Page History

...

Code Block

bgColor	#FFcccc
lang	c

char *secret;
const int SECRET_MAX = /* ... */
/* Initialize secret to a null-terminated byte string, 
   of less than SECRETSIZE_MAX chars */

size_t size = strlen(secret);
if (size >= SECRET_MAX) {

  /* Handle error */
}

char *new_secret;
new_secret = (char *)malloc(size+1);
if (!new_secret) {
  /* Handle error */
}
strcpy(new_secret, secret);

/* Process new_secret... */

free(new_secret);
new_secret = NULL;

...

Code Block

bgColor	#ccccff
lang	c

harchar *secret;

const int SECRET_MAX = /* ... */
/* Initialize secret to a null-terminated byte string, 
   of less than SECRETSIZE_MAX chars */

size_t size = strlen(secret);
if (size >= SECRET_MAX) {
  /* Handle error */
}

char *new_secret;
/* Use calloc() to zero-out allocated space */
new_secret = (char *)calloc(size+1, sizeof(char));
if (!new_secret) {
  /* Handle error */
}
strcpy(new_secret, secret);

/* Process new_secret... */

/* Sanitize memory  */
memset_s(new_secret, '\0', size);
free(new_secret);
new_secret = NULL;

...

Tool

Version

Checker

Description

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

(customization)

Users can add a custom check for use of realloc().

Compass/ROSE

Could detect possible violations of this rule by first flagging any usage of realloc(). Also, it could flag any usage of free that is not preceded by code to clear out the preceding memory, using memset. This heuristic is imperfect because it flags all possible data leaks, not just leaks of "sensitive" data, because ROSE cannot tell which data is sensitive

Helix QAC

Include Page