看板FB_security
標 題Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?
發信站NCTU CS FreeBSD Server (Fri Apr 25 21:16:41 2014)
轉信站ptt!csnews.cs.nctu!news.cednctu!FreeBSD.cs.nctu!.POSTED!freebsd.org!ow
Ck9uIDA0LzI1LzIwMTQgMTI6MTQgUE0sIERhZy1FcmxpbmcgU23DuHJncmF2IHdyb3RlOgo+IEJl
biBMYXVyaWUgPGJlbmxAZnJlZWJzZC5vcmc+IHdyaXRlczoKPj4gRGFnLUVybGluZyBTbcO4cmdy
YXYgPGRlc0BkZXMubm8+IHdyaXRlczoKPj4+IGh0dHBzOi8vZW4ud2lraXBlZGlhLm9yZy93aWtp
L0hhbHRpbmdfcHJvYmxlbQo+PiBDdXJpb3VzIHdoYXQgdGhlIGhhbHRpbmcgcHJvYmxlbSBjYW4g
dGVsbCB1cyBhYm91dCBmaW5kaW5nL2ZpeGluZyBidWdzPwo+IFNvbWUgcGFydGljaXBhbnRzIGlu
IHRoaXMgdGhyZWFkIGNsYWltIHRoYXQgdGhlcmUgaXMgbm8gc3VjaCB0aGluZyBhcyBhCj4gZmFs
c2UgcG9zaXRpdmUgZnJvbSBhIHN0YXRpYyBhbmFseXplci4gIEEgY29yb2xsYXJ5IG9mIHRoZSBo
YWx0aW5nCj4gcHJvYmxlbSBpcyB0aGF0IGl0IGlzIGltcG9zc2libGUgdG8gd3JpdGUgYSBwcm9n
cmFtIGNhcGFibGUgdG8gcHJvdmluZwo+IG9yIGRpc3Byb3ZpbmcgdGhlIGNvcnJlY3RuZXNzIG9m
IGFsbCBwcm9ncmFtcy4KCkFsbCBjdXJyZW50IGFuYWx5emVycyBhcmUgYSBwYWNrYWdlZCB1cCBj
b2xsZWN0aW9uIG9mIGNvcnJlY3RuZXNzIAppbnR1aXRpb25zIG9wZXJhdGluZyBvbiB0aGUgYm9y
ZGVycyBvZiBsYW5ndWFnZSBzeW50YXggYW5kIGluZm9ybWF0aW9uIApzZW1hbnRpY3MuICBJZiB0
aGV5IGRlbGl2ZXIgJ2ZhbHNlIHBvc2l0aXZlcycgaXQgaXMgYmVjYXVzZSB3ZSBkb24ndCAKa25v
dyBob3cgdG8gY2FwdHVyZSBpbiBzb2Z0d2FyZSB0aGUgc2VtYW50aWNzIG5lY2Vzc2FyeSB0byBq
dXN0aWZ5ICdub3QgCnJlcG9ydGluZycgZmFsc2UgcG9zaXRpdmVzLiAgSWYgdGhleSBkZWxpdmVy
ICdmYWxzZSBuZWdhdGl2ZXMnIGl0J3MgCmJlY2F1c2UgZWl0aGVyIGEgc3ludGF4L2dyYW1tYXIg
b25seSByb3V0aW5lIGNhbid0IHJlYWNoIHRoZSBzZW1hbnRpY3MgCm5lY2Vzc2FyeSB0byBkZXRl
Y3QgdGhlIHByb2JsZW0sIHdlIGRvbid0IGtub3cgaG93IHRvIGNhcHR1cmUgdGhlIApzZW1hbnRp
Y3MgaW4gY2hlY2tpbmcgcm91dGluZXMsIG9yIG9uZSBnb3QgYnkgdGhlIGdyYW1tYXIgY2hlY2tl
cnMuCgpBbmQgYXByb3BvcyB5b3VycyBhYm92ZSBvZiAnaGFsdGluZyBwcm9ibGVtJzogJ0hhbHRp
bmcnIGhhcyBhIGRlZmluZWQgCmFuZCBvYmplY3RpdmVseSB0ZXN0YWJsZSBtZWFuaW5nLCB3aGls
ZSAnY29ycmVjdCcgYW5kICdzZWN1cmUnIGRvIG5vdC4gIApIZW5jZSB0aGUgY29yb2xsYXJ5IHlv
dSBtZW50aW9uIGlzIGluIHRoZSBtYW5uZXIgb2YgcHJvZmVzc2lvbmFsIAppbnR1aXRpb24gKGFu
ZCBsaWtlbHkgY29ycmVjdCBpbiBvdXIgbGlmZXRpbWVzKSwgYnV0IG5vdCB0aGUgdXN1YWwgCm1l
YW5pbmcgb2YgY29yb2xsYXJ5LiAgIEFuZCBpbiBhbnkgZXZlbnQgdGhlIHVuaGFwcHkgb3V0Y29t
ZSB5b3UgbWVudGlvbiAKaW4gJ3RoZSBoYWx0aW5nIHByb2JsZW0nIGV4aXN0cyBpZiBhbmQgb25s
