CVE-2025-4878 Initialize pointers where possible

This is mostly mechanical change initializing all the pointers I was able to find with some grep and manual review of sources and examples. Used the following greps (which yield some false positives though): git grep " \w* *\* *\w*;$" git grep " ssh_session \w*;" git grep " ssh_channel \w*;" git grep " struct ssh_iterator \*\w*;" git grep " ssh_bind \w*;" git grep " ssh_key \w*;" git grep " ssh_string \w*;" git grep " ssh_buffer \w*;" git grep " HMACCTX \w*;" git grep " SHACTX \w*;" grep -rinP '^(?!.*=)\s*(?:\w+\s+)*\w+\s*\*\s*\w+\s*;' Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2025-07-31 00:03:07 +03:00 · 2025-04-23 17:57:11 +02:00
parent 5504ff4051
commit 697650caa9
62 changed files with 348 additions and 332 deletions
--- a/doc/authentication.dox
+++ b/doc/authentication.dox
@ -105,7 +105,7 @@ Here is a small example of password authentication:
@code
 int authenticate_password(ssh_session session)
 {
-  char *password;
+  char *password = NULL;
  int rc;
  password = getpass("Enter your password: ");
@ -218,7 +218,7 @@ int authenticate_kbdint(ssh_session session)
  rc = ssh_userauth_kbdint(session, NULL, NULL);
  while (rc == SSH_AUTH_INFO)
  {
-    const char *name, *instruction;
+    const char *name = NULL, *instruction = NULL;
    int nprompts, iprompt;
    name = ssh_userauth_kbdint_getname(session);
@ -231,7 +231,7 @@ int authenticate_kbdint(ssh_session session)
      printf("%s\n", instruction);
    for (iprompt = 0; iprompt < nprompts; iprompt++)
    {
-      const char *prompt;
+      const char *prompt = NULL;
      char echo;
      prompt = ssh_userauth_kbdint_getprompt(session, iprompt, &echo);
@ -251,7 +251,7 @@ int authenticate_kbdint(ssh_session session)
      }
      else
      {
-        char *ptr;
+        char *ptr = NULL;
        ptr = getpass(prompt);
        if (ssh_userauth_kbdint_setanswer(session, iprompt, ptr) < 0)
@ -354,7 +354,7 @@ The following example shows how to retrieve and dispose the issue banner:
 int display_banner(ssh_session session)
 {
  int rc;
-  char *banner;
+  char *banner = NULL;
 /*
 *** Does not work without calling ssh_userauth_none() first ***
--- a/doc/command.dox
+++ b/doc/command.dox
@ -22,7 +22,7 @@ a SSH session that uses this channel:
@code
 int show_remote_files(ssh_session session)
 {
-  ssh_channel channel;
+  ssh_channel channel = NULL;
  int rc;
  channel = ssh_channel_new(session);
--- a/doc/forwarding.dox
+++ b/doc/forwarding.dox
@ -100,7 +100,7 @@ used to retrieve google's home page from the remote SSH server.
@code
 int direct_forwarding(ssh_session session)
 {
-  ssh_channel forwarding_channel;
+  ssh_channel forwarding_channel = NULL;
  int rc = SSH_ERROR;
  char *http_get = "GET / HTTP/1.1\nHost: www.google.com\n\n";
  int nbytes, nwritten;
@ -161,7 +161,7 @@ local libssh application, which handles them:
 int web_server(ssh_session session)
 {
  int rc;
-  ssh_channel channel;
+  ssh_channel channel = NULL;
  char buffer[256];
  int nbytes, nwritten;
  int port = 0;
--- a/doc/guided_tour.dox
+++ b/doc/guided_tour.dox
@ -79,7 +79,7 @@ Here is a small example of how to use it:
 int main()
 {
-  ssh_session my_ssh_session;
+  ssh_session my_ssh_session = NULL;
  int verbosity = SSH_LOG_PROTOCOL;
  int port = 22;
@ -126,7 +126,7 @@ Here's an example:
 int main()
 {
-  ssh_session my_ssh_session;
+  ssh_session my_ssh_session = NULL;
  int rc;
  my_ssh_session = ssh_new();
@ -190,8 +190,8 @@ int verify_knownhost(ssh_session session)
    ssh_key srv_pubkey = NULL;
    size_t hlen;
    char buf[10];
-    char *hexa;
+    char *hexa = NULL;
-    char *p;
+    char *p = NULL;
    int cmp;
    int rc;
@ -317,9 +317,9 @@ The example below shows an authentication with password:
 int main()
 {
-  ssh_session my_ssh_session;
+  ssh_session my_ssh_session = NULL;
  int rc;
-  char *password;
+  char *password = NULL;
  // Open session and set options
  my_ssh_session = ssh_new();
@ -380,7 +380,7 @@ The example below shows how to execute a remote command:
@code
 int show_remote_processes(ssh_session session)
 {
-  ssh_channel channel;
+  ssh_channel channel = NULL;
  int rc;
  char buffer[256];
  int nbytes;
--- a/doc/shell.dox
+++ b/doc/shell.dox
@ -26,7 +26,7 @@ The code sample below achieves these tasks:
@code
 int shell_session(ssh_session session)
 {
-  ssh_channel channel;
+  ssh_channel channel = NULL;
  int rc;
  channel = ssh_channel_new(session);
--- a/examples/authentication.c
+++ b/examples/authentication.c
@ -30,8 +30,8 @@ int authenticate_kbdint(ssh_session session, const char *password)
    err = ssh_userauth_kbdint(session, NULL, NULL);
    while (err == SSH_AUTH_INFO) {
-        const char *instruction;
+        const char *instruction = NULL;
-        const char *name;
+        const char *name = NULL;
        char buffer[128];
        int i, n;
@ -48,8 +48,8 @@ int authenticate_kbdint(ssh_session session, const char *password)
        }
        for (i = 0; i < n; i++) {
-            const char *answer;
+            const char *answer = NULL;
-            const char *prompt;
+            const char *prompt = NULL;
            char echo;
            prompt = ssh_userauth_kbdint_getprompt(session, i, &echo);
@ -58,7 +58,7 @@ int authenticate_kbdint(ssh_session session, const char *password)
            }
            if (echo) {
-                char *p;
+                char *p = NULL;
                printf("%s", prompt);
@ -143,7 +143,7 @@ int authenticate_console(ssh_session session)
    int rc;
    int method;
    char password[128] = {0};
-    char *banner;
+    char *banner = NULL;
    // Try to authenticate
    rc = ssh_userauth_none(session, NULL);
--- a/examples/connect_ssh.c
+++ b/examples/connect_ssh.c
@ -22,7 +22,7 @@ clients must be made or how a client should react.
 #include <stdio.h>
 ssh_session connect_ssh(const char *host, const char *user,int verbosity){
-  ssh_session session;
+  ssh_session session = NULL;
  int auth=0;
  session=ssh_new();
--- a/examples/exec.c
+++ b/examples/exec.c
@ -5,8 +5,8 @@
 #include "examples_common.h"
 int main(void) {
-    ssh_session session;
+    ssh_session session = NULL;
-    ssh_channel channel;
+    ssh_channel channel = NULL;
    char buffer[256];
    int rbytes, wbytes, total = 0;
    int rc;
--- a/examples/knownhosts.c
+++ b/examples/knownhosts.c
@ -38,7 +38,7 @@ int verify_knownhost(ssh_session session)
    char buf[10];
    unsigned char *hash = NULL;
    size_t hlen;
-    ssh_key srv_pubkey;
+    ssh_key srv_pubkey = NULL;
    int rc;
    rc = ssh_get_server_publickey(session, &srv_pubkey);
--- a/examples/libssh_scp.c
+++ b/examples/libssh_scp.c
@ -26,9 +26,9 @@ program.
 #define BUF_SIZE 16384
 #endif
-static char **sources;
+static char **sources = NULL;
 static int nsources;
-static char *destination;
+static char *destination = NULL;
 static int verbosity = 0;
 struct location {
@ -114,9 +114,10 @@ static void location_free(struct location *loc)
    }
 }
-static struct location *parse_location(char *loc) {
+static struct location *parse_location(char *loc)
-    struct location *location;
+{
-    char *ptr;
+    struct location *location = NULL;
    char *ptr = NULL;
    location = malloc(sizeof(struct location));
    if (location == NULL) {
--- a/examples/proxy.c
+++ b/examples/proxy.c
@ -35,8 +35,8 @@ clients must be made or how a client should react.
