SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 133

changes.mady.by.user Melanie Thompson

Saved on

compared with

New Version 134

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this noncompliant code example, the file referenced by file_name is opened for writing. This example is noncompliant if the programmer's intent was to create a new file, but the referenced file already exists.

Code Block
bgColor#FFCCCC
langc
char *file_name;
FILE *fp;

/* initialize file_name */

fp = fopen(file_name, "w");
if (!fp) {
  /* Handle error */
}

...

Wiki Markup
The ISO/IEC TR 24731-1 {{fopen_s()}} function is designed to improve the security of the {{fopen()}} function \[[ISO/IEC TR 24731-1:2007|AA. Bibliography#SO/IEC TR 24731-1-2007]\]. However, like {{fopen()}}, {{fopen_s()}} provides no mechanism to determine if an existing file has been opened for writing or a new file has been created.

Code Block
bgColor#FFCCCC
langc
char *file_name;
FILE *fp;

/* initialize file_name */
errno_t res = fopen_s(&fp, file_name, "w");
if (res != 0) {
  /* Handle error */
}

...

Wiki Markup
The {{open()}} function, as defined in the Open Group Base Specifications Issue 6 \[[Open Group 2004|AA. Bibliography#Open Group 04]\], is available on many platforms and provides finer control than {{fopen()}}. In particular, {{open()}} accepts the {{O_CREAT}} and {{O_EXCL}} flags. When used together, these flags instruct the {{open()}} function to fail if the file specified by {{file_name}} already exists.

Code Block
bgColor#ccccff
langc
char *file_name;
int new_file_mode;

/* initialize file_name and new_file_mode */

int fd = open(file_name, O_CREAT | O_EXCL | O_WRONLY, new_file_mode);
if (fd == -1) {
  /* Handle error */
}

...

This compliant solution uses the x mode character to instruct fopen() to fail rather than open an existing functions.

Code Block
bgColor#ccccff
langc
char *file_name;

/* initialize file_name */

FILE *fp = fopen(file_name, "wx");
if (!fp) {
  /* Handle error */
}

...

Wiki Markup
For code that operates on {{FILE}} pointers and not file descriptors, the POSIX {{fdopen()}} function can be used to associate an open stream with the file descriptor returned by {{open()}}, as shown in this compliant solution \[[Open Group 2004|AA. Bibliography#Open Group 04]\].

Code Block
bgColor#ccccff
langc
char *file_name;
int new_file_mode;
FILE *fp;
int fd;

/* initialize file_name and new_file_mode */

fd = open(file_name, O_CREAT | O_EXCL | O_WRONLY, new_file_mode);
if (fd == -1) {
  /* Handle error */
}

fp = fdopen(fd, "w");
if (fp == NULL) {
  /* Handle error */
}

...