[Cryptography] The GOTO Squirrel! [was GOTO Considered Harmful]
ianG
iang at iang.org
Mon Mar 3 14:28:29 EST 2014
On 3/03/2014 19:04 pm, Bear wrote:
> On Fri, 2014-02-28 at 17:03 -0800, Dennis E. Hamilton wrote:
>
>
>>
>> A pretty-printer (or any IDE that reflows indentation) would point it out.
>>
>> So would a modern IDE that identifies unreachable code.
>>
>> Any practical code-coverage testing would reveal it too.
>
> Okay, I have to say this despite the complaints on this
> list about how common TERRIBLE security practices may be.
>
> This is completely over the top. There is no way that this
> could possibly be accidental.
>
> In point of fact, I know of no commonly used or commercially
> sold compiler that fails to emit unreachable-code warnings
> by default. Therefore I do not believe that this could be
> anything but deliberate. I would be willing to state exactly
> that in a court of law.
I personally think it is accidental. In the court of cryptography, it
took about 2 minutes to say this:
$ cat moo.c
#include <stdio.h>
#include <stdlib.h>
int main(int argv, char **p)
{
printf("hello world\n");
goto happy;
printf("hello black hole\n");
happy:
exit(0);
}
$ cc moo.c
$ ./a.out
hello world
$ cc -Wall moo.c
$
Look ma, no warnigns! OK, would have taken less time, but it's a mac,
and rusty-C needed to be guided by warnings, snipped...
iang
More information about the cryptography
mailing list