Guarding against re-use of stale object references - Init

<body> <h1>Guarding against re-use of stale object references</h1> <p><span style="font-size: small;" size="3"><span style="font-family: Calibri;" face="Calibri">Hello all - Dave here...</span></span></p> <p><span style="font-size: small;" size="3"><span style="font-family: Calibri;" face="Calibri">Tim Burrell of the TwC Security Science team presents the fifth blog installment describing /sdl: functionality in Visual Studio.</span></span></p> <p><span style="font-size: small;" size="3"><span style="font-family: Calibri;" face="Calibri">----------------------------------------------------------------------------------------------------------------------------- </span></span></p> <p><span style="font-size: small;" size="3"><span style="font-family: Calibri;" face="Calibri">In the last few posts we described some additional security features that are enabled by the new /sdl compiler switch. Previous comments to posts <a href="http://blogs.msdn.com/b/sdl/archive/tags/visual+studio+11/" target="_blank">in this series</a> have highlighted the balance that we have to strike when introducing new security features: some developers/readers welcome new security features in the toolchain and suggest further enhancements; for others conformance and standards compliance takes precedence. </span></span></p> <p><span style="font-family: Calibri; font-size: small;" size="3" face="Calibri">This post describes another feature included under /sdl: in limited circumstances the compiler will instrument C++ </span>operator::delete<span style="font-size: small;" size="3"><span style="font-family: Calibri;" face="Calibri"> calls to sanitize the pointer reference. In particular it illustrates a case where we have sought to carefully balance the desire for improved security with that of conformance and avoiding unnecessarily breaking a developer’s valid C++ code.</span></span></p> <h2><span style="font-size: medium;" size="4"><span style="color: #4f81bd;" color="#4f81bd"><span style="font-family: Cambria;" face="Cambria">SDL recommends pointer sanitization</span></span></span></h2> <p><span style="font-size: small;" size="3"><span style="font-family: Calibri;" face="Calibri">The <a href="http://www.microsoft.com/security/sdl">Security Development Lifecycle (SDL)</a> as implemented at Microsoft recommends (see pages 42-43 of <a href="http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=9295"><span style="color: #0000ff;" color="#0000ff">SDL Process Guidance 5.1</span></a>):</span></span></p> <p><span style="font-size: small;" size="3"><span style="font-family: Calibri;" face="Calibri"><strong><em>“NULL out free'd memory pointers in new code. </em></strong><em>This helps reduce the severity of double-free bugs and bugs that overwrite "dangling" pointers. For example:</em></span></span></p> <p><span style="font-size: small;" size="3"><span style="font-family: Calibri;" face="Calibri"><em></em><strong><em><a href="http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-43/2555.Capture1_5F00_24.PNG"><img border="0" alt="" src="http://blogs.msdn.com/resized-image.ashx/__size/550x0/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-43/2555.Capture1_5F00_24.PNG" width="213" height="65" /></a></em></strong></span></span></p> <p><span style="font-size: small;" size="3"><span style="font-family: Calibri;" face="Calibri"><em>Add this statement after the delete operator: </em></span></span></p> <p><span style="font-size: small;" size="3"><span style="font-family: Calibri;" face="Calibri"><em><a href="http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-43/5460.Capture2_5F00_24.PNG"><img border="0" alt="" src="http://blogs.msdn.com/resized-image.ashx/__size/550x0/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-43/5460.Capture2_5F00_24.PNG" width="157" height="45" /></a></em></span></span></p> <p><span style="font-size: small;" size="3"><span style="font-family: Calibri;" face="Calibri">A common approac </span></span></p></body>