• Home
  • Examples of errors detected by the V597 diagnostic
 

Examples of errors detected by the V597 diagnostic

<< Return to list of all diagnostics

V597. The compiler could delete the 'memset' function call, which is used to flush 'Foo' buffer. The RtlSecureZeroMemory() function should be used to erase the private data.

eMule

V597 The compiler could delete the 'memset' function call, which is used to flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. emule md5sum.cpp 263


static void MD5Transform(UINT4 state[4],
                         unsigned char block[64])
{
  UINT4 a = state[0], b = state[1], c = state[2],
        d = state[3], x[16];
  ...
  /* Zeroize sensitive information */
  memset(x, 0, sizeof(x));
}

Crypto++

V597 The compiler could delete the 'memset' function call, which is used to flush 'kappa' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. cryptlib cast.cpp 293


void CAST256::Base::UncheckedSetKey(const byte *userKey,
  unsigned int keylength, const NameValuePairs &)
{
  AssertValidKeyLength(keylength);
  word32 kappa[8];
  ...
  memset(kappa, 0, sizeof(kappa));
}

Dolphin Emulator

V597 The compiler could delete the 'memset' function call, which is used to flush 'sum' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. Common md5.cpp 353


void md5_hmac_starts( md5_context *ctx, unsigned char *key,
                      int keylen )
{
  ...
  memset( sum, 0, sizeof( sum ) );
}

Identical errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'tmpbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. Common md5.cpp 377
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'sum' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. Common sha1.cpp 387
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'tmpbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. Common sha1.cpp 411

UCSniff

V597 The compiler could delete the 'memset' function call, which is used to flush 'send_msg' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. http_handler.c 84


int request_http_corporate_url(char *directory_buf,
                               int message_id)
{
  char send_msg[2048] = {'\0'};
  ...
  memset(send_msg,'\0',sizeof(send_msg));
  ...
}

Identical errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'name_start_tag' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. directory_parser.c 941

Trans-Proteomic Pipeline

V597 The compiler could delete the 'memset' function call, which is used to flush 'finalcount' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. pwiz sha1.cpp 205


void CSHA1::Final()
{
  UINT_8 finalcount[8];
  ...
  memset(finalcount, 0, 8);
  Transform(m_state, m_buffer);
}

Identical errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'finalcount' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. dta2mzXML sha1.cpp 252
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'finalcount' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. indexmzXML indexmzxmlsha1.cpp 225

CamStudio

V597 The compiler could delete the 'memset' function call, which is used to flush 'final' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. md5.c 342


char* crypt_md5(const char* pw, const char* salt)
{
  unsigned char final[MD5_SIZE];
  ....
  /* Don't leave anything around in vm they could use. */
  memset(final,0,sizeof final);
  return passwd;
}

Samba

V597 The compiler could delete the 'memset' function call, which is used to flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. md2.c 91


static void
calc(struct md2 *m, const void *v)
{
  unsigned char x[48], L;
  ....
  memset(x, 0, sizeof(x));
}

Identical errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. rand-fortuna.c 291
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'hash' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. rand-fortuna.c 341
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. rand-fortuna.c 378
  • And 1 additional diagnostic messages.

Tor

V597 The compiler could delete the 'memset' function call, which is used to flush 'digest' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypto.c 1015


int
crypto_pk_private_sign_digest(....)
{
  char digest[DIGEST_LEN];
  ....
  memset(digest, 0, sizeof(digest));
  return r;
}

Identical errors can be found in some other places:

  • V597 The compiler could delete the 'memset' function call, which is used to flush 'r' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypto.c 1605
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'digest' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypto.c 2233
  • V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. crypto.c 2323
  • And 35 additional diagnostic messages.

<< Return to list of all diagnostics