SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user Joe Damato

Saved on

compared with

New Version 4

changes.mady.by.user Joe Damato

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
void getPassword() {
	char pwd[64];
	if(GetPassword(pwd, sizeof(pwd)) {
		/*checking of password, secure operations, etc */
	} 
	memset(pwd, 0, sizeof(pwd));
	*(volatile char*)buffer = *(volatile char*)buffer;
} 

 This compliant solution accesses the buffer again after the call to memset and should cause most compilers not to optimize out the call to memset. Check compilter documentation to guarantee this behavior for a specific platform.

Compliant Code Example 2 (Windows)

Code Block
 void void getPassword() {
	char pwd[64];
	if(GetPassword(pwd, sizeof(pwd)) {
		/* checking of password, secure operations, etc */
	}
	SecureZeroMemory(pwd, sizeof(pwd));
} 

This compliant solution uses a SecureZeroMemory() function provided by many version of the Microsoft Visual Studio compiler. The documentation for the SecureZeroMemory() function garauntees that the compiler will not optimize out this call when zeroing memory.

Compliant Code Example 3 (Windows)

Code Block
 void void getPassword() {
	char pwd[64];
	if(GetPassword(pwd, sizeof(pwd)) {
		/* checking of password, secure operations, etc */
	}
	#pragma optimize("", off)
	memset(pwd, 0, sizeof(pwd));
	 #pragma #pragma optimize("", on)
} 

The #pragma directives here instructs the compiler to avoid optimizing the enclosed code. This #pragma directive is support on some versions of Microsoft Visual Studio, and may be supported on other compilers. Check compiler documentation to ensure its availability and its optimization garauntees.

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRAFT

2 (Medium)

2 (Probable)

2 (Medium) 

P8

L2

References