...
CVE-2014-1266 results from a violation of this rule. There is a spurious goto fail statement on line 631 of sslKeyExchange.c. This goto statement gets executed unconditionally, even though it is indented as if it were part of the preceding if statement. As a result, the call to sslRawVerify() (which would perform the actual signature verification) becomes dead code. [ImperialViolet 2014]
Related Guidelines
| SEI CERT C++ Coding Standard | MSC07-CPP. Detect and remove dead code |
| ISO/IEC TR 24772 | Unspecified functionality [BVQ] Dead and deactivated code [XYQ] |
| MISRA C:2012 | Rule 2.1 (required) |
| MITRE CWE | CWE-561, Dead code |
...