SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 9

changes.mady.by.user Jeffrey Gennari

Saved on

compared with

New Version 10

changes.mady.by.user Jeffrey Gennari

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFcccc
...
char *new_secret;
size_t size = strlen(secret);
if (size == SIZE_MAX || size == 0) {
  /* Handle Error */
}

new_secret = malloc(size+1); /* allocate space + NULL Terminator */
if (!new_secret) {
  /* Handle Error */
}
strcpy(new_secret, secret);

/* Process new_secret... */

free(new_secret);
...

Compliant Solution 1

To prevent information leakage, dynamic memory containing sensitive information should be sanitized before it is marked for deallocation. Below, this is done by filling the allocated space with '\0' characters.

Code Block
bgColor#ccccff


...
char *new_secret;
size_t size = strlen(secret);
if (size == SIZE_MAX || size == 0) {
  /* Handle Error */
}

new_secret = malloc(size+1); /* allocate space + NULL Terminator */
if (!new_secret) {
  /* Handle Error */
}
strcpy(new_secret, secret);

/* Process new_secret... */

memset(new_secret,'\0',size); /* sanitize memory  */
free(new_secret);
...

...