 static int authenticated=0;
 static int tries = 0;
 static int error = 0;
-static ssh_channel chan=NULL;
+static ssh_channel chan = NULL;
-static char *username;
+static char *username = NULL;
 static ssh_gssapi_creds client_creds = NULL;
 static int auth_password(ssh_session session, const char *user,
@ -204,11 +204,12 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
 static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
 #endif /* HAVE_ARGP_H */
-int main(int argc, char **argv){
+int main(int argc, char **argv)
-    ssh_session session;
+{
-    ssh_bind sshbind;
+    ssh_session session = NULL;
-    ssh_event mainloop;
+    ssh_bind sshbind = NULL;
-    ssh_session client_session;
+    ssh_event mainloop = NULL;
    ssh_session client_session = NULL;
    struct ssh_server_callbacks_struct cb = {
        .userdata = NULL,
@ -219,7 +220,7 @@ int main(int argc, char **argv){
    char buf[BUF_SIZE];
    char host[128]="";
-    char *ptr;
+    char *ptr = NULL;
    int i,r, rc;
    sshbind=ssh_bind_new();
@ -336,4 +337,3 @@ int main(int argc, char **argv){
    ssh_finalize();
    return 0;
 }
--- a/examples/samplesshd-cb.c
+++ b/examples/samplesshd-cb.c
@ -244,10 +244,11 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
 static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
 #endif /* HAVE_ARGP_H */
-int main(int argc, char **argv){
+int main(int argc, char **argv)
-    ssh_session session;
+{
-    ssh_bind sshbind;
+    ssh_session session = NULL;
-    ssh_event mainloop;
+    ssh_bind sshbind = NULL;
    ssh_event mainloop = NULL;
    struct ssh_server_callbacks_struct cb = {
        .userdata = NULL,
        .auth_none_function = auth_none,
@ -339,4 +340,3 @@ int main(int argc, char **argv){
    ssh_finalize();
    return 0;
 }
--- a/examples/samplesshd-kbdint.c
+++ b/examples/samplesshd-kbdint.c
@ -174,8 +174,8 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
 static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
 #endif /* HAVE_ARGP_H */
-static const char *name;
+static const char *name = NULL;
-static const char *instruction;
+static const char *instruction = NULL;
 static const char *prompts[2];
 static char echo[] = { 1, 0 };
@ -279,11 +279,12 @@ static int authenticate(ssh_session session) {
    return 0;
 }
-int main(int argc, char **argv){
+int main(int argc, char **argv)
-    ssh_session session;
+{
-    ssh_bind sshbind;
+    ssh_session session = NULL;
-    ssh_message message;
+    ssh_bind sshbind = NULL;
-    ssh_channel chan=0;
+    ssh_message message = NULL;
    ssh_channel chan = NULL;
    char buf[BUF_SIZE];
    int auth=0;
    int shell=0;
@ -411,4 +412,3 @@ int main(int argc, char **argv){
    ssh_finalize();
    return 0;
 }
--- a/examples/scp_download.c
+++ b/examples/scp_download.c
@ -108,7 +108,7 @@ static int fetch_files(ssh_session session){
  int size;
  char buffer[BUF_SIZE];
  int mode;
-  char *filename;
+  char *filename = NULL;
  int r;
  ssh_scp scp=ssh_scp_new(session, SSH_SCP_READ | SSH_SCP_RECURSIVE, "/tmp/libssh_tests/*");
  if(ssh_scp_init(scp) != SSH_OK){
@ -167,7 +167,7 @@ static int fetch_files(ssh_session session){
 }
 int main(int argc, char **argv){
-  ssh_session session;
+  ssh_session session = NULL;
  if(opts(argc,argv)<0)
    return EXIT_FAILURE;
  session=connect_ssh(host,NULL,verbosity);
--- a/examples/senddata.c
+++ b/examples/senddata.c
@ -6,7 +6,7 @@
 #define LIMIT 0x100000000UL
 int main(void) {
-  ssh_session session;
+  ssh_session session = NULL;
  ssh_channel channel;
  char buffer[1024*1024];
  int rc;
@ -47,7 +47,7 @@ int main(void) {
    if(total > LIMIT)
      break;
  }
-    
+
  if (rc < 0) {
    printf("error : %s\n",ssh_get_error(session));
    ssh_channel_close(channel);
--- a/examples/ssh_client.c
+++ b/examples/ssh_client.c
@ -53,7 +53,7 @@ static struct termios terminal;
 static char *pcap_file = NULL;
-static char *proxycommand;
+static char *proxycommand = NULL;
 static int auth_callback(const char *prompt,
                         char *buf,
@ -251,7 +251,7 @@ static void select_loop(ssh_session session,ssh_channel channel)
 static void shell(ssh_session session)
 {
-    ssh_channel channel;
+    ssh_channel channel = NULL;
    struct termios terminal_local;
    int interactive=isatty(0);
@ -339,7 +339,7 @@ static void batch_shell(ssh_session session)
 static int client(ssh_session session)
 {
    int auth = 0;
-    char *banner;
+    char *banner = NULL;
    int state;
    if (user) {
@ -423,7 +423,7 @@ static void cleanup_pcap(void)
 int main(int argc, char **argv)
 {
-    ssh_session session;
+    ssh_session session = NULL;
    ssh_init();
    session = ssh_new();
--- a/examples/sshd_direct-tcpip.c
+++ b/examples/sshd_direct-tcpip.c
@ -361,7 +361,7 @@ my_fd_data_function(UNUSED_PARAM(socket_t fd),
 {
    struct event_fd_data_struct *event_fd_data = (struct event_fd_data_struct *)userdata;
    ssh_channel channel = event_fd_data->channel;
-    ssh_session session;
+    ssh_session session = NULL;
    int len, i, wr;
    char buf[BUF_SIZE];
    int blocking;
@ -455,8 +455,8 @@ open_tcp_socket(ssh_message msg)
 {
    struct sockaddr_in sin;
    int forwardsock = -1;
-    struct hostent *host;
+    struct hostent *host = NULL;
-    const char *dest_hostname;
+    const char *dest_hostname = NULL;
    int dest_port;
    forwardsock = socket(AF_INET, SOCK_STREAM, 0);
@ -499,8 +499,8 @@ message_callback(UNUSED_PARAM(ssh_session session),
                 UNUSED_PARAM(void *userdata))
 {
    ssh_channel channel;
-    int socket_fd, *pFd;
+    int socket_fd, *pFd = NULL;
-    struct ssh_channel_callbacks_struct *cb_chan;
+    struct ssh_channel_callbacks_struct *cb_chan = NULL;
    struct event_fd_data_struct *event_fd_data;
    _ssh_log(SSH_LOG_PACKET, "=== message_callback", "Message type: %d",
@ -655,8 +655,8 @@ static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
 int
 main(int argc, char **argv)
 {
-    ssh_session session;
+    ssh_session session = NULL;
-    ssh_bind sshbind;
+    ssh_bind sshbind = NULL;
    struct ssh_server_callbacks_struct cb = {
        .userdata = NULL,
        .auth_password_function = auth_password,
--- a/examples/sshnetcat.c
+++ b/examples/sshnetcat.c
@ -39,7 +39,7 @@ clients must be made or how a client should react.
 #define BUF_SIZE 4096
 #endif
-char *host;
+char *host = NULL;
 const char *desthost="localhost";
 const char *port="22";
@ -193,7 +193,7 @@ static void forwarding(ssh_session session){
 static int client(ssh_session session){
  int auth=0;
-  char *banner;
+  char *banner = NULL;
  int state;
  if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0)
@ -246,7 +246,7 @@ void cleanup_pcap(void)
 #endif
 int main(int argc, char **argv){
-    ssh_session session;
+    ssh_session session = NULL;
    session = ssh_new();
--- a/src/agent.c
+++ b/src/agent.c
@ -422,8 +422,9 @@ ssh_key ssh_agent_get_first_ident(struct ssh_session_struct *session,
 /* caller has to free comment */
 ssh_key ssh_agent_get_next_ident(struct ssh_session_struct *session,
-    char **comment) {
+                                 char **comment)
-    struct ssh_key_struct *key;
+{
    struct ssh_key_struct *key = NULL;
    struct ssh_string_struct *blob = NULL;
    struct ssh_string_struct *tmp = NULL;
    int rc;
@ -492,10 +493,10 @@ ssh_string ssh_agent_sign_data(ssh_session session,
                               const ssh_key pubkey,
                               struct ssh_buffer_struct *data)
 {
-    ssh_buffer request;
+    ssh_buffer request = NULL;
-    ssh_buffer reply;
+    ssh_buffer reply = NULL;
-    ssh_string key_blob;
+    ssh_string key_blob = NULL;
-    ssh_string sig_blob;
+    ssh_string sig_blob = NULL;
    unsigned int type = 0;
    unsigned int flags = 0;
    uint32_t dlen;
--- a/src/auth.c
+++ b/src/auth.c
@ -195,8 +195,9 @@ static int ssh_userauth_get_response(ssh_session session)
 *
 * This banner should be shown to user prior to authentication
 */
-SSH_PACKET_CALLBACK(ssh_packet_userauth_banner) {
+SSH_PACKET_CALLBACK(ssh_packet_userauth_banner)
-    ssh_string banner;
+{
    ssh_string banner = NULL;
    (void)type;
    (void)user;
@ -1694,7 +1695,7 @@ int ssh_userauth_agent_pubkey(ssh_session session,
                              const char *username,
                              ssh_public_key publickey)
 {
-    ssh_key key;
+    ssh_key key = NULL;
    int rc;
    key = ssh_key_new();
--- a/src/bind.c
+++ b/src/bind.c
@ -74,7 +74,7 @@
 static socket_t bind_socket(ssh_bind sshbind, const char *hostname,
    int port) {
    char port_c[6];
-    struct addrinfo *ai;
+    struct addrinfo *ai = NULL;
    struct addrinfo hints;
    int opt = 1;
    socket_t s;
@ -132,8 +132,9 @@ static socket_t bind_socket(ssh_bind sshbind, const char *hostname,
    return s;
 }
-ssh_bind ssh_bind_new(void) {
+ssh_bind ssh_bind_new(void)
-    ssh_bind ptr;
+{
    ssh_bind ptr = NULL;
    ptr = calloc(1, sizeof(struct ssh_bind_struct));
    if (ptr == NULL) {
@ -218,7 +219,7 @@ static int ssh_bind_import_keys(ssh_bind sshbind) {
 }
 int ssh_bind_listen(ssh_bind sshbind) {
-    const char *host;
+    const char *host = NULL;
    socket_t fd;
    int rc;
@ -462,7 +463,7 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd)
                return SSH_ERROR;
            }
        } else {
-            char *p;
+            char *p = NULL;
            /* If something was set to the session prior to calling this
             * function, keep only what is allowed by the options set in
             * sshbind */
--- a/src/bind_config.c
+++ b/src/bind_config.c
@ -200,7 +200,7 @@ local_parse_file(ssh_bind bind,
                 uint8_t *seen,
                 unsigned int depth)
 {
-    FILE *f;
+    FILE *f = NULL;
    char line[MAX_LINE_SIZE] = {0};
    unsigned int count = 0;
    int rv;
@ -626,7 +626,7 @@ int ssh_bind_config_parse_file(ssh_bind bind, const char *filename)
 {
    char line[MAX_LINE_SIZE] = {0};
    unsigned int count = 0;
-    FILE *f;
+    FILE *f = NULL;
    uint32_t parser_flags;
    int rv;
--- a/src/buffer.c
+++ b/src/buffer.c
@ -371,7 +371,8 @@ int ssh_buffer_allocate_size(struct ssh_buffer_struct *buffer,
 */
 void *ssh_buffer_allocate(struct ssh_buffer_struct *buffer, uint32_t len)
 {
-    void *ptr;
+    void *ptr = NULL;
    buffer_verify(buffer);
    if (buffer->used + len < len) {
@ -926,7 +927,7 @@ ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
                   va_list ap)
 {
    int rc = SSH_ERROR;
-    const char *p;
+    const char *p = NULL;
    union {
        uint8_t byte;
        uint16_t word;
@ -935,7 +936,7 @@ ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
        ssh_string string;
        void *data;
    } o;
-    char *cstring;
+    char *cstring = NULL;
    bignum b;
    size_t len;
    size_t count;
@ -1094,7 +1095,7 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
                         va_list ap)
 {
    int rc = SSH_ERROR;
-    const char *p = format, *last;
+    const char *p = format, *last = NULL;
    union {
        uint8_t *byte;
        uint16_t *word;
--- a/src/callbacks.c
+++ b/src/callbacks.c
@ -122,7 +122,7 @@ int ssh_add_channel_callbacks(ssh_channel channel, ssh_channel_callbacks cb)
 int ssh_remove_channel_callbacks(ssh_channel channel, ssh_channel_callbacks cb)
 {
-    struct ssh_iterator *it;
+    struct ssh_iterator *it = NULL;
    if (channel == NULL || channel->callbacks == NULL){
        return SSH_ERROR;
--- a/src/chachapoly.c
+++ b/src/chachapoly.c
@ -42,7 +42,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher,
                                    void *key,
                                    void *IV)
 {
-    struct chacha20_poly1305_keysched *sched;
+    struct chacha20_poly1305_keysched *sched = NULL;
    uint8_t *u8key = key;
    (void)IV;
--- a/src/channels.c
+++ b/src/channels.c
@ -168,7 +168,7 @@ uint32_t ssh_channel_new_id(ssh_session session)
 */
 SSH_PACKET_CALLBACK(ssh_packet_channel_open_conf){
  uint32_t channelid=0;
-  ssh_channel channel;
+  ssh_channel channel = NULL;
  int rc;
  (void)type;
  (void)user;
@ -237,7 +237,7 @@ error:
 */
 SSH_PACKET_CALLBACK(ssh_packet_channel_open_fail){
-  ssh_channel channel;
+  ssh_channel channel = NULL;
  char *error = NULL;
  uint32_t code;
  int rc;
@ -405,7 +405,7 @@ end:
 /* return channel with corresponding local id, or NULL if not found */
 ssh_channel ssh_channel_from_local(ssh_session session, uint32_t id) {
  struct ssh_iterator *it;
-  ssh_channel channel;
+  ssh_channel channel = NULL;
  for (it = ssh_list_get_iterator(session->channels); it != NULL ; it=it->next) {
    channel = ssh_iterator_value(ssh_channel, it);
@ -501,7 +501,7 @@ error:
 */
 static ssh_channel channel_from_msg(ssh_session session, ssh_buffer packet)
 {
-  ssh_channel channel;
+  ssh_channel channel = NULL;
  uint32_t chan;
  int rc;
@ -523,7 +523,7 @@ static ssh_channel channel_from_msg(ssh_session session, ssh_buffer packet)
 }
 SSH_PACKET_CALLBACK(channel_rcv_change_window) {
-  ssh_channel channel;
+  ssh_channel channel = NULL;
  uint32_t bytes;
  int rc;
  bool was_empty;
@ -694,7 +694,7 @@ SSH_PACKET_CALLBACK(channel_rcv_data)
 }
 SSH_PACKET_CALLBACK(channel_rcv_eof) {
-  ssh_channel channel;
+  ssh_channel channel = NULL;
  (void)user;
  (void)type;
@ -738,8 +738,9 @@ static bool ssh_channel_has_unread_data(ssh_channel channel)
    return false;
 }
-SSH_PACKET_CALLBACK(channel_rcv_close) {
+SSH_PACKET_CALLBACK(channel_rcv_close)
-    ssh_channel channel;
+{
    ssh_channel channel = NULL;
    (void)user;
    (void)type;
@ -980,7 +981,7 @@ int channel_default_bufferize(ssh_channel channel,
                              void *data, uint32_t len,
                              bool is_stderr)
 {
-  ssh_session session;
+  ssh_session session = NULL;
  if(channel == NULL) {
      return -1;
@ -1119,7 +1120,7 @@ int ssh_channel_open_auth_agent(ssh_channel channel)
 int ssh_channel_open_forward(ssh_channel channel, const char *remotehost,
    int remoteport, const char *sourcehost, int localport)
 {
-  ssh_session session;
+  ssh_session session = NULL;
  ssh_buffer payload = NULL;
  ssh_string str = NULL;
  int rc = SSH_ERROR;
@ -1257,7 +1258,7 @@ error:
 */
 void ssh_channel_free(ssh_channel channel)
 {
-    ssh_session session;
+    ssh_session session = NULL;
    if (channel == NULL) {
        return;
@ -1364,7 +1365,7 @@ void ssh_channel_do_free(ssh_channel channel)
 */
 int ssh_channel_send_eof(ssh_channel channel)
 {
-    ssh_session session;
+    ssh_session session = NULL;
    int rc = SSH_ERROR;
    int err;
@ -1425,7 +1426,7 @@ error:
 */
 int ssh_channel_close(ssh_channel channel)
 {
-    ssh_session session;
+    ssh_session session = NULL;
    int rc = 0;
    if(channel == NULL) {
@ -1521,7 +1522,7 @@ static int channel_write_common(ssh_channel channel,
                                const void *data,
                                uint32_t len, int is_stderr)
 {
-  ssh_session session;
+  ssh_session session = NULL;
  uint32_t origlen = len;
  size_t effectivelen;
  int rc;
@ -1777,7 +1778,7 @@ void ssh_channel_set_blocking(ssh_channel channel, int blocking)
 * @brief handle a SSH_CHANNEL_SUCCESS packet and set the channel state.
 */
 SSH_PACKET_CALLBACK(ssh_packet_channel_success){
-  ssh_channel channel;
+  ssh_channel channel = NULL;
  (void)type;
  (void)user;
@ -1813,7 +1814,7 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_success){
 * @brief Handle a SSH_CHANNEL_FAILURE packet and set the channel state.
 */
 SSH_PACKET_CALLBACK(ssh_packet_channel_failure){
-  ssh_channel channel;
+  ssh_channel channel = NULL;
  (void)type;
  (void)user;
@ -1962,7 +1963,7 @@ error:
 int ssh_channel_request_pty_size_modes(ssh_channel channel, const char *terminal,
    int col, int row, const unsigned char* modes, size_t modes_len)
 {
-  ssh_session session;
+  ssh_session session = NULL;
  ssh_buffer buffer = NULL;
  int rc = SSH_ERROR;
@ -2291,7 +2292,7 @@ static ssh_channel ssh_channel_accept(ssh_session session, int channeltype,
 #endif
  ssh_message msg = NULL;
  ssh_channel channel = NULL;
-  struct ssh_iterator *iterator;
+  struct ssh_iterator *iterator = NULL;
  int t;
  /*
@ -2954,7 +2955,7 @@ error:
 int channel_read_buffer(ssh_channel channel, ssh_buffer buffer, uint32_t count,
    int is_stderr)
 {
-  ssh_session session;
+  ssh_session session = NULL;
  char *buffer_tmp = NULL;
  int r;
  uint32_t total=0;
@ -3090,7 +3091,7 @@ int ssh_channel_read_timeout(ssh_channel channel,
                             int is_stderr,
                             int timeout_ms)
 {
-  ssh_session session;
+  ssh_session session = NULL;
  ssh_buffer stdbuf;
  uint32_t len;
  struct ssh_channel_read_termination_struct ctx;
@ -3200,7 +3201,7 @@ int ssh_channel_read_nonblocking(ssh_channel channel,
                                 uint32_t count,
                                 int is_stderr)
 {
-    ssh_session session;
+    ssh_session session = NULL;
    uint32_t to_read;
    int rc;
    int blocking;
@ -3312,8 +3313,8 @@ int ssh_channel_poll(ssh_channel channel, int is_stderr)
 */
 int ssh_channel_poll_timeout(ssh_channel channel, int timeout, int is_stderr)
 {
-    ssh_session session;
+    ssh_session session = NULL;
-    ssh_buffer stdbuf;
+    ssh_buffer stdbuf = NULL;
    struct ssh_channel_read_termination_struct ctx;
    size_t len;
    int rc;
@ -3515,7 +3516,7 @@ channel_protocol_select(ssh_channel *rchans, ssh_channel *wchans,
                        ssh_channel *echans, ssh_channel *rout,
                        ssh_channel *wout, ssh_channel *eout)
 {
-  ssh_channel chan;
+  ssh_channel chan = NULL;
  int i;
  int j = 0;
@ -3596,7 +3597,7 @@ static size_t count_ptrs(ssh_channel *ptrs)
 int ssh_channel_select(ssh_channel *readchans, ssh_channel *writechans,
                       ssh_channel *exceptchans, struct timeval * timeout)
 {
-  ssh_channel *rchans, *wchans, *echans;
+  ssh_channel *rchans = NULL, *wchans = NULL, *echans = NULL;
  ssh_channel dummy = NULL;
  ssh_event event = NULL;
  int rc;
@ -3789,7 +3790,7 @@ int ssh_channel_write_stderr(ssh_channel channel, const void *data, uint32_t len
 int ssh_channel_open_reverse_forward(ssh_channel channel, const char *remotehost,
                                     int remoteport, const char *sourcehost, int localport)
 {
-  ssh_session session;
+  ssh_session session = NULL;
  ssh_buffer payload = NULL;
  int rc = SSH_ERROR;
@ -3853,7 +3854,7 @@ error:
 int ssh_channel_open_x11(ssh_channel channel,
                         const char *orig_addr, int orig_port)
 {
-  ssh_session session;
+  ssh_session session = NULL;
  ssh_buffer payload = NULL;
  int rc = SSH_ERROR;
--- a/src/client.c
+++ b/src/client.c
@ -785,7 +785,7 @@ ssh_session_set_disconnect_message(ssh_session session, const char *message)
 void
 ssh_disconnect(ssh_session session)
 {
-    struct ssh_iterator *it;
+    struct ssh_iterator *it = NULL;
    int rc;
    if (session == NULL) {
--- a/src/config.c
+++ b/src/config.c
@ -211,7 +211,7 @@ local_parse_file(ssh_session session,
                 unsigned int depth,
                 bool global)
 {
-    FILE *f;
+    FILE *f = NULL;
    char line[MAX_LINE_SIZE] = {0};
    unsigned int count = 0;
    int rv;
@ -1462,7 +1462,7 @@ int ssh_config_parse_file(ssh_session session, const char *filename)
 {
    char line[MAX_LINE_SIZE] = {0};
    unsigned int count = 0;
-    FILE *f;
+    FILE *f = NULL;
    int parsing, rv;
