Examples of errors detected by the V597 diagnostic
V597. Compiler may delete 'memset' function call that is used to clear 'Foo' buffer. Use the RtlSecureZeroMemory() function to erase private data.
eMule Plus
V597 The compiler could delete the 'memset' function call, which is used to flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. emule md5sum.cpp 263
static void MD5Transform(UINT4 state[4],
unsigned char block[64])
{
UINT4 a = state[0], b = state[1], c = state[2],
d = state[3], x[16];
....
/* Zeroize sensitive information */
memset(x, 0, sizeof(x));
}
Crypto++
V597 The compiler could delete the 'memset' function call, which is used to flush 'kappa' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. cryptlib cast.cpp 293
void CAST256::Base::UncheckedSetKey(const byte *userKey,
unsigned int keylength, const NameValuePairs &)
{
AssertValidKeyLength(keylength);
word32 kappa[8];
....
memset(kappa, 0, sizeof(kappa));
}
Dolphin Emulator
V597 The compiler could delete the 'memset' function call, which is used to flush 'sum' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. Common md5.cpp 353
void md5_hmac_starts( md5_context *ctx, unsigned char *key,
int keylen )
{
....
memset( sum, 0, sizeof( sum ) );
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'tmpbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. Common md5.cpp 377
- V597 The compiler could delete the 'memset' function call, which is used to flush 'sum' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. Common sha1.cpp 387
- V597 The compiler could delete the 'memset' function call, which is used to flush 'tmpbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. Common sha1.cpp 411
UCSniff
V597 The compiler could delete the 'memset' function call, which is used to flush 'send_msg' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. http_handler.c 84
int request_http_corporate_url(char *directory_buf,
int message_id)
{
char send_msg[2048] = {'\0'};
....
memset(send_msg,'\0',sizeof(send_msg));
....
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'name_start_tag' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. directory_parser.c 941
Trans-Proteomic Pipeline
V597 The compiler could delete the 'memset' function call, which is used to flush 'finalcount' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. pwiz sha1.cpp 205
void CSHA1::Final()
{
UINT_8 finalcount[8];
....
memset(finalcount, 0, 8);
Transform(m_state, m_buffer);
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'finalcount' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. dta2mzXML sha1.cpp 252
- V597 The compiler could delete the 'memset' function call, which is used to flush 'finalcount' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. indexmzXML indexmzxmlsha1.cpp 225
CamStudio
V597 The compiler could delete the 'memset' function call, which is used to flush 'final' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. md5.c 342
char* crypt_md5(const char* pw, const char* salt)
{
unsigned char final[MD5_SIZE];
....
/* Don't leave anything around in vm they could use. */
memset(final,0,sizeof final);
return passwd;
}
Samba
V597 The compiler could delete the 'memset' function call, which is used to flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. md2.c 91
static void
calc(struct md2 *m, const void *v)
{
unsigned char x[48], L;
....
memset(x, 0, sizeof(x));
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. rand-fortuna.c 291
- V597 The compiler could delete the 'memset' function call, which is used to flush 'hash' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. rand-fortuna.c 341
- V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. rand-fortuna.c 378
- And 1 additional diagnostic messages.
Tor
V597 The compiler could delete the 'memset' function call, which is used to flush 'digest' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypto.c 1015
int
crypto_pk_private_sign_digest(....)
{
char digest[DIGEST_LEN];
....
memset(digest, 0, sizeof(digest));
return r;
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'r' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypto.c 1605
- V597 The compiler could delete the 'memset' function call, which is used to flush 'digest' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypto.c 2233
- V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypto.c 2323
- And 35 additional diagnostic messages.
NetXMS
V597 The compiler could delete the 'memset' function call, which is used to flush 'finalcount' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sha1.cpp 233
void I_SHA1Final(....)
{
unsigned char finalcount[8];
....
memset(finalcount, 0, 8);
SHA1Transform(context->state, context->buffer);
}
TortoiseSVN
V597 The compiler could delete the 'memset' function call, which is used to flush 'lenbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sshdss.c 23
static void sha_mpint(SHA_State * s, Bignum b)
{
unsigned char lenbuf[4];
....
memset(lenbuf, 0, sizeof(lenbuf));
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'lenbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sshdss.c 37
- V597 The compiler could delete the 'memset' function call, which is used to flush 'digest512' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sshdss.c 587
- V597 The compiler could delete the 'memset' function call, which is used to flush 'ourkeys' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sshdes.c 861
- And 9 additional diagnostic messages.
Network Security Services (NSS)
V597 The compiler could delete the 'memset' function call, which is used to flush 'keyData' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sslcon.c 2151
#define PORT_Memset memset
static SECStatus ssl2_ClientSetupSessionCypher(....)
{
....
PRUint8 keyData[SSL_MAX_MASTER_KEY_BYTES];
....
loser2:
done:
PORT_Memset(keyData, 0, sizeof(keyData));
PORT_ZFree(ekbuf, modulusLen);
PORT_ZFree(eblock, modulusLen);
SECKEY_DestroyPublicKey(serverKey);
return rv;
}
Network Security Services (NSS)
V597 The compiler could delete the 'memset' function call, which is used to flush 'ctx' object. The RtlSecureZeroMemory() function should be used to erase the private data. sha512.c 1423
SECStatus
SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
PRUint32 src_length)
{
SHA512Context ctx;
unsigned int outLen;
SHA384_Begin(&ctx);
SHA512_Update(&ctx, src, src_length);
SHA512_End(&ctx, dest, &outLen, SHA384_LENGTH);
memset(&ctx, 0, sizeof ctx);
return SECSuccess;
}
Network Security Services (NSS)
V597 The compiler could delete the 'memset' function call, which is used to flush 'hashed_secret' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. alghmac.c 87
SECStatus HMAC_Init(....)
{
unsigned char hashed_secret[HASH_LENGTH_MAX];
....
loser:
PORT_Memset(hashed_secret, 0, sizeof hashed_secret);
if (cx->hash != NULL)
cx->hashobj->destroy(cx->hash, PR_TRUE);
return SECFailure;
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'localDigestData' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. dsa.c 417
- V597 The compiler could delete the 'memset' function call, which is used to flush 'data' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. drbg.c 300
- V597 The compiler could delete the 'memset' function call, which is used to flush 'inputhash' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. drbg.c 450
- And 11 additional diagnostic messages.
Apache HTTP Server
V597 The compiler could delete the 'memset' function call, which is used to flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. apr apr_md4.c 362
static void MD4Transform(
apr_uint32_t state[4], const unsigned char block[64])
{
apr_uint32_t a = state[0], b = state[1],
c = state[2], d = state[3],
x[APR_MD4_DIGESTSIZE];
....
/* Zeroize sensitive information. */
memset(x, 0, sizeof(x));
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'tmpbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. apr apr_md5.c 436
- V597 The compiler could delete the 'memset' function call, which is used to flush 'final' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. apr apr_md5.c 662
- V597 The compiler could delete the 'memset' function call, which is used to flush 'tmpbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. aprutil apr_md5.c 436
- And 3 additional diagnostic messages.
POCO C++ Libraries
V597 The compiler could delete the 'memset' function call, which is used to flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. Foundation md4engine.cpp 272
void MD4Engine::transform (UInt32 state[4],
const unsigned char block[64])
{
UInt32 a = state[0], b = state[1],
c = state[2], d = state[3], x[16];
decode(x, block, 64);
....
/* Zeroize sensitive information. */
std::memset(x, 0, sizeof(x));
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. Foundation md5engine.cpp 303
POCO C++ Libraries
V597 The compiler could delete the 'memset' function call, which is used to flush '_opad' object. The RtlSecureZeroMemory() function should be used to erase the private data. HMACEngine.h(62)
~HMACEngine()
{
std::memset(_ipad, 0, BLOCK_SIZE);
std::memset(_opad, 0, BLOCK_SIZE);
delete [] _ipad;
delete [] _opad;
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush '_ipad' object. The RtlSecureZeroMemory() function should be used to erase the private data. HMACEngine.h(61)
PostgreSQL Database Management System
V597 The compiler could delete the 'memset' function call, which is used to flush 'final' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. pgcrypto crypt-md5.c 157
char *
px_crypt_md5(const char *pw, const char *salt,
char *passwd, unsigned dstlen)
{
....
unsigned char final[MD5_SIZE];
....
/* Don't leave anything around in vm they could use. */
memset(final, 0, sizeof final);
....
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. pgcrypto fortuna.c 294
- V597 The compiler could delete the 'memset' function call, which is used to flush 'hash' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. pgcrypto fortuna.c 344
- V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. pgcrypto fortuna.c 381
- And 16 additional diagnostic messages.
GNU C Library
V597 The compiler could delete the 'memset' function call, which is used to flush 'temp_result' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sha256-crypt.c 385
char *
__sha256_crypt_r (key, salt, buffer, buflen)
const char *key;
const char *salt;
char *buffer;
int buflen;
{
....
unsigned char temp_result[32]
....
memset (temp_result, '\0', sizeof (temp_result));
....
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'temp_result' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sha512-crypt.c 396
Qt
V597 The compiler could delete the 'memset' function call, which is used to flush 'chunkBuffer' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sha1.cpp 191
static inline void sha1ProcessChunk(
Sha1State *state, const unsigned char *buffer)
{
....
quint8 chunkBuffer[64];
....
#ifdef SHA1_WIPE_VARIABLES
a = b = c = d = e = 0;
memset(chunkBuffer, 0, 64);
#endif
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'zero' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sha1.cpp 249
APR
V597 The compiler could delete the 'memset' function call, which is used to flush 'tmpbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. libaprutil apr_md5.c 436
static void MD5Transform(....)
{
apr_uint32_t a = state[0], b = state[1],
c = state[2], d = state[3],
tmpbuf[APR_MD5_DIGESTSIZE];
....
if (x == tmpbuf)
{
/* Zeroize sensitive information. */
memset(tmpbuf, 0, sizeof(tmpbuf));
}
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'final' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. libaprutil apr_md5.c 662
- V597 The compiler could delete the 'memset' function call, which is used to flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. libaprutil apr_md4.c 362
Asterisk
V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. channel.c 7742
static int silence_generator_generate(....)
{
short buf[samples];
struct ast_frame frame = {
.frametype = AST_FRAME_VOICE,
.data.ptr = buf,
.samples = samples,
.datalen = sizeof(buf),
};
frame.subclass.format = ast_format_slin;
memset(buf, 0, sizeof(buf)); // <=
....
}
PHP:Hypertext Preprocessor
V597 The compiler could delete the 'memset' function call, which is used to flush 'final' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. php_crypt_r.c 421
/*
* MD5 password encryption.
*/
char* php_md5_crypt_r(const char *pw,const char *salt, char *out)
{
static char passwd[MD5_HASH_MAX_LEN], *p;
unsigned char final[16];
....
/* Don't leave anything around in vm they could use. */
memset(final, 0, sizeof(final)); // <=
return (passwd);
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'output' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypt.c 214
- V597 The compiler could delete the 'memset' function call, which is used to flush 'temp_result' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypt_sha512.c 622
- V597 The compiler could delete the 'memset' function call, which is used to flush 'ctx' object. The RtlSecureZeroMemory() function should be used to erase the private data. crypt_sha512.c 625
- And 4 additional diagnostic messages.
Miranda NG
V597 The compiler could delete the 'memset' function call, which is used to flush 'kappa' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. Cryptlib cast.cpp 293
void CAST256::Base::UncheckedSetKey(....)
{
AssertValidKeyLength(keylength);
word32 kappa[8];
....
memset(kappa, 0, sizeof(kappa));
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'job' object. The RtlSecureZeroMemory() function should be used to erase the private data. TabSRMM sendqueue.cpp 449
- V597 The compiler could delete the 'memset' function call, which is used to flush 'ctx' object. The RtlSecureZeroMemory() function should be used to erase the private data. Yahoo crypt.cpp 201
- V597 The compiler could delete the 'memset' function call, which is used to flush 'alt_ctx' object. The RtlSecureZeroMemory() function should be used to erase the private data. Yahoo crypt.cpp 202
- And 3 additional diagnostic messages.
Linux Kernel
V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. dm-crypt.c 708
static int crypt_iv_tcw_whitening(....)
{
....
u8 buf[TCW_WHITENING_SIZE];
....
out:
memset(buf, 0, sizeof(buf));
return r;
}
Linux Kernel
V597 The compiler could delete the 'memset' function call, which is used to flush 'D' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sha512_ssse3_glue.c 222
static int sha384_ssse3_final(struct shash_desc *desc, u8 *hash)
{
u8 D[SHA512_DIGEST_SIZE];
sha512_ssse3_final(desc, D);
memcpy(hash, D, SHA384_DIGEST_SIZE);
memset(D, 0, SHA512_DIGEST_SIZE);
return 0;
}
Linux Kernel
V597 The compiler could delete the 'memset' function call, which is used to flush 'keydvt_out' object. The RtlSecureZeroMemory() function should be used to erase the private data. security.c 525
int wusb_dev_4way_handshake(....)
{
....
struct aes_ccm_nonce ccm_n;
u8 mic[8];
struct wusb_keydvt_in keydvt_in;
struct wusb_keydvt_out keydvt_out;
....
error_dev_update_address:
error_wusbhc_set_gtk:
error_wusbhc_set_ptk:
error_hs3:
error_hs2:
error_hs1:
memset(hs, 0, 3*sizeof(hs[0]));
memset(&keydvt_out, 0, sizeof(keydvt_out));
memset(&keydvt_in, 0, sizeof(keydvt_in));
memset(&ccm_n, 0, sizeof(ccm_n));
memset(mic, 0, sizeof(mic));
if (result < 0)
wusb_dev_set_encryption(usb_dev, 0);
error_dev_set_encryption:
kfree(hs);
error_kzalloc:
return result;
....
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'keydvt_in' object. The RtlSecureZeroMemory() function should be used to erase the private data. security.c 526
- V597 The compiler could delete the 'memset' function call, which is used to flush 'ccm_n' object. The RtlSecureZeroMemory() function should be used to erase the private data. security.c 527
- V597 The compiler could delete the 'memset' function call, which is used to flush 'mic' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. security.c 528
Linux Kernel
V597 The compiler could delete the 'memset' function call, which is used to flush 'wpwd' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. smbencrypt.c 224
int
E_md4hash(const unsigned char *passwd, unsigned char *p16,
const struct nls_table *codepage)
{
int rc;
int len;
__le16 wpwd[129];
/* Password cannot be longer than 128 characters */
if (passwd) /* Password must be converted to NT unicode */
len = cifs_strtoUTF16(wpwd, passwd, 128, codepage);
else {
len = 0;
*wpwd = 0; /* Ensure string is null terminated */
}
rc = mdfour(p16, (unsigned char *) wpwd, len * sizeof(__le16));
memset(wpwd, 0, 129 * sizeof(__le16));
return rc;
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'D' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sha256_ssse3_glue.c 214
- V597 The compiler could delete the 'memset' function call, which is used to flush 'ck' object. The RtlSecureZeroMemory() function should be used to erase the private data. dev-sysfs.c 104
- V597 The compiler could delete the 'memset' function call, which is used to flush 'dout' object. The RtlSecureZeroMemory() function should be used to erase the private data. qp.c 143
LibreOffice
V597 The compiler could delete the 'memset' function call, which is used to flush 'state' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. digest.cxx 337
static void __rtl_digest_updateMD2 (DigestContextMD2 *ctx)
{
....
sal_uInt32 state[48];
....
memset (state, 0, 48 * sizeof(sal_uInt32));
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'U' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. digest.cxx 2074
- V597 The compiler could delete the 'memset' function call, which is used to flush 'T' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. digest.cxx 2127
- V597 The compiler could delete the 'memset' function call, which is used to flush 'pKeyData' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. docpasswordhelper.cxx 344
- And 10 additional diagnostic messages.
Haiku Operation System
V597 The compiler could delete the 'memset' function call, which is used to flush 'password' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. login.cpp 126
static status_t
login(const char* user, struct passwd** _passwd)
{
....
bool ok = verify_password(passwd, spwd, password);
memset(password, 0, sizeof(password));
if (!ok)
return B_PERMISSION_DENIED;
*_passwd = passwd;
return B_OK;
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'finalcount' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sha1.c 228
- V597 The compiler could delete the 'memset' function call, which is used to flush 'encoded_block' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. dst_api.c 446
- V597 The compiler could delete the 'memset' function call, which is used to flush 'in_buff' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. dst_api.c 916
- And 1 additional diagnostic messages.
FreeSWITCH
V597 The compiler could delete the 'memset' function call, which is used to flush 'corrSurfBuff' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. pitch_estimator.c 158
void WebRtcIsac_InitializePitch(const double *in,
const double old_lag,
const double old_gain,
PitchAnalysisStruct *State,
double *lags)
{
....
for(k = 0; k < 2*PITCH_BW+3; k++)
{
CorrSurf[k] = &corrSurfBuff[10 + k * (PITCH_LAG_SPAN2+4)];
}
/* reset CorrSurf matrix */
memset(corrSurfBuff, 0, sizeof(double) * (10 + (2*PITCH_BW+3)
* (PITCH_LAG_SPAN2+4)));
....
}
Mozilla Thunderbird
V597 The compiler could delete the 'memset' function call, which is used to flush 'ctx' object. The RtlSecureZeroMemory() function should be used to erase the private data. gmploader.cpp 166
bool GMPLoaderImpl::Load(....)
{
SHA256Context ctx;
....
// Overwrite all data involved in calculation as it could
//potentially identify the user, so there's no chance a GMP
//can read it and use it for identity tracking.
memset(&ctx, 0, sizeof(ctx));
....
}
GNU GRUB
V597 The compiler could delete the 'memset' function call, which is used to flush 'karr' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. arcfour.c 108
static gcry_err_code_t do_arcfour_setkey (....)
{
byte karr[256];
....
for (i=0; i < 256; i++ )
karr[i] = key[i%keylen];
....
memset( karr, 0, 256 ); // <=
return GPG_ERR_NO_ERROR;
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' object. The RtlSecureZeroMemory() function should be used to erase the private data. grub-mkpasswd-pbkdf2.c 209
- V597 The compiler could delete the 'memset' function call, which is used to flush 'bufhex' object. The RtlSecureZeroMemory() function should be used to erase the private data. grub-mkpasswd-pbkdf2.c 210
- V597 The compiler could delete the 'memset' function call, which is used to flush 'salt' object. The RtlSecureZeroMemory() function should be used to erase the private data. grub-mkpasswd-pbkdf2.c 213
- And 7 additional diagnostic messages.
Linux Kernel
V597 The compiler could delete the 'memset' function call, which is used to flush 'ps' buffer. The memset_s() function should be used to erase the private data. atom.c 1383
int amdgpu_atom_asic_init(struct atom_context *ctx)
{
int hwi = CU16(ctx->data_table + ATOM_DATA_FWI_PTR);
uint32_t ps[16];
int ret;
memset(ps, 0, 64);
ps[0] = cpu_to_le32(CU32(hwi + ATOM_FWI_DEFSCLK_PTR));
ps[1] = cpu_to_le32(CU32(hwi + ATOM_FWI_DEFMCLK_PTR));
if (!ps[0] || !ps[1])
return 1;
if (!CU16(ctx->cmd_table + 4 + 2 * ATOM_CMD_INIT))
return 1;
ret = amdgpu_atom_execute_table(ctx, ATOM_CMD_INIT, ps);
if (ret)
return ret;
memset(ps, 0, 64); // <=
return ret;
}
FreeBSD Kernel
V597 The compiler could delete the 'memset' function call, which is used to flush 'dout' object. The memset_s() function should be used to erase the private data. mlx5_qp.c 159
int mlx5_core_create_qp(struct mlx5_core_dev *dev,
struct mlx5_core_qp *qp,
struct mlx5_create_qp_mbox_in *in,
int inlen)
{
....
struct mlx5_destroy_qp_mbox_out dout;
....
err_cmd:
memset(&din, 0, sizeof(din));
memset(&dout, 0, sizeof(dout));
din.hdr.opcode = cpu_to_be16(MLX5_CMD_OP_DESTROY_QP);
din.qpn = cpu_to_be32(qp->qpn);
mlx5_cmd_exec(dev, &din, sizeof(din), &out, sizeof(dout));
return err;
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'dout' object. The memset_s() function should be used to erase the private data. mlx5_qp.c 323
Valgrind
V597 The compiler could delete the 'memset' function call, which is used to flush 'cts' object. The memset_s() function should be used to erase the private data. cg_merge.c 324
static void sdel_Counts ( Counts* cts )
{
memset(cts, 0, sizeof(Counts));
free(cts);
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'ffn' object. The memset_s() function should be used to erase the private data. cg_merge.c 263
- V597 The compiler could delete the 'memset' function call, which is used to flush 'cts' object. The memset_s() function should be used to erase the private data. cg_merge.c 332
- V597 The compiler could delete the 'memset' function call, which is used to flush 'cpf' object. The memset_s() function should be used to erase the private data. cg_merge.c 394
Bind
V597 The compiler could delete the 'memset' function call, which is used to flush 'newdigest' buffer. The memset_s() function should be used to erase the private data. hmacsha.c 1140
void
isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest,
size_t len)
{
unsigned char opad[ISC_SHA1_BLOCK_LENGTH];
unsigned char newdigest[ISC_SHA1_DIGESTLENGTH]; // <=
unsigned int i;
....
memmove(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest)); // <=
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'digest' buffer. The memset_s() function should be used to erase the private data. entropy.c 646
- V597 The compiler could delete the 'memset' function call, which is used to flush 'newdigest' buffer. The memset_s() function should be used to erase the private data. hmacsha.c 1206
- V597 The compiler could delete the 'memset' function call, which is used to flush 'newdigest' buffer. The memset_s() function should be used to erase the private data. hmacsha.c 1272
- And 29 additional diagnostic messages.
Enlightenment
V597 The compiler could delete the 'memset' function call, which is used to flush 'sd' object. The memset_s() function should be used to erase the private data. e_icon.c 838
static void
_e_icon_smart_del(Evas_Object *obj)
{
E_Smart_Data *sd;
if (!(sd = evas_object_smart_data_get(obj))) return;
evas_object_del(sd->obj);
evas_object_del(sd->eventarea);
....
evas_object_smart_data_set(obj, NULL);
memset(sd, 0, sizeof(*sd)); // <=
free(sd);
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'tzpol' object. The memset_s() function should be used to erase the private data. e_policy_wl.c 350
- V597 The compiler could delete the 'memset' function call, which is used to flush 'tzsh' object. The memset_s() function should be used to erase the private data. e_policy_wl.c 462
- V597 The compiler could delete the 'memset' function call, which is used to flush 'tzsh_srv' object. The memset_s() function should be used to erase the private data. e_policy_wl.c 639
- And 8 additional diagnostic messages.
Tizen
V597 The compiler could delete the 'memset' function call, which is used to flush 'finalcount' buffer. The memset_s() function should be used to erase the private data. wifi_generate_pin.c 185
static void SHA1Final(unsigned char digest[20],
SHA1_CTX* context)
{
u32 i;
unsigned char finalcount[8];
....
memset(context->buffer, 0, 64);
memset(context->state, 0, 20);
memset(context->count, 0, 8);
memset(finalcount, 0, 8); // <=
}
EFL Core Libraries
V597 The compiler could delete the 'memset' function call, which is used to flush 'iv' buffer. The memset_s() function should be used to erase the private data. emile_cipher_openssl.c 264
EAPI Eina_Binbuf *
emile_binbuf_decipher(Emile_Cipher_Algorithm algo,
const Eina_Binbuf *data,
const char *key,
unsigned int length)
{
Eina_Binbuf *result = NULL;
unsigned int *over;
EVP_CIPHER_CTX ctx;
unsigned char ik[MAX_KEY_LEN];
unsigned char iv[MAX_IV_LEN];
....
on_error:
memset(iv, 0, sizeof (iv));
memset(ik, 0, sizeof (ik));
if (opened)
EVP_CIPHER_CTX_cleanup(&ctx);
eina_binbuf_free(result);
return NULL;
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'ik' buffer. The memset_s() function should be used to erase the private data. emile_cipher_openssl.c 265
- V597 The compiler could delete the 'memset' function call, which is used to flush 'key_material' buffer. The memset_s() function should be used to erase the private data. emile_cipher_openssl.c 115
- V597 The compiler could delete the 'memset' function call, which is used to flush 'iv' buffer. The memset_s() function should be used to erase the private data. emile_cipher_openssl.c 165
- And 3 additional diagnostic messages.
Sphinx (search engine)
V597 The compiler could delete the 'memset' function call, which is used to flush 'tStat' object. The memset_s() function should be used to erase the private data. sphinx.cpp 19987
static bool GetFileStats (....)
{
....
struct_stat tStat;
memset ( &tStat, 0, sizeof ( tStat ) );
if ( stat ( szFilename, &tStat ) < 0 )
{
if ( pError )
*pError = strerror ( errno );
memset ( &tStat, 0, sizeof ( tStat ) ); // <=
return false;
}
....
}
MySQL
V597 The compiler could delete the 'memset' function call, which is used to flush 'A' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypt_genhash_impl.cc 420
extern "C"
char *
my_crypt_genhash(char *ctbuffer,
size_t ctbufflen,
const char *plaintext,
size_t plaintext_len,
const char *switchsalt,
const char **params)
{
int salt_len;
size_t i;
char *salt;
unsigned char A[DIGEST_LEN];
unsigned char B[DIGEST_LEN];
unsigned char DP[DIGEST_LEN];
unsigned char DS[DIGEST_LEN];
....
(void) memset(A, 0, sizeof (A));
(void) memset(B, 0, sizeof (B));
(void) memset(DP, 0, sizeof (DP));
(void) memset(DS, 0, sizeof (DS));
return (ctbuffer);
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'B' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypt_genhash_impl.cc 421
- V597 The compiler could delete the 'memset' function call, which is used to flush 'DP' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypt_genhash_impl.cc 422
- V597 The compiler could delete the 'memset' function call, which is used to flush 'DS' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypt_genhash_impl.cc 423
- And 6 additional diagnostic messages.
MySQL
V597 The compiler could delete the 'memset' function call, which is used to flush 'win32op' object. The RtlSecureZeroMemory() function should be used to erase the private data. win32.c 442
void win32_dealloc(struct event_base *_base, void *arg)
{
struct win32op *win32op = arg;
....
memset(win32op, 0, sizeof(win32op));
free(win32op);
}
WebRTC
V597 CWE-14 The compiler could delete the 'memset' function call, which is used to flush 'sensitive' object. The RtlSecureZeroMemory() function should be used to erase the private data. socketadapters.cc 677
void AsyncSocksProxySocket::SendAuth() {
....
char * sensitive = new char[len];
pass_.CopyTo(sensitive, true);
request.WriteString(sensitive); // Password
memset(sensitive, 0, len);
delete [] sensitive;
DirectSend(request.Data(), request.Length());
state_ = SS_AUTH;
}
The compiler may delete a call of memset function and password can still remain in memory.
WebRTC
V597 CWE-14 The compiler could delete the 'memset' function call, which is used to flush 'sensitive' object. The RtlSecureZeroMemory() function should be used to erase the private data. httpcommon.cc 721
HttpAuthResult HttpAuthenticate(....)
{
....
char * sensitive = new char[len];
....
if (_stricmp(auth_method.c_str(), "basic") == 0) {
....
memset(sensitive, 0, len);
delete [] sensitive;
return HAR_RESPONSE;
}
....
}
The compiler may remove the call of memset function and some data can still remain in memory.
Similar errors can be found in some other places:
- V597 CWE-14 The compiler could delete the 'memset' function call, which is used to flush 'sensitive' object. The RtlSecureZeroMemory() function should be used to erase the private data. httpcommon.cc 766
- V597 CWE-14 The compiler could delete the 'memset' function call, which is used to flush 'sensitive' object. The RtlSecureZeroMemory() function should be used to erase the private data. httpcommon.cc 917
XNU kernel
V597 CWE-14 The compiler could delete the 'memset' function call, which is used to flush 'finalcount' buffer. The memset_s() function should be used to erase the private data. sha1mod.c 188
__private_extern__ void
YSHA1Final(unsigned char digest[20], YSHA1_CTX* context)
{
u_int32_t i, j;
unsigned char finalcount[8];
....
/* Wipe variables */
i = j = 0;
memset(context->buffer, 0, 64);
memset(context->state, 0, 20);
memset(context->count, 0, 8);
memset(finalcount, 0, 8);
#ifdef SHA1HANDSOFF
YSHA1Transform(context->state, context->buffer);
#endif
}
The compiler will delete memset(finalcount, 0, 8); in terms of optimization.
Android
V597 CWE-14 The compiler could delete the 'memset' function call, which is used to flush 'keyEncryptionKey' buffer. The memset_s() function should be used to erase the private data. FwdLockGlue.c 102
static void FwdLockGlue_InitializeRoundKeys() {
unsigned char keyEncryptionKey[KEY_SIZE];
....
memset(keyEncryptionKey, 0, KEY_SIZE); // Zero out key data.
}
Similar errors can be found in some other places:
- V597 CWE-14 The compiler could delete the 'memset' function call, which is used to flush 'mipmap' object. The memset_s() function should be used to erase the private data. TextureObjectManager.cpp 206
- V597 CWE-14 The compiler could delete the 'memset' function call, which is used to flush 'rnd' buffer. The memset_s() function should be used to erase the private data. arc4random.c 97
- V597 CWE-14 The compiler could delete the 'memset' function call, which is used to flush 'pData' object. The memset_s() function should be used to erase the private data. FwdLockFile.c 208
- And 7 additional diagnostic messages.
NCBI Genome Workbench
V597 The compiler could delete the 'memset' function call, which is used to flush 'passwd_buf' buffer. The memset_s() function should be used to erase the private data. challenge.c 366
/**
* Crypt a given password using schema required for NTLMv1 authentication
* @param passwd clear text domain password
* @param challenge challenge data given by server
* @param flags NTLM flags from server side
* @param answer buffer where to store crypted password
*/
void
tds_answer_challenge(....)
{
#define MAX_PW_SZ 14
....
if (ntlm_v == 1) {
....
/* with security is best be pedantic */
memset(hash, 0, sizeof(hash));
memset(passwd_buf, 0, sizeof(passwd_buf));
memset(ntlm2_challenge, 0, sizeof(ntlm2_challenge));
} else {
....
}
}
NCBI Genome Workbench
V597 The compiler could delete the 'memset' function call, which is used to flush 'answer' object. The memset_s() function should be used to erase the private data. challenge.c 561
typedef struct tds_answer
{
unsigned char lm_resp[24];
unsigned char nt_resp[24];
} TDSANSWER;
static TDSRET
tds7_send_auth(....)
{
size_t current_pos;
TDSANSWER answer;
....
/* for security reason clear structure */
memset(&answer, 0, sizeof(TDSANSWER));
return tds_flush_packet(tds);
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'heap' object. The memset_s() function should be used to erase the private data. ncbi_heapmgr.c 1300
- V597 The compiler could delete the 'memset' function call, which is used to flush 'context' object. The memset_s() function should be used to erase the private data. challenge.c 167
- V597 The compiler could delete the 'memset' function call, which is used to flush 'ks' object. The memset_s() function should be used to erase the private data. challenge.c 339
- And 18 additional diagnostic messages.
