Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + ho

In message <CAG5KPzw_cOfFLX_kn=5DWAX+z+9VeXuzo3Q8YekDJG37tDQ_wQ@mail.gmail.com>
, Ben Laurie writes:
>On 25 April 2014 21:24, Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
>> Separately, a code example of the following general form was discussed:
>>
>>         if (condition) variable = value1;
>>         if (!condition) variable = value2;
>>         use (variable);
>>

>One better answer would be to have a way to annotate that after the
>two conditionals you assert that |variable| is initialised. Then a
>future, smarter static analyzer can attempt to prove you wrong.

The way you do that *IS* to assert that the variable is indeed
set to something you can use.

If your "security" source code does not have at least 10% assert
lines, you're not really serious about security.

And of course, if you compile the asserts out for "production"
you are downright moronic about security :-)

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"