    bool global = 0;
--- a/src/config_parser.c
+++ b/src/config_parser.c
@ -39,8 +39,8 @@
 */
 char *ssh_config_get_cmd(char **str)
 {
-    register char *c;
+    register char *c = NULL;
-    char *r;
+    char *r = NULL;
    /* Ignore leading spaces */
    for (c = *str; *c; c++) {
@ -67,7 +67,7 @@ out:
 */
 char *ssh_config_get_token(char **str)
 {
-    register char *c;
+    register char *c = NULL;
    bool had_equal = false;
    char *r = NULL;
@ -123,7 +123,7 @@ out:
 long ssh_config_get_long(char **str, long notfound)
 {
-    char *p, *endp;
+    char *p = NULL, *endp = NULL;
    long i;
    p = ssh_config_get_token(str);
@ -140,7 +140,7 @@ long ssh_config_get_long(char **str, long notfound)
 const char *ssh_config_get_str_tok(char **str, const char *def)
 {
-    char *p;
+    char *p = NULL;
    p = ssh_config_get_token(str);
    if (p && *p) {
@ -152,7 +152,7 @@ const char *ssh_config_get_str_tok(char **str, const char *def)
 int ssh_config_get_yesno(char **str, int notfound)
 {
-    const char *p;
+    const char *p = NULL;
    p = ssh_config_get_str_tok(str, NULL);
    if (p == NULL) {
--- a/src/connect.c
+++ b/src/connect.c
@ -189,8 +189,8 @@ socket_t ssh_connect_host_nonblocking(ssh_session session, const char *host,
        }
        if (bind_addr) {
-            struct addrinfo *bind_ai;
+            struct addrinfo *bind_ai = NULL;
-            struct addrinfo *bind_itr;
+            struct addrinfo *bind_itr = NULL;
            SSH_LOG(SSH_LOG_PACKET, "Resolving %s", bind_addr);
--- a/src/connector.c
+++ b/src/connector.c
@ -627,8 +627,9 @@ error:
    return rc;
 }
-int ssh_connector_remove_event(ssh_connector connector) {
+int ssh_connector_remove_event(ssh_connector connector)
-    ssh_session session;
+{
    ssh_session session = NULL;
    if (connector->in_poll != NULL) {
        ssh_event_remove_poll(connector->event, connector->in_poll);
--- a/src/dh_crypto.c
+++ b/src/dh_crypto.c
@ -404,7 +404,7 @@ done:
 */
 int ssh_dh_init_common(struct ssh_crypto_struct *crypto)
 {
-    struct dh_ctx *ctx;
+    struct dh_ctx *ctx = NULL;
    int rc;
    ctx = calloc(1, sizeof(*ctx));
--- a/src/ecdh_crypto.c
+++ b/src/ecdh_crypto.c
@ -444,7 +444,7 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init)
    ssh_string q_c_string = NULL;
    ssh_string q_s_string = NULL;
    /* SSH host keys (rsa, ed25519 and ecdsa) */
-    ssh_key privkey;
+    ssh_key privkey = NULL;
    enum ssh_digest_e digest = SSH_DIGEST_AUTO;
    ssh_string sig_blob = NULL;
    ssh_string pubkey_blob = NULL;
--- a/src/ecdh_gcrypt.c
+++ b/src/ecdh_gcrypt.c
@ -132,9 +132,9 @@ int ecdh_build_k(ssh_session session)
 #else
    size_t k_len = 0;
    enum ssh_key_exchange_e kex_type = session->next_crypto->kex_type;
-    ssh_string s;
+    ssh_string s = NULL;
 #endif
-    ssh_string pubkey_raw;
+    ssh_string pubkey_raw = NULL;
    gcry_sexp_t pubkey = NULL;
    ssh_string privkey = NULL;
    int rc = SSH_ERROR;
@ -267,12 +267,12 @@ int ecdh_build_k(ssh_session session)
 SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
    gpg_error_t err;
    /* ECDH keys */
-    ssh_string q_c_string;
+    ssh_string q_c_string = NULL;
-    ssh_string q_s_string;
+    ssh_string q_s_string = NULL;
    gcry_sexp_t param = NULL;
    gcry_sexp_t key = NULL;
    /* SSH host keys (rsa, ed25519 and ecdsa) */
-    ssh_key privkey;
+    ssh_key privkey = NULL;
    enum ssh_digest_e digest = SSH_DIGEST_AUTO;
    ssh_string sig_blob = NULL;
    ssh_string pubkey_blob = NULL;
--- a/src/gcrypt_missing.c
+++ b/src/gcrypt_missing.c
@ -47,7 +47,7 @@ int ssh_gcry_dec2bn(bignum *bn, const char *data) {
 char *ssh_gcry_bn2dec(bignum bn) {
  bignum bndup, num, ten;
-  char *ret;
+  char *ret = NULL;
  int count, count2;
  int size, rsize;
  char decnum;
--- a/src/getpass.c
+++ b/src/getpass.c
@ -46,7 +46,7 @@
 */
 static int ssh_gets(const char *prompt, char *buf, size_t len, int verify)
 {
-    char *tmp;
+    char *tmp = NULL;
    char *ptr = NULL;
    int ok = 0;
@ -78,7 +78,7 @@ static int ssh_gets(const char *prompt, char *buf, size_t len, int verify)
        }
        if (verify) {
-            char *key_string;
+            char *key_string = NULL;
            key_string = calloc(1, len);
            if (key_string == NULL) {
--- a/src/gssapi.c
+++ b/src/gssapi.c
@ -159,7 +159,7 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user,
    gss_name_t server_name; /* local server fqdn */
    OM_uint32 maj_stat, min_stat;
    size_t i;
-    char *ptr;
+    char *ptr = NULL;
    gss_OID_set supported; /* oids supported by server */
    gss_OID_set both_supported; /* oids supported by both client and server */
    gss_OID_set selected; /* oid selected for authentication */
@ -313,7 +313,7 @@ ssh_gssapi_name_to_char(gss_name_t name)
 {
    gss_buffer_desc buffer;
    OM_uint32 maj_stat, min_stat;
-    char *ptr;
+    char *ptr = NULL;
    maj_stat = gss_display_name(&min_stat, name, &buffer, NULL);
    ssh_gssapi_log_error(SSH_LOG_DEBUG,
                         "converting name",
@ -331,9 +331,10 @@ ssh_gssapi_name_to_char(gss_name_t name)
 }
-SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
+SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server)
-    ssh_string token;
+{
-    char *hexa;
+    ssh_string token = NULL;
    char *hexa = NULL;
    OM_uint32 maj_stat, min_stat;
    gss_buffer_desc input_token, output_token = GSS_C_EMPTY_BUFFER;
    gss_name_t client_name = GSS_C_NO_NAME;
@ -357,7 +358,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
    }
    if (ssh_callbacks_exists(session->server_callbacks, gssapi_accept_sec_ctx_function)){
-        ssh_string out_token=NULL;
+        ssh_string out_token = NULL;
        rc = session->server_callbacks->gssapi_accept_sec_ctx_function(session,
                token, &out_token, session->server_callbacks->userdata);
        if (rc == SSH_ERROR){
@ -473,7 +474,7 @@ static ssh_buffer ssh_gssapi_build_mic(ssh_session session)
 SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_mic)
 {
-    ssh_string mic_token;
+    ssh_string mic_token = NULL;
    OM_uint32 maj_stat, min_stat;
    gss_buffer_desc mic_buf = GSS_C_EMPTY_BUFFER;
    gss_buffer_desc mic_token_buf = GSS_C_EMPTY_BUFFER;
@ -635,7 +636,7 @@ static int ssh_gssapi_match(ssh_session session, gss_OID_set *valid_oids)
    gss_name_t client_id = GSS_C_NO_NAME;
    gss_OID oid;
    unsigned int i;
-    char *ptr;
+    char *ptr = NULL;
    int ret;
    if (session->gssapi->client.client_deleg_creds == NULL) {
@ -837,11 +838,11 @@ static gss_OID ssh_gssapi_oid_from_string(ssh_string oid_s)
 SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){
    int rc;
-    ssh_string oid_s;
+    ssh_string oid_s = NULL;
    gss_uint32 maj_stat, min_stat;
    gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
    gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
-    char *hexa;
+    char *hexa = NULL;
    (void)type;
    (void)user;
@ -956,10 +957,11 @@ static int ssh_gssapi_send_mic(ssh_session session)
    return ssh_packet_send(session);
 }
-SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){
+SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client)
 {
    int rc;
-    ssh_string token;
+    ssh_string token = NULL;
-    char *hexa;
+    char *hexa = NULL;
    OM_uint32 maj_stat, min_stat;
    gss_buffer_desc input_token, output_token = GSS_C_EMPTY_BUFFER;
    (void)user;
--- a/src/kex.c
+++ b/src/kex.c
@ -313,7 +313,7 @@ static int cmp_first_kex_algo(const char *client_str,
    size_t client_kex_len;
    size_t server_kex_len;
-    char *colon;
+    char *colon = NULL;
    int is_wrong = 1;
@ -751,7 +751,7 @@ char *ssh_client_select_hostkeys(ssh_session session)
 int ssh_set_client_kex(ssh_session session)
 {
    struct ssh_kex_struct *client = &session->next_crypto->client_kex;
-    const char *wanted;
+    const char *wanted = NULL;
    int ok;
    int i;
--- a/src/known_hosts.c
+++ b/src/known_hosts.c
@ -79,8 +79,8 @@ static struct ssh_tokens_st *ssh_get_knownhost_line(FILE **file,
                                                    const char **found_type)
 {
    char buffer[MAX_LINE_SIZE] = {0};
-    char *ptr;
+    char *ptr = NULL;
-    struct ssh_tokens_st *tokens;
+    struct ssh_tokens_st *tokens = NULL;
    if (*file == NULL) {
        *file = fopen(filename,"r");
@ -149,7 +149,7 @@ static struct ssh_tokens_st *ssh_get_knownhost_line(FILE **file,
 static int check_public_key(ssh_session session, char **tokens) {
  ssh_string pubkey_blob = NULL;
  ssh_buffer pubkey_buffer;
-  char *pubkey_64;
+  char *pubkey_64 = NULL;
  int rc;
    /* ssh-rsa, ssh-ed25519, .. */
@ -205,11 +205,11 @@ static int match_hashed_host(const char *host, const char *sourcehash)
   * hash := HMAC_SHA1(key=salt,data=host)
   */
  unsigned char buffer[256] = {0};
-  ssh_buffer salt;
+  ssh_buffer salt = NULL;
-  ssh_buffer hash;
+  ssh_buffer hash = NULL;
-  HMACCTX mac;
+  HMACCTX mac = NULL;
-  char *source;
+  char *source = NULL;
-  char *b64hash;
+  char *b64hash = NULL;
  int match, rc;
  size_t size;
@ -304,14 +304,14 @@ static int match_hashed_host(const char *host, const char *sourcehash)
 int ssh_is_server_known(ssh_session session)
 {
    FILE *file = NULL;
-    char *host;
+    char *host = NULL;
-    char *hostport;
+    char *hostport = NULL;
-    const char *type;
+    const char *type = NULL;
    int match;
    int i = 0;
-    char *files[3];
+    char *files[3] = {0};
-    struct ssh_tokens_st *tokens;
+    struct ssh_tokens_st *tokens = NULL;
    int ret = SSH_SERVER_NOT_KNOWN;
@ -443,12 +443,13 @@ int ssh_is_server_known(ssh_session session)
 * @deprecated Please use ssh_session_export_known_hosts_entry()
 * @brief This function is deprecated.
