ b/src/getpass.c
1217@@ -46,7 +46,7 @@
1218 */
1219 static int ssh_gets(const char *prompt, char *buf, size_t len, int verify)
1220 {
1221- char *tmp;
1222+ char *tmp = NULL;
1223 char *ptr = NULL;
1224 int ok = 0;
1225
1226@@ -78,7 +78,7 @@ static int ssh_gets(const char *prompt, char *buf, size_t len, int verify)
1227 }
1228
1229 if (verify) {
1230- char *key_string;
1231+ char *key_string = NULL;
1232
1233 key_string = calloc(1, len);
1234 if (key_string == NULL) {
1235diff --git a/src/gssapi.c b/src/gssapi.c
1236index 5325ac72..fd7b25af 100644
1237--- a/src/gssapi.c
1238+++ b/src/gssapi.c
1239@@ -196,7 +196,7 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user,
1240 gss_name_t server_name; /* local server fqdn */
1241 OM_uint32 maj_stat, min_stat;
1242 size_t i;
1243- char *ptr;
1244+ char *ptr = NULL;
1245 gss_OID_set supported; /* oids supported by server */
1246 gss_OID_set both_supported; /* oids supported by both client and server */
1247 gss_OID_set selected; /* oid selected for authentication */
1248@@ -341,7 +341,7 @@ static char *ssh_gssapi_name_to_char(gss_name_t name)
1249 {
1250 gss_buffer_desc buffer;
1251 OM_uint32 maj_stat, min_stat;
1252- char *ptr;
1253+ char *ptr = NULL;
1254 maj_stat = gss_display_name(&min_stat, name, &buffer, NULL);
1255 ssh_gssapi_log_error(SSH_LOG_WARNING,
1256 "converting name",
1257@@ -359,9 +359,10 @@ static char *ssh_gssapi_name_to_char(gss_name_t name)
1258
1259 }
1260
1261-SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
1262- ssh_string token;
1263- char *hexa;
1264+SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server)
1265+{
1266+ ssh_string token = NULL;
1267+ char *hexa = NULL;
1268 OM_uint32 maj_stat, min_stat;
1269 gss_buffer_desc input_token, output_token = GSS_C_EMPTY_BUFFER;
1270 gss_name_t client_name = GSS_C_NO_NAME;
1271@@ -385,7 +386,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
1272 }
1273
1274 if (ssh_callbacks_exists(session->server_callbacks, gssapi_accept_sec_ctx_function)){
1275- ssh_string out_token=NULL;
1276+ ssh_string out_token = NULL;
1277 rc = session->server_callbacks->gssapi_accept_sec_ctx_function(session,
1278 token, &out_token, session->server_callbacks->userdata);
1279 if (rc == SSH_ERROR){
1280@@ -507,7 +508,7 @@ static ssh_buffer ssh_gssapi_build_mic(ssh_session session)
1281
1282 SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_mic)
1283 {
1284- ssh_string mic_token;
1285+ ssh_string mic_token = NULL;
1286 OM_uint32 maj_stat, min_stat;
1287 gss_buffer_desc mic_buf = GSS_C_EMPTY_BUFFER;
1288 gss_buffer_desc mic_token_buf = GSS_C_EMPTY_BUFFER;
1289@@ -670,7 +671,7 @@ static int ssh_gssapi_match(ssh_session session, gss_OID_set *valid_oids)
1290 gss_name_t client_id = GSS_C_NO_NAME;
1291 gss_OID oid;
1292 unsigned int i;
1293- char *ptr;
1294+ char *ptr = NULL;
1295 int ret;
1296
1297 if (session->gssapi->client.client_deleg_creds == NULL) {
1298@@ -866,11 +867,11 @@ static gss_OID ssh_gssapi_oid_from_string(ssh_string oid_s)
1299
1300 SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){
1301 int rc;
1302- ssh_string oid_s;
1303+ ssh_string oid_s = NULL;
1304 gss_uint32 maj_stat, min_stat;
1305 gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
1306 gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
1307- char *hexa;
1308+ char *hexa = NULL;
1309 (void)type;
1310 (void)user;
1311
1312@@ -987,10 +988,11 @@ static int ssh_gssapi_send_mic(ssh_session session)
1313 return ssh_packet_send(session);
1314 }
1315
1316-SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){
1317+SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client)
1318+{
1319 int rc;
1320- ssh_string token;
1321- char *hexa;
1322+ ssh_string token = NULL;
1323+ char *hexa = NULL;
1324 OM_uint32 maj_stat, min_stat;
1325 gss_buffer_desc input_token, output_token = GSS_C_EMPTY_BUFFER;
1326 (void)user;
1327diff --git a/src/kex.c b/src/kex.c
1328index fbc70cf4..ecfc0120 100644
1329--- a/src/kex.c
1330+++ b/src/kex.c
1331@@ -330,7 +330,7 @@ static int cmp_first_kex_algo(const char *client_str,
1332 size_t client_kex_len;
1333 size_t server_kex_len;
1334
1335- char *colon;
1336+ char *colon = NULL;
1337
1338 int is_wrong = 1;
1339
1340@@ -762,7 +762,7 @@ char *ssh_client_select_hostkeys(ssh_session session)
1341 int ssh_set_client_kex(ssh_session session)
1342 {
1343 struct ssh_kex_struct *client = &session->next_crypto->client_kex;
1344- const char *wanted;
1345+ const char *wanted = NULL;
1346 int ok;
1347 int i;
1348
1349diff --git a/src/known_hosts.c b/src/known_hosts.c
1350index 84e15572..f660a6f3 100644
1351--- a/src/known_hosts.c
1352+++ b/src/known_hosts.c
1353@@ -79,8 +79,8 @@ static struct ssh_tokens_st *ssh_get_knownhost_line(FILE **file,
1354 const char **found_type)
1355 {
1356 char buffer[MAX_LINE_SIZE] = {0};
1357- char *ptr;
1358- struct ssh_tokens_st *tokens;
1359+ char *ptr = NULL;
1360+ struct ssh_tokens_st *tokens = NULL;
1361
1362 if (*file == NULL) {
1363 *file = fopen(filename,"r");
1364@@ -149,7 +149,7 @@ static struct ssh_tokens_st *ssh_get_knownhost_line(FILE **file,
1365 static int check_public_key(ssh_session session, char **tokens) {
1366 ssh_string pubkey_blob = NULL;
1367 ssh_buffer pubkey_buffer;
1368- char *pubkey_64;
1369+ char *pubkey_64 = NULL;
1370 int rc;
1371
1372 /* ssh-dss or ssh-rsa */
1373@@ -205,11 +205,11 @@ static int match_hashed_host(const char *host, const char *sourcehash)
1374 * hash := HMAC_SHA1(key=salt,data=host)
1375 */
1376 unsigned char buffer[256] = {0};
1377- ssh_buffer salt;
1378- ssh_buffer hash;
1379- HMACCTX mac;
1380- char *source;
1381- char *b64hash;
1382+ ssh_buffer salt = NULL;
1383+ ssh_buffer hash = NULL;
1384+ HMACCTX mac = NULL;
1385+ char *source = NULL;
1386+ char *b64hash = NULL;
1387 int match, rc;
1388 size_t size;
1389
1390@@ -304,14 +304,14 @@ static int match_hashed_host(const char *host, const char *sourcehash)
1391 int ssh_is_server_known(ssh_session session)
1392 {
1393 FILE *file = NULL;
1394- char *host;
1395- char *hostport;
1396- const char *type;
1397+ char *host = NULL;
1398+ char *hostport = NULL;
1399+ const char *type = NULL;
1400 int match;
1401 int i = 0;
1402- char *files[3];
1403+ char *files[3] = {0};
1404
1405- struct ssh_tokens_st *tokens;
1406+ struct ssh_tokens_st *tokens = NULL;
1407
1408 int ret = SSH_SERVER_NOT_KNOWN;
1409
1410@@ -443,12 +443,13 @@ int ssh_is_server_known(ssh_session session)
1411 * @deprecated Please use ssh_session_export_known_hosts_entry()
1412 * @brief This function is deprecated.
