

The Story of the GnuTLS Bug - bqe
http://blog.existentialize.com/the-story-of-the-gnutls-bug.html

======
tunesmith
Is that first snippet accurate? It makes it look as if it would never return a
positive value. It returns only 0 or a negative value.

~~~
mpyne
It's accurate, but the calling convention of the top-level function is such
that _any_ non-zero value is accepted as boolean true (i.e. a valid CA) and
only a zero return value is understood as false.

Because of this problem of returning the errno-style result code as a boolean-
style result code, the cert being looked at would always verify as correct.

That's why the fix simply added another label to clear the result variable (to
be logically false) before running through the cleanup code and returning the
result.

------
bananas
Ugh I really don't like the brace style in that code. Seen it a few times in
GNU code and it's a PITA as everyone else does it differently resulting in
merge/patch issues. It's ugly too.

~~~
epistasis
GNU C style is by far my least favorite style out there, but at least it's a
style, and can be automatically checked.

IMHO, any style can be adjusted to once one gets over the initial aesthetic
revulsion. I haven't yet found a formatting style that is truly better or
worse than others, once one has learned it and its quirks.

