Page History

...

Code Block

bgColor	#FFcccc
lang	c

char *secret;
const size_t SECRET_MAX = /* ... */
/* Initialize secret to a null-terminated byte string, 
   of less than SECRETSIZE_MAX chars */

size_t size = strlen(secret);
if (size >= SECRET_MAX) {

  /* Handle error */
}

char *new_secret;
new_secret = (char *)malloc(size+1);
if (!new_secret) {
  /* Handle error */
}
strcpy(new_secret, secret);

/* Process new_secret... */

free(new_secret);
new_secret = NULL;

...

Code Block

bgColor	#ccccff
lang	c

harchar *secret;

const size_t SECRET_MAX = /* ... */
/* Initialize secret to a null-terminated byte string, 
   of less than SECRETSIZE_MAX chars */

size_t size = strlen(secret);
if (size >= SECRET_MAX) {
  /* Handle error */
}

char *new_secret;
/* Use calloc() to zero-out allocated space */
new_secret = (char *)calloc(size+1, sizeof(char));
if (!new_secret) {
  /* Handle error */
}
strcpy(new_secret, secret);

/* Process new_secret... */

/* Sanitize memory  */
memset_s(new_secret, '\0', size);
free(new_secret);
new_secret = NULL;

...

Recommendation	Severity	Likelihood	Detectable	RepairableRemediation Cost	Priority	Level
MEM03-C	Medium	Unlikely	No	HighYes	P2P4	L3

Automated Detection

R2016aPartially

Tool

Version

Checker

Description

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

(customization)

Users can add a custom check for use of realloc().

Compass/ROSE

Could detect possible violations of this rule by first flagging any usage of realloc(). Also, it could flag any usage of free that is not preceded by code to clear out the preceding memory, using memset. This heuristic is imperfect because it flags all possible data leaks, not just leaks of "sensitive" data, because ROSE cannot tell which data is sensitive

Helix QAC

Include Page