1413 */
1414-char * ssh_dump_knownhost(ssh_session session) {
1415+char *ssh_dump_knownhost(ssh_session session)
1416+{
1417 ssh_key server_pubkey = NULL;
1418- char *host;
1419- char *hostport;
1420- char *buffer;
1421- char *b64_key;
1422+ char *host = NULL;
1423+ char *hostport = NULL;
1424+ char *buffer = NULL;
1425+ char *b64_key = NULL;
1426 int rc;
1427
1428 if (session->opts.host == NULL) {
1429@@ -513,9 +514,9 @@ char * ssh_dump_knownhost(ssh_session session) {
1430 */
1431 int ssh_write_knownhost(ssh_session session)
1432 {
1433- FILE *file;
1434+ FILE *file = NULL;
1435 char *buffer = NULL;
1436- char *dir;
1437+ char *dir = NULL;
1438 int rc;
1439
1440 if (session->opts.knownhosts == NULL) {
1441diff --git a/src/knownhosts.c b/src/knownhosts.c
1442index 9f978096..109b4f06 100644
1443--- a/src/knownhosts.c
1444+++ b/src/knownhosts.c
1445@@ -61,7 +61,7 @@ static int hash_hostname(const char *name,
1446 size_t *hash_size)
1447 {
1448 int rc;
1449- HMACCTX mac_ctx;
1450+ HMACCTX mac_ctx = NULL;
1451
1452 mac_ctx = hmac_init(salt, salt_size, SSH_HMAC_SHA1);
1453 if (mac_ctx == NULL) {
1454@@ -81,8 +81,8 @@ static int hash_hostname(const char *name,
1455
1456 static int match_hashed_hostname(const char *host, const char *hashed_host)
1457 {
1458- char *hashed;
1459- char *b64_hash;
1460+ char *hashed = NULL;
1461+ char *b64_hash = NULL;
1462 ssh_buffer salt = NULL;
1463 ssh_buffer hash = NULL;
1464 unsigned char hashed_buf[256] = {0};
1465@@ -229,7 +229,7 @@ static int ssh_known_hosts_read_entries(const char *match,
1466 char line[MAX_LINE_SIZE];
1467 size_t lineno = 0;
1468 size_t len = 0;
1469- FILE *fp;
1470+ FILE *fp = NULL;
1471 int rc;
1472
1473 fp = fopen(filename, "r");
1474@@ -288,7 +288,7 @@ static int ssh_known_hosts_read_entries(const char *match,
1475 for (it = ssh_list_get_iterator(*entries);
1476 it != NULL;
1477 it = it->next) {
1478- struct ssh_knownhosts_entry *entry2;
1479+ struct ssh_knownhosts_entry *entry2 = NULL;
1480 int cmp;
1481 entry2 = ssh_iterator_value(struct ssh_knownhosts_entry *, it);
1482 cmp = ssh_known_hosts_entries_compare(entry, entry2);
1483@@ -312,8 +312,8 @@ error:
1484
1485 static char *ssh_session_get_host_port(ssh_session session)
1486 {
1487- char *host_port;
1488- char *host;
1489+ char *host_port = NULL;
1490+ char *host = NULL;
1491
1492 if (session->opts.host == NULL) {
1493 ssh_set_error(session,
1494@@ -537,7 +537,7 @@ char *ssh_known_hosts_get_algorithms_names(ssh_session session)
1495 char *host_port = NULL;
1496 size_t count;
1497 bool needcomma = false;
1498- char *names;
1499+ char *names = NULL;
1500
1501 int rc;
1502
1503@@ -645,7 +645,7 @@ int ssh_known_hosts_parse_line(const char *hostname,
1504 {
1505 struct ssh_knownhosts_entry *e = NULL;
1506 char *known_host = NULL;
1507- char *p;
1508+ char *p = NULL;
1509 char *save_tok = NULL;
1510 enum ssh_keytypes_e key_type;
1511 int match = 0;
1512diff --git a/src/legacy.c b/src/legacy.c
1513index 7b165dbe..7359040c 100644
1514--- a/src/legacy.c
1515+++ b/src/legacy.c
1516@@ -48,7 +48,7 @@ int ssh_auth_list(ssh_session session) {
1517 int ssh_userauth_offer_pubkey(ssh_session session, const char *username,
1518 int type, ssh_string publickey)
1519 {
1520- ssh_key key;
1521+ ssh_key key = NULL;
1522 int rc;
1523
1524 (void) type; /* unused */
1525@@ -70,7 +70,7 @@ int ssh_userauth_pubkey(ssh_session session,
1526 ssh_string publickey,
1527 ssh_private_key privatekey)
1528 {
1529- ssh_key key;
1530+ ssh_key key = NULL;
1531 int rc;
1532
1533 (void) publickey; /* unused */
1534@@ -389,10 +389,11 @@ void publickey_free(ssh_public_key key) {
1535 SAFE_FREE(key);
1536 }
1537
1538-ssh_public_key publickey_from_privatekey(ssh_private_key prv) {
1539- struct ssh_public_key_struct *p;
1540- ssh_key privkey;
1541- ssh_key pubkey;
1542+ssh_public_key publickey_from_privatekey(ssh_private_key prv)
1543+{
1544+ struct ssh_public_key_struct *p = NULL;
1545+ ssh_key privkey = NULL;
1546+ ssh_key pubkey = NULL;
1547 int rc;
1548
1549 privkey = ssh_key_new();
1550@@ -434,8 +435,8 @@ ssh_private_key privatekey_from_file(ssh_session session,
1551 const char *passphrase) {
1552 ssh_auth_callback auth_fn = NULL;
1553 void *auth_data = NULL;
1554- ssh_private_key privkey;
1555- ssh_key key;
1556+ ssh_private_key privkey = NULL;
1557+ ssh_key key = NULL;
1558 int rc;
1559
1560 (void) type; /* unused */
1561@@ -510,7 +511,7 @@ void privatekey_free(ssh_private_key prv) {
1562
1563 ssh_string publickey_from_file(ssh_session session, const char *filename,
1564 int *type) {
