OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?
Ben Laurie
benl at freebsd.org
Fri Apr 25 20:52:27 UTC 2014
On 25 April 2014 21:46, Poul-Henning Kamp <phk at phk.freebsd.dk> wrote:
> In message <CAG5KPzw_cOfFLX_kn=5DWAX+z+9VeXuzo3Q8YekDJG37tDQ_wQ at mail.gmail.com>
> , Ben Laurie writes:
>>On 25 April 2014 21:24, Ronald F. Guilmette <rfg at tristatelogic.com> wrote:
>>> Separately, a code example of the following general form was discussed:
>>>
>>> if (condition) variable = value1;
>>> if (!condition) variable = value2;
>>> use (variable);
>>>
>
>>One better answer would be to have a way to annotate that after the
>>two conditionals you assert that |variable| is initialised. Then a
>>future, smarter static analyzer can attempt to prove you wrong.
>
> The way you do that *IS* to assert that the variable is indeed
> set to something you can use.
That only works if there's at least one illegal value, though. And you
know what it is :-)
> If your "security" source code does not have at least 10% assert
> lines, you're not really serious about security.
People get really pissed off when I put asserts into OpenSSL.
Perhaps they'll have a different opinion now.
> And of course, if you compile the asserts out for "production"
> you are downright moronic about security :-)
>
> --
> Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
> phk at FreeBSD.ORG | TCP/IP since RFC 956
> FreeBSD committer | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-security
mailing list