eSB3aGVuIHByZXN1cHBvc2luZyBpbmZpbml0ZSAKcHJvZ3JhbSBtZW1vcnksIGluZmluaXRlIHBy
b2Nlc3NpbmcgdGltZSBhbmQgYnkgaW1wbGljYXRpb24gaW5maW5pdGUgCm1hY2hpbmUgbGlmZS4K
Ckl0IHNob3VsZCBiZSBwb3NzaWJsZSB0byB3cml0ZSBhIHNldCBvZiBydWxlcyB0aGF0LCB3aGVu
IHRha2VuIHRvZ2V0aGVyIApkZWZpbmUgJ3NlY3VyZScsIGluYXNtdWNoIGFzICdzZWN1cmUnIGNh
biBiZSBlcXVpdmFsZW50IHRvIHdoZXRoZXIgb25seSAKYWxsb3dlZCBpbmZvcm1hdGlvbiBvZiBr
bm93biBmaW5pdGUgc2l6ZSBydW5uaW5nIG9uIGEga25vd24gZmluaXRlIApjb21wdXRlciBjcm9z
c2VzIGFuIGludGVyZmFjZSBvciBlZGdlIG9mIGEgc3BlY2lmaWMgcHJvZ3JhbS4gIEJ1dCBmaXJz
dCAKYSBncmVhdCBkZWFsIG1vcmUgaGFzIGRvIGJlIGRvbmUgaW4gZGVmaW5pbmcgYmFzaWNzLCBm
b3IgZXhhbXBsZSBpZiBhIApoYXNoaW5nIHJvdXRpbmUgY29uZmlybXMgbm8tbWF0Y2ggYWdhaW5z
dCBhIHN0b3JlZCBoYXNoZWQgcGFzc3dvcmQsIAp0aGF0J3MgbGVha2luZyBpbmZvcm1hdGlvbiBp
biBhIG1hdGhlbWF0aWNhbCBzZW5zZSBiZWNhdXNlIHlvdSBub3cga25vdyAKb25lIHBhc3N3b3Jk
IGlzbid0IGl0IGdpdmVuIHRoZSBwYXNzd29yZCBzcGFjZSBpcyBmaW5pdGUgKGlmIGJpZyksIGJ1
dCAKaXMgdGhhdCByb3V0aW5lICdpbnNlY3VyZScgb3IgJ3NlY3VyZSc/CgonQ29ycmVjdCcgb24g
dGhlIG90aGVyIGhhbmQsIHRoYXQgdGVybSBpcyBtdWNoIGxpa2UgdmFsb3IgIChpbiB0aGUgZXll
IApvZiB0aGUgYmVob2xkZXIpLiAgT25lIG1pZ2h0IGFyZ3VlIGl0IGlzIGEgcGVyLXByb2dyYW0g
c3BlY2lmaWNhdGlvbiBhbmQgCmFzIHN1Y2ggbW9yZSBhIHJlc3RhdGVtZW50IG9mIHRoZSBwcm9n
cmFtIGl0c2VsZiBpbiBhbiAKYXMteWV0LXRvLWJlLXdyaXR0ZW4gc3BlY2lmaWNhdGlvbiBsYW5n
dWFnZSwgd2hpY2ggaXRzZWxmIG5lZWRzIGl0J3Mgb3duIApjb3JyZWN0bmVzcyBzcGVjaWZpY2F0
aW9uIGluIGFuIGFzLXlldC1hcy15ZXQtdG8tYmUtd3JpdHRlbiAKc3BlY2lmaWNhdGlvbi1zcGVj
aWZpY2F0aW9uIGxhbmd1YWdlLCBhbmQgc28gZm9ydGggdW50aWwgd2UgZ2V0IHRvIHRoZSAKZXll
IG9mIHRoZSBiZWhvbGRlciBhbnlob3csIG9yIGx1bmNoIHdpdGggS3VydCBHb2RlbC4KCkkgZG9u
J3QgbWVhbiB0byBiZSBhcmd1bWVudGF0aXZlLCBJIGp1c3Qgd2FudCB0byB1cmdlIGNhdXRpb24g
aW4gdXNpbmcgCm1ldGFwaG9ycyBmcm9tIG1hdGggd2l0aG91dCBjb25zaXN0ZW50IGFwcGxpY2F0
aW9uIG9mIGVpdGhlciBoYXJkIG9yIApzb2Z0IGZvY3VzIG9uIHRoZSByaWdvci4KCkhhcnJ5IENv
aW4KCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCmZyZWVi
c2Qtc2VjdXJpdHlAZnJlZWJzZC5vcmcgbWFpbGluZyBsaXN0Cmh0dHA6Ly9saXN0cy5mcmVlYnNk
Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL2ZyZWVic2Qtc2VjdXJpdHkKVG8gdW5zdWJzY3JpYmUsIHNl
bmQgYW55IG1haWwgdG8gImZyZWVic2Qtc2VjdXJpdHktdW5zdWJzY3JpYmVAZnJlZWJzZC5vcmci