Why code style is important
Over at ImperialViolet, there's an interesting
argument observation on Apple's recent SSL/TLS bug in iOS. This is the code in question:
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
uint8_t *signature, UInt16 signatureLen)
if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
See that third goto fail? The first two take advantage of the fact that in C, you can have a single statement following an if, or you can use a curly-brace-delimited block. That third goto, positioned as it is, becomes an unconditional branch.
So the SSL signature verification never happens - the session is happily accepted and off we go to who knows where. If the block syntax had been used, there would simply have been a second unreachable goto in the block (and if -Wall was on there'd have been a warning about that) - and there would have been no security bug!