Calling a function with incorrect arguments can result in unexpected or unintended program behavior. Conventional functions that are appropriately declared \[[DCL07-A. Include the appropriate type information in function declarators]\] will fail compilation if they are supplied with the wrong number or types of arguments. However, there are cases where supplying the incorrect arguments to a function will only generate compiler warnings. These warnings should be resolved \[[MSC00-A. Compile cleanly at high warning levels]\], but do not prevent program compilation. |
The POSIX {{open()}} \[[Open Group 04|AA. C References#Open Group 04]\] is a variadic function with the following prototype: |
int open(const char *path, int oflag, ... ); |
The open() function accepts a third argument to determine a newly created file's access mode. If open() is used to create a new file and the third argument is omitted, the file may be created with unintended access permissions. This omission has been known to lead to vulnerabilities (for instance, CVE-2006-1174).
/* ... */
int fd = open(file_name, O_CREAT | O_WRONLY); /* access permissions are missing */
if (fd == -1){
/* Handle Error */
}
/* ... */
|