 */
-char * ssh_dump_knownhost(ssh_session session) {
+char *ssh_dump_knownhost(ssh_session session)
 {
    ssh_key server_pubkey = NULL;
-    char *host;
+    char *host = NULL;
-    char *hostport;
+    char *hostport = NULL;
-    char *buffer;
+    char *buffer = NULL;
-    char *b64_key;
+    char *b64_key = NULL;
    int rc;
    if (session->opts.host == NULL) {
@ -513,9 +514,9 @@ char * ssh_dump_knownhost(ssh_session session) {
 */
 int ssh_write_knownhost(ssh_session session)
 {
-    FILE *file;
+    FILE *file = NULL;
    char *buffer = NULL;
-    char *dir;
+    char *dir = NULL;
    int rc;
    if (session->opts.knownhosts == NULL) {
--- a/src/knownhosts.c
+++ b/src/knownhosts.c
@ -61,7 +61,7 @@ static int hash_hostname(const char *name,
                         size_t *hash_size)
 {
    int rc;
-    HMACCTX mac_ctx;
+    HMACCTX mac_ctx = NULL;
    mac_ctx = hmac_init(salt, salt_size, SSH_HMAC_SHA1);
    if (mac_ctx == NULL) {
@ -81,8 +81,8 @@ static int hash_hostname(const char *name,
 static int match_hashed_hostname(const char *host, const char *hashed_host)
 {
-    char *hashed;
+    char *hashed = NULL;
-    char *b64_hash;
+    char *b64_hash = NULL;
    ssh_buffer salt = NULL;
    ssh_buffer hash = NULL;
    unsigned char hashed_buf[256] = {0};
@ -229,7 +229,7 @@ static int ssh_known_hosts_read_entries(const char *match,
    char line[MAX_LINE_SIZE];
    size_t lineno = 0;
    size_t len = 0;
-    FILE *fp;
+    FILE *fp = NULL;
    int rc;
    fp = fopen(filename, "r");
@ -288,7 +288,7 @@ static int ssh_known_hosts_read_entries(const char *match,
        for (it = ssh_list_get_iterator(*entries);
             it != NULL;
             it = it->next) {
-            struct ssh_knownhosts_entry *entry2;
+            struct ssh_knownhosts_entry *entry2 = NULL;
            int cmp;
            entry2 = ssh_iterator_value(struct ssh_knownhosts_entry *, it);
            cmp = ssh_known_hosts_entries_compare(entry, entry2);
@ -312,8 +312,8 @@ error:
 static char *ssh_session_get_host_port(ssh_session session)
 {
-    char *host_port;
+    char *host_port = NULL;
-    char *host;
+    char *host = NULL;
    if (session->opts.host == NULL) {
        ssh_set_error(session,
@ -530,7 +530,7 @@ char *ssh_known_hosts_get_algorithms_names(ssh_session session)
    char *host_port = NULL;
    size_t count;
    bool needcomma = false;
-    char *names;
+    char *names = NULL;
    int rc;
@ -638,7 +638,7 @@ int ssh_known_hosts_parse_line(const char *hostname,
 {
    struct ssh_knownhosts_entry *e = NULL;
    char *known_host = NULL;
-    char *p;
+    char *p = NULL;
    char *save_tok = NULL;
    enum ssh_keytypes_e key_type;
    int match = 0;
--- a/src/legacy.c
+++ b/src/legacy.c
@ -48,7 +48,7 @@ int ssh_auth_list(ssh_session session) {
 int ssh_userauth_offer_pubkey(ssh_session session, const char *username,
    int type, ssh_string publickey)
 {
-    ssh_key key;
+    ssh_key key = NULL;
    int rc;
    (void) type; /* unused */
@ -70,7 +70,7 @@ int ssh_userauth_pubkey(ssh_session session,
                        ssh_string publickey,
                        ssh_private_key privatekey)
 {
-    ssh_key key;
+    ssh_key key = NULL;
    int rc;
    (void) publickey; /* unused */
@ -376,10 +376,11 @@ void publickey_free(ssh_public_key key) {
  SAFE_FREE(key);
 }
-ssh_public_key publickey_from_privatekey(ssh_private_key prv) {
+ssh_public_key publickey_from_privatekey(ssh_private_key prv)
-    struct ssh_public_key_struct *p;
+{
-    ssh_key privkey;
+    struct ssh_public_key_struct *p = NULL;
-    ssh_key pubkey;
+    ssh_key privkey = NULL;
    ssh_key pubkey = NULL;
    int rc;
    privkey = ssh_key_new();
@ -423,8 +424,8 @@ ssh_private_key privatekey_from_file(ssh_session session,
                                     const char *passphrase) {
    ssh_auth_callback auth_fn = NULL;
    void *auth_data = NULL;
-    ssh_private_key privkey;
+    ssh_private_key privkey = NULL;
-    ssh_key key;
+    ssh_key key = NULL;
    int rc;
    (void) type; /* unused */
@ -492,7 +493,7 @@ void privatekey_free(ssh_private_key prv) {
 ssh_string publickey_from_file(ssh_session session, const char *filename,
    int *type) {
-    ssh_key key;
+    ssh_key key = NULL;
    ssh_string key_str = NULL;
    int rc;
@ -525,9 +526,10 @@ int ssh_type_from_name(const char *name) {
    return ssh_key_type_from_name(name);
 }
-ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s) {
+ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s)
-    struct ssh_public_key_struct *pubkey;
+{
-    ssh_key key;
+    struct ssh_public_key_struct *pubkey = NULL;
    ssh_key key = NULL;
    int rc;
    (void) session; /* unused */
@ -562,9 +564,10 @@ ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s) {
    return pubkey;
 }
-ssh_string publickey_to_string(ssh_public_key pubkey) {
+ssh_string publickey_to_string(ssh_public_key pubkey)
-    ssh_key key;
+{
-    ssh_string key_blob;
+    ssh_key key = NULL;
    ssh_string key_blob = NULL;
    int rc;
    if (pubkey == NULL) {
@ -609,11 +612,11 @@ int ssh_publickey_to_file(ssh_session session,
                          ssh_string pubkey,
                          int type)
 {
-    FILE *fp;
+    FILE *fp = NULL;
-    char *user;
+    char *user = NULL;
    char buffer[1024];
    char host[256];
-    unsigned char *pubkey_64;
+    unsigned char *pubkey_64 = NULL;
    size_t len;
    int rc;
    if(session==NULL)
@ -680,9 +683,9 @@ int ssh_try_publickey_from_file(ssh_session session,
                                const char *keyfile,
                                ssh_string *publickey,
                                int *type) {
-    char *pubkey_file;
+    char *pubkey_file = NULL;
    size_t len;
-    ssh_string pubkey_string;
+    ssh_string pubkey_string = NULL;
    int pubkey_type;
    if (session == NULL || keyfile == NULL || publickey == NULL || type == NULL) {
--- a/src/libmbedcrypto.c
+++ b/src/libmbedcrypto.c
@ -133,7 +133,7 @@ cipher_init(struct ssh_cipher_struct *cipher,
            void *IV)
 {
    const mbedtls_cipher_info_t *cipher_info = NULL;
-    mbedtls_cipher_context_t *ctx;
+    mbedtls_cipher_context_t *ctx = NULL;
    size_t key_bitlen = 0;
    size_t iv_size = 0;
    int rc;
--- a/src/log.c
+++ b/src/log.c
@ -44,7 +44,7 @@
 static LIBSSH_THREAD int ssh_log_level;
 static LIBSSH_THREAD ssh_logging_callback ssh_log_cb;
-static LIBSSH_THREAD void *ssh_log_userdata;
+static LIBSSH_THREAD void *ssh_log_userdata = NULL;
 /**
 * @defgroup libssh_log The SSH logging functions
--- a/src/messages.c
+++ b/src/messages.c
@ -521,7 +521,7 @@ static void ssh_message_queue(ssh_session session, ssh_message message)
 */
 ssh_message ssh_message_pop_head(ssh_session session){
  ssh_message msg=NULL;
-  struct ssh_iterator *i;
+  struct ssh_iterator *i = NULL;
  if(session->ssh_message_list == NULL)
    return NULL;
  i=ssh_list_get_iterator(session->ssh_message_list);
@ -535,7 +535,7 @@ ssh_message ssh_message_pop_head(ssh_session session){
 /* Returns 1 if there is a message available */
 static int ssh_message_termination(void *s){
  ssh_session session = s;
-  struct ssh_iterator *it;
+  struct ssh_iterator *it = NULL;
  if(session->session_state == SSH_SESSION_STATE_ERROR)
    return 1;
  it = ssh_list_get_iterator(session->ssh_message_list);
@ -736,7 +736,7 @@ static ssh_buffer ssh_msg_userauth_build_digest(ssh_session session,
                                                ssh_string algo)
 {
    struct ssh_crypto_struct *crypto = NULL;
-    ssh_buffer buffer;
+    ssh_buffer buffer = NULL;
    ssh_string str=NULL;
    int rc;
@ -976,9 +976,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
 #ifdef WITH_GSSAPI
  if (strcmp(method, "gssapi-with-mic") == 0) {
     uint32_t n_oid;
-     ssh_string *oids;
+     ssh_string *oids = NULL;
-     ssh_string oid;
+     ssh_string oid = NULL;
-     char *hexa;
+     char *hexa = NULL;
     int i;
     ssh_buffer_get_u32(packet, &n_oid);
     n_oid=ntohl(n_oid);
@ -1062,7 +1062,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
 SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
  uint32_t nanswers;
  uint32_t i;
-  ssh_string tmp;
+  ssh_string tmp = NULL;
  int rc;
  ssh_message msg = NULL;
@ -1302,7 +1302,7 @@ end:
 * @returns             SSH_OK on success, SSH_ERROR if an error occurred.
 */
 int ssh_message_channel_request_open_reply_accept_channel(ssh_message msg, ssh_channel chan) {
-    ssh_session session;
+    ssh_session session = NULL;
    int rc;
    if (msg == NULL) {
@ -1353,7 +1353,7 @@ int ssh_message_channel_request_open_reply_accept_channel(ssh_message msg, ssh_c
 * @returns NULL in case of error
 */
 ssh_channel ssh_message_channel_request_open_reply_accept(ssh_message msg) {
-	ssh_channel chan;
+	ssh_channel chan = NULL;
 	int rc;
 	if (msg == NULL) {
--- a/src/misc.c
+++ b/src/misc.c
@ -401,7 +401,7 @@ int ssh_is_ipaddr(const char *str)
 char *ssh_lowercase(const char* str)
 {
-  char *new, *p;
+  char *new = NULL, *p = NULL;
  if (str == NULL) {
    return NULL;
@ -455,7 +455,7 @@ char *ssh_hostport(const char *host, int port)
 char *ssh_get_hexa(const unsigned char *what, size_t len)
 {
    const char h[] = "0123456789abcdef";
-    char *hexa;
+    char *hexa = NULL;
    size_t i;
    size_t hlen = len * 3;
@ -725,7 +725,7 @@ struct ssh_list *ssh_list_new(void)
 void ssh_list_free(struct ssh_list *list)
 {
-    struct ssh_iterator *ptr, *next;
+    struct ssh_iterator *ptr = NULL, *next = NULL;
    if (!list)
        return;
    ptr = list->root;
@ -746,7 +746,7 @@ struct ssh_iterator *ssh_list_get_iterator(const struct ssh_list *list)
 struct ssh_iterator *ssh_list_find(const struct ssh_list *list, void *value)
 {
-    struct ssh_iterator *it;
+    struct ssh_iterator *it = NULL;
    for (it = ssh_list_get_iterator(list); it != NULL ; it = it->next)
        if (it->data == value)
@ -836,7 +836,7 @@ int ssh_list_prepend(struct ssh_list *list, const void *data)
 void ssh_list_remove(struct ssh_list *list, struct ssh_iterator *iterator)
 {
-  struct ssh_iterator *ptr, *prev;
+  struct ssh_iterator *ptr = NULL, *prev = NULL;
  if (list == NULL) {
      return;
@ -977,7 +977,7 @@ char *ssh_dirname (const char *path)
 char *ssh_basename (const char *path)
 {
  char *new = NULL;
-  const char *s;
+  const char *s = NULL;
  size_t len;
  if (path == NULL || *path == '\0') {
@ -1115,8 +1115,8 @@ int ssh_mkdirs(const char *pathname, mode_t mode)
 */
 char *ssh_path_expand_tilde(const char *d)
 {
-    char *h = NULL, *r;
+    char *h = NULL, *r = NULL;
-    const char *p;
+    const char *p = NULL;
    size_t ld;
    size_t lh = 0;
@ -1131,7 +1131,7 @@ char *ssh_path_expand_tilde(const char *d)
 #ifdef _WIN32
        return strdup(d);
 #else
-        struct passwd *pw;
+        struct passwd *pw = NULL;
        size_t s = p - d;
        char u[128];
@ -1192,7 +1192,7 @@ char *ssh_path_expand_escape(ssh_session session, const char *s)
    char *buf = NULL;
    char *r = NULL;
    char *x = NULL;
-    const char *p;
+    const char *p = NULL;
    size_t i, l;
    r = ssh_path_expand_tilde(s);
@ -1345,8 +1345,8 @@ char *ssh_path_expand_escape(ssh_session session, const char *s)
 */
 int ssh_analyze_banner(ssh_session session, int server)
 {
-    const char *banner;
+    const char *banner = NULL;
-    const char *openssh;
+    const char *openssh = NULL;
    if (server) {
        banner = session->clientbanner;
--- a/src/options.c
+++ b/src/options.c
@ -67,7 +67,7 @@
 */
 int ssh_options_copy(ssh_session src, ssh_session *dest)
 {
-    ssh_session new;
+    ssh_session new = NULL;
    struct ssh_iterator *it = NULL;
    struct ssh_list *list = NULL;
    char *id = NULL;
@ -652,8 +652,8 @@ int ssh_options_set_algo(ssh_session session,
 int ssh_options_set(ssh_session session, enum ssh_options_e type,
                    const void *value)
 {
-    const char *v;
+    const char *v = NULL;
-    char *p, *q;
+    char *p = NULL, *q = NULL;
    long int i;
    unsigned int u;
    int rc;
@ -1517,7 +1517,7 @@ int ssh_options_get_port(ssh_session session, unsigned int* port_target) {
 */
 int ssh_options_get(ssh_session session, enum ssh_options_e type, char** value)
 {
-    char* src = NULL;
+    char *src = NULL;
    if (session == NULL) {
        return SSH_ERROR;
@ -1539,7 +1539,7 @@ int ssh_options_get(ssh_session session, enum ssh_options_e type, char** value)
            break;
        case SSH_OPTIONS_IDENTITY: {
-            struct ssh_iterator *it;
+            struct ssh_iterator *it = NULL;
            it = ssh_list_get_iterator(session->opts.identity);
            if (it == NULL) {
                it = ssh_list_get_iterator(session->opts.identity_non_exp);
@ -1821,7 +1821,7 @@ int ssh_options_getopt(ssh_session session, int *argcptr, char **argv)
 */
 int ssh_options_parse_config(ssh_session session, const char *filename)
 {
-  char *expanded_filename;
+  char *expanded_filename = NULL;
  int r;
  if (session == NULL) {
@ -1867,7 +1867,7 @@ out:
 int ssh_options_apply(ssh_session session)
 {
-    char *tmp;
+    char *tmp = NULL;
    int rc;
    if (session->opts.sshdir == NULL) {
@ -2216,8 +2216,8 @@ ssh_bind_options_set(ssh_bind sshbind,
                     const void *value)
 {
    bool allowed;
-    char *p, *q;
+    char *p = NULL, *q = NULL;
-    const char *v;
+    const char *v = NULL;
    int i, rc;
    char **wanted_methods = sshbind->wanted_methods;
@ -2591,7 +2591,7 @@ static char *ssh_bind_options_expand_escape(ssh_bind sshbind, const char *s)
    char *buf = NULL;
    char *r = NULL;
    char *x = NULL;
-    const char *p;
+    const char *p = NULL;
    size_t i, l;
    r = ssh_path_expand_tilde(s);
@ -2697,7 +2697,7 @@ static char *ssh_bind_options_expand_escape(ssh_bind sshbind, const char *s)
 int ssh_bind_options_parse_config(ssh_bind sshbind, const char *filename)
 {
    int rc = 0;
-    char *expanded_filename;
+    char *expanded_filename = NULL;
    if (sshbind == NULL) {
        return -1;
--- a/src/packet.c
+++ b/src/packet.c
@ -1428,8 +1428,8 @@ error:
 static void ssh_packet_socket_controlflow_callback(int code, void *userdata)
 {
    ssh_session session = userdata;
-    struct ssh_iterator *it;
+    struct ssh_iterator *it = NULL;
-    ssh_channel channel;
+    ssh_channel channel = NULL;
    if (code == SSH_SOCKET_FLOW_WRITEWONTBLOCK) {
        SSH_LOG(SSH_LOG_TRACE, "sending channel_write_wontblock callback");
@ -1890,7 +1890,7 @@ int ssh_packet_send(ssh_session session)
    /* We finished the key exchange so we can try to send our queue now */
    if (rc == SSH_OK && type == SSH2_MSG_NEWKEYS) {
-        struct ssh_iterator *it;
+        struct ssh_iterator *it = NULL;
        if (session->flags & SSH_SESSION_FLAG_KEX_STRICT) {
            /* reset packet sequence number when running in strict kex mode */
--- a/src/packet_crypt.c
+++ b/src/packet_crypt.c
@ -262,7 +262,7 @@ int ssh_packet_hmac_verify(ssh_session session,
 {
    struct ssh_crypto_struct *crypto = NULL;
    unsigned char hmacbuf[DIGEST_MAX_LEN] = {0};
-    HMACCTX ctx;
+    HMACCTX ctx = NULL;
    size_t hmaclen = DIGEST_MAX_LEN;
    uint32_t seq;
    int cmp;
--- a/src/pki.c
+++ b/src/pki.c
@ -344,7 +344,7 @@ enum ssh_digest_e ssh_key_hash_from_name(const char *name)
 */
 int ssh_key_algorithm_allowed(ssh_session session, const char *type)
 {
-    const char *allowed_list;
+    const char *allowed_list = NULL;
    if (session->client) {
        allowed_list = session->opts.pubkey_accepted_types;
@ -711,7 +711,7 @@ int ssh_key_cmp(const ssh_key k1,
 ssh_signature ssh_signature_new(void)
 {
-    struct ssh_signature_struct *sig;
+    struct ssh_signature_struct *sig = NULL;
    sig = malloc(sizeof(struct ssh_signature_struct));
    if (sig == NULL) {
@ -799,7 +799,7 @@ int ssh_pki_import_privkey_base64(const char *b64_key,
                                  void *auth_data,
                                  ssh_key *pkey)
 {
-    ssh_key key;
+    ssh_key key = NULL;
    char *openssh_header = NULL;
    if (b64_key == NULL || pkey == NULL) {
@ -979,8 +979,8 @@ int ssh_pki_import_privkey_file(const char *filename,
                                void *auth_data,
                                ssh_key *pkey) {
    struct stat sb;
-    char *key_buf;
+    char *key_buf = NULL;
-    FILE *file;
+    FILE *file = NULL;
    off_t size;
    int rc;
    char err_msg[SSH_ERRNO_MSG_MAX] = {0};
@ -1180,8 +1180,8 @@ ssh_pki_export_privkey_file(const ssh_key privkey,
 /* temporary function to migrate seamlessly to ssh_key */
 ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key)
 {
-    ssh_public_key pub;
+    ssh_public_key pub = NULL;
-    ssh_key tmp;
+    ssh_key tmp = NULL;
    if (key == NULL) {
        return NULL;
