ABSTRACT

Memory is allocated but never freed.

EXPLANATION

Memory leaks have two common and sometimes overlapping causes:

- Error conditions and other exceptional circumstances.

- Confusion over which part of the program is responsible for freeing the memory.

Most memory leaks result in general software reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing the program) or take advantage of other unexpected program behavior resulting from a low memory condition [1].

Example 1: The following C function leaks a block of allocated memory if the call to read() fails to return the expected number of bytes:


char* getBlock(int fd) {
char* buf = (char*) malloc(BLOCK_SIZE);
if (!buf) {
return NULL;
}
if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) {
return NULL;
}
return buf;
}

REFERENCES

[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A9 Application Denial of Service

[2] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP6080 CAT II

[3] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 401

[4] J. Whittaker and H. Thompson How to Break Software Security Addison Wesley

[5] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.9