SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 57

changes.mady.by.user Will Klieber

Saved on

compared with

New Version 58

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

EXP19-C

Medium

Probable

Medium

P8

L2

Automated Detection

Tool

Version

Checker

Description

PRQA QA-C

Include Page
PRQA QA-C_v
PRQA QA-C_v

2212

 

Related Vulnerabilities

CVE-2014-1266 was due, in large part, to failing to follow this recommendation. There is a spurious "goto fail" statement on line 631 of sslKeyExchange.c. This "goto" gets executed unconditionally, even though it is indented as if it were part of the preceding "if" statement.  As a result, the call to sslRawVerify (which performs the actual signature verification) is rendered dead code.  [ImperialViolet 2014]. If the body of the "if" statement had been enclosed in braces, then this defect likely would not have happened.

...