OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?
Ben Laurie
benl at freebsd.org
Fri Apr 25 20:38:27 UTC 2014
On 25 April 2014 21:24, Ronald F. Guilmette <rfg at tristatelogic.com> wrote:
> Separately, a code example of the following general form was discussed:
>
> if (condition) variable = value1;
> if (!condition) variable = value2;
> use (variable);
>
> It was noted that code of this form can generate a "false positive"
> warning, from some or many code analyzers, to the effect that "variable"
> may be used while in an "uninitialized" state. I agree entirely that,
> given code of the above form, the variable will never in fact be used
> while in an uninitialized state, and that thus, any such warning is
> rather unambiguously "false". I don't believe that I suggested
> otherwise. I did however note that the warning in such cases may be
> trivially quieted by the addition of an (unconditional) initialization
> of "variable" somewhere prior to the code in question.
But that would then hide the error condition of it being not set to a
new value after initialisation.
One better answer would be to have a way to annotate that after the
two conditionals you assert that |variable| is initialised. Then a
future, smarter static analyzer can attempt to prove you wrong.
> I did that in
> response to an assertion that eliminating such a warning might be in
> some sense "too hard", even though the party or parties to which such
> an assertion might apply was not specified.
More information about the freebsd-security
mailing list