new file mode 100644
@@ -0,0 +1,2552 @@
+From 697650caa97eaf7623924c75f9fcfec6dd423cd1 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Wed, 23 Apr 2025 17:57:11 +0200
+Subject: [PATCH] CVE-2025-4878 Initialize pointers where possible
+
+This is mostly mechanical change initializing all the pointers I was able to
+find with some grep and manual review of sources and examples.
+
+Used the following greps (which yield some false positives though):
+
+ git grep " \w* *\* *\w*;$"
+ git grep " ssh_session \w*;"
+ git grep " ssh_channel \w*;"
+ git grep " struct ssh_iterator \*\w*;"
+ git grep " ssh_bind \w*;"
+ git grep " ssh_key \w*;"
+ git grep " ssh_string \w*;"
+ git grep " ssh_buffer \w*;"
+ git grep " HMACCTX \w*;"
+ git grep " SHACTX \w*;"
+ grep -rinP '^(?!.*=)\s*(?:\w+\s+)*\w+\s*\*\s*\w+\s*;'
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+CVE: CVE-2025-4878
+
+Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ doc/authentication.dox | 10 +++----
+ doc/command.dox | 2 +-
+ doc/forwarding.dox | 4 +--
+ doc/guided_tour.dox | 14 ++++-----
+ doc/shell.dox | 2 +-
+ examples/authentication.c | 12 ++++----
+ examples/connect_ssh.c | 2 +-
+ examples/exec.c | 4 +--
+ examples/knownhosts.c | 2 +-
+ examples/libssh_scp.c | 11 ++++----
+ examples/proxy.c | 18 ++++++------
+ examples/samplesshd-cb.c | 10 +++----
+ examples/samplesshd-kbdint.c | 16 +++++------
+ examples/scp_download.c | 4 +--
+ examples/senddata.c | 4 +--
+ examples/ssh_client.c | 8 +++---
+ examples/sshd_direct-tcpip.c | 14 ++++-----
+ examples/sshnetcat.c | 6 ++--
+ src/agent.c | 13 +++++----
+ src/auth.c | 7 +++--
+ src/bind.c | 11 ++++----
+ src/bind_config.c | 4 +--
+ src/buffer.c | 9 +++---
+ src/callbacks.c | 2 +-
+ src/chachapoly.c | 2 +-
+ src/channels.c | 55 ++++++++++++++++++------------------
+ src/client.c | 2 +-
+ src/config.c | 4 +--
+ src/config_parser.c | 12 ++++----
+ src/connect.c | 4 +--
+ src/connector.c | 5 ++--
+ src/dh_crypto.c | 2 +-
+ src/ecdh_gcrypt.c | 4 +--
+ src/gcrypt_missing.c | 2 +-
+ src/getpass.c | 4 +--
+ src/gssapi.c | 28 +++++++++---------
+ src/kex.c | 4 +--
+ src/known_hosts.c | 41 ++++++++++++++-------------
+ src/knownhosts.c | 18 ++++++------
+ src/legacy.c | 43 +++++++++++++++-------------
+ src/libmbedcrypto.c | 2 +-
+ src/log.c | 2 +-
+ src/messages.c | 18 ++++++------
+ src/misc.c | 24 ++++++++--------
+ src/options.c | 18 ++++++------
+ src/packet.c | 6 ++--
+ src/packet_crypt.c | 2 +-
+ src/pki.c | 50 ++++++++++++++++----------------
+ src/pki_container_openssh.c | 14 ++++-----
+ src/pki_crypto.c | 8 +++---
+ src/pki_ed25519.c | 6 ++--
+ src/pki_ed25519_common.c | 2 +-
+ src/pki_gcrypt.c | 12 ++++----
+ src/pki_mbedcrypto.c | 12 ++++----
+ src/poll.c | 10 +++----
+ src/server.c | 23 ++++++++-------
+ src/session.c | 14 ++++-----
+ src/sftpserver.c | 12 ++++----
+ src/string.c | 6 ++--
+ src/threads/winlocks.c | 2 +-
+ src/wrapper.c | 2 +-
+ 61 files changed, 340 insertions(+), 324 deletions(-)
+
+diff --git a/doc/authentication.dox b/doc/authentication.dox
+index 7d0ab81d..a0b2df84 100644
+--- a/doc/authentication.dox
++++ b/doc/authentication.dox
+@@ -105,7 +105,7 @@ Here is a small example of password authentication:
+ @code
+ int authenticate_password(ssh_session session)
+ {
+- char *password;
++ char *password = NULL;
+ int rc;
+
+ password = getpass("Enter your password: ");
+@@ -218,7 +218,7 @@ int authenticate_kbdint(ssh_session session)
+ rc = ssh_userauth_kbdint(session, NULL, NULL);
+ while (rc == SSH_AUTH_INFO)
+ {
+- const char *name, *instruction;
++ const char *name = NULL, *instruction = NULL;
+ int nprompts, iprompt;
+
+ name = ssh_userauth_kbdint_getname(session);
+@@ -231,7 +231,7 @@ int authenticate_kbdint(ssh_session session)
+ printf("%s\n", instruction);
+ for (iprompt = 0; iprompt < nprompts; iprompt++)
+ {
+- const char *prompt;
++ const char *prompt = NULL;
+ char echo;
+
+ prompt = ssh_userauth_kbdint_getprompt(session, iprompt, &echo);
+@@ -251,7 +251,7 @@ int authenticate_kbdint(ssh_session session)
+ }
+ else
+ {
+- char *ptr;
++ char *ptr = NULL;
+
+ ptr = getpass(prompt);
+ if (ssh_userauth_kbdint_setanswer(session, iprompt, ptr) < 0)
+@@ -354,7 +354,7 @@ The following example shows how to retrieve and dispose the issue banner:
+ int display_banner(ssh_session session)
+ {
+ int rc;
+- char *banner;
++ char *banner = NULL;
+
+ /*
+ *** Does not work without calling ssh_userauth_none() first ***
+diff --git a/doc/command.dox b/doc/command.dox
+index 588151c6..e82748ce 100644
+--- a/doc/command.dox
++++ b/doc/command.dox
+@@ -22,7 +22,7 @@ a SSH session that uses this channel:
+ @code
+ int show_remote_files(ssh_session session)
+ {
+- ssh_channel channel;
++ ssh_channel channel = NULL;
+ int rc;
+
+ channel = ssh_channel_new(session);
+diff --git a/doc/forwarding.dox b/doc/forwarding.dox
+index 2b202b4d..3ca3aa8a 100644
+--- a/doc/forwarding.dox
++++ b/doc/forwarding.dox
+@@ -100,7 +100,7 @@ used to retrieve google's home page from the remote SSH server.
+ @code
+ int direct_forwarding(ssh_session session)
+ {
+- ssh_channel forwarding_channel;
++ ssh_channel forwarding_channel = NULL;
+ int rc = SSH_ERROR;
+ char *http_get = "GET / HTTP/1.1\nHost: www.google.com\n\n";
+ int nbytes, nwritten;
+@@ -161,7 +161,7 @@ local libssh application, which handles them:
+ int web_server(ssh_session session)
+ {
+ int rc;
+- ssh_channel channel;
++ ssh_channel channel = NULL;
+ char buffer[256];
+ int nbytes, nwritten;
+ int port = 0;
+diff --git a/doc/guided_tour.dox b/doc/guided_tour.dox
+index 69576f18..60f4087e 100644
+--- a/doc/guided_tour.dox
++++ b/doc/guided_tour.dox
+@@ -79,7 +79,7 @@ Here is a small example of how to use it:
+
+ int main()
+ {
+- ssh_session my_ssh_session;
++ ssh_session my_ssh_session = NULL;
+ int verbosity = SSH_LOG_PROTOCOL;
+ int port = 22;
+
+@@ -126,7 +126,7 @@ Here's an example:
+
+ int main()
+ {
+- ssh_session my_ssh_session;
++ ssh_session my_ssh_session = NULL;
+ int rc;
+
+ my_ssh_session = ssh_new();
+@@ -190,8 +190,8 @@ int verify_knownhost(ssh_session session)
+ ssh_key srv_pubkey = NULL;
+ size_t hlen;
+ char buf[10];
+- char *hexa;
+- char *p;
++ char *hexa = NULL;
++ char *p = NULL;
+ int cmp;
+ int rc;
+
+@@ -317,9 +317,9 @@ The example below shows an authentication with password:
+
+ int main()
+ {
+- ssh_session my_ssh_session;
++ ssh_session my_ssh_session = NULL;
+ int rc;
+- char *password;
++ char *password = NULL;
+
+ // Open session and set options
+ my_ssh_session = ssh_new();
+@@ -380,7 +380,7 @@ The example below shows how to execute a remote command:
+ @code
+ int show_remote_processes(ssh_session session)
+ {
+- ssh_channel channel;
++ ssh_channel channel = NULL;
+ int rc;
+ char buffer[256];
+ int nbytes;
+diff --git a/doc/shell.dox b/doc/shell.dox
+index d770f27a..54d97888 100644
+--- a/doc/shell.dox
++++ b/doc/shell.dox
+@@ -26,7 +26,7 @@ The code sample below achieves these tasks:
+ @code
+ int shell_session(ssh_session session)
+ {
+- ssh_channel channel;
++ ssh_channel channel = NULL;
+ int rc;
+
+ channel = ssh_channel_new(session);
+diff --git a/examples/authentication.c b/examples/authentication.c
+index 7c47c8bd..31de7cfc 100644
+--- a/examples/authentication.c
++++ b/examples/authentication.c
+@@ -30,8 +30,8 @@ int authenticate_kbdint(ssh_session session, const char *password)
+
+ err = ssh_userauth_kbdint(session, NULL, NULL);
+ while (err == SSH_AUTH_INFO) {
+- const char *instruction;
+- const char *name;
++ const char *instruction = NULL;
++ const char *name = NULL;
+ char buffer[128];
+ int i, n;
+
+@@ -48,8 +48,8 @@ int authenticate_kbdint(ssh_session session, const char *password)
+ }
+
+ for (i = 0; i < n; i++) {
+- const char *answer;
+- const char *prompt;
++ const char *answer = NULL;
++ const char *prompt = NULL;
+ char echo;
+
+ prompt = ssh_userauth_kbdint_getprompt(session, i, &echo);
+@@ -58,7 +58,7 @@ int authenticate_kbdint(ssh_session session, const char *password)
+ }
+
+ if (echo) {
+- char *p;
++ char *p = NULL;
+
+ printf("%s", prompt);
+
+@@ -143,7 +143,7 @@ int authenticate_console(ssh_session session)
+ int rc;
+ int method;
+ char password[128] = {0};
+- char *banner;
++ char *banner = NULL;
+
+ // Try to authenticate
+ rc = ssh_userauth_none(session, NULL);
+diff --git a/examples/connect_ssh.c b/examples/connect_ssh.c
+index c9e4ef6e..06094272 100644
+--- a/examples/connect_ssh.c
++++ b/examples/connect_ssh.c
+@@ -22,7 +22,7 @@ clients must be made or how a client should react.
+ #include <stdio.h>
+
+ ssh_session connect_ssh(const char *host, const char *user,int verbosity){
+- ssh_session session;
++ ssh_session session = NULL;
+ int auth=0;
+
+ session=ssh_new();
+diff --git a/examples/exec.c b/examples/exec.c
+index 77d3be47..f90df364 100644
+--- a/examples/exec.c
++++ b/examples/exec.c
+@@ -5,8 +5,8 @@
+ #include "examples_common.h"
+
+ int main(void) {
+- ssh_session session;
+- ssh_channel channel;
++ ssh_session session = NULL;
++ ssh_channel channel = NULL;
+ char buffer[256];
+ int rbytes, wbytes, total = 0;
+ int rc;
+diff --git a/examples/knownhosts.c b/examples/knownhosts.c
+index 0726bfa8..2857a085 100644
+--- a/examples/knownhosts.c
++++ b/examples/knownhosts.c
+@@ -38,7 +38,7 @@ int verify_knownhost(ssh_session session)
+ char buf[10];
+ unsigned char *hash = NULL;
+ size_t hlen;
+- ssh_key srv_pubkey;
++ ssh_key srv_pubkey = NULL;
+ int rc;
+
+ rc = ssh_get_server_publickey(session, &srv_pubkey);
+diff --git a/examples/libssh_scp.c b/examples/libssh_scp.c
+index 6fdf8a4f..a332e0d2 100644
+--- a/examples/libssh_scp.c
++++ b/examples/libssh_scp.c
+@@ -26,9 +26,9 @@ program.
