...
Failing to properly close files may allow an attacker to exhaust system resources and can increase the risk that data written into in-memory file buffers will not be flushed in the event of abnormal program termination.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
FIO42-C | Medium | Unlikely | Medium | P4 | L3 |
Automated Detection
This rule is stricter than rule [fileclose] in ISO/IEC TS 17961:2013. Analyzers that conform to the technical standard may not detect all violations of this rule.
Tool | Version | Checker | Description | ||||
---|---|---|---|---|---|---|---|
Astrée |
|
Supported, but no explicit checker | |||||||||
CodeSonar |
| ALLOC.LEAK | Leak | ||||||
Compass/ROSE |
Coverity |
| RESOURCE_LEAK (partial) | Partially implemented | ||||||
Klocwork |
|
LDRA tool suite |
| 49 D | Partially implemented | ||||||
Parasoft C/C++test |
|
|
| BD-RES-LEAKS |
Implemented | ||||||||
Polyspace Bug Finder | R2016a | Resource leak | File stream not closed before | |||||
SonarQube C/C++ Plugin |
| S2095 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
---|---|---|
CERT C | FIO51-CPP. Close files when they are no longer needed | Prior to 2018-01-12: CERT: Unspecified Relationship |
CERT Oracle Secure Coding Standard for Java | FIO04-J. Release resources when they are no longer needed | Prior to 2018-01-12: CERT: Unspecified Relationship |
ISO/IEC TS 17961:2013 | Failing to close files or free dynamic memory when they are no longer needed [fileclose] | Prior to 2018-01-12: CERT: Unspecified Relationship |
CWE 2.11 | CWE-404, Improper Resource Shutdown or Release | 2017-07-06: CERT: Rule subset of CWE |
CWE 2.11 | CWE-459 | 2017-07-06: CERT: Rule subset of CWE |
CWE 2.11 | CWE-772 | 2017-07-06: CERT: Rule subset of CWE |
CWE 2.11 | CWE-773 | 2017-07-06: CERT: Rule subset of CWE |
CWE 2.11 | CWE-775 | 2017-07-06: CERT: Rule subset of CWE |
CERT-CWE Mapping Notes
Key here for mapping notes
...
- Failure to free resources besides files or memory chunks, such as mutexes)
Bibliography
[IEEE Std 1003.1:2013] | XSH, System Interfaces, open |
...
...