PDA

View Full Version : One for the fanbois



zeitghost
6th March 2014, 10:32
Apple’s #gotofail SSL Security Bug was Easily Preventable « Barr Code (http://embeddedgurus.com/barr-code/2014/03/apples-gotofail-ssl-security-bug-was-easily-preventable/)

Ooooops.

Excellent use of the GOTO though.

I haven't written code like that since FORTRAN 77 came along. :eyes

Doggy Styles
6th March 2014, 18:35
Apple’s #gotofail SSL Security Bug was Easily Preventable « Barr Code (http://embeddedgurus.com/barr-code/2014/03/apples-gotofail-ssl-security-bug-was-easily-preventable/)

Ooooops.

Excellent use of the GOTO though.

I haven't written code like that since FORTRAN 77 came along. :eyesOh dear. I hope the rest of their software QA is better than that.

VectraMan
6th March 2014, 20:43
Doh! That's clearly never even been stepped through once.

And people will still tell you Apple are somehow superior and more secure.

NotAllThere
6th March 2014, 21:46
It's not really for the fanbois. Most of them won't know what SSL is.

doodab
6th March 2014, 21:49
It's not really for the fanbois. Most of them won't know what SSL is.

surely the apple version is iSsl?

mudskipper
6th March 2014, 21:50
:facepalm:

Sysman
6th March 2014, 22:03
Apple’s #gotofail SSL Security Bug was Easily Preventable « Barr Code (http://embeddedgurus.com/barr-code/2014/03/apples-gotofail-ssl-security-bug-was-easily-preventable/)

Ooooops.

Excellent use of the GOTO though.

I haven't written code like that since FORTRAN 77 came along. :eyes

Excellent indeed.


The code above violates at least two rules from Barr Group‘s Embedded C Coding Standard book

Screams of laughter. Don't need no steenkeeng book to tell us that the code is crud.

Go on, have a look yourself. I counted 47 'goto fail' statements in the source file sslKeyExchange.c (http://opensource.apple.com/source/Security/Security-55471/libsecurity_ssl/lib/sslKeyExchange.c)

Non-Apple users shouldn't be too smug at this point...

Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping (http://arstechnica.com/security/2014/03/critical-crypto-bug-leaves-linux-hundreds-of-apps-open-to-eavesdropping/)


This GnuTLS bug is worse than the big Apple "goto fail" bug patched last week.

New Plan B: Tin foil hats.