sonic-sairedis icon indicating copy to clipboard operation
sonic-sairedis copied to clipboard

Published 20 hours ago verified publisher icon sonic-net

[sairedis] Replace memset functions

Open maipbui opened this issue 2 years ago • 7 comments

Signed-off-by: maipbui [email protected]

Why I did it memset() is an insecure function that can cause buffer overflow. memset() may not be called by the compiler. Due to compiler optimization: an optimizing compiler, which identifies and removes the function that overwrites the contents as a dead store because the memory is not used subsequently. If sensitive data is in memory, it's dangerous if compiler optimization happens. Ref: https://cwe.mitre.org/data/definitions/14.html https://registry.semgrep.dev/rule/c.lang.security.insecure-use-memset.insecure-use-memset

How I did it Remove memset(), initialize the variable to 0.

maipbui avatar Aug 22 '22 17:08 maipbui

can we use memset_s in all places instead doing ifdef ?

kcudnik avatar Aug 23 '22 06:08 kcudnik

can we use memset_s in all places instead doing ifdef ?

I don't think so, seems like gcc/g++ doesn't support memset_s

maipbui avatar Aug 25 '22 17:08 maipbui

/AzurePipelines run Azure.sonic-sairedis

maipbui avatar Sep 08 '22 19:09 maipbui

Azure Pipelines successfully started running 1 pipeline(s).

azure-pipelines[bot] avatar Sep 08 '22 19:09 azure-pipelines[bot]

@kcudnik Could you review again?

qiluo-msft avatar Sep 09 '22 22:09 qiluo-msft

please satisfy code coverage: https://dev.azure.com/mssonic/build/_build/results?buildId=147452&view=codecoverage-tab in unittests

kcudnik avatar Sep 13 '22 12:09 kcudnik

i added some unittest to cover old code https://github.com/sonic-net/sonic-sairedis/pull/1133

kcudnik avatar Sep 27 '22 22:09 kcudnik