...
Additionally, there are well-known recommendations for dealing with common file operations securely that use non-standard functions. This recommendation opens those options up to implementers of this standard.
File Creation
The C99 standard function fopen() is typically used to open existing, and create new files. However, fopen() does not provide a way to test file existence potentially allowing a program to overwrite or access and unintended file.
Non-Compliant Example 1
| Code Block |
|---|
...
FILE * fptr = fopen(file_name, "w");
if (!fptr) {
/* Handle Error */
}
...
|
Compliant Solution 1.
| Code Block |
|---|
...
int fd = open(file_name, O_CREAT | O_EXCL | O_WR_ONLY);
if (fd == -1) {
/* Handle Error */
}
...
|