heartbleed - ceho vseho se vlastne tyka
Miroslav Lachman
000.fbsd at quip.cz
Wed Apr 23 11:03:57 CEST 2014
Vilem Kebrt wrote:
> Ahoj liste :)
>
> Tohle me docela dostalo, ty komentare jsou naprosto neuprosny ,
> doporucuju precist, i kdyz se zatim jedna jen on OpenBSD. Lehce jsem
> kouknul na ty upravy kodu ktery ten clovek zverejnil na githubu (ma tam
> odkaz) a rozhodne maji hlavu a patu.
> Vilem
>
> https://lobste.rs/s/3utipo/openbsd_has_started_a_massive_strip-down_and_cleanup_of_openssl/comments/fkwgqw
Heartbleed a jeste jedna provokacni poznamka od Theo de Raadta ohledne
OpenSSH na FreeBSD se resi v security mailinglistu a zajimave je i tohle:
http://lists.freebsd.org/pipermail/freebsd-security/2014-April/007581.html
Running clang's static analyzer against openssl-1.0.1g yields:
Bug Type Quantity
All Bugs 182
Dead store
Dead assignment 121
Dead increment 12
Dead initialization 2
Logic error
Assigned value is garbage or undefined 3
Branch condition evaluates to a garbage value 1
Dereference of null pointer 27
Division by zero 1
Result of operation is garbage or undefined 9
Uninitialized argument value 2
Unix API 4
Mirek
More information about the Users-l
mailing list