...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h>
#include <fcntl.h>
int func(const char *filename) {
int fd = open(filename, O_RDONLY, S_IRUSR);
if (-1 == fd) {
return -1;
}
/* ... */
return 0;
} |
Compliant Solution (POSIX)
...
Failing to properly close files may allow an attacker to exhaust system resources and can increase the risk that data written into in-memory file buffers will not be flushed in the event of abnormal program termination.
Rule | Severity | Likelihood | Detectable |
|---|
Repairable | Priority | Level |
|---|---|---|
FIO42-C | Medium | Unlikely |
No | No |
P2 | L3 |
Automated Detection
This rule is stricter than rule [fileclose] in ISO/IEC TS 17961:2013. Analyzers that conform to the technical standard may not detect all violations of this rule.
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| Supported, but no explicit checker | |||||||
| CodeSonar |
| ALLOC.LEAK | Leak | ||||||
| Compass/ROSE |
| Coverity |
| RESOURCE_LEAK (partial) | Partially implemented | ||||||
| Cppcheck |
| resourceLeak | |||||||
| Cppcheck Premium |
| resourceLeak | |||||||
| Helix QAC |
| DF2701, DF2702, DF2703 |
| Klocwork |
| RH.LEAK |
| LDRA tool suite |
| 49 D | Partially implemented | ||||||
| Parasoft C/C++test |
| CERT_C-FIO42-a | Ensure resources are freed | |||||||
| PC-lint Plus |
| 429 | Partially supported | ||||||
| Polyspace Bug Finder |
|
|
FILE pointer scope ends or pointer is reassigned
| CERT C: Rule FIO42-C | Checks for resource leak (rule partially covered) | |||||||
| Security Reviewer - Static Reviewer |
| C80 | Fully implemented | ||||||
| SonarQube C/C++ Plugin |
| S2095 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CERT C |
| FIO51-CPP. Close files when they are no longer needed | Prior to 2018-01-12: CERT: Unspecified Relationship | |
| CERT Oracle Secure Coding Standard for Java | FIO04-J. Release resources when they are no longer needed | Prior to 2018-01-12: CERT: Unspecified Relationship |
| ISO/IEC TS 17961:2013 | Failing to close files or free dynamic memory when they are no longer needed [fileclose] |
| Prior to 2018-01-12: CERT: Unspecified Relationship | ||
| CWE 2.11 | CWE-404, Improper Resource Shutdown or Release | 2017-07-06: CERT: Rule subset of CWE |
| CWE 2.11 | CWE-459 | 2017-07-06: CERT: Rule subset of CWE |
| CWE 2.11 | CWE-772 | 2017-07-06: CERT: Rule subset of CWE |
| CWE 2.11 | CWE-773 | 2017-07-06: CERT: Rule subset of CWE |
| CWE 2.11 | CWE-775 | 2017-07-06: CERT: Rule subset of CWE |
| CWE 2.11 | CWE-403 | 2017-10-30:MITRE:Unspecified Relationship 2018-10-18:CERT:Partial overlap |
CERT-CWE Mapping Notes
Key here for mapping notes
CWE-773/CWE-775 and FIO42-C
CWE-773 = CWE-775
CWE-773 = Union( FIO42-C, list) where list =
- Failure to free resource handles besides files
CWE-404/CWE-459/CWE-771/CWE-772 and FIO42-C/MEM31-C
Intersection( FIO42-C, MEM31-C) = Ø
CWE-404 = CWE-459 = CWE-771 = CWE-772
CWE-404 = Union( FIO42-C, MEM31-C list) where list =
- Failure to free resources besides files or memory chunks, such as mutexes)
CWE-403 and FIO42-C
CWE-403 - FIO42-C = list, where list =
A process opens and closes a sensitive file descriptor, but also executes a child process while the file descriptor is open.
FIO42-C - CWE-403 = SPECIAL_CASES, where SPECIAL_CASES =
A program opens a file descriptor and fails to close it, but does not invoke any child processes while the file descriptor is open.
Bibliography
| [IEEE Std 1003.1:2013] | XSH, System Interfaces, open |
...
...