+ #define BUF_SIZE 16384
+ #endif
+
+-static char **sources;
++static char **sources = NULL;
+ static int nsources;
+-static char *destination;
++static char *destination = NULL;
+ static int verbosity = 0;
+
+ struct location {
+@@ -114,9 +114,10 @@ static void location_free(struct location *loc)
+ }
+ }
+
+-static struct location *parse_location(char *loc) {
+- struct location *location;
+- char *ptr;
++static struct location *parse_location(char *loc)
++{
++ struct location *location = NULL;
++ char *ptr = NULL;
+
+ location = malloc(sizeof(struct location));
+ if (location == NULL) {
+diff --git a/examples/proxy.c b/examples/proxy.c
+index 159a37e5..25451789 100644
+--- a/examples/proxy.c
++++ b/examples/proxy.c
+@@ -35,8 +35,8 @@ clients must be made or how a client should react.
+ static int authenticated=0;
+ static int tries = 0;
+ static int error = 0;
+-static ssh_channel chan=NULL;
+-static char *username;
++static ssh_channel chan = NULL;
++static char *username = NULL;
+ static ssh_gssapi_creds client_creds = NULL;
+
+ static int auth_password(ssh_session session, const char *user,
+@@ -216,11 +216,12 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
+ static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
+ #endif /* HAVE_ARGP_H */
+
+-int main(int argc, char **argv){
+- ssh_session session;
+- ssh_bind sshbind;
+- ssh_event mainloop;
+- ssh_session client_session;
++int main(int argc, char **argv)
++{
++ ssh_session session = NULL;
++ ssh_bind sshbind = NULL;
++ ssh_event mainloop = NULL;
++ ssh_session client_session = NULL;
+
+ struct ssh_server_callbacks_struct cb = {
+ .userdata = NULL,
+@@ -231,7 +232,7 @@ int main(int argc, char **argv){
+
+ char buf[BUF_SIZE];
+ char host[128]="";
+- char *ptr;
++ char *ptr = NULL;
+ int i,r, rc;
+
+ sshbind=ssh_bind_new();
+@@ -348,4 +349,3 @@ int main(int argc, char **argv){
+ ssh_finalize();
+ return 0;
+ }
+-
+diff --git a/examples/samplesshd-cb.c b/examples/samplesshd-cb.c
+index e5b48994..693b040d 100644
+--- a/examples/samplesshd-cb.c
++++ b/examples/samplesshd-cb.c
+@@ -257,10 +257,11 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
+ static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
+ #endif /* HAVE_ARGP_H */
+
+-int main(int argc, char **argv){
+- ssh_session session;
+- ssh_bind sshbind;
+- ssh_event mainloop;
++int main(int argc, char **argv)
++{
++ ssh_session session = NULL;
++ ssh_bind sshbind = NULL;
++ ssh_event mainloop = NULL;
+ struct ssh_server_callbacks_struct cb = {
+ .userdata = NULL,
+ .auth_none_function = auth_none,
+@@ -353,4 +354,3 @@ int main(int argc, char **argv){
+ ssh_finalize();
+ return 0;
+ }
+-
+diff --git a/examples/samplesshd-kbdint.c b/examples/samplesshd-kbdint.c
+index 6608306c..141088c2 100644
+--- a/examples/samplesshd-kbdint.c
++++ b/examples/samplesshd-kbdint.c
+@@ -187,8 +187,8 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
+ static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
+ #endif /* HAVE_ARGP_H */
+
+-static const char *name;
+-static const char *instruction;
++static const char *name = NULL;
++static const char *instruction = NULL;
+ static const char *prompts[2];
+ static char echo[] = { 1, 0 };
+
+@@ -292,11 +292,12 @@ static int authenticate(ssh_session session) {
+ return 0;
+ }
+
+-int main(int argc, char **argv){
+- ssh_session session;
+- ssh_bind sshbind;
+- ssh_message message;
+- ssh_channel chan=0;
++int main(int argc, char **argv)
++{
++ ssh_session session = NULL;
++ ssh_bind sshbind = NULL;
++ ssh_message message = NULL;
++ ssh_channel chan = NULL;
+ char buf[BUF_SIZE];
+ int auth=0;
+ int shell=0;
+@@ -426,4 +427,3 @@ int main(int argc, char **argv){
+ ssh_finalize();
+ return 0;
+ }
+-
+diff --git a/examples/scp_download.c b/examples/scp_download.c
+index e6c1e796..dcaa2cb7 100644
+--- a/examples/scp_download.c
++++ b/examples/scp_download.c
+@@ -108,7 +108,7 @@ static int fetch_files(ssh_session session){
+ int size;
+ char buffer[BUF_SIZE];
+ int mode;
+- char *filename;
++ char *filename = NULL;
+ int r;
+ ssh_scp scp=ssh_scp_new(session, SSH_SCP_READ | SSH_SCP_RECURSIVE, "/tmp/libssh_tests/*");
+ if(ssh_scp_init(scp) != SSH_OK){
+@@ -167,7 +167,7 @@ static int fetch_files(ssh_session session){
+ }
+
+ int main(int argc, char **argv){
+- ssh_session session;
++ ssh_session session = NULL;
+ if(opts(argc,argv)<0)
+ return EXIT_FAILURE;
+ session=connect_ssh(host,NULL,verbosity);
+diff --git a/examples/senddata.c b/examples/senddata.c
+index 21181fb9..78383a2b 100644
+--- a/examples/senddata.c
++++ b/examples/senddata.c
+@@ -6,7 +6,7 @@
+ #define LIMIT 0x100000000UL
+
+ int main(void) {
+- ssh_session session;
++ ssh_session session = NULL;
+ ssh_channel channel;
+ char buffer[1024*1024];
+ int rc;
+@@ -47,7 +47,7 @@ int main(void) {
+ if(total > LIMIT)
+ break;
+ }
+-
++
+ if (rc < 0) {
+ printf("error : %s\n",ssh_get_error(session));
+ ssh_channel_close(channel);
+diff --git a/examples/ssh_client.c b/examples/ssh_client.c
+index aaf0cb5b..896890c3 100644
+--- a/examples/ssh_client.c
++++ b/examples/ssh_client.c
+@@ -53,7 +53,7 @@ static struct termios terminal;
+
+ static char *pcap_file = NULL;
+
+-static char *proxycommand;
++static char *proxycommand = NULL;
+
+ static int auth_callback(const char *prompt,
+ char *buf,
+@@ -252,7 +252,7 @@ static void select_loop(ssh_session session,ssh_channel channel)
+
+ static void shell(ssh_session session)
+ {
+- ssh_channel channel;
++ ssh_channel channel = NULL;
+ struct termios terminal_local;
+ int interactive=isatty(0);
+
+@@ -324,7 +324,7 @@ static void batch_shell(ssh_session session)
+ static int client(ssh_session session)
+ {
+ int auth = 0;
+- char *banner;
++ char *banner = NULL;
+ int state;
+
+ if (user) {
+@@ -408,7 +408,7 @@ static void cleanup_pcap(void)
+
+ int main(int argc, char **argv)
+ {
+- ssh_session session;
++ ssh_session session = NULL;
+
+ ssh_init();
+ session = ssh_new();
+diff --git a/examples/sshd_direct-tcpip.c b/examples/sshd_direct-tcpip.c
+index b0e29796..152377e9 100644
+--- a/examples/sshd_direct-tcpip.c
++++ b/examples/sshd_direct-tcpip.c
+@@ -358,7 +358,7 @@ my_fd_data_function(UNUSED_PARAM(socket_t fd),
+ {
+ struct event_fd_data_struct *event_fd_data = (struct event_fd_data_struct *)userdata;
+ ssh_channel channel = event_fd_data->channel;
+- ssh_session session;
++ ssh_session session = NULL;
+ int len, i, wr;
+ char buf[BUF_SIZE];
+ int blocking;
+@@ -452,8 +452,8 @@ open_tcp_socket(ssh_message msg)
+ {
+ struct sockaddr_in sin;
+ int forwardsock = -1;
+- struct hostent *host;
+- const char *dest_hostname;
++ struct hostent *host = NULL;
++ const char *dest_hostname = NULL;
+ int dest_port;
+
+ forwardsock = socket(AF_INET, SOCK_STREAM, 0);
+@@ -496,8 +496,8 @@ message_callback(UNUSED_PARAM(ssh_session session),
+ UNUSED_PARAM(void *userdata))
+ {
+ ssh_channel channel;
+- int socket_fd, *pFd;
+- struct ssh_channel_callbacks_struct *cb_chan;
++ int socket_fd, *pFd = NULL;
++ struct ssh_channel_callbacks_struct *cb_chan = NULL;
+ struct event_fd_data_struct *event_fd_data;
+
+ _ssh_log(SSH_LOG_PACKET, "=== message_callback", "Message type: %d",
+@@ -665,8 +665,8 @@ static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
+ int
+ main(int argc, char **argv)
+ {
+- ssh_session session;
+- ssh_bind sshbind;
++ ssh_session session = NULL;
++ ssh_bind sshbind = NULL;
+ struct ssh_server_callbacks_struct cb = {
+ .userdata = NULL,
+ .auth_password_function = auth_password,
+diff --git a/examples/sshnetcat.c b/examples/sshnetcat.c
+index 59b0a289..8a1153a6 100644
+--- a/examples/sshnetcat.c
++++ b/examples/sshnetcat.c
+@@ -39,7 +39,7 @@ clients must be made or how a client should react.
