SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 71

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 72

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

Compliant Solution (Linux 2.1.126+, FreeBSD, Solaris 10, POSIX.1-2008 O_NOFOLLOW)

Wiki MarkupSome systems provide the O_NOFOLLOW flag to help mitigate this problem. The flag will be required by the forthcoming POSIX.1-2008 standard, and so will become more portable over time \[ [Austin Group 2008|AA. Bibliography#Austin Group 08]\]. If the flag is set and the supplied {{file_name}} is a symbolic link, then the open will fail.

Code Block
bgColor#ccccff
langc
char *file_name = /* something */;
char *userbuf = /* something */;
unsigned int userlen = /* length of userbuf string */;

int fd = open(file_name, O_RDWR | O_NOFOLLOW);
if (fd == -1) {
  /* handle error */
}
write(fd, userbuf, userlen);

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

POS01-C

medium

likely

high

P6

L2

Automated Detection

Tool

Version

Checker

Description

Section

Compass/ROSE

 

 

Section

could report possible violations of this rule by flagging calls to open() that do not have an O_NOFOLLOW flag, and that are not preceded with a call to lstat() and succeeded by a call to fstat

...

MITRE CWE: CWE-367, "Time-of-check Time-of-use (TOCTOU) Race Condition"

Bibliography

Wiki Markup\[[Austin Group 2008|AA. Bibliography#Austin Group 08]\] \[[Open Group 2004|AA. Bibliography#Open Group 04]\] [{{open()}}|http://www.opengroup.org/onlinepubs/009695399/functions/open.html] \[[Seacord 2005|AA. Bibliography#Seacord 05]\] Chapter 7, "File ]
[Open Group 2004] open()
[Seacord 2005] Chapter 7, "File I/O"

...

50. POSIX (POS)      50. POSIX (POS)