Shulou(Shulou.com)05/31 Report--

Today, I will introduce to you what is the harm of the second release of C language source code. The content of the article is good. Now I would like to share it with you. Friends who feel in need can understand it. I hope it will be helpful to you. Let's read it along with the editor's ideas.

1. Secondary release

The simple understanding of secondary release is that the memory pointed to by the same pointer is released twice. For C language source code, two free () operations on the same pointer may lead to secondary release. The defect code in Chapter 3.1 of this article describes this kind of situation. In C++ language, improper operation of shallow copy is one of the common reasons for secondary release. For example, a call to the assignment operator or a copy constructor will cause the data members of both objects to point to the same dynamic memory. At this point, the reference counting mechanism becomes very important. When the reference count is incorrect and an object is out of scope, the destructor will release the memory shared by the two objects. The corresponding data member in another object will point to the address of the memory that has been freed, and when the object is also out of scope, its destructor tries to free the memory again, causing a secondary release problem. See CWE ID 415: Double Free for details.

2. The harm of secondary release

The second release of memory may lead to problems such as application crash, denial of service attacks, and so on, which is one of the common vulnerabilities in Cpassword +. From January to November 2018, there were 38 vulnerability information related to CVE. Some of the vulnerabilities are as follows:

CVE numbering Overview CVE-2018-there is a secondary release vulnerability in the 'defaultaddmessage' function of the read-catalog.c file in version 0.19.8 of 18751GNU gettext. A security vulnerability exists in the WavFileBase class of WavFile.cpp files in version 2.0 of CVE-2018-17097Olli Parviainen SoundTouch, which can be exploited by remote attackers to cause a denial of service (secondary release). There is a secondary release vulnerability in the 'scpkcs15emuschsminit' function of libopensc/pkcs15-sc-hsm.c files in previous versions of CVE-2018-16425OpenSC 0.19.0-rc1. An attacker can use a specially crafted smart card to exploit this vulnerability to cause a denial of service (application crash). There is a security issue with the libelf/elf_end.c file in version 0.173 of CVE-2018-16402elfutils, which can be exploited by remote attackers to cause a denial of service (secondary release and application crash). 3. Sample code

The example is derived from Samate Juliet Test Suite for Cinning + v1.3 (https://samate.nist.gov/SARD/testsuite.php), source file name: CWE415_Double_Free__malloc_free_char_17.c.

3.1 defect code

In the sample code above, malloc () is used for memory allocation on line 32, and free () is used to free the allocated memory on line 36. In line 38 of the for loop statement, the data of the memory that has been freed is freed again, resulting in a second release problem.

Using the 360 Code Guardian to detect the above sample code, you can detect a "secondary release" defect with a display level of medium. As shown in figure 1:

Figure 1: example of secondary release detection

3.2 fix the code

In the above fix code, Samate gives a fix by allocating memory with malloc () on line 32 and releasing memory with free () at line 36 without freeing the memory.

Using 360 Code Guardian to detect the repaired code, you can see that there is no "second release" defect. Figure 2:

Figure 2: test results after repair

4. How to avoid the second release

To avoid secondary release, you need to pay attention to the following points:

(1) the wild pointer is one of the important reasons leading to the second release and the use after the release. The effective way to eliminate the wild pointer is to set it to NULL or point to another legal object immediately after releasing the pointer.

(2) for the secondary release problem caused by the shallow copy of C++, always performing a deep copy is a good solution.

(3) the second release problem that may exist in the program can be found automatically by using the source code static analysis tool.

The above is the whole content of what is the harm of the second release of C language source code, and more content related to the harm of the second release of C language source code can be searched for previous articles or browse the following articles to learn ha! I believe the editor will add more knowledge to you. I hope you can support it!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.