...
| Code Block | ||||
|---|---|---|---|---|
| ||||
char *cur_msg = NULL;
size_t cur_msg_size = 1024;
/* ... */
void lessen_memory_usage(void) {
char *temp;
size_t temp_size;
/* ... */
if (cur_msg != NULL) {
temp_size = cur_msg_size/2 + 1;
temp = realloc(cur_msg, temp_size);
if (temp == NULL) {
/* Handle error condition */
}
cur_msg = temp;
cur_msg_size = temp_size;
/* ensure string is null-terminated */
cur_msg[cur_msg_size - 1] = '\0';
}
}
/* ... */
|
Risk Assessment
Failure to properly null-terminate strings can result in buffer overflows and the execution of arbitrary code with the permissions of the vulnerable process. Null-termination errors can also result in unintended information disclosure.
...
MITRE CWE: CWE-170, "Improper null termination"
ISO/IEC TR 17961 (Draft) Passing a non-null-terminated character sequence to a library function that expects a string [strmod]
Bibliography
[Schwarz 2005]
[Seacord 2005a] Chapter 2, "Strings"
[Viega 2005] Section 5.2.14, "Miscalculated NULL termination"
...