@ -1219,7 +1219,7 @@ ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key)
 ssh_private_key ssh_pki_convert_key_to_privatekey(const ssh_key key)
 {
-    ssh_private_key privkey;
+    ssh_private_key privkey = NULL;
    privkey = calloc(1, sizeof(struct ssh_private_key_struct));
    if (privkey == NULL) {
@ -1536,9 +1536,9 @@ static int pki_import_cert_buffer(ssh_buffer buffer,
                                  enum ssh_keytypes_e type,
                                  ssh_key *pkey)
 {
-    ssh_buffer cert;
+    ssh_buffer cert = NULL;
-    ssh_string tmp_s;
+    ssh_string tmp_s = NULL;
-    const char *type_c;
+    const char *type_c = NULL;
    ssh_key key = NULL;
    int rc;
@ -2105,7 +2105,7 @@ error:
 int ssh_pki_export_privkey_to_pubkey(const ssh_key privkey,
                                     ssh_key *pkey)
 {
-    ssh_key pubkey;
+    ssh_key pubkey = NULL;
    if (privkey == NULL || !ssh_key_is_private(privkey)) {
        return SSH_ERROR;
@ -2143,7 +2143,7 @@ int ssh_pki_export_privkey_to_pubkey(const ssh_key privkey,
 int ssh_pki_export_pubkey_blob(const ssh_key key,
                               ssh_string *pblob)
 {
-    ssh_string blob;
+    ssh_string blob = NULL;
    if (key == NULL) {
        return SSH_OK;
@ -2178,7 +2178,7 @@ int ssh_pki_export_pubkey_blob(const ssh_key key,
 int ssh_pki_export_privkey_blob(const ssh_key key,
                                ssh_string *pblob)
 {
-    ssh_string blob;
+    ssh_string blob = NULL;
    if (key == NULL) {
        return SSH_OK;
@ -2208,8 +2208,8 @@ int ssh_pki_export_privkey_blob(const ssh_key key,
 int ssh_pki_export_pubkey_base64(const ssh_key key,
                                 char **b64_key)
 {
-    ssh_string key_blob;
+    ssh_string key_blob = NULL;
-    unsigned char *b64;
+    unsigned char *b64 = NULL;
    if (key == NULL || b64_key == NULL) {
        return SSH_ERROR;
@ -2248,9 +2248,9 @@ int ssh_pki_export_pubkey_file(const ssh_key key,
 {
    char key_buf[MAX_LINE_SIZE];
    char host[256];
-    char *b64_key;
+    char *b64_key = NULL;
-    char *user;
+    char *user = NULL;
-    FILE *fp;
+    FILE *fp = NULL;
    int rc;
    if (key == NULL || filename == NULL || *filename == '\0') {
@ -2311,7 +2311,7 @@ int ssh_pki_export_pubkey_file(const ssh_key key,
 * @returns SSH_OK on success, SSH_ERROR otherwise.
 **/
 int ssh_pki_copy_cert_to_privkey(const ssh_key certkey, ssh_key privkey) {
-  ssh_buffer cert_buffer;
+  ssh_buffer cert_buffer = NULL;
  int rc, cmp;
  if (certkey == NULL || privkey == NULL) {
@ -2352,7 +2352,7 @@ int ssh_pki_export_signature_blob(const ssh_signature sig,
                                  ssh_string *sig_blob)
 {
    ssh_buffer buf = NULL;
-    ssh_string str;
+    ssh_string str = NULL;
    int rc;
    if (sig == NULL || sig_blob == NULL) {
@ -2416,7 +2416,7 @@ int ssh_pki_import_signature_blob(const ssh_string sig_blob,
    enum ssh_keytypes_e type;
    enum ssh_digest_e hash_type;
    ssh_string algorithm = NULL, blob = NULL;
-    ssh_buffer buf;
+    ssh_buffer buf = NULL;
    const char *alg = NULL;
    uint8_t flags = 0;
    uint32_t counter = 0;
@ -2772,9 +2772,9 @@ ssh_string ssh_pki_do_sign_agent(ssh_session session,
                                 const ssh_key pubkey)
 {
    struct ssh_crypto_struct *crypto = NULL;
-    ssh_string session_id;
+    ssh_string session_id = NULL;
-    ssh_string sig_blob;
+    ssh_string sig_blob = NULL;
-    ssh_buffer sig_buf;
+    ssh_buffer sig_buf = NULL;
    int rc;
    crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_BOTH);
--- a/src/pki_container_openssh.c
+++ b/src/pki_container_openssh.c
@ -234,12 +234,12 @@ ssh_pki_openssh_import(const char *text_key,
                       bool private)
 {
    const char *ptr = text_key;
-    const char *end;
+    const char *end = NULL;
-    char *base64;
+    char *base64 = NULL;
    int cmp;
    int rc;
    int i;
-    ssh_buffer buffer = NULL, privkey_buffer=NULL;
+    ssh_buffer buffer = NULL, privkey_buffer = NULL;
    char *magic = NULL, *ciphername = NULL, *kdfname = NULL;
    uint32_t nkeys = 0, checkint1 = 0, checkint2 = 0xFFFF;
    ssh_string kdfoptions = NULL;
@ -507,14 +507,14 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
 {
    ssh_buffer buffer = NULL;
    ssh_string str = NULL, blob = NULL;
-    ssh_string pubkey_s=NULL;
+    ssh_string pubkey_s = NULL;
    ssh_buffer privkey_buffer = NULL;
    uint32_t rnd;
    uint32_t rounds = 16;
-    ssh_string salt=NULL;
+    ssh_string salt = NULL;
-    ssh_string kdf_options=NULL;
+    ssh_string kdf_options = NULL;
    int to_encrypt=0;
-    unsigned char *b64;
+    unsigned char *b64 = NULL;
    uint32_t str_len, len;
    uint8_t padding = 1;
    int ok;
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@ -338,7 +338,7 @@ int pki_pubkey_build_ecdsa(ssh_key key, int nid, ssh_string e)
    int ok;
 #else
    const char *group_name = OSSL_EC_curve_nid2name(nid);
-    OSSL_PARAM_BLD *param_bld;
+    OSSL_PARAM_BLD *param_bld = NULL;
 #endif /* OPENSSL_VERSION_NUMBER */
    key->ecdsa_nid = nid;
@ -1665,7 +1665,7 @@ ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type)
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
                EC_GROUP *group = NULL;
                EC_POINT *point = NULL;
-                const void *pubkey;
+                const void *pubkey = NULL;
                size_t pubkey_len;
                OSSL_PARAM *locate_param = NULL;
 #else
@ -1871,7 +1871,7 @@ static ssh_string pki_ecdsa_signature_to_blob(const ssh_signature sig)
    const unsigned char *raw_sig_data = NULL;
    size_t raw_sig_len;
-    ECDSA_SIG *ecdsa_sig;
+    ECDSA_SIG *ecdsa_sig = NULL;
    int rc;
@ -2060,8 +2060,8 @@ static int pki_signature_from_ecdsa_blob(UNUSED_PARAM(const ssh_key pubkey),
    ECDSA_SIG *ecdsa_sig = NULL;
    BIGNUM *pr = NULL, *ps = NULL;
-    ssh_string r;
+    ssh_string r = NULL;
-    ssh_string s;
+    ssh_string s = NULL;
    ssh_buffer buf = NULL;
    uint32_t rlen;
--- a/src/pki_ed25519.c
+++ b/src/pki_ed25519.c
@ -62,7 +62,7 @@ int pki_ed25519_sign(const ssh_key privkey,
                     size_t hlen)
 {
    int rc;
-    uint8_t *buffer;
+    uint8_t *buffer = NULL;
    uint64_t dlen = 0;
    buffer = malloc(hlen + ED25519_SIG_LEN);
@ -104,8 +104,8 @@ int pki_ed25519_verify(const ssh_key pubkey,
                       size_t hlen)
 {
    uint64_t mlen = 0;
-    uint8_t *buffer;
+    uint8_t *buffer = NULL;
-    uint8_t *buffer2;
+    uint8_t *buffer2 = NULL;
    int rc;
    if (pubkey == NULL || sig == NULL ||
--- a/src/pki_ed25519_common.c
+++ b/src/pki_ed25519_common.c
@ -245,7 +245,7 @@ int pki_ed25519_private_key_to_blob(ssh_buffer buffer, const ssh_key privkey)
 */
 ssh_string pki_ed25519_signature_to_blob(ssh_signature sig)
 {
-    ssh_string sig_blob;
+    ssh_string sig_blob = NULL;
    int rc;
 #ifdef HAVE_LIBCRYPTO
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@ -150,7 +150,7 @@ static ssh_string asn1_get_int(ssh_buffer buffer) {
 static ssh_string asn1_get_bit_string(ssh_buffer buffer)
 {
-    ssh_string str;
+    ssh_string str = NULL;
    unsigned char type;
    uint32_t size;
    unsigned char unused, last, *p = NULL;
@ -1694,9 +1694,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
        case SSH_KEYTYPE_ECDSA_P521:
 #ifdef HAVE_GCRYPT_ECC
            {
-                ssh_string R;
+                ssh_string R = NULL;
-                ssh_string S;
+                ssh_string S = NULL;
-                ssh_buffer b;
+                ssh_buffer b = NULL;
                b = ssh_buffer_new();
                if (b == NULL) {
@ -1837,8 +1837,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
        case SSH_KEYTYPE_SK_ECDSA:
 #ifdef HAVE_GCRYPT_ECC
            { /* build ecdsa siganature */
-                ssh_buffer b;
+                ssh_buffer b = NULL;
-                ssh_string r, s;
+                ssh_string r = NULL, s = NULL;
                uint32_t rlen;
                b = ssh_buffer_new();
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@ -1195,9 +1195,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
        case SSH_KEYTYPE_ECDSA_P256:
        case SSH_KEYTYPE_ECDSA_P384:
        case SSH_KEYTYPE_ECDSA_P521: {
-            ssh_string r;
+            ssh_string r = NULL;
-            ssh_string s;
+            ssh_string s = NULL;
-            ssh_buffer b;
