File libssh-CVE-2025-4878-1.patch of Package libssh.39453
From 2eb2af4426eb9d473eb131cecea2c81a99d1e2fc Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 23 Apr 2025 17:57:11 +0200
Subject: CVE-2025-4878 Initialize pointers where possible
This is mostly mechanical change initializing all the pointers I was able to
find with some grep and manual review of sources and examples.
Used the following greps (which yield some false positives though):
git grep " \w* *\* *\w*;$"
git grep " ssh_session \w*;"
git grep " ssh_channel \w*;"
git grep " struct ssh_iterator \*\w*;"
git grep " ssh_bind \w*;"
git grep " ssh_key \w*;"
git grep " ssh_string \w*;"
git grep " ssh_buffer \w*;"
git grep " HMACCTX \w*;"
git grep " SHACTX \w*;"
grep -rinP '^(?!.*=)\s*(?:\w+\s+)*\w+\s*\*\s*\w+\s*;'
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
doc/authentication.dox | 10 ++++----
doc/command.dox | 2 +-
doc/forwarding.dox | 4 +--
doc/guided_tour.dox | 14 +++++------
doc/shell.dox | 2 +-
examples/authentication.c | 12 ++++-----
examples/connect_ssh.c | 2 +-
examples/exec.c | 4 +--
examples/knownhosts.c | 2 +-
examples/libssh_scp.c | 11 +++++----
examples/proxy.c | 18 +++++++-------
examples/samplesshd-cb.c | 10 ++++----
examples/samplesshd-kbdint.c | 16 ++++++------
examples/scp_download.c | 4 +--
examples/senddata.c | 4 +--
examples/ssh_client.c | 8 +++---
examples/sshd_direct-tcpip.c | 14 +++++------
examples/sshnetcat.c | 6 ++---
src/agent.c | 13 +++++-----
src/auth.c | 7 +++---
src/bind.c | 11 +++++----
src/bind_config.c | 4 +--
src/buffer.c | 9 ++++---
src/callbacks.c | 2 +-
src/chachapoly.c | 2 +-
src/channels.c | 59 ++++++++++++++++++++++----------------------
src/client.c | 2 +-
src/config.c | 4 +--
src/config_parser.c | 12 ++++-----
src/connect.c | 4 +--
src/connector.c | 5 ++--
src/dh_crypto.c | 2 +-
src/ecdh_crypto.c | 2 +-
src/ecdh_gcrypt.c | 10 ++++----
src/gcrypt_missing.c | 2 +-
src/getpass.c | 4 +--
src/gssapi.c | 28 +++++++++++----------
src/kex.c | 4 +--
src/known_hosts.c | 41 +++++++++++++++---------------
src/knownhosts.c | 18 +++++++-------
src/legacy.c | 43 +++++++++++++++++---------------
src/libmbedcrypto.c | 2 +-
src/log.c | 2 +-
src/messages.c | 18 +++++++-------
src/misc.c | 24 +++++++++---------
src/options.c | 24 +++++++++---------
src/packet.c | 6 ++---
src/packet_crypt.c | 2 +-
src/pki.c | 50 ++++++++++++++++++-------------------
src/pki_container_openssh.c | 14 +++++------
src/pki_crypto.c | 10 ++++----
src/pki_ed25519.c | 6 ++---
src/pki_ed25519_common.c | 2 +-
src/pki_gcrypt.c | 14 +++++------
src/pki_mbedcrypto.c | 12 ++++-----
src/poll.c | 10 ++++----
src/server.c | 23 +++++++++--------
src/session.c | 14 +++++------
src/sftpserver.c | 14 +++++------
src/string.c | 6 ++---
src/threads/winlocks.c | 2 +-
src/wrapper.c | 2 +-
62 files changed, 352 insertions(+), 336 deletions(-)
Index: libssh-0.6.3/doc/authentication.dox
===================================================================
--- libssh-0.6.3.orig/doc/authentication.dox
+++ libssh-0.6.3/doc/authentication.dox
@@ -102,7 +102,7 @@ Here is a small example of password auth
@code
int authenticate_password(ssh_session session)
{
- char *password;
+ char *password = NULL;
int rc;
password = getpass("Enter your password: ");
@@ -215,7 +215,7 @@ int authenticate_kbdint(ssh_session sess
rc = ssh_userauth_kbdint(session, NULL, NULL);
while (rc == SSH_AUTH_INFO)
{
- const char *name, *instruction;
