看板FB_security
標 題Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?
發信站NCTU CS FreeBSD Server (Thu Apr 24 21:59:10 2014)
轉信站ptt!csnews.cs.nctu!news.cednctu!FreeBSD.cs.nctu!.POSTED!freebsd.org!ow
RGVuIDI0LzA0LzIwMTQga2wuIDEzLjA3IHNrcmV2IFJvbmFsZCBGLiBHdWlsbWV0dGUgPHJmZ0B0
cmlzdGF0ZWxvZ2ljLmNvbT46Cj4gCj4gSW4gdGhlIHBvc3QgdGhhdCB5b3UgYXJlIHJlcGx5aW5n
IHRvLCBJIHRvb2sgaXNzdWUgd2l0aCB0d28gcHJpb3IgYXNzZXJ0aW9ucwo+IG1hZGUgYnkgTWFy
ayBBbmRyZXdzLCBzcGVjaWZpY2FsbHkgKDEpIHRoYXQgc29tZSBjbGFuZyBzdGF0aWMgYW5hbHlz
aXMKPiB3YXJuaW5ncyBhcmUgImZhbHNlIHBvc2l0aXZlcyIgYW5kICgyKSB0aGF0IGVsaW1pbmF0
aW9uIHNvbWUgb2YgdGhlbSB3YXMKPiAiaW1wb3NzaWJsZSIuCgpJIHJlYWxseSB3aXNoIHRoZSBy
ZXBvcnRzIHdlcmUgb25saW5lIGFnYWluIHNvIHdlIHdlcmVuJ3QgZGlzY3Vzc2luZyBoeXBvdGhl
dGljYWwgc2l0dWF0aW9ucyBoZXJlLiBVbHJpY2g/Cgo+IFNpciwgZG9lcyBub3QgdGhlIGZvbGxv
d2luZyB0cml2aWFsIGFuZCBvYnZpb3VzIHNpbmdsZSBsaW5lIG1vZGlmaWNhdGlvbgo+IHRvIHRo
ZSBhYm92ZSBjb2RlIGVsaW1pbmF0ZSB0aGUgd2FybmluZz8gIEFuZCBkb2VzIGl0IG5vdCBkbyBz
byAqd2l0aG91dCoKPiB0aGUgbmVlZCBmb3IgYGBjb25zaWRlcmFibGUgZWZmb3J0Jyc/Cj4gCj4g
ICBpbnQgeCA9IC0xOwo+IAo+IEkgdGhhbmsgeW91IGZvciBwcm92aWRpbmcgbWUgd2l0aCB0aGUg
ZXhhbXBsZSBhYm92ZSwgYW5kIHRodXMgYWxzbyB0aGlzCj4gb3Bwb3J0dW5pdHkgdG8gc28gcGVy
ZmVjdGx5IGlsbHVzdHJhdGUgbXkgZnVuZGFtZW50YWwgcG9pbnQuCgpUaGUgZXhhbXBsZSBJIGdh
dmUgaXMgb2YgY291cnNlIHRyaXZpYWwgdG8gcmV3cml0ZS4gSXQgd2FzIHRoZSBzaG9ydGVzdCBw
b3NzaWJsZSBleGFtcGxlIEkgY291bGQgdGhpbmsgb2YgdG8gaWxsdXN0cmF0ZSB0aGUgc2l0dWF0
aW9uLiBJdCB3YXMgY29uZGVuc2VkIGZyb20gYSByZWFsbHkgY29udm9sdXRlZCBpZi1lbHNlIGNh
c2Ugd2hpY2ggd2FzIG5vdCBpbmNvcnJlY3QgYnV0IHF1aXRlIGRpZmZpY3VsdCB0byB1bnRhbmds
ZS4gQW5kIHllcywgaXQncyBsYXVkYWJsZSB0byByZXdyaXRlIGl0IGZvciB0aGUgc2FrZSBvZiBy
ZWFkYWJpbGl0eSwgYnV0IGl0IGRvZXNuJ3QgZml4IGFueSBzZWN1cml0eSBpc3N1ZXMuCgo+IEFz
IHRoZSBleGFtcGxlcyBhYm92ZSBpbGx1c3RyYXRlLCB0aGUgY2xhaW0gdGhhdCBlbGltaW5hdGlu
ZyB0aGUgbm9uLWhlbHBmdWwKPiB3YXJuaW5ncyBpcyBgYHRvbyBoYXJkJycgY2Fubm90LCBJIGJl
bGlldmUsIGJlIHN1cHBvcnRlZCBieSB0aGUgZmFjdHMsIGFuZAo+IHRoZSAodW5mb3J0dW5hdGVs
eSB3aWRlc3ByZWFkKSBwZXJjZXB0aW9uIHRoYXQgZWxpbWluYXRpbmcgc3VjaCB3YXJuaW5ncyBp
cwo+IGBgdG9vIGhhcmQnJyBpcyBhY3R1YWxseS4uLiBhbmQgbm90IHRvIHB1dCB0b28gZmluZSBh
