SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 57

changes.mady.by.user Jill Britton

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

Code Block
bgColor#ffcccc
langc
#include <stdio.h>

void open_some_file(const char *file) {
  FILE *f = fopen(file, "r");
  if (NULL != f) {
    /* File exists, handle error */
  } else {
    if (fclose(f) == EOF) {
      /* Handle error */
    }
    f = fopen(file, "w");
    if (NULL == f) {
      /* Handle error */
    }
 
    /* Write to file */
    if (fclose(f) == EOF) {
      /* Handle error */
    }
  }
}

...

TOCTOU race conditions can result in unexpected behavior, including privilege escalation.

Rule

Severity

Likelihood

Detectable

Remediation Cost

Repairable

Priority

Level

FIO45-C

High

Probable

No

NoHigh

P6

L2

Automated Detection

C4851 C4852, C4853C++4851, C++4852, C++4853 fully

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
IO.RACEFile system race condition
Coverity
Include Page
Coverity_V
Coverity_V

TOCTOU

Implemented
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

premium-cert-fio45-c
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF4851,

DF4852, DF4853


Klocwork
Include Page
Klocwork_V
Klocwork_V
SV.TOCTOU.FILE_ACCESS
LDRA tool suite
Include Page
LDRA_V
LDRA_V
75 DPartially implemented
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-FIO45-a

Avoid race conditions while accessing files

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule FIO45-C

Checks for file access between time of check and use (rule

partially covered)

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...