Sensitive data stored in reusable resources may be inadvertently leaked to a less privileged user or attacker if not properly cleared. Examples of reusable resources include
- dynamically Dynamically allocated memory
- statically Statically allocated memory
- automatically Automatically allocated (stack) memory
- memory Memory caches
- diskDisk
- disk Disk caches
The manner in which sensitive information can be properly cleared varies depending on the resource type and platform.
...
To prevent information leakage, dynamic memory containing sensitive information should be sanitized before being freed. This Sanitization is commonly accomplished by clearing the allocated space (that is, filling the space with '\0' characters).
...
A compliant program cannot rely on realloc() because it is not possible to clear the memory before the call. Instead, a custom function must be used that operates similarly to realloc() but sanitizes sensitive information as heap-based buffers are resized. Again, this sanitization is done by overwriting the space to be deallocated with '\0' characters.
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
Compass/ROSE |
|
| Could detect possible violations of this rule by first flagging any usage of | ||||||
| SV.USAGERULES.UNINTENDED_COPY |
| |||||||
| PRQA QA-C |
| warncall for realloc | Partially implemented |
...