...
| Code Block | ||||
|---|---|---|---|---|
| ||||
/* Verify argv[1] is supplied */
if (!verify_file(argv[1])) {
/* Handle error */
}
if (fopen(argv[1], "w") == NULL) {
/* Handle error */
}
/* ... */
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
char *realpath_res = NULL;
/* Verify argv[1] is supplied */
realpath_res = realpath(argv[1], NULL);
if (realpath_res == NULL) {
/* Handle error */
}
if (!verify_file(realpath_res)) {
/* Handle error */
}
if (fopen(realpath_res, "w") == NULL) {
/* Handle error */
}
/* ... */
free(realpath_res);
realpath_res = NULL;
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
char *realpath_res = NULL;
char *canonical_file name = NULL;
size_t path_size = 0;
/* Verify argv[1] is supplied */
path_size = (size_t)PATH_MAX;
if (path_size > 0) {
canonical_filename = malloc(path_size);
if (canonical_filename == NULL) {
/* Handle error */
}
realpath_res = realpath(argv[1], canonical_filename);
}
if (realpath_res == NULL) {
/* Handle error */
}
if (!verify_file(realpath_res)) {
/* Handle error */
}
if (fopen(realpath_res, "w") == NULL ) {
/* Handle error */
}
/* ... */
free(canonical_filename);
canonical_filename = NULL;
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
char *realpath_res = NULL;
char *canonical_filename = NULL;
size_t path_size = 0;
long pc_result;
/* Verify argv[1] is supplied */
errno = 0;
/* Query for PATH_MAX */
pc_result = pathconf(argv[1], _PC_PATH_MAX);
if ( (pc_result == -1) && (errno != 0) ) {
/* Handle error */
} else if (pc_result == -1) {
/* Handle error */
} else if (pc_result <= 0) {
/* Handle error */
}
path_size = (size_t)pc_result;
if (path_size > 0) {
canonical_filename = malloc(path_size);
if (canonical_filename == NULL) {
/* Handle error */
}
realpath_res = realpath(argv[1], canonical_filename);
}
if (realpath_res == NULL) {
/* Handle error */
}
if (!verify_file(realpath_res)) {
/* Handle error */
}
if (fopen(realpath_res, "w") == NULL) {
/* Handle error */
}
/* ... */
free(canonical_filename);
canonical_filename = NULL;
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
/* ... */
enum { INITBUFSIZE = 256 };
DWORD ret = 0;
DWORD new_ret = 0;
char *canonical_filename;
char *new_file;
char *file_name;
/* ... */
file_name = (char *)malloc(strlen(argv[1])+1);
canonical_filename = (char *)malloc(INITBUFSIZE);
if ( (file_name != NULL) && (canonical_filename != NULL) ) {
strcpy(file_name, argv[1]);
strcpy(canonical_filename, "");
} else {
/* Handle error */
}
ret = GetFullPathName(
file_name,
INITBUFSIZE,
canonical_filename,
NULL
);
if (ret == 0) {
/* Handle error */
}
else if (ret > INITBUFSIZE) {
new_file = (char *)realloc(canonical_filename, ret);
if (new_file == NULL) {
/* Handle error */
}
canonical_filename = new_file;
new_ret = GetFullPathName(
file_name,
ret,
canonical_filename,
NULL
);
if (new_ret > ret) {
/*
* The length of the path changed between calls
* to GetFullPathName(); handle error.
*/
}
else if (new_ret == 0) {
/* Handle error */
}
}
if (!verify_file(canonical_filename)) {
/* Handle error */
}
/* Verify file name before using */
|
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| IO.TAINT.FNAME | Tainted Filename | ||||||
| Compass/ROSE | Could catch violations of this rule by enforcing that any call to | ||||||||
| Helix QAC |
| C5047 | |||||||
| Klocwork |
| SV.DLLPRELOAD.NONABSOLUTE.DLL | |||||||
| LDRA tool suite |
| 85 D | Partially implemented | ||||||
| Polyspace Bug Finder |
| CERT C: Rec. FIO02-C | Checks for vulnerable path manipulation (rule fully covered) |
Related Vulnerabilities
CVE-2009-1760 results from a violation of this recommendation. Until version 0.4.13, libtorrent attempts to rule out unsafe file paths by checking only against the ".." string. An attacker can exploit this to access any file on the system by using more complex relative paths [xorl 2009].
...