...
| Code Block |
|---|
#define MIN_SIZE_ALLOWED 10
void func2(int *list, size_t list_size) {
if (size < MIN_SIZE_ALLOWED) {
/* Handle Error Condition */
return;
}
/* Process list */
}
void func1 (size_t number) {
int *list = malloc (number * sizeof(int));
if (list == NULL) {
/* Handle Allocation Error */
}
func2(list,number);
/* Continue Processing list */
free(list);
}
|
...
Risk Assessment
The mismanagement of memory can lead to freeing memory multiple times or writing to already freed memory. Both of these problems can result in an attacker executing arbitrary code with the permissions of the vulnerable process. Memory management errors can also lead to resource depletion and denial-of-service attacks.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level | |
|---|---|---|---|---|---|---|
MEM00-A | ||||||
Component | Value | |||||
Severity | 3 (high) | Likelihood | 2 (probable) Remediation cost | 1 (high) | P6 | L2 |
References
- ISO/IEC 9899-1999 Section 7.20.3 Memory Management Functions
- Seacord 05 Chapter 4. Dynamic Memory Management
- Consistent Memory Management Conventions, Dan Plakosh
- MIT Kerberos 5 Security Advisory 2004-002