Most active commenters
  • corndoge(6)
  • MaulingMonkey(3)

←back to thread

Remotely Compromising Android and iOS via a bug in Broadcom's WI-FI Chipsets

(blog.exodusintel.com)
387 points pedro84 | 16 comments | 26 Jul 17 19:51 UTC | HN request time: 1.243s | source | bottom
Show context
Animats ◴[26 Jul 17 22:28 UTC] No.14860964[source]
C's lack of array size info strikes again:

    memcpy(current_wmm_ie, ie->data, ie->len);
where "ie" points to data obtained from the net.
replies(2): >>14861129 #>>14861284 #
corndoge ◴[26 Jul 17 23:23 UTC] No.14861284[source]
Programmer's mistake for not validating data, not the fault of C language mechanics. Yes it would be easier if <hll features>, still gotta be careful. I've made plenty of these mistakes but never blamed the language.
replies(5): >>14861427 #>>14861944 #>>14861961 #>>14866096 #>>14871609 #
1. orf ◴[26 Jul 17 23:48 UTC] No.14861427[source]
If a manufacturer makes and sells a gun that keeps going off in people's holsters and shooting people in the foot, the answer is not to say "it's the user's fault for not using it properly. I've shot myself in the foot hundreds of times and I don't blame the manufacturer".

Or something. That analogy sounded better in my head than written down. The point is that IMO the blame lies squarely with the C language: it's a language that's used in a lot of complex parsing code and provides pretty much nothing to help with this, and if anything actually puts roadblocks in the way.

replies(4): >>14861447 #>>14863535 #>>14864749 #>>14872582 #
2. corndoge ◴[26 Jul 17 23:51 UTC] No.14861447[source]
I shot myself in the foot yet I don't blame the manufacturer for not putting a safety on the gun since I'm the one that bought it with full knowledge of the caveats
replies(4): >>14861489 #>>14861731 #>>14861881 #>>14861917 #
3. teraflop ◴[26 Jul 17 23:58 UTC] No.14861489[source]
If thousands of people were repeatedly making the same mistake, and frequently shooting other innocent bystanders' feet, I would definitely put some blame on the manufacturer.
replies(1): >>14862397 #
4. simonh ◴[27 Jul 17 00:46 UTC] No.14861731[source]
That doesn't mean that gun is well designed or worth buying and using. Criticising the lack of such a valuable or even essential feature and advising people not to use it would be fair comment. Right?
replies(1): >>14862394 #
5. sbierwagen ◴[27 Jul 17 01:16 UTC] No.14861881[source]
You consented to it, sure. This bug affected millions of phones. It's more like a car manufacturer decided to put a particular explode-y gas tank in a car, because it provided greater performance.
replies(1): >>14862378 #
6. MaulingMonkey ◴[27 Jul 17 01:24 UTC] No.14861917[source]
My experience is that most C programmers don't know about many of the caveats about the C programming language.

Are you aware that atoi("a"); is undefined behavior? It can crash, it can launch nethack, it can return 0.

replies(1): >>14862385 #
7. corndoge ◴[27 Jul 17 03:04 UTC] No.14862378{3}[source]
and they put a note in the manual that says "if you drive over 70mph on a hot day it will definitely explode so don't do that"

so if you buy that car and you do that, it's your fault regardless of how poor the car design is

replies(1): >>14862571 #
8. corndoge ◴[27 Jul 17 03:06 UTC] No.14862385{3}[source]
yes I'm aware that parsing a letter as an an integer is undefined behavior, it's in the manual
replies(1): >>14862540 #
9. corndoge ◴[27 Jul 17 03:08 UTC] No.14862394{3}[source]
never said C was a great language, merely indicated that it's important to distinguish between a mistake made by a programmer and a failure of the language

pretty sure trusting user provided data without validation is the programmers fault regardless of language

10. corndoge ◴[27 Jul 17 03:09 UTC] No.14862397{3}[source]
the parents analogy is quite bad since C doesn't shoot you in the foot unless you pull the trigger

closer to a gun without a safety, which plenty of manufacturers sell

11. MaulingMonkey ◴[27 Jul 17 03:43 UTC] No.14862540{4}[source]
> yes I'm aware that parsing a letter as an an integer is undefined behavior

Excellent!

> it's in the manual

It's not in MSDN: https://msdn.microsoft.com/en-us/library/yd5xkb5c.aspx

It's not in the manpages: https://linux.die.net/man/3/atoi

Cppreference understates it has having an undefined return value, rather than undefined behavior outright: http://en.cppreference.com/w/cpp/string/byte/atoi

Tutorialspoint defines the behavior as returning 0, and fresh2refresh makes no mention of undefined behavior.

My eighth google hit for atoi finally, finally, gets it right: http://pubs.opengroup.org/onlinepubs/9699919799/functions/at...

If you buy or pirate a copy of e.g. the C89 standard, or refer to one of the free draft versions, it's of course properly documented there too. Neither shows up in the first 50 google results, naturally.

And, of course, by google result 9, we're back to square one - incorrectly defining the behavior as being "returning 0": https://en.wikibooks.org/wiki/C_Programming/stdlib.h/atoi

12. MaulingMonkey ◴[27 Jul 17 03:52 UTC] No.14862571{4}[source]
There's likely to be a government mandated recall if your car "spontaneously" explodes - some designs are so poor they fail to meet entirely reasonably regulatory standards. Burying the lede in the fine print is not a get out of jail free card for obvious reasons.
13. _pmf_ ◴[27 Jul 17 08:24 UTC] No.14863535[source]
> That analogy sounded better in my head than written down.

Probably, because it's really bad.

14. moocowtruck ◴[27 Jul 17 12:48 UTC] No.14864749[source]
Tools exist that find this error in C code, more to blame the company that didn't use those tools and released code this important. Blaming the language solely... not sure it's productive. If the gun went off in my holster WITH the safety on then I'd blame the manufacturer. Same goes with using the right tools with C, if all steps were taken to do the right thing then I can say we should blame C. But there's not any information here on how broadcom developers their code internally.
replies(1): >>14865601 #
15. philipodonnell ◴[27 Jul 17 14:29 UTC] No.14865601[source]
Its really hard to find an objective line in these things. Your 'tools exist to find this so they should buy them' is someone else's 'good developers should know this so hire good developers' or 'customers should know to be careful so its their fault' or 'Other languages are better about array length checking so they should use them'.
16. vsl ◴[28 Jul 17 07:23 UTC] No.14872582[source]
> that keeps going off

If the C language (not even a compiler, the language) somehow magically inserted bad code or rewrote your good code to be buggy on its own, you'd have a point.