SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 29

changes.mady.by.user Jeffrey Gennari

Saved on

compared with

New Version 30

changes.mady.by.user Jeffrey Gennari

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To correct this example, Sensitive.txt should be closed before launching the editor.

Code Block
bgColor#ccccff
ILEFILE* f;
char *editor;

f = fopen("Sensitive.txt", "r");
if (fd == NULL) {
  /* Handle fopen() error */
}
/* ... */
fclose(f);
editor = getenv("EDITOR");
if (editor == NULL) {
  /* Handle getenv() error */
}

There are multiple security issues in this example. Complying with recommendations, such as STR02-A and FIO02-A can mitigate attack vectors used to exploit this vulnerability. However, following these recommendations will not correct the underlying issue addressed by this rule, the file descriptor leak.

Risk Assessment

Failing to properly close files may allow unintended access to, or exhaustion of, system resources.

...

Wiki Markup
\[[Dowd 06|AA. C References#Dowd 06]\] Chapter 10, "UNIX Processes" (File Descriptor Leaks 582-587)
\[[CWE 403|http://cwe.mitre.org/data/definitions/403.html]\] UNIX file descriptor leaks
\[Inheritance|http://msdn2.microsoft.com/en-us/library/ms683463.aspx]\]