Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
Using {{realloc()}} to resize dynamic memory may inadvertently expose sensitive information, or it may allow heap inspection as described in the _Fortify Taxonomy: Software Security Errors_ \[[Fortify 06|AA. References#FortifyBibliography#Fortify 06]\] and NIST's _Source Code Analysis Tool Functional Specification_ \[[Black 07|AA. References#BlackBibliography#Black 07]\]. When {{realloc()}} is called it may allocate a new, larger object, copy the contents of {{secret}} to this new object, {{free()}} the original object, and assign the newly allocated object to {{secret}}. However, the contents of the original object may remain in memory.

...

Wiki Markup
In practice, this type of [security flaw|BB. Definitions#security flaw] can expose sensitive information to unintended parties. The Sun tarball vulnerability discussed in _Secure Coding Principles & Practices: Designing and Implementing Secure Applications_ \[[Graf 03|AA. References#GrafBibliography#Graf 03]\] and Sun Security Bulletin #00122 \[[Sun|AA. References#SunBibliography#Sun]\] shows a violation of this recommendation, leading to sensitive data being leaked. Attackers may also be able to leverage this defect to retrieve sensitive information using techniques such as _heap inspection_.

...

Wiki Markup
\[[Black 07|AA. References#BlackBibliography#Black 07]\]
\[[Fortify 06|AA. References#FortifyBibliography#Fortify 06]\]
\[[Graff 03|AA. References#GrafBibliography#Graf 03]\]
\[[ISO/IEC 9899:1999|AA. References#ISOBibliography#ISO/IEC 9899-1999]\] Section 7.20.3, "Memory management functions"
\[[ISO/IEC PDTR 24772|AA. References#ISOBibliography#ISO/IEC PDTR 24772]\] "XZK Sensitive Information Uncleared Before Use"

Wiki Markup
\[[MITRE 07|AA. References#MITREBibliography#MITRE 07]\] [CWE ID 226|http://cwe.mitre.org/data/definitions/226.html], "Sensitive Information Uncleared Before Release," [CWE ID 244|http://cwe.mitre.org/data/definitions/244.html], and "Failure to Clear Heap Memory Before Release"

...