+ #define BUF_SIZE 4096
+ #endif
+
+-char *host;
++char *host = NULL;
+ const char *desthost="localhost";
+ const char *port="22";
+
+@@ -193,7 +193,7 @@ static void forwarding(ssh_session session){
+
+ static int client(ssh_session session){
+ int auth=0;
+- char *banner;
++ char *banner = NULL;
+ int state;
+
+ if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0)
+@@ -246,7 +246,7 @@ void cleanup_pcap(void)
+ #endif
+
+ int main(int argc, char **argv){
+- ssh_session session;
++ ssh_session session = NULL;
+
+ session = ssh_new();
+
+diff --git a/src/agent.c b/src/agent.c
+index 6e3d7d79..c81b0805 100644
+--- a/src/agent.c
++++ b/src/agent.c
+@@ -424,8 +424,9 @@ ssh_key ssh_agent_get_first_ident(struct ssh_session_struct *session,
+
+ /* caller has to free comment */
+ ssh_key ssh_agent_get_next_ident(struct ssh_session_struct *session,
+- char **comment) {
+- struct ssh_key_struct *key;
++ char **comment)
++{
++ struct ssh_key_struct *key = NULL;
+ struct ssh_string_struct *blob = NULL;
+ struct ssh_string_struct *tmp = NULL;
+ int rc;
+@@ -494,10 +495,10 @@ ssh_string ssh_agent_sign_data(ssh_session session,
+ const ssh_key pubkey,
+ struct ssh_buffer_struct *data)
+ {
+- ssh_buffer request;
+- ssh_buffer reply;
+- ssh_string key_blob;
+- ssh_string sig_blob;
++ ssh_buffer request = NULL;
++ ssh_buffer reply = NULL;
++ ssh_string key_blob = NULL;
++ ssh_string sig_blob = NULL;
+ unsigned int type = 0;
+ unsigned int flags = 0;
+ uint32_t dlen;
+diff --git a/src/auth.c b/src/auth.c
+index 4feb6558..98022311 100644
+--- a/src/auth.c
++++ b/src/auth.c
+@@ -195,8 +195,9 @@ static int ssh_userauth_get_response(ssh_session session)
+ *
+ * This banner should be shown to user prior to authentication
+ */
+-SSH_PACKET_CALLBACK(ssh_packet_userauth_banner) {
+- ssh_string banner;
++SSH_PACKET_CALLBACK(ssh_packet_userauth_banner)
++{
++ ssh_string banner = NULL;
+ (void)type;
+ (void)user;
+
+@@ -1398,7 +1399,7 @@ int ssh_userauth_agent_pubkey(ssh_session session,
+ const char *username,
+ ssh_public_key publickey)
+ {
+- ssh_key key;
++ ssh_key key = NULL;
+ int rc;
+
+ key = ssh_key_new();
+diff --git a/src/bind.c b/src/bind.c
+index a91e6747..c331006a 100644
+--- a/src/bind.c
++++ b/src/bind.c
+@@ -74,7 +74,7 @@
+ static socket_t bind_socket(ssh_bind sshbind, const char *hostname,
+ int port) {
+ char port_c[6];
+- struct addrinfo *ai;
++ struct addrinfo *ai = NULL;
+ struct addrinfo hints;
+ int opt = 1;
+ socket_t s;
+@@ -132,8 +132,9 @@ static socket_t bind_socket(ssh_bind sshbind, const char *hostname,
+ return s;
+ }
+
+-ssh_bind ssh_bind_new(void) {
+- ssh_bind ptr;
++ssh_bind ssh_bind_new(void)
++{
++ ssh_bind ptr = NULL;
+
+ ptr = calloc(1, sizeof(struct ssh_bind_struct));
+ if (ptr == NULL) {
+@@ -251,7 +252,7 @@ static int ssh_bind_import_keys(ssh_bind sshbind) {
+ }
+
+ int ssh_bind_listen(ssh_bind sshbind) {
+- const char *host;
++ const char *host = NULL;
+ socket_t fd;
+ int rc;
+
+@@ -475,7 +476,7 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd)
+ return SSH_ERROR;
+ }
+ } else {
+- char *p;
++ char *p = NULL;
+ /* If something was set to the session prior to calling this
+ * function, keep only what is allowed by the options set in
+ * sshbind */
+diff --git a/src/bind_config.c b/src/bind_config.c
+index 27c42c95..ed42cbe3 100644
+--- a/src/bind_config.c
++++ b/src/bind_config.c
+@@ -200,7 +200,7 @@ local_parse_file(ssh_bind bind,
+ uint8_t *seen,
+ unsigned int depth)
+ {
+- FILE *f;
++ FILE *f = NULL;
+ char line[MAX_LINE_SIZE] = {0};
+ unsigned int count = 0;
+ int rv;
+@@ -626,7 +626,7 @@ int ssh_bind_config_parse_file(ssh_bind bind, const char *filename)
+ {
+ char line[MAX_LINE_SIZE] = {0};
+ unsigned int count = 0;
+- FILE *f;
++ FILE *f = NULL;
+ uint32_t parser_flags;
+ int rv;
+
+diff --git a/src/buffer.c b/src/buffer.c
+index 8991e006..62fda334 100644
+--- a/src/buffer.c
++++ b/src/buffer.c
+@@ -371,7 +371,8 @@ int ssh_buffer_allocate_size(struct ssh_buffer_struct *buffer,
+ */
+ void *ssh_buffer_allocate(struct ssh_buffer_struct *buffer, uint32_t len)
+ {
+- void *ptr;
++ void *ptr = NULL;
++
+ buffer_verify(buffer);
+
+ if (buffer->used + len < len) {
+@@ -925,7 +926,7 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
+ va_list ap)
+ {
+ int rc = SSH_ERROR;
+- const char *p;
++ const char *p = NULL;
+ union {
+ uint8_t byte;
+ uint16_t word;
+@@ -934,7 +935,7 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
+ ssh_string string;
+ void *data;
+ } o;
+- char *cstring;
++ char *cstring = NULL;
+ bignum b;
+ size_t len;
+ size_t count;
+@@ -1093,7 +1094,7 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
+ va_list ap)
+ {
+ int rc = SSH_ERROR;
+- const char *p = format, *last;
++ const char *p = format, *last = NULL;
+ union {
+ uint8_t *byte;
+ uint16_t *word;
+diff --git a/src/callbacks.c b/src/callbacks.c
+index 3ed2f11c..6bfed62a 100644
+--- a/src/callbacks.c
++++ b/src/callbacks.c
+@@ -113,7 +113,7 @@ int ssh_add_channel_callbacks(ssh_channel channel, ssh_channel_callbacks cb)
+
+ int ssh_remove_channel_callbacks(ssh_channel channel, ssh_channel_callbacks cb)
+ {
+- struct ssh_iterator *it;
++ struct ssh_iterator *it = NULL;
+
+ if (channel == NULL || channel->callbacks == NULL){
+ return SSH_ERROR;
+diff --git a/src/chachapoly.c b/src/chachapoly.c
+index 2cd23854..354a0d26 100644
+--- a/src/chachapoly.c
++++ b/src/chachapoly.c
+@@ -42,7 +42,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher,
+ void *key,
+ void *IV)
+ {
+- struct chacha20_poly1305_keysched *sched;
++ struct chacha20_poly1305_keysched *sched = NULL;
+ uint8_t *u8key = key;
+ (void)IV;
+
+diff --git a/src/channels.c b/src/channels.c
+index ab6915a2..8290dbd1 100644
+--- a/src/channels.c
++++ b/src/channels.c
+@@ -165,7 +165,7 @@ uint32_t ssh_channel_new_id(ssh_session session)
+ */
+ SSH_PACKET_CALLBACK(ssh_packet_channel_open_conf){
+ uint32_t channelid=0;
+- ssh_channel channel;
++ ssh_channel channel = NULL;
+ int rc;
+ (void)type;
+ (void)user;
+@@ -226,7 +226,7 @@ error:
+ */
+ SSH_PACKET_CALLBACK(ssh_packet_channel_open_fail){
+
+- ssh_channel channel;
++ ssh_channel channel = NULL;
+ char *error = NULL;
+ uint32_t code;
+ int rc;
+@@ -386,7 +386,7 @@ end:
+ /* return channel with corresponding local id, or NULL if not found */
+ ssh_channel ssh_channel_from_local(ssh_session session, uint32_t id) {
+ struct ssh_iterator *it;
+- ssh_channel channel;
++ ssh_channel channel = NULL;
+
+ for (it = ssh_list_get_iterator(session->channels); it != NULL ; it=it->next) {
+ channel = ssh_iterator_value(ssh_channel, it);
+@@ -471,7 +471,7 @@ error:
+ */
+ static ssh_channel channel_from_msg(ssh_session session, ssh_buffer packet)
+ {
+- ssh_channel channel;
++ ssh_channel channel = NULL;
+ uint32_t chan;
+ int rc;
+
+@@ -493,7 +493,7 @@ static ssh_channel channel_from_msg(ssh_session session, ssh_buffer packet)
+ }
+
+ SSH_PACKET_CALLBACK(channel_rcv_change_window) {
+- ssh_channel channel;
++ ssh_channel channel = NULL;
+ uint32_t bytes;
+ int rc;
+ (void)user;
+@@ -632,7 +632,7 @@ SSH_PACKET_CALLBACK(channel_rcv_data){
+ }
+
+ SSH_PACKET_CALLBACK(channel_rcv_eof) {
+- ssh_channel channel;
++ ssh_channel channel = NULL;
+ (void)user;
+ (void)type;
+
+@@ -676,8 +676,9 @@ static bool ssh_channel_has_unread_data(ssh_channel channel)
+ return false;
+ }
+
+-SSH_PACKET_CALLBACK(channel_rcv_close) {
+- ssh_channel channel;
++SSH_PACKET_CALLBACK(channel_rcv_close)
++{
++ ssh_channel channel = NULL;
+ (void)user;
+ (void)type;
+
+@@ -902,7 +903,7 @@ int channel_default_bufferize(ssh_channel channel,
+ void *data, uint32_t len,
+ bool is_stderr)
+ {
+- ssh_session session;
++ ssh_session session = NULL;
+
+ if(channel == NULL) {
+ return -1;
+@@ -1041,7 +1042,7 @@ int ssh_channel_open_auth_agent(ssh_channel channel)
+ int ssh_channel_open_forward(ssh_channel channel, const char *remotehost,
+ int remoteport, const char *sourcehost, int localport)
+ {
+- ssh_session session;
++ ssh_session session = NULL;
+ ssh_buffer payload = NULL;
+ ssh_string str = NULL;
+ int rc = SSH_ERROR;
+@@ -1179,7 +1180,7 @@ error:
+ */
+ void ssh_channel_free(ssh_channel channel)
+ {
+- ssh_session session;
++ ssh_session session = NULL;
+
+ if (channel == NULL) {
+ return;
+@@ -1280,7 +1281,7 @@ void ssh_channel_do_free(ssh_channel channel)
+ */
+ int ssh_channel_send_eof(ssh_channel channel)
+ {
+- ssh_session session;
++ ssh_session session = NULL;
+ int rc = SSH_ERROR;
+ int err;
+
+@@ -1341,7 +1342,7 @@ error:
+ */
+ int ssh_channel_close(ssh_channel channel)
+ {
+- ssh_session session;
++ ssh_session session = NULL;
+ int rc = 0;
+
+ if(channel == NULL) {
+@@ -1437,7 +1438,7 @@ static int channel_write_common(ssh_channel channel,
+ const void *data,
+ uint32_t len, int is_stderr)
+ {
+- ssh_session session;
++ ssh_session session = NULL;
+ uint32_t origlen = len;
+ size_t effectivelen;
+ size_t maxpacketlen;
+@@ -1694,7 +1695,7 @@ void ssh_channel_set_blocking(ssh_channel channel, int blocking)
+ * @brief handle a SSH_CHANNEL_SUCCESS packet and set the channel state.
+ */
+ SSH_PACKET_CALLBACK(ssh_packet_channel_success){
+- ssh_channel channel;
++ ssh_channel channel = NULL;
+ (void)type;
+ (void)user;
+
+@@ -1724,7 +1725,7 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_success){
+ * @brief Handle a SSH_CHANNEL_FAILURE packet and set the channel state.
