Apple SSL Bug In iOS Also Affects OS X

← Back to Stories (view on slashdot.org)

Apple SSL Bug In iOS Also Affects OS X

Posted by timothy on Saturday February 22, 2014 @09:44AM from the sympathetic-reaction dept.

Trailrunner7 writes "The certificate-validation vulnerability that Apple patched in iOS yesterday also affects Mac OS X up to 10.9.1, the current version. Several security researchers analyzed the patch and looked at the code in question in OS X and found that the same error exists there as in iOS. Researcher Adam Langley did an analysis of the vulnerable code in OS X and said that the issue lies in the way that the code handles a pair of failures in a row. The bug affects the signature verification process in such a way that a server could send a valid certificate chain to the client and not have to sign the handshake at all, Langley found. Some users are reporting that Apple is rolling out a patch for his vulnerability in OS X, but it has not shown up for all users as yet. Langley has published a test site that will show OS X users whether their machines are vulnerable."

94 of 140 comments (clear)

Min score:

Reason:

Sort:

Hmm... by 93+Escort+Wagon · 2014-02-22 10:00 · Score: 3, Funny

The researcher who found the bug is Adam Langley. CIA headquarters is in Langley, Virginia.
Coincidence? I think not!

--
#DeleteChrome
1. Re:Hmm... by wiredlogic · 2014-02-22 11:21 · Score: 1
  
  The researcher who found the bug is Adam Langley. CIA headquarters is in Langley, Virginia.
  Coincidence? I think not!
  Adam Langley is an anagram of "A lang madly e". Clearly this is the product of some leet Canadian insider who has gone rouge with this disclosure. Time to put on a new layer of tinfoil.
  
  --
  I am becoming gerund, destroyer of verbs.
2. Re:Hmm... by LynnwoodRooster · 2014-02-22 12:37 · Score: 1
  
  The researcher who found the bug is Adam Langley. CIA headquarters is in Langley, Virginia.
  Coincidence? I think not!
  Adam Langley is an anagram of "A lang madly e". Clearly this is the product of some leet Canadian insider who has gone rouge with this disclosure. Time to put on a new layer of tinfoil.
  Mascara, even!
  
  --
  Browsing at +1 - no ACs, I ignore their posts. So refreshing!
3. Re:Hmm... by sjames · 2014-02-22 20:36 · Score: 1
  
  Must be a lumberjack.
4. Re:Hmm... by Meski · 2014-02-23 13:05 · Score: 1
  
  The researcher who found the bug is Adam Langley. CIA headquarters is in Langley, Virginia.
  Coincidence? I think not!
  Adam Langley is an anagram of "A lang madly e". Clearly this is the product of some leet Canadian insider who has gone rouge with this disclosure. Time to put on a new layer of tinfoil.
  Mascara, even!
  I dunno, it's making me see red...
Lets see how far back... by Anonymous Coward · 2014-02-22 10:03 · Score: 2, Insightful

Let see how far back Apple will patch this thing, if they leave Snow Leopard (10.6) out for the wolves or not.
In the past under Jobs, only the last two OS X versions got security updates. He was a real prick about trying to force people to upgrade to their latest bloated your machine so you have to buy a new one prematurely crap.
1. Re:Lets see how far back... by ugen · 2014-02-22 10:08 · Score: 4, Insightful
  
  Snow Leopard (10.6) is not vulnerable to this bug, since Apple did not switch from OpenSSL to their own SSL/TLS library back then yet. Just verified on my 10.6 box (to verify visit https://www.imperialviolet.org:1266/ )
  On the other hand, iOS 6.1.5 is - and now I have a choice of using insecure iPhone or upgrading to 7.x. For now I've switched from Safari to a 3rd party browser that does not have this bug - but email is still vulnerable and so can be other components. That said, I have little trust in SSL even when it works as designed, so I won't lose much sleep over this.
2. Re:Lets see how far back... by Rick+Zeman · 2014-02-22 10:33 · Score: 1
  
  Snow Leopard (10.6) is not vulnerable to this bug, since Apple did not switch from OpenSSL to their own SSL/TLS library back then yet. Just verified on my 10.6 box (to verify visit https://www.imperialviolet.org... )
  On the other hand, iOS 6.1.5 is - and now I have a choice of using insecure iPhone or upgrading to 7.x.
  Or, perhaps upgrading to iOS 6.1.6 which corrects that bug.
3. Re:Lets see how far back... by Anonymous Coward · 2014-02-22 10:46 · Score: 1
  
  If you are able to upgrade to iOS 7, you are not able to upgrade to 6.1.6.
4. Re:Lets see how far back... by dgatwood · 2014-02-22 11:12 · Score: 2, Interesting
  
  Snow Leopard (10.6) is not vulnerable to this bug, since Apple did not switch from OpenSSL to their own SSL/TLS library back then yet.
  No, that's not correct at all. First, it doesn't affect 10.8.5, either, which blows that theory. Second, Secure Transport was introduced way back in 10.2, and has been used for Foundation and Core Foundation SSL negotiation since at least 10.4, according to various security vulnerability reports (and probably earlier). In other words, this has absolutely nothing to do with Apple "switching" anything. It's just a bug, and a fairly recent bug at that.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
5. Re:Lets see how far back... by ugen · 2014-02-22 11:35 · Score: 2
  
  iOS 6.1.6 is not available for iPhone 5. It is only available for devices for which there is no iOS 7, unfortunately. First thing I checked.
6. Re:Lets see how far back... by ugen · 2014-02-22 11:46 · Score: 2
  
  It is correct and, if you have 10.6 handy - you can verify that under that system Safari is using OpenSSL. To do so, simply move /usr/lib/libssl.*.dylib elsewhere and try to run Safari. It will fail due to missing libraries.
  On 10.9 Safari will happily run with OpenSSL libraries removed.
  You are welcome to dig through otool -L output to find how it's linked up, but the fact remains - Safari was switched over from OpenSSL to homegrown crypto sometime after 10.6.
7. Re:Lets see how far back... by zippthorne · 2014-02-22 11:49 · Score: 1, Troll
  
  So that they wouldn't be affected by bugs in OpenSSL?
  The idea that it's a bad idea to roll your own security features because you're probably not a security expert is not something that is necessarily applicable to an organization as large as Apple, which can certainly afford to employ as many security researchers as it needs to to match the security knowledge of other common security tool organizations.
  Further, a world in which there is only one (hopefully well-researched) implementation of critical security software also has drawbacks, as any errors in that software will affect everyone.
  
  --
  Can you be Even More Awesome?!
8. Re:Lets see how far back... by PopeRatzo · 2014-02-22 11:53 · Score: 1
  
  since Apple did not switch from OpenSSL to their own SSL/TLS library back then yet.
  
  Why did they switch? I haven't been able to find out from the articles I read.
  
  --
  You are welcome on my lawn.
9. Re:Lets see how far back... by Rick+Zeman · 2014-02-22 12:24 · Score: 1
  
  If you are able to upgrade to iOS 7, you are not able to upgrade to 6.1.6.
  Ugh. I didn't realize that. That's just...short-sighted.
10. Re:Lets see how far back... by Espectr0 · 2014-02-22 12:52 · Score: 1
  
  If you don't want 7.x you can use 6.1.6 which got released to fix this
  
  --
  Open Source Java Web Forum with LDAP authentication
11. Re:Lets see how far back... by PNutts · 2014-02-22 13:24 · Score: 2
  
  Not on all devices. AC posted this so it got lost in the filters: If you are able to upgrade to iOS 7, you are not able to upgrade to 6.1.6.
12. Re: Lets see how far back... by PopeRatzo · 2014-02-22 14:30 · Score: 1
  
  I'm pretty thick. Why isn't a "moving target" a good thing when you're talking about security?
  Is OpenSSL open source? That would make it more trustworthy, wouldn't it?
  Not long ago I wouldn't even have thought about these things, but with some formerly trusted players putting back doors and exploitable weaknesses into their products for the sake of the NSA, I figure I better ask some questions.
  
  --
  You are welcome on my lawn.
13. Re:Lets see how far back... by mattr · 2014-02-22 15:06 · Score: 1
  
  Slashdotted.
14. Re: Lets see how far back... by Anonymous Coward · 2014-02-22 15:06 · Score: 1
  
  Not-invented-here-syndrome.
  Actually, the official story is that OpenSSL didn't maintain ABI compatibility across versions to Apple's satisfaction. Of course, instead of just forking or maintaining patches against OpenSSL, they decided to implement their own SSL stack from scratch.
  Something like this was inevitable. Apple's crypto and SSL stack can't hold a candle to OpenSSLs in terms of features and algorithms. And while everybody agrees that OpenSSL is ugly code, it's code that's been hammered on for nearly two decades, and has a ton more eyeballs pouring over it than Apple's crypto stack. It was kind of ridiculous, because OpenSSL is the de facto standard in open source (even though the "official" standard in Linux per the LSB is NSS), and a million applications will continue using OpenSSL, only now, once Apple rips it out completely (it screams deprecated when try to compile against it today), they'll have to bundle it themselves.
15. Re:Lets see how far back... by Anonymous Coward · 2014-02-22 15:18 · Score: 1
  
  Instead they're affected by bugs in their own implementation. Worse, the footprint of their implementation compares to something like OpenSSL is so small that their problems are likely to remain under the surface until they surface suddenly and bite them in the ass: with Open Source, all bugs are shallow.
  Their implementation is open source. So, I call bullshit on your assertion.
  Given that they open sourced their implementation, and didn't use OpenSSL, I'd bet heavily that there's some requirement that they have that OpenSSL did not, and would not fulfil.
16. Re:Lets see how far back... by grantspassalan · 2014-02-22 16:08 · Score: 1
  
  I just checked with https://www.imperialviolet.org... And I got the message "Safari can't open that page because Safari can't established a secure connection to the server". I am running Mac OS 10.8.4 so does that mean I am safe?
  
  --
  A sufficiently advanced simulation is indistinguishable from reality.
17. Re:Lets see how far back... by Anonymous Coward · 2014-02-23 02:07 · Score: 1
  
  So I'll just keep asking, because no one can provide an answer: why would you do that?!
  As has been mentioned in this thread several times –because OpenSSL kept repeatedly making bin-compat breaking changes to their API. The result was that they could not ship up-to-date versions of OpenSSL, and hence were open to all kinds of security vulnerabilities that way. Their solution was to change to an API that they knew could be consistent.
18. Re:Lets see how far back... by grumling · 2014-02-23 03:50 · Score: 1
  
  Which is yet another reason I keep seperate work and home devices. If they aren’t going to keep up with security patches and the device is comprimized, it only affects “their” stuff, not mine.
  
  --
  "Well, good luck finding a judge that doesn't run a bestiality site."
19. Re:Lets see how far back... by jbolden · 2014-02-23 04:40 · Score: 1
  
  Apple has consistently been opposed to long term legacy use. Anyone pissed off by this is completely irrational. iPad 1 was an April 2010 device, which Apple had an expected life for of 2-3 years.
  You don't like rapid upgrades Microsoft will be happy for your tablet business.
20. Re:Lets see how far back... by dgatwood · 2014-02-23 05:21 · Score: 1
  
  Even if you're right, the fact remains that security researchers have shown that the bug in question didn't exist in Secure Transport as of the 10.8.5 sources. Because Secure Transport is open source, you can verify that yourself if you don't believe me.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
21. Re: Lets see how far back... by Anonymous Coward · 2014-02-23 05:36 · Score: 1
  
  This looks like it needs a simple explanation; purists will be offended by some of what I'm going to write, but in general it's right.
  The API (Application Programming Interface) specifies the very particular ways that one set of code (a library) can be addressed by other programs. It's a translation layer between the library and the programs that use the library. The library itself can be updated over and over without changing the API: if OpenSSL changes some detail of how a crypto routine works, that doesn't mean that my program needs to know anything about those changes. My program just gives the same command to OpenSSL that it always did, and the API is supposed to make sure that the new code in the library knows what to do with that command.
  The API is like a contract: it promises that OpenSSL will perform a command that I send it, as long as I write that command in a particular way. This is an important point, so I'll repeat it: I don't have to know the specifics of what OpenSSL does, thanks to the API. I shouldn't have to know those details; otherwise I'd have to know everything about every piece of code on the computer eventually. I just have to know how to send commands to the API, and I trust the developers of the library to handle their end of the contract.
  The problem comes when the contract changes. Suddenly my commands don't work anymore.
  As an example: a while back, if I wanted to clear an OpenSSL error state, I could have my program say to OpenSSL ERR_remove_state(0); now I have to write ERR_remove_thread_state(NULL) instead. My old program won't work with the new API. As long as the old command ERR_remove_state(0) worked, whatever updates to the crypto routines were also made didn't affect me but silently helped the system worked better; once ERR_remove_state(0) became obsolete, however, that affected me as a programmer and made my program not work.
  When the API for a library like OpenSSL changes frequently, other programmers can't keep up with the changes in an expeditious manner, which means that we end up keeping outdated versions of OpenSSL around because we can't keep up with the changes. Worse, we might have several versions on one system, because different programmers have written their programs to different APIs that go to different versions of the OpenSSL library. That's why it's important for APIs to be stable.
  That doesn't mean that the underlying code inside the OpenSSL library, the stuff that actually does the crypto, shouldn't be updated. The API, however, needs to remain fairly stable and compatible so that other programmers can use the library without having to rewrite their own programs and relearn the OpenSSL API frequently. Apple decided that the OpenSSL API was changing too often, and that it was hard to keep changing all the code in their software (lots of parts of OSX and iOS, plus the web browsers, iTunes, mail programs, etc. use SSL) to keep up with the changing OpenSSL API. So, they decided to write their own crypto libraries so that they could keep the API stable. It probably would have been a better decision to take the current version of OpenSSL and develop it on their own, separately from the OpenSSL designers (that is, to "fork" the code), but Apple chose to rewrite the whole thing, and someone cut-and-pasted a goto line one too many times. Now Apple is embarrassed.
22. Re:Lets see how far back... by skids · 2014-02-23 06:10 · Score: 1
  
  The idea that it's a bad idea to roll your own security features because you're probably not a security expert is not something that is necessarily applicable to an organization as large as Apple, which can certainly afford to employ as many security researchers as it needs to to match the security knowledge of other common security tool organizations.
  ...but apparently cannot afford the engineers needed to write a thorough test suite for just about anything.
  
  --
  Someone had to do it.
23. Re:Lets see how far back... by skids · 2014-02-23 06:14 · Score: 1
  
  Their solution was to change to an API that they knew could be consistent.
  Of course. Rolling your own SSL stack is so much more efficient a use of engineers time than backporting patches.
  
  --
  Someone had to do it.
24. Re:Lets see how far back... by BasilBrush · 2014-02-23 06:29 · Score: 1
  
  "Their solution was to change to an API that they knew could be consistent."
  Of course. Rolling your own SSL stack is so much more efficient a use of engineers time than backporting patches.
  Non-sequiteur. Back-porting patches does not stabilise the OpenSSL API between versions.
25. Re:Lets see how far back... by BasilBrush · 2014-02-23 06:42 · Score: 1
  
  The iPad 1 came with 256MB of RAM. Current iPads have 1GB or RAM.
  Desktop OSs can still work on older machines, because they use the HD as virtual RAM when real RAM runs out. Mobile OSs, including iOS don't have virtual ram, as thrashing flash memory is destructive. So if the real RAM available is not big enough to support the OS usage, and the usage of a single current app, then it's incompatible.
  A few years ago Apple made the mistake of releasing an iOS version and allowing it on the 3GS. But because of the 3GS limited hardware it ran like a dog. And they were roundly criticised for doing it. It was indeed a mistake. And it would be a mistake to release an OS update that turned iPad 1 performance into a dog.
  If the iPad 1 was capable running iOS 7 adequately, then it would be available for it. But it's not. That's the reason for it's unavailability, not some political position of opposing legacy use.
26. Re:Lets see how far back... by skids · 2014-02-23 08:37 · Score: 1
  
  Yes but it does secure your old versions so you can continue using them.
  
  --
  Someone had to do it.
27. Re:Lets see how far back... by kthreadd · 2014-02-23 09:02 · Score: 1
  
  Yes.
28. Re:Lets see how far back... by MachineShedFred · 2014-02-24 03:02 · Score: 1
  
  10.8.5 isn't even effected, why would any previous version be? This is strictly an iOS 6.x, iOS 7.x and Mac OS X 10.9.x bug.
  
  --
  Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
29. Re: Lets see how far back... by MachineShedFred · 2014-02-24 03:07 · Score: 1
  
  When they refer to it as a moving target, they probably mean that the stuff they're trying to build on top of it breaks far too often because there's too much change.
  Moving target for security = good.
  Moving target for foundation to build on = not as good.
  
  --
  Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
Informative discussion thread by MisterSquid · 2014-02-22 10:05 · Score: 5, Informative
Over at MetaFilter, there's a pretty informative thread calling out these parts among others.
- iOS 6 users with iOS 7-capable devices will be given the latest iOS 7.
- iOS 6 users without iOS 7-capable devices will be given the latest iOS 6
- Mac OS X users pre-Mavericks (10.9) are OK.
- Mac OS X Mavericks users should avoid using Safari.
- You can visit this link to see if your device/browser is affected.
--
blog
1. Re:Informative discussion thread by fluffy99 · 2014-02-22 13:26 · Score: 1
  
  There are finally affordable real Windows (8.1) tablets out. I just got a Dell Venue 8 Pro for $300 at Walmart.
  Meh, it's a low end netbook without a keyboard. I'm still waiting for anyone besides Apple to produce something with decent resolution. 1280x800 is a bit low in an 8" tablet for trying to do MS Office (which also sucks if you don't have a mouse and keyboard. But still it's an affordable option if you don't want the limitations of Android, can't afford an iPad mini, and don't mind crappy windows 8.
2. Re:Informative discussion thread by grub · 2014-02-23 01:30 · Score: 1
  
  I guess those are YMMV problems. Though I agree about the screen brightness one.
  
  --
  Trolling is a art,
NSA by Qwerpafw · 2014-02-22 10:26 · Score: 4, Interesting

Some bloggers and commentators online (no mainstream media news sites... yet) have suggested that this bug was introduced by the NSA based on the fact that Snowden's leaked slides showed evidence that the NSA had developed and was working on further ways of targeting and compromising secured iOS traffic.
We know the NSA compromised RSA through Dual EC_DRBG. It's not hard to imagine they wanted to compromise SSL/TLS on Apple platforms.
The bug was found via internal code review according to the credits for discovery, which means nobody else has disclosed they knew about this in the wild (so this is an exposed zero day crypto exploit on both OS X and iOS platforms).
This link is informative - the kicker is he properly indented but obviously duplicated and incorrect "goto fail;"
https://www.imperialviolet.org...
static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
uint8_t *signature, UInt16 signatureLen)
{
OSStatus err; ...
if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
goto fail;
goto fail;
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
goto fail; ...
fail:
SSLFreeBuffer(&signedHashes);
SSLFreeBuffer(&hashCtx);
return err;
}
Maybe this came out due to bad coding practices, but the kind of bug where the code visually looks ok on the surface, compiles and passes without compiler warnings, and works fine aside from allow the comprise is very suspect.
And at the minimum the NSA has been exploiting this rather than alerting people. Our government needs to stop weakening computer security and go back to working for the people, not against them.
1. Re:NSA by Anonymous Coward · 2014-02-22 10:33 · Score: 1
  
  Uh, wouldn't such code generate " never executed" warnings for everything after the dupe goto??
2. Re:NSA by 93+Escort+Wagon · 2014-02-22 11:40 · Score: 5, Insightful
  
  This is a fundamental problem all the traitorous NSA behavior has created - every time something like this comes up, we're going to wonder if THEY are behind it. Problem is, that way lies madness... we can never really know.
  1) It could very well be an innocent coding error. Heck, I could see myself doing this one with the slip of the fingers in BBEdit. I probably HAVE done it at some point in time.
  2) It could be an intentional bug slipped in by someone on NSA's payroll.
  3) Or, it could be even more nefarious. Perhaps NSA has known about this, but thought the use case was too restricting. So they kept quiet until they were able to slip a more broadly exploitable hole in the development code (or, alternatively, something the compiler can slip into your output). Then, to force everyone to update, they reveal this older bug. We all update, and BAM! They've got us.
  We can't really know, anymore.
  
  --
  #DeleteChrome
3. Re:NSA by Rick+Zeman · 2014-02-22 12:26 · Score: 1
  
  This is a fundamental problem all the traitorous NSA behavior has created - every time something like this comes up, we're going to wonder if THEY are behind it. Problem is, that way lies madness... we can never really know.
  1) It could very well be an innocent coding error. Heck, I could see myself doing this one with the slip of the fingers in BBEdit. I probably HAVE done it at some point in time.
  2) It could be an intentional bug slipped in by someone on NSA's payroll.
  3) Or, it could be even more nefarious. Perhaps NSA has known about this, but thought the use case was too restricting. So they kept quiet until they were able to slip a more broadly exploitable hole in the development code (or, alternatively, something the compiler can slip into your output). Then, to force everyone to update, they reveal this older bug. We all update, and BAM! They've got us.
  We can't really know, anymore.
  As Henry Kissinger is reputed to have said, "Even paranoiacs have enemies...."
4. Re:NSA by Your.Master · 2014-02-22 13:02 · Score: 3, Interesting
  
  This bug looks like the sort of bugs that can come from merging between different code branches in very large codebases. A duplicated line, or a missing line, is a common merge-conflict resolution, *especially* where essentially the same code was added in both branches and then merged together. As an example, if this was a refactor of an existing function that was made similarly in two branches, but a little extra trailing whitespace was clipped in only one branch, then you could get a duplicate line out of an automerge operation.
5. Re:NSA by chuckugly · 2014-02-22 14:19 · Score: 1
  
  This sort of thing can be hard to see; this specific case is easy to spot due to the uniformity of the code around it. I've seen much harder to spot instances of things like this.
6. Re:NSA by AHuxley · 2014-02-22 15:43 · Score: 1
  
  What do we know over the past 40-50 years of telco/computer gathering?
  "DEA and NSA Team Up to Share Intelligence, Leading to Secret Use of Surveillance in Ordinary Investigations"
  https://www.eff.org/deeplinks/...
  Intentional bug slipped in might get noticed outside the more bespoke high end machine encoding production efforts of the 1960-70's.
  Software teams are big, staff from varied countries, backgrounds, skill sets, review, in-house (unknown) next gen automated testing software - a person making repeated deep'errors might just stand to senior reviewers over time.
  Option 3 sounds good. The hints about Magic Lantern keyloggin software might provide some insight too.
  http://en.wikipedia.org/wiki/M...
  A federal law enforcement agency hints that some aspect of the codebase is open to ongoing court approved "keyloggin" efforts thats not found in the wild, not found by AV behavioral software and would be "good" if it could remain until:
  The bug is found.
  The EU?US AV efforts catch new malware that seems to report back to 'nothing' anymore and is built on some past effort - all very normal.
  The next way in is found and the old option can be patched as it might be found in the wild and used by 'real' malware.
  
  --
  Domestic spying is now "Benign Information Gathering"
7. Re:NSA by bondsbw · 2014-02-22 16:40 · Score: 1
  
  This is exactly why I NEVER EVER use multiline if statements without braces.
  
  --
  All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
8. Re:NSA by TFoo · 2014-02-22 17:27 · Score: 1
  
  Looks like a SCM merge error to me. That kind of stuff happens, unfortunately...
9. Re:NSA by Anonymous Coward · 2014-02-22 20:53 · Score: 1
  
  IMHO This should have been caught in the developer's IDE as a dead code warning.
  p.s. This should have also been caught by automated code coverage tests.
10. Re:NSA by BasilBrush · 2014-02-23 04:58 · Score: 1
  
  Nobody does intentionally. Because there's no such thing.
  It's single statement if blocks without braces that people should be avoiding as a matter of style.
11. Re:NSA by bondsbw · 2014-02-23 05:23 · Score: 1
  
  Single line if statement:
  
  if (condition) statement;
  Multi-line if statement without braces:
  
  if (condition)
  statement;
  Multi-line if statement with braces:
  
  if (condition)
  {
  statement;
  }
  There is no good excuse for choosing multi-line without braces over the one with braces.
  
  --
  All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
12. Re:NSA by BasilBrush · 2014-02-23 05:31 · Score: 1
  
  OK, so we're saying nearly the same thing. Only I wouldn't accept your first example either.
13. Re:NSA by skids · 2014-02-23 06:23 · Score: 1
  
  Should be easy enough to figure out from a properly maintained public repo log. Just how opensource is the apple SSL kit?
  
  --
  Someone had to do it.
14. Re:NSA by 93+Escort+Wagon · 2014-02-23 07:08 · Score: 1
  
  This particular problem started me thinking along those lines - I believe I'll start practicing that as well in whatever language I'm writing. Both perl and (especially) JavaScript allow this in one form or another.
  
  --
  #DeleteChrome
15. Re:NSA by antifoidulus · 2014-02-23 13:23 · Score: 1
  
  If it was an NSA bug why does it only affect the newest version of the OS, the version that still comprises a minority of OS X users out there. If the NSA had the power to insert a bug like that into Apple's codebase don't you think they would have made it work on more computers? 10.8 has had security updates come out after the release of Mavericks, so if the NSA was so powerful as to be able to get buggy code into Mavericks, why didn't they backport it to older versions of the OS?
  
  --
  Monstar L
16. Re:NSA by thoughtlover · 2014-02-23 18:22 · Score: 1
  
  2) It could be an intentional bug slipped in by someone on NSA's payroll..
  Who says that 'someone' is on their payroll?
  
  --
  No sig for you! Come back one year!
17. Re:NSA by MachineShedFred · 2014-02-24 03:23 · Score: 1
  
  It's pretty darn open: http://opensource.apple.com/so...
  
  --
  Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
This is a C Standard Bug by Harry8 · 2014-02-22 10:28 · Score: 4, Informative

C and C++ still haven't fixed this egregarious bug in the standard. There is no reason for single line, un-braced blocks. People use them to show off how "cool" they are that they don't need to brace because it's only one line. It makes for difficult to spot bugs like this. We need to actually yell at the people on the standards committees to FIX THE BUGS in the standard. There are other really obvious ones and they all should be fixed before adding more new features. YES I'M LOOKING AT YOU C++14! There are plenty of ways you can make a new standard still work alongside code from an old one (compile old, broke, brittle, stupid code with a compiler flag indicating the old standard and new, beter files (yes "translation units c++") with the new one. Introduce a #THIS_FILE_IS_STUPID pragma to disable sanity on old code compiled with the new standard and plenty of others. Pick one, bless, it, implement it and FIX THIS CRAP http://opensource.apple.com/so... The 35th and 36th incidences of the words "goto fail;" in that file are the problem, not easy to spot until you look really closely and it's a bug that a sane standard would make impossible. FIX IT!!
1. Re:This is a C Standard Bug by angel'o'sphere · 2014-02-22 11:07 · Score: 2
  
  I never saw a bug related to braces, this bug neither is.
  If at all the bug is (difficult to spot) because of a wrong indentation.
  Bottom line the bug is absolutely obvious. You read the code from top to bottom and you see the bug, or you don't has nothing to do with braces or indentation.
  It is the old C versus Python argument. The argument makes no sense. Either you can read the code and comprehend it or you cant.
  No compiler, bracing or anything else can prevent it.
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
2. Re:This is a C Standard Bug by Anonymous Coward · 2014-02-22 11:17 · Score: 1
  
  This same argument can be made about all kinds of things that compilers warn about. But yet, compilers warn. Why? Because any competent programmer will admit that they are not perfect, and use every tool they can to help prevent their own mistakes. At least an option to warn about missing braces like this would help avoid silly mistakes like this that *do* creep into code.
3. Re:This is a C Standard Bug by wiredlogic · 2014-02-22 11:27 · Score: 2
  
  Lint tools can catch this sort of unconditional goto which one would hope is never used intentionally by goto afficionados.
  
  --
  I am becoming gerund, destroyer of verbs.
4. Re:This is a C Standard Bug by Your.Master · 2014-02-22 12:56 · Score: 1
  
  Your argument isn't working. In the wild, iOS and OSX have been exploited because somebody failed to notice this error. This is a thing that actually happened. Doesn't really matter whose fault it is and if they are all morons, what matters is whether we can we make it less likely.
  I would propose that a Python-like static analyser might be able to catch this sort of thing, provided you don't get too fancy with macros. The fact is, virtually everybody has standardized on indentation for if statements as a readability boon, even in the vast majority of languages which use explicit symbols rather than indentation to make code blocks. So I kind of think that the indentation should have the meaning we are already ascribing to it. It's one of the things Python does right.
  This of course brings back the tabs vs. spaces religious wars. To which I say, pick one model for your project and enforce it statically, and I recommend that model be some number of spaces. There's just too little benefit in adding complication like extra varieties of whitespace, or indentation that is usually meaningful but sometimes misleading, etc. (especially when a text editor could just treat every eg. 4 leading spaces on a line as a "pseudo-tab" for display purposes anyway if your panties really get in a twist about configurable column-spacing).
  I can understand that this code that I just made up now* never actually prints "Fridays are the best", but surely you can see that it appears to, right? And I'd say that as much as possible, we should enforce that code runs the way it looks like it should run:
  void StupidExampleFunction(){
  for(day=0;day<7;day++){
  if(day==1) printf("Mondays are the worst :(");}
  if(day==5) printf("Fridays are the best!");{
  }
  }
  Obviously this is poorly written code, but I think you can see how mistakes can creep in because we've essentially assigned meaning to things that aren't actually syntax, which is misleading when it doesn't align with the actual syntax.
  *I didn't actually compile it so there may very well be a syntax error or something, but I think you see what I'm getting at. Also, on languages that do have curly braces I like them each on their own line to make it trivially easy to pair them up so that mistakes like this are nearly impossible.
5. Re:This is a C Standard Bug by Anonymous Coward · 2014-02-22 15:14 · Score: 1
  
  So use a fucking editor that indents things correctly (ie. not Emacs or Vi). You would literally never have these sorts of errors if your editor doesn't allow free-form indentation. You are editing a program, not free-form text, there is absolutely no excuse for freeform indentation outside of comments, and even there it is generally bad form.
6. Re:This is a C Standard Bug by ChunderDownunder · 2014-02-22 15:22 · Score: 2
  
  You may claim the bug is obvious and yet it slipped through to production. So rather than bring up the blame-log on the indvidual developer - programmers make mistakes and enforcing coding standards such as indentation or braces help in identifying errors where errant coders fail.
  If indeed Apple does have a coding standard, then this one slipped through. Using an IDE to pretty-print the code according to the coding standard, prior to checkin, would have revealed the inconsistency of indentation in the duplicated line. Of course performing a visual diff on the previous revision would likewise have exposed the flaw.
7. Re:This is a C Standard Bug by ChunderDownunder · 2014-02-22 15:24 · Score: 1
  
  Compiler warnings or source code analysis tools are often ignored though, sadly, as an afterthought or distraction.
8. Re:This is a C Standard Bug by loufoque · 2014-02-23 00:25 · Score: 1
  
  I am a member of the C and C++ standards committees. I'm sorry to tell you your proposal is inane, and were it to come up I wilk veto it.
9. Re:This is a C Standard Bug by BasilBrush · 2014-02-23 05:07 · Score: 1
  
  Either you can read the code and comprehend it or you cant.
  If that were true, no competent coder would ever have bugs in his code.
  It's like this sentence... Count the number of Fs.
  FINISHED FILES ARE THE RE-
  SULT OF YEARS OF SCIENTIF-
  IC STUDY COMBINED WITH
  THE EXPERIENCE OF YEARS.
  Most people, despite their fluency of the English language will miscount the number of Fs.
  Enforced braces, compilers that are indentation aware, and better detection of unreachable code would would all reduce the number of times that errors of the type in the SSL bug occur. That's an indisputable fact.
10. Re:This is a C Standard Bug by BasilBrush · 2014-02-23 05:13 · Score: 1
  
  Not in reputable software teams. Generally the flags are set to report warnings as errors. And nothing with a warning would make it into a mainline build.
  There are occasions when a warning is unavoidable. But then that requires positive action to use use pragma to turn the warning off and back on again around the offending line. And that should be commented as to why. It can't be ignored.
11. Re:This is a C Standard Bug by angel'o'sphere · 2014-02-23 05:30 · Score: 2
  
  I would say the main problem with this style of coding is the use of gotos.
  Well, most programmers laugh at me and call me unproductive when I spend roughly an hour every morning to visually check every change comming from the version control system. Meanwhile however most organizations use tools like fisheye and do a planned review on the changes.
  I don't know if demanding more braces help. I think in this particular code every condition in the ifs should be refactored into a function returning a boolean. Then you write one single if and use and's to formulate the correct condition, so you have exactly one if and one else branch.
  Chaining the conditions like this, is just braindead, the compiler can do that better for you.
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
12. Re:This is a C Standard Bug by angel'o'sphere · 2014-02-23 05:43 · Score: 1
  
  Ah, your point about the unreachable code, that makes sense.
  The rest is a matter of taste ... I blame it on the stupidity to chain if's and use gotos instead of writing one if with one else branch.
  Well, regarding your F count: the last line of your 'poem' contains none ;) I wonder why you think it is so difficlut to count them?
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
13. Re:This is a C Standard Bug by BasilBrush · 2014-02-23 05:51 · Score: 1
  
  The last line contains one F. See, it's not so easy, is it?
  The vast majority of people will count 3 Fs in the text at the first attempt. Yet there are 6 Fs.
  And nobody bother claiming they got 6 Fs first time. Your bragging, true or false, won't change the point that understanding a language doesn't mean one can parse it perfectly every time.
14. Re:This is a C Standard Bug by angel'o'sphere · 2014-02-23 06:29 · Score: 1
  
  THE EXPERIENCE OF YEARS
  There is no F.
  Well, I don't know if it is a language parsing problem.
  I started programming with Basic. To gotos right behind each other are always wrong. So for me it was simple.
  I don't brag, I simply state that having braces likely had not prevented the error. As your example with the F ... some people are bad with { and }
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
15. Re:This is a C Standard Bug by BasilBrush · 2014-02-23 06:44 · Score: 1
  
  THE EXPERIENCE OF YEARS
  There is no F.
  So you got it wrong again. Here's a clue. What's the second letter of "OF"?
  I rest my case.
16. Re:This is a C Standard Bug by BasilBrush · 2014-02-23 07:03 · Score: 1
  
  Watch as the dinosaurs refuse to evolve.
17. Re:This is a C Standard Bug by angel'o'sphere · 2014-02-23 07:51 · Score: 1
  
  You are rigt, there is an F :)
  Pretty interesting, indeed.
  I only found it a few hours ago, or rather I did not, I only found it by googeling "count the Fs" problem.
  The solution had it highlighted in a different colour, otherwise I had not seen it.
  I moved my finger from letter to letter and still I did not see the F in the of, surprisingly, I saw the F in the other of, pretty strange.
  (How ever I wonder why that should be IQ related, two web sites covering that topic said so)
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
Re:Apple by Anonymous Coward · 2014-02-22 10:35 · Score: 4, Funny

I bet your mom gives out root access to the world.
Re:Considering Apple admitted.... by davester666 · 2014-02-22 11:02 · Score: 2

No, it was a stupid coding standards error
if (x)
goto error;
goto error;
if (y)
goto error;
error:
return
if the coding standards required braces around the code block like this
if (x)
{
goto error;
goto error;
}
it would have eliminated the effects of this coding error

--
Sleep your way to a whiter smile...date a dentist!
How does this work? by willoughby · 2014-02-22 11:23 · Score: 1

So how does "Researcher Adam Langley" get access to the code in order to do "an analysis of the vulnerable code in OS X"?
Do these experts have access to the source via some agreement with the vendor?
1. Re:How does this work? by Anonymous Coward · 2014-02-22 11:40 · Score: 1
  
  opensource.apple.com
2. Re:How does this work? by Anonymous Coward · 2014-02-22 11:42 · Score: 2, Insightful
  
  No.
  Just access:
  http://opensource.apple.com/so...
  So I guess that it can have been exploited for some time.
Re:in other words by profplump · 2014-02-22 14:00 · Score: 1

Because bugs exist testing must not?
Test fail by manu0601 · 2014-02-22 14:50 · Score: 1

At mine, the test site at https://www.imperialviolet.org:1266/ does not even load. Firefox says:
Secure Connection Failed An error occurred during a connection to www.imperialviolet.org:1266. A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot. (Error code: sec_error_pkcs11_device_error)
1. Re:Test fail by mattr · 2014-02-22 15:14 · Score: 1
  
  I get
  The webpage at https://www.imperialviolet.org... might be temporarily down or it may have moved permanently to a new web address.
  Error code: ERR_FAILED
Feature by stooo · 2014-02-22 20:51 · Score: 1

>> The researcher who found the bug is Adam Langley.
>> Bug removes SSL ...
it's a feature, not a bug.
https://pbs.twimg.com/media/Bh...

--
aaaaaaa
Re: Considering Apple admitted.... by hobbes75 · 2014-02-22 21:15 · Score: 1

If the language would require the braces it would even be better...
Re:Considering Apple admitted.... by multi+io · 2014-02-23 01:15 · Score: 1

No, it was a stupid coding standards error
Which is just what you would do to have plausible deniability. :-P
Re: Considering Apple admitted.... by skids · 2014-02-23 06:07 · Score: 1

If the language would require the braces it would even be better...
You mean like this?
if (0)
{ goto fail; }
{ goto fail; }
exit(0);

--
Someone had to do it.
Re: Considering Apple admitted.... by BasilBrush · 2014-02-23 07:07 · Score: 1

If you like, yes. Because that usage would be certain to have people looking closely to see what the fuck is going on.
Re: Considering Apple admitted.... by skids · 2014-02-23 08:44 · Score: 1

Except when you consider the possibility that this was introduced with a code merging utility with line number issues, and no human actually looked at the code for a good while.
Honestly I don't see how having two indented lines under an unbraced if sticks ouy any less. It certainly jumps off the page for me.

--
Someone had to do it.
Re: Considering Apple admitted.... by kthreadd · 2014-02-23 08:56 · Score: 1

That's even more alarming. This is not just "Widget A", this is the main TLS implementation in the operating system. You just don't do automatic code merges without looking at the result. Seriously.
Re:GOTO??? by kthreadd · 2014-02-23 09:11 · Score: 1

That wasn't a programming class, it was brainwashing by CS people. There's nothing wrong with goto itself.
It makes perfect sense to use if you have a function that does initialization, a number of processing steps and ends with cleanup. If any of the steps fail you can jump directly to the cleanup code. This is particularly useful in C where you lack exceptions. If you don't use goto's you tend to get much more heavily indented code riddled with conditionals and code duplication. When handled properly a goto can make such code much more readable.
What happened in this case was not a problem with the goto statement, but with pure programmer carelessness and failed code auditing.
Nobody has mentioned the obvious by ccanucs · 2014-02-23 09:56 · Score: 1

Why on *earth* does this code have G*T*'s in it! !!!!
Re:GOTO??? by ccanucs · 2014-02-23 09:57 · Score: 1

OK - I didn't see this post before I posted. Apologies - someone did mention the obvious ;-)
Re:Apple by Meski · 2014-02-23 13:03 · Score: 1

I'd suspect you were an Aussie, but you said mom, not mum...
Re:GOTO??? by lahi · 2014-02-24 09:23 · Score: 1

I haven't posted on Slashdot for a while, but I find it necessary to point this out.
IMO it _is_ a problem with goto.
The code was structured like this:
if(err=aFunctionReturningZeroOnSuccessOrErrorCode()) != 0) goto cleanup;
if(err=anotherFunctionReturningZeroOnSuccessOrErrorCode()) != 0) goto cleanup; ..
err = oneLastFunctionReturningZeroOnSuccessOrErrorCode();
if(err != 0) { doSomeLogging(); goto cleanup; } //hey - a redundant goto!
cleanup: freeStuff(); return err;
It could have been written completely without gotos like this:
if((err=aFunctionReturningZeroOnSuccessOrErrorCode()) == 0)
if((err=anotherFunctionReturningZeroOnSuccessOrErrorCode()) == 0) ..
if((err = oneLastFunctionReturningZeroOnSuccessOrErrorCode()) != 0) { doSomeLogging(); } //For some reason we only want to log the error from the last call
freeStuff(); return err;
No gotos needed at all! The code is shorter, and IMHO easier to read as well.