Ben Langhinrichs

Photograph of Ben Langhinrichs

E-mail address - Ben Langhinrichs

February, 2014
02 03 04 05 06 07 08
09 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28

Search the weblog

Genii Weblog

Civility in critiquing the ideas of others is no vice. Rudeness in defending your own ideas is no virtue.

Tue 25 Feb 2014, 09:49 AM
The widespread reports of the hole in iPhones, Macs using Safari and so forth have taken to repeating the myth that the problem is the one line of code with the "goto fail" problem.

To be fair, it is a single line of code, so that is not a myth. The myth is that this represents the problem, that it was a typo (according to Wired), and that Out of all the million lines of code we run every day, this one happened to be printed twice and so forth, as if the coding error were the problem. It was not. Coding errors happen all the time. Typos happen all the time. If security depending on never making a mistake, we should shut down all our computers right now.

The problem was that it wasn't detected. Security errors are caught by trying to get past the security, and it seems like the painful simplicity of getting past this security should have been detected very early. Also, Apple's original statement said that this was one line in 2000 that handle SSL security. That same 2000 lines are copied many, many places, yet nobody seems to have done a code review of this critical part of code. Trust me, programmers looking through this code would not miss the double goto. It stands out like a sore thumb.

How am I so sure of all this? Why, because it has happened to me more than once with our software products. I added an extra semi-colon once that broke the CoexLinks security.  See the pseudocode below to see how easy that is:

/* Code that always drops through to the "do stuff" part */
if (test);
  /* do stuff */

/* Code that only drops through to the "do stuff" part if the test is successful */
if (test)
  /* do stuff */

Another time, I accidentally removed a return that broke the Midas security. But neither got released, because even though I don't have Apple's budget for security and QA and so forth, one thing I always do is try to use license files that are invalid, or get rid of the license altogether. It is incomprehensible to me that Apple would not try like crazy to break through SSL security each time before a release. The idea that they don't try harder to break their own security on a routine basis means that there may be many more subtle problems with their security. This one should have been a no brainer, yet it is widespread in Apple's products. It is the other defects that aren't so glaringly obvious that should scare the hell out of Apple users.

Copyright 2014 Genii Software Ltd.