+ */
+ SSH_PACKET_CALLBACK(ssh_packet_channel_failure){
+- ssh_channel channel;
++ ssh_channel channel = NULL;
+ (void)type;
+ (void)user;
+
+@@ -1863,7 +1864,7 @@ error:
+ int ssh_channel_request_pty_size(ssh_channel channel, const char *terminal,
+ int col, int row)
+ {
+- ssh_session session;
++ ssh_session session = NULL;
+ ssh_buffer buffer = NULL;
+ int rc = SSH_ERROR;
+
+@@ -2174,7 +2175,7 @@ static ssh_channel ssh_channel_accept(ssh_session session, int channeltype,
+ #endif
+ ssh_message msg = NULL;
+ ssh_channel channel = NULL;
+- struct ssh_iterator *iterator;
++ struct ssh_iterator *iterator = NULL;
+ int t;
+
+ /*
+@@ -2838,7 +2839,7 @@ error:
+ int channel_read_buffer(ssh_channel channel, ssh_buffer buffer, uint32_t count,
+ int is_stderr)
+ {
+- ssh_session session;
++ ssh_session session = NULL;
+ char *buffer_tmp = NULL;
+ int r;
+ uint32_t total=0;
+@@ -2979,7 +2980,7 @@ int ssh_channel_read_timeout(ssh_channel channel,
+ int is_stderr,
+ int timeout_ms)
+ {
+- ssh_session session;
++ ssh_session session = NULL;
+ ssh_buffer stdbuf;
+ uint32_t len;
+ struct ssh_channel_read_termination_struct ctx;
+@@ -3103,7 +3104,7 @@ int ssh_channel_read_nonblocking(ssh_channel channel,
+ uint32_t count,
+ int is_stderr)
+ {
+- ssh_session session;
++ ssh_session session = NULL;
+ uint32_t to_read;
+ int rc;
+ int blocking;
+@@ -3213,8 +3214,8 @@ int ssh_channel_poll(ssh_channel channel, int is_stderr)
+ */
+ int ssh_channel_poll_timeout(ssh_channel channel, int timeout, int is_stderr)
+ {
+- ssh_session session;
+- ssh_buffer stdbuf;
++ ssh_session session = NULL;
++ ssh_buffer stdbuf = NULL;
+ struct ssh_channel_read_termination_struct ctx;
+ size_t len;
+ int rc;
+@@ -3341,7 +3342,7 @@ channel_protocol_select(ssh_channel *rchans, ssh_channel *wchans,
+ ssh_channel *echans, ssh_channel *rout,
+ ssh_channel *wout, ssh_channel *eout)
+ {
+- ssh_channel chan;
++ ssh_channel chan = NULL;
+ int i;
+ int j = 0;
+
+@@ -3422,7 +3423,7 @@ static size_t count_ptrs(ssh_channel *ptrs)
+ int ssh_channel_select(ssh_channel *readchans, ssh_channel *writechans,
+ ssh_channel *exceptchans, struct timeval * timeout)
+ {
+- ssh_channel *rchans, *wchans, *echans;
++ ssh_channel *rchans = NULL, *wchans = NULL, *echans = NULL;
+ ssh_channel dummy = NULL;
+ ssh_event event = NULL;
+ int rc;
+@@ -3615,7 +3616,7 @@ int ssh_channel_write_stderr(ssh_channel channel, const void *data, uint32_t len
+ int ssh_channel_open_reverse_forward(ssh_channel channel, const char *remotehost,
+ int remoteport, const char *sourcehost, int localport)
+ {
+- ssh_session session;
++ ssh_session session = NULL;
+ ssh_buffer payload = NULL;
+ int rc = SSH_ERROR;
+
+@@ -3679,7 +3680,7 @@ error:
+ int ssh_channel_open_x11(ssh_channel channel,
+ const char *orig_addr, int orig_port)
+ {
+- ssh_session session;
++ ssh_session session = NULL;
+ ssh_buffer payload = NULL;
+ int rc = SSH_ERROR;
+
+diff --git a/src/client.c b/src/client.c
+index e912090e..0cfca1c4 100644
+--- a/src/client.c
++++ b/src/client.c
+@@ -748,7 +748,7 @@ ssh_session_set_disconnect_message(ssh_session session, const char *message)
+ void
+ ssh_disconnect(ssh_session session)
+ {
+- struct ssh_iterator *it;
++ struct ssh_iterator *it = NULL;
+ int rc;
+
+ if (session == NULL) {
+diff --git a/src/config.c b/src/config.c
+index c5c40125..d4d8d419 100644
+--- a/src/config.c
++++ b/src/config.c
+@@ -203,7 +203,7 @@ local_parse_file(ssh_session session,
+ unsigned int depth,
+ bool global)
+ {
+- FILE *f;
++ FILE *f = NULL;
+ char line[MAX_LINE_SIZE] = {0};
+ unsigned int count = 0;
+ int rv;
+@@ -1201,7 +1201,7 @@ int ssh_config_parse_file(ssh_session session, const char *filename)
+ {
+ char line[MAX_LINE_SIZE] = {0};
+ unsigned int count = 0;
+- FILE *f;
++ FILE *f = NULL;
+ int parsing, rv;
+ bool global = 0;
+
+diff --git a/src/config_parser.c b/src/config_parser.c
+index b8b94611..e55c76d0 100644
+--- a/src/config_parser.c
++++ b/src/config_parser.c
+@@ -39,8 +39,8 @@
+ */
+ char *ssh_config_get_cmd(char **str)
+ {
+- register char *c;
+- char *r;
++ register char *c = NULL;
++ char *r = NULL;
+
+ /* Ignore leading spaces */
+ for (c = *str; *c; c++) {
+@@ -67,7 +67,7 @@ out:
+ */
+ char *ssh_config_get_token(char **str)
+ {
+- register char *c;
++ register char *c = NULL;
+ bool had_equal = false;
+ char *r = NULL;
+
+@@ -116,7 +116,7 @@ out:
+
+ long ssh_config_get_long(char **str, long notfound)
+ {
+- char *p, *endp;
++ char *p = NULL, *endp = NULL;
+ long i;
+
+ p = ssh_config_get_token(str);
+@@ -133,7 +133,7 @@ long ssh_config_get_long(char **str, long notfound)
+
+ const char *ssh_config_get_str_tok(char **str, const char *def)
+ {
+- char *p;
++ char *p = NULL;
+
+ p = ssh_config_get_token(str);
+ if (p && *p) {
+@@ -145,7 +145,7 @@ const char *ssh_config_get_str_tok(char **str, const char *def)
+
+ int ssh_config_get_yesno(char **str, int notfound)
+ {
+- const char *p;
++ const char *p = NULL;
+
+ p = ssh_config_get_str_tok(str, NULL);
+ if (p == NULL) {
+diff --git a/src/connect.c b/src/connect.c
+index 15cae644..2d09af5e 100644
+--- a/src/connect.c
++++ b/src/connect.c
+@@ -194,8 +194,8 @@ socket_t ssh_connect_host_nonblocking(ssh_session session, const char *host,
+ }
+
+ if (bind_addr) {
+- struct addrinfo *bind_ai;
+- struct addrinfo *bind_itr;
++ struct addrinfo *bind_ai = NULL;
++ struct addrinfo *bind_itr = NULL;
+
+ SSH_LOG(SSH_LOG_PACKET, "Resolving %s", bind_addr);
+
+diff --git a/src/connector.c b/src/connector.c
+index 56716749..6632cca1 100644
+--- a/src/connector.c
++++ b/src/connector.c
+@@ -637,8 +637,9 @@ error:
+ return rc;
+ }
+
+-int ssh_connector_remove_event(ssh_connector connector) {
+- ssh_session session;
++int ssh_connector_remove_event(ssh_connector connector)
++{
++ ssh_session session = NULL;
+
+ if (connector->in_poll != NULL) {
+ ssh_event_remove_poll(connector->event, connector->in_poll);
+diff --git a/src/dh_crypto.c b/src/dh_crypto.c
+index 9ff7ad3c..4dd9b507 100644
+--- a/src/dh_crypto.c
++++ b/src/dh_crypto.c
+@@ -404,7 +404,7 @@ done:
+ */
+ int ssh_dh_init_common(struct ssh_crypto_struct *crypto)
+ {
+- struct dh_ctx *ctx;
++ struct dh_ctx *ctx = NULL;
+ int rc;
+
+ ctx = calloc(1, sizeof(*ctx));
+diff --git a/src/ecdh_gcrypt.c b/src/ecdh_gcrypt.c
+index 3d9d426f..73fcd50f 100644
+--- a/src/ecdh_gcrypt.c
++++ b/src/ecdh_gcrypt.c
+@@ -132,9 +132,9 @@ int ecdh_build_k(ssh_session session)
+ #else
+ size_t k_len = 0;
+ enum ssh_key_exchange_e kex_type = session->next_crypto->kex_type;
+- ssh_string s;
++ ssh_string s = NULL;
+ #endif
+- ssh_string pubkey_raw;
++ ssh_string pubkey_raw = NULL;
+ gcry_sexp_t pubkey = NULL;
+ ssh_string privkey = NULL;
+ int rc = SSH_ERROR;
+diff --git a/src/gcrypt_missing.c b/src/gcrypt_missing.c
+index e931ec5b..56dcfb6d 100644
+--- a/src/gcrypt_missing.c
++++ b/src/gcrypt_missing.c
+@@ -47,7 +47,7 @@ int ssh_gcry_dec2bn(bignum *bn, const char *data) {
+
+ char *ssh_gcry_bn2dec(bignum bn) {
+ bignum bndup, num, ten;
+- char *ret;
++ char *ret = NULL;
+ int count, count2;
+ int size, rsize;
+ char decnum;
+diff --git a/src/getpass.c b/src/getpass.c
+index 6be33c77..c19c4bc0 100644
+--- a/src/getpass.c
++++ b/src/getpass.c
+@@ -46,7 +46,7 @@
+ */
+ static int ssh_gets(const char *prompt, char *buf, size_t len, int verify)
+ {
+- char *tmp;
++ char *tmp = NULL;
+ char *ptr = NULL;
+ int ok = 0;
+
+@@ -78,7 +78,7 @@ static int ssh_gets(const char *prompt, char *buf, size_t len, int verify)
+ }
+
+ if (verify) {
+- char *key_string;
++ char *key_string = NULL;
+
+ key_string = calloc(1, len);
+ if (key_string == NULL) {
+diff --git a/src/gssapi.c b/src/gssapi.c
+index 5325ac72..fd7b25af 100644
+--- a/src/gssapi.c
++++ b/src/gssapi.c
+@@ -196,7 +196,7 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user,
+ gss_name_t server_name; /* local server fqdn */
+ OM_uint32 maj_stat, min_stat;
+ size_t i;
+- char *ptr;
++ char *ptr = NULL;
+ gss_OID_set supported; /* oids supported by server */
+ gss_OID_set both_supported; /* oids supported by both client and server */
+ gss_OID_set selected; /* oid selected for authentication */
+@@ -341,7 +341,7 @@ static char *ssh_gssapi_name_to_char(gss_name_t name)
+ {
+ gss_buffer_desc buffer;
+ OM_uint32 maj_stat, min_stat;
+- char *ptr;
++ char *ptr = NULL;
+ maj_stat = gss_display_name(&min_stat, name, &buffer, NULL);
+ ssh_gssapi_log_error(SSH_LOG_WARNING,
+ "converting name",
+@@ -359,9 +359,10 @@ static char *ssh_gssapi_name_to_char(gss_name_t name)
+
+ }
+
+-SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
+- ssh_string token;
+- char *hexa;
++SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server)
++{
++ ssh_string token = NULL;
++ char *hexa = NULL;
+ OM_uint32 maj_stat, min_stat;
+ gss_buffer_desc input_token, output_token = GSS_C_EMPTY_BUFFER;
+ gss_name_t client_name = GSS_C_NO_NAME;
+@@ -385,7 +386,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
+ }
+
+ if (ssh_callbacks_exists(session->server_callbacks, gssapi_accept_sec_ctx_function)){
+- ssh_string out_token=NULL;
++ ssh_string out_token = NULL;
+ rc = session->server_callbacks->gssapi_accept_sec_ctx_function(session,
+ token, &out_token, session->server_callbacks->userdata);
+ if (rc == SSH_ERROR){
+@@ -507,7 +508,7 @@ static ssh_buffer ssh_gssapi_build_mic(ssh_session session)
+
+ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_mic)
+ {
+- ssh_string mic_token;
++ ssh_string mic_token = NULL;
+ OM_uint32 maj_stat, min_stat;
+ gss_buffer_desc mic_buf = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc mic_token_buf = GSS_C_EMPTY_BUFFER;
+@@ -670,7 +671,7 @@ static int ssh_gssapi_match(ssh_session session, gss_OID_set *valid_oids)
+ gss_name_t client_id = GSS_C_NO_NAME;
+ gss_OID oid;
+ unsigned int i;
+- char *ptr;
++ char *ptr = NULL;
+ int ret;
+
+ if (session->gssapi->client.client_deleg_creds == NULL) {
+@@ -866,11 +867,11 @@ static gss_OID ssh_gssapi_oid_from_string(ssh_string oid_s)
+
+ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){
+ int rc;
+- ssh_string oid_s;
++ ssh_string oid_s = NULL;
+ gss_uint32 maj_stat, min_stat;
+ gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
+- char *hexa;
++ char *hexa = NULL;
+ (void)type;
+ (void)user;
+
+@@ -987,10 +988,11 @@ static int ssh_gssapi_send_mic(ssh_session session)
+ return ssh_packet_send(session);
+ }
+
+-SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){
++SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client)
++{
+ int rc;
+- ssh_string token;
+- char *hexa;
++ ssh_string token = NULL;
++ char *hexa = NULL;
+ OM_uint32 maj_stat, min_stat;
+ gss_buffer_desc input_token, output_token = GSS_C_EMPTY_BUFFER;
+ (void)user;
+diff --git a/src/kex.c b/src/kex.c
+index fbc70cf4..ecfc0120 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -330,7 +330,7 @@ static int cmp_first_kex_algo(const char *client_str,
+ size_t client_kex_len;
+ size_t server_kex_len;
+
+- char *colon;
++ char *colon = NULL;
+
+ int is_wrong = 1;
+
+@@ -762,7 +762,7 @@ char *ssh_client_select_hostkeys(ssh_session session)
+ int ssh_set_client_kex(ssh_session session)
+ {
+ struct ssh_kex_struct *client = &session->next_crypto->client_kex;
+- const char *wanted;
++ const char *wanted = NULL;
+ int ok;
+ int i;
+
+diff --git a/src/known_hosts.c b/src/known_hosts.c
+index 84e15572..f660a6f3 100644
+--- a/src/known_hosts.c
++++ b/src/known_hosts.c
+@@ -79,8 +79,8 @@ static struct ssh_tokens_st *ssh_get_knownhost_line(FILE **file,
+ const char **found_type)
+ {
+ char buffer[MAX_LINE_SIZE] = {0};
+- char *ptr;
+- struct ssh_tokens_st *tokens;
++ char *ptr = NULL;
++ struct ssh_tokens_st *tokens = NULL;
+
+ if (*file == NULL) {
+ *file = fopen(filename,"r");
+@@ -149,7 +149,7 @@ static struct ssh_tokens_st *ssh_get_knownhost_line(FILE **file,
+ static int check_public_key(ssh_session session, char **tokens) {
+ ssh_string pubkey_blob = NULL;
+ ssh_buffer pubkey_buffer;
+- char *pubkey_64;
++ char *pubkey_64 = NULL;
+ int rc;
+
+ /* ssh-dss or ssh-rsa */
+@@ -205,11 +205,11 @@ static int match_hashed_host(const char *host, const char *sourcehash)
+ * hash := HMAC_SHA1(key=salt,data=host)
+ */
+ unsigned char buffer[256] = {0};
+- ssh_buffer salt;
+- ssh_buffer hash;
+- HMACCTX mac;
+- char *source;
+- char *b64hash;
++ ssh_buffer salt = NULL;
++ ssh_buffer hash = NULL;
++ HMACCTX mac = NULL;
++ char *source = NULL;
++ char *b64hash = NULL;
+ int match, rc;
+ size_t size;
+
+@@ -304,14 +304,14 @@ static int match_hashed_host(const char *host, const char *sourcehash)
+ int ssh_is_server_known(ssh_session session)
+ {
+ FILE *file = NULL;
+- char *host;
+- char *hostport;
+- const char *type;
++ char *host = NULL;
++ char *hostport = NULL;
++ const char *type = NULL;
+ int match;
+ int i = 0;
+- char *files[3];
++ char *files[3] = {0};
+
+- struct ssh_tokens_st *tokens;
++ struct ssh_tokens_st *tokens = NULL;
+
+ int ret = SSH_SERVER_NOT_KNOWN;
+
+@@ -443,12 +443,13 @@ int ssh_is_server_known(ssh_session session)
+ * @deprecated Please use ssh_session_export_known_hosts_entry()
+ * @brief This function is deprecated.
