Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[swss] Replace memset functions #2423

Merged
merged 4 commits into from
Sep 14, 2022
Merged

[swss] Replace memset functions #2423

merged 4 commits into from
Sep 14, 2022

Conversation

maipbui
Copy link
Contributor

@maipbui maipbui commented Aug 22, 2022
edited
Loading

Signed-off-by: maipbui maibui@microsoft.com

What I did
Replace memset() by memset_s()
Why I did it
memset() is an insecure function that can cause buffer overflow.
memset() may not be called by the compiler. Due to compiler optimization: an optimizing compiler, which identifies and removes the function that overwrites the contents as a dead store because the memory is not used subsequently. If sensitive data is in memory, it's dangerous if compiler optimization happens.
Ref:
https://cwe.mitre.org/data/definitions/14.html
https://registry.semgrep.dev/rule/c.lang.security.insecure-use-memset.insecure-use-memset
How I verified it

Details if related

@maipbui maipbui requested a review from qiluo-msft August 22, 2022 19:47
@maipbui
Replace memset by zero initialization
3f855b7 
Signed-off-by: maipbui <maibui@microsoft.com>
@maipbui
Fix compile
d507d0a 
Signed-off-by: maipbui <maibui@microsoft.com>
@maipbui
Fix compile and replace more memset
a626cd4 
Signed-off-by: maipbui <maibui@microsoft.com>
@maipbui
Remove 0
1ac29f3 
Signed-off-by: maipbui <maibui@microsoft.com>
@maipbui maipbui marked this pull request as ready for review September 14, 2022 13:38
@maipbui maipbui merged commit 05c5c2f into sonic-net:master Sep 14, 2022
@maipbui maipbui deleted the swss_replace_memset branch September 14, 2022 13:41
@DavidZagury DavidZagury mentioned this pull request Sep 14, 2022
Closed
7 tasks
@dprital dprital mentioned this pull request Sep 19, 2022
Closed
7 tasks
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@qiluo-msft qiluo-msft qiluo-msft approved these changes

@prsunny prsunny prsunny approved these changes

Assignees
No one assigned
Labels
Static Code Analysis
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@maipbui @qiluo-msft @prsunny