Bug In the GnuTLS Library Leaves Many OSs and Apps At Risk

New submitter williamyf writes "According to this article at Ars Technica, '[A] bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn't be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.' The coding error may have been present since 2005."

That reminds me

[afidel]

The Ars side widget is broken, perhaps they don't want me to see the Ars articles until they have time to approve their copies here on slashdot...

Moderation

[mythosaz]

Posting to undo moderation.

Re:Moderation

To the moron who mod'ed this off topic: rot in hell you nazi prick.

Re:Moderation

To the moron who mod'ed this Insightful: rot in hell you nazi prick.

Re:Moderation

[GigaplexNZ]

To be fair, it IS off topic.

Re:Moderation

[lister+king+of+smeg]

To be fair, it IS off topic.

but not worth wasting a mod point on

Re:Moderation

[Plumpaquatsch]

To be fair, it IS off topic.

but not worth wasting a mod point on

If you can't find a remotely on-topic way to undo your moderation, you deserve to modded into oblivion. And why do you think the Offtopic mod exists in the first place? To only mod down offtopic posts that don't admit to be un-mod-posts?

Clearly this is Apple's fault

No, I can't explain how, but it's pretty obvious.

AHAHAHAHAH

"Open Source Software is more secure because the code can be reviewed."

That's why this bug has existed since 2005. gg, guys. Thumbs up.

Re:AHAHAHAHAH

Better late than never.

Re:AHAHAHAHAH

[lister+king+of+smeg]

"Open Source Software is more secure because the code can be reviewed."

That's why this bug has existed since 2005. gg, guys. Thumbs up.

What do you mean? The many eyes found said bug that is why we are reading about it if thay had not it would still be sitting there undiscovered. Ever wonder how many bug go completely unnoticed in proprietary software because no one actually reads said code? Like for example a Windows bug affecting all 32 bit Windows OS's for 17 years: http://www.computerworld.com/s....

Re:AHAHAHAHAH

Do you know why bugs go undiscovered? It's not because of someone not staring at the code. It's poor testing of the binaries via fuzzing tools, etc. Most security bugs like this are found by binary analysis not reading souce code.

Re:AHAHAHAHAH

How is this insightful? The only way this could be insightful is if the OP had said "This bug has existed since 2005, clearly we need greater adoption of open source software, to get more people interested in testing for bugs", because the option is closed software that has bugs no one can look at or fix.

I already have the the security update to this bug on all my machines, but if I had closed source who know when, if ever, a patch would have come.

Re:AHAHAHAHAH

[bonch]

The bug was found due to observed behavior, not due to a code review.

Re:AHAHAHAHAH

because the option is closed software that has bugs no one can look at or fix.

And yet people find bugs in closed software all the time without the source. And if the person has sufficient skill can even provide binary patches. Such as here for example.

Re:AHAHAHAHAH

There have been multiple decade+ year old Linux security vulnerabilities too. So your example is hardly a good one for why open source is better as the same problem exists here too. The truth is every OS with a long history will have decades old vulnerabilities, it is simply in the nature of coding that anything so complex can never be made perfect and if you have something that has been around that long it is inevitable that you will find more very old vulnerabilities, this isn't a bad thing and is simply a sign that even old code is still being reviewed and fixed.

Re:AHAHAHAHAH

[Rob+Y.]

That may be, but once the behavior was observed, the observer didn't have to find the owner of the code to get it diagnosed. They may have, but the point is that anybody who found this behavior could've gone into the code and found out what caused the problem. Of course, if a black hat happened to be the one that found the bad behavior, they could've gone into the code to figure out how best to exploit it. So, the situation's not perfect, but still, it's probably a good thing that there were lots of eyes allowed to diagnose and fix the problem once it displayed itself.

Re: AHAHAHAHAH

They find them in proprietary software. That doesn't mean they get fixed.

Re:AHAHAHAHAH

[y5t3m]

You think no one malicious reviews proprietary code? I seem to recall Chinese hackers gaining access to Google and sure a hell MS code is out there.

Re:AHAHAHAHAH

Except this wasn't related to string handling at all.
2 internal functions supposed to return 0/1 as false/true actually returned negative error codes, which of course got interpreted as true by conditionals in the calling function.
Isn't C's lack of a native boolean type nice?

Re: AHAHAHAHAH

Sure it does.

Re:AHAHAHAHAH

[fluffy99]

"Open Source Software is more secure because the code can be reviewed."

That's why this bug has existed since 2005. gg, guys. Thumbs up.

What do you mean? The many eyes found said bug that is why we are reading about it if thay had not it would still be sitting there undiscovered. Ever wonder how many bug go completely unnoticed in proprietary software because no one actually reads said code? Like for example a Windows bug affecting all 32 bit Windows OS's for 17 years: http://www.computerworld.com/s....

Um no, code review didn't find this - at least not the people that are supposed to. The bad guys apparently found and have been using this bug for quite some time. So obviously the black hats are more motivated to review the code than the white hats.

Re:AHAHAHAHAH

[gnasher719]

How is this insightful? The only way this could be insightful is if the OP had said "This bug has existed since 2005, clearly we need greater adoption of open source software, to get more people interested in testing for bugs", because the option is closed software that has bugs no one can look at or fix.

Well, that's not true. Apple had a rather bad and embarrassing security bug, and someone could look at it and fix it - just had to be an Apple employee, who was paid for it.

Re:AHAHAHAHAH

the bug was found already in a code review done by a porter in 2008
http://www.openldap.org/lists/openldap-devel/200802/msg00072.html

Re:AHAHAHAHAH

[Plumpaquatsch]

"Open Source Software is more secure because the code can be reviewed."

That's why this bug has existed since 2005. gg, guys. Thumbs up.

What do you mean? The many eyes found said bug that is why we are reading about it if thay had not it would still be sitting there undiscovered.

Unless of course it wasn't undiscovered, but actually used. Or even deliberately planted by the NSA.

Re:AHAHAHAHAH

[nojayuk]

It was only a couple of years ago someone found a significant bug in Unix that had been around since 1986, a 32-bit x 32-bit multiply routine that returned a 32-bit answer. It had been in Linux since the start in the early 90s and nobody had noticed it.

Re:AHAHAHAHAH

[Jahta]

"Open Source Software is more secure because the code can be reviewed."

That's why this bug has existed since 2005. gg, guys. Thumbs up.

Especially when it comes to areas like cryptography, it's the quality of the eyes - not the quantity - that matters.

Re:AHAHAHAHAH

[davester666]

Anybody could view and find the bug, as the source for it has been pushed out for years.

Now, getting the code changed is a different matter...

Re:AHAHAHAHAH

[BasilBrush]

OK. But that's quite a different and lesser claim to Linus's Law: "given enough eyeballs, all bugs are shallow".

It's this idea, that Open Source is by nature less defective, because more people are looking at the source, that's shown itself to be completely wrong over the years, and especially with this example.

Re:AHAHAHAHAH

Please don't make bullshit claims like this. Chu's 2008 email complained about API design and misuse of strlen() and friends. He didn't identify specific new vulnerabilities (much less known exploits), only poor coding practices he felt were problematic.

Those practices were irrelevant to this bug. You could fix them all without fixing CVE-2014-0092. Look up the patch: it was a bug in error-handling logic which caused a function to return incorrect values in some cases. The fix literally adds some "goto fail"s to the code, giving it an eerie kinship with Apple's "goto fail" bug.

Re: AHAHAHAHAH

It's pretty difficult to refute a conditional claim. Perhaps this bug is not shallow because it wasn't given enough eyeballs. I will grant that it is a fallacy to present FOSS as perfection, but in the end I prefer the opportunity to validate code with my own eyes rather than believe that M$ holds my interests/welfare above their own.

Who was it this time

NSA? GCHQ? The norks? No, the Syrians?

Now we'll find out...

...who has been surreptitiously using GPL'd code in their proprietary stacks...

Re:Now we'll find out...

[kthreadd]

GnuTLS is actually under the lesser GPL.

Re:Now we'll find out...

[WaffleMonster]

...who has been surreptitiously using GPL'd code in their proprietary stacks...

Why would anyone bother when they could just use OpenSSL and not have to worry about it?

Re:Now we'll find out...

Why would anyone bother when they could just use OpenSSL and not have to worry about it?

Interesting question. I hadn't even realized there were two different SSL libraries available for Linux. Does anything imporant use GNU TLS?

Re:Now we'll find out...

Why would anyone bother when they could just use OpenSSL and not have to worry about it?

Interesting question. I hadn't even realized there were two different SSL libraries available for Linux. Does anything imporant use GNU TLS?

Good question... this is the first I've ever heard of it.

Re: Now we'll find out...

$ apt-cache rdepends gnutls

Nothing

Re: Now we'll find out...

The GnuTLS version of mod_ssl for apache supported SNI (virtual hosts over SSL) before the core did.

Re: Now we'll find out...

$ apt-cache rdepends libgnutls26

A bit more than nothing.

Re: Now we'll find out...

Try
apt-cache rdepends libgnutls26
apt-cache rdepends libgnutls28

I'm Freetardicus!!!

Downmod this Micro$hit shill!!! How dare he spread FUD about free software. It's perfect and bug-free because of the many eyes auditing the codes!

Fortunately not OpenSSL

[Carewolf]

Thank god it is in gnuTLS that is not used by any applications serious about security. Just checked, only printer drivers seems affected in my Debian installation.

Re:Fortunately not OpenSSL

error: failed to prepare transaction (could not satisfy dependencies) :: ffmpeg: requires gnutls :: filezilla: requires gnutls :: glib-networking: requires gnutls :: libimobiledevice: requires gnutls :: samba: requires gnutls>=2.4.1 :: smbclient: requires gnutls

God

has nothing to do with it

Re:God

It has gnu in the name. RMS is easily confused for the guy with the beard that people follow with religious vigor.

Re:God

[hermitdev]

Damn Hurd mentality.

Waiting for Microsoft's "Goto Fail"

[nicoleb_x]

Just waiting for Microsoft's "Goto Fail" bug to surface. It may be too early to thank Snowden, but I'm starting to think I will have to at some point.

Re:Waiting for Microsoft's "Goto Fail"

[Ralph+Wiggam]

Slashdot's response to a devastating bug in a GNU library?

Let's speculate about Microsoft's security and mention Snowden for no reason.

Re:Waiting for Microsoft's "Goto Fail"

I think the insinuation was that the NSA sabotaged all these implementations.

Re:Waiting for Microsoft's "Goto Fail"

[cbhacking]

I think it was MS who had a bug in the past where if I got a certificate issues for "google.com\0.attacker.com", I could present that certificate for a request to "google.com" (due to DNS hijacking or a MitM attack) and it would pass validation because the CN was handled as a C-style string and treated the null byte as a terminator. Fixed long ago, but still. People have been messing up cert validation for as long as it's been around.

