Thursday, August 21, 2014

A delightfully pedantic look at a single line of bad code

This article isn't about SQL Anywere, or SQL, but it could be... because simple coding errors are possible in just about any programming language...

"Though it is unknown whether this vulnerability was ever exploited, it rendered hundreds of millions of devices (and users) vulnerable over the course of 17 months."
Finding More Than One Worm In the Apple by Mike Bland, from ACM Queue May 12, 2014
Mike Bland's seven-page article discusses one single bad line of code; it's written in C, so if you know even a little C you'll see what's wrong right away...
if ((err = SSLHashSHA1.update( 
   &hashCtx, &signedParams)) != 0) 
   goto fail; 
   goto fail;
... or not.

The article's subtitle kinda gives it away: "If you see something, say something."

In other words, the line that LOOKS wrong IS wrong... and the article is proof that pedants really do have more fun :)



Posted by Breck Carter at 9:46 AM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)