Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Null out after free

...

Code Block
bgColor#ccccff
int main(int argc, const char *argv[]) {
  char *buff;

  buff = (char *)malloc(BUFSIZE);
  if (!buff) {
     /* handle error condition */
  }
  /* ... */
  strncpy(buff, argv[1], BUFSIZE-1);
  /* ... */
  free(buff);
  buff = NULL;

}

Risk Assessment

Reading memory that has already been freed can lead to abnormal program termination and denial-of-service attacks. Writing memory that has already been freed can lead to the execution of arbitrary code with the permissions of the vulnerable process.

...