The scary thing is how many mobile apps just don't *do* cert validation. Either it's completely disabled, or they crippled it in some way (I've seen both not checking the trust chain and not checking that the cert is valid for the target site). The usual reasons are "oh, we just did that for testing" (but I'm looking at your release version...) or "yeah, one of the servers it connects to uses a self-signed cert" (fine, add explicit trust *for that cert* but don't just disable chain-of-trust checks!) Another common problem is leaving completely broken or outdated options enabled (export ciphers - 40-bit symmetric crypto, easily breakable with a home PC - ot SSLv2 or other such similarly stupid things). Even if your platform/framework/library has a perfectly bug-free TLS implementation, few people ever seem to actually use it correctly.

Re:Waiting for Microsoft's "Goto Fail"

It was a bug in multiple implementations of TLS including OpenSSL, NSS, and Microsoft's thing because they didn't expect cert authorities to give out certs with null bytes in the CN field.

Re:Waiting for Microsoft's "Goto Fail"

[Ralph+Wiggam]

Is there no audit log on that code? It should be obvious whose code is responsible.

Even if the NSA put an exploit into the library in 2005, why didn't those millions of eyes I've heard so much about find the problem for 9 years?

Re:Waiting for Microsoft's "Goto Fail"

[PNutts]

Apple was already mentioned so it's another Slashdot Hat Trick.

Re:Waiting for Microsoft's "Goto Fail"

[hermitdev]

MS09-056, found and fixed around 4 years ago. No word on how long it was present before being found, though.

Re:Waiting for Microsoft's "Goto Fail"

They *did* find it, back in 2008... 8 years since then absolutely nothing has been done to fix it.

OpenLDAP Thread - Feb 2008

Re:Waiting for Microsoft's "Goto Fail"

Wrong.
This bug has nothing at all to do with string handling.
A internal function that's documented as returning 0 or 1 for fail/pass in fact returned negative error codes under some conditions.

Re:Waiting for Microsoft's "Goto Fail"

[blueg3]

...because they didn't expect...

Their error was having expectations about inputs they don't control.

Re:Waiting for Microsoft's "Goto Fail"

[cbhacking]

Honestly, that's what most security bugs are. "I thought the user would put their name in the signature field, not a JavaScript block!"

Re:Waiting for Microsoft's "Goto Fail"

[blueg3]

There are so many categories with huge number of bugs that I don't know if I'd go so far as to say input validation is "most" security bugs. It is, however, one giant source of bugs.

Some of them are delightfully subtle, like the one discussed above: "I didn't think a CA would just issue a cert that had a null in the string!" Hey, the data format uses length-counted strings, not C strings. Don't pretend they're also going to be C strings.

Input validation is consistently in any Top N list of security-related programming mistakes.

Different Software - Same Problem

Both these bugs are caused by people using 'goto' like morons. Using 'goto' should start throwing compile-time errors to start forcing people off this relic of flow control.

Re:Different Software - Same Problem

[Desler]

No the issue was with conditionals and braces. The same issue would have happened even if it were two return statements .

Re:Different Software - Same Problem

[BasilBrush]

No the issue was with conditionals and braces. The same issue would have happened even if it were two return statements .

And a return statement before the end of a function is essentially a goto. A language that takes the step to rule out gotos should also not allow early returns.

Re:Different Software - Same Problem

[lister+king+of+smeg]

Both these bugs are caused by people using 'goto' like morons. Using 'goto' should start throwing compile-time errors to start forcing people off this relic of flow control.

Problem there is that it would break very old programs that just need recompiled and thus require a rewrite. A better way would be to have it disabled in the compiler by default so you have to enable a flag to override it so you are aware that it is there.

Re:Different Software - Same Problem

[Sponge+Bath]

Next, you'll be coming for my trigraphs and pointers. My precious.

Re:Different Software - Same Problem

[Waffle+Iron]

Yeah, force people to write a big pile of nested bracket spaghetti and manually back their way out of every case. Make them introduce a bunch of otherwise useless flag variables and extra conditional statements to keep track of it all.

The best part of it all: When all that extra obfuscation causes bugs, it would be harder to pin the root cause on a simplistic generalization like "goto === bad".

Re:Different Software - Same Problem

[BasilBrush]

Yeah, force people to write a big pile of nested bracket spaghetti...

1. "nested brackets" (blocks) are by definition not spaghetti. Spaghetti is exclusively the result of gotos and their control equivalents (like the early return).

2. Nested blocks are refactorable into smaller functions. That's the way to cut them down to size, not to use gotos.

I mean really! People still trying to argue with structured code in 2014! You'd think it was still the 1980s.

Re:Different Software - Same Problem

[tepples]

Does Objective-C allow early returns?

Re:Different Software - Same Problem

[lgw]

Wow, have you ever actually written production code? Just wow.

There's nothing cleaner than
if (input1 == null) {
        return ERROR("input1 was NULL");
    }
    if (input2 == null) {
        return ERROR("input2 was NULL");
    }
    if (input2 == null) {
        return ERROR("input3 was NULL");
    }

Substitute "throw new ERROR(..)" or "goto :error" depending on what kind of code your writing, it's the same thing any way you do it.

Nesting three levels deep before you even start to write real code? Garbage.

Re:Different Software - Same Problem

[lgw]

Wow, Slashcode totally sucks for formatting. WTF?

Re:Different Software - Same Problem

[cheesybagel]

for (int i=0; i<2; i++)
    if (!input[i]) return {snprintf(buf,sizeof(buf),"input%d was NULL", i+1); ERROR(buf);}

There fixed that you.

I actually looked at the snippet of the Apple TLS code once in an article. It could just as easily not used goto at all and it would have looked just as clean.

Re:Different Software - Same Problem

[Waffle+Iron]

1. "nested brackets" (blocks) are by definition not spaghetti.

I called it spaghetti because the resulting mass of brackets looks just like a big steaming dish of spaghetti, and the extraneous control statements are almost as annoying as gotos to more than a single "error" label.

Nested blocks are refactorable into smaller functions. That's the way to cut them down to size, not to use gotos.

Some are, some not so much. Many situations call for a long list of sequential checks, which can be cleanly and clearly coded as a bunch of if .... return statements. If you put each case in a function you still have the following problems:
- If you do it the obvious way, you still need a deeply nested if-then chain. You haven't solved the problem.
- If you put each check within a function and daisy-chain them, you get creepy action-at-a-distance. It's not clear to the reader that you made a whole bunch of functions that should only be called from one place, and that they must be daisy chained.

I mean really! People still trying to argue with structured code in 2014! You'd think it was still the 1980s.

You seem hung up on definitions. If you narrowly define structured code as code that lacks return, break, continue and exception statements (which can all be used to break out of your "structured" sandbox), then plenty of people would argue with it in 2014.

The main problem with early exits is using them in C. But C is such an unsafe language in general, that's really the least of your worries. Other languages provide nice features like automatic destructors and "with" statements that make early exits perfectly reasonable.

Re:Different Software - Same Problem

[lgw]

Proper C-style code depends heavily on the "goto :cleanup" pattern. You either write all exception-safe, all the time (not in C, obviously), or every function "allocates at the top and frees at the bottom".

Re:Different Software - Same Problem

[lgw]

BTW, that code still returns from the middle, which is the pattern under discussion.

Seriously, it's quite common in production code to need to deal with bad input cleanly at the top of every function;

void Foo(int *low, int *high, char *name)
{
    if (low == NULL)
    {
        return ERROR_PARM1;
    }
    if (high == NULL)
    {
        return ERROR_PARM2;
    }
    if (*low > *high)
    {
        return ERROR_PARMS;
    }
    if (name == NULL)
    {
        return ERROR_PARM3;
    }

That's the single most common pattern in all the code I've seen, whether it's return, throw, or goto :cleanup, you have to do something uniformly for bad input, and one way or another that "something" is "give up now, don't enter the real logic".

Re:Different Software - Same Problem

Fixed it? You turned the inputs into a fucking array. How fucking convenient. Too bad if they were different types.

Re:Different Software - Same Problem

[cheesybagel]

Can still work perfectly fine in C++ code if the types are subclasses.

Re:Different Software - Same Problem

[cheesybagel]

Yes this is the usual way of doing it. I usually see people using goto clauses when they have to cleanup some resource on the error handling part of the code. e.g. deallocating memory or closing up files. I prefer to use a helper function for that and replicating the cleanup function call each time. Some times the cleanup code isn't the same. Using goto labels isn't any better than calling a function in terms of programming complexity.

Re:Different Software - Same Problem

[EETech1]

Fail.

His code checked input 2 twice.

Re:Different Software - Same Problem

[lgw]

Sure, but the reason for goto :clanup specifically is "ease of code review". You want to make it easy to demonstrate that every open has a matching close, every alloc has a matching free, and so on. WHen the code base end up with 1000 allocs and 999 frees, the faster and easier you can spot the matching bookends, the better.

I've actually used an oddball pattern where Foo() is nothing but the error checking, allocs, and frees, and in the middle it calls _Foo(...) which can then return from the middle. But I can't get away with the in "real" code because it's all about what people are used to seeing, and in a team effort that's reasonable.

Re:Different Software - Same Problem

[hermitdev]

1. "nested brackets" (blocks) are by definition not spaghetti. Spaghetti is exclusively the result of gotos and their control equivalents (like the early return).

Bullshit. One of the projects at my last job had a single function in C++ that was over 50 printed pages. 5-deep nested loops, not even counting conditionals. On a 1280p resolution monitor, 8pt font, 4 space-tabbing and properly indented code, the start of the deepest nested blocks were 4/5s or more across the screen. A lot of the crap was due to avoiding goto's. That is spaghetti. By using a few judicial goto's, I was able to reduce the code by a third alone. Goto's are not evil. Like any language construct, they can be abused. Just because one famous guy wrote a paper Go To Considered Harmful doesn't make it scripture. You might want to read "Considered Harmful" Essays Considered Harmful. Just because *you* don't understand when to properly use a construct doesn't make the construct evil or wrong.

Re:Different Software - Same Problem

[hermitdev]

You also have a bug. Strings imply 3 inputs, but you check "input2" against NULL twice. So, you have unreachable code and the compiler would likely eliminate the 3rd conditional.

Re:Different Software - Same Problem

[hermitdev]

It also makes the case for using at least a minimum of C++ over bare C just for the RAII capabilities constructors/destructors afford you. Even if you don't want to take advantage of templates, the expanded (but limited) library.

Re:Different Software - Same Problem

[gnasher719]

People should remember that "Go To Considered Harmful" was written in the times of FORTRAN, when GO TO and a DO-LOOP where the only ways to do control flow. A simple if / else / endif required two GO TOs. So at that time, programmers _had_ to use GO TO in a harmful way. Nowadays they don't.

C++ makes using goto very hard. The replacement pattern: do { ... } while (0); with break statements in the right places. It's equivalent to using goto in a structured way, and it compiles as C++ code.

Re:Different Software - Same Problem

[gnasher719]

The poster that you replied to mistakenly believed that using "goto" was the problem. It wasn't. The problem was code of the form

ÂÂÂÂif (condition)
ÂÂÂÂÂÂÂÂstatement;
ÂÂÂÂÂÂÂÂstatement;

which was duplicating a line of code by mistake, and which would be a problem with almost any statement - statement is executed conditionally once and then executed unconditionally. Whether it is "goto fail;" (which is very appropriate) or "i++;" doesn't make much difference. The strange characters are supposed to be non-breaking space characters. Slashdot character handling is so fucked up.

Re:Different Software - Same Problem

[fa2k]

On a 1280p resolution monitor, 8pt font, 4 space-tabbing and properly indented code, the start of the deepest nested blocks were 4/5s or more across the screen.

Sorry to be pedantic, but why would you give only the number of vertical lines (1280)? Since 2276x1280 is such an unusual resolution (I can only assume 16:9 when using the ???p notation), it would be clearer to give the number of pixels in both directions. Another piece of info missing is the DPI, without which one can't relate "pt" to pixels. [at least we know it's a progressive scan monitor, thank god you don't have to code on an interlaced display]

Re:Different Software - Same Problem

[Richard_at_work]

Hell, the issue would have happened if there were no gotos in use, and instead both statements were method calls - the unintended method call would still have happened.

Re:Different Software - Same Problem

[BasilBrush]

Wow, have you ever actually written production code? Just wow.

More than 30 years of it. And the code you show is common, but that doesn't make it ideal. Big Macs are common, and easy food for the lazy, but that doesn't make it good food,

The problem with it is that it gets buried in a sizeable function, then a bit of code that is needed in every case is added before the final return. It seems to work, and may even pass superficial testing, because the bug only shows under error conditions.

This is a common bug that all too often gets into shipping software. (But not mine).

Substitute "throw new ERROR(..)" or "goto :error" depending on what kind of code your writing, it's the same thing any way you do it.

No, it's entirely different, because there is a "finally" section that ensures that "always needs to run" code really does get run. This is the correct way to do it. Exceptions are a real control structure, not a misuse of a goto equivalent.

Of course you may argue that the former pattern is needed for languages such as C that don't support exceptions. But then that would be a comprehension error on your part, as this part of the discussion was about "A language that takes the step to rule out gotos".

Re:Different Software - Same Problem

[BasilBrush]

I called it spaghetti because the resulting mass of brackets looks just like a big steaming dish of spaghetti, and the extraneous control statements are almost as annoying as gotos to more than a single "error" label.

Humpty Dumpty said "When I use a word, it means just what I choose it to meanâ"neither more nor less." The rest of us try to stick with the established uses of words and phrases.

The term "spaghetti code" was coined as the antonym of "structured code". Deeply nested but nevertheless structured code is not spaghetti code.

Some are, some not so much. Many situations call for a long list of sequential checks, which can be cleanly and clearly coded as a bunch of if .... return statements.

Here's one refactoring for the situation you describe, that results in more even benefits than just removing the gotos/returns:

http://www.drdobbs.com/archite...

You seem hung up on definitions. If you narrowly define structured code as code that lacks return, break, continue and exception statements (which can all be used to break out of your "structured" sandbox)

Exceptions aren't really unstructured. Whilst they result in execution stopping at a line in the middle of a block, they do so using an explicit built into the language block structure, that defines exactly which section of code may do so.

The main problem with early exits is using them in C.

Right, but this section of the discussion was under the condition: "if you are taking the step to remove gotos from a language...". Yes, C is old fashioned, and it's lack of exceptions calls for emulating them with gotos or early returns. But that's not the topic.

Re:Different Software - Same Problem

[BasilBrush]

Sure, but the reason for goto :clanup specifically is "ease of code review". You want to make it easy to demonstrate that every open has a matching close, every alloc has a matching free, and so on. WHen the code base end up with 1000 allocs and 999 frees, the faster and easier you can spot the matching bookends, the better.

And the falseness of that argument is demonstrated by the fact that it's exactly this pattern that has disguised the bugs in the TLS code for Apple for 18 months and GnuTLS for 9 years. The simplicity is superficial. In fact the goto is a huge source of bugs that are not apparent in code reviews.

If the code was written in a structured form these bugs would likely not have happened, or would at least have been more obvious in code review.

Re:Different Software - Same Problem

[BasilBrush]

Bullshit. One of the projects at my last job had a single function in C++ that was over 50 printed pages. 5-deep nested loops, not even counting conditionals

I don't care. "spaghetti code" was coined as an antonym to "structured code". Deeply nested but otherwise structured code may be on need of refactoring, but it is not spaghetti, by definition.

You might want to read "Considered Harmful" Essays Considered Harmful.

Which says absolutely nothing about gotos. Thats a classic strawman, since you are the one that brought up "considered harmful" not me.

Just because *you* don't understand when to properly use a construct doesn't make the construct evil or wrong.

I was programming before the term "structured programming" even came into general use. When all we had was gotos. I learned structured coding and later OOP as they developed. That's how long I've been doing this stuff. There's no lack of understanding on this end of the exchange. And that part of your argument was an ad-hominem.

Strawman and ad-homoinem in the same post. Classic poor argumentation,

Re:Different Software - Same Problem

[BasilBrush]

Huh? How so?

Re:Different Software - Same Problem

[lgw]

What would that look like though. You keep asserting philosophy that's not backed by anything practical. If you have 97 levels of indention, nothing is obvious.

You test 6 things up front, and you'll bail if any of them fail. Are you indented 6 levels now to avoid goto/return? You allocate 6 more things, and must clean them up, but later allocations might fail - indented 6 more levels? You perform 10 operations in the body of the code, and want to skip to cleanup on any error - 10 more levels of indention? No one could follow that crap.

I suspect you just have an aversion specifically to the "goto" keyword, and do something equivalent to it to avoid 22 levels of indention. Microsoft C has the amusing __try, __finally, and __leave for this, but __leave is just a macro for goto, and __finally just a macro for the tag. Would that make you happy? Wrapping goto in a macro so you don't see it any more?

Re:Different Software - Same Problem

[BasilBrush]

What would that look like though. You keep asserting philosophy that's not backed by anything practical. If you have 97 levels of indention, nothing is obvious.

In other answers to you I've already given you two practical alternatives. Exceptions, and a way to refactor nested ifs.

Microsoft C has

I've also pointed out that this sub-discussion is predicated on what you would do with a language that was eschewing the goto. Such a structured language would already have the necessary structures, so the question of what to do with legacy languages such as C is irrelevant. That C is a bad tool with which you have to emulate some control structures with gotos is no defense of gotos in modern languages.

Re:Different Software - Same Problem

[david_thornley]

As I understand it, Objective-C is a strict superset of C, and hence anything allowed in C is allowed in Objective-C. (This differs from C++, in that some C programs can be invalid, or valid and produce different output, in C++).

Re:Different Software - Same Problem

[Waffle+Iron]

Here's one refactoring for the situation you describe, that results in more even benefits than just removing the gotos/returns:

By adding extra useless variables, as I originally pointed out. And introducing a sea of "&&"s. I guess at least it looks more like a bowl of pretzels than a dish of spaghetti.

Whilst they result in execution stopping at a line in the middle of a block, they do so using an explicit built into the language block structure, that defines exactly which section of code may do so.

In a language like C++, unless there's a "try" block within the function, they are exactly the same as a "return" as far as that function is concerned, and can be invoked from the same places. I don't see why you think that that's acceptable if return isn't.

If you look at the FAQs for the Go language, the designers explain why they think exceptions suck in general, and why they largely replaced them with multiple return values. So not everyone shares your enthusiasm for exceptions, which are really just a kind of "return" statement on steroids.

Re:Different Software - Same Problem

[lgw]

Oh, we may be saying the same things then. That's fine. But people are still going to write kernel code in C, and it's still going to have gotos, and that's still not a big problem (using goto only correctly is far down the list of things you have to consistently get right to write kernel code).

Re:Different Software - Same Problem

[lgw]

BTW, I think "finally" sections realy are just the same as the "goto: cleanup" target: a branch to explicit cleanup code, fraught with peril. However, there are better ways to write exception-safe code where you never explicitly clean up/free/close stuff and instead let the stack unwind handle it all for you (more than just RAII: scoped objects). Until you make it to where there's no "matching close for every open" anywhere, you're just moving the problem around, not solving it.

Re:Different Software - Same Problem

[hermitdev]

No problem. It was over 50 printed pages at 80 lines per page (some wrapped). Last time I bothered to check, it was a bit over 3000 lines, without wrapping. Yes, I tried to refactor, but that was a loosing battle given the resources and pressures at the time.

Re:Different Software - Same Problem

[hermitdev]

do {...} while(0); is unnecessary since C++03, (maybe even 98). You can just use {...} to accomplish the same thing. goto's still have there place, and they still have their pitfalls. But, a good compiler will warn you about the most of them (such as jumping over initialization/destruction).

Re:Different Software - Same Problem

[hermitdev]

Strawman my ass, you only quote half the sentence and take it out of context. If you actually read the link, it talks about such strongly worded "considered harmful" essays are usually taken basically as scripture, and such feature, whatever it is, should never be used. Sure, Dijkstra was writing about Fortran, but he was influential enough that the philosophy carried over to other languages. "Don't ever use this".

In regards to defining spaghetti code, try google for a change:

Spaghetti code is a pejorative term for source code that has a complex and tangled control structure, especially one using many GOTOs, exceptions, threads, or other "unstructured" branching constructs.

(emphasis mine). Spaghetti code doesn't necessitate goto's, but I'll grant poor use can lead to it. Using goto doesn't mean spaghetti code.

I don't care how long you've been programming or what order you learned different idioms as they developed/were available, it doesn't make you right.

I'm not advocating prolific use of goto's, but they have their place, and when used correctly, they can lead to more readable, and, perhaps, more efficient code. But never use it (with no evidence, examples)? If you want a strawman argument, that is it.

Re:Different Software - Same Problem

[BasilBrush]

BTW, I think "finally" sections realy are just the same as the "goto: cleanup" target: a branch to explicit cleanup code, fraught with peril.

No they are not. Goto requires that the programmer writes that line each time there is a different path that maybe taken through the possibly failing code. Finally ensures that once the exception block has been entered, the finally block must follow.

However, there are better ways to write exception-safe code where you never explicitly clean up/free/close stuff and instead let the stack unwind handle it all for you

Sure. That's another way of avoiding goto. Symbian was written before C++ got exceptions, and uses a cleanup stack for that purpose.

Until you make it to where there's no "matching close for every open" anywhere, you're just moving the problem around, not solving it.

Which is why you don't manually code it with gotos. Of all the ways of dealing with these problems, goto is the worst.

Re:Different Software - Same Problem

[BasilBrush]

Strawman my ass, you only quote half the sentence and take it out of context. If you actually read the link, it talks about such strongly worded "considered harmful" essays are usually taken basically as scripture, and such feature, whatever it is, should never be used. Sure, Dijkstra was writing about Fortran, but he was influential enough that the philosophy carried over to other languages. "Don't ever use this".

And if I'd quoted Dijkstra, or said "thou shalt not use gotos" in a scriptural way, then you'd have a point. But I didn't do those any more than I said "gotos considered harmful". All of these things were raised by you, then dismissed buy you. And that's exactly what a strawman is.

In regards to defining spaghetti code, try google for a change:

Your definition comes from Wikipedia, and it comes without a specific citation. Now, take a look at the references at the bottom. The oldest one is 1977. From the book: "Structured programming for the COBOL programmer: design, documentation, coding, testing." Elsewhere the artcle points out: "author Paul Noll uses the terms spaghetti code and rat's nest as synonyms to describe poorly structured source code."

As I say, spaghetti code is the antonym to structured code. Always was. Deeply nested structured code is not spaghetti. A russian doll might be a suitable metaphor, but a plate of spaghetti is not. There is no structure in spaghetti.

I don't care how long you've been programming or what order you learned different idioms as they developed/were available, it doesn't make you right.

It doesn't make me right in and of itself. However that memory back to the days when structured code was still a topical issue is why I know for sure what spaghetti code is. And that's why I'm telling you. If you can find an earlier reference than 1977 that confirms your understanding, then you can say I'm wrong. Otherwise I'm right.

But never use it (with no evidence, examples)?

What's the point of examples? It's an absolute fact that you cannot dispute that every piece of code that uses a goto can be rewritten using proper control structures. I personally have not used a goto since the 1980s. And my career has included work on a commercial operating system, in which gotos were forbidden at all levels above the kernel. And that was conceived with C++ in the days before it even had exceptions.

(You might ask why gotos were permitted at the kernel level. And the answer is that the kernel engineers mixed assembly and C, and tended to think in assembler first, even if they then wrote in C. If questioned they would say that the goto was more efficient. And in those days of poor compiler optimisations they may have been right. But that argument generally doesn't apply with modern optimising compilers.)

Re:Different Software - Same Problem

[BasilBrush]

By adding extra useless variables

In the days of optimising compilers, local variables typically have no cost, and they tend to self-document the code. To defend gotos whilst attacking extra local variables is irrational.

And introducing a sea of "&&"s.

At first blush, that does seem to make the code look more complicated. But in reality it doesn't. As the text explains it's easier to see when a block will be executed if the conditionals are explicitly in the single containing if statement, than if it is implicit through nesting or worse through possible earlier gotos.

And in practice you don't just use this pattern to refactor to the extreme. It's more a mixture of this with refactoring into smaller functions, and accepting that one level of nesting is OK.

In a language like C++, unless there's a "try" block within the function, they are exactly the same as a "return" as far as that function is concerned, and can be invoked from the same places. I don't see why you think that that's acceptable if return isn't.

That's a valid point, however functions that may throw exceptions are usually designed and documented as such. Whereas early returns are just slipped in on a whim of the programmer, and are often missed by maintainers, causing bugs.

If you look at the FAQs for the Go language, the designers explain why they think exceptions suck in general, and why they largely replaced them with multiple return values. So not everyone shares your enthusiasm for exceptions, which are really just a kind of "return" statement on steroids.

I'm not particularly enthusiastic about exceptions. I've actually used cleanup stacks and error codes more often myself, I simply brought up exceptions as one of the more structured mechanisms for avoiding gotos and their equivalents.

Re:Different Software - Same Problem

[BasilBrush]

For sure kernel code is the one place where I still see lots of gotos. And I accept that the limitations of C and the need to maximally optimise may justify that. Though I wonder how much the optimisation argument still applies with modern compilers.

Re:Different Software - Same Problem

[lgw]

It's purely cultural. So much of what "makes you good at C code" goes away once you embrace automatic cleanup; coders would suddenly find a big chunk of what they do daily to be valueless. Plus, the ability to get the cleanup block right is a shibboleth for the harder problems you have to constantly juggle (e.g., page faults and priority inversion) while writing kernel code - people who want to use C++ are seen as too mentally undisciplined to write a driver. Cultural change is very slow.

Re:Different Software - Same Problem

[hermitdev]

Strawman my ass, you only quote half the sentence and take it out of context. If you actually read the link, it talks about such strongly worded "considered harmful" essays are usually taken basically as scripture, and such feature, whatever it is, should never be used. Sure, Dijkstra was writing about Fortran, but he was influential enough that the philosophy carried over to other languages. "Don't ever use this".

And if I'd quoted Dijkstra, or said "thou shalt not use gotos" in a scriptural way, then you'd have a point. But I didn't do those any more than I said "gotos considered harmful". All of these things were raised by you, then dismissed buy you. And that's exactly what a strawman is.

In regards to defining spaghetti code, try google for a change:

Your definition comes from Wikipedia, and it comes without a specific citation. Now, take a look at the references at the bottom. The oldest one is 1977. From the book: "Structured programming for the COBOL programmer: design, documentation, coding, testing." Elsewhere the artcle points out: "author Paul Noll uses the terms spaghetti code and rat's nest as synonyms to describe poorly structured source code."

As I say, spaghetti code is the antonym to structured code. Always was. Deeply nested structured code is not spaghetti. A russian doll might be a suitable metaphor, but a plate of spaghetti is not. There is no structure in spaghetti.

I don't care how long you've been programming or what order you learned different idioms as they developed/were available, it doesn't make you right.

It doesn't make me right in and of itself. However that memory back to the days when structured code was still a topical issue is why I know for sure what spaghetti code is. And that's why I'm telling you. If you can find an earlier reference than 1977 that confirms your understanding, then you can say I'm wrong. Otherwise I'm right.

But never use it (with no evidence, examples)?

What's the point of examples? It's an absolute fact that you cannot dispute that every piece of code that uses a goto can be rewritten using proper control structures. I personally have not used a goto since the 1980s. And my career has included work on a commercial operating system, in which gotos were forbidden at all levels above the kernel. And that was conceived with C++ in the days before it even had exceptions.

(You might ask why gotos were permitted at the kernel level. And the answer is that the kernel engineers mixed assembly and C, and tended to think in assembler first, even if they then wrote in C. If questioned they would say that the goto was more efficient. And in those days of poor compiler optimisations they may have been right. But that argument generally doesn't apply with modern optimising compilers.)

What's the point of examples? It's an absolute fact that you cannot dispute that every piece of code that uses a goto can be rewritten using proper control structures. I personally have not used a goto since the 1980s.

What's the point of examples? The point of examples is to prove your point, to convince. You have not done so with me. You seem to think that I'm advocating liberal use of goto's. I'm not. I'm merely stating that they have their time and place and a blanket abolishment is unnecessary and unwise. Also, I'll call you on your "proper control structures". In C-like languages, control structures like "break" and "continue" are glorified goto's. 'switch' statements are glorified if-else chains that compiler can usually optimize very well. You want to talk strawman arguments, your sole argument is "goto is evil". Put up or shut up.

If I asserted that 'for' loops were evil, and unnecessary, because every 'for' loop could be written with an equivalent while loop doesn't make 'for' loops wrong; you'd think me mad. Maybe I just didn't drink enough Koo

Re:Different Software - Same Problem

[BasilBrush]

Also, I'll call you on your "proper control structures". In C-like languages, control structures like "break" and "continue" are glorified goto's. 'switch' statements are glorified if-else chains that compiler can usually optimize very well.

I agree. This all started with me pointing out that an early return is effectively a goto. And so are break and continue.

And the C switch construct with it's run-on between cases unless you explicitly break - that's possibly the most horribly broken control structure in any language. Yes, it too is effectively gotos. But that's a fuck up in C, not a general problem with selection control structures. In other languages selection control structures are a proper structured programming construct.

The point of examples is to prove your point, to convince. You have not done so with me.

On Slashdot, few people are ever convinced of anything. Experience tells me that you are convinced enough of your rightness, examples aren't going to change your mind. I'm happy enough to state my opinion, and not really care whether you agree.

And to summarise my opinion - gotos are used only with languages that have poor control structures, especially C. My opening statement was about a language that eschewed the goto. Such a language would also not have early returns (not breaks nor continues). But it would have a full set of control structures that make gotos entirely unnecessary.

Personally I haven't made use of an explicit goto since the 1980s (other than in asm). And only used goto equivalents such as break where the deficiencies of the language have necessitated it.

We all knew it was coming...

[neiras]

From February 16 2008: Howard Chu of OpenLDAP: GnuTLS Considered Harmful

Looking across more of their APIs, I see that the code makes liberal use of strlen and strcat, when it needs to be using counted-length data blobs everywhere. In short, the code is fundamentally broken; most of its external and internal APIs are incapable of passing binary data without mangling it. The code is completely unsafe for handling binary data, and yet the nature of TLS processing is almost entirely dependent on secure handling of binary data.

Incredible that GnuTLS is used anywhere at all. It's just mind boggling.

Re:We all knew it was coming...

That statement is 6 years old. Is it still true today though?

Re:We all knew it was coming...

One would have to review the gnutls code to verify. As that's happening at an alarmingly slow rate, check back in a few years! /hopefully not anymore!

Re:We all knew it was coming...

That statement is 6 years old. Is it still true today though?

Appearently yes.

Re:We all knew it was coming...

[sk999]

Just downloaded the latest patched source code. Here's the summary:

find . -name '*.c' | xargs grep strlen | wc -l
522

find . -name '*.c' | xargs grep strcat | wc -l
44

Just as flawed as ever.

Re:We all knew it was coming...

[CODiNE]

How come everyone and their brother haven't been turning in these for security bounties?

Re:We all knew it was coming...

This should take an experienced C coder like a week to fix. Is the GNUtls project really that unmaintained/short on manpower?

Re:We all knew it was coming...

Is Stallman paying out for GNU bugs now? What does he give you - his toe nail clippings?

Re:We all knew it was coming...

I don't think the complaint is that strlen is used *at all* (there are plenty of harmless uses of it), just that it's used in places it shouldn't. Ditto for strcat (though its use is more questionable, since it doesn't take a destination size, but it's still possible to use correctly).

Re:We all knew it was coming...

[bug1]

I see that the code makes liberal use of strlen and strcat

A bad tradesman blames his tools.

Re:We all knew it was coming...

[rastos1]

Thanks god we have OpenSSL to the rescue. Oh wait 1, 2.

Re:We all knew it was coming...

[Raenex]

A bad tradesman blames his tools.

A bad tradesman uses poor tools.

Re:We all knew it was coming...

[bug1]

He only thinks they are bad tools :p

Re:We all knew it was coming...

[gnasher719]

A bad tradesman uses the wrong tool for the job. strlen is perfectly safe to use and gives totally wrong results when used on data containing zero bytes other than at the end of the data.

Re:We all knew it was coming...

Really those functions are absolutely fine when used correctly. It's when used incorrectly that you have problems.

Re:We all knew it was coming...

[Raenex]

So strlen is "perfectly safe to use", except when it isn't. It's just yet another example of a C's error-prone approach to programming.

Re:We all knew it was coming...

[david_thornley]

strlen() isn't perfectly safe. If you use it on data without zero bytes, you can run over the end of allocated memory and get a segmentation fault.

Re:We all knew it was coming...

[hyc]

You really need to read ITS#5361 as well.

http://www.openldap.org/its/in...

With enough eyes... NOT

[williamyf]

I have always been critical about that conventional wisdom of "With enough eyeballs, all bugs are shallow".

I contend that is inacurate. With enough QUALIFIED AND MOTIVATED eyes, all bugs are shallow, and sometimes, some FOSS project lack enough Qualified eyes.

This bug, the KDE one, or even the Metafile bug in windows (and more importantly in WINE) among many others, show that many eyes are not enough.

Again one needs MOTIVATED AND QUALIFIED eyes AAAAAND good QA and test cases.

Cheers

Re:With enough eyes... NOT

[rmstar]

Again one needs MOTIVATED AND QUALIFIED eyes AAAAAND good QA and test cases.

Perhaps using a safety aware language like Ada would be helpful too. C is known to be brittle, yet people insist in writing all sorts of mission critical code in it. I really wonder why.

Re:With enough eyes... NOT

[Zalbik]

Damnit, it sounds like you are saying that software development is hard. And required diligence. And time.

That is NOT what my pointy-haired boss wants to hear.

He wants to hear that we can whip out software using cheap graduates of questionable schools, while distracting these developers with inane meetings, stupid corporate requirements (have you filled out you quarterly performance objectives?), and also making them the first-line software helpdesk and general IT support.

And he wants it all yesterday.

Diligence, motivation and qualification? That's crazy talk!

Re:With enough eyes... NOT

C is known to be brittle, yet people insist in writing all sorts of mission critical code in it. I really wonder why.

Because it's fast and a lot of people are familiar with it, and because lots of popular libraries don't have bindings for Ada - even with something like GNAT, generating these bindings can be a pain. Assembly language is substantially more brittle, but sometimes it's the tool needed for the job.

That's not to say that Ada's a bad language, but right now it's a lot easier to do most stuff in C/C++ IMO.

Re:With enough eyes... NOT

[drinkypoo]

Again one needs MOTIVATED AND QUALIFIED eyes AAAAAND good QA and test cases.

And maintainers who will accept patches which fix these problems, and not reject them for bullshit reasons like not appreciating minor details of the code style.

Re:With enough eyes... NOT

[dissy]

Except your argument has been proven false - many eyes DID catch the bug!

You are posting to an article plainly stating the bug exists, while your post claims such an article doesn't and can't exist because this very bug you are commenting on hasn't and can't be found.

You state this falsehood while at the same time argue the only process that "works" is one where not only would this bug have been around for a decade but still to this day would only be known to the black hat hackers who will use it for ill, depriving the software users (us) of being allowed to even know there is a problem under threat of lawsuits.

I have to seriously question your motives for such a desire and why you don't want people to be secure...

Re:With enough eyes... NOT

[BasilBrush]

Except your argument has been proven false - many eyes DID catch the bug!

No they didn't. Many eyes missed it for 9 years. It was caught because of the bow-wave following Apple's discovery of a similar bug in their code. A bug that had existed in their code for 18 months. As a result, one pair of eyes, finally took a look at this long standing open source code and found the bug.

Linus's law "many eyes make all bug shallow" is horse-shit.

You state this falsehood while at the same time argue the only process that "works" is one where not only would this bug have been around for a decade

Except that the equivalent bug was found in Apple's code, by Apple, in 18 months. Not 10 years. That's 18 months too long, but still 7.5 years faster than it was found in GnuTLS.

Re:With enough eyes... NOT

[david_thornley]

Not in the Apple case, as far as I can tell. What would have helped there would have been an unreachable code warning, which apparently has to be specially asked for in their C compiler.

Severe, and yet not severe.

[Frobnicator]

The bug requires a carefully-crafted certificate. That certificate will verify as valid and trusted when it should not be. The connection will still be secure, it will just be with an untrusted person.

So basically it allows a very dedicated attacker to forge a cert and become a MitM attack.

We all know governments have done this for years. It is widely known that root CA certificates have been violated by spy agencies. A few searches on Google will show bunches of news stories where attackers (all types, government attackers, ID theft attackers, etc) have made fake certificates, abused the CA model, and engaged in similar MitM attacks to what this allows.

SSL/TLS communications are just as secure as they always were. If you have personally verified and trusted the certificates the attack wouldn't work, it is only when your trust model allows a cert that you don't personally trust to be used in authentication, and even then it still allows a secure connection but to a wrongly-trusted individual.

The flaw is the trust model and using a cert that you don't personally trust to be valid, which is a well-known issue.

Re:Severe, and yet not severe.

> SSL/TLS communications are just as secure as they always were.

Yeah, I heard this song before back when PGP key signature parties were all the rage. Guess what? That "verify your keys" trick is about as scalable as collecting lip prints from your customers. It can be *fun*, but for other reasons, not for usable security. And yes, as a proof of concept, I forged and collected signatures for fake ID on GPG keys.

Re:Severe, and yet not severe.

SSL/TLS communications are just as secure as they always were.

No, it is not.

CA model is much more important than the public CA "trust". There is nothing stopping an application designer from using private CAs for their application. This bug breaks the trust to any CAs, including the private ones.

Re:Severe, and yet not severe.

"The connection will still be secure, it will just be with an untrusted person."

What are you smoking? A connection with a MITM is not "secure". This is WORSE than sending data in plaintext.

Re:Severe, and yet not severe.

[tepples]

A connection with a MITM is not "secure". This is WORSE than sending data in plaintext.

Plaintext protocols also have a MITM. How is it any worse?

Re:Severe, and yet not severe.

Because there is the expectation that the data is protected. If you know the link is insecure, then you don't transmit sensitive data. If you trust the link, then you may share sensitive data.

Re:Severe, and yet not severe.

Is that really seriously a question?

This is TLS we're talking about. AKA "Transaction Layer Security"

If you don't understand the basics let me spell them out in simplistic words (please don't try to extrapolate beyond generalizations ... they won't hold up under a real mathematic analysis).

    * Data Confidentiality (it's secret from everybody but you & I)
    * Message Authentication (I am who I say I am, and you are who I think you are)
    * Message Integrity (What I send is what you get)

A necessary component of all of that is the 2nd bullet, validating -- who the fuck I'm talking to (I know who I am). If I don't know who I'm talking to, I don't have confidentiality because I might as well be talking to anybody. I probably don't have integrity. In general, without that authentication part, the other two fall to fucking pieces (and surprisingly fast if you perform any cryptographic operation without checking the MAC...)

The fact that it is sort of less open to a selected-uniformly-at-random person on the wire reading the message than comparable plaintext does not still mean you are *BETTER* than plaintext. It means you are more enciphered than plaintext. BIG HONKING FUCKING DEAL.

It means that people like you who think they know something get confused and transmit believing they are more protected than they really are. It means you failed in your most rudimentary and basic promise of "security" and as a result I am given a false feeling of confidence in a broadcast medium sending things that would not otherwise be sent. It means I do not even actually *have* a secure transport layer anymore.

In short, it means you totally, utterly fucked up.

The simple presence of a cryptographic cipher does not guarantee a private communication. FULL STOP.

That's why it's worse.

Because it's like me saying I'll watch your house while you're on vacation, but instead and I just say "fuck" it and go home. But somehow, people like you can't even tell that I went home immediately instead. So sleep soundly with your inflated sense of confidence and security under my watchful guard and broken promises. Don't call the neighbor if you think you left the stove on or tap running -- I'll notice it and fix it for you... I promise.

Re:Severe, and yet not severe.

[rritterson]

Your reasoning is a bit circular. This bug allows governments to do MitM attacks. Governments have already been doing MitM attacks, perhaps by exploiting this bug. Therefore, this bug is no big deal?

SSL/TLS communications are just as secure as they always where, which is to say broken in a widely used library under an implementation/trust model is that is very widely used.

Re:Severe, and yet not severe.

[Frobnicator]

SSL/TLS communications are just as secure as they always were.

No, it is not.

CA model is much more important than the public CA "trust". There is nothing stopping an application designer from using private CAs for their application. This bug breaks the trust to any CAs, including the private ones.

Let's think about it (as a thought experiment) what is required for this to be an effective attack.

SSL spoofing is already a common attack. Not just France and the NSA but also regular old password-sniffers. This vulnerability falls under the same class of attack as SSL spoofing; a trusted certificate is secretly replaced by an untrusted certificate.

There were some common examples right after unicode was allowed in domain names and people came up with similar-looking links for major companies with unicode symbols that look identical to the ascii glyphs. That will be one comparison. The other comparison will be for a government-style ssl spoof attack.

First, the attacker must redirect you from the legitimate site to their illegitimate site. This is equally difficult with or without the TLS attack. The government-style attack could intercept the traffic over the wire and redirect you to the bad MitM manually. The fake link version could use bad links in phishing emails or spamming the internet with the fake link to the MitM server. Other options include host entries and software secretly installed on the machine. In any event, the bug does not affect this most difficult step.

Second, they need to appear as a valid connection. For the TLS bug, the attacker must create a false certificate that will test as valid. With the bug being known, that is pretty easy. Then they must use this when the certificate is requested during TLS handshaking. Now contrast this with a traditional attacker who must get their certificate signed by a CA for the fake domain; this is also fairly easy to do in practice. Many fake-name certs have been issued over the years and successfully used in news-reported attacks. Sometimes certificates have been forged in other ways, such as the Flame virus. Similarly the spy agencies have no difficulty getting their fake certificates signed by a CA.

Finally, the attacker needs to make a connection with the legitimate host. This is the same in all conditions, and has been successfully been used in SSL spoof attacks for years. When there is secondary authentication required the MitM just requests the data from the client. Complex attacks can sometimes permit a second connection directly to the victim where two-factor authentication across servers is required in such a way that the authentication passes. Nothing new here.

So really, the only thing the bug makes easier is the task of getting a fake certificate. Since this was arguably the EASIEST step in SSL Spoofing to begin with, and because SSL Spoofing is long-established as an easy attack that is difficult for lay people to detect, it means the attack really is a relatively small issue.

Re:Severe, and yet not severe.

[gnasher719]

What are you smoking? A connection with a MITM is not "secure". This is WORSE than sending data in plaintext.

No, he is right. If the NSA is the man-in-the-middle, then you created a secure connection to the NSA, and the NSA will be friendly enough to create another secure connection to your original destination. It's not the secure connection you wanted, but it is secure. Nobody but the man-in-the-middle can listen in.

Re:Severe, and yet not severe.

The only thing wrong with your post is that there was insufficient cursing.

Code audits

[jones_supa]

I'm not sure if only "many eyes make bugs shallow" is enough, but that also professional, thorough code audits (like OpenBSD does) are needed to produce the most secure open source software. Any comments?

Re:Code audits

[Burz]

Seems pretty clear that GnuTLS has too few eyes. Most everything uses OpenSSL instead, and that's where the eyes are concentrated.

Re:Code audits

Gee, you mean like storing your 1024 bit, uber secure protected SSH keys unprotected and without a passphrase in $HOME/.ssh/id_dsa as a default? And providing no mechanism to *expire* or revoke bad SSH keys, or changed host keys, other than a text editor?

Yeah, that's real "secure". Secure like building your front door out of titanium and leaving the screws that hold it on outside, with a screwdriver tied to them.

Re:Code audits

My OpenSSH client key is on a secure crypto token.

As for server keys, let me ask you this: is your SSL/TLS private key on an HSM, or do you password protect it? What do you do when your server is accidentally rebooted?

And how exactly is OCSP supposed to work for SSH, which doesn't have a hierarchical trust system? One reason why OpenSSH has shied away from X.509, OCSP, etc, is because the number of bugs in implementations of those protocols is mind-boggling. Apparently simply validating an fscking certificate is hard enough for most implementations; how well do you think they do with all the other complicated, corner cases?

OpenBSD is manifestly more secure than most other systems because they try to avoid complexity, and many times patiently wait around for simpler systems to emerge rather than hastily implement whatever 1000 page protocol some standards organization shits out.

So much for Linus's law.

[BasilBrush]

"given enough eyeballs, all bugs are shallow"

Apple had their goto bug in TLS for about 18 months before they spotted it.

GnuTLS and therefore Linux has had their goto bug in TLS since 2005 (9 years) and it's only been spotted now as a result of the bow wave from Apple's disclosure.

Re:So much for Linus's law.

[Bert64]

Only GnuTLS is not a default part of Linux, its an optional library used by some packages... Most packages seem to use OpenSSL instead, some offer a choice at compile time but most distros build for openssl by default.

Re:So much for Linus's law.

"given enough eyeballs, all bugs are shallow"

Apple had their goto bug in TLS for about 18 months before they spotted it.

GnuTLS and therefore Linux has had their goto bug in TLS since 2005 (9 years) and it's only been spotted now as a result of the bow wave from Apple's disclosure.

First off, the GnuTLS bug is *NOT* a "goto bug" at all, it is a serious design flaw built that way from the start and would really require a rewrite and API changes. Basically it's a "bug" of the authors not really understanding the standards before designing their API.

Second, it is not "only now been spotted" - this bug has been *KNOWN* about since 2008. OpenSSL - GnuTLS considered harmful - Feb 2008 Quite unlike Apple's "bug", this one was identified *6 years ago* and yet still has not been fixed.

Re:So much for Linus's law.

Why do people keep repeating the same misinformation?
This bug had *zero* to do with string handling.

Re:So much for Linus's law.

The important part is that the eyes have to be looking at that code, and not other code. For example, far more eyes are focused on OpenSSL and/or NSS.

The real problem is people using a shoddy TLS implementation, which is the compound of three causes: Debian being pedantic, the guys that licensed OpenSSL were dicks, and NSS so is incredibly painful to work with to the point where amateurs would rather use GnuTLS.

Re:First

[lister+king+of+smeg]

First, and yet another OSS-releated security risk :(

At least they are rare enough that it is news worthy. As compared to Windows where new exploits hardly ever get any attention because they are so frilling common as to be passé.

Mageia

Mageia 4 has already patched GnuTLS libraries yesterday.

Re:Mageia

What the fuck kind of distro is Mangina?

Re:Mageia

[ChunderDownunder]

It's a fork of a 15yo fork of Red Hat.

Testing is hard

[mveloso]

Testing is hard. The tools you have make it even harder.

How do you build a bad certificate? Fuck, using the openssl tools is hard enough. Does anyone who uses them really understand WTF is happening? I know I don't - I just follow the instructions.

How would you go about building a bogus cert? Beats me. I'm pretty sure you can't do it with the standard tools. And who the heck is going to write their own cert building tools?

And yet, this stuff is at the core of transport security.

Re:Testing is hard

[3.5+stripes]

What is right is a fairly small subset of the possible things that it could be, what is bad encompasses all the rest. Obviously, the variations possible inside that set are a non trivial number.

"Error" is Plausable Deniability

[Jeremiah+Cornelius]

Hot on the heels of Apple's SSL/TLS implementation "flaw" across all stacks, and the Snowden revelations of NSA infiltration for weakening crypto?

You don't have to be wearing Tin Foil, just to become a little suspicious...

Gnut possible

Gnu way this is Gnue. Can't be Gnue. All those eyes, Gnuw and old, looking at this not Gnuw code, and Gnu one spotted anything. Wha? Yeah, buddy, Fuck Gnu Gnoo!

Re:First

...as to be passé.

I do not think that word means what you think it means.

Roll your own

[goombah99]

This is why you should always roll your own SSL scripts in php like the guy at Magic the Gathering Online Exchange did.

I just "tried" to remove the library libgnutls26

[Marrow]

An awful lot of stuff links to it. Browsers, flash, everything that dials out uses it on xubuntu. Are you saying that they are linking to it, but not using it? Or are they linking to it and then its using a wrapper to openssl.

Removing openssl invokes far fewer dependencies

[Marrow]

xubuntu appears to depend largely on the package that "everybody knows is shit".

This does not make me happy.

Mac and iOS not at risk

[noh8rz10]

Because if they were, the headline would have been zOMG mac and iOS not safe !!!!!!!11!!!!

Concur.

# aptitude why libgnutls26
i wget Depends libgnutls26 (>= 2.12.17-0)
#

In other news, open source code which few people care about does not receive adequate review.

Re:Concur.

[ChunderDownunder]

try removing that package from your system.

On mine, it warned about *a lot* of software that have it as an indirect dependency.

Re:Concur.

[jcdr]

Sorry, you don't use the right command to see the reverse dependencies.

Try this:
apt-cache rdepends libgnutls26

I will not post the result here, because it's 494 lines long on my system:

apt-cache rdepends libgnutls26 | wc -l
494

The NSA is probably behind this

Thanks Obama.

Re:The NSA is probably behind this

Was Obama president in 2005? Umm... no.

Re:The NSA is probably behind this

Ha! An Obama lover fell for it.

Thanks Obama.

Bug was NOT found due to being open source

The many eyes found said bug that is why we are reading about it if thay had not it would still be sitting there undiscovered.

This bug wasn't found from being open source. Those "many eyes" missed this bug for nearly a decade. Security testing tools uncovered incorrect validation behavior in the compiled library, just like they would with a closed source library. The only difference is that the public can see the incorrect code and correct it immediately; that is what you should be citing as an advantage of open source.

Re:Bug was NOT found due to being open source

You are wrong. Because it was open source, people already adviced in 2008 not to use it: http://www.openldap.org/lists/openldap-devel/200802/msg00072.html
The errors pointed out there were available to the NSA from the start.

Some people used it nevertheless, those should do an investigation in their processes.

Re:I just "tried" to remove the library libgnutls2

GnuTLS in an independent TLS implementation, i.e. not an OpenSSL wrapper. It was created for the usual bad reason something with GNU embedded in the name is created; because FSF licenses aren't perfectly compatible with <insert some non-FSF copy-left> license, in this case OpenSSL's license(s).

As far as quality goes, I've never used it, but I doubt it's worse than OpenSSL. Because the OpenSSL "API" is one giant WTF.

Incompatible license

[tepples]

The OpenSSL license is not compatible with the GNU General Public License.

Re:Incompatible license

The GPL has an exemption for linking with libraries that are part of the operating system. Otherwise you couldn't run GPLd applications on OS X or Solaris!

I use OpenSSL because it's available everywhere (except Windows) by default, and try to keep my project dependencies to a minimum (usually nil, because I target POSIX and POSIX-like systems.) That includes all the BSDs, OS X, popular Linux environments, and even Solaris. So as far as I'm concerned, OpenSSL is part of the OS. And that's also OpenSSL's interpretation. Just because you can roll a Linux environment without OpenSSL doesn't mean it can't still be considered part of the OS.

Also, there are libraries which mimic OpenSSL's API, at least the most prominent parts. For example, NSS, CyaSSL, etc. So for your typical GPL'd application doing something like SSL, it's hard to say that it "depends" on SSL if you can just swap out OpenSSL entirely with minimal or no changes to your code.

It's really just a bunch of fear mongering based on some less-than-ideal choices made 20 years ago. It would be really sweet if the original authors rescinded some of their terms, but they believe the whole thing is blown out of proportion and won't bend to pressure.

And at the end of the day, no open source SSL library gets hammered the way OpenSSL does, especially server-side. OpenSSL has the largest and most experienced developer based, and just because other libraries are newer and prettier doesn't mean that they're automatically safer or more reliable.

Re:Incompatible license

[gnasher719]

Well, that's just too bad for GPL'd software. No chance then that any GPL'd software would use FIPS certified encryption code?

Ars Technica comments about open-source

[Thanosius]

One thing I found interesting about the comments on Ars Technica about this article is that all comments regarding the (apparent) fallacy of open source allowing quick detection and turnaround of bugs tends to get very highly positively moderated, whereas the ones that argue that closed source software tends to limit the detection of such bugs and encourages sweeping detected bugs under the rug as much as possible get negatively modded or labelled "controversial".

One person even said this:

I would argue that closed source like Microsoft and Apple products might be more secure for two primary reasons: the software is so ubiquitous, it's exposed to orders of magnitude more users. By extension, more security experts are interested, so closed source doesn't stand in the way of people discovering vulnerabilities. And secondly, closed source software companies have a financial interest in their products that's harmed if they are insecure. No comment about Apple, but I know that Microsoft has put massive resources into making its products more secure.

Said comment was modded quite well. Yes, things like this get a lot of attention and look bad for the open-source movement, but keep in mind that open-source/free software is fully transparent. No-one can hide the details with FOSS, something that is far easier to do with closed source software. That level of transparency make it appear as though open-source has more bugs for longer. No-one outside of Microsoft and very select partners are able to audit Windows or Office. And yet the closed-source software is more secure?

It boggles the mind a tech site like Ars Technica can be so pro-closed source and anti-open source despite what I'd assume to be populated with geeks who should know better.

