Behind iPhone’s Critical Security Bug, a Single Bad ‘Goto’

 

Some software bugs are infinitely subtle and complicated. Others are comprehensible almost at a glance to anyone who dabbled in BASIC as a kid. The iOS 7 bug is in the latter group.

Did you see it? This function is called when a iPhone connects to an encrypted site over SSL: it’s meant to verify that the encryption key is being vouched for — digitally signed — by the operator of the website.

But notice the two “goto fail” lines, one after the other. The first one belongs there. The second is a typo. That extra, duplicative line diverts the program’s execution, like a bypass stent, right past a critical authentication check. The part where the digital signature is actually checked is dead code, never reached.
Behind iPhone’s Critical Security Bug, a Single Bad ‘Goto’ | Threat Level | Wired.com.