[Cryptography] The GOTO Squirrel! [was GOTO Considered Harmful]

ianG iang at iang.org
Mon Mar 3 14:28:29 EST 2014


On 3/03/2014 19:04 pm, Bear wrote:
> On Fri, 2014-02-28 at 17:03 -0800, Dennis E. Hamilton wrote:
> 
> 
>>
>> A pretty-printer (or any IDE that reflows indentation) would point it out.  
>>
>> So would a modern IDE that identifies unreachable code.  
>>
>> Any practical code-coverage testing would reveal it too.
> 
> Okay, I have to say this despite the complaints on this 
> list about how common TERRIBLE security practices may be.
> 
> This is completely over the top.  There is no way that this
> could possibly be accidental.
> 
> In point of fact, I know of no commonly used or commercially 
> sold compiler that fails to emit unreachable-code warnings 
> by default.  Therefore I do not believe that this could be 
> anything but deliberate.  I would be willing to state exactly 
> that in a court of law.


I personally think it is accidental.  In the court of cryptography, it
took about 2 minutes to say this:

$ cat moo.c

#include <stdio.h>
#include <stdlib.h>

int main(int argv, char **p)
{
	printf("hello world\n");
	goto happy;
	printf("hello black hole\n");

happy:
	exit(0);
}
$ cc moo.c
$ ./a.out
hello world
$ cc -Wall moo.c
$


Look ma, no warnigns!  OK, would have taken less time, but it's a mac,
and rusty-C needed to be guided by warnings, snipped...

iang


More information about the cryptography mailing list