OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?
Poul-Henning Kamp
phk at phk.freebsd.dk
Fri Apr 25 20:46:46 UTC 2014
In message <CAG5KPzw_cOfFLX_kn=5DWAX+z+9VeXuzo3Q8YekDJG37tDQ_wQ at mail.gmail.com>
, Ben Laurie writes:
>On 25 April 2014 21:24, Ronald F. Guilmette <rfg at tristatelogic.com> wrote:
>> Separately, a code example of the following general form was discussed:
>>
>> if (condition) variable = value1;
>> if (!condition) variable = value2;
>> use (variable);
>>
>One better answer would be to have a way to annotate that after the
>two conditionals you assert that |variable| is initialised. Then a
>future, smarter static analyzer can attempt to prove you wrong.
The way you do that *IS* to assert that the variable is indeed
set to something you can use.
If your "security" source code does not have at least 10% assert
lines, you're not really serious about security.
And of course, if you compile the asserts out for "production"
you are downright moronic about security :-)
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-security
mailing list