...
Code Block | ||||
---|---|---|---|---|
| ||||
char *secret; const size_t SECRET_MAX = /* ... */ /* Initialize secret to a null-terminated byte string, of less than SECRETSIZE_MAX chars */ size_t size = strlen(secret); char *new_secret; new_secret = (char *)malloc(size+1); if (!new_secret) { /* Handle error */ } strcpy(new_secret, secret); /* Process new_secret... */ free(new_secret); new_secret = NULL; |
...
Code Block | ||||
---|---|---|---|---|
| ||||
char *secret; const size_t SECRET_MAX = /* ... */ /* Initialize secret to a null-terminated byte string, of less than SECRETSIZE_MAX chars */ size_t size = strlen(secret); char *new_secret; /* Use calloc() to zero-out allocated space */ new_secret = (char *)calloc(size+1, sizeof(char)); if (!new_secret) { /* Handle error */ } strcpy(new_secret, secret); /* Process new_secret... */ /* Sanitize memory */ memset_s(new_secret, '\0', size); free(new_secret); new_secret = NULL; |
...
Tool | Version | Checker | Description | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
CodeSonar |
| (customization) | Users can add a custom check for use of realloc() . | ||||||||||||
Compass/ROSE | Could detect possible violations of this rule by first flagging any usage of | ||||||||||||||
Helix QAC |
| C5010 | |||||||||||||
LDRA tool suite |
| 44 S | Enhanced Enforcement | ||||||||||||
Parasoft C/C++test |
| CERT_C-MEM03-a | Sensitive data should be cleared before being deallocated | ||||||||||||
Polyspace Bug Finder |
|
| Checks for: R2016a
| Sensitive data not cleared or released by memory routine Variable in stack is not cleared and contains sensitive data | Rec. partially covered. | ||||||||||
PVS-Studio |
| V1072 | PRQA QA-C | ||||||||||||
Include Page | PRQA QA-C_v | PRQA QA-C_v | 5010 | Partially implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...