SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user Chad Dougherty

Saved on

compared with

New Version 4

changes.mady.by.user Alex Volkovitsky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The POSIX standard system calls call for controlling resource limits, setrlimit() and ulimit(){}, can be used to disable the creation of core dumps. This prevents an attacker with the ability to halt the program from gaining access to sensitive data that may be contained in the dump.

...

To prevent the information being written to a core dump, the size of core dumps that the program will generate should be set to 0. This can accomplished by using setrlimit() or ulimit().

Code Block
bgColor#ccccff
#include <resource.h>
/* ... */
struct rlimit limit;

limit.rlim_cur = 0;
limit.rlim_max = 0;
if(!setrlimit(RLIMIT_CORE, &limit)) {
    /* Handle Error */
}
/* ... */

char *secret;
size_t size = strlen(input);
if (size == SIZE_MAX) {
  /* Handle Error */
}

secret = malloc(size+1);
if (!secret) {
  /* Handle Error */
}
strcpy(secret, input);

/* Perform operations using secret... */

free(secret);
/* ... */

...