Insecure compiler optimizations can occur leaving sensitive data (such as passwords or cryptographic keys) in memory.
Non Compliant Code Example 1
void getPassword() {
char pwd[64];
if( GetPassword(pwd, sizeof(pwd)) {
/* checking of password, secure operations, etc */
}
memset(pwd, 0, sizeof(pwd));
}
Compilers with optimization modes which remove dead code may cause the call to memset() (which the programmer had hoped would clear sensitive memory) to be removed because after the store to pwd, pwd is never accessed again. GCC refers to this behavior as dead code elimination and similar constructs may exist in other compilers. Check compiler documentation for information about this compiler specific behavior.
The only secure method of coping with this behavior is to disable removal of dead code in your compiler's optimizations settings, or reduce optimization level if fine grained tuning is unavailable. Check assembly code using a debugger to ensure proper behavior.
Risk Assessment
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
DRAFT |
2 (Medium) |
2 (Probable) |
2 (Medium) |
P8 |
L2 |