Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Source Code Analysis

From: Matt <matt () use net>
Date: Thu, 7 Sep 2006 13:25:24 -0700 (PDT)
On Thu, 7 Sep 2006, Alexander Sotirov wrote:

Here's some work I did on static analysis last year (as a gcc patch):
http://gcc.vulncheck.org/

I used taint propagation and value range propagation to detect things like:

      n = read_int_from_network();
      memcpy(src, dst, n);

which is exactly the same C pattern that caused OpenSSL remote vulnerability a
few years ago, and surely many others. The value range propagation allows us to
correctly flag this as safe:

      n = read_int_from_network();
      if (n < 255)
              memcpy(src, dst, n);


How do you track this inter-function and inter-module? Are you using newer
interfaces exposed by GCC 4.x's GIMPLE stuff or..?


--
tangled strands of DNA explain the way that I behave.
http://www.clock.org/~matt
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: