[PATCH v3 15/50] net/ntnic: add hasher (HSH) flow module

Stephen Hemminger stephen at networkplumber.org
Wed Nov 13 19:09:25 CET 2024

Previous message (by thread): [PATCH v10] examples/ptp: replace terms master and slave
Next message (by thread): [RFC 0/5] Fix memset usage
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 10 Oct 2024 16:13:30 +0200
Serhii Iliushyk <sil-plv at napatech.com> wrote:

> +
> +void hsh_nthw_delete(struct hsh_nthw *p)
> +{
> +	if (p) {
> +		(void)memset(p, 0, sizeof(*p));
> +		free(p);
> +	}
> +}

This pattern of memset before free is repeated many times in ntnic and is problematic.
The compiler is free to remove the memset because the object p is now dead and is
common source of CVE's.

This flagged in the PVS studio bug report
	https://pvs-studio.com/en/blog/posts/cpp/1183/

In this case the info in hsh_nthw does not contain secrets and therefore
the memset should be removed.

For cases where the data structure does contain secrets, the function memset_s()
must be used.

Previous message (by thread): [PATCH v10] examples/ptp: replace terms master and slave
Next message (by thread): [RFC 0/5] Fix memset usage
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list