According to C11the C Standard, Section 7.21.3, para. 6 [ISO/IEC 9899:2011],
The address of the
FILE
object used to control a stream may be significant; a copy of aFILE
object need not serve in place of the original.
Consequently, do not use a copy of a FILE
object in any input/output operations.
Noncompliant Code Example
This noncompliant code example can fail because a copy of stdout
is being used in the call to fputs()
.
Code Block | ||||
---|---|---|---|---|
| ||||
int main(void) {
FILE my_stdout = *(stdout); /* violation */
if (fputs("Hello, World!\n", &my_stdout) == EOF) {
/* Handle error */
}
return 0;
}
|
For example, this noncompliant example fails with an "access violation" when compiled under Microsoft Visual Studio 2005 and run under Windows.
Compliant Solution
In this compliant solution, a copy of the pointer to the FILE
object is used in the call to fputs()
.
Code Block | ||||
---|---|---|---|---|
| ||||
int main(void) { FILE *my_stdout = stdout; if (fputs("Hello, World!\n", my_stdout) == EOF) { /* Handle error */ } return 0; } |
Risk Assessment
Using a copy of a FILE
object in place of the original may result in a crash, which can be used in a denial-of-service attack.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
FIO38-C | low | probable | medium | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Compass/ROSE | Can detect simple violations of this rule. | ||||||||
| 591 S | Fully implemented. |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: FIO38-CPP. Do not use a copy of a FILE object for input and output
...
ISO/IEC TR 17961 (Draft) Copying a FILE object [filecpy]
Bibliography
...