iOS code bug that even YOU could have spotted

All topics about coding, designing, etc. goes in here.
Post Reply
User avatar
hamin_aus
Forum Moderator
Posts: 18363
Joined: 28 Aug 2003, 02:00
Processor: Intel i7 3770K
Motherboard: GA-Z77X-UP4 TH
Graphics card: Galax GTX1080
Memory: 32GB G.Skill Ripjaws
Location: Where beer does flow and men chunder
Contact:

iOS code bug that even YOU could have spotted

Post by hamin_aus »

www.cs.columbia.edu wrote: As you've probably heard by now, there's a serious bug in the TLS implementations in iOS (the iPhone and iPad operating system) and MacOS. I'll skip the details (but see Adam Langley's excellent blog post if you're interested); the effect is that under certain conditions, an attacker can sit in the middle of an encrypted connection and read all of the traffic.

Here's the code in question:

Code: Select all

	if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
		goto fail;
	if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
		goto fail;
		goto fail;
	if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
		goto fail;
Note the doubled
goto fail;
goto fail;
That's incorrect and is at the root of the problem.
goto fail; INDEED :lol:
Image
KALSTER
Forum Moderator
Posts: 5439
Joined: 12 Oct 2008, 02:08

Re: iOS code bug that even YOU could have spotted

Post by KALSTER »

Image
"It is the mark of an educated mind to be able to entertain a thought without accepting it." - Aristotle
Intel i5 2500; AsRock Z77 Extreme 4; Asus GTX580; 4x 2GB DDR3 1333; Intel 520 240GB SSD + 2x WD 3TB + 2TB Samsung; Samsung 22X DVD/RW; 23" LG W2343T-PF; Huntkey 700W
User avatar
rustypup
Registered User
Posts: 8872
Joined: 13 Dec 2004, 02:00
Location: nullus pixius demonica
Contact:

Re: iOS code bug that even YOU could have spotted

Post by rustypup »

"closed source is far more secure".....

right..

also, the amount of drama around this is amusing... MitM has been around for some time....

reducing the risks would include: step 1 - don't log in to services over public wif... oh, wait... apple users.... never mind. carry on. the magic apple will protect you from yourself...
Most people would sooner die than think; in fact, they do so - Bertrand Russel
Post Reply