Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + ho

On 25 April 2014 21:46, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> In message <CAG5KPzw_cOfFLX_kn=5DWAX+z+9VeXuzo3Q8YekDJG37tDQ_wQ@mail.gmail.com>
> , Ben Laurie writes:
>>On 25 April 2014 21:24, Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
>>> Separately, a code example of the following general form was discussed:
>>>
>>>         if (condition) variable = value1;
>>>         if (!condition) variable = value2;
>>>         use (variable);
>>>
>
>>One better answer would be to have a way to annotate that after the
>>two conditionals you assert that |variable| is initialised. Then a
>>future, smarter static analyzer can attempt to prove you wrong.
>
> The way you do that *IS* to assert that the variable is indeed
> set to something you can use.

That only works if there's at least one illegal value, though. And you
know what it is :-)

> If your "security" source code does not have at least 10% assert
> lines, you're not really serious about security.

People get really pissed off when I put asserts into OpenSSL.

Perhaps they'll have a different opinion now.

> And of course, if you compile the asserts out for "production"
> you are downright moronic about security :-)
>
> --
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"