+ const char *name = NULL, *instruction = NULL;
int nprompts, iprompt;
name = ssh_userauth_kbdint_getname(session);
@@ -228,7 +228,7 @@ int authenticate_kbdint(ssh_session sess
printf("%s\n", instruction);
for (iprompt = 0; iprompt < nprompts; iprompt++)
{
- const char *prompt;
+ const char *prompt = NULL;
char echo;
prompt = ssh_userauth_kbdint_getprompt(session, iprompt, &echo);
@@ -248,7 +248,7 @@ int authenticate_kbdint(ssh_session sess
}
else
{
- char *ptr;
+ char *ptr = NULL;
ptr = getpass(prompt);
if (ssh_userauth_kbdint_setanswer(session, iprompt, ptr) < 0)
@@ -351,7 +351,7 @@ The following example shows how to retri
int display_banner(ssh_session session)
{
int rc;
- char *banner;
+ char *banner = NULL;
/*
*** Does not work without calling ssh_userauth_none() first ***
Index: libssh-0.6.3/doc/command.dox
===================================================================
--- libssh-0.6.3.orig/doc/command.dox
+++ libssh-0.6.3/doc/command.dox
@@ -22,7 +22,7 @@ a SSH session that uses this channel:
@code
int show_remote_files(ssh_session session)
{
- ssh_channel channel;
+ ssh_channel channel = NULL;
int rc;
channel = ssh_channel_new(session);
Index: libssh-0.6.3/doc/forwarding.dox
===================================================================
--- libssh-0.6.3.orig/doc/forwarding.dox
+++ libssh-0.6.3/doc/forwarding.dox
@@ -161,7 +161,7 @@ local libssh application, which handles
int web_server(ssh_session session)
{
int rc;
- ssh_channel channel;
+ ssh_channel channel = NULL;
char buffer[256];
int nbytes, nwritten;
int port;
Index: libssh-0.6.3/doc/guided_tour.dox
===================================================================
--- libssh-0.6.3.orig/doc/guided_tour.dox
+++ libssh-0.6.3/doc/guided_tour.dox
@@ -79,7 +79,7 @@ Here is a small example of how to use it
int main()
{
- ssh_session my_ssh_session;
+ ssh_session my_ssh_session = NULL;
int verbosity = SSH_LOG_PROTOCOL;
int port = 22;
@@ -126,7 +126,7 @@ Here's an example:
int main()
{
- ssh_session my_ssh_session;
+ ssh_session my_ssh_session = NULL;
int rc;
my_ssh_session = ssh_new();
@@ -301,9 +301,9 @@ The example below shows an authenticatio
int main()
{
- ssh_session my_ssh_session;
+ ssh_session my_ssh_session = NULL;
int rc;
- char *password;
+ char *password = NULL;
// Open session and set options
my_ssh_session = ssh_new();
@@ -364,7 +364,7 @@ The example below shows how to execute a
@code
int show_remote_processes(ssh_session session)
{
- ssh_channel channel;
+ ssh_channel channel = NULL;
int rc;
char buffer[256];
unsigned int nbytes;
Index: libssh-0.6.3/doc/shell.dox
===================================================================
--- libssh-0.6.3.orig/doc/shell.dox
+++ libssh-0.6.3/doc/shell.dox
@@ -26,7 +26,7 @@ The code sample below achieves these tas
@code
int shell_session(ssh_session session)
{
- ssh_channel channel;
+ ssh_channel channel = NULL;
int rc;
channel = ssh_channel_new(session);
Index: libssh-0.6.3/examples/authentication.c
===================================================================
--- libssh-0.6.3.orig/examples/authentication.c
+++ libssh-0.6.3/examples/authentication.c
@@ -29,8 +29,8 @@ int authenticate_kbdint(ssh_session sess
err = ssh_userauth_kbdint(session, NULL, NULL);
while (err == SSH_AUTH_INFO) {
- const char *instruction;
- const char *name;
+ const char *instruction = NULL;
+ const char *name = NULL;
char buffer[128];
int i, n;
@@ -47,8 +47,8 @@ int authenticate_kbdint(ssh_session sess
}
for (i = 0; i < n; i++) {
- const char *answer;
- const char *prompt;
+ const char *answer = NULL;
+ const char *prompt = NULL;
char echo;
prompt = ssh_userauth_kbdint_getprompt(session, i, &echo);
@@ -57,7 +57,7 @@ int authenticate_kbdint(ssh_session sess
}
if (echo) {
- char *p;
+ char *p = NULL;
printf("%s", prompt);
Index: libssh-0.6.3/examples/exec.c
===================================================================
--- libssh-0.6.3.orig/examples/exec.c
+++ libssh-0.6.3/examples/exec.c
@@ -5,8 +5,8 @@
#include "examples_common.h"
int main(void) {
- ssh_session session;
- ssh_channel channel;
+ ssh_session session = NULL;
+ ssh_channel channel = NULL;
char buffer[256];
int nbytes;
int rc;
Index: libssh-0.6.3/examples/proxy.c
===================================================================
--- libssh-0.6.3.orig/examples/proxy.c
+++ libssh-0.6.3/examples/proxy.c
@@ -31,8 +31,8 @@ clients must be made or how a client sho
static int authenticated=0;
static int tries = 0;
static int error = 0;
-static ssh_channel chan=NULL;
-static char *username;
+static ssh_channel chan = NULL;
+static char *username = NULL;
static ssh_gssapi_creds client_creds = NULL;
static int auth_password(ssh_session session, const char *user,
@@ -212,11 +212,12 @@ static error_t parse_opt (int key, char
static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
#endif /* HAVE_ARGP_H */
-int main(int argc, char **argv){
- ssh_session session;
- ssh_bind sshbind;
- ssh_event mainloop;
- ssh_session client_session;
+int main(int argc, char **argv)
+{
+ ssh_session session = NULL;
+ ssh_bind sshbind = NULL;
+ ssh_event mainloop = NULL;
+ ssh_session client_session = NULL;
struct ssh_server_callbacks_struct cb = {
.userdata = NULL,
@@ -227,7 +228,7 @@ int main(int argc, char **argv){
char buf[2048];
char host[128]="";
- char *ptr;
+ char *ptr = NULL;
int i,r, rc;
sshbind=ssh_bind_new();
@@ -344,4 +345,3 @@ int main(int argc, char **argv){
ssh_finalize();
return 0;
}
-
Index: libssh-0.6.3/examples/samplesshd-cb.c
===================================================================
--- libssh-0.6.3.orig/examples/samplesshd-cb.c
+++ libssh-0.6.3/examples/samplesshd-cb.c
@@ -215,10 +215,11 @@ static error_t parse_opt (int key, char
static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
#endif /* HAVE_ARGP_H */
-int main(int argc, char **argv){
- ssh_session session;
- ssh_bind sshbind;
- ssh_event mainloop;
+int main(int argc, char **argv)
+{
+ ssh_session session = NULL;
+ ssh_bind sshbind = NULL;
+ ssh_event mainloop = NULL;
struct ssh_server_callbacks_struct cb = {
.userdata = NULL,
.auth_password_function = auth_password,
@@ -303,4 +304,3 @@ int main(int argc, char **argv){
ssh_finalize();
return 0;
}
-
Index: libssh-0.6.3/examples/samplesshd-kbdint.c
===================================================================
--- libssh-0.6.3.orig/examples/samplesshd-kbdint.c
+++ libssh-0.6.3/examples/samplesshd-kbdint.c
@@ -172,8 +172,8 @@ static error_t parse_opt (int key, char
static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
#endif /* HAVE_ARGP_H */
-static const char *name;
-static const char *instruction;
+static const char *name = NULL;
+static const char *instruction = NULL;
static const char *prompts[2];
static char echo[] = { 1, 0 };
@@ -410,4 +410,3 @@ int main(int argc, char **argv){
ssh_finalize();
return 0;
}
-
Index: libssh-0.6.3/src/agent.c
