EvilZone

Hacking and Security => Mobile Hacking => Topic started by: feynman on February 25, 2014, 05:31:06 AM

Title: goto fail;
Post by: feynman on February 25, 2014, 05:31:06 AM

This is a great bug, completely destroying SSL security on iOS and OSX devices:

Code: [Select]

https://www.imperialviolet.org/2014/02/22/applebug.html

The relevant part of the code is:

Code: [Select]

if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
goto fail;
goto fail;

Do you see the mistake? Not only is there a duplicated line of code, but the second "goto fail" is outside the scope of the if, so it will *always* execute. err is set to 0 (the success value), so the function returns success even if the hash doesn't check out.

Lesson #1: Always use braces.
Lesson #2: Have your compiler check for unused code.