NULL ptr dereferences found with Calysto static checker

[Domagoj Babic]

Hi Ken,

On 6/15/07, Ken Raeburn <raeburn at mit.edu> wrote:
> > It is doable, but IMHO, static checker should do checking not linking
> > :-). So, I prefer to get a complete input, and specify only a few most
> > important external functions through additional constraints.
>
> Sure, that makes sense.  I'm just thinking about, down the road,
> being able to automatically generate descriptions of libraries, for
> use in checking applications in other packages where you don't
> generally pull together the sources of both library and application
> to build...  That's more about production use and friendly UIs, than
> getting the analysis portions well tuned.

That's doable. I'll start workinging on reusable library descriptions in
late July.

> At the top of the list, I think I'd put the main server programs:
> krb5kdc kadmind krb524d.
>
> Next would probably be the setuid programs v4rcp and ksu, and kprop.
>
> Perhaps then, some simple programs that exercise some key client-side
> functionality: kinit and kvno (though kvno was listed with 0 "unique
> locations").  While the programs themselves may not be the most
> critical from a security perspective, the functionality they exercise
> is crucial to most client-side Kerberos software.  Also ftpd, ftp,
> and kadmin, to exercise other parts of the GSSAPI code.
>
> I guess that would be my top-ten list.
>
> And then the other installed programs and the libraries would bring
> up the end of the list, I guess, probably libraries first.  Most of
> the interesting library routines should already be checked by
> analyzing the programs above, but there are undoubtedly some
> interfaces we don't directly use.

I've checked your top-ten list and sent the report to krbcore-security.
It took me a while because I was immediately fixing the sources of false
positives (at least those false positives that are worth fixing).

What's next?

-- 
        Domagoj Babic

        http://www.domagoj.info/