===================================================================
--- libssh-0.6.3.orig/src/agent.c
+++ libssh-0.6.3/src/agent.c
@@ -412,8 +412,9 @@ ssh_key ssh_agent_get_first_ident(struct
/* caller has to free commment */
ssh_key ssh_agent_get_next_ident(struct ssh_session_struct *session,
- char **comment) {
- struct ssh_key_struct *key;
+ char **comment)
+{
+ struct ssh_key_struct *key = NULL;
struct ssh_string_struct *blob = NULL;
struct ssh_string_struct *tmp = NULL;
int rc;
Index: libssh-0.6.3/src/auth.c
===================================================================
--- libssh-0.6.3.orig/src/auth.c
+++ libssh-0.6.3/src/auth.c
@@ -1440,7 +1440,7 @@ int ssh_userauth_agent_pubkey(ssh_sessio
const char *username,
ssh_public_key publickey)
{
- ssh_key key;
+ ssh_key key = NULL;
int rc;
key = ssh_key_new();
Index: libssh-0.6.3/src/bind.c
===================================================================
--- libssh-0.6.3.orig/src/bind.c
+++ libssh-0.6.3/src/bind.c
@@ -73,7 +73,7 @@
static socket_t bind_socket(ssh_bind sshbind, const char *hostname,
int port) {
char port_c[6];
- struct addrinfo *ai;
+ struct addrinfo *ai = NULL;
struct addrinfo hints;
int opt = 1;
socket_t s;
Index: libssh-0.6.3/src/channels.c
===================================================================
--- libssh-0.6.3.orig/src/channels.c
+++ libssh-0.6.3/src/channels.c
@@ -2010,7 +2010,7 @@ static ssh_channel ssh_channel_accept(ss
#endif
ssh_message msg = NULL;
ssh_channel channel = NULL;
- struct ssh_iterator *iterator;
+ struct ssh_iterator *iterator = NULL;
int t;
/*
Index: libssh-0.6.3/src/gcrypt_missing.c
===================================================================
--- libssh-0.6.3.orig/src/gcrypt_missing.c
+++ libssh-0.6.3/src/gcrypt_missing.c
@@ -45,7 +45,7 @@ int my_gcry_dec2bn(bignum *bn, const cha
char *my_gcry_bn2dec(bignum bn) {
bignum bndup, num, ten;
- char *ret;
+ char *ret = NULL;
int count, count2;
int size, rsize;
char decnum;
Index: libssh-0.6.3/src/getpass.c
===================================================================
--- libssh-0.6.3.orig/src/getpass.c
+++ libssh-0.6.3/src/getpass.c
@@ -78,7 +78,7 @@ static int ssh_gets(const char *prompt,
}
if (verify) {
- char *key_string;
+ char *key_string = NULL;
key_string = malloc(len);
if (key_string == NULL) {
Index: libssh-0.6.3/src/gssapi.c
===================================================================
--- libssh-0.6.3.orig/src/gssapi.c
+++ libssh-0.6.3/src/gssapi.c
@@ -264,7 +264,7 @@ int ssh_gssapi_handle_userauth(ssh_sessi
static char *ssh_gssapi_name_to_char(gss_name_t name){
gss_buffer_desc buffer;
OM_uint32 maj_stat, min_stat;
- char *ptr;
+ char *ptr = NULL;
maj_stat = gss_display_name(&min_stat, name, &buffer, NULL);
ssh_gssapi_log_error(SSH_LOG_WARNING, "converting name", maj_stat);
ptr=malloc(buffer.length + 1);
@@ -275,9 +275,10 @@ static char *ssh_gssapi_name_to_char(gss
}
-SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
- ssh_string token;
- char *hexa;
+SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server)
+{
+ ssh_string token = NULL;
+ char *hexa = NULL;
OM_uint32 maj_stat, min_stat;
gss_buffer_desc input_token, output_token = GSS_C_EMPTY_BUFFER;
gss_name_t client_name = GSS_C_NO_NAME;
@@ -301,7 +302,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_
}
if (ssh_callbacks_exists(session->server_callbacks, gssapi_accept_sec_ctx_function)){
- ssh_string out_token=NULL;
+ ssh_string out_token = NULL;
