...
Correcting this example requires the programmer to write a custom routine that operates similar to realloc(), but sanitizes sensitive information as heap-based buffers are resized. Again, this is done by overwriting the space to be deallocated with '\0' characters.
| Code Block | ||
|---|---|---|
| ||
...
temp_buff = calloc(new_size,sizeof(char)); /* use calloc() to zero-out allocated space */
if (temp_buff == NULL) {
/* Handle Error */
}
if (secret_size > new_size) /* may lead to truncation */
secret_size = new_size;
memcpy(temp_buff, secret, secret_size);
memset(secret, '\0', secret_size); /* sanitize the buffer */
free(secret);
secret = temp_buff; /* install the resized buffer */
temp_buff = NULL;
...
|
...