Show Posts
1
Mobile Hacking / goto fail;
« on: February 25, 2014, 05:31:06 am »
This is a great bug, completely destroying SSL security on iOS and OSX devices:
The relevant part of the code is:
Do you see the mistake? Not only is there a duplicated line of code, but the second "goto fail" is outside the scope of the if, so it will *always* execute. err is set to 0 (the success value), so the function returns success even if the hash doesn't check out.
Lesson #1: Always use braces.
Lesson #2: Have your compiler check for unused code.
Code: [Select]
https://www.imperialviolet.org/2014/02/22/applebug.html
The relevant part of the code is:
Code: [Select]
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
goto fail;
goto fail;
Do you see the mistake? Not only is there a duplicated line of code, but the second "goto fail" is outside the scope of the if, so it will *always* execute. err is set to 0 (the success value), so the function returns success even if the hash doesn't check out.
Lesson #1: Always use braces.
Lesson #2: Have your compiler check for unused code.