SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 19

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 20

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff

// memset_s.c
void *memset_s(void \*v, int c, size_t n) {
  volatile char *p = v;
  while(n--)
    *p++ = c;

  return v;
}

// getPassword.c
extern void *memset_s(void *v, int c, size_t n);

void getPassword() {
  char pwd[64];
  if(retrievePassword(pwd, sizeof(pwd))) {
     /*checking of password, secure operations, etc \*/
  }
  pwd = memset_s(pwd, 0, sizeof(pwd));
}

Risk Assessment

If the compiler optimizes out memory clearing code, an attacker could gain access to sensitive data.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC06-A

2 (medium)

2 (probable)

2 (medium)

P8

L2

...