Re:Ars Technica comments about open-source

[gnoshi]

Well, if your starting point is that "open source doesn't lead to bugs being identified and disclosed" then those very posters you are complaining against are partially right, in part. Consider:
Open source: anyone can read the code, but (based on our premise) this doesn't lead to identification and disclosure of problems. It can allow a prospective attacker to identify problems and not disclose.
Closed source: only internal staff can read the code, but (based on our premise) having many eyes looking doesn't lead to identification and disclosure of problems. Prospective attackers can only do binary analysis, not source analysis, to find problems.

If binary analysis is more difficult than source analysis for finding potential bugs (i.e. potential targets for attack) then closed source is more secure in this context (assuming one or more attackers looking for potential vulnerabilities in the library/source/whatever).

Note: I'm not agreeing with the 'ubiquity' argument because it ignores read distributions of OSs. Also I'm not agreeing with the 'financial interest' arguments, because in a closed source there is the possibility that a company will gamble on an internally-detected vulnerability not being exploitable (or exploited) rather than fix it.

There are valid arguments for using open-source software, but I don't think the "many eyes" argument is necessarily a good one.

Re:Ars Technica comments about open-source

[Thanosius]

Fair point. The "many eyes" argument might not hold well in practice, but from a personal perspective I feel more comfortable when important code at least has the opportunity to be analyzed by anyone due to it being open, as opposed to being under lock and key with only one vendor having access. At least the bug was fixed quickly.

Re:Ars Technica comments about open-source

My problem with the "Many Eyes" theory is that it assumes that the people looking at the code will understand it completely and be able to spot errors.

To my mind this falls down in practice. It takes a good while to understand a non-trivial codebase and even longer if the code is very specific to a single task (e.g. encryption).

Given the problem of lack of code documentation (not just a problem with open source by any means) and differing code styles that also slow down the understanding of the codebase it seems foolishly optimistic, even dangerously so, to equate open source with de facto bug free.

Now I'm not saying that this means closed source is better, since the same problems exist for closed as well as open source, but it without access to the source an attackers life is made just that little bit harder. Obviously if a bug is observed in operation then it's better for the open source since the observer can (if capable and so inclined) look at the source and attempt a fix.

So when a weakness like this is found

[Marrow]

Is everyone racing to change their passwords?

Well, this is embarrasing.

I guess i should stop trolling #osx now then.

Function call overhead

[tepples]

Nested blocks are refactorable into smaller functions.

And the program eats the function/method/message call overhead, the overhead of passing all local variables as arguments, and the overhead of constructing and destroying an object through which to return multiple values from each function call.

Re:Function call overhead

[cnettel]

Nested blocks are refactorable into smaller functions.

And the program eats the function/method/message call overhead, the overhead of passing all local variables as arguments, and the overhead of constructing and destroying an object through which to return multiple values from each function call.

I think you need to be introduced to a modern optimizing compiler. It will handle the first two for you, just fine, as long as you are in the same compilation unit (or doing fancier global optimziation). Since you just refactored this from a single function, you are supposedly still in the same compilation unit. If you pack the data in something like a stack-allocated struct even the last one will be reduced or completely avoided.

Re:Function call overhead

Then stop using those crappy Microsoft compilers and switch to something modern+robust (Intel, etc.). Problem solved.

Re:Function call overhead

[blueg3]

If you make it a static method and use an optimizing compiler, it will actually optimize away the function entirely.

Resulting in exactly what you would have gotten if you used goto.

Re:Function call overhead

[BasilBrush]

It does amuse me of people who don't understand modern compiler optimisations try to be clever. The biggest lesson you can learn is "don't optimise prematurely".

xubuntu seems to be completely dependent on gnutls

[Marrow]

Try to remove that library, and you find that most of the critical software depends on it.

Deliberately introduced?

[mi]

The coding error may have been present since 2005

May it also be, the "coding error" was not an error at all, but a deliberately introduced bug? Government agencies always wanted to read our — and each other's — communications. Sometimes even for legitimate reasons...

Re:Deliberately introduced?

[Carewolf]

Doubt it, GnuTLS is not really used for anything important.

If you want a conspiracy, you can ask why OpenSSL still has insane defaults like allowing SSLv2.

*yawn*

[nurb432]

Everything is vulnerable. its just a matter of how.

Freedom is better than dependency.

[jbn-o]

So when Apple's proprietary encryption software suffered a problem, Apple users could do nothing but wait for Apple to deliver a fix; there's nobody else that are allowed to fix Apple's proprietary software but Apple. And when that fix ostensibly arrived, Apple users had to hope it wasn't bundled with some malware too (as is often in proprietary software).

This bug was caught during an audit—"The vulnerability was discovered during an audit of GnuTLS for Red Hat.". Nobody but the proprietor can audit proprietary software. But with free software, users have the freedom to audit the code they run, patch that code, and run their patched code; users can choose to fix bugs themselves or get someone else to fix bugs for them. And users don't have to always trust the same people to do work on their behalf. Users can also choose to wait for a fix to be distributed, and then they can choose to check that fix to make sure it doesn't contain malware. For all we know some users have long spotted and fixed this bug in GNUTLS. Since all complex software has bugs bugs are unavoidable. We're better off depending on people we choose to trust. Software freedom is better for its own sake.

Re:Freedom is better than dependency.

[cnettel]

The Apple library itself was open source, right (although rebuilding the OS files would be precarious in OS X and outright impossible in iOS)? The mess with libraries like this (proprietary or not) is all other code (proprietary or not) that not only link to shared objects provided with the OS, but roll their own, sometimes even modified, build of the library. Now, thanks to the fact that it's GPL it cannot be hidden in a blob without at least a license notice, but tracking it down everywhere will be a mess. And then we haven't even got started about embedded systems...

Re:Freedom is better than dependency.

[PNutts]

So when Apple's proprietary encryption software suffered a problem, Apple users could do nothing but wait for Apple to deliver a fix; there's nobody else that are allowed to fix Apple's proprietary software but Apple. And when that fix ostensibly arrived, Apple users had to hope it wasn't bundled with some malware too (as is often in proprietary software).

I shouldn't feed the troll, but Apple released the patch and simultaneously announced the issue so there was no waiting. IIRC the trusted jailbreak community had a patch the next day. As to the rest of your rant, if you're trying to glamorize non-proprietary software by comparing it's benefits to someone technical vs. my six year old using her iPod then you really don't have much of an argument. And to those people who may have known about this and fixed it without telling anyone (which puzzles me why you made that an example of why non-proprietary software is better): FU you selfish bastards.

Re:Freedom is better than dependency.

[jbn-o]

Apple may have known about the issue for a while and not talked about it until it could release whatever proprietary blob alleges to be a fix. Apple's users might have known Apple's software was buggy too, but not been able to do anything about fixing Apple's code, since that's the nature of proprietary software. Apple has sat on exploitable security issues before; in that case, governments used that iTunes security hole to invade people's computers (as RMS points out). So in that case, apparently multiple people knew iTunes was a security problem.

Just because your six year old hasn't been taught the value of software freedom doesn't make software freedom worthless. I'm guessing there are a lot of things a six year old has not yet come to value which they will later learn they should have valued all along. Perhaps teaching your six year old to value substantive issues like ethical understanding of how people treat one another would be a good start. And while I certainly wish anyone with a fix would have shared that fix, they're under no obligation to share in the free software world and I doubt they'll be convinced to by your namecalling. But the situation is still better that anyone could have fixed this (and possibly some did) rather than having no option but hoping the proprietor takes an interest.

Re:Freedom is better than dependency.

[jbn-o]

Apple's code was based on something "open source" but that does Apple's users no good because of what I already said: Apple's distributed code to its users are proprietary. Better to have the alleged "mess" to track down than to know there's no point in tracking down anything because what you'll find is something you're not allowed to inspect, modify, or share. Here you're really highlighting the difference between free software and open source: open source advocates don't want to talk about how people ought to treat one another and are eager to distract discussion away from ethics by conflating freedom with hassle. Free software activists endorse freedom as a good unto itself because it lets us treat one another with decency and respect.

Re:Freedom is better than dependency.

You're so full of shit. You think the average linux user is capable of "checking" systems level code to see if a fix works? LOL.. even the DEVELOPERS don't know whether the software actually does what it says - as shown by this bug. The average linux user is pretty much an idiot when it comes to groking complex crypto code. Hell I wouldn't trust a fix by most open source developers. They think just dumping the fix into some tarball makes it OK. You have to run millions of tests, regression tests, compatibility tests etc that take *days* to do even when you have a test lab. No way is any fix going directly onto a production machine of mine without that. I'd much rather prefer non-free software if it means they use my money to pay someone to test the code before they dump it onto the users.

Re:Freedom is better than dependency.

[Rob_Bryerton]

Quit trying to deflect the issue w/the freedom nonsense, and your attempted rabble-rousing by throwing Apple into the mix. Totally irrelevant.

The fact of the matter is that this flaw has been "free" for 9 years. *9 YEARS*.

Yeah, freedom, man.

Re:Freedom is better than dependency.

[jbn-o]

I'm sure many serious flaws in many free programs have been around for a long time, some flaws longer than this flaw. But free software advocates make no guarantees you'll get secure code. If you'd like that guarantee perhaps you can purchase a programmer's time to get that; perhaps you should have hired a programmer to inspect this code on your behalf, looking for security issues, raising them upstream, and fixing them for you (software freedom gives you these options as I mentioned before). Your objection really stems from your belief that open source and free software are discussing the issue starting from the same underlying philosophy.

The philosophies are not the same therefore the two movements arrive at different conclusions: Structurally speaking, programmers know that malware can be easily hidden in proprietary programs yet it's rare to find malware in free software for the same reason—those who forbid users from inspecting, sharing, and modifying source code can more easily sneak malware into the code. Focusing on price and technical issues (such as features, speed, and reliability) isn't bad but doesn't go nearly far enough. More and more users understand that society needs more than framing the debate around a developmental methodology as the open source movement does. So, the more one values catching bad code early (as we all, rightly, do) the more everyone should value software freedom for its own sake. Software freedom lets us increase the odds for using better code by treating computer users respectfully through granting and securing our permission to inspect, share, and modify that free code. All computer users deserve software freedom.

Inline functions

Much of the problems with overhead are obviated by inline functions.

Re:First

...as to be passé.

I do not think that word means what you think it means.

"no longer fashionable; out of date"
Seems appropriate. They were explaining how it's not "fashionable" to report on something so common.

Don't worry, it'll be fixed quickly then...

yeah, it'll be ugh... rolled out to ughm all the software that uses it by a central package management solution and update mechanism.

NSS perhaps

[tepples]

The GPL has an exemption for linking with libraries that are part of the operating system.

OpenSSL is not part of the "system libraries" on all platforms. Programs would have to have some sort of shim layer to use either OpenSSL on platforms with it or something else on platforms without it. If you distribute a client-side application designed for POSIX-like systems, most people aren't going to be willing to switch to a Mac or install Linux or FreeBSD in VirtualBox just to run it. (Windows is still preinstalled on the vast majority of desktop PCs sold in industrialized English-speaking countries.) And if you just distribute a VM with the operating system and your application pre-installed, you lose the ability to take advantage of the "system libraries" exception in the GPL.