rc = session->server_callbacks->gssapi_accept_sec_ctx_function(session,
token, &out_token, session->server_callbacks->userdata);
if (rc == SSH_ERROR){
@@ -447,7 +448,7 @@ static ssh_buffer ssh_gssapi_build_mic(s
SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_mic)
{
- ssh_string mic_token;
+ ssh_string mic_token = NULL;
OM_uint32 maj_stat, min_stat;
gss_buffer_desc mic_buf = GSS_C_EMPTY_BUFFER;
gss_buffer_desc mic_token_buf = GSS_C_EMPTY_BUFFER;
@@ -629,7 +630,7 @@ static int ssh_gssapi_match(ssh_session
gss_name_t client_id = GSS_C_NO_NAME;
gss_OID oid;
unsigned int i;
- char *ptr;
+ char *ptr = NULL;
int ret;
if (session->gssapi->client.client_deleg_creds == NULL) {
Index: libssh-0.6.3/src/legacy.c
===================================================================
--- libssh-0.6.3.orig/src/legacy.c
+++ libssh-0.6.3/src/legacy.c
@@ -47,7 +47,7 @@ int ssh_auth_list(ssh_session session) {
int ssh_userauth_offer_pubkey(ssh_session session, const char *username,
int type, ssh_string publickey)
{
- ssh_key key;
+ ssh_key key = NULL;
int rc;
(void) type; /* unused */
@@ -69,7 +69,7 @@ int ssh_userauth_pubkey(ssh_session sess
ssh_string publickey,
ssh_private_key privatekey)
{
- ssh_key key;
+ ssh_key key = NULL;
int rc;
(void) publickey; /* unused */
@@ -370,10 +370,11 @@ void publickey_free(ssh_public_key key)
SAFE_FREE(key);
}
-ssh_public_key publickey_from_privatekey(ssh_private_key prv) {
- struct ssh_public_key_struct *p;
- ssh_key privkey;
- ssh_key pubkey;
+ssh_public_key publickey_from_privatekey(ssh_private_key prv)
+{
+ struct ssh_public_key_struct *p = NULL;
+ ssh_key privkey = NULL;
+ ssh_key pubkey = NULL;
int rc;
privkey = ssh_key_new();
@@ -407,8 +408,8 @@ ssh_private_key privatekey_from_file(ssh
const char *passphrase) {
ssh_auth_callback auth_fn = NULL;
void *auth_data = NULL;
- ssh_private_key privkey;
- ssh_key key;
+ ssh_private_key privkey = NULL;
+ ssh_key key = NULL;
int rc;
(void) type; /* unused */
@@ -470,7 +471,7 @@ void privatekey_free(ssh_private_key prv
ssh_string publickey_from_file(ssh_session session, const char *filename,
int *type) {
- ssh_key key;
+ ssh_key key = NULL;
ssh_string key_str = NULL;
int rc;
@@ -503,9 +504,10 @@ int ssh_type_from_name(const char *name)
return ssh_key_type_from_name(name);
}
-ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s) {
- struct ssh_public_key_struct *pubkey;
- ssh_key key;
+ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s)
+{
+ struct ssh_public_key_struct *pubkey = NULL;
+ ssh_key key = NULL;
int rc;
(void) session; /* unused */
@@ -534,9 +536,10 @@ ssh_public_key publickey_from_string(ssh
return pubkey;
}
-ssh_string publickey_to_string(ssh_public_key pubkey) {
- ssh_key key;
- ssh_string key_blob;
+ssh_string publickey_to_string(ssh_public_key pubkey)
+{
+ ssh_key key = NULL;
+ ssh_string key_blob = NULL;
int rc;
key = ssh_key_new();
@@ -567,11 +570,11 @@ int ssh_publickey_to_file(ssh_session se
ssh_string pubkey,
int type)
{
- FILE *fp;
- char *user;
+ FILE *fp = NULL;
+ char *user = NULL;
char buffer[1024];
char host[256];
- unsigned char *pubkey_64;
+ unsigned char *pubkey_64 = NULL;
size_t len;
int rc;
if(session==NULL)
@@ -634,9 +637,9 @@ int ssh_try_publickey_from_file(ssh_sess
const char *keyfile,
ssh_string *publickey,
int *type) {
- char *pubkey_file;
+ char *pubkey_file = NULL;
size_t len;
- ssh_string pubkey_string;
+ ssh_string pubkey_string = NULL;
int pubkey_type;
