Page Hits

Saturday, March 19, 2016

Apple's goto Fail Bug 

static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,uint8_t *signature, UInt16 signatureLen)
{
    OSStatus        err;
    ...
 
    if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
        goto fail;
    if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
        goto fail;
        goto fail; //code executes irrespective of whether if condition is    
        satisfied - always executes.
    if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
        goto fail;
    ...
 
fail:
    SSLFreeBuffer(&signedHashes);
    SSLFreeBuffer(&hashCtx);
    return err;
}
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Generative AI for Everyone - Andrew NG - contd.

Generative AI for everyone - Andrew NG - Week 2 https://quality-agile.blogspot.com/2024/05/introduction-to-generative-ai-andrew-ng.html Fine...