Pascal & everyone,
Here is the recommendation we wrote for this rule for the C programming
language:
MEM03-A.
Clear sensitive information stored in reusable resources returned for
reuse
Besides the neat use if alliteration, we list the following examples of
reusable resources:
- dynamically allocated memory
- statically allocated memory
- automatically allocated (stack) memory
- memory caches
- disk
- disk caches
thanks,
rCs
ljknews wrote:
At 3:08 PM -0400 7/3/08, koo wrote:
We suggest that CWE #244, Failure to Clear Heap Memory Before Release,
It seems to me that it would be sufficient for the operating
system to clear the memory before reallocation to a process.
Why be concerned about the state when no process can access
it ?
Can you, or should you, as the paranoid secure programmer of an
application, trust the OS to do wipe heap memory before it passes the
memory on to another process or even uses it itself?
Is there a separate item for clearing stack memory ? That
would seem vulnerable in the same way
There probably should be one, c.f. GCC Mudflap Pointer Debugging, the
-wipe-stack option at http://gcc.gnu.org/wiki/Mudflap_Pointer_Debugging
Koo's suggestion makes sense to me (moving 244).
Cheers,
Pascal
--
Robert C. Seacord
Senior Vulnerability Analyst
CERT/CC
Work: 412-268-7608
FAX: 412-268-6989
