...
Wiki Markup |
---|
Using {{realloc()}} to resize dynamic memory may inadvertently expose sensitive information, or it may allow heap inspection as described in the _Fortify Taxonomy: Software Security Errors_ \[[Fortify 06|AA. References#FortifyBibliography#Fortify 06]\] and NIST's _Source Code Analysis Tool Functional Specification_ \[[Black 07|AA. References#BlackBibliography#Black 07]\]. When {{realloc()}} is called it may allocate a new, larger object, copy the contents of {{secret}} to this new object, {{free()}} the original object, and assign the newly allocated object to {{secret}}. However, the contents of the original object may remain in memory. |
...
Wiki Markup |
---|
In practice, this type of [security flaw|BB. Definitions#security flaw] can expose sensitive information to unintended parties. The Sun tarball vulnerability discussed in _Secure Coding Principles & Practices: Designing and Implementing Secure Applications_ \[[Graf 03|AA. References#GrafBibliography#Graf 03]\] and Sun Security Bulletin #00122 \[[Sun|AA. References#SunBibliography#Sun]\] shows a violation of this recommendation, leading to sensitive data being leaked. Attackers may also be able to leverage this defect to retrieve sensitive information using techniques such as _heap inspection_. |
...
Wiki Markup |
---|
\[[Black 07|AA. References#BlackBibliography#Black 07]\] \[[Fortify 06|AA. References#FortifyBibliography#Fortify 06]\] \[[Graff 03|AA. References#GrafBibliography#Graf 03]\] \[[ISO/IEC 9899:1999|AA. References#ISOBibliography#ISO/IEC 9899-1999]\] Section 7.20.3, "Memory management functions" \[[ISO/IEC PDTR 24772|AA. References#ISOBibliography#ISO/IEC PDTR 24772]\] "XZK Sensitive Information Uncleared Before Use" |
Wiki Markup |
---|
\[[MITRE 07|AA. References#MITREBibliography#MITRE 07]\] [CWE ID 226|http://cwe.mitre.org/data/definitions/226.html], "Sensitive Information Uncleared Before Release," [CWE ID 244|http://cwe.mitre.org/data/definitions/244.html], and "Failure to Clear Heap Memory Before Release" |
...