MEMORY LEAK IN MAIN.CPP WITH POSSIBLE FIX

[irfanOzn]

Project: Shell Report By: Irfan Ozen Team Red

Vulnerability Type: Memory Leak (even if program exits after that problem, and OS collects garbage memory, it might be good practice to mention it and fix this issue) Exploitability: the attacker might be able to launch a denial of service attack by taking advantage of unexpected program behavior resulting from a low memory condition

Analysis Method Used: Cppcheck and then Manual control

Vulnerability Description: The bug is caused by not deallocating dynamically allocated memory of the newCmd char pointer, which is defined in the 101st line. This situation can lead to memory leakage, which if repeats throughout the program, can accumulate and can cause performance issues and even crashes.

Possible Fix: To fix that issue, developer needs to deallocate that memory with delete[] function call like that below:

[mustakimur]

@DamoSWL @shawnwork @QuuikSilva98 can you please consult this bug with @irfanOzn to confirm if it can leak information such as program internals e.g. stack canaries, return address or program sensitive information e.g. key, password etc.

[DamoSWL]

this has been solved