From owner-freebsd-security@FreeBSD.ORG  Fri Apr 25 20:47:34 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 66BDED9F
 for <freebsd-security@freebsd.org>; Fri, 25 Apr 2014 20:47:34 +0000 (UTC)
Received: from outgoing.tristatelogic.com (segfault.tristatelogic.com
 [69.62.255.118]) by mx1.freebsd.org (Postfix) with ESMTP id 450F6150E
 for <freebsd-security@freebsd.org>; Fri, 25 Apr 2014 20:47:33 +0000 (UTC)
Received: from segfault-nmh-helo.tristatelogic.com (localhost [127.0.0.1])
 by segfault.tristatelogic.com (Postfix) with ESMTP id 8D2B53ADFA
 for <freebsd-security@freebsd.org>; Fri, 25 Apr 2014 13:47:33 -0700 (PDT)
From: "Ronald F. Guilmette" <rfg@tristatelogic.com>
To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject: Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?
In-Reply-To: <20140424000744.GE15884@in-addr.com>
Date: Fri, 25 Apr 2014 13:47:33 -0700
Message-ID: <32215.1398458853@server1.tristatelogic.com>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Apr 2014 20:47:34 -0000


In message <20140424000744.GE15884@in-addr.com>, 
Gary Palmer <gpalmer@freebsd.org> wrote:

>Compiler warnings and static code analysis are a small part of a secure
>programming mentality/methodology, and in and of themselves are fairly
>useless.  I doubt either would have caught Heartbleed.

I just wanted to say that although I'm quote obviously a proponent of
making full use of any and every tool that can generate, at compile time,
errors or warnings which may prove useful for improving the quality of
code,  and while I thus would take issue with Gary Palmer's characteri-
zation of such tools as "useless", I do have to concede that he's right
that it is either highly unlikely or perhaps even outright impossible
that any such tools could have properly diagnosed the specific flaw that
led to Heartbleed.

Having looked into Heartbleed a little myself... but not too deeply...
I would say that the only thing that might possibly have prevented
Heartbleed from arising would have been if the entire code base of
OpenSSL would have been engineered from the beginning to be rather
entirely more object oriented than it is.  However even that might
well not have prevented this specific bug.  (And please note that
selecting C as the implementation language most certainly _does not_
preclude object orientation in the code.)


Regards,
rfg