...
In this example, sensitive information generated by create_secret()
is stored in the dynamically allocated buffer, secret
, which is processed and eventually deallocated by a call to free()
. The memory page containing secret
could be swapped out to disk. If the program crashes before the call to free()
, the information stored in secret
may be stored in the core dump.
Code Block | ||
---|---|---|
| ||
/* ... */ char *secret; secret = (char *)malloc(size+1); if (!secret) { /* Handle Error */ } secret = create_secret(); /* Perform operations using secret... */ free(secret); /* ... */secret = NULL; |
Compliant Solution
To prevent the information being written to a core dump, the size of core dumps that the program will generate should be set to 0. This can accomplished by using setrlimit()
.
...