| ||Why was "goto fail;" added without any other change to that part of the code?|
61 points by 0x006A 1095 days ago | hide | past | web | 85 comments | favorite |
|Looking at the diff between the two versions of sslKeyExchange.c released by Apple http://opensource.apple.com/source/Security/Security-55471/libsecurity_ssl/lib/sslKeyExchange.c and http://opensource.apple.com/source/Security/Security-55179.13/libsecurity_ssl/lib/sslKeyExchange.c
I was trying to come up with a reasonable explanations of how this could have happened, but failed.|
Here the relevant part of the diff:
How could this ever happen? It does not look like a copy & paste error as suggested in other places,
it does not look like refactoring. Was it added intentionally to test something and commited by accident?
Is there any possible non malicious explanation someone could come up with?
@@ -627,6 +628,7 @@
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
+ goto fail;
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
| Apply to YC