+ */
+-char * ssh_dump_knownhost(ssh_session session) {
++char *ssh_dump_knownhost(ssh_session session)
++{
+ ssh_key server_pubkey = NULL;
+- char *host;
+- char *hostport;
+- char *buffer;
+- char *b64_key;
++ char *host = NULL;
++ char *hostport = NULL;
++ char *buffer = NULL;
++ char *b64_key = NULL;
+ int rc;
+
+ if (session->opts.host == NULL) {
+@@ -513,9 +514,9 @@ char * ssh_dump_knownhost(ssh_session session) {
+ */
+ int ssh_write_knownhost(ssh_session session)
+ {
+- FILE *file;
++ FILE *file = NULL;
+ char *buffer = NULL;
+- char *dir;
++ char *dir = NULL;
+ int rc;
+
+ if (session->opts.knownhosts == NULL) {
+diff --git a/src/knownhosts.c b/src/knownhosts.c
+index 9f978096..109b4f06 100644
+--- a/src/knownhosts.c
++++ b/src/knownhosts.c
+@@ -61,7 +61,7 @@ static int hash_hostname(const char *name,
+ size_t *hash_size)
+ {
+ int rc;
+- HMACCTX mac_ctx;
++ HMACCTX mac_ctx = NULL;
+
+ mac_ctx = hmac_init(salt, salt_size, SSH_HMAC_SHA1);
+ if (mac_ctx == NULL) {
+@@ -81,8 +81,8 @@ static int hash_hostname(const char *name,
+
+ static int match_hashed_hostname(const char *host, const char *hashed_host)
+ {
+- char *hashed;
+- char *b64_hash;
++ char *hashed = NULL;
++ char *b64_hash = NULL;
+ ssh_buffer salt = NULL;
+ ssh_buffer hash = NULL;
+ unsigned char hashed_buf[256] = {0};
+@@ -229,7 +229,7 @@ static int ssh_known_hosts_read_entries(const char *match,
+ char line[MAX_LINE_SIZE];
+ size_t lineno = 0;
+ size_t len = 0;
+- FILE *fp;
++ FILE *fp = NULL;
+ int rc;
+
+ fp = fopen(filename, "r");
+@@ -288,7 +288,7 @@ static int ssh_known_hosts_read_entries(const char *match,
+ for (it = ssh_list_get_iterator(*entries);
+ it != NULL;
+ it = it->next) {
+- struct ssh_knownhosts_entry *entry2;
++ struct ssh_knownhosts_entry *entry2 = NULL;
+ int cmp;
+ entry2 = ssh_iterator_value(struct ssh_knownhosts_entry *, it);
+ cmp = ssh_known_hosts_entries_compare(entry, entry2);
+@@ -312,8 +312,8 @@ error:
+
+ static char *ssh_session_get_host_port(ssh_session session)
+ {
+- char *host_port;
+- char *host;
++ char *host_port = NULL;
++ char *host = NULL;
+
+ if (session->opts.host == NULL) {
+ ssh_set_error(session,
+@@ -537,7 +537,7 @@ char *ssh_known_hosts_get_algorithms_names(ssh_session session)
+ char *host_port = NULL;
+ size_t count;
+ bool needcomma = false;
+- char *names;
++ char *names = NULL;
+
+ int rc;
+
+@@ -645,7 +645,7 @@ int ssh_known_hosts_parse_line(const char *hostname,
+ {
+ struct ssh_knownhosts_entry *e = NULL;
+ char *known_host = NULL;
+- char *p;
++ char *p = NULL;
+ char *save_tok = NULL;
+ enum ssh_keytypes_e key_type;
+ int match = 0;
+diff --git a/src/legacy.c b/src/legacy.c
+index 7b165dbe..7359040c 100644
+--- a/src/legacy.c
++++ b/src/legacy.c
+@@ -48,7 +48,7 @@ int ssh_auth_list(ssh_session session) {
+ int ssh_userauth_offer_pubkey(ssh_session session, const char *username,
+ int type, ssh_string publickey)
+ {
+- ssh_key key;
++ ssh_key key = NULL;
+ int rc;
+
+ (void) type; /* unused */
+@@ -70,7 +70,7 @@ int ssh_userauth_pubkey(ssh_session session,
+ ssh_string publickey,
+ ssh_private_key privatekey)
+ {
+- ssh_key key;
++ ssh_key key = NULL;
+ int rc;
+
+ (void) publickey; /* unused */
+@@ -389,10 +389,11 @@ void publickey_free(ssh_public_key key) {
+ SAFE_FREE(key);
+ }
+
+-ssh_public_key publickey_from_privatekey(ssh_private_key prv) {
+- struct ssh_public_key_struct *p;
+- ssh_key privkey;
+- ssh_key pubkey;
++ssh_public_key publickey_from_privatekey(ssh_private_key prv)
++{
++ struct ssh_public_key_struct *p = NULL;
++ ssh_key privkey = NULL;
++ ssh_key pubkey = NULL;
+ int rc;
+
+ privkey = ssh_key_new();
+@@ -434,8 +435,8 @@ ssh_private_key privatekey_from_file(ssh_session session,
+ const char *passphrase) {
+ ssh_auth_callback auth_fn = NULL;
+ void *auth_data = NULL;
+- ssh_private_key privkey;
+- ssh_key key;
++ ssh_private_key privkey = NULL;
++ ssh_key key = NULL;
+ int rc;
+
+ (void) type; /* unused */
+@@ -510,7 +511,7 @@ void privatekey_free(ssh_private_key prv) {
+
+ ssh_string publickey_from_file(ssh_session session, const char *filename,
+ int *type) {
+- ssh_key key;
++ ssh_key key = NULL;
+ ssh_string key_str = NULL;
+ int rc;
+
+@@ -543,9 +544,10 @@ int ssh_type_from_name(const char *name) {
+ return ssh_key_type_from_name(name);
+ }
+
+-ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s) {
+- struct ssh_public_key_struct *pubkey;
+- ssh_key key;
++ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s)
++{
++ struct ssh_public_key_struct *pubkey = NULL;
++ ssh_key key = NULL;
+ int rc;
+
+ (void) session; /* unused */
+@@ -579,9 +581,10 @@ ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s) {
+ return pubkey;
+ }
+
+-ssh_string publickey_to_string(ssh_public_key pubkey) {
+- ssh_key key;
+- ssh_string key_blob;
++ssh_string publickey_to_string(ssh_public_key pubkey)
++{
++ ssh_key key = NULL;
++ ssh_string key_blob = NULL;
+ int rc;
+
+ if (pubkey == NULL) {
+@@ -624,11 +627,11 @@ int ssh_publickey_to_file(ssh_session session,
+ ssh_string pubkey,
+ int type)
+ {
+- FILE *fp;
+- char *user;
++ FILE *fp = NULL;
++ char *user = NULL;
+ char buffer[1024];
+ char host[256];
+- unsigned char *pubkey_64;
++ unsigned char *pubkey_64 = NULL;
+ size_t len;
+ int rc;
+ if(session==NULL)
+@@ -695,9 +698,9 @@ int ssh_try_publickey_from_file(ssh_session session,
+ const char *keyfile,
+ ssh_string *publickey,
+ int *type) {
+- char *pubkey_file;
++ char *pubkey_file = NULL;
+ size_t len;
+- ssh_string pubkey_string;
++ ssh_string pubkey_string = NULL;
+ int pubkey_type;
+
+ if (session == NULL || keyfile == NULL || publickey == NULL || type == NULL) {
+diff --git a/src/libmbedcrypto.c b/src/libmbedcrypto.c
+index caa3b6e9..422d5ae2 100644
+--- a/src/libmbedcrypto.c
++++ b/src/libmbedcrypto.c
+@@ -133,7 +133,7 @@ cipher_init(struct ssh_cipher_struct *cipher,
+ void *IV)
+ {
+ const mbedtls_cipher_info_t *cipher_info = NULL;
+- mbedtls_cipher_context_t *ctx;
++ mbedtls_cipher_context_t *ctx = NULL;
+ size_t key_bitlen = 0;
+ size_t iv_size = 0;
+ int rc;
+diff --git a/src/log.c b/src/log.c
+index 5bae18b8..fabbe945 100644
+--- a/src/log.c
++++ b/src/log.c
+@@ -44,7 +44,7 @@
+
+ static LIBSSH_THREAD int ssh_log_level;
+ static LIBSSH_THREAD ssh_logging_callback ssh_log_cb;
+-static LIBSSH_THREAD void *ssh_log_userdata;
++static LIBSSH_THREAD void *ssh_log_userdata = NULL;
+
+ /**
+ * @defgroup libssh_log The SSH logging functions
+diff --git a/src/messages.c b/src/messages.c
+index 3f969536..6dadabf0 100644
+--- a/src/messages.c
++++ b/src/messages.c
+@@ -479,7 +479,7 @@ static void ssh_message_queue(ssh_session session, ssh_message message)
+ */
+ ssh_message ssh_message_pop_head(ssh_session session){
+ ssh_message msg=NULL;
+- struct ssh_iterator *i;
++ struct ssh_iterator *i = NULL;
+ if(session->ssh_message_list == NULL)
+ return NULL;
+ i=ssh_list_get_iterator(session->ssh_message_list);
+@@ -493,7 +493,7 @@ ssh_message ssh_message_pop_head(ssh_session session){
+ /* Returns 1 if there is a message available */
+ static int ssh_message_termination(void *s){
+ ssh_session session = s;
+- struct ssh_iterator *it;
++ struct ssh_iterator *it = NULL;
+ if(session->session_state == SSH_SESSION_STATE_ERROR)
+ return 1;
+ it = ssh_list_get_iterator(session->ssh_message_list);
+@@ -694,7 +694,7 @@ static ssh_buffer ssh_msg_userauth_build_digest(ssh_session session,
+ ssh_string algo)
+ {
+ struct ssh_crypto_struct *crypto = NULL;
+- ssh_buffer buffer;
++ ssh_buffer buffer = NULL;
+ ssh_string str=NULL;
+ int rc;
+
+@@ -933,9 +933,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
+ #ifdef WITH_GSSAPI
+ if (strcmp(method, "gssapi-with-mic") == 0) {
+ uint32_t n_oid;
+- ssh_string *oids;
+- ssh_string oid;
+- char *hexa;
++ ssh_string *oids = NULL;
++ ssh_string oid = NULL;
++ char *hexa = NULL;
+ int i;
+ ssh_buffer_get_u32(packet, &n_oid);
+ n_oid=ntohl(n_oid);
+@@ -1019,7 +1019,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
+ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
+ uint32_t nanswers;
+ uint32_t i;
+- ssh_string tmp;
++ ssh_string tmp = NULL;
+ int rc;
+
+ ssh_message msg = NULL;
+@@ -1251,7 +1251,7 @@ end:
+ * @returns SSH_OK on success, SSH_ERROR if an error occurred.
