看板FB_security
标 题Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?
发信站NCTU CS FreeBSD Server (Fri Apr 25 16:55:28 2014)
转信站ptt!csnews.cs.nctu!news.cednctu!FreeBSD.cs.nctu!.POSTED!freebsd.org!ow
K2x3aHN1CgpUaGluZ3MgYXJlIGluIG1vdGlvbiB0byBicmluZyBiYWNrIHRoZSBzY2FuLWJ1aWxk
IHJlc3VsdHMgb24gRnJlZUJTRAppbmZyYXN0cnVjdHVyZSwgc28gdGhhdCBpdCBkb2Vzbid0IGRp
c2FwcGVhciB3aXRob3V0IG5vdGljZSwgYWdhaW4uCgpPbiBUaHUsIDIwMTQtMDQtMjQgYXQgMTM6
NTc6MTMgKzAyMDAsIEVyaWsgQ2VkZXJzdHJhbmQgd3JvdGU6Cj4gRGVuIDI0LzA0LzIwMTQga2wu
IDEzLjA3IHNrcmV2IFJvbmFsZCBGLiBHdWlsbWV0dGUgPHJmZ0B0cmlzdGF0ZWxvZ2ljLmNvbT46
Cj4gPiAKPiA+IEluIHRoZSBwb3N0IHRoYXQgeW91IGFyZSByZXBseWluZyB0bywgSSB0b29rIGlz
c3VlIHdpdGggdHdvIHByaW9yIGFzc2VydGlvbnMKPiA+IG1hZGUgYnkgTWFyayBBbmRyZXdzLCBz
cGVjaWZpY2FsbHkgKDEpIHRoYXQgc29tZSBjbGFuZyBzdGF0aWMgYW5hbHlzaXMKPiA+IHdhcm5p
bmdzIGFyZSAiZmFsc2UgcG9zaXRpdmVzIiBhbmQgKDIpIHRoYXQgZWxpbWluYXRpb24gc29tZSBv
ZiB0aGVtIHdhcwo+ID4gImltcG9zc2libGUiLgo+IAo+IEkgcmVhbGx5IHdpc2ggdGhlIHJlcG9y
dHMgd2VyZSBvbmxpbmUgYWdhaW4gc28gd2Ugd2VyZW4ndCBkaXNjdXNzaW5nIGh5cG90aGV0aWNh
bCBzaXR1YXRpb25zIGhlcmUuIFVscmljaD8KPiAKPiA+IFNpciwgZG9lcyBub3QgdGhlIGZvbGxv
d2luZyB0cml2aWFsIGFuZCBvYnZpb3VzIHNpbmdsZSBsaW5lIG1vZGlmaWNhdGlvbgo+ID4gdG8g
dGhlIGFib3ZlIGNvZGUgZWxpbWluYXRlIHRoZSB3YXJuaW5nPyAgQW5kIGRvZXMgaXQgbm90IGRv
IHNvICp3aXRob3V0Kgo+ID4gdGhlIG5lZWQgZm9yIGBgY29uc2lkZXJhYmxlIGVmZm9ydCcnPwo+
ID4gCj4gPiAgICBpbnQgeCA9IC0xOwo+ID4gCj4gPiBJIHRoYW5rIHlvdSBmb3IgcHJvdmlkaW5n
IG1lIHdpdGggdGhlIGV4YW1wbGUgYWJvdmUsIGFuZCB0aHVzIGFsc28gdGhpcwo+ID4gb3Bwb3J0
dW5pdHkgdG8gc28gcGVyZmVjdGx5IGlsbHVzdHJhdGUgbXkgZnVuZGFtZW50YWwgcG9pbnQuCj4g
Cj4gVGhlIGV4YW1wbGUgSSBnYXZlIGlzIG9mIGNvdXJzZSB0cml2aWFsIHRvIHJld3JpdGUuIEl0
IHdhcyB0aGUgc2hvcnRlc3QgcG9zc2libGUgZXhhbXBsZSBJIGNvdWxkIHRoaW5rIG9mIHRvIGls
bHVzdHJhdGUgdGhlIHNpdHVhdGlvbi4gSXQgd2FzIGNvbmRlbnNlZCBmcm9tIGEgcmVhbGx5IGNv
bnZvbHV0ZWQgaWYtZWxzZSBjYXNlIHdoaWNoIHdhcyBub3QgaW5jb3JyZWN0IGJ1dCBxdWl0ZSBk
aWZmaWN1bHQgdG8gdW50YW5nbGUuIEFuZCB5ZXMsIGl0J3MgbGF1ZGFibGUgdG8gcmV3cml0ZSBp
dCBmb3IgdGhlIHNha2Ugb2YgcmVhZGFiaWxpdHksIGJ1dCBpdCBkb2Vzbid0IGZpeCBhbnkgc2Vj
dXJpdHkgaXNzdWVzLgo+IAo+ID4gQXMgdGhlIGV4YW1wbGVzIGFib3ZlIGlsbHVzdHJhdGUsIHRo
ZSBjbGFpbSB0aGF0IGVsaW1pbmF0aW5nIHRoZSBub24taGVscGZ1bAo+ID4gd2FybmluZ3MgaXMg
YGB0b28gaGFyZCcnIGNhbm5vdCwgSSBiZWxpZXZlLCBiZSBzdXBwb3J0ZWQgYnkgdGhlIGZhY3Rz
