SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 147

changes.mady.by.user Alex Volkovitsky

Saved on

compared with

New Version 148

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki MarkupMany file-related security vulnerabilities result from a program accessing a file object different from the one intended. In C99 \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\], file names are bound to underlying file objects in name only. File names provide no information regarding the nature of the file object itself. Furthermore, the binding of a file name to a file object is reasserted every time the file name is used in an operation. File descriptors and {{FILE}} pointers are bound to underlying file objects by the operating system (see [FIO03-A. Do not make assumptions about fopen() and file creation]intended. File names are bound to underlying file objects in name only. File names provide no information regarding the nature of the file object itself. Furthermore, the binding of a file name to a file object is reasserted every time the file name is used in an operation. File descriptors and FILE pointers are bound to underlying file objects by the operating system (see FIO03-A. Do not make assumptions about fopen() and file creation).

Accessing files via file descriptors or FILE pointers rather than file names provides a greater level of certainty with regard to the object that is actually acted on. It is recommended that files be accessed through file descriptors or FILE pointers where possible.

...

Code Block
bgColor#FFCCCC
FILE *f_ptr = fopen(file_name, "w");
if (f_ptr == NULL)  {
  /* Handle Error */
}

/*... Process file ...*/

if (fclose(f_ptr) != 0) {
  /* Handle Error */
}

if (remove(file_name) != 0) {
  /* Handle Error */
}

...