heartbleed - ceho vseho se vlastne tyka

Miroslav Lachman 000.fbsd at quip.cz
Wed Apr 23 11:03:57 CEST 2014


Vilem Kebrt wrote:
> Ahoj liste :)
>
> Tohle me docela dostalo, ty komentare jsou naprosto neuprosny ,
> doporucuju precist, i kdyz se zatim jedna jen on OpenBSD. Lehce jsem
> kouknul na ty upravy kodu ktery ten clovek zverejnil na githubu (ma tam
> odkaz) a rozhodne maji hlavu a patu.
> Vilem
>
> https://lobste.rs/s/3utipo/openbsd_has_started_a_massive_strip-down_and_cleanup_of_openssl/comments/fkwgqw

Heartbleed a jeste jedna provokacni poznamka od Theo de Raadta ohledne 
OpenSSH na FreeBSD se resi v security mailinglistu a zajimave je i tohle:

http://lists.freebsd.org/pipermail/freebsd-security/2014-April/007581.html

Running clang's static analyzer against openssl-1.0.1g yields:

Bug Type	Quantity
All Bugs	182	

Dead store
	Dead assignment		121
	Dead increment		12
	Dead initialization	2

Logic error
	Assigned value is garbage or undefined		3
	Branch condition evaluates to a garbage value	1
	Dereference of null pointer			27
	Division by zero				1
	Result of operation is garbage or undefined	9
	Uninitialized argument value			2
	Unix API					4

Mirek


More information about the Users-l mailing list