...
In this compliant solution, file_name is closed before launching the editor.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
FILE* f;
const char *editor;
char *file_name;
/* Initialize file_name */
f = fopen(file_name, "r");
if (f == NULL) {
/* Handle fopen() error */
}
/* ... */
fclose(f);
f = NULL;
editor = getenv("EDITOR");
if (editor == NULL) {
/* Handle getenv() error */
}
/* Sanitize environment before calling system()! */
if (system(editor) == -1) {
/* Handle Error */
}
|
...
Sometimes it is not practical for a program to close all active file descriptors before issuing a system call such as system() or exec(). An alternative on POSIX systems is to use the FD_CLOEXEC flag, or O_CLOEXEC when available, to set the close-on-exec flag for the file descriptor.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
int flags;
char *editor;
char *file_name;
/* Initialize file_name */
int fd = open(file_name, O_RDONLY);
if (fd == -1) {
/* Handle error */
}
flags = fcntl(fd, F_GETFD);
if (flags == -1) {
/* Handle error */
}
if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) == -1) {
/* Handle error */
}
/* ... */
editor = getenv("EDITOR");
if (editor == NULL) {
/* Handle getenv() error */
}
if (system(editor) == -1) {
/* Handle error */
}
|
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
Compass/ROSE | |||||||||
Fortify SCA | 5.0 | Can detect violations of this rule with CERT C Rule Pack. | |||||||
| RH.LEAK | ||||||||
| 49 D | Fully implemented. |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
| [Austin Group 2008] | |
| [Dowd 2006] | Chapter 10, "UNIX Processes" ("File Descriptor Leaks," pp. 582–587) |
| [MSDN] | Inheritance (Windows) |
| [NAI 1998] |
...