If an attacker can overwrite memory containing function pointers, they may be able to execute arbitrary code. To mitigate the effects of such attacks, pointers to functions can be encrypted at runtime on the basis of some characteristics of the execution process so that only a running process will be able to decode them. This is only required for stored function pointers stored to writable memory, including the stack. The Microsoft SDL [Microsoft 2012] recommends encoding long-lived pointers in your code.
Noncompliant Code Example
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
WIN04-C | highHigh | unlikelyUnlikely | lowLow | P9 | L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ Secure Coding Standard | VOID MSC16-CPP. Consider encrypting function pointers |
| MITRE CWE | CWE-311, Missing encryption of sensitive data CWE-319, Cleartext Transmission of Sensitive Information |
Bibliography
| [MSDN] | EncodePointer()DecodePointer() |
Microsoft Corporation 2012 | Microsoft Security Development Lifecycle (SDL) – version 5.2Phase 3: Implementation |
...