+ */
+ int ssh_message_channel_request_open_reply_accept_channel(ssh_message msg, ssh_channel chan) {
+- ssh_session session;
++ ssh_session session = NULL;
+ int rc;
+
+ if (msg == NULL) {
+@@ -1302,7 +1302,7 @@ int ssh_message_channel_request_open_reply_accept_channel(ssh_message msg, ssh_c
+ * @returns NULL in case of error
+ */
+ ssh_channel ssh_message_channel_request_open_reply_accept(ssh_message msg) {
+- ssh_channel chan;
++ ssh_channel chan = NULL;
+ int rc;
+
+ if (msg == NULL) {
+diff --git a/src/misc.c b/src/misc.c
+index 7081f12a..f371f332 100644
+--- a/src/misc.c
++++ b/src/misc.c
+@@ -393,7 +393,7 @@ int ssh_is_ipaddr(const char *str)
+
+ char *ssh_lowercase(const char* str)
+ {
+- char *new, *p;
++ char *new = NULL, *p = NULL;
+
+ if (str == NULL) {
+ return NULL;
+@@ -447,7 +447,7 @@ char *ssh_hostport(const char *host, int port)
+ char *ssh_get_hexa(const unsigned char *what, size_t len)
+ {
+ const char h[] = "0123456789abcdef";
+- char *hexa;
++ char *hexa = NULL;
+ size_t i;
+ size_t hlen = len * 3;
+
+@@ -716,7 +716,7 @@ struct ssh_list *ssh_list_new(void)
+
+ void ssh_list_free(struct ssh_list *list)
+ {
+- struct ssh_iterator *ptr, *next;
++ struct ssh_iterator *ptr = NULL, *next = NULL;
+ if (!list)
+ return;
+ ptr = list->root;
+@@ -737,7 +737,7 @@ struct ssh_iterator *ssh_list_get_iterator(const struct ssh_list *list)
+
+ struct ssh_iterator *ssh_list_find(const struct ssh_list *list, void *value)
+ {
+- struct ssh_iterator *it;
++ struct ssh_iterator *it = NULL;
+
+ for (it = ssh_list_get_iterator(list); it != NULL ; it = it->next)
+ if (it->data == value)
+@@ -826,7 +826,7 @@ int ssh_list_prepend(struct ssh_list *list, const void *data)
+
+ void ssh_list_remove(struct ssh_list *list, struct ssh_iterator *iterator)
+ {
+- struct ssh_iterator *ptr, *prev;
++ struct ssh_iterator *ptr = NULL, *prev = NULL;
+
+ if (list == NULL) {
+ return;
+@@ -967,7 +967,7 @@ char *ssh_dirname (const char *path)
+ char *ssh_basename (const char *path)
+ {
+ char *new = NULL;
+- const char *s;
++ const char *s = NULL;
+ size_t len;
+
+ if (path == NULL || *path == '\0') {
+@@ -1105,8 +1105,8 @@ int ssh_mkdirs(const char *pathname, mode_t mode)
+ */
+ char *ssh_path_expand_tilde(const char *d)
+ {
+- char *h = NULL, *r;
+- const char *p;
++ char *h = NULL, *r = NULL;
++ const char *p = NULL;
+ size_t ld;
+ size_t lh = 0;
+
+@@ -1121,7 +1121,7 @@ char *ssh_path_expand_tilde(const char *d)
+ #ifdef _WIN32
+ return strdup(d);
+ #else
+- struct passwd *pw;
++ struct passwd *pw = NULL;
+ size_t s = p - d;
+ char u[128];
+
+@@ -1182,7 +1182,7 @@ char *ssh_path_expand_escape(ssh_session session, const char *s)
+ char *buf = NULL;
+ char *r = NULL;
+ char *x = NULL;
+- const char *p;
++ const char *p = NULL;
+ size_t i, l;
+
+ r = ssh_path_expand_tilde(s);
+@@ -1335,8 +1335,8 @@ char *ssh_path_expand_escape(ssh_session session, const char *s)
+ */
+ int ssh_analyze_banner(ssh_session session, int server)
+ {
+- const char *banner;
+- const char *openssh;
++ const char *banner = NULL;
++ const char *openssh = NULL;
+
+ if (server) {
+ banner = session->clientbanner;
+diff --git a/src/options.c b/src/options.c
+index 38511455..b641b34f 100644
+--- a/src/options.c
++++ b/src/options.c
+@@ -67,7 +67,7 @@
+ */
+ int ssh_options_copy(ssh_session src, ssh_session *dest)
+ {
+- ssh_session new;
++ ssh_session new = NULL;
+ struct ssh_iterator *it = NULL;
+ struct ssh_list *list = NULL;
+ char *id = NULL;
+@@ -499,8 +499,8 @@ int ssh_options_set_algo(ssh_session session,
+ int ssh_options_set(ssh_session session, enum ssh_options_e type,
+ const void *value)
+ {
+- const char *v;
+- char *p, *q;
++ const char *v = NULL;
++ char *p = NULL, *q = NULL;
+ long int i;
+ unsigned int u;
+ int rc;
+@@ -1170,7 +1170,7 @@ int ssh_options_get_port(ssh_session session, unsigned int* port_target) {
+ */
+ int ssh_options_get(ssh_session session, enum ssh_options_e type, char** value)
+ {
+- char* src = NULL;
++ char *src = NULL;
+
+ if (session == NULL) {
+ return SSH_ERROR;
+@@ -1192,7 +1192,7 @@ int ssh_options_get(ssh_session session, enum ssh_options_e type, char** value)
+ break;
+ }
+ case SSH_OPTIONS_IDENTITY: {
+- struct ssh_iterator *it;
++ struct ssh_iterator *it = NULL;
+ it = ssh_list_get_iterator(session->opts.identity);
+ if (it == NULL) {
+ it = ssh_list_get_iterator(session->opts.identity_non_exp);
+@@ -1445,7 +1445,7 @@ int ssh_options_getopt(ssh_session session, int *argcptr, char **argv)
+ */
+ int ssh_options_parse_config(ssh_session session, const char *filename)
+ {
+- char *expanded_filename;
++ char *expanded_filename = NULL;
+ int r;
+
+ if (session == NULL) {
+@@ -1491,7 +1491,7 @@ out:
+
+ int ssh_options_apply(ssh_session session)
+ {
+- char *tmp;
++ char *tmp = NULL;
+ int rc;
+
+ if (session->opts.sshdir == NULL) {
+@@ -2204,7 +2204,7 @@ static char *ssh_bind_options_expand_escape(ssh_bind sshbind, const char *s)
+ char *buf = NULL;
+ char *r = NULL;
+ char *x = NULL;
+- const char *p;
++ const char *p = NULL;
+ size_t i, l;
+
+ r = ssh_path_expand_tilde(s);
+@@ -2310,7 +2310,7 @@ static char *ssh_bind_options_expand_escape(ssh_bind sshbind, const char *s)
+ int ssh_bind_options_parse_config(ssh_bind sshbind, const char *filename)
+ {
+ int rc = 0;
+- char *expanded_filename;
++ char *expanded_filename = NULL;
+
+ if (sshbind == NULL) {
+ return -1;
+diff --git a/src/packet.c b/src/packet.c
+index ea73f9ad..4b4d0dc3 100644
+--- a/src/packet.c
++++ b/src/packet.c
+@@ -1430,8 +1430,8 @@ error:
+ static void ssh_packet_socket_controlflow_callback(int code, void *userdata)
+ {
+ ssh_session session = userdata;
+- struct ssh_iterator *it;
+- ssh_channel channel;
++ struct ssh_iterator *it = NULL;
++ ssh_channel channel = NULL;
+
+ if (code == SSH_SOCKET_FLOW_WRITEWONTBLOCK) {
+ SSH_LOG(SSH_LOG_TRACE, "sending channel_write_wontblock callback");
+@@ -1894,7 +1894,7 @@ int ssh_packet_send(ssh_session session)
+
+ /* We finished the key exchange so we can try to send our queue now */
+ if (rc == SSH_OK && type == SSH2_MSG_NEWKEYS) {
+- struct ssh_iterator *it;
++ struct ssh_iterator *it = NULL;
+
+ if (session->flags & SSH_SESSION_FLAG_KEX_STRICT) {
+ /* reset packet sequence number when running in strict kex mode */
+diff --git a/src/packet_crypt.c b/src/packet_crypt.c
+index fe3f489e..96e9586c 100644
+--- a/src/packet_crypt.c
++++ b/src/packet_crypt.c
+@@ -262,7 +262,7 @@ int ssh_packet_hmac_verify(ssh_session session,
+ {
+ struct ssh_crypto_struct *crypto = NULL;
+ unsigned char hmacbuf[DIGEST_MAX_LEN] = {0};
+- HMACCTX ctx;
++ HMACCTX ctx = NULL;
+ size_t hmaclen = DIGEST_MAX_LEN;
+ uint32_t seq;
+ int cmp;
+diff --git a/src/pki.c b/src/pki.c
+index a7c84c5e..cf4176fb 100644
+--- a/src/pki.c
++++ b/src/pki.c
+@@ -369,7 +369,7 @@ enum ssh_digest_e ssh_key_hash_from_name(const char *name)
+ */
+ int ssh_key_algorithm_allowed(ssh_session session, const char *type)
+ {
+- const char *allowed_list;
++ const char *allowed_list = NULL;
+
+ if (session->client) {
+ allowed_list = session->opts.pubkey_accepted_types;
+@@ -729,7 +729,7 @@ int ssh_key_cmp(const ssh_key k1,
+
+ ssh_signature ssh_signature_new(void)
+ {
+- struct ssh_signature_struct *sig;
++ struct ssh_signature_struct *sig = NULL;
+
+ sig = malloc(sizeof(struct ssh_signature_struct));
+ if (sig == NULL) {
+@@ -821,7 +821,7 @@ int ssh_pki_import_privkey_base64(const char *b64_key,
+ void *auth_data,
+ ssh_key *pkey)
+ {
+- ssh_key key;
++ ssh_key key = NULL;
+ char *openssh_header = NULL;
+
+ if (b64_key == NULL || pkey == NULL) {
+@@ -944,8 +944,8 @@ int ssh_pki_import_privkey_file(const char *filename,
+ void *auth_data,
+ ssh_key *pkey) {
+ struct stat sb;
+- char *key_buf;
+- FILE *file;
++ char *key_buf = NULL;
++ FILE *file = NULL;
+ off_t size;
+ int rc;
+ char err_msg[SSH_ERRNO_MSG_MAX] = {0};
+@@ -1046,7 +1046,7 @@ int ssh_pki_export_privkey_file(const ssh_key privkey,
+ void *auth_data,
+ const char *filename)
+ {
+- ssh_string blob;
++ ssh_string blob = NULL;
+ FILE *fp;
+ int rc;
+
+@@ -1093,8 +1093,8 @@ int ssh_pki_export_privkey_file(const ssh_key privkey,
+ /* temporary function to migrate seamlessly to ssh_key */
+ ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key)
+ {
+- ssh_public_key pub;
+- ssh_key tmp;
++ ssh_public_key pub = NULL;
++ ssh_key tmp = NULL;
+
+ if (key == NULL) {
+ return NULL;
+@@ -1131,7 +1131,7 @@ ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key)
+
+ ssh_private_key ssh_pki_convert_key_to_privatekey(const ssh_key key)
+ {
+- ssh_private_key privkey;
++ ssh_private_key privkey = NULL;
+
+ privkey = calloc(1, sizeof(struct ssh_private_key_struct));
+ if (privkey == NULL) {
+@@ -1521,9 +1521,9 @@ static int pki_import_cert_buffer(ssh_buffer buffer,
+ enum ssh_keytypes_e type,
+ ssh_key *pkey)
+ {
+- ssh_buffer cert;
+- ssh_string tmp_s;
+- const char *type_c;
++ ssh_buffer cert = NULL;
++ ssh_string tmp_s = NULL;
++ const char *type_c = NULL;
+ ssh_key key = NULL;
+ int rc;
+
+@@ -2067,7 +2067,7 @@ error:
+ int ssh_pki_export_privkey_to_pubkey(const ssh_key privkey,
+ ssh_key *pkey)
+ {
+- ssh_key pubkey;
++ ssh_key pubkey = NULL;
+
+ if (privkey == NULL || !ssh_key_is_private(privkey)) {
+ return SSH_ERROR;
+@@ -2105,7 +2105,7 @@ int ssh_pki_export_privkey_to_pubkey(const ssh_key privkey,
+ int ssh_pki_export_pubkey_blob(const ssh_key key,
+ ssh_string *pblob)
+ {
+- ssh_string blob;
++ ssh_string blob = NULL;
+
+ if (key == NULL) {
+ return SSH_OK;
+@@ -2135,8 +2135,8 @@ int ssh_pki_export_pubkey_blob(const ssh_key key,
+ int ssh_pki_export_pubkey_base64(const ssh_key key,
+ char **b64_key)
+ {
+- ssh_string key_blob;
+- unsigned char *b64;
++ ssh_string key_blob = NULL;
++ unsigned char *b64 = NULL;
+
+ if (key == NULL || b64_key == NULL) {
+ return SSH_ERROR;
+@@ -2175,9 +2175,9 @@ int ssh_pki_export_pubkey_file(const ssh_key key,
+ {
+ char key_buf[MAX_LINE_SIZE];
+ char host[256];
+- char *b64_key;
+- char *user;
+- FILE *fp;
++ char *b64_key = NULL;
++ char *user = NULL;
++ FILE *fp = NULL;
+ int rc;
+
+ if (key == NULL || filename == NULL || *filename == '\0') {
+@@ -2238,7 +2238,7 @@ int ssh_pki_export_pubkey_file(const ssh_key key,
+ * @returns SSH_OK on success, SSH_ERROR otherwise.
