|
News News regarding BSD and related. |
|
Thread Tools | Display Modes |
|
||||
Apple SSL gaffe affects mobile and OS X
Quote:
|
|
||||
A follow-up:
Apple issues fix for major OS X security flaw Quote:
|
|
||||
The bug was actually rather funny:
Code:
static OSStatus SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams, uint8_t *signature, UInt16 signatureLen) { OSStatus err; ... if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail; ... fail: SSLFreeBuffer(&signedHashes); SSLFreeBuffer(&hashCtx); return err; }
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. |
|
||||
Thanks, I'd read somewhere it was a single line, so nice to see exactly what it was. (I think I see it now, in an earlier version of this post I was confused. )
Last edited by IdOp; 26th February 2014 at 09:55 PM. |
|
||||
Looks like a line has been deleted.
Maybe something like this : Code:
if ((err = SSLHashSHA1.update(&hashCtx, &exchangeParams)) != 0)
__________________
ThinkPad W500 P8700 6GB HD3650 - faultry ThinkStation P700 2x2620v3 32GB 1050ti 3xSSD 1xHDD |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Adobe abandons mobile Flash | shep | News | 4 | 27th July 2017 08:33 AM |
Antivirus update affects medical computers. | shep | News | 4 | 28th April 2010 04:10 PM |
mobile client to ipsec gateway | milo974 | OpenBSD Security | 8 | 22nd July 2009 05:19 AM |
Mobile Broadband | adapa | OpenBSD General | 3 | 23rd February 2009 09:09 PM |
Kuro5hin: FreeBSD Owes Apple Big | quique | FreeBSD General | 24 | 22nd November 2008 07:43 PM |