On Mon, Feb 18, 2013 at 8:31 AM, Nick <nos...@codesniffer.com> wrote: > On Mon, 2013-02-18 at 08:12 -0500, Jeffrey Walton wrote: >> It looks like the GCC tool chain has let you down: "C/C++ Option to >> Initialize Variables?", >> http://gcc.gnu.org/ml/gcc/2013-02/msg00207.html. >> >> Visual Studio has a similar feature for debug builds, and I don't ever >> recall being burned by using an uninitalized value since the value >> will be distinguished garbage - 0xCDCDCDCD and the like. As soon as I >> see it, I know something is not initialized. >> > Fair point. > > Yes, I'm using GCC, and frankly, I have no real complaints compared to > VC. > > In this case, based on the seg fault and the resulting corrupted stack > trace, it was obvious that the issue was related to referencing bad > memory. Regardless if a toolchain might help with issues like this, the > error is more fundamental: I did not fully understand aspects of the > API. So the time spent was less on "what is happening?" and more on > "what am I doing wrong?". > >> Were you compiling with full warnings? If so, you should have been >> warned of use of an initialized value. If not, you might want to >> investigate how the tool chain can help you with reliability and >> security (there are lots of opportunities). > > Yes, I build w/ many warnings. Here's the relevant section of my build > command--do you suggest other warnings to be enabled? > > g++-4.7.2 -g -Wall -Wextra -Weffc++ -Wno-missing-field-initializers > -Wctor-dtor-privacy -Wnon-virtual-dtor -Wreorder -Wold-style-cast > -Woverloaded-virtual -Werror -std=c++11 -Wno-missing-field-initializers :)
OWASP is working on an article for C-Based toolchain hardening (https://www.owasp.org/index.php/C-Based_Toolchain_Hardening). Its not ready at the moment - compiler and linker hardening goes in next, and auditing should go in later in the week. The article should be ready in about a week or so. > GCC did in fact warn me early-on about using the X509 struct > uninitialized, but it did not warn about the RSA struct. Still, my lack > of fully understanding the API led me to default initialize it (I come > from more C++ than C) which silenced the warning and that part of the > code worked anyway. So it still boils down to the developer knowing > what he/she is doing and not relying on tooling to point out problems. Documentation is another can of worms :) I believe the OpenSSL Foundation is evaluating ways to improve it as we speak. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org