+ **/
+ int ssh_pki_copy_cert_to_privkey(const ssh_key certkey, ssh_key privkey) {
+- ssh_buffer cert_buffer;
++ ssh_buffer cert_buffer = NULL;
+ int rc;
+
+ if (certkey == NULL || privkey == NULL) {
+@@ -2273,7 +2273,7 @@ int ssh_pki_export_signature_blob(const ssh_signature sig,
+ ssh_string *sig_blob)
+ {
+ ssh_buffer buf = NULL;
+- ssh_string str;
++ ssh_string str = NULL;
+ int rc;
+
+ if (sig == NULL || sig_blob == NULL) {
+@@ -2337,7 +2337,7 @@ int ssh_pki_import_signature_blob(const ssh_string sig_blob,
+ enum ssh_keytypes_e type;
+ enum ssh_digest_e hash_type;
+ ssh_string algorithm = NULL, blob = NULL;
+- ssh_buffer buf;
++ ssh_buffer buf = NULL;
+ const char *alg = NULL;
+ uint8_t flags = 0;
+ uint32_t counter = 0;
+@@ -2697,9 +2697,9 @@ ssh_string ssh_pki_do_sign_agent(ssh_session session,
+ const ssh_key pubkey)
+ {
+ struct ssh_crypto_struct *crypto = NULL;
+- ssh_string session_id;
+- ssh_string sig_blob;
+- ssh_buffer sig_buf;
++ ssh_string session_id = NULL;
++ ssh_string sig_blob = NULL;
++ ssh_buffer sig_buf = NULL;
+ int rc;
+
+ crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_BOTH);
+diff --git a/src/pki_container_openssh.c b/src/pki_container_openssh.c
+index 4314c5b7..f2776c2c 100644
+--- a/src/pki_container_openssh.c
++++ b/src/pki_container_openssh.c
+@@ -234,12 +234,12 @@ ssh_pki_openssh_import(const char *text_key,
+ bool private)
+ {
+ const char *ptr = text_key;
+- const char *end;
+- char *base64;
++ const char *end = NULL;
++ char *base64 = NULL;
+ int cmp;
+ int rc;
+ int i;
+- ssh_buffer buffer = NULL, privkey_buffer=NULL;
++ ssh_buffer buffer = NULL, privkey_buffer = NULL;
+ char *magic = NULL, *ciphername = NULL, *kdfname = NULL;
+ uint32_t nkeys = 0, checkint1 = 0, checkint2 = 0xFFFF;
+ ssh_string kdfoptions = NULL;
+@@ -538,14 +538,14 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
+ {
+ ssh_buffer buffer;
+ ssh_string str = NULL;
+- ssh_string pubkey_s=NULL;
++ ssh_string pubkey_s = NULL;
+ ssh_buffer privkey_buffer = NULL;
+ uint32_t rnd;
+ uint32_t rounds = 16;
+- ssh_string salt=NULL;
+- ssh_string kdf_options=NULL;
++ ssh_string salt = NULL;
++ ssh_string kdf_options = NULL;
+ int to_encrypt=0;
+- unsigned char *b64;
++ unsigned char *b64 = NULL;
+ uint32_t str_len, len;
+ uint8_t padding = 1;
+ int ok;
+diff --git a/src/pki_crypto.c b/src/pki_crypto.c
+index aec49544..0fc69121 100644
+--- a/src/pki_crypto.c
++++ b/src/pki_crypto.c
+@@ -382,7 +382,7 @@ int pki_pubkey_build_ecdsa(ssh_key key, int nid, ssh_string e)
+ #else
+ int rc;
+ const char *group_name = OSSL_EC_curve_nid2name(nid);
+- OSSL_PARAM_BLD *param_bld;
++ OSSL_PARAM_BLD *param_bld = NULL;
+ #endif /* OPENSSL_VERSION_NUMBER */
+
+ key->ecdsa_nid = nid;
+@@ -2299,7 +2299,7 @@ static ssh_string pki_ecdsa_signature_to_blob(const ssh_signature sig)
+ const unsigned char *raw_sig_data = NULL;
+ size_t raw_sig_len;
+
+- ECDSA_SIG *ecdsa_sig;
++ ECDSA_SIG *ecdsa_sig = NULL;
+
+ int rc;
+
+@@ -2616,8 +2616,8 @@ static int pki_signature_from_ecdsa_blob(UNUSED_PARAM(const ssh_key pubkey),
+ ECDSA_SIG *ecdsa_sig = NULL;
+ BIGNUM *pr = NULL, *ps = NULL;
+
+- ssh_string r;
+- ssh_string s;
++ ssh_string r = NULL;
++ ssh_string s = NULL;
+
+ ssh_buffer buf = NULL;
+ uint32_t rlen;
+diff --git a/src/pki_ed25519.c b/src/pki_ed25519.c
+index 6a5a4a8a..0674fb63 100644
+--- a/src/pki_ed25519.c
++++ b/src/pki_ed25519.c
+@@ -62,7 +62,7 @@ int pki_ed25519_sign(const ssh_key privkey,
+ size_t hlen)
+ {
+ int rc;
+- uint8_t *buffer;
++ uint8_t *buffer = NULL;
+ uint64_t dlen = 0;
+
+ buffer = malloc(hlen + ED25519_SIG_LEN);
+@@ -104,8 +104,8 @@ int pki_ed25519_verify(const ssh_key pubkey,
+ size_t hlen)
+ {
+ uint64_t mlen = 0;
+- uint8_t *buffer;
+- uint8_t *buffer2;
++ uint8_t *buffer = NULL;
++ uint8_t *buffer2 = NULL;
+ int rc;
+
+ if (pubkey == NULL || sig == NULL ||
+diff --git a/src/pki_ed25519_common.c b/src/pki_ed25519_common.c
+index bdc6f6bb..59a3b03c 100644
+--- a/src/pki_ed25519_common.c
++++ b/src/pki_ed25519_common.c
+@@ -213,7 +213,7 @@ int pki_ed25519_public_key_to_blob(ssh_buffer buffer, ssh_key key)
+ */
+ ssh_string pki_ed25519_signature_to_blob(ssh_signature sig)
+ {
+- ssh_string sig_blob;
++ ssh_string sig_blob = NULL;
+ int rc;
+
+ #ifdef HAVE_OPENSSL_ED25519
+diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c
+index 418a46b3..cb4de325 100644
+--- a/src/pki_gcrypt.c
++++ b/src/pki_gcrypt.c
+@@ -152,7 +152,7 @@ static ssh_string asn1_get_int(ssh_buffer buffer) {
+
+ static ssh_string asn1_get_bit_string(ssh_buffer buffer)
+ {
+- ssh_string str;
++ ssh_string str = NULL;
+ unsigned char type;
+ uint32_t size;
+ unsigned char unused, last, *p;
+@@ -1882,9 +1882,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
+ case SSH_KEYTYPE_ECDSA_P521:
+ #ifdef HAVE_GCRYPT_ECC
+ {
+- ssh_string R;
+- ssh_string S;
+- ssh_buffer b;
++ ssh_string R = NULL;
++ ssh_string S = NULL;
++ ssh_buffer b = NULL;
+
+ b = ssh_buffer_new();
+ if (b == NULL) {
+@@ -2054,8 +2054,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
+ case SSH_KEYTYPE_SK_ECDSA:
+ #ifdef HAVE_GCRYPT_ECC
+ { /* build ecdsa siganature */
+- ssh_buffer b;
+- ssh_string r, s;
++ ssh_buffer b = NULL;
++ ssh_string r = NULL, s = NULL;
+ uint32_t rlen;
+
+ b = ssh_buffer_new();
+diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c
+index cb9d3228..01813702 100644
+--- a/src/pki_mbedcrypto.c
++++ b/src/pki_mbedcrypto.c
+@@ -1078,9 +1078,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
+ case SSH_KEYTYPE_ECDSA_P256:
+ case SSH_KEYTYPE_ECDSA_P384:
+ case SSH_KEYTYPE_ECDSA_P521: {
+- ssh_string r;
+- ssh_string s;
+- ssh_buffer b;
++ ssh_string r = NULL;
++ ssh_string s = NULL;
++ ssh_buffer b = NULL;
+ int rc;
+
+ b = ssh_buffer_new();
+@@ -1234,9 +1234,9 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
+ case SSH_KEYTYPE_ECDSA_P384:
+ case SSH_KEYTYPE_ECDSA_P521:
+ case SSH_KEYTYPE_SK_ECDSA: {
+- ssh_buffer b;
+- ssh_string r;
+- ssh_string s;
++ ssh_buffer b = NULL;
++ ssh_string r = NULL;
++ ssh_string s = NULL;
+ size_t rlen;
+
+ b = ssh_buffer_new();
+diff --git a/src/poll.c b/src/poll.c
+index 8f81c11c..d0f9726d 100644
+--- a/src/poll.c
++++ b/src/poll.c
+@@ -560,8 +560,8 @@ void ssh_poll_ctx_free(ssh_poll_ctx ctx)
+
+ static int ssh_poll_ctx_resize(ssh_poll_ctx ctx, size_t new_size)
+ {
+- ssh_poll_handle *pollptrs;
+- ssh_pollfd_t *pollfds;
++ ssh_poll_handle *pollptrs = NULL;
++ ssh_pollfd_t *pollfds = NULL;
+
+ pollptrs = realloc(ctx->pollptrs, sizeof(ssh_poll_handle) * new_size);
+ if (pollptrs == NULL) {
+@@ -862,7 +862,7 @@ ssh_event_add_fd(ssh_event event, socket_t fd, short events,
+ ssh_event_callback cb, void *userdata)
+ {
+ ssh_poll_handle p;
+- struct ssh_event_fd_wrapper *pw;
++ struct ssh_event_fd_wrapper *pw = NULL;
+
+ if(event == NULL || event->ctx == NULL || cb == NULL
+ || fd == SSH_INVALID_SOCKET) {
+@@ -932,7 +932,7 @@ int ssh_event_add_session(ssh_event event, ssh_session session)
+ {
+ ssh_poll_handle p;
+ #ifdef WITH_SERVER
+- struct ssh_iterator *iterator;
++ struct ssh_iterator *iterator = NULL;
+ #endif
+
+ if(event == NULL || event->ctx == NULL || session == NULL) {
+@@ -1079,7 +1079,7 @@ int ssh_event_remove_session(ssh_event event, ssh_session session)
+ register size_t i, used;
+ int rc = SSH_ERROR;
+ #ifdef WITH_SERVER
+- struct ssh_iterator *iterator;
++ struct ssh_iterator *iterator = NULL;
+ #endif
+
+ if (event == NULL || event->ctx == NULL || session == NULL) {
+diff --git a/src/server.c b/src/server.c