Haiku Operation System
V597 The compiler could delete the 'memset' function call, which is used to flush 'f_key' object. The memset_s() function should be used to erase the private data. dst_api.c 1018
#ifndef SAFE_FREE
#define SAFE_FREE(a) \
do{if(a != NULL){memset(a,0, sizeof(*a)); free(a); a=NULL;}} while (0)
....
#endif
DST_KEY *
dst_free_key(DST_KEY *f_key)
{
if (f_key == NULL)
return (f_key);
if (f_key->dk_func && f_key->dk_func->destroy)
f_key->dk_KEY_struct =
f_key->dk_func->destroy(f_key->dk_KEY_struct);
else {
EREPORT(("dst_free_key(): Unknown key alg %d\n",
f_key->dk_alg));
}
if (f_key->dk_KEY_struct) {
free(f_key->dk_KEY_struct);
f_key->dk_KEY_struct = NULL;
}
if (f_key->dk_key_name)
SAFE_FREE(f_key->dk_key_name);
SAFE_FREE(f_key);
return (NULL);
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'encoded_block' buffer. The memset_s() function should be used to erase the private data. dst_api.c 446
- V597 The compiler could delete the 'memset' function call, which is used to flush 'key_st' object. The memset_s() function should be used to erase the private data. dst_api.c 685
- V597 The compiler could delete the 'memset' function call, which is used to flush 'in_buff' buffer. The memset_s() function should be used to erase the private data. dst_api.c 916
- And 1 additional diagnostic messages.
PPSSPP
V597 The compiler could delete the 'memset' function call, which is used to flush 'sum' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. sha1.cpp 325
void sha1( unsigned char *input, int ilen, unsigned char output[20] )
{
sha1_context ctx;
sha1_starts( &ctx );
sha1_update( &ctx, input, ilen );
sha1_finish( &ctx, output );
memset( &ctx, 0, sizeof( sha1_context ) );
}
Network Security Services (NSS)
V597 The compiler could delete the 'memset' function call, which is used to flush 'newdeskey' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. pkcs11c.c 1033
static CK_RV
sftk_CryptInit(....)
{
....
unsigned char newdeskey[24];
....
context->cipherInfo = DES_CreateContext(
useNewKey ? newdeskey : (unsigned char *)att->attrib.pValue,
(unsigned char *)pMechanism->pParameter, t, isEncrypt);
if (useNewKey)
memset(newdeskey, 0, sizeof newdeskey);
sftk_FreeAttribute(att);
....
}
ROOT
V597 The compiler could delete the 'memset' function call, which is used to flush 'x' buffer. The memset_s() function should be used to erase the private data. TMD5.cxx 366
void TMD5::Transform(UInt_t buf[4], const UChar_t in[64])
{
UInt_t a, b, c, d, x[16];
....
// Zero out sensitive information
memset(x, 0, sizeof(x));
}
Qemu
V597 The compiler could delete the 'memset' function call, which is used to flush 'op_info' object. The RtlSecureZeroMemory() function should be used to erase the private data. virtio-crypto.c 354
static void virtio_crypto_free_request(VirtIOCryptoReq *req)
{
if (req) {
if (req->flags == CRYPTODEV_BACKEND_ALG_SYM) {
....
/* Zeroize and free request data structure */
memset(op_info, 0, sizeof(*op_info) + max_len);
g_free(op_info);
}
g_free(req);
}
}
Espressif IoT Development Framework
V597 The compiler could delete the 'memset' function call, which is used to flush 'prk' buffer. The memset_s() function should be used to erase the private data. dpp.c 854
#ifndef os_memset
#define os_memset(s, c, n) memset(s, c, n)
#endif
static int dpp_derive_k1(const u8 *Mx, size_t Mx_len, u8 *k1,
unsigned int hash_len)
{
u8 salt[DPP_MAX_HASH_LEN], prk[DPP_MAX_HASH_LEN];
const char *info = "first intermediate key";
int res;
/* k1 = HKDF(<>, "first intermediate key", M.x) */
/* HKDF-Extract(<>, M.x) */
os_memset(salt, 0, hash_len);
if (dpp_hmac(hash_len, salt, hash_len, Mx, Mx_len, prk) < 0)
return -1;
wpa_hexdump_key(MSG_DEBUG, "DPP: PRK = HKDF-Extract(<>, IKM=M.x)",
prk, hash_len);
/* HKDF-Expand(PRK, info, L) */
res = dpp_hkdf_expand(hash_len, prk, hash_len, info, k1, hash_len);
os_memset(prk, 0, hash_len);
if (res < 0)
return -1;
wpa_hexdump_key(MSG_DEBUG, "DPP: k1 = HKDF-Expand(PRK, info, L)",
k1, hash_len);
return 0;
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'prk' buffer. The memset_s() function should be used to erase the private data. dpp.c 883
- V597 The compiler could delete the 'memset' function call, which is used to flush 'prk' buffer. The memset_s() function should be used to erase the private data. dpp.c 942
- V597 The compiler could delete the 'memset' function call, which is used to flush 'psk' buffer. The memset_s() function should be used to erase the private data. dpp.c 3939
- And 14 additional diagnostic messages.
