CVE-2025-4878 Initialize pointers where possible

This is mostly mechanical change initializing all the pointers I was able to
find with some grep and manual review of sources and examples.

Used the following greps (which yield some false positives though):

    git grep "    \w* *\* *\w*;$"
    git grep " ssh_session \w*;"
    git grep " ssh_channel \w*;"
    git grep " struct ssh_iterator \*\w*;"
    git grep " ssh_bind \w*;"
    git grep " ssh_key \w*;"
    git grep " ssh_string \w*;"
    git grep " ssh_buffer \w*;"
    git grep " HMACCTX \w*;"
    git grep " SHACTX \w*;"
    grep -rinP '^(?!.*=)\s*(?:\w+\s+)*\w+\s*\*\s*\w+\s*;'

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

src/config_parser.c

@@ -39,8 +39,8 @@
  */
 char *ssh_config_get_cmd(char **str)
 {
-    register char *c;
-    char *r;
+    register char *c = NULL;
+    char *r = NULL;
 
     /* Ignore leading spaces */
     for (c = *str; *c; c++) {
@@ -67,7 +67,7 @@ out:
  */
 char *ssh_config_get_token(char **str)
 {
-    register char *c;
+    register char *c = NULL;
     bool had_equal = false;
     char *r = NULL;
 
@@ -123,7 +123,7 @@ out:
 
 long ssh_config_get_long(char **str, long notfound)
 {
-    char *p, *endp;
+    char *p = NULL, *endp = NULL;
     long i;
 
     p = ssh_config_get_token(str);
@@ -140,7 +140,7 @@ long ssh_config_get_long(char **str, long notfound)
 
 const char *ssh_config_get_str_tok(char **str, const char *def)
 {
-    char *p;
+    char *p = NULL;
 
     p = ssh_config_get_token(str);
     if (p && *p) {
@@ -152,7 +152,7 @@ const char *ssh_config_get_str_tok(char **str, const char *def)
 
 int ssh_config_get_yesno(char **str, int notfound)
 {
-    const char *p;
+    const char *p = NULL;
 
     p = ssh_config_get_str_tok(str, NULL);
     if (p == NULL) {