Project

General

Profile

Actions

Bug #1693

closed

setTpmPassword undefined behavior

Added by Junxiao Shi over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
06/22/2014
Due date:
% Done:

100%

Estimated time:

Description

Snippets from security/sec-tpm-osx.cpp:

// L259
memset(const_cast<char*>(m_impl->m_password.c_str()), 0, m_impl->m_password.size());

// L268
memset(const_cast<char*>(m_impl->m_password.c_str()), 0, m_impl->m_password.size());

Snippets from security/sec-tpm.hpp:

// L310-311
char* pw1 = const_cast<char*>(password1.c_str());
memset(pw1, 0, password1.size());

// L320-322
char* pw1 = const_cast<char*>(password1.c_str());
memset(pw1, 0, password1.size());

C++ reference states:

Writing to the character array accessed through c_str() is undefined behavior.

Therefore, these code results in undefined behavior.

To fix this issue: memset shall be replaced with std::fill.

Actions

Also available in: Atom PDF