Finding More Than One Worm in the Apple
暂无分享,去创建一个
In February Apple revealed and fixed an SSL (Secure Sockets Layer) vulnerability that had gone undiscovered since the release of iOS 6.0 in September 2012. It left users vulnerable to man-in-the-middle attacks thanks to a short circuit in the SSL/TLS (Transport Layer Security) handshake algorithm introduced by the duplication of a goto statement. Since the discovery of this very serious bug, many people have written about potential causes. A close inspection of the code, however, reveals not only how a unit test could have been written to catch the bug, but also how to refactor the existing code to make the algorithm testable - as well as more clues to the nature of the error and the environment that produced it.
[1] M. Salkie. Too many tests? , 1971, Lancet.
[2] Edsger W. Dijkstra,et al. Letters to the editor: go to statement considered harmful , 1968, CACM.