IHBvaW50IG9uIGl0Li4uIGEKPiBwcm9kdWN0IG1vcmUgb2YgaWdub3JhbmNlIG9yIGxhemluZXNz
IHRoYW4gaXQgaXMgYSBwcm9kdWN0IG9mIGdlbnVpbmUKPiBkaWZmaWN1bHR5IGluIHF1aWV0aW5n
IHRoZSB1bmhlbHBmdWwgZGlhZ25vc3RpY3MgaW4gcXVlc3Rpb24uCgpBcyBvdGhlcnMgaGF2ZSBw
b2ludGVkIG91dCwgJ3RvbyBoYXJkJyBjYW4gYWxzbyBtZWFuICd0b28gaGFyZCcgdG8gZ2V0IHNv
bWVvbmUgd2l0aCBjb21taXQgYWNjZXNzIHRvIGFjdHVhbGx5IGNvbW1pdCB0aGUgcGF0Y2ggYW5k
IGFjY2VwdCB0aGUgcmlzayBvZiBpbnRyb2R1Y2luZyBuZXcgYnVncy4gQ2FzZSBpbiBwb2ludDog
SSBjb250cmlidXRlZCB0aGlzIG9uZS1saW5lciBwYXRjaCBmb3IgWkZTIGZvdW5kIGJ5IENsYW5n
IEFuYWx5emVyLCBhZGRpbmcgdGhlIF9fbm9yZXR1cm5fXyBwcmFnbWEgeW91IGFsc28gbWVudGlv
bjogaHR0cHM6Ly93d3cuaWxsdW1vcy5vcmcvaXNzdWVzLzMzNjMuIEZvciAxLDUgeWVhcnMsIEkg
aGF2ZSBiZWVuIHVuYWJsZSB0byBnZXQgYW55b25lIGZyb20gRnJlZUJTRCBvciBJbGx1bW9zIHRv
IGNvbW1pdCBpdCBvciBldmVuIHJldmlldyBpdC4gTXkgcGVyc29uYWwgY29uY2x1c2lvbiBpcyB0
aGF0IHBhdGNoZXMgdG8gd2FybmluZ3MgaGF2ZSB0byBmaXggbW9yZSBzZXZlcmUgaXNzdWVzIHRv
IGdldCBhdHRlbnRpb24uIE9yIGluIG90aGVyIHdvcmRzLCBpZiB0aGUgd2FybmluZyBpcyBhIHJl
c3VsdCBvZiB0aGUgY29tcGlsZXIgb3IgYW5hbHl6ZXIgYmVpbmcgdG9vIHN0dXBpZCwgdGhlIHJl
c3BvbnNlIHdpbGwgbW9yZSBsaWtlbHkgYmUgImZpeCB0aGUgYW5hbHl6ZXIiLCBhbmQgY29tcGls
ZXIgd2FybmluZ3MgYXJlIG1vcmUgbGlrZWx5IHRvIGJlIGlnbm9yZWQuCgo+IEknbSBzb3JyeSwg
eW91IGFyZSBhcHBhcmVudGx5IHVzaW5nIHNvbWUgZG9tYWluLXNwZWNpZmljIHRlcm1pbm9sb2d5
IHdpdGgKPiB3aGljaCBJIGFtIG5vdCBmYW1pbGlhci4gIFdoYXQgZXhhY3RseSBpcyAiSVBBIiBh
bmQgImFscGhhLXJlbWFuaW5nIj8gIERvCj4gdGhlc2UgaGF2ZSBzb21ldGhpbmcgZG8gZG8gd2l0
aCBTU0w/CgpBbHBoYSByZW5hbWluZywgb3IgzrEtY29udmVyc2lvbiwgaXMgZXhwbGFpbmVkIGhl
cmU6IGh0dHA6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvTGFtYmRhX2NhbGN1bHVzCgpJUEEsIG9y
IEludGVyLVByb2NlZHVyYWwgQW5hbHlzaXMsIGlzIGV4cGxhaW5lZCBoZXJlOiBodHRwOi8vbGx2
bS5vcmcvZG9jcy9MZXhpY29uLmh0bWwKCgpFcmlrCl9fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fCmZyZWVic2Qtc2VjdXJpdHlAZnJlZWJzZC5vcmcgbWFpbGlu
ZyBsaXN0Cmh0dHA6Ly9saXN0cy5mcmVlYnNkLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2ZyZWVic2Qt
c2VjdXJpdHkKVG8gdW5zdWJzY3JpYmUsIHNlbmQgYW55IG1haWwgdG8gImZyZWVic2Qtc2VjdXJp
dHktdW5zdWJzY3JpYmVAZnJlZWJzZC5vcmci