1565- ssh_key key;
1566+ ssh_key key = NULL;
1567 ssh_string key_str = NULL;
1568 int rc;
1569
1570@@ -543,9 +544,10 @@ int ssh_type_from_name(const char *name) {
1571 return ssh_key_type_from_name(name);
1572 }
1573
1574-ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s) {
1575- struct ssh_public_key_struct *pubkey;
1576- ssh_key key;
1577+ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s)
1578+{
1579+ struct ssh_public_key_struct *pubkey = NULL;
1580+ ssh_key key = NULL;
1581 int rc;
1582
1583 (void) session; /* unused */
1584@@ -579,9 +581,10 @@ ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s) {
1585 return pubkey;
1586 }
1587
1588-ssh_string publickey_to_string(ssh_public_key pubkey) {
1589- ssh_key key;
1590- ssh_string key_blob;
1591+ssh_string publickey_to_string(ssh_public_key pubkey)
1592+{
1593+ ssh_key key = NULL;
1594+ ssh_string key_blob = NULL;
1595 int rc;
1596
1597 if (pubkey == NULL) {
1598@@ -624,11 +627,11 @@ int ssh_publickey_to_file(ssh_session session,
1599 ssh_string pubkey,
1600 int type)
1601 {
1602- FILE *fp;
1603- char *user;
1604+ FILE *fp = NULL;
1605+ char *user = NULL;
1606 char buffer[1024];
1607 char host[256];
1608- unsigned char *pubkey_64;
1609+ unsigned char *pubkey_64 = NULL;
1610 size_t len;
1611 int rc;
1612 if(session==NULL)
1613@@ -695,9 +698,9 @@ int ssh_try_publickey_from_file(ssh_session session,
1614 const char *keyfile,
1615 ssh_string *publickey,
1616 int *type) {
1617- char *pubkey_file;
1618+ char *pubkey_file = NULL;
1619 size_t len;
1620- ssh_string pubkey_string;
1621+ ssh_string pubkey_string = NULL;
1622 int pubkey_type;
1623
1624 if (session == NULL || keyfile == NULL || publickey == NULL || type == NULL) {
1625diff --git a/src/libmbedcrypto.c b/src/libmbedcrypto.c
1626index caa3b6e9..422d5ae2 100644
1627--- a/src/libmbedcrypto.c
1628+++ b/src/libmbedcrypto.c
1629@@ -133,7 +133,7 @@ cipher_init(struct ssh_cipher_struct *cipher,
1630 void *IV)
1631 {
1632 const mbedtls_cipher_info_t *cipher_info = NULL;
1633- mbedtls_cipher_context_t *ctx;
1634+ mbedtls_cipher_context_t *ctx = NULL;
1635 size_t key_bitlen = 0;
1636 size_t iv_size = 0;
1637 int rc;
1638diff --git a/src/log.c b/src/log.c
1639index 5bae18b8..fabbe945 100644
1640--- a/src/log.c
1641+++ b/src/log.c
1642@@ -44,7 +44,7 @@
1643
1644 static LIBSSH_THREAD int ssh_log_level;
1645 static LIBSSH_THREAD ssh_logging_callback ssh_log_cb;
1646-static LIBSSH_THREAD void *ssh_log_userdata;
1647+static LIBSSH_THREAD void *ssh_log_userdata = NULL;
1648
1649 /**
1650 * @defgroup libssh_log The SSH logging functions
1651diff --git a/src/messages.c b/src/messages.c
1652index 3f969536..6dadabf0 100644
1653--- a/src/messages.c
1654+++ b/src/messages.c
1655@@ -479,7 +479,7 @@ static void ssh_message_queue(ssh_session session, ssh_message message)
1656 */
1657 ssh_message ssh_message_pop_head(ssh_session session){
1658 ssh_message msg=NULL;
1659- struct ssh_iterator *i;
1660+ struct ssh_iterator *i = NULL;
1661 if(session->ssh_message_list == NULL)
1662 return NULL;
1663 i=ssh_list_get_iterator(session->ssh_message_list);
1664@@ -493,7 +493,7 @@ ssh_message ssh_message_pop_head(ssh_session session){
1665 /* Returns 1 if there is a message available */
1666 static int ssh_message_termination(void *s){
1667 ssh_session session = s;
1668- struct ssh_iterator *it;
1669+ struct ssh_iterator *it = NULL;
1670 if(session->session_state == SSH_SESSION_STATE_ERROR)
1671 return 1;
1672 it = ssh_list_get_iterator(session->ssh_message_list);
1673@@ -694,7 +694,7 @@ static ssh_buffer ssh_msg_userauth_build_digest(ssh_session session,
1674 ssh_string algo)
1675 {
1676 struct ssh_crypto_struct *crypto = NULL;
1677- ssh_buffer buffer;
1678+ ssh_buffer buffer = NULL;
1679 ssh_string str=NULL;
1680 int rc;
1681
1682@@ -933,9 +933,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
1683 #ifdef WITH_GSSAPI
1684 if (strcmp(method, "gssapi-with-mic") == 0) {
1685 uint32_t n_oid;
1686- ssh_string *oids;
1687- ssh_string oid;
1688- char *hexa;
1689+ ssh_string *oids = NULL;
1690+ ssh_string oid = NULL;
1691+ char *hexa = NULL;
1692 int i;
1693 ssh_buffer_get_u32(packet, &n_oid);
1694 n_oid=ntohl(n_oid);
1695@@ -1019,7 +1019,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
1696 SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
1697 uint32_t nanswers;
1698 uint32_t i;
1699- ssh_string tmp;
1700+ ssh_string tmp = NULL;
1701 int rc;
1702
1703 ssh_message msg = NULL;
1704@@ -1251,7 +1251,7 @@ end:
1705 * @returns SSH_OK on success, SSH_ERROR if an error occurred.
