More on the Apple SSL bug from ImperialViolet
ImperialViolet has this concise explanation of what caused the problems in Apple's SSL stack. In short, it has to do with a duplicate goto statement.
Actually, no, it doesn't. While goto statements might be a bad idea (PDF), it's the proximate cause of the problem, but not the root cause. The root causes are much more difficult to fix:
Apple is deploying patches to fix the problem on iOS devices (iPhones, iPads, certain iPods). They have yet to deploy a patch to OS X, which, as a Mac user, I find personally irritating.
Actually, no, it doesn't. While goto statements might be a bad idea (PDF), it's the proximate cause of the problem, but not the root cause. The root causes are much more difficult to fix:
- The SSL stack is actually very hard to unit-test thoroughly, and therefore even a proper test wouldn't necessarily have caught this bug.
- Programmers assume that code behaves according to its indentation, but it doesn't (unless its Python-like). So, even if another coder caught this errant goto, they might have assumed that the errant goto was tied to the previous if statement, and would thus never run.
Apple is deploying patches to fix the problem on iOS devices (iPhones, iPads, certain iPods). They have yet to deploy a patch to OS X, which, as a Mac user, I find personally irritating.