ImperialViolet - Apple’s SSL/TLS bug

Note the two goto fail lines in a row. The first one is correctly bound to the if statement but the second, despite the indentation, isn’t conditional at all. The code will always jump to the end from that second goto, err will contain a successful value because the SHA1 update operation was successful and so the signature verification will never fail.

Emphasis mine. Always use curly braces. Always.

I put this in the development docs at work:

What’s the main goal of writing code besides generating output?

READABILITY and the deep understanding that another human being will eventually need to read, use, and debug your code.

Don’t be a lazy rockstar –– think about your fellow developers before you commit.

Sidenote: the codebase that runs this site also powers a handful of work projects.

See also This kind of code drives me nuts.

#apple #devhell