SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 62

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 63

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
In section 5.1.2.3 Program execution, the C99 standard \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] states that:

In the abstract machine, all expressions are evaluated as specified by the semantics. An actual implementation need not evaluate part of an expression if it can deduce that its value is not used and that no needed side effects are produced (including any caused by calling a function or accessing a volatile object).

...

However, note that both calling functions and accessing volatile qualified objects can still be optimized out (while maintaining strict conformance to the standard), so without a C1X conforming implementation, this compliant solution may still not work in some cases.

Compliant Solution (C1X)

...

C1X includes a {{memset_s}} function. According to the November 24, 2009 C1X Committee Draft \[Jones 09|AA. Bibliography#Jones 09]\]:2009]

Unlike memset, any call to the memset_s function shall be evaluated strictly according to the rules of the abstract machine as described in (5.1.2.3). That is, any call to the memset_s function shall assume that the memory indicated by s and n may be accessible in the future and thus must contain the values indicated by c.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : MSC06-CPP. Be aware of compiler optimization when dealing with sensitive data.

Bibliography

Wiki Markup
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.7.3, "Type qualifiers"
\[Jones 092009|AA. Bibliography#Jones 09]\] Section K.3.7.4.1, "The {{memset_s}} function"
\[[US-CERT|https://buildsecurityin.us-cert.gov/daisy/bsi-rules/home/g1/771.html]\] "MEMSET"
\[[MITRE 072007|AA. Bibliography#MITRE 07]\] [CWE ID 14|http://cwe.mitre.org/data/definitions/14.html], "Compiler Removal of Code to Clear Buffers"
\[[MSDN|AA. Bibliography#MSDN]\] "[SecureZeroMemory|http://msdn.microsoft.com/en-us/library/aa366877.aspx]"
\[[MSDN|AA. Bibliography#MSDN]\] "[Optimize (C/C++)|http://msdn.microsoft.com/en-us/library/chh3fb0k(VS.80).aspx]"
\[[Wheeler 032003|AA. Bibliography#Wheeler 03]\] [Section 11.4|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/protect-secrets.html], "Specially Protect Secrets (Passwords and Keys) in User Memory"

...