GTK
V597 [CWE-14] The compiler could delete the 'memset' function call, which is used to flush 'password' object. The memset_s() function should be used to erase the private data. gtkprintbackendcups.c 848
void
g_free (gpointer mem)
{
free (mem);
TRACE(GLIB_MEM_FREE((void*) mem));
}
void overwrite_and_free (gpointer data)
{
char *password = (char *) data;
if (password != NULL)
{
memset (password, 0, strlen (password));
g_free (password);
}
}
Snort
V597 The compiler could delete the 'memset' function call, which is used to flush 'ThisFmt' object. The memset_s() function should be used to erase the private data. ftpp_ui_config.c 251
void ftpp_ui_config_reset_ftp_cmd_format(FTP_PARAM_FMT *ThisFmt)
{
....
memset(ThisFmt, 0, sizeof(FTP_PARAM_FMT));
free(ThisFmt);
}
Transmission
V597 The compiler could delete the 'memset' function call, which is used to flush 'ui' object. The memset_s() function should be used to erase the private data. makemeta-ui.c:53
static void freeMetaUI(gpointer p)
{
MakeMetaUI* ui = p;
tr_metaInfoBuilderFree(ui->builder);
g_free(ui->target);
memset(ui, ~0, sizeof(MakeMetaUI));
g_free(ui);
}
RPCS3
V597 The compiler could delete the 'memset' function call, which is used to flush 'cty' object. The memset_s() function should be used to erase the private data. aes.cpp 596
/*
* AES key schedule (decryption)
*/
int aes_setkey_dec(....)
{
aes_context cty;
// ....
done:
memset( &cty, 0, sizeof( aes_context ) );
return( 0 );
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'tmpbuf' buffer. The memset_s() function should be used to erase the private data. sha1.cpp 371
- V597 The compiler could delete the 'memset' function call, which is used to flush 'ctx' object. The memset_s() function should be used to erase the private data. sha1.cpp 396
RPCS3
V597 The compiler could delete the 'memset' function call, which is used to flush 'tmpbuf' buffer. The memset_s() function should be used to erase the private data. sha1.cpp 371
/*
* SHA-1 HMAC final digest
*/
void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
{
unsigned char tmpbuf[20];
sha1_finish( ctx, tmpbuf );
sha1_starts( ctx );
sha1_update( ctx, ctx->opad, 64 );
sha1_update( ctx, tmpbuf, 20 );
sha1_finish( ctx, output );
memset( tmpbuf, 0, sizeof( tmpbuf ) );
}
iSulad
V597 [CWE-14, CERT-MSC06-C] The compiler could delete the 'memset' function call, which is used to flush 'password' buffer. The memset_s() function should be used to erase the private data. login.c 106
static int get_password_from_notty(struct client_arguments *args)
{
....
if (g_cmd_login_args.password_stdin) {
char password[LOGIN_PASSWORD_LEN + 1] = { 0 };
int n = util_input_readall(password, sizeof(password));
if (n == 0) {
COMMAND_ERROR("Error: Password Required");
return -1;
}
if (n < 0) {
COMMAND_ERROR("Get password from notty stdin failed: %s",
strerror(errno));
return -1;
}
args->password = util_strdup_s(password);
(void)memset(password, 0, sizeof(password));
}
....
}
Similar errors can be found in some other places:
- V597 [CWE-14, CERT-MSC06-C] The compiler could delete the 'memset' function call, which is used to flush 'password' buffer. The memset_s() function should be used to erase the private data. login.c 152
- V597 [CWE-14, CERT-MSC06-C] The compiler could delete the 'memset' function call, which is used to flush 'oldptr' object. The memset_s() function should be used to erase the private data. utils.c 76
- V597 [CWE-14, CERT-MSC06-C] The compiler could delete the 'memset' function call, which is used to flush 'buf' object. The memset_s() function should be used to erase the private data. utils_file.c 1568
DPDK
V597 The compiler could delete the 'memset' function call, which is used to flush 'p' object. The memset_s() function should be used to erase the private data. nthw_hif.c 27
void nthw_hif_delete(nthw_hif_t *p)
{
if (p) {
memset(p, 0, sizeof(nthw_hif_t));
free(p);
}
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'p' object. The memset_s() function should be used to erase the private data. nthw_fpga_model.c 187
- V597 The compiler could delete the 'memset' function call, which is used to flush 'p' object. The memset_s() function should be used to erase the private data. nthw_si5340.c 48
- V597 The compiler could delete the 'memset' function call, which is used to flush 'p' object. The memset_s() function should be used to erase the private data. nthw_sdc.c 26
- And 9 additional diagnostic messages.
PPSSPP
V597 The compiler could delete the 'memset' function call, which is used to flush 'ctx' object. The memset_s() function should be used to erase the private data. md5.cp p 290
void sha1_hmac( unsigned char *key, int keylen,
unsigned char *input, int ilen,
unsigned char output[20] )
{
sha1_context ctx;
sha1_hmac_starts( &ctx, key, keylen );
sha1_hmac_update( &ctx, input, ilen );
sha1_hmac_finish( &ctx, output );
memset( &ctx, 0, sizeof( sha1_context ) );
}
Similar errors can be found in some other places:
- V597 The compiler could delete the 'memset' function call, which is used to flush 'tmpbuf' buffer. The memset_s() function should be used to erase the private data. sha1.cpp 379
- V597 The compiler could delete the 'memset' function call, which is used to flush 'sum' buffer. The memset_s() function should be used to erase the private data. sha1.cpp 355
- V597 The compiler could delete the 'memset' function call, which is used to flush 'ctx' object. The memset_s() function should be used to erase the private data. sha1.cpp 325
- And 4 additional diagnostic messages.