...
| Code Block |
|---|
void getPassword() {
char pwd[64];
if ( GetPassword(pwd, sizeof(pwd)) {
/* checking of password, secure operations, etc */
}
memset(pwd, 0, sizeof(pwd));
}
|
...
| Code Block |
|---|
void getPassword() {
char pwd[64];
if (GetPassword(pwd, sizeof(pwd)) {
/*checking of password, secure operations, etc */
}
memset(pwd, 0, sizeof(pwd));
*(volatile char*)pwd= *(volatile char*)pwd;
}
|
...
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DRAFT | 2 (Medium) | 2 (Probable) | 2 (Medium) | P8 | L2 |
References
https://buildsecurityin.us-cert.gov/daisy/bsi-rules/home/g1/771.html
http://msdn2.microsoft.com/en-us/library/aa366877.aspx
http://msdn2.microsoft.com/en-us/library/chh3fb0k(VS.80).aspx
David Wheeler
C99