SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 27

changes.mady.by.user Jeffrey Gennari

Saved on

compared with

New Version 28

changes.mady.by.user Jeffrey Gennari

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFcccc
...
char *new_secret;
size_t size = strlen(secret);
if (size == SIZE_MAX) {
  /* Handle Error */
}

new_secret = malloc(size+1); /* allocate space + NULL Terminatoruse calloc() to zero-out allocated space */
if (!new_secret) {
  /* Handle Error */
}
strcpy(new_secret, secret);

/* Process new_secret... */

free(new_secret);
...

...

Code Block
bgColor#ccccff
...
char *new_secret;
size_t size = strlen(secret);
if (size == SIZE_MAX) {
  /* Handle Error */
}

new_secret = calloc(size+1,sizeof(char)); /* use allocatecalloc() spaceto +zero-out NULLallocated Terminatorspace */
if (!new_secret) {
  /* Handle Error */
}
strcpy(new_secret, secret);

/* Process new_secret... */

memset(new_secret,'\0',size); /* sanitize memory  */
free(new_secret);
...

...

Code Block
bgColor#ccccff
...
temp_buff = calloc(new_size,sizeof(char));            
if (temp_buff == NULL) {
 /* Handle Error */
}
memcpy(temp_buff, buffer, buffer_size);
memset(buffer,'\0',buffer_size);         /* sanitize the buffer */
free(buffer);                            /* free old space */

buffer = temp_buff;                      /* install the resized buffer */ 
temp_buff = 0;                              
...

Risk Assessment

Failure to clear dynamic memory can result in leaked information.

...