

Certificate Verification Issue - GnuTLS - d0ne
http://gnutls.org/security.html#GNUTLS-SA-2014-2

======
nathancahill
@0xabad1dea's excellent sketch analysis[0] explains the root cause of the
problem better than the confusing gitorious UI with the diff[1].

[0] [http://imgur.com/UqAkZS7](http://imgur.com/UqAkZS7)

[1]
[https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150cc...](https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150ccbdf0aec1878a41c17c41d358a3b)

~~~
valarauca1
One of his complaints is that they aren't using bools, when bools don't exist
in c.

~~~
DannyBee
Sure they do, since c99. Section 7.16

~~~
LnxPrgr3
Even before then, C had the concept of a boolean expression, and ints were
used idiomatically as bools.

Unfortunately, the type system can't save you, so it's up to you to keep your
promise to return the correct thing. Not even C99 can save you:

    
    
        $ cat booltest.c 
        #include <stdio.h>
        #include <stdbool.h>
        
        bool moo() {
            int rv = -1;
            return rv;
        }
        
        int main(int argc, char *argv[]) {
            printf("moo() returned %s\n", moo() ? "TRUE" : "FALSE");
        }
        $ clang -std=c99 -o booltest booltest.c -Wall
        $

~~~
bodyfour
I'm usually not much of a Java fan, but making bool a stricter type was a good
change. I always write my C code as if it had the same rules. For example, if
you have:

    
    
        bool b;
        int i;
        unsigned u;
        void *p;
    

You could write code that looked like:

    
    
        if (b && i && u && p)
    

...and some people would even consider that idiomatic. I'd write the same test
as:

    
    
        if (b && (i != 0) && (u > 0) && (p != NULL))
    

which is a little longer but, IMO, clearer. If the compiler enforced that
style this family of bug would happen a lot less.

In a similar vein, I wish enums had strict conversion rules. C++11 finally
gives us that with "enum class", but I don't think anything similar exists in
C.

------
coldcode
Is this really another problem will poorly written goto's?

~~~
nathancahill
No, see my link above. Goto is not the bug.

------
proovit
I find the language "how to mitigate the attack" completely offensive.

How about "how to verify a certificate?" Or better "how to write C code"

This is a scandal. Stop.

