The failure from a programmers view.
This soliloquy is for programmers, but feel free to read it anyway.
By now, most have seen the now famous Goto Fail of the current OSX/IOS security failure (that this thread is about). Most articles I have read all talk about how it is just a finger check where he/she hit insert twice. I think it is a reason to condemn the shortcuts built into C-type compilers.
C (and Perl and…) allow an IF statement construct to assume the curly brackets exist if the conditional statement has only one line, like so…
if (some condition)
Goto Fail;
Obviously, the code under the gun at the moment…
if (some condition)
Goto Fail;
Goto Fail;
Important code past this point will never be executed, like SSL checking and stuff that you might want when you surf.
The second Goto statement will alway be run, no matter what the result of the if condition and of course, that is the cause of the failure we are discussing.
Now, if the programmer had used the proper construct with curly brackets, and hopefully an editor that checks such, the OSX code would have looked like this…
if (some condition)
{
Goto Fail;
Goto Fail;
}
Not only would he/she have had a much greater chance of noticing the finger check paste, but we wouldn’t be talking about failures of OSX now, since the second and wrong Goto would NEVER be accessed. It can’t be. Had the test been true, the first Goto would be properly run, and if failed, the entire construct inside the brackets would have been ignored. Someday, a programmer might stumble across the code and call out, “Hey, look at this dummy goto statement. Wonder who put that in?” but it wouldn't be a major topic of conversation among users now.
End of 2 cents.