From owner-freebsd-security@FreeBSD.ORG  Fri Apr 25 21:38:55 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 4BFB65AA
 for <freebsd-security@freebsd.org>; Fri, 25 Apr 2014 21:38:55 +0000 (UTC)
Received: from gproxy1-pub.mail.unifiedlayer.com
 (gproxy1-pub.mail.unifiedlayer.com [69.89.25.95])
 by mx1.freebsd.org (Postfix) with SMTP id 182F11A28
 for <freebsd-security@freebsd.org>; Fri, 25 Apr 2014 21:38:54 +0000 (UTC)
Received: (qmail 12841 invoked by uid 0); 25 Apr 2014 21:38:54 -0000
Received: from unknown (HELO cmgw3) (10.0.90.84)
 by gproxy1.mail.unifiedlayer.com with SMTP; 25 Apr 2014 21:38:54 -0000
Received: from box543.bluehost.com ([74.220.219.143]) by cmgw3 with 
 id uMer1n00G36DqkS01MeuQ3; Fri, 25 Apr 2014 15:38:54 -0600
X-Authority-Analysis: v=2.1 cv=XPOjF2RE c=1 sm=1 tr=0
 a=m1eD20qHdBbyQr3wvGb0tQ==:117 a=m1eD20qHdBbyQr3wvGb0tQ==:17 a=cNaOj0WVAAAA:8
 a=f5113yIGAAAA:8 a=J0QyKEt1u0cA:10 a=oA0Jii2iB0UA:10 a=ZzjhlJrv0foA:10
 a=kj9zAlcOel0A:10 a=hBmbxFWgAAAA:8 a=O5JQB85wRqYA:10 a=9NnC__TRAO0A:10
 a=pGLkceISAAAA:8 a=hKNOJcEOAAAA:8 a=70qzlKQjAAAA:8 a=ZKyoXTu9lnk2cEw3GCcA:9
 a=CjuIK1q_8ugA:10 a=--HJk1m7dRcA:10
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=apotheon.net;
 s=default; 
 h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date;
 bh=EjWW2IitWDjcQvnTTho7tMrnVIeJFngqDQ+UcnF4RME=; 
 b=jFWTOwRWej7cOrTe26VcLXsW8OIdnVgdUQYCD/dlYgm8MTIOQ5r1snAlyzoXlhy9e/yRgBUAqjdoLHMJufV4TbFoLTZdpy6rMv08G42K9P5d63wBhfG9h2YvRS3SVUZT;
Received: from [98.245.97.34] (port=62594 helo=localhost)
 by box543.bluehost.com with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
 (Exim 4.82) (envelope-from <code@apotheon.net>) id 1Wdnpb-0001LH-9i
 for freebsd-security@freebsd.org; Fri, 25 Apr 2014 15:38:51 -0600
Date: Fri, 25 Apr 2014 15:38:46 -0600
From: Chad Perrin <code@apotheon.net>
To: freebsd-security@freebsd.org
Subject: Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?
Message-ID: <20140425213846.GC9479@glaze.hydra>
Mail-Followup-To: freebsd-security@freebsd.org
References: <86zjj9mivi.fsf@nine.des.no>
 <32060.1398457484@server1.tristatelogic.com>
 <CAG5KPzw_cOfFLX_kn=5DWAX+z+9VeXuzo3Q8YekDJG37tDQ_wQ@mail.gmail.com>
 <36500.1398458797@critter.freebsd.dk>
 <CAG5KPzwrXGB-2p37fAtcWTGvGKPt5uaoQ-dZ8BwkwtKt8aOG6w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAG5KPzwrXGB-2p37fAtcWTGvGKPt5uaoQ-dZ8BwkwtKt8aOG6w@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Identified-User: {2737:box543.bluehost.com:apotheon:apotheon.net}
 {sentby:smtp auth 98.245.97.34 authed with code@apotheon.net}
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Apr 2014 21:38:55 -0000

On Fri, Apr 25, 2014 at 09:52:25PM +0100, Ben Laurie wrote:
> On 25 April 2014 21:46, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> > In message <CAG5KPzw_cOfFLX_kn=5DWAX+z+9VeXuzo3Q8YekDJG37tDQ_wQ@mail.gmail.com>
> > , Ben Laurie writes:
> >>On 25 April 2014 21:24, Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
> >>> Separately, a code example of the following general form was discussed:
> >>>
> >>>         if (condition) variable = value1;
> >>>         if (!condition) variable = value2;
> >>>         use (variable);
> >>>
> >
> >>One better answer would be to have a way to annotate that after the
> >>two conditionals you assert that |variable| is initialised. Then a
> >>future, smarter static analyzer can attempt to prove you wrong.
> >
> > The way you do that *IS* to assert that the variable is indeed
> > set to something you can use.
> 
> That only works if there's at least one illegal value, though. And you
> know what it is :-)

With the proposed initialization value of -1, you could at least assert
that it is no longer -1, which at least indicates you have done
*something* to it in your code -- which, I believe, solves the problem
the code analyzer actually "intended" to point out, which is that it
might be possible for a variable to be used without any value assigned
to it (thus potentially reading garbage from a variable).


> >
> > If your "security" source code does not have at least 10% assert
> > lines, you're not really serious about security.
> 
> People get really pissed off when I put asserts into OpenSSL.
> 
> Perhaps they'll have a different opinion now.

. . . or maybe we'll all end up using LibreSSL in the not-to-distant
future and it will not matter any longer (for some definition of "we"
that does not include banks running "secure" software on VMS past its
epoch).

-- 
Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ]