Read the linked article. Apple had released security related code that included an additional line that prevented valid credentials from working. Basically, the code was testing conditions to see if it should report a failure. Because the IF conditions did not use code blocks, an extra line was executed in all cases.
If you have trouble finding the error, look for “/* MISTAKE! THIS LINE SHOULD NOT BE HERE */”
Please post your thoughts for the following questions:
1. Would have using a code block “{}” help to avoid this issue?
2. Given the code formatting, how easy was it for you to see the error? Do think the error is obvious?
3. While a compiler or IDE can help report these issues, who should most likely test their code ? Developers or QA departments?
Here is the link: https://nakedsecurity.sophos.com/2014/02/24/anatomy-of-a-goto-fail-apples-ssl-bug-explained-plus-an-unofficial-patch/
0 comments