...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h>
#include <fcntl.h>
int func(const char *filename) {
int fd = open(filename, O_RDONLY, S_IRUSR);
if (-1 == fd) {
return -1;
}
/* ... */
return 0;
} |
Compliant Solution (POSIX)
...
Failing to properly close files may allow an attacker to exhaust system resources and can increase the risk that data written into in-memory file buffers will not be flushed in the event of abnormal program termination.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
FIO42-C | Medium | Unlikely | No | NoMedium | P4P2 | L3 |
Automated Detection
This rule is stricter than rule [fileclose] in ISO/IEC TS 17961:2013. Analyzers that conform to the technical standard may not detect all violations of this rule.
Tool | Version | Checker | Description | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| Supported, but no explicit checker | ||||||||||||||||
| CodeSonar |
| ALLOC.LEAK | Leak | |||||||||||||||
| Compass/ROSE | ||||||||||||||||||
| Coverity |
| RESOURCE_LEAK (partial) | Partially implemented | |||||||||||||||
| Cppcheck |
| resourceLeak | ||||||||||||||||
| Cppcheck Premium |
| resourceLeak | ||||||||||||||||
| Helix QAC |
| DF2701, DF2702, DF2703 | ||||||||||||||||
| Klocwork |
| RH.LEAK | ||||||||||||||||
| LDRA tool suite |
| 49 D | Partially implemented | |||||||||||||||
| Parasoft C/C++test |
| CERT_C-FIO42-a | Ensure resources are freed | |||||||||||||||
| PC-lint Plus |
| 429 | Partially supported | |||||||||||||||
| Polyspace Bug Finder |
| CERT C: Rule FIO42-C | Checks for resource leak (rule partially covered) | PRQA QA-C|||||||||||||||
| Security Reviewer - Static Reviewer |
| PRQA QA-C_v | PRQA QA-C_v | 2701, 2702, 2703 | PRQA QA-C++ | |||||||||||||
| Include Page | cplusplus:PRQA QA-C++_V |
| C80 | Fully implemented | cplusplus:PRQA QA-C++_V | 2701, 2702, 2703|||||||||||||
| SonarQube C/C++ Plugin |
| S2095 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CERT C | FIO51-CPP. Close files when they are no longer needed | Prior to 2018-01-12: CERT: Unspecified Relationship |
| CERT Oracle Secure Coding Standard for Java | FIO04-J. Release resources when they are no longer needed | Prior to 2018-01-12: CERT: Unspecified Relationship |
| ISO/IEC TS 17961:2013 | Failing to close files or free dynamic memory when they are no longer needed [fileclose] | Prior to 2018-01-12: CERT: Unspecified Relationship |
| CWE 2.11 | CWE-404, Improper Resource Shutdown or Release | 2017-07-06: CERT: Rule subset of CWE |
| CWE 2.11 | CWE-459 | 2017-07-06: CERT: Rule subset of CWE |
| CWE 2.11 | CWE-772 | 2017-07-06: CERT: Rule subset of CWE |
| CWE 2.11 | CWE-773 | 2017-07-06: CERT: Rule subset of CWE |
| CWE 2.11 | CWE-775 | 2017-07-06: CERT: Rule subset of CWE |
| CWE 2.11 | CWE-403 | 2017-10-30:MITRE:Unspecified Relationship 2018-10-18:CERT:Partial overlap |
CERT-CWE Mapping Notes
Key here for mapping notes
...
- Failure to free resources besides files or memory chunks, such as mutexes)
CWE-403 and FIO42-C
CWE-403 - FIO42-C = list, where list =
A process opens and closes a sensitive file descriptor, but also executes a child process while the file descriptor is open.
FIO42-C - CWE-403 = SPECIAL_CASES, where SPECIAL_CASES =
A program opens a file descriptor and fails to close it, but does not invoke any child processes while the file descriptor is open.
...