1706 */
1707 int ssh_message_channel_request_open_reply_accept_channel(ssh_message msg, ssh_channel chan) {
1708- ssh_session session;
1709+ ssh_session session = NULL;
1710 int rc;
1711
1712 if (msg == NULL) {
1713@@ -1302,7 +1302,7 @@ int ssh_message_channel_request_open_reply_accept_channel(ssh_message msg, ssh_c
1714 * @returns NULL in case of error
1715 */
1716 ssh_channel ssh_message_channel_request_open_reply_accept(ssh_message msg) {
1717- ssh_channel chan;
1718+ ssh_channel chan = NULL;
1719 int rc;
1720
1721 if (msg == NULL) {
1722diff --git a/src/misc.c b/src/misc.c
1723index 7081f12a..f371f332 100644
1724--- a/src/misc.c
1725+++ b/src/misc.c
1726@@ -393,7 +393,7 @@ int ssh_is_ipaddr(const char *str)
1727
1728 char *ssh_lowercase(const char* str)
1729 {
1730- char *new, *p;
1731+ char *new = NULL, *p = NULL;
1732
1733 if (str == NULL) {
1734 return NULL;
1735@@ -447,7 +447,7 @@ char *ssh_hostport(const char *host, int port)
1736 char *ssh_get_hexa(const unsigned char *what, size_t len)
1737 {
1738 const char h[] = "0123456789abcdef";
1739- char *hexa;
1740+ char *hexa = NULL;
1741 size_t i;
1742 size_t hlen = len * 3;
1743
1744@@ -716,7 +716,7 @@ struct ssh_list *ssh_list_new(void)
1745
1746 void ssh_list_free(struct ssh_list *list)
1747 {
1748- struct ssh_iterator *ptr, *next;
1749+ struct ssh_iterator *ptr = NULL, *next = NULL;
1750 if (!list)
1751 return;
1752 ptr = list->root;
1753@@ -737,7 +737,7 @@ struct ssh_iterator *ssh_list_get_iterator(const struct ssh_list *list)
1754
1755 struct ssh_iterator *ssh_list_find(const struct ssh_list *list, void *value)
1756 {
1757- struct ssh_iterator *it;
1758+ struct ssh_iterator *it = NULL;
1759
1760 for (it = ssh_list_get_iterator(list); it != NULL ; it = it->next)
1761 if (it->data == value)
1762@@ -826,7 +826,7 @@ int ssh_list_prepend(struct ssh_list *list, const void *data)
1763
1764 void ssh_list_remove(struct ssh_list *list, struct ssh_iterator *iterator)
1765 {
1766- struct ssh_iterator *ptr, *prev;
1767+ struct ssh_iterator *ptr = NULL, *prev = NULL;
1768
1769 if (list == NULL) {
1770 return;
1771@@ -967,7 +967,7 @@ char *ssh_dirname (const char *path)
1772 char *ssh_basename (const char *path)
1773 {
1774 char *new = NULL;
1775- const char *s;
1776+ const char *s = NULL;
1777 size_t len;
1778
1779 if (path == NULL || *path == '\0') {
1780@@ -1105,8 +1105,8 @@ int ssh_mkdirs(const char *pathname, mode_t mode)
1781 */
1782 char *ssh_path_expand_tilde(const char *d)
1783 {
1784- char *h = NULL, *r;
1785- const char *p;
1786+ char *h = NULL, *r = NULL;
1787+ const char *p = NULL;
1788 size_t ld;
1789 size_t lh = 0;
1790
1791@@ -1121,7 +1121,7 @@ char *ssh_path_expand_tilde(const char *d)
1792 #ifdef _WIN32
1793 return strdup(d);
1794 #else
1795- struct passwd *pw;
1796+ struct passwd *pw = NULL;
1797 size_t s = p - d;
1798 char u[128];
1799
1800@@ -1182,7 +1182,7 @@ char *ssh_path_expand_escape(ssh_session session, const char *s)
1801 char *buf = NULL;
1802 char *r = NULL;
1803 char *x = NULL;
1804- const char *p;
1805+ const char *p = NULL;
1806 size_t i, l;
1807
1808 r = ssh_path_expand_tilde(s);
1809@@ -1335,8 +1335,8 @@ char *ssh_path_expand_escape(ssh_session session, const char *s)
1810 */
1811 int ssh_analyze_banner(ssh_session session, int server)
1812 {
1813- const char *banner;
1814- const char *openssh;
1815+ const char *banner = NULL;
1816+ const char *openssh = NULL;
1817
1818 if (server) {
1819 banner = session->clientbanner;
1820diff --git a/src/options.c b/src/options.c
1821index 38511455..b641b34f 100644
1822--- a/src/options.c
1823+++ b/src/options.c
1824@@ -67,7 +67,7 @@
1825 */
1826 int ssh_options_copy(ssh_session src, ssh_session *dest)
1827 {
1828- ssh_session new;
1829+ ssh_session new = NULL;
1830 struct ssh_iterator *it = NULL;
1831 struct ssh_list *list = NULL;
1832 char *id = NULL;
1833@@ -499,8 +499,8 @@ int ssh_options_set_algo(ssh_session session,
1834 int ssh_options_set(ssh_session session, enum ssh_options_e type,
1835 const void *value)
1836 {
1837- const char *v;
1838- char *p, *q;
1839+ const char *v = NULL;
1840+ char *p = NULL, *q = NULL;
1841 long int i;
1842 unsigned int u;
1843 int rc;
1844@@ -1170,7 +1170,7 @@ int ssh_options_get_port(ssh_session session, unsigned int* port_target) {
1845 */
1846 int ssh_options_get(ssh_session session, enum ssh_options_e type, char** value)
1847 {
1848- char* src = NULL;
1849+ char *src = NULL;
1850
1851 if (session == NULL) {
1852 return SSH_ERROR;
1853@@ -1192,7 +1192,7 @@ int ssh_options_get(ssh_session session, enum ssh_options_e type, char** value)
1854 break;
1855 }
1856 case SSH_OPTIONS_IDENTITY: {
1857- struct ssh_iterator *it;
1858+ struct ssh_iterator *it = NULL;
1859 it = ssh_list_get_iterator(session->opts.identity);
1860 if (it == NULL) {
1861 it = ssh_list_get_iterator(session->opts.identity_non_exp);
1862@@ -1445,7 +1445,7 @@ int ssh_options_getopt(ssh_session session, int *argcptr, char **argv)
1863 */
1864 int ssh_options_parse_config(ssh_session session, const char *filename)
1865 {
1866- char *expanded_filename;
1867+ char *expanded_filename = NULL;
1868 int r;
1869
1870 if (session == NULL) {
1871@@ -1491,7 +1491,7 @@ out:
1872
1873 int ssh_options_apply(ssh_session session)
1874 {
1875- char *tmp;
1876+ char *tmp = NULL;
1877 int rc;
1878
1879 if (session->opts.sshdir == NULL) {
1880@@ -2204,7 +2204,7 @@ static char *ssh_bind_options_expand_escape(ssh_bind sshbind, const char *s)
1881 char *buf = NULL;
1882 char *r = NULL;
1883 char *x = NULL;
1884- const char *p;
1885+ const char *p = NULL;
1886 size_t i, l;
1887
1888 r = ssh_path_expand_tilde(s);
