...
Noncompliant Code Example (Reopen)
The following This noncompliant code example opens a file for writing, closes it, opens the same named file for reading, and then closes it again. The logic relies solely on the file name to identify the file.
...
A simpler solution is to not reopen the file. In this code example, the file is opened once for both writing and reading. Once writing is complete, the fseek() function resets the file pointer to the beginning of the file, and its contents are read back. (See void FIO07-C. Prefer fseek() to rewind().)
Because the file is not reopened, the possibility of an attacker tampering with the file between the writes and subsequent reads is eliminated.
...
Many file-related vulnerabilities are exploited to cause a program to access an unintended file. Proper file identification is necessary to prevent exploitation.
Recommendation | Severity | Likelihood |
|---|
Detectable | Repairable | Priority | Level |
|---|---|---|---|
FIO05-C | Medium | Probable | No |
No |
P4 |
L3 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
| Compass/ROSE |
Could report possible violations of this rule merely by reporting any | |||||||||
| LDRA tool suite |
| 44 S | Enhanced Enforcement |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ |
| Coding Standard | VOID FIO05-CPP. Identify files using multiple file attributes |
| ISO/IEC TR 24772:2013 | Path Traversal [EWR] |
| MITRE CWE | CWE-37, Path issue—Slash absolute path CWE-38, Path Issue—Backslash absolute path CWE-39, Path Issue—Drive letter or Windows volume CWE-62, UNIX hard link CWE-64, Windows shortcut following (.LNK) CWE-65, Windows hard link |
Bibliography
| [Drepper 2006] | Section 2.2.1 "Identification when Opening" |
| [ |
| IEEE Std 1003.1:2013] | System Interfaces: openSystem Interfaces: fstat |
open Function""The
fstat Function"| [Seacord 2013] | Chapter 8, "File I/O" |
...
...