This forum is in archive mode. You will not be able to post new content.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - feynman

Pages: [1]
1
Mobile Hacking / goto fail;
« on: February 25, 2014, 05:31:06 AM »
This is a great bug, completely destroying SSL security on iOS and OSX devices:

Code: [Select]
https://www.imperialviolet.org/2014/02/22/applebug.html

The relevant part of the code is:

Code: [Select]
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
goto fail;
goto fail;

Do you see the mistake? Not only is there a duplicated line of code, but the second "goto fail" is outside the scope of the if, so it will *always* execute. err is set to 0 (the success value), so the function returns success even if the hash doesn't check out.

Lesson #1: Always use braces.
Lesson #2: Have your compiler check for unused code.

2
Web Oriented Coding / Re: PHP form validation
« on: February 25, 2014, 05:19:41 AM »
If you're seeing "<html>" in the browser, it's because it's interpreting the escaped characters. If you view-source you should see the &lt;html&gt;.

Pages: [1]


Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.