Re: Static analysis?

Wed, 18 Apr 2012 00:39:46 -0700

A few years ago, we did some experiments on finding problems in error handling in OpenSSL using Coccinelle: 

Finding Error Handling Bugs in OpenSSL using Coccinelle
Julia Lawall, Ben Laurie, René Rydhof Hansen, Nicolas Palix, Gilles Muller. Eighth European Dependable Computing Conference, EDCC 2010, Valencia, Spain, April 2010 
http://coccinelle.lip6.fr/papers/edcc10.pdf

julia

On Tue, 17 Apr 2012, Lubomír Sedlář wrote:


Hello,
I would like to ask if any static analysis tool was ever used to detect
possible problems in OpenSSL source code. Is some tool used regularly?

I tried running Clang Static Analyzer [1] on the source of OpenSSL. It
found 222 possible "bugs". You can see the full list here [2]. At least
65 of them are false positives. Most of the ones that seem valid to me
are classified as Dead Code. However, even some dead assignments look
like real problems.

Some examples follow:

http://www.fi.muni.cz/~xsedlar3/openssl-analysis/report-JxXj0g.html#EndPath
The variable 'al' is never read. The goto should probably jump to
'f_err' in order not to lose the alert.

http://www.fi.muni.cz/~xsedlar3/openssl-analysis/report-6OKYC8.html#EndPath
The assignment to 'ret' is either useless or goto should jump to 'err'.

http://www.fi.muni.cz/~xsedlar3/openssl-analysis/report-117dnV.html#EndPath
http://www.fi.muni.cz/~xsedlar3/openssl-analysis/report-rT4fgM.html#EndPath
Duplicit assignment to 'ret' and 'saved_state.epoch', respectively.

http://www.fi.muni.cz/~xsedlar3/openssl-analysis/report-xy1iZT.html#EndPath
'qbits' gets assigned the same value in following condition again.

http://www.fi.muni.cz/~xsedlar3/openssl-analysis/report-IG0Qez.html#EndPath
The 'E', 'e', 'G', 'g' cases don't seem to do anything. Is there some
missing functionality?

http://www.fi.muni.cz/~xsedlar3/openssl-analysis/report-euj1zH.html#EndPath
Default port is assigned twice, on line 234.

Would you be interested in some patches? How and where should I submit
them?

Regards,
Lubomír Sedlář

[1]: http://clang-analyzer.llvm.org/
[2]: http://www.fi.muni.cz/~xsedlar3/openssl-analysis/

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

Reply via email to