From owner-freebsd-security@FreeBSD.ORG Fri Apr 25 20:38:27 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AFA527F9 for ; Fri, 25 Apr 2014 20:38:27 +0000 (UTC) Received: from mail-qg0-x22f.google.com (mail-qg0-x22f.google.com [IPv6:2607:f8b0:400d:c04::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7125213AC for ; Fri, 25 Apr 2014 20:38:27 +0000 (UTC) Received: by mail-qg0-f47.google.com with SMTP id e89so4658322qgf.34 for ; Fri, 25 Apr 2014 13:38:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=oRUYUs0+hjRfE37FKEEkZI73ZpPNGtZ0HikAspxIwmc=; b=r202QcqWzdRDiK2wYRa6CpBvzV4/s3kXxhAVX6qPT1KTJMlq+QigIBrJJRr4+AW9aC 0WZf9kCmNUjnD+VMBrrobwTmKv4WwMM9UCrfZ0+xeZh4qTBnqF+oFReifKcsOLrUt6aq BUgJw7VZh6vC93i/7hbSbQ3BwGaCBNg+eGLtPvR8WiR/iytHY+EM/2uMn0H4BalV0JNK D5ZH0yGc0/aghuzivdKIpTV+jpV+pVsEtAStxIqWCIyBJXrDU/HAaSIJD2kL2EnKxtvs vROPUIN0wl8GjhZAlvM4qpSHp27E3td7y6rbA+kRooFI0t1YfnkKRV22XjkrkI93ZivC jDvg== MIME-Version: 1.0 X-Received: by 10.140.92.230 with SMTP id b93mr6483605qge.12.1398458306541; Fri, 25 Apr 2014 13:38:26 -0700 (PDT) Sender: benlaurie@gmail.com Received: by 10.96.162.196 with HTTP; Fri, 25 Apr 2014 13:38:26 -0700 (PDT) In-Reply-To: <32060.1398457484@server1.tristatelogic.com> References: <86zjj9mivi.fsf@nine.des.no> <32060.1398457484@server1.tristatelogic.com> Date: Fri, 25 Apr 2014 21:38:26 +0100 X-Google-Sender-Auth: tMlMGo177l-d1hTxZUlkpYgKR94 Message-ID: Subject: Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole? From: Ben Laurie To: "Ronald F. Guilmette" Content-Type: text/plain; charset=UTF-8 Cc: "freebsd-security@freebsd.org security" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Apr 2014 20:38:27 -0000 On 25 April 2014 21:24, Ronald F. Guilmette wrote: > Separately, a code example of the following general form was discussed: > > if (condition) variable = value1; > if (!condition) variable = value2; > use (variable); > > It was noted that code of this form can generate a "false positive" > warning, from some or many code analyzers, to the effect that "variable" > may be used while in an "uninitialized" state. I agree entirely that, > given code of the above form, the variable will never in fact be used > while in an uninitialized state, and that thus, any such warning is > rather unambiguously "false". I don't believe that I suggested > otherwise. I did however note that the warning in such cases may be > trivially quieted by the addition of an (unconditional) initialization > of "variable" somewhere prior to the code in question. But that would then hide the error condition of it being not set to a new value after initialisation. One better answer would be to have a way to annotate that after the two conditionals you assert that |variable| is initialised. Then a future, smarter static analyzer can attempt to prove you wrong. > I did that in > response to an assertion that eliminating such a warning might be in > some sense "too hard", even though the party or parties to which such > an assertion might apply was not specified.