lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 4 Feb 2013 20:59:26 +0100 (CET)
From:	Jesper Juhl <jj@...osbits.net>
To:	syrine tlili <syrine.tl@...il.com>
cc:	linux-kernel@...r.kernel.org
Subject: Re: Unchecked Null pointers

On Fri, 1 Feb 2013, syrine tlili wrote:

> Hi:
> I would like to report a set of errors found in the source tree of
> Linux version 3.0.52 using a static analysis tool for vulnerability
> detection that I'm developing  based on GCC.

Cool. New useful tools are always nice. Where can I download it/look at 
its source code?


> I have performed the security analysis on the whole linux 3.0.52
> distribution and my tool detected 18 errors related to the use of
> unchecked potential  null pointers.

May I suggest that you run your tool against a more recent code-base, such 
as the lastest stable kernel (atm 3.7.6) or the latest 3.8-rc kernel 
(currently 3.8-rc6) or a daily snapshor of Linus' kernel.
That may gain you more feedback from people.


> Some of these errors are also present in recent kernel versions such
> as version 3.6.4
> Details on the detected errors are listed below.
> I'm looking forward to getting your feedback on the reported errors.
> 
[...]

I'd suggest, that a more useful way of getting feedback would be to run 
the tool against a more recent (relevant) kernel source and then submit 
actual patches attempting to *fix* the problems you find. That would be 
more likely to get peoples attention - and would also potentially result 
in some nice fixes being merged.

-- 
Jesper Juhl <jj@...osbits.net>       http://www.chaosbits.net/
Don't top-post http://www.catb.org/jargon/html/T/top-post.html
Plain text mails only, please.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