CVE-2025-4878 Initialize pointers where possible

This is mostly mechanical change initializing all the pointers I was able to
find with some grep and manual review of sources and examples.

Used the following greps (which yield some false positives though):

    git grep "    \w* *\* *\w*;$"
    git grep " ssh_session \w*;"
    git grep " ssh_channel \w*;"
    git grep " struct ssh_iterator \*\w*;"
    git grep " ssh_bind \w*;"
    git grep " ssh_key \w*;"
    git grep " ssh_string \w*;"
    git grep " ssh_buffer \w*;"
    git grep " HMACCTX \w*;"
    git grep " SHACTX \w*;"
    grep -rinP '^(?!.*=)\s*(?:\w+\s+)*\w+\s*\*\s*\w+\s*;'

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

examples/authentication.c

@@ -30,8 +30,8 @@ int authenticate_kbdint(ssh_session session, const char *password)
 
     err = ssh_userauth_kbdint(session, NULL, NULL);
     while (err == SSH_AUTH_INFO) {
-        const char *instruction;
-        const char *name;
+        const char *instruction = NULL;
+        const char *name = NULL;
         char buffer[128];
         int i, n;
 
@@ -48,8 +48,8 @@ int authenticate_kbdint(ssh_session session, const char *password)
         }
 
         for (i = 0; i < n; i++) {
-            const char *answer;
-            const char *prompt;
+            const char *answer = NULL;
+            const char *prompt = NULL;
             char echo;
 
             prompt = ssh_userauth_kbdint_getprompt(session, i, &echo);
@@ -58,7 +58,7 @@ int authenticate_kbdint(ssh_session session, const char *password)
             }
 
             if (echo) {
-                char *p;
+                char *p = NULL;
 
                 printf("%s", prompt);
 
@@ -143,7 +143,7 @@ int authenticate_console(ssh_session session)
     int rc;
     int method;
     char password[128] = {0};
-    char *banner;
+    char *banner = NULL;
 
     // Try to authenticate
     rc = ssh_userauth_none(session, NULL);