Also, there are libraries which mimic OpenSSL's API, at least the most prominent parts. For example, NSS, CyaSSL, etc.

CyaSSL is GPL, and NSS is MPL/GPL disjunction. I imagine NSS has plenty of trained eyeballs looking at it because of its use in the Firefox browser and Firefox OS. But I'd never heard of CyaSSL before today, which casts doubt on how many trained eyeballs have been looking at CyaSSL.

And at the end of the day, no open source SSL library gets hammered the way OpenSSL does, especially server-side.

Would you say NSS gets hammered client-side?

NSS

[MSG]

So can we all get on the bandwagon with Fedora and start using NSS instead?

http://fedoraproject.org/wiki/...

Definition of "Enough" and "fase dichotomy"

[IBitOBear]

ASIDE: Your point is mute [look up "moot" before attempting correction. 8-) ]. Enough is enough, and any less is not enough. That's the definition of enough.

Consider: "If you eat enough pudding you'll die"... the only test case is to keep eating pudding till you die. If you stop before you die you didn't eat enough. 8-)

Now the point that all eyeballs are not equal is fine and obvious. It only takes one metaphorical eyeball, connected to the correct brain, to find a bug. So one is enough if the rest of the configuration is suitable, and an infinite number are not enough if they lack the context.

The real difference between FOSS and others is not the quality of the eyeballs but the opportunity for the correctly quipped eyeball to fall on the relevant bit. In closed source applications the right post-eyeball configuration would have to first be part of the set of allowed eyeballs, and it would likely have to be actively paid to look for the bug directly or indirectly since the limited herd of eyeballs all have their assignments.

Pretending that the better solution (FOSS IMHO) is unworkable because it's demonstrably imperfect ignores the fact that the far less functional (NON FOSS IMHO) has a demonstrably worse track record. That comparason and derision is just "false dichotomy" and kind of an example of, perhaps, why you aren't the set of eyeballs in charge.

In non-FOSS circumstances virtually all eyeballs lack the context to find and fix problems because they lack access to the source.

So your argument fails because it implicitly argues against exposure, or argues that exposure isn't enough if the right people aren't looking. The failure isn't one of fact but of position. You offer no counter proposal. You are pissing on the model that exists but offering no alternative. In short you are engaged in venting of some sort but you are apparently not one of the set of eyeballs ready to offer solutions.

I propose "Snowden" become a active tense op

[IBitOBear]

Snowden:
(v) Adding a bit of code, hardware, or operation you know you shoudln't because an authority requires you do so.
"Hey honey, I'll be late for dinner, I have to snowden the latest release of firefox."

(n) the sneaky bit of intrusive technology
"Hey what's this bit?" "Shhh, that's the snowden."

I know he was the wistleblower, but we should enshrine his deed and the knowledge that this is happening using his name in memoriam.

Nice Job

[adcompteltd]

Nice to share with me......

Re:xubuntu seems to be completely dependent on gnu

[Carewolf]

Gtk links to it for some reason, so any distro XFCE of Gnome based would likely have trouble removing it.

Dijkstra cargo cult

And your's is just rote Dijkstra cargo cult. Really.

Use the tool that fits. Chose intelligently (yeah, that's the hard part).

Obligatory XKCD

http://xkcd.com/292/

Yes, gotos are really that evil.

Re:First

[Plumpaquatsch]

First, and yet another OSS-releated security risk :(

At least they are rare enough that it is news worthy. As compared to Windows where new exploits hardly ever get any attention because they are so frilling common as to be passé.

Well, Slashdot seems to report on every vulnerability popping up on my Apple watchlist (often more than once), but not on all popping up on the RedHat watchlist. Draw your own conclusions from what you just said.

Re:First

[Plumpaquatsch]

First, and yet another OSS-releated security risk :(

At least they are rare enough that it is news worthy. As compared to Windows where new exploits hardly ever get any attention because they are so frilling common as to be passé.

Well, Slashdot seems to report on every vulnerability popping up on my Apple watchlist (often more than once), but not on all popping up on the RedHat watchlist. Draw your own conclusions from what you just said.

Forgot to mention: Apple's TSL-bug was also open source.

Writing safety-aware code _somewhere_

[IBitOBear]

Since all machine code is potentially brittle, the argument for using "safety aware languages" is itself brittle. For instance, Ada is safe because it doesn't allow deallocation unless you use ada.unchecked_deallocation(), or in the alternate, build nothing on the heap, or just hope that the Ada implementation has garbage collection, or..., or... etc.

_Someone_ has to do the work to protect whatever the brittleness is at issue.

For years I have used "struct Buffer { char * start, char * end};" instead of just char * string. (thing.end-thing.begin) is faster than strlen() and the constraints are always present. I've got a library full of simple bits that make this work (a wrapper around write(2) and read(2) for example).

Bad code can be written in any language. Java is safe? Well kind of, until you start making circles of referencds and losing them. sounds harmless unles there is a task and open socket in that circular reference and you've left a link back to some structure so that the socket is now able to access some nonsense.

The best tools in the worst hands are far worse than the worst tools in the best hands. Yelling for tools is a specious argument. Someone has to do the work, and that someone may well bone the job.

Re:Writing safety-aware code _somewhere_

[rmstar]

The best tools in the worst hands are far worse than the worst tools in the best hands. Yelling for tools is a specious argument. Someone has to do the work, and that someone may well bone the job.

A similar argument was put forward against the use of seat belts in cars. It just does not hold water.

The point of safer tools is to keep the reasonably good programmers from shooting themselves in the foot. Because as good as they may be, they are human and make mistakes. C needlessly invites a lot of mistakes, and even good programmers fuck up in C all the time.

The case _for_ goto

[IBitOBear]

The linux kernel is full of gotos. Assembly is bereft blocks and that sort of structure. So "goto" isn't the source of all evil.

Consier this example of the linux goto paradigm below. When taking locks and establsihing component preconditions you can write an optimal routine that does the stepwise creation, and includes the non-conditional cleanup. Then skipping the cleanup if all the parts succede. The example below is trivial, but when it comes to preserving locking orders it solves a hard problem very simply. And if you check out the generated code its very efficent. More so if you hint the compiler that the success case is most likely for each conditional.

So take the simple example and imagine you are building something complex like a network request with data and metadata buffers and the actual request structure itself et al... as the number of parts grow the number of bizarre else conditions you have to use to do stepwise cleanup become bothersome repetitions of code. Its even worse if it's part1 _or_ part2 along with part3 etc. Complexity and repetition of phrases in the elses is plenty of reason to use goto.

complex_thing * hard_thing() {
complex_thing * retval = 0;
thing_pt1 * pt1 = 0;
thing_pt2 * pt2 = 0;
if (pt1 = generate_first()) {
    if (pt2 = generate_last(pt1)) {
        if (retval = generate_final(pt1,pt2)) {
            goto success;
        }
    }
}
if (pt2) cleanup_last(pt2);
if (pt1) cleanup_first(pt1);
success:
return retval;
}

Simply put, there are times when a well-placed goto with a clear purpose and precondition can simplify code and accelerate execution.

Do I use a lot of gotos? no. Probably six C/C++ gotos in the last fifteen years. But when they are the correct tool to use, they can be magical.

Re:The case _for_ goto

[BasilBrush]

The linux kernel is full of gotos. Assembly is bereft blocks and that sort of structure. So "goto" isn't the source of all evil.

That there are primitive languages that don't have proper control structures isn't an argument. It's pointing out the obvious that when there's a limited tool, one needs to make do. Goto is needed to jerry-rig control structures when they are not there. When there's a full set of control structures they are not needed.

if (pt1 = generate_first()) {

There are even bigger problems than the goto in the code you wrote. Assignment in the condition of an if statement? Heck most compilers would issue a warning for even writing such a nasty thing.

So take the simple example and imagine you are building something complex like a network request with data and metadata buffers and the actual request structure itself et al... as the number of parts grow the number of bizarre else conditions you have to use to do stepwise cleanup become bothersome repetitions of code.

The use case and approach you describe is exactly why these errors in TLS libraries have laid undiscovered for so long. So the argument that they simplify is demonstrably wrong. The simplicity is superficial. In reality they lead to assumptions that wouldn't be made with properly structured code.

Goto

Almost no language takes the step to rule out gotos. Quite the opposite, actually, they added it back with a new name, specifically for the purpose it was used by Apple (and other places like the Linux kernel) - skipping to an error handler.

The new name is "throw", and it would have exactly the same problem.

Actually, anything would have the same problem, even a "success = true", because the problem was the same line being repeated twice, and the second one not being dependent on the "if" statement.

Pls mod this UP!

[szelus]

Where are my mod points, when I need them...

OpenSSL

"I know two people who claim to understand the OpenSSL code - and one of them is clearly lying" - PHK, FreeBSD developer and author of Varnish.

So much for the eyes being concentrated on OpenSSL.

Shit shit shit!

[EmagGeek]

Ok! Ok! I must have, I must have put a decimal point in the wrong place or something. Shit. I always do that. I always mess up some mundane detail.

Nope. Who used it?

How many eyeballs did GnuTLS have?

If no-one uses it, there are no eyeballs. Thus no review.

Linux doesn't use GnuTLS in any way. Distributions using Linux might.

Thanks for playing. Better luck next time.

Ubuntu explicitly favors GnuTLS

[daboochmeister]

Understood about Debian, but the children have wandered. From the Ubuntu wiki:

Using GnuTLS avoids the licensing issues that can arise from employing the more common OpenSSL package. For this reason, certain packages such as OpenLDAP are compiled with support for GnuTLS instead of OpenSSL in recent releases of Ubuntu.

In fact, on one of my Ubuntu 13.10 systems I ran ldd on /usr/bin/* and /bin/*, and found many many binaries that link in GnuTLS.

Re:Ubuntu explicitly favors GnuTLS

[Carewolf]

I don't use LDAP :)

For the self-signed cert fanboys

[tepples]

Is that really seriously a question?

Yes. In comments to various articles, you might be surprised at how many people ask questions like this: "Why are people still using HTTP at all instead of self-signed HTTPS?" Then they go on about something called "key continuity management", where seeing the same certificate as on the last visit means that no new MITM has been introduced, but that doesn't help if you're MITM'd from day one. The "Perspectives" project uses route diversity to root out MITMs, but that doesn't help if the MITM is on the server's upstream.

Wasn't this fixed on the 27th?

[DadLeopard]

Seem to remember an update to gnutls for this problem! http://www.ubuntu.com/usn/usn-... USN-1752-1: GnuTLS vulnerability and a standard update fixes it! Whoopty doo! Kind of why I like that Ubuntu doesn't wait for an arbitrary day of the month to issue updates and patches!

in memoriam????

He's not dead...yet!