←back to thread

Remotely Compromising Android and iOS via a bug in Broadcom's WI-FI Chipsets

(blog.exodusintel.com)
387 points pedro84 | 1 comments | 26 Jul 17 19:51 UTC | HN request time: 0s | source
Show context
Animats ◴[26 Jul 17 22:28 UTC] No.14860964[source]
C's lack of array size info strikes again:

    memcpy(current_wmm_ie, ie->data, ie->len);
where "ie" points to data obtained from the net.
replies(2): >>14861129 #>>14861284 #
corndoge ◴[26 Jul 17 23:23 UTC] No.14861284[source]
Programmer's mistake for not validating data, not the fault of C language mechanics. Yes it would be easier if <hll features>, still gotta be careful. I've made plenty of these mistakes but never blamed the language.
replies(5): >>14861427 #>>14861944 #>>14861961 #>>14866096 #>>14871609 #
orf ◴[26 Jul 17 23:48 UTC] No.14861427[source]
If a manufacturer makes and sells a gun that keeps going off in people's holsters and shooting people in the foot, the answer is not to say "it's the user's fault for not using it properly. I've shot myself in the foot hundreds of times and I don't blame the manufacturer".

Or something. That analogy sounded better in my head than written down. The point is that IMO the blame lies squarely with the C language: it's a language that's used in a lot of complex parsing code and provides pretty much nothing to help with this, and if anything actually puts roadblocks in the way.

replies(4): >>14861447 #>>14863535 #>>14864749 #>>14872582 #
corndoge ◴[26 Jul 17 23:51 UTC] No.14861447[source]
I shot myself in the foot yet I don't blame the manufacturer for not putting a safety on the gun since I'm the one that bought it with full knowledge of the caveats
replies(4): >>14861489 #>>14861731 #>>14861881 #>>14861917 #
sbierwagen ◴[27 Jul 17 01:16 UTC] No.14861881[source]
You consented to it, sure. This bug affected millions of phones. It's more like a car manufacturer decided to put a particular explode-y gas tank in a car, because it provided greater performance.
replies(1): >>14862378 #
corndoge ◴[27 Jul 17 03:04 UTC] No.14862378{3}[source]
and they put a note in the manual that says "if you drive over 70mph on a hot day it will definitely explode so don't do that"

so if you buy that car and you do that, it's your fault regardless of how poor the car design is

replies(1): >>14862571 #
1. MaulingMonkey ◴[27 Jul 17 03:52 UTC] No.14862571{4}[source]
There's likely to be a government mandated recall if your car "spontaneously" explodes - some designs are so poor they fail to meet entirely reasonably regulatory standards. Burying the lede in the fine print is not a get out of jail free card for obvious reasons.