...
Failing to follow this recommendation has led to real-world vulnerabilities. For example, freeing memory in different modules resulted in a vulnerability in MIT Kerberos 5 MITKRB5-SA-2004-002 . The MIT Kerberos 5 code in this case contained error-handling logic, which freed memory allocated by the ASN.1 decoders if pointers to the allocated memory were non-nullNULL. However, if a detectable error occured, the ASN.1 decoders freed the memory that they had allocated. When some library functions received errors from the ASN.1 decoders, they also attempted to free, resulting in a double-free vulnerability.
...
| Code Block | ||
|---|---|---|
| ||
int verify_size(char const char *list, size_t size) { if (size < MIN_SIZE_ALLOWED) { /* Handle Error Condition */ return -1; } return 0; } void process_list(size_t number) { char *list = (char *)malloc(number); if (list == NULL) { /* Handle Allocation Error */ } if (verify_size(list, number) == -1) { free(list); return; } /* Continue Processing list */ free(list); } |
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level | |
|---|---|---|---|---|---|---|
MEM00-A | High | Probable | Medium | P12 | P??? | L??? L1 |
Automated Detection
The LDRA tool suite V 7.6.0 is able to detect violations of this recommendation.
...