Feeds

Today's bugs have BRANDS? Be still my bleeding heart [logo]

Code-slinger Verity reviews the rash of groovy-named open-source security vulns

Remote control for virtualized desktops

Stob In view of the ongoing security-holed far-too-open source situation, I have decided to convene an emergency meeting of ERCOCC, the El Reg Committee Of Competent Coders, to review what has occurred and how we should go forward.

No time for chitter-chattering. Settle down everybody, and juice up the PowerPoint projector please Eric.

Bug #1: Goto Fail

The last time I spotted a goto in the wild was about 15 years ago. It was embedded in a C++ date-time class I had lazily poached from a certain code-sharing site, where the file had been made available under the controversial WYGIWYD licence (What You Get Is What You Deserve).

That use of goto was quite gratuitous. It shone in the source out like the bright colourings adopted by certain venomous insects to warn birds not to eat them. And, like the stupidest, freshly-fledged squab, I inhaled the wasp and endured the consequences. Needless to say, it would have been quicker and more fun to copy out Letts 2002 Diary for the Dimmer Bulb by hand.

Because nobody uses goto in real code, right? Sure, back in the day, Donald Knuth - not an obvious Nigel Farage-stylee hero of reactionary principles - bashed out a quick paper in its defence. But that was in 1974, when digital watches were still a pretty neat idea, smoking fags was both funny and clever and certain Top of the Pops presenters blah-di-blah ugh.

So - and I'm sure you got here before me - when the Goto Fail SSL kerfuffle occurred, you could have smacked my gob into last Tuesday with a bent feather. Naturally I clicked through the links to the C file in question: go here and scroll down to SSLVerifySignedServerKeyExchange to see for yourself, or here for a grown up analysis.

Or, to save time and excess clickage, take a gander at this dramatic reconstruction. See if you can spot that problematic line:

OSStatus SSLVerifySignedServerKeyExchange(/*loadsa params*/)
{
    /* Declare some local variables, including: */
    SSLBuffer       signedHashes;
    /* More mucking about with local variables, eg */
    signedHashes.data = 0;
    /* Then the main rhythm of the function: */
    if ((err = SSLImportantManInTheMiddleDefence(hashCtx, otherStuff)) != 0)
        goto fail;
    if ((err = SSLBitTwiddlingBogeymanBaffling(whatever)) != 0)
        goto fail;
    if ((err = SSLTumTittyTumTum(tum)) != 0)
        goto fail;
    if ((err = SSLNotForYourTinyBrainYouEarthling(params)) != 0)
        goto fail;
    if ((err = SSLAnotherFunctionYouDontUnderstand(hohoHo)) != 0)
        goto fail;
    /* ... */
    /* After many more lines of the same ilk: */
    if ((err = SSLYadaYadaYada(stuff)) != 0)
        goto fail;
        goto fail;
    if ((err = SSLDoTheActualImportantCheck(stuff)) != 0)
        goto fail;
fail:
    SSLFreeBuffer(&signedHashes);
    SSLFreeBuffer(&hashCtx);
    return err;
}

With its repeated goto fail refrain, the code's structure seems familiar. Ah yes, I know: the bawdy song Three German Officers crossed the Rhine. Substitute 'goto fail' for 'parlez-vous' and you can practically whistle it:

if err equals ess ess ell tum-tee-tum
  goto fail,
if err equals ess ess ell tum-tee-dum
  goto fail...

The repeated goto is like the phrase "Simon says" in a game of "Simon says": it exists only to trip you up. It makes for a bored, twitchy style.

Programmers shouldn't be inflicting boring, repetitive tasks on themselves. That's why they make friends with computers.

And this goto just isn't necessary. Despite the non-comittal line taken by this page, there are better ways to do it.

For example, the code maintainer could simply drop the gotos and code the whole lot with nested ifs. Sure, he would likely want to refactor the function into smaller pieces, to avoid ending up with his logic uncomfortably cramped up against the right hand margin, like the face of a hungry child squished against a restaurant window in a heart-warming movie. But so what? This program could use a little extra reorganisation.

Or - and this is Baby's favoured solution - he could just turn on the C++ switch of that great big compiler he has there, and protect his resources with a bit of RAII. With that in place, his ghastly gotos become happy returns.

Reader: Is there any other feature to which you would wish to draw my attention?

Stob: To the curious incident of the signedHashes variable in the body of the function.

Reader, gamely playing along: But the signedHashes variable does nothing in the body of the function.

Stob, triumphantly: That is the curious incident.

Internet Security Threat Report 2014

Next page: Bug #2: GnuTLS

More from The Register

next story
PEAK APPLE: iOS 8 is least popular Cupertino mobile OS in all of HUMAN HISTORY
'Nerd release' finally staggers past 50 per cent adoption
Microsoft to bake Skype into IE, without plugins
Redmond thinks the Object Real-Time Communications API for WebRTC is ready to roll
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
Mozilla: Spidermonkey ATE Apple's JavaScriptCore, THRASHED Google V8
Moz man claims the win on rivals' own benchmarks
Yes, Virginia, there IS a W3C HTML5 standard – as of now, that is
You asked for it! You begged for it! Then you gave up! And now it's HERE!
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with 'non-invasive' methods
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.