Insecure compiler optimizations can occur leaving sensitive data (such as passwords or cryptographic keys) in memory.
Non Compliant Code Example 1
void getPassword() {
char pwd[64];
if( GetPassword(pwd, sizeof(pwd)) {
/* checking of password, secure operations, etc */
}
memset(pwd, 0, sizeof(pwd));
}
"code may be removed by the optimizer if it determines that doing so will not alter the behavior of the program."
Some compiler optimization modes may remove code sections if the optimizer determines that doing so will not alter the behavior of the program. In this example, this can cause the call to memset() (which the programmer had hoped would clear sensitive memory) to be removed because after the store to pwd, pwd is never accessed again. Check compiler documentation for information about this compiler specific behavior.
The only secure method of coping with this behavior is to disable removal of dead code in your compiler's optimizations settings, or reduce optimization level if fine grained tuning is unavailable. Check assembly code using a debugger to ensure proper behavior.
Risk Assessment
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
DRAFT |
2 (Medium) |
2 (Probable) |
2 (Medium) |
P8 |
L2 |