October 31, 2017

Memory Management

Memory Management

  • Utilize input and output control for un-trusted data.
  • Double check that the buffer is as large as specified.
  • When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.
  • Check buffer boundaries if calling the function in a loop and make sure there is no danger of writing past the allocated space.
  • Truncate all input strings to a reasonable length before passing them to the copy and concatenation functions.
  • Specifically close resources, don’t rely on garbage collection. (e.g., connection objects, file handles, etc.).
  • Use non-executable stacks when available.
  • Avoid the use of known vulnerable functions (e.g., printf, strcat, strcpy etc.).
  • Properly free allocated memory upon the completion of functions and at all exit points.