+index 70b90899..89f8d8b0 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -85,8 +85,8 @@ int server_set_kex(ssh_session session)
+ {
+ struct ssh_kex_struct *server = &session->next_crypto->server_kex;
+ int i, j, rc;
+- const char *wanted, *allowed;
+- char *kept;
++ const char *wanted = NULL, *allowed = NULL;
++ char *kept = NULL;
+ char hostkeys[128] = {0};
+ enum ssh_keytypes_e keytype;
+ size_t len;
+@@ -219,9 +219,10 @@ int ssh_server_init_kex(ssh_session session) {
+ return server_set_kex(session);
+ }
+
+-static int ssh_server_send_extensions(ssh_session session) {
++static int ssh_server_send_extensions(ssh_session session)
++{
+ int rc;
+- const char *hostkey_algorithms;
++ const char *hostkey_algorithms = NULL;
+
+ SSH_LOG(SSH_LOG_PACKET, "Sending SSH_MSG_EXT_INFO");
+
+@@ -286,8 +287,8 @@ ssh_get_key_params(ssh_session session,
+ ssh_key *privkey,
+ enum ssh_digest_e *digest)
+ {
+- ssh_key pubkey;
+- ssh_string pubkey_blob;
++ ssh_key pubkey = NULL;
++ ssh_string pubkey_blob = NULL;
+ int rc;
+
+ switch(session->srv.hostkey) {
+@@ -723,8 +724,9 @@ static int ssh_message_service_request_reply_default(ssh_message msg) {
+ *
+ * @returns SSH_OK when success otherwise SSH_ERROR
+ */
+-int ssh_message_service_reply_success(ssh_message msg) {
+- ssh_session session;
++int ssh_message_service_reply_success(ssh_message msg)
++{
++ ssh_session session = NULL;
+ int rc;
+
+ if (msg == NULL) {
+@@ -1132,8 +1134,9 @@ int ssh_message_auth_reply_pk_ok(ssh_message msg, ssh_string algo, ssh_string pu
+ *
+ * @returns SSH_OK on success, otherwise SSH_ERROR
+ */
+-int ssh_message_auth_reply_pk_ok_simple(ssh_message msg) {
+- ssh_string algo;
++int ssh_message_auth_reply_pk_ok_simple(ssh_message msg)
++{
++ ssh_string algo = NULL;
+ ssh_string pubkey_blob = NULL;
+ int ret;
+
+diff --git a/src/session.c b/src/session.c
+index 8c509699..0e0f622b 100644
+--- a/src/session.c
++++ b/src/session.c
+@@ -58,7 +58,7 @@
+ */
+ ssh_session ssh_new(void)
+ {
+- ssh_session session;
++ ssh_session session = NULL;
+ char *id = NULL;
+ int rc;
+
+@@ -280,7 +280,7 @@ void ssh_free(ssh_session session)
+
+ /* options */
+ if (session->opts.identity) {
+- char *id;
++ char *id = NULL;
+
+ for (id = ssh_list_pop_head(char *, session->opts.identity);
+ id != NULL;
+@@ -291,7 +291,7 @@ void ssh_free(ssh_session session)
+ }
+
+ if (session->opts.identity_non_exp) {
+- char *id;
++ char *id = NULL;
+
+ for (id = ssh_list_pop_head(char *, session->opts.identity_non_exp);
+ id != NULL;
+@@ -1157,7 +1157,7 @@ int ssh_get_publickey_hash(const ssh_key key,
+ unsigned char **hash,
+ size_t *hlen)
+ {
+- ssh_string blob;
++ ssh_string blob = NULL;
+ unsigned char *h = NULL;
+ int rc;
+
+@@ -1169,7 +1169,7 @@ int ssh_get_publickey_hash(const ssh_key key,
+ switch (type) {
+ case SSH_PUBLICKEY_HASH_SHA1:
+ {
+- SHACTX ctx;
++ SHACTX ctx = NULL;
+
+ h = calloc(1, SHA_DIGEST_LEN);
+ if (h == NULL) {
+@@ -1201,7 +1201,7 @@ int ssh_get_publickey_hash(const ssh_key key,
+ break;
+ case SSH_PUBLICKEY_HASH_SHA256:
+ {
+- SHA256CTX ctx;
++ SHA256CTX ctx = NULL;
+
+ h = calloc(1, SHA256_DIGEST_LEN);
+ if (h == NULL) {
+@@ -1233,7 +1233,7 @@ int ssh_get_publickey_hash(const ssh_key key,
+ break;
+ case SSH_PUBLICKEY_HASH_MD5:
+ {
+- MD5CTX ctx;
++ MD5CTX ctx = NULL;
+
+ /* In FIPS mode, we cannot use MD5 */
+ if (ssh_fips_mode()) {
+diff --git a/src/sftpserver.c b/src/sftpserver.c
+index b3349e16..528ef6f9 100644
+--- a/src/sftpserver.c
++++ b/src/sftpserver.c
+@@ -299,8 +299,8 @@ void sftp_client_message_free(sftp_client_message msg) {
+
+ int sftp_reply_name(sftp_client_message msg, const char *name,
+ sftp_attributes attr) {
+- ssh_buffer out;
+- ssh_string file;
++ ssh_buffer out = NULL;
++ ssh_string file = NULL;
+
+ out = ssh_buffer_new();
+ if (out == NULL) {
+@@ -369,7 +369,7 @@ int sftp_reply_attr(sftp_client_message msg, sftp_attributes attr) {
+
+ int sftp_reply_names_add(sftp_client_message msg, const char *file,
+ const char *longname, sftp_attributes attr) {
+- ssh_string name;
++ ssh_string name = NULL;
+
+ name = ssh_string_from_char(file);
+ if (name == NULL) {
+@@ -435,8 +435,8 @@ int sftp_reply_names(sftp_client_message msg) {
+
+ int sftp_reply_status(sftp_client_message msg, uint32_t status,
+ const char *message) {
+- ssh_buffer out;
+- ssh_string s;
++ ssh_buffer out = NULL;
++ ssh_string s = NULL;
+
+ out = ssh_buffer_new();
+ if (out == NULL) {
+@@ -492,7 +492,7 @@ int sftp_reply_data(sftp_client_message msg, const void *data, int len) {
+ * valid info (or worse).
+ */
+ ssh_string sftp_handle_alloc(sftp_session sftp, void *info) {
+- ssh_string ret;
++ ssh_string ret = NULL;
+ uint32_t val;
+ uint32_t i;
+
+diff --git a/src/string.c b/src/string.c
+index 44403487..0ab9310c 100644
+--- a/src/string.c
++++ b/src/string.c
+@@ -106,7 +106,7 @@ int ssh_string_fill(struct ssh_string_struct *s, const void *data, size_t len) {
+ * @note The null byte is not copied nor counted in the output string.
+ */
+ struct ssh_string_struct *ssh_string_from_char(const char *what) {
+- struct ssh_string_struct *ptr;
++ struct ssh_string_struct *ptr = NULL;
+ size_t len;
+
+ if(what == NULL) {
+@@ -180,7 +180,7 @@ const char *ssh_string_get_char(struct ssh_string_struct *s)
+ */
+ char *ssh_string_to_char(struct ssh_string_struct *s) {
+ size_t len;
+- char *new;
++ char *new = NULL;
+
+ if (s == NULL) {
+ return NULL;
+@@ -219,7 +219,7 @@ void ssh_string_free_char(char *s) {
+ * @return Newly allocated copy of the string, NULL on error.
+ */
+ struct ssh_string_struct *ssh_string_copy(struct ssh_string_struct *s) {
+- struct ssh_string_struct *new;
++ struct ssh_string_struct *new = NULL;
+ size_t len;
+
+ if (s == NULL) {
+diff --git a/src/threads/winlocks.c b/src/threads/winlocks.c
+index da600418..e63635e7 100644
+--- a/src/threads/winlocks.c
++++ b/src/threads/winlocks.c
+@@ -82,7 +82,7 @@ static struct ssh_threads_callbacks_struct ssh_threads_winlock =
+
+ void ssh_mutex_lock(SSH_MUTEX *mutex)
+ {
+- void *rc;
++ void *rc = NULL;
+
+ CRITICAL_SECTION *mutex_tmp = NULL;
+
+diff --git a/src/wrapper.c b/src/wrapper.c
+index d317dc4c..43bf2137 100644
+--- a/src/wrapper.c
++++ b/src/wrapper.c
+@@ -152,7 +152,7 @@ static void cipher_free(struct ssh_cipher_struct *cipher) {
+
+ struct ssh_crypto_struct *crypto_new(void)
+ {
+- struct ssh_crypto_struct *crypto;
++ struct ssh_crypto_struct *crypto = NULL;
+
+ crypto = malloc(sizeof(struct ssh_crypto_struct));
+ if (crypto == NULL) {
+--
+2.40.0
+
new file mode 100644
@@ -0,0 +1,34 @@
+From b35ee876adc92a208d47194772e99f9c71e0bedb Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Mon, 28 Apr 2025 11:04:55 +0200
+Subject: [PATCH] CVE-2025-4878 legacy: Properly check return value to avoid
+ NULL pointer dereference
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+CVE: CVE-2025-4878
+
+Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ src/legacy.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/legacy.c b/src/legacy.c
+index 7359040c..f73ef6cc 100644
+--- a/src/legacy.c
++++ b/src/legacy.c
+@@ -452,7 +452,7 @@ ssh_private_key privatekey_from_file(ssh_session session,
+ auth_fn,
+ auth_data,
+ &key);
+- if (rc == SSH_ERROR) {
++ if (rc != SSH_OK) {
+ return NULL;
+ }
+
+--
+2.40.0
+
@@ -13,6 +13,8 @@ SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable
file://CVE-2025-5318.patch \
file://CVE-2025-5351.patch \
file://CVE-2025-5372.patch \
+ file://CVE-2025-4878-0001.patch \
+ file://CVE-2025-4878-0002.patch \
"
SRCREV = "10e09e273f69e149389b3e0e5d44b8c221c2e7f6"