SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 20

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 21

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider (sch jbop) (X_X)@==(Q_Q)@

...

Code Block
bgColor#ccccff
void getPassword() {
  char pwd[64];
  if (retrievePassword(pwd, sizeof(pwd))) {
    /* checking of password, secure operations, etc */
  }
  SecureZeroMemory(pwd, sizeof(pwd));
}

...

Code Block
bgColor#ccccff
void getPassword() {
  char pwd[64];
  if (retrievePassword(pwd, sizeof(pwd))) {
    /* checking of password, secure operations, etc */
  }
#pragma optimize("", off)
  memset(pwd, 0, sizeof(pwd));
#pragma optimize("", on)
}

...

Code Block
bgColor#ccccff

// memset_s.c
void *memset_s(void \*v, int c, size_t n) {
  volatile char *p = v;
  while (n--)
    *p++ = c;

  return v;
}

// getPassword.c
extern void *memset_s(void *v, int c, size_t n);

void getPassword() {
  char pwd[64];
  if (retrievePassword(pwd, sizeof(pwd))) {
     /*checking of password, secure operations, etc \*/
  }
  pwd = memset_s(pwd, 0, sizeof(pwd));
}

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC06-A

2 (medium)

2 (probable)

2 (medium)

P8

L2

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.7.3, "Type qualifiers"
\[[US-CERT|https://buildsecurityin.us-cert.gov/daisy/bsi-rules/home/g1/771.html]\], "MEMSET"
\[[MSDN|http://msdn2.microsoft.com/en-us/library/aa366877.aspx]\], "SecureZeroMemory"
\[[MSDN|http://msdn2.microsoft.com/en-us/library/chh3fb0k(VS.80).aspx]\], "Optimize (C/C++)"
\[[Wheeler|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/protect-secrets.html]\], "Secure Programming for Linux and Unix HOWTO". Section 11.4.