...
- Leading dashes - Leading dashes can cause problems when programs are called with the file name as a parameter because the first character or characters of the file name might be interpreted as an option switch.
- Control characters such as newlines, carriage returns, and escape - Control characters in a file name can cause unexpected results from shell scripts and in logging.
- Spaces - Spaces can cause problems with scripts and when double quotes aren't used to surround the file name.
- Invalid character encodings - Character encodings can be a huge issue (see MSC10-C. Character Encoding - UTF8 Related Issues).
- Any characters other than letters, numbers, and punctuation designated above here as portable - Other special characters are included in this recommendation because they are commonly used as separators and having them in a file name can cause unexpected and potentially insecure behavior.
...
| Wiki Markup |
|---|
As a result of the influence of MS-DOS, file names of the form {{xxxxxxxx.xxx}}, where x denotes an alphanumeric character, are generally supported by modern systems. InOn some casesplatforms, file names are case sensitive, while inon other casesplatforms they are case insensitive. VU#439395 is an example of a vulnerability resulting from a failure to deal appropriately with case sensitivity issues \[[VU#439395|AA. C References#VU439395]\]. |
...
Use a descriptive file name, containing only the subset of ASCII previously described above.
| Code Block | ||
|---|---|---|
| ||
#include <fcntl.h>
#include <sys/stat.h>
int main(void) {
char *file_name = "name.ext";
mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
int fd = open(file_name, O_CREAT | O_EXCL | O_WRONLY, mode);
if (fd == -1) {
/* Handle Error */
}
}
|
...