...
| Code Block |
|---|
#define MAX_ALLOCATION 1000
int main(int argc, char *argv[]) {
char *str = NULL;
size_t len;
if (argc == 2) {
len = strlen(argv[1])+1;
if (len > MAX_ALLOCATION) {
/* Handle Error */
}
str = malloc(len);
if (str == NULL) {
/* Handle Allocation Error */
}
strcpy(str, argv[1]);
}
else {
printf("usage: $>a.exe [string]\n");
return -1;
}
/* ... */
free(str);
return 0;
}
|
...
Risk Assessment
Freeing or reallocating memory that was not dynamically allocated could lead to abnormal termination and denial-of-service attacks.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level | |
|---|---|---|---|---|---|---|
MEM34-C | ||||||
Component | Value | |||||
Severity | 1 (high) | Likelihood | 3 (likely) Remediation cost | 2 (high) | P6 | L1 |
References
- ISO/IEC 9899-1999 7.20.3 Memory management functions
- Seacord 05 Chapter 4 Dynamic Memory Management