SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 98

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 99

changes.mady.by.user Will Snavely

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

CVE-2014-1266 results from a violation of this rule. There is a spurious goto fail statement on line 631 of sslKeyExchange.c. This goto statement gets executed unconditionally, even though it is indented as if it were part of the preceding if statement. As a result, the call to sslRawVerify() (which would perform the actual signature verification) becomes dead code [ImperialViolet 2014].

Related Guidelines

SEI CERT C++ Coding StandardMSC12-CPP. Detect and remove code that has no effect
ISO/IEC TR 24772Unspecified Functionality [BVQ]
Likely Incorrect Expressions [KOA]
Dead and Deactivated Code [XYQ]
MISRA C:2012Rule 2.2 (required)

...