...
| Code Block | ||
|---|---|---|
| ||
char *secret;
secret = (char *)malloc(size+1);
if (!secret) {
/* Handle Error */
}
secret = create_secret();
/* Perform operations using secret... */
free(secret);
secret = NULL;
|
...
| Code Block | ||
|---|---|---|
| ||
#include <sys/resource.h>
/* ... */
struct rlimit limit;
char *secret;
limit.rlim_cur = 0;
limit.rlim_max = 0;
if (setrlimit(RLIMIT_CORE, &limit) != 0) {
/* Handle Error */
}
/* Create or otherwise obtain some sensitive data */
fgets(secret, sizeof(secret), stdin);
|
...
| Code Block | ||
|---|---|---|
| ||
#include <sys/resource.h>
/* ... */
struct rlimit limit;
char *secret;
limit.rlim_cur = 0;
limit.rlim_max = 0;
if (setrlimit(RLIMIT_CORE, &limit) != 0) {
/* Handle Error */
}
if (mlock(secret, sizeof(secret)) != 0) {
/* Handle error */
}
/* Create or otherwise obtain some sensitive data */
fgets(secret, sizeof(secret), stdin);
|
Compliant Solution (privileged process on Windows)
| Code Block | ||
|---|---|---|
| ||
char *secret;
if (VirtualLock(secret, sizeof(secret)) != 0) {
/* Handle error */
}
/* Create or otherwise obtain some sensitive data */
fgets(secret, sizeof(secret), stdin);
|
...