Hacker News new | past | comments | ask | show | jobs | submit login
The Story of the GnuTLS Bug (existentialize.com)
72 points by bqe on Mar 5, 2014 | hide | past | favorite | 5 comments

Is that first snippet accurate? It makes it look as if it would never return a positive value. It returns only 0 or a negative value.

It's accurate, but the calling convention of the top-level function is such that any non-zero value is accepted as boolean true (i.e. a valid CA) and only a zero return value is understood as false.

Because of this problem of returning the errno-style result code as a boolean-style result code, the cert being looked at would always verify as correct.

That's why the fix simply added another label to clear the result variable (to be logically false) before running through the cleanup code and returning the result.

It's accurate, but incomplete (it's a snippet not a complete quote -- note the // snip in there). If you look at the full commit linked in the post, there are code paths in the complete function that would make it return a 1.

Ugh I really don't like the brace style in that code. Seen it a few times in GNU code and it's a PITA as everyone else does it differently resulting in merge/patch issues. It's ugly too.

GNU C style is by far my least favorite style out there, but at least it's a style, and can be automatically checked.

IMHO, any style can be adjusted to once one gets over the initial aesthetic revulsion. I haven't yet found a formatting style that is truly better or worse than others, once one has learned it and its quirks.

Applications are open for YC Winter 2021

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact