@@ -743,11 +743,30 @@ For any technical requirement which includes a test, the manufacturer shall docu
All mitigations for TR-TEST are required for all products.
### TR prevent or mitigate memory attacks
### 5.2.X.x TR-IMEM Prevent memory safety attacks originating on the attached network
Threat: Out-of-bounds memory access caused by unvalidated input in incoming packets
#### 5.2.X.x Requirement
The network interface shall not process data originating from the attached network in such a way as to cause an internal memory safety error.
#### 5.2.X.x **MI-SSCA**: Static source code analysis for memory errors
The manufacturer shall check all security-relevant parts of the network interface firmware and software for memory errors using a source code analysis tool that detects at least the following types of memory errors, subject to whether each error is possible in the source code language:
* buffer overflow
* use after free
* double free
* uninitialized variables
* dereference invalid pointer
* TBD others?
All warnings, annotations, or other method of suppressing warnings from the analysis tool shall be accompanied by an explanation of why the code in question will not produce an error under reasonably foreseeable use or misuse.
* Test: run a source code analysis tool on all security-relevant parts of the network interface firmware and software
* Result: no warnings or suppression of warnings that do not have documentation showing why they are memory safe
* Output: the output of the source code analysis checker
* False negative test: for each kind of memory error in the above list, write a test program with the error, run the analysis tool on it, and show that it produces a warning for each error
Mitigations: Select from the following depending on use case/risk factor (TBD)
