SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 88

changes.mady.by.user Svyatoslav Razmyslov

Saved on

compared with

New Version Current

changes.mady.by.user Valery

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

However, note that both calling functions and accessing volatile-qualified objects can still be optimized out (while maintaining strict conformance to the standard), so this compliant solution still might not work in some cases.  The memset_s() function introduced in C11 is the preferred solution (see the following solution for more information).  If memset_s() function is not yet available on your implementation, this compliant solution is the best alternative, and can be discarded once supported by your implementation.

Compliant Solution (C11)

The C Standard includes a memset_s function. Subclause K.3.7.4.1, paragraph 4 [ISO/IEC 9899:2011], states:

Unlike memset, any call to the memset_s function shall be evaluated strictly according to the rules of the abstract machine as described in (5.1.2.3). That is, any call to the memset_s function shall assume that the memory indicated by s and n may be accessible in the future and thus must contain the values indicated by c.

Code Block
bgColor#ccccff
langc
void getPassword(void) {
  char pwd[64];

  if (retrievePassword(pwd, sizeof(pwd))) {
     /* Checking of password, secure operations, etc. */
  }
  memset_s(pwd, 0, sizeof(pwd));
}

Noncompliant Code Example

...

Recommendation

Severity

Likelihood

Detectable

Remediation CostRepairable

Priority

Level

MSC06-C

Medium

Probable

Yes

YesMedium

P8P12

L2L1

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
BADFUNC.MEMSETUse of memset
LDRA tool suite
Include Page
LDRA_V
LDRA_V
35 S, 57 S, 8 D,
65 D, 76 D, 105 D,
I J, 3 J		Partially implemented
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-MSC06-aAvoid calls to memory-setting functions that can be optimized out by the compiler
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

586

Assistance provided

PVS-Studio6.22

Include Page
PVS-Studio_V
PVS-Studio_V

V597, V712, V1001

Related Guidelines

SEI CERT C++ Coding StandardVOID MSC06-CPP. Be aware of compiler optimization when dealing with sensitive data
CERT Oracle Secure Coding Standard for JavaMSC01-J. Do not use an empty infinite loop
MITRE CWECWE-14, Compiler removal of code to clear buffers

...

"Safe Clearing of Private Data
[ISO/IEC 9899:2011]Subclause 6.8.5, "Iteration Statements"
Subclause K.3.7.4.1, "The memset_s Function"
[MSDN]"SecureZeroMemory"
"Optimize (C/C++)"

[PVS-Studio]

"Safe Clearing of Private Data"
[US-CERT]"MEMSET"
[Wheeler 2003]Section 11.4, "Specially Protect Secrets (Passwords and Keys) in User Memory"

[Fomichev 2016]

"


...