...
This compliant solution guarantees, via the volatile type qualifier, that memory is actually overwritten and the compiler will not optimize out the call to the memset_s() function. Unfortunately, this compliant solution may not be as efficient as possible due to the nature of the volatile type qualifier preventing the compiler from optimizing the code at all. Typically, some compilers are smart enough to replace calls to memset() with equivalent assembly instructions which are much more efficient then the memset() implementation. Implementing a memset_s() function as below may prevent the compiler from using the optimal assembly instructions and may result in less efficient code. Check compiler documentation and the assembly output from the compiler.
| Code Block |
|---|
void \*memset_s(void \*v, int c, size_t n) { volatile char \*p = v; while(n--) \ *p+\+ = c; return v; } void getPassword() { char pwd\[64\]; if(GetPassword(pwd, sizeof(pwd))) { /*checking of password, secure operations, etc \*/ } } pwd = memset_s(pwd, 0, sizeof(pwd)); } |
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DRAFT | 2 (Medium) | 2 (Probable) | 2 (Medium) | P8 | L2 |
...