Dailydave mailing list archives
Re: Source Code Analysis
From: Matt <matt () use net>
Date: Thu, 7 Sep 2006 13:25:24 -0700 (PDT)
On Thu, 7 Sep 2006, Alexander Sotirov wrote:
Here's some work I did on static analysis last year (as a gcc patch): http://gcc.vulncheck.org/ I used taint propagation and value range propagation to detect things like: n = read_int_from_network(); memcpy(src, dst, n); which is exactly the same C pattern that caused OpenSSL remote vulnerability a few years ago, and surely many others. The value range propagation allows us to correctly flag this as safe: n = read_int_from_network(); if (n < 255) memcpy(src, dst, n);
How do you track this inter-function and inter-module? Are you using newer interfaces exposed by GCC 4.x's GIMPLE stuff or..? -- tangled strands of DNA explain the way that I behave. http://www.clock.org/~matt _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Source Code Analysis Dave Aitel (Sep 07)
- Re: Source Code Analysis Alexander Sotirov (Sep 07)
- Re: Source Code Analysis Matt (Sep 07)
- Re: Source Code Analysis Alexander Sotirov (Sep 18)
- Re: Source Code Analysis Matt (Sep 07)
- Re: Source Code Analysis Mateusz Berezecki (Sep 07)
- Re: Source Code Analysis Matt (Sep 07)
- <Possible follow-ups>
- Source Code Analysis kcope (Sep 16)
- Re: Source Code Analysis Alexander Sotirov (Sep 07)