1889@@ -2310,7 +2310,7 @@ static char *ssh_bind_options_expand_escape(ssh_bind sshbind, const char *s)
1890 int ssh_bind_options_parse_config(ssh_bind sshbind, const char *filename)
1891 {
1892 int rc = 0;
1893- char *expanded_filename;
1894+ char *expanded_filename = NULL;
1895
1896 if (sshbind == NULL) {
1897 return -1;
1898diff --git a/src/packet.c b/src/packet.c
1899index ea73f9ad..4b4d0dc3 100644
1900--- a/src/packet.c
1901+++ b/src/packet.c
1902@@ -1430,8 +1430,8 @@ error:
1903 static void ssh_packet_socket_controlflow_callback(int code, void *userdata)
1904 {
1905 ssh_session session = userdata;
1906- struct ssh_iterator *it;
1907- ssh_channel channel;
1908+ struct ssh_iterator *it = NULL;
1909+ ssh_channel channel = NULL;
1910
1911 if (code == SSH_SOCKET_FLOW_WRITEWONTBLOCK) {
1912 SSH_LOG(SSH_LOG_TRACE, "sending channel_write_wontblock callback");
1913@@ -1894,7 +1894,7 @@ int ssh_packet_send(ssh_session session)
1914
1915 /* We finished the key exchange so we can try to send our queue now */
1916 if (rc == SSH_OK && type == SSH2_MSG_NEWKEYS) {
1917- struct ssh_iterator *it;
1918+ struct ssh_iterator *it = NULL;
1919
1920 if (session->flags & SSH_SESSION_FLAG_KEX_STRICT) {
1921 /* reset packet sequence number when running in strict kex mode */
1922diff --git a/src/packet_crypt.c b/src/packet_crypt.c
1923index fe3f489e..96e9586c 100644
1924--- a/src/packet_crypt.c
1925+++ b/src/packet_crypt.c
1926@@ -262,7 +262,7 @@ int ssh_packet_hmac_verify(ssh_session session,
1927 {
1928 struct ssh_crypto_struct *crypto = NULL;
1929 unsigned char hmacbuf[DIGEST_MAX_LEN] = {0};
1930- HMACCTX ctx;
1931+ HMACCTX ctx = NULL;
1932 size_t hmaclen = DIGEST_MAX_LEN;
1933 uint32_t seq;
1934 int cmp;
1935diff --git a/src/pki.c b/src/pki.c
1936index a7c84c5e..cf4176fb 100644
1937--- a/src/pki.c
1938+++ b/src/pki.c
1939@@ -369,7 +369,7 @@ enum ssh_digest_e ssh_key_hash_from_name(const char *name)
1940 */
1941 int ssh_key_algorithm_allowed(ssh_session session, const char *type)
1942 {
1943- const char *allowed_list;
1944+ const char *allowed_list = NULL;
1945
1946 if (session->client) {
1947 allowed_list = session->opts.pubkey_accepted_types;
1948@@ -729,7 +729,7 @@ int ssh_key_cmp(const ssh_key k1,
1949
1950 ssh_signature ssh_signature_new(void)
1951 {
1952- struct ssh_signature_struct *sig;
1953+ struct ssh_signature_struct *sig = NULL;
1954
1955 sig = malloc(sizeof(struct ssh_signature_struct));
1956 if (sig == NULL) {
1957@@ -821,7 +821,7 @@ int ssh_pki_import_privkey_base64(const char *b64_key,
1958 void *auth_data,
1959 ssh_key *pkey)
1960 {
1961- ssh_key key;
1962+ ssh_key key = NULL;
1963 char *openssh_header = NULL;
1964
1965 if (b64_key == NULL || pkey == NULL) {
1966@@ -944,8 +944,8 @@ int ssh_pki_import_privkey_file(const char *filename,
1967 void *auth_data,
1968 ssh_key *pkey) {
1969 struct stat sb;
1970- char *key_buf;
1971- FILE *file;
1972+ char *key_buf = NULL;
1973+ FILE *file = NULL;
1974 off_t size;
1975 int rc;
1976 char err_msg[SSH_ERRNO_MSG_MAX] = {0};
1977@@ -1046,7 +1046,7 @@ int ssh_pki_export_privkey_file(const ssh_key privkey,
1978 void *auth_data,
1979 const char *filename)
1980 {
1981- ssh_string blob;
1982+ ssh_string blob = NULL;
1983 FILE *fp;
1984 int rc;
1985
1986@@ -1093,8 +1093,8 @@ int ssh_pki_export_privkey_file(const ssh_key privkey,
1987 /* temporary function to migrate seamlessly to ssh_key */
1988 ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key)
1989 {
1990- ssh_public_key pub;
1991- ssh_key tmp;
1992+ ssh_public_key pub = NULL;
1993+ ssh_key tmp = NULL;
1994
1995 if (key == NULL) {
1996 return NULL;
1997@@ -1131,7 +1131,7 @@ ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key)
1998
1999 ssh_private_key ssh_pki_convert_key_to_privatekey(const ssh_key key)
2000 {
2001- ssh_private_key privkey;
2002+ ssh_private_key privkey = NULL;
2003
2004 privkey = calloc(1, sizeof(struct ssh_private_key_struct));
2005 if (privkey == NULL) {
2006@@ -1521,9 +1521,9 @@ static int pki_import_cert_buffer(ssh_buffer buffer,
2007 enum ssh_keytypes_e type,
2008 ssh_key *pkey)
2009 {
2010- ssh_buffer cert;
2011- ssh_string tmp_s;
2012- const char *type_c;
2013+ ssh_buffer cert = NULL;
2014+ ssh_string tmp_s = NULL;
2015+ const char *type_c = NULL;
2016 ssh_key key = NULL;
2017 int rc;
2018
2019@@ -2067,7 +2067,7 @@ error:
2020 int ssh_pki_export_privkey_to_pubkey(const ssh_key privkey,
2021 ssh_key *pkey)
2022 {
2023- ssh_key pubkey;
2024+ ssh_key pubkey = NULL;
2025
2026 if (privkey == NULL || !ssh_key_is_private(privkey)) {
2027 return SSH_ERROR;
2028@@ -2105,7 +2105,7 @@ int ssh_pki_export_privkey_to_pubkey(const ssh_key privkey,
2029 int ssh_pki_export_pubkey_blob(const ssh_key key,
2030 ssh_string *pblob)
2031 {
2032- ssh_string blob;
2033+ ssh_string blob = NULL;
2034
2035 if (key == NULL) {
2036 return SSH_OK;
2037@@ -2135,8 +2135,8 @@ int ssh_pki_export_pubkey_blob(const ssh_key key,
2038 int ssh_pki_export_pubkey_base64(const ssh_key key,
2039 char **b64_key)
2040 {
2041- ssh_string key_blob;
2042- unsigned char *b64;
2043+ ssh_string key_blob = NULL;
2044+ unsigned char *b64 = NULL;
2045
2046 if (key == NULL || b64_key == NULL) {
2047 return SSH_ERROR;
2048@@ -2175,9 +2175,9 @@ int ssh_pki_export_pubkey_file(const ssh_key key,
2049 {
2050 char key_buf[MAX_LINE_SIZE];
2051 char host[256];
2052- char *b64_key;
2053- char *user;
2054- FILE *fp;
2055+ char *b64_key = NULL;
2056+ char *user = NULL;
2057+ FILE *fp = NULL;
2058 int rc;
2059
2060 if (key == NULL || filename == NULL || *filename == '\0') {
2061@@ -2238,7 +2238,7 @@ int ssh_pki_export_pubkey_file(const ssh_key key,
2062 * @returns SSH_OK on success, SSH_ERROR otherwise.
2063 **/
2064 int ssh_pki_copy_cert_to_privkey(const ssh_key certkey, ssh_key privkey) {
2065- ssh_buffer cert_buffer;
2066+ ssh_buffer cert_buffer = NULL;
2067 int rc;
2068
2069 if (certkey == NULL || privkey == NULL) {
2070@@ -2273,7 +2273,7 @@ int ssh_pki_export_signature_blob(const ssh_signature sig,
2071 ssh_string *sig_blob)
2072 {
2073 ssh_buffer buf = NULL;
2074- ssh_string str;
2075+ ssh_string str = NULL;
2076 int rc;
2077
2078 if (sig == NULL || sig_blob == NULL) {
2079@@ -2337,7 +2337,7 @@ int ssh_pki_import_signature_blob(const ssh_string sig_blob,
2080 enum ssh_keytypes_e type;
2081 enum ssh_digest_e hash_type;
2082 ssh_string algorithm = NULL, blob = NULL;
2083- ssh_buffer buf;
2084+ ssh_buffer buf = NULL;
2085 const char *alg = NULL;
2086 uint8_t flags = 0;
2087 uint32_t counter = 0;
2088@@ -2697,9 +2697,9 @@ ssh_string ssh_pki_do_sign_agent(ssh_session session,
2089 const ssh_key pubkey)
2090 {
2091 struct ssh_crypto_struct *crypto = NULL;
2092- ssh_string session_id;
2093- ssh_string sig_blob;
2094- ssh_buffer sig_buf;
2095+ ssh_string session_id = NULL;
2096+ ssh_string sig_blob = NULL;
2097+ ssh_buffer sig_buf = NULL;
2098 int rc;
2099
2100 crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_BOTH);
2101diff --git a/src/pki_container_openssh.c b/src/pki_container_openssh.c
2102index 4314c5b7..f2776c2c 100644
2103--- a/src/pki_container_openssh.c
2104+++ b/src/pki_container_openssh.c
2105@@ -234,12 +234,12 @@ ssh_pki_openssh_import(const char *text_key,
2106 bool private)
2107 {
2108 const char *ptr = text_key;
2109- const char *end;
2110- char *base64;
2111+ const char *end = NULL;
2112+ char *base64 = NULL;
2113 int cmp;
2114 int rc;
2115 int i;
2116- ssh_buffer buffer = NULL, privkey_buffer=NULL;
2117+ ssh_buffer buffer = NULL, privkey_buffer = NULL;
2118 char *magic = NULL, *ciphername = NULL, *kdfname = NULL;
2119 uint32_t nkeys = 0, checkint1 = 0, checkint2 = 0xFFFF;
2120 ssh_string kdfoptions = NULL;
2121@@ -538,14 +538,14 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
2122 {
2123 ssh_buffer buffer;
2124 ssh_string str = NULL;
2125- ssh_string pubkey_s=NULL;
2126+ ssh_string pubkey_s = NULL;
2127 ssh_buffer privkey_buffer = NULL;
2128 uint32_t rnd;
2129 uint32_t rounds = 16;
2130- ssh_string salt=NULL;
2131- ssh_string kdf_options=NULL;
2132+ ssh_string salt = NULL;
2133+ ssh_string kdf_options = NULL;
2134 int to_encrypt=0;
2135- unsigned char *b64;
2136+ unsigned char *b64 = NULL;
2137 uint32_t str_len, len;
2138 uint8_t padding = 1;
2139 int ok;
2140diff --git a/src/pki_crypto.c b/src/pki_crypto.c
2141index aec49544..0fc69121 100644
2142--- a/src/pki_crypto.c
2143+++ b/src/pki_crypto.c
2144@@ -382,7 +382,7 @@ int pki_pubkey_build_ecdsa(ssh_key key, int nid, ssh_string e)
2145 #else
2146 int rc;
2147 const char *group_name = OSSL_EC_curve_nid2name(nid);
2148- OSSL_PARAM_BLD *param_bld;
2149+ OSSL_PARAM_BLD *param_bld = NULL;
2150 #endif /* OPENSSL_VERSION_NUMBER */
2151
2152 key->ecdsa_nid = nid;
2153@@ -2299,7 +2299,7 @@ static ssh_string pki_ecdsa_signature_to_blob(const ssh_signature sig)
2154 const unsigned char *raw_sig_data = NULL;
2155 size_t raw_sig_len;
2156
2157- ECDSA_SIG *ecdsa_sig;
2158+ ECDSA_SIG *ecdsa_sig = NULL;
2159
2160 int rc;
2161
2162@@ -2616,8 +2616,8 @@ static int pki_signature_from_ecdsa_blob(UNUSED_PARAM(const ssh_key pubkey),
2163 ECDSA_SIG *ecdsa_sig = NULL;
2164 BIGNUM *pr = NULL, *ps = NULL;
2165
2166- ssh_string r;
2167- ssh_string s;
2168+ ssh_string r = NULL;
2169+ ssh_string s = NULL;
2170
2171 ssh_buffer buf = NULL;
2172 uint32_t rlen;
2173diff --git a/src/pki_ed25519.c b/src/pki_ed25519.c
2174index 6a5a4a8a..0674fb63 100644
2175--- a/src/pki_ed25519.c
2176+++ b/src/pki_ed25519.c
2177@@ -62,7 +62,7 @@ int pki_ed25519_sign(const ssh_key privkey,
2178 size_t hlen)
2179 {
2180 int rc;
2181- uint8_t *buffer;
2182+ uint8_t *buffer = NULL;
2183 uint64_t dlen = 0;
2184
2185 buffer = malloc(hlen + ED25519_SIG_LEN);
2186@@ -104,8 +104,8 @@ int pki_ed25519_verify(const ssh_key pubkey,
2187 size_t hlen)
2188 {
2189 uint64_t mlen = 0;
2190- uint8_t *buffer;
2191- uint8_t *buffer2;
2192+ uint8_t *buffer = NULL;
2193+ uint8_t *buffer2 = NULL;
2194 int rc;
2195
2196 if (pubkey == NULL || sig == NULL ||
2197diff --git a/src/pki_ed25519_common.c b/src/pki_ed25519_common.c
2198index bdc6f6bb..59a3b03c 100644
2199--- a/src/pki_ed25519_common.c
2200+++ b/src/pki_ed25519_common.c
2201@@ -213,7 +213,7 @@ int pki_ed25519_public_key_to_blob(ssh_buffer buffer, ssh_key key)
2202 */
2203 ssh_string pki_ed25519_signature_to_blob(ssh_signature sig)
2204 {
2205- ssh_string sig_blob;
2206+ ssh_string sig_blob = NULL;
2207 int rc;
2208
2209 #ifdef HAVE_OPENSSL_ED25519
2210diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c
2211index 418a46b3..cb4de325 100644
2212--- a/src/pki_gcrypt.c
2213+++ b/src/pki_gcrypt.c
2214@@ -152,7 +152,7 @@ static ssh_string asn1_get_int(ssh_buffer buffer) {
2215
2216 static ssh_string asn1_get_bit_string(ssh_buffer buffer)
2217 {
2218- ssh_string str;
2219+ ssh_string str = NULL;
2220 unsigned char type;
2221 uint32_t size;
2222 unsigned char unused, last, *p;
2223@@ -1882,9 +1882,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
2224 case SSH_KEYTYPE_ECDSA_P521:
2225 #ifdef HAVE_GCRYPT_ECC
2226 {
2227- ssh_string R;
2228- ssh_string S;
2229- ssh_buffer b;
2230+ ssh_string R = NULL;
2231+ ssh_string S = NULL;
2232+ ssh_buffer b = NULL;
2233
2234 b = ssh_buffer_new();
2235 if (b == NULL) {
2236@@ -2054,8 +2054,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
2237 case SSH_KEYTYPE_SK_ECDSA:
2238 #ifdef HAVE_GCRYPT_ECC
2239 { /* build ecdsa siganature */
2240- ssh_buffer b;
2241- ssh_string r, s;
2242+ ssh_buffer b = NULL;
2243+ ssh_string r = NULL, s = NULL;
2244 uint32_t rlen;
2245
2246 b = ssh_buffer_new();
2247diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c
2248index cb9d3228..01813702 100644
2249--- a/src/pki_mbedcrypto.c
2250+++ b/src/pki_mbedcrypto.c
2251@@ -1078,9 +1078,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
2252 case SSH_KEYTYPE_ECDSA_P256:
2253 case SSH_KEYTYPE_ECDSA_P384:
2254 case SSH_KEYTYPE_ECDSA_P521: {
2255- ssh_string r;
2256- ssh_string s;
2257- ssh_buffer b;
2258+ ssh_string r = NULL;
2259+ ssh_string s = NULL;
2260+ ssh_buffer b = NULL;
2261 int rc;
2262
2263 b = ssh_buffer_new();
2264@@ -1234,9 +1234,9 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
2265 case SSH_KEYTYPE_ECDSA_P384:
2266 case SSH_KEYTYPE_ECDSA_P521:
2267 case SSH_KEYTYPE_SK_ECDSA: {
2268- ssh_buffer b;
2269- ssh_string r;
2270- ssh_string s;
2271+ ssh_buffer b = NULL;
2272+ ssh_string r = NULL;
2273+ ssh_string s = NULL;
2274 size_t rlen;
2275
2276 b = ssh_buffer_new();
2277diff --git a/src/poll.c b/src/poll.c
2278index 8f81c11c..d0f9726d 100644
2279--- a/src/poll.c
2280+++ b/src/poll.c
2281@@ -560,8 +560,8 @@ void ssh_poll_ctx_free(ssh_poll_ctx ctx)
2282
2283 static int ssh_poll_ctx_resize(ssh_poll_ctx ctx, size_t new_size)
2284 {
2285- ssh_poll_handle *pollptrs;
2286- ssh_pollfd_t *pollfds;
2287+ ssh_poll_handle *pollptrs = NULL;
2288+ ssh_pollfd_t *pollfds = NULL;
2289
2290 pollptrs = realloc(ctx->pollptrs, sizeof(ssh_poll_handle) * new_size);
2291 if (pollptrs == NULL) {
2292@@ -862,7 +862,7 @@ ssh_event_add_fd(ssh_event event, socket_t fd, short events,
2293 ssh_event_callback cb, void *userdata)
2294 {
2295 ssh_poll_handle p;
2296- struct ssh_event_fd_wrapper *pw;
2297+ struct ssh_event_fd_wrapper *pw = NULL;
2298
2299 if(event == NULL || event->ctx == NULL || cb == NULL
2300 || fd == SSH_INVALID_SOCKET) {
2301@@ -932,7 +932,7 @@ int ssh_event_add_session(ssh_event event, ssh_session session)
2302 {
2303 ssh_poll_handle p;
2304 #ifdef WITH_SERVER
2305- struct ssh_iterator *iterator;
2306+ struct ssh_iterator *iterator = NULL;
2307 #endif
2308
2309 if(event == NULL || event->ctx == NULL || session == NULL) {
2310@@ -1079,7 +1079,7 @@ int ssh_event_remove_session(ssh_event event, ssh_session session)
2311 register size_t i, used;
2312 int rc = SSH_ERROR;
2313 #ifdef WITH_SERVER
2314- struct ssh_iterator *iterator;
2315+ struct ssh_iterator *iterator = NULL;
2316 #endif
2317
2318 if (event == NULL || event->ctx == NULL || session == NULL) {
2319diff --git a/src/server.c b/src/server.c
2320index 70b90899..89f8d8b0 100644
2321--- a/src/server.c
2322+++ b/src/server.c
2323@@ -85,8 +85,8 @@ int server_set_kex(ssh_session session)
2324 {
2325 struct ssh_kex_struct *server = &session->next_crypto->server_kex;
2326 int i, j, rc;
2327- const char *wanted, *allowed;
2328- char *kept;
2329+ const char *wanted = NULL, *allowed = NULL;
2330+ char *kept = NULL;
2331 char hostkeys[128] = {0};
2332 enum ssh_keytypes_e keytype;
2333 size_t len;
2334@@ -219,9 +219,10 @@ int ssh_server_init_kex(ssh_session session) {
2335 return server_set_kex(session);
2336 }
2337
2338-static int ssh_server_send_extensions(ssh_session session) {
2339+static int ssh_server_send_extensions(ssh_session session)
2340+{
2341 int rc;
2342- const char *hostkey_algorithms;
2343+ const char *hostkey_algorithms = NULL;
2344
2345 SSH_LOG(SSH_LOG_PACKET, "Sending SSH_MSG_EXT_INFO");
2346
2347@@ -286,8 +287,8 @@ ssh_get_key_params(ssh_session session,
2348 ssh_key *privkey,
2349 enum ssh_digest_e *digest)
2350 {
2351- ssh_key pubkey;
2352- ssh_string pubkey_blob;
2353+ ssh_key pubkey = NULL;
2354+ ssh_string pubkey_blob = NULL;
2355 int rc;
2356
2357 switch(session->srv.hostkey) {
2358@@ -723,8 +724,9 @@ static int ssh_message_service_request_reply_default(ssh_message msg) {
2359 *
2360 * @returns SSH_OK when success otherwise SSH_ERROR
2361 */
2362-int ssh_message_service_reply_success(ssh_message msg) {
2363- ssh_session session;
2364+int ssh_message_service_reply_success(ssh_message msg)
2365+{
2366+ ssh_session session = NULL;
2367 int rc;
2368
2369 if (msg == NULL) {
2370@@ -1132,8 +1134,9 @@ int ssh_message_auth_reply_pk_ok(ssh_message msg, ssh_string algo, ssh_string pu
2371 *
2372 * @returns SSH_OK on success, otherwise SSH_ERROR
2373 */
2374-int ssh_message_auth_reply_pk_ok_simple(ssh_message msg) {
2375- ssh_string algo;
2376+int ssh_message_auth_reply_pk_ok_simple(ssh_message msg)
2377+{
2378+ ssh_string algo = NULL;
2379 ssh_string pubkey_blob = NULL;
2380 int ret;
2381
2382diff --git a/src/session.c b/src/session.c
2383index 8c509699..0e0f622b 100644
2384--- a/src/session.c
2385+++ b/src/session.c
2386@@ -58,7 +58,7 @@
2387 */
2388 ssh_session ssh_new(void)
2389 {
2390- ssh_session session;
2391+ ssh_session session = NULL;
2392 char *id = NULL;
2393 int rc;
2394
2395@@ -280,7 +280,7 @@ void ssh_free(ssh_session session)
2396
2397 /* options */
2398 if (session->opts.identity) {
2399- char *id;
2400+ char *id = NULL;
2401
2402 for (id = ssh_list_pop_head(char *, session->opts.identity);
2403 id != NULL;
2404@@ -291,7 +291,7 @@ void ssh_free(ssh_session session)
2405 }
2406
2407 if (session->opts.identity_non_exp) {
2408- char *id;
2409+ char *id = NULL;
2410
2411 for (id = ssh_list_pop_head(char *, session->opts.identity_non_exp);
2412 id != NULL;
2413@@ -1157,7 +1157,7 @@ int ssh_get_publickey_hash(const ssh_key key,
2414 unsigned char **hash,
2415 size_t *hlen)
2416 {
2417- ssh_string blob;
2418+ ssh_string blob = NULL;
2419 unsigned char *h = NULL;
2420 int rc;
2421
2422@@ -1169,7 +1169,7 @@ int ssh_get_publickey_hash(const ssh_key key,
2423 switch (type) {
2424 case SSH_PUBLICKEY_HASH_SHA1:
2425 {
2426- SHACTX ctx;
2427+ SHACTX ctx = NULL;
2428
2429 h = calloc(1, SHA_DIGEST_LEN);
2430 if (h == NULL) {
2431@@ -1201,7 +1201,7 @@ int ssh_get_publickey_hash(const ssh_key key,
2432 break;
2433 case SSH_PUBLICKEY_HASH_SHA256:
2434 {
2435- SHA256CTX ctx;
2436+ SHA256CTX ctx = NULL;
2437
2438 h = calloc(1, SHA256_DIGEST_LEN);
2439 if (h == NULL) {
2440@@ -1233,7 +1233,7 @@ int ssh_get_publickey_hash(const ssh_key key,
2441 break;
2442 case SSH_PUBLICKEY_HASH_MD5:
2443 {
2444- MD5CTX ctx;
2445+ MD5CTX ctx = NULL;
2446
2447 /* In FIPS mode, we cannot use MD5 */
2448 if (ssh_fips_mode()) {
2449diff --git a/src/sftpserver.c b/src/sftpserver.c
2450index b3349e16..528ef6f9 100644
2451--- a/src/sftpserver.c
2452+++ b/src/sftpserver.c
2453@@ -299,8 +299,8 @@ void sftp_client_message_free(sftp_client_message msg) {
2454
2455 int sftp_reply_name(sftp_client_message msg, const char *name,
2456 sftp_attributes attr) {
2457- ssh_buffer out;
2458- ssh_string file;
2459+ ssh_buffer out = NULL;
2460+ ssh_string file = NULL;
2461
2462 out = ssh_buffer_new();
2463 if (out == NULL) {
2464@@ -369,7 +369,7 @@ int sftp_reply_attr(sftp_client_message msg, sftp_attributes attr) {
2465
2466 int sftp_reply_names_add(sftp_client_message msg, const char *file,
2467 const char *longname, sftp_attributes attr) {
2468- ssh_string name;
2469+ ssh_string name = NULL;
2470
2471 name = ssh_string_from_char(file);
2472 if (name == NULL) {
2473@@ -435,8 +435,8 @@ int sftp_reply_names(sftp_client_message msg) {
2474
2475 int sftp_reply_status(sftp_client_message msg, uint32_t status,
2476 const char *message) {
2477- ssh_buffer out;
2478- ssh_string s;
2479+ ssh_buffer out = NULL;
2480+ ssh_string s = NULL;
2481
2482 out = ssh_buffer_new();
2483 if (out == NULL) {
2484@@ -492,7 +492,7 @@ int sftp_reply_data(sftp_client_message msg, const void *data, int len) {
2485 * valid info (or worse).
2486 */
2487 ssh_string sftp_handle_alloc(sftp_session sftp, void *info) {
2488- ssh_string ret;
2489+ ssh_string ret = NULL;
2490 uint32_t val;
2491 uint32_t i;
2492
2493diff --git a/src/string.c b/src/string.c
2494index 44403487..0ab9310c 100644
2495--- a/src/string.c
2496+++ b/src/string.c
2497@@ -106,7 +106,7 @@ int ssh_string_fill(struct ssh_string_struct *s, const void *data, size_t len) {
2498 * @note The null byte is not copied nor counted in the output string.
2499 */
2500 struct ssh_string_struct *ssh_string_from_char(const char *what) {
2501- struct ssh_string_struct *ptr;
2502+ struct ssh_string_struct *ptr = NULL;
2503 size_t len;
2504
2505 if(what == NULL) {
2506@@ -180,7 +180,7 @@ const char *ssh_string_get_char(struct ssh_string_struct *s)
2507 */
2508 char *ssh_string_to_char(struct ssh_string_struct *s) {
2509 size_t len;
2510- char *new;
2511+ char *new = NULL;
2512
2513 if (s == NULL) {
2514 return NULL;
2515@@ -219,7 +219,7 @@ void ssh_string_free_char(char *s) {
2516 * @return Newly allocated copy of the string, NULL on error.
2517 */
2518 struct ssh_string_struct *ssh_string_copy(struct ssh_string_struct *s) {
2519- struct ssh_string_struct *new;
2520+ struct ssh_string_struct *new = NULL;
2521 size_t len;
2522
2523 if (s == NULL) {
2524diff --git a/src/threads/winlocks.c b/src/threads/winlocks.c
2525index da600418..e63635e7 100644
2526--- a/src/threads/winlocks.c
2527+++ b/src/threads/winlocks.c
2528@@ -82,7 +82,7 @@ static struct ssh_threads_callbacks_struct ssh_threads_winlock =
2529
2530 void ssh_mutex_lock(SSH_MUTEX *mutex)
2531 {
2532- void *rc;
2533+ void *rc = NULL;
2534
2535 CRITICAL_SECTION *mutex_tmp = NULL;
2536
2537diff --git a/src/wrapper.c b/src/wrapper.c
2538index d317dc4c..43bf2137 100644
2539--- a/src/wrapper.c
2540+++ b/src/wrapper.c
2541@@ -152,7 +152,7 @@ static void cipher_free(struct ssh_cipher_struct *cipher) {
2542
2543 struct ssh_crypto_struct *crypto_new(void)
2544 {
2545- struct ssh_crypto_struct *crypto;
2546+ struct ssh_crypto_struct *crypto = NULL;
2547
2548 crypto = malloc(sizeof(struct ssh_crypto_struct));
2549 if (crypto == NULL) {
2550--
25512.40.0
2552
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2025-4878-0002.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2025-4878-0002.patch
new file mode 100644
index 0000000000..2c280d258d
--- /dev/null
+++ b/meta-oe/recipes-support/libssh/libssh/CVE-2025-4878-0002.patch
@@ -0,0 +1,34 @@
1From b35ee876adc92a208d47194772e99f9c71e0bedb Mon Sep 17 00:00:00 2001
2From: Jakub Jelen <jjelen@redhat.com>
3Date: Mon, 28 Apr 2025 11:04:55 +0200
4Subject: [PATCH] CVE-2025-4878 legacy: Properly check return value to avoid
5 NULL pointer dereference
6
7Signed-off-by: Jakub Jelen <jjelen@redhat.com>
8Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
9
10CVE: CVE-2025-4878
11
12Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb]
13
14Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
15---
16 src/legacy.c | 2 +-
17 1 file changed, 1 insertion(+), 1 deletion(-)
18
19diff --git a/src/legacy.c b/src/legacy.c
20index 7359040c..f73ef6cc 100644
21--- a/src/legacy.c
22+++ b/src/legacy.c
23@@ -452,7 +452,7 @@ ssh_private_key privatekey_from_file(ssh_session session,
24 auth_fn,
25 auth_data,
26 &key);
27- if (rc == SSH_ERROR) {
28+ if (rc != SSH_OK) {
29 return NULL;
30 }
31
32--
332.40.0
34
diff --git a/meta-oe/recipes-support/libssh/libssh_0.10.6.bb b/meta-oe/recipes-support/libssh/libssh_0.10.6.bb
index 48cb47d4c0..6932da5175 100644
--- a/meta-oe/recipes-support/libssh/libssh_0.10.6.bb
+++ b/meta-oe/recipes-support/libssh/libssh_0.10.6.bb
@@ -14,6 +14,8 @@ SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable
14 file://CVE-2025-5351.patch \ 14 file://CVE-2025-5351.patch \
15 file://CVE-2025-5372.patch \ 15 file://CVE-2025-5372.patch \
16 file://CVE-2025-4877.patch \ 16 file://CVE-2025-4877.patch \
17 file://CVE-2025-4878-0001.patch \
18 file://CVE-2025-4878-0002.patch \
17 " 19 "
18SRCREV = "10e09e273f69e149389b3e0e5d44b8c221c2e7f6" 20SRCREV = "10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
19 21
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-10-14 12:30:18 +0000