OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?
Ben Laurie
benl at freebsd.org
Sat Apr 26 06:41:39 UTC 2014
On 25 April 2014 22:38, Chad Perrin <code at apotheon.net> wrote:
> On Fri, Apr 25, 2014 at 09:52:25PM +0100, Ben Laurie wrote:
>> On 25 April 2014 21:46, Poul-Henning Kamp <phk at phk.freebsd.dk> wrote:
>> > In message <CAG5KPzw_cOfFLX_kn=5DWAX+z+9VeXuzo3Q8YekDJG37tDQ_wQ at mail.gmail.com>
>> > , Ben Laurie writes:
>> >>On 25 April 2014 21:24, Ronald F. Guilmette <rfg at tristatelogic.com> wrote:
>> >>> Separately, a code example of the following general form was discussed:
>> >>>
>> >>> if (condition) variable = value1;
>> >>> if (!condition) variable = value2;
>> >>> use (variable);
>> >>>
>> >
>> >>One better answer would be to have a way to annotate that after the
>> >>two conditionals you assert that |variable| is initialised. Then a
>> >>future, smarter static analyzer can attempt to prove you wrong.
>> >
>> > The way you do that *IS* to assert that the variable is indeed
>> > set to something you can use.
>>
>> That only works if there's at least one illegal value, though. And you
>> know what it is :-)
>
> With the proposed initialization value of -1, you could at least assert
> that it is no longer -1, which at least indicates you have done
> *something* to it in your code -- which, I believe, solves the problem
> the code analyzer actually "intended" to point out, which is that it
> might be possible for a variable to be used without any value assigned
> to it (thus potentially reading garbage from a variable).
Only if -1 cannot be either value1 or value2, that's my point.
>
>
>> >
>> > If your "security" source code does not have at least 10% assert
>> > lines, you're not really serious about security.
>>
>> People get really pissed off when I put asserts into OpenSSL.
>>
>> Perhaps they'll have a different opinion now.
>
> . . . or maybe we'll all end up using LibreSSL in the not-to-distant
> future and it will not matter any longer (for some definition of "we"
> that does not include banks running "secure" software on VMS past its
> epoch).
Or Windows or Linux or ...
>
> --
> Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ]
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list