[EXT] CVE for insecure use of assert?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[EXT] CVE for insecure use of assert?

Jeffrey Walton
Hi Everyone,

I'm looking for a CVE for insecure use of assert. A grossly simplified
example is shown below. In the example below, the program uses Posix
assert to abort the program while the program is handling sensitive
information.

Does anyone have a suggestion?

Thanks in advance.

==========

$ cat coredump.c
#include <stdio.h>
#include <assert.h>

int main(int argc, char* argv[])
{
    char password[128];
    printf("Please enter your password:\n");
    if(fgets(password, sizeof(password), stdin) != NULL) {
        /* do some real work, detect an error condition, then... */
        assert(0);
    }

    return 0;
}


$ gcc coredump.c -o coredump.exe
$ ./coredump.exe
Please enter your password:
supersecretpassword
coredump.exe: coredump.c:11: main: Assertion `0' failed.
Aborted (core dumped)


$ coredumpctl list
TIME                            PID   UID   GID SIG COREFILE  EXE
Wed 2019-01-02 16:23:15 EST   10827  1000  1000   6 present   /home/jwalton/...


$ coredumpctl -o coredump.exe.core dump 10827
           PID: 10827 (coredump.exe)
           UID: 1000 (jwalton)
           GID: 1000 (jwalton)
        Signal: 6 (ABRT)


$ strings coredump.exe.core | grep supersecret
supersecretpassword
supersecretpassword