Using Freed Memory

From Guidance Share

Jump to: navigation, search

Contents

Description

The use of heap allocated memory after it has been freed or deleted leads to undefined system behavior and in some cases may allow an attacker to gain access to memory locations previously unavailable.

Applies To

  • Languages: C, C++, Assembly
  • Operating Platforms: All

Example

The following example shows use of freed memory (note that the following code could also result in a buffer overrun):

#include <stdio.h>
#include <unistd.h>
#define BUFSIZE 512

int main(int argc, char **argv) { 
char *buf;
buf = (char *) malloc(BUFSIZE);
free(buf);
strncpy(buf, argv[1], BUFSIZE);
}

Impact

  • Integrity: The use of previously freed memory may corrupt valid data, if the memory area in question has been allocated and used properly elsewhere.
  • Availability: If chunk consolidation occurs after the use of previously freed data, the process may crash when invalid data is used as chunk information.
  • Access Control (instruction processing): If malicious data is entered before chunk consolidation can take place, it may be possible to execute arbitrary code.

Vulnerabilities

  • Failure to set freed pointers to NULL and then failing to check for NULL before use.

Countermeasures

  • Implementation: Ensure that all pointers are set to NULL once the memory they point to has been freed. Check all pointers for NULL before use.

Vulnerability Patterns

How Tos

Personal tools