Actions
Bug #1693
closedsetTpmPassword undefined behavior
Description
Snippets from security/sec-tpm-osx.cpp:
// L259
memset(const_cast<char*>(m_impl->m_password.c_str()), 0, m_impl->m_password.size());
// L268
memset(const_cast<char*>(m_impl->m_password.c_str()), 0, m_impl->m_password.size());
Snippets from security/sec-tpm.hpp:
// L310-311
char* pw1 = const_cast<char*>(password1.c_str());
memset(pw1, 0, password1.size());
// L320-322
char* pw1 = const_cast<char*>(password1.c_str());
memset(pw1, 0, password1.size());
C++ reference states:
Writing to the character array accessed through c_str() is undefined behavior.
Therefore, these code results in undefined behavior.
To fix this issue: memset
shall be replaced with std::fill
.
Actions