+            ssh_buffer b = NULL;
            int rc;
            b = ssh_buffer_new();
@ -1351,9 +1351,9 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
        case SSH_KEYTYPE_ECDSA_P384:
        case SSH_KEYTYPE_ECDSA_P521:
        case SSH_KEYTYPE_SK_ECDSA: {
-            ssh_buffer b;
+            ssh_buffer b = NULL;
-            ssh_string r;
+            ssh_string r = NULL;
-            ssh_string s;
+            ssh_string s = NULL;
            size_t rlen;
            b = ssh_buffer_new();
--- a/src/poll.c
+++ b/src/poll.c
@ -560,8 +560,8 @@ void ssh_poll_ctx_free(ssh_poll_ctx ctx)
 static int ssh_poll_ctx_resize(ssh_poll_ctx ctx, size_t new_size)
 {
-  ssh_poll_handle *pollptrs;
+  ssh_poll_handle *pollptrs = NULL;
-  ssh_pollfd_t *pollfds;
+  ssh_pollfd_t *pollfds = NULL;
  pollptrs = realloc(ctx->pollptrs, sizeof(ssh_poll_handle) * new_size);
  if (pollptrs == NULL) {
@ -862,7 +862,7 @@ ssh_event_add_fd(ssh_event event, socket_t fd, short events,
                 ssh_event_callback cb, void *userdata)
 {
    ssh_poll_handle p;
-    struct ssh_event_fd_wrapper *pw;
+    struct ssh_event_fd_wrapper *pw = NULL;
    if(event == NULL || event->ctx == NULL || cb == NULL
                                           || fd == SSH_INVALID_SOCKET) {
@ -932,7 +932,7 @@ int ssh_event_add_session(ssh_event event, ssh_session session)
 {
    ssh_poll_handle p;
 #ifdef WITH_SERVER
-    struct ssh_iterator *iterator;
+    struct ssh_iterator *iterator = NULL;
 #endif
    if(event == NULL || event->ctx == NULL || session == NULL) {
@ -1079,7 +1079,7 @@ int ssh_event_remove_session(ssh_event event, ssh_session session)
    register size_t i, used;
    int rc = SSH_ERROR;
 #ifdef WITH_SERVER
-    struct ssh_iterator *iterator;
+    struct ssh_iterator *iterator = NULL;
 #endif
    if (event == NULL || event->ctx == NULL || session == NULL) {
--- a/src/server.c
+++ b/src/server.c
@ -85,8 +85,8 @@ int server_set_kex(ssh_session session)
 {
    struct ssh_kex_struct *server = &session->next_crypto->server_kex;
    int i, j, rc;
-    const char *wanted, *allowed;
+    const char *wanted = NULL, *allowed = NULL;
-    char *kept;
+    char *kept = NULL;
    char hostkeys[128] = {0};
    enum ssh_keytypes_e keytype;
    size_t len;
@ -211,9 +211,10 @@ int ssh_server_init_kex(ssh_session session) {
    return server_set_kex(session);
 }
-static int ssh_server_send_extensions(ssh_session session) {
+static int ssh_server_send_extensions(ssh_session session)
 {
    int rc;
-    const char *hostkey_algorithms;
+    const char *hostkey_algorithms = NULL;
    SSH_LOG(SSH_LOG_PACKET, "Sending SSH_MSG_EXT_INFO");
@ -278,8 +279,8 @@ ssh_get_key_params(ssh_session session,
                   ssh_key *privkey,
                   enum ssh_digest_e *digest)
 {
-    ssh_key pubkey;
+    ssh_key pubkey = NULL;
-    ssh_string pubkey_blob;
+    ssh_string pubkey_blob = NULL;
    int rc;
    switch(session->srv.hostkey) {
@ -720,8 +721,9 @@ static int ssh_message_service_request_reply_default(ssh_message msg) {
 *
 * @returns SSH_OK when success otherwise SSH_ERROR
 */
-int ssh_message_service_reply_success(ssh_message msg) {
+int ssh_message_service_reply_success(ssh_message msg)
-    ssh_session session;
+{
    ssh_session session = NULL;
    int rc;
    if (msg == NULL) {
@ -1128,8 +1130,9 @@ int ssh_message_auth_reply_pk_ok(ssh_message msg, ssh_string algo, ssh_string pu
 *
 * @returns SSH_OK on success, otherwise SSH_ERROR
 */
-int ssh_message_auth_reply_pk_ok_simple(ssh_message msg) {
+int ssh_message_auth_reply_pk_ok_simple(ssh_message msg)
-    ssh_string algo;
+{
    ssh_string algo = NULL;
    ssh_string pubkey_blob = NULL;
    int ret;
--- a/src/session.c
+++ b/src/session.c
@ -59,7 +59,7 @@
 */
 ssh_session ssh_new(void)
 {
-    ssh_session session;
+    ssh_session session = NULL;
    char *id = NULL;
    int rc;
@ -294,7 +294,7 @@ void ssh_free(ssh_session session)
  /* options */
  if (session->opts.identity) {
-      char *id;
+      char *id = NULL;
      for (id = ssh_list_pop_head(char *, session->opts.identity);
           id != NULL;
@ -305,7 +305,7 @@ void ssh_free(ssh_session session)
  }
  if (session->opts.identity_non_exp) {
-      char *id;
+      char *id = NULL;
      for (id = ssh_list_pop_head(char *, session->opts.identity_non_exp);
           id != NULL;
@ -1222,7 +1222,7 @@ int ssh_get_publickey_hash(const ssh_key key,
                           unsigned char **hash,
                           size_t *hlen)
 {
-    ssh_string blob;
+    ssh_string blob = NULL;
    unsigned char *h = NULL;
    int rc;
@ -1234,7 +1234,7 @@ int ssh_get_publickey_hash(const ssh_key key,
    switch (type) {
    case SSH_PUBLICKEY_HASH_SHA1:
        {
-            SHACTX ctx;
+            SHACTX ctx = NULL;
            h = calloc(1, SHA_DIGEST_LEN);
            if (h == NULL) {
@ -1266,7 +1266,7 @@ int ssh_get_publickey_hash(const ssh_key key,
        break;
    case SSH_PUBLICKEY_HASH_SHA256:
        {
-            SHA256CTX ctx;
+            SHA256CTX ctx = NULL;
            h = calloc(1, SHA256_DIGEST_LEN);
            if (h == NULL) {
@ -1298,7 +1298,7 @@ int ssh_get_publickey_hash(const ssh_key key,
        break;
    case SSH_PUBLICKEY_HASH_MD5:
        {
-            MD5CTX ctx;
+            MD5CTX ctx = NULL;
            /* In FIPS mode, we cannot use MD5 */
            if (ssh_fips_mode()) {
--- a/src/sftpserver.c
+++ b/src/sftpserver.c
@ -346,8 +346,8 @@ void sftp_client_message_free(sftp_client_message msg)
 int
 sftp_reply_name(sftp_client_message msg, const char *name, sftp_attributes attr)
 {
-    ssh_buffer out;
+    ssh_buffer out = NULL;
-    ssh_string file;
+    ssh_string file = NULL;
    out = ssh_buffer_new();
    if (out == NULL) {
@ -428,7 +428,7 @@ int
 sftp_reply_names_add(sftp_client_message msg, const char *file,
                     const char *longname, sftp_attributes attr)
 {
-    ssh_string name;
+    ssh_string name = NULL;
    name = ssh_string_from_char(file);
    if (name == NULL) {
@ -498,8 +498,8 @@ int sftp_reply_names(sftp_client_message msg)
 int
 sftp_reply_status(sftp_client_message msg, uint32_t status, const char *message)
 {
-    ssh_buffer out;
+    ssh_buffer out = NULL;
-    ssh_string s;
+    ssh_string s = NULL;
    out = ssh_buffer_new();
    if (out == NULL) {
@ -655,7 +655,7 @@ int sftp_reply_version(sftp_client_message client_msg)
 */
 ssh_string sftp_handle_alloc(sftp_session sftp, void *info)
 {
-    ssh_string ret;
+    ssh_string ret = NULL;
    uint32_t val;
    uint32_t i;
@ -1546,7 +1546,7 @@ process_readlink(sftp_client_message client_msg)
    const char *filename = sftp_client_message_get_filename(client_msg);
    char buf[PATH_MAX];
    int len = -1;
-    const char *err_msg;
+    const char *err_msg = NULL;
    int status = SSH_FX_OK;
    SSH_LOG(SSH_LOG_PROTOCOL, "Processing readlink %s", filename);
--- a/src/string.c
+++ b/src/string.c
@ -106,7 +106,7 @@ int ssh_string_fill(struct ssh_string_struct *s, const void *data, size_t len) {
 * @note The null byte is not copied nor counted in the output string.
 */
 struct ssh_string_struct *ssh_string_from_char(const char *what) {
-  struct ssh_string_struct *ptr;
+  struct ssh_string_struct *ptr = NULL;
  size_t len;
  if(what == NULL) {
@ -180,7 +180,7 @@ const char *ssh_string_get_char(struct ssh_string_struct *s)
 */
 char *ssh_string_to_char(struct ssh_string_struct *s) {
  size_t len;
-  char *new;
+  char *new = NULL;
  if (s == NULL) {
      return NULL;
@ -219,7 +219,7 @@ void ssh_string_free_char(char *s) {
 * @return              Newly allocated copy of the string, NULL on error.
 */
 struct ssh_string_struct *ssh_string_copy(struct ssh_string_struct *s) {
-  struct ssh_string_struct *new;
+  struct ssh_string_struct *new = NULL;
  size_t len;
  if (s == NULL) {
--- a/src/threads/winlocks.c
+++ b/src/threads/winlocks.c
@ -82,7 +82,7 @@ static struct ssh_threads_callbacks_struct ssh_threads_winlock =
 void ssh_mutex_lock(SSH_MUTEX *mutex)
 {
-    void *rc;
+    void *rc = NULL;
    CRITICAL_SECTION *mutex_tmp = NULL;
--- a/src/wrapper.c
+++ b/src/wrapper.c
@ -148,7 +148,7 @@ static void cipher_free(struct ssh_cipher_struct *cipher) {
 struct ssh_crypto_struct *crypto_new(void)
 {
-    struct ssh_crypto_struct *crypto;
+    struct ssh_crypto_struct *crypto = NULL;
    crypto = calloc(1, sizeof(struct ssh_crypto_struct));
    if (crypto == NULL) {