User: Password:
|
|
Subscribe / Log in / New account

A longstanding GnuTLS certificate validation botch

A longstanding GnuTLS certificate validation botch

Posted Mar 7, 2014 10:51 UTC (Fri) by hummassa (subscriber, #307)
In reply to: A longstanding GnuTLS certificate validation botch by smurf
Parent article: A longstanding GnuTLS certificate validation botch

> No, but we do know that C++ code, particularly when it's older, has failure modes which Mr. Stroustrup was unable to even conceive of when he first designed the thing and which C is completely incapable of.

Now it seems that you're trolling. Which failure modes are those? The only failure modes I see in C++ are the C-related ones (null pointer dereferencing, buffer overflows, integer overflows and underflows).


(Log in to post comments)

A longstanding GnuTLS certificate validation botch

Posted Mar 7, 2014 12:22 UTC (Fri) by nix (subscriber, #2304) [Link]

Exception throws from unexpected places, leaving the code in an inconsistent state. (Yes, when properly written the code won't have any such bugs. When properly written, code has no bugs at all...)

A longstanding GnuTLS certificate validation botch

Posted Mar 7, 2014 19:34 UTC (Fri) by hummassa (subscriber, #307) [Link]

As someone else commented, the 90's are over for quite some time now.

> Exception throws from unexpected places

those, nowadays, call unexpected() instead of "leaving the program in an inconsistent state". unexpected(), left to its own devices, will abort the program.

A longstanding GnuTLS certificate validation botch

Posted Mar 7, 2014 20:37 UTC (Fri) by cesarb (subscriber, #6266) [Link]

That's only if you are using exception specifications, which is AFAIK not recommended (except for C++0x's nothrow).

I think what nix meant is: if you are not very careful, you can write code which is not exception-safe. An exception thrown in the middle of that code will lead to inconsistent state. RAII helps a lot, but not everything can easily be expressed in RAII style.

And even if you are very careful, code can have bugs. Exception-safety bugs can be quite hard to see by just reading the code: you have to consider that every line of code within a function could throw an exception. Even apparently innocent code like "a = b + c;" can throw an exception, courtesy of operator overloading.

Contrast this with C, where only function calls can do nonlocal exits, and even then only in the presence of longjmp(). Most functions will not call longjmp() (and if you use it from a signal handler, you deserve to lose). In C, the code flow is much simpler: it's all explicit, and visible by looking at the function's body. Even gcc's cleanup extension does not change that.

A longstanding GnuTLS certificate validation botch

Posted Mar 8, 2014 23:15 UTC (Sat) by nix (subscriber, #2304) [Link]

Quite. I'm not saying it's impossible to make it work, obviously it isn't. It's just not at all easy, and it's not obvious when you got it wrong.

I like exceptions, but I'm wary of them in much the same way as I would be of a gun that has a habit of firing spontaneously and exploding when fired. :)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds