...
| Code Block | ||
|---|---|---|
| ||
int main(int argc, char *argv[]) {
char *buff;
buff = malloc(BUFSIZE);
if (!buff) {
/* handle error condition */
}
...
strncpy(buff, argv[1], BUFSIZE-1);
...
free(buff);
}
|
...
Risk Assessment
Reading memory that has already been freed can lead to abnormal program termination and denial-of-service attacks. Writing memory that has already been freed can lead to the execution of arbitrary code with the permissions of the vulnerable process.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level | |
|---|---|---|---|---|---|---|
MEM30-C | ||||||
Component | Value | |||||
Severity | 3 (high) | Likelihood | 3 (likely) Remediation cost | 2 (medium) | P18 | L1 |
References
- ISO/IEC 9899-1999 Section 7.20.3.2, The free function
- Seacord 05 Chapter 4, Dynamic Memory Management
- Kerrighan 88 Section 7.8.5, Storage Management
- OWASP, Using freed memory http://www.owasp.org/index.php/Using_freed_memory
- Viega 05 Section 5.2.19 Using freed memory