Secure error handling

Lesson

Three rules:

1. Check every return value of a function that can fail. malloc, read, open, every syscall.
2. Fail closed: on error, deny access / drop the request — never plough through with partial data.
3. Don't leak internals: error messages to remote users should be terse. Detailed errors go to your log file.

A surprising amount of CVEs trace to "tested only the success path".