...
| Code Block | ||
|---|---|---|
| ||
...
char *new_secret;
size_t size = strlen(secret);
if (size == SIZE_MAX) {
/* Handle Error */
}
new_secret = malloc(size+1);
if (!new_secret) {
/* Handle Error */
}
strcpy(new_secret, secret);
/* Process new_secret... */
free(new_secret);
...
|
Compliant Solution 1
| Wiki Markup |
|---|
To prevent information leakage, dynamic memory containing sensitive information should be sanitized before it is marked for deallocation. Below, this is done by filling the allocated space with {{'\0'}} characters. Note that {{calloc()}} is also used to zero-out newly allocated memory. Note that because {{sizeof(char)}} is guaranteed to be 1, this solution does not need to check for an integer overflow as a result of using {{calloc()}} \[[MEM37-C | MEM37-C. Ensure that size arguments to calloc() do not result in an integer overflow]\]. |
| Code Block | ||
|---|---|---|
| ||
...
char *new_secret;
size_t size = strlen(secret);
if (size == SIZE_MAX) {
/* Handle Error */
}
new_secret = calloc(size+1,sizeof(char)); /* use calloc() to zero-out allocated space */
if (!new_secret) {
/* Handle Error */
}
strcpy(new_secret, secret);
/* Process new_secret... */
memset(new_secret,'\0',size); /* sanitize memory */
free(new_secret);
...
|
...