LCBhbmQKPiA+IHRoZSAodW5mb3J0dW5hdGVseSB3aWRlc3ByZWFkKSBwZXJjZXB0aW9uIHRoYXQg
ZWxpbWluYXRpbmcgc3VjaCB3YXJuaW5ncyBpcwo+ID4gYGB0b28gaGFyZCcnIGlzIGFjdHVhbGx5
Li4uIGFuZCBub3QgdG8gcHV0IHRvbyBmaW5lIGEgcG9pbnQgb24gaXQuLi4gYQo+ID4gcHJvZHVj
dCBtb3JlIG9mIGlnbm9yYW5jZSBvciBsYXppbmVzcyB0aGFuIGl0IGlzIGEgcHJvZHVjdCBvZiBn
ZW51aW5lCj4gPiBkaWZmaWN1bHR5IGluIHF1aWV0aW5nIHRoZSB1bmhlbHBmdWwgZGlhZ25vc3Rp
Y3MgaW4gcXVlc3Rpb24uCj4gCj4gQXMgb3RoZXJzIGhhdmUgcG9pbnRlZCBvdXQsICd0b28gaGFy
ZCcgY2FuIGFsc28gbWVhbiAndG9vIGhhcmQnIHRvIGdldCBzb21lb25lIHdpdGggY29tbWl0IGFj
Y2VzcyB0byBhY3R1YWxseSBjb21taXQgdGhlIHBhdGNoIGFuZCBhY2NlcHQgdGhlIHJpc2sgb2Yg
aW50cm9kdWNpbmcgbmV3IGJ1Z3MuIENhc2UgaW4gcG9pbnQ6IEkgY29udHJpYnV0ZWQgdGhpcyBv
bmUtbGluZXIgcGF0Y2ggZm9yIFpGUyBmb3VuZCBieSBDbGFuZyBBbmFseXplciwgYWRkaW5nIHRo
ZSBfX25vcmV0dXJuX18gcHJhZ21hIHlvdSBhbHNvIG1lbnRpb246IGh0dHBzOi8vd3d3LmlsbHVt
b3Mub3JnL2lzc3Vlcy8zMzYzLiBGb3IgMSw1IHllYXJzLCBJIGhhdmUgYmVlbiB1bmFibGUgdG8g
Z2V0IGFueW9uZSBmcm9tIEZyZWVCU0Qgb3IgSWxsdW1vcyB0byBjb21taXQgaXQgb3IgZXZlbiBy
ZXZpZXcgaXQuIE15IHBlcnNvbmFsIGNvbmNsdXNpb24gaXMgdGhhdCBwYXRjaGVzIHRvIHdhcm5p
bmdzIGhhdmUgdG8gZml4IG1vcmUgc2V2ZXJlIGlzc3VlcyB0byBnZXQgYXR0ZW50aW9uLiBPciBp
biBvdGhlciB3b3JkcywgaWYgdGhlIHdhcm5pbmcgaXMgYSByZXN1bHQgb2YgdGhlIGNvbXBpbGVy
IG9yIGFuYWx5emVyIGJlaW5nIHRvbyBzdHVwaWQsIHRoZSByZXNwb25zZSB3aWxsIG1vcmUgbGlr
ZWx5IGJlICJmaXggdGhlIGFuYWx5emVyIiwgYW5kIGNvbXBpbGVyIHdhcm5pbmdzIGFyZSBtb3Jl
IGxpa2VseSB0byBiZSBpZ25vcmVkLgo+IAo+ID4gSSdtIHNvcnJ5LCB5b3UgYXJlIGFwcGFyZW50
bHkgdXNpbmcgc29tZSBkb21haW4tc3BlY2lmaWMgdGVybWlub2xvZ3kgd2l0aAo+ID4gd2hpY2gg
SSBhbSBub3QgZmFtaWxpYXIuICBXaGF0IGV4YWN0bHkgaXMgIklQQSIgYW5kICJhbHBoYS1yZW1h
bmluZyI/ICBEbwo+ID4gdGhlc2UgaGF2ZSBzb21ldGhpbmcgZG8gZG8gd2l0aCBTU0w/Cj4gCj4g
QWxwaGEgcmVuYW1pbmcsIG9yIM6xLWNvbnZlcnNpb24sIGlzIGV4cGxhaW5lZCBoZXJlOiBodHRw
Oi8vZW4ud2lraXBlZGlhLm9yZy93aWtpL0xhbWJkYV9jYWxjdWx1cwo+IAo+IElQQSwgb3IgSW50
ZXItUHJvY2VkdXJhbCBBbmFseXNpcywgaXMgZXhwbGFpbmVkIGhlcmU6IGh0dHA6Ly9sbHZtLm9y
Zy9kb2NzL0xleGljb24uaHRtbAo+IAo+IAo+IEVyaWsKX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX18KZnJlZWJzZC1zZWN1cml0eUBmcmVlYnNkLm9yZyBtYWls
aW5nIGxpc3QKaHR0cDovL2xpc3RzLmZyZWVic2Qub3JnL21haWxtYW4vbGlzdGluZm8vZnJlZWJz
ZC1zZWN1cml0eQpUbyB1bnN1YnNjcmliZSwgc2VuZCBhbnkgbWFpbCB0byAiZnJlZWJzZC1zZWN1
cml0eS11bnN1YnNjcmliZUBmcmVlYnNkLm9yZyI=