SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 27

changes.mady.by.user Jeffrey Gennari

Saved on

compared with

New Version 28

changes.mady.by.user Jeffrey Gennari

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
In this non-compliant example inspired by a vulnerability in OpenBSD's {{chpass}} program \[[Openbsd 98|http://seclists.org/bugtraq/1998/Aug/0071.html]\], a file containing sensitive data is opened for reading. Before closing this file, the program retrieves the registered editor from the environment and executes it using the {{system()}} command.

Code Block
bgColor#FFcccc
FILE* f;
char *editor;

f = fopen("Sensitive.txt", "r");
if (fd == NULL) {
  /* Handle fopen() error */
}
/* ... */
editor = getenv("EDITOR");
if (editor == NULL) {
  /* Handle getenv() error */
}
system(editor);

If, the system() command is implemented in a way that spawns a child process to run the editor, then the child process inherits the file descriptors opened by the parent process. As a result, the editor will be able to access the contents of Sensitive.txt.

Compliant Solution

To correct this example, Sensitive.txt should be closed before launching the editor.

Code Block
bgColor#ccccff


ILE* f;
char *editor;

f = fopen("Sensitive.txt", "r");
if (fd == NULL) {
  /* Handle fopen() error */
}
/* ... */
fclose(f);
editor = getenv("EDITOR");
if (editor == NULL) {
  /* Handle getenv() error */
}

Risk Assessment

Failing to properly close files may allow unintended access to, or exhaustion of, system resources.

...