Date: Fri, 25 Apr 2014 21:52:25 +0100 From: Ben Laurie <benl@freebsd.org> To: Poul-Henning Kamp <phk@phk.freebsd.dk> Cc: "freebsd-security@freebsd.org security" <freebsd-security@freebsd.org>, "Ronald F. Guilmette" <rfg@tristatelogic.com> Subject: Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole? Message-ID: <CAG5KPzwrXGB-2p37fAtcWTGvGKPt5uaoQ-dZ8BwkwtKt8aOG6w@mail.gmail.com> In-Reply-To: <36500.1398458797@critter.freebsd.dk> References: <86zjj9mivi.fsf@nine.des.no> <32060.1398457484@server1.tristatelogic.com> <CAG5KPzw_cOfFLX_kn=5DWAX%2Bz%2B9VeXuzo3Q8YekDJG37tDQ_wQ@mail.gmail.com> <36500.1398458797@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25 April 2014 21:46, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > In message <CAG5KPzw_cOfFLX_kn=5DWAX+z+9VeXuzo3Q8YekDJG37tDQ_wQ@mail.gmail.com> > , Ben Laurie writes: >>On 25 April 2014 21:24, Ronald F. Guilmette <rfg@tristatelogic.com> wrote: >>> Separately, a code example of the following general form was discussed: >>> >>> if (condition) variable = value1; >>> if (!condition) variable = value2; >>> use (variable); >>> > >>One better answer would be to have a way to annotate that after the >>two conditionals you assert that |variable| is initialised. Then a >>future, smarter static analyzer can attempt to prove you wrong. > > The way you do that *IS* to assert that the variable is indeed > set to something you can use. That only works if there's at least one illegal value, though. And you know what it is :-) > If your "security" source code does not have at least 10% assert > lines, you're not really serious about security. People get really pissed off when I put asserts into OpenSSL. Perhaps they'll have a different opinion now. > And of course, if you compile the asserts out for "production" > you are downright moronic about security :-) > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG5KPzwrXGB-2p37fAtcWTGvGKPt5uaoQ-dZ8BwkwtKt8aOG6w>