if (session == NULL || keyfile == NULL || publickey == NULL || type == NULL) {
Index: libssh-0.6.3/src/misc.c
===================================================================
--- libssh-0.6.3.orig/src/misc.c
+++ libssh-0.6.3/src/misc.c
@@ -570,7 +570,7 @@ char *ssh_dirname (const char *path) {
*/
char *ssh_basename (const char *path) {
char *new = NULL;
- const char *s;
+ const char *s = NULL;
size_t len;
if (path == NULL || *path == '\0') {
@@ -655,7 +655,7 @@ char *ssh_path_expand_tilde(const char *
#ifdef _WIN32
return strdup(d);
#else
- struct passwd *pw;
+ struct passwd *pw = NULL;
size_t s = p - d;
char u[128];
Index: libssh-0.6.3/src/options.c
===================================================================
--- libssh-0.6.3.orig/src/options.c
+++ libssh-0.6.3/src/options.c
@@ -922,7 +922,7 @@ int ssh_options_get_port(ssh_session ses
*/
int ssh_options_get(ssh_session session, enum ssh_options_e type, char** value)
{
- char* src = NULL;
+ char *src = NULL;
if (session == NULL) {
return SSH_ERROR;
Index: libssh-0.6.3/src/pki.c
===================================================================
--- libssh-0.6.3.orig/src/pki.c
+++ libssh-0.6.3/src/pki.c
@@ -297,7 +297,7 @@ int ssh_key_cmp(const ssh_key k1,
ssh_signature ssh_signature_new(void)
{
- struct ssh_signature_struct *sig;
+ struct ssh_signature_struct *sig = NULL;
sig = malloc(sizeof(struct ssh_signature_struct));
if (sig == NULL) {
@@ -1010,7 +1010,7 @@ error:
int ssh_pki_export_privkey_to_pubkey(const ssh_key privkey,
ssh_key *pkey)
{
- ssh_key pubkey;
+ ssh_key pubkey = NULL;
if (privkey == NULL || !ssh_key_is_private(privkey)) {
return SSH_ERROR;
@@ -1046,7 +1046,7 @@ int ssh_pki_export_privkey_to_pubkey(con
int ssh_pki_export_pubkey_blob(const ssh_key key,
ssh_string *pblob)
{
- ssh_string blob;
+ ssh_string blob = NULL;
if (key == NULL) {
return SSH_OK;
@@ -1076,8 +1076,8 @@ int ssh_pki_export_pubkey_blob(const ssh
int ssh_pki_export_pubkey_base64(const ssh_key key,
char **b64_key)
{
- ssh_string key_blob;
- unsigned char *b64;
+ ssh_string key_blob = NULL;
+ unsigned char *b64 = NULL;
if (key == NULL || b64_key == NULL) {
return SSH_ERROR;
@@ -1104,9 +1104,9 @@ int ssh_pki_export_pubkey_file(const ssh
{
char key_buf[4096];
char host[256];
- char *b64_key;
- char *user;
- FILE *fp;
+ char *b64_key = NULL;
+ char *user = NULL;
+ FILE *fp = NULL;
int rc;
if (key == NULL || filename == NULL || *filename == '\0') {
@@ -1169,7 +1169,7 @@ int ssh_pki_export_signature_blob(const
ssh_string *sig_blob)
{
ssh_buffer buf = NULL;
- ssh_string str;
+ ssh_string str = NULL;
int rc;
if (sig == NULL || sig_blob == NULL) {
Index: libssh-0.6.3/src/poll.c
===================================================================
--- libssh-0.6.3.orig/src/poll.c
+++ libssh-0.6.3/src/poll.c
@@ -896,7 +896,7 @@ int ssh_event_remove_session(ssh_event e
register size_t i, used;
int rc = SSH_ERROR;
#ifdef WITH_SERVER
- struct ssh_iterator *iterator;
+ struct ssh_iterator *iterator = NULL;
#endif
if(event == NULL || event->ctx == NULL || session == NULL) {
Index: libssh-0.6.3/src/session.c
===================================================================
--- libssh-0.6.3.orig/src/session.c
+++ libssh-0.6.3/src/session.c
@@ -245,7 +245,7 @@ void ssh_free(ssh_session session) {
/* options */
if (session->opts.identity) {
- char *id;
+ char *id = NULL;
for (id = ssh_list_pop_head(char *, session->opts.identity);
id != NULL;
