Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SECStatus HMAC_Init(....)
- {
- unsigned char hashed_secret[HASH_LENGTH_MAX];
- ....
- loser:
- PORT_Memset(hashed_secret, 0, sizeof hashed_secret);
- if (cx->hash != NULL)
- cx->hashobj->destroy(cx->hash, PR_TRUE);
- return SECFailure;
- }
- This suspicious code was found in NSS project by PVS-Studio static code analyzer.
- Warning message is:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'hashed_secret' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. alghmac.c 87
- PVS-Studio is a static analyzer for detecting bugs in the source code of applications written in C, C++, C++11, C++/CX. Site: http://www.viva64.com/en/pvs-studio/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement