...
| Code Block | ||
|---|---|---|
| ||
int opener(FILE* file, int *width, int *height, int *data_offset) {
int file_w;
int file_h;
int file_o;
int offset = 0;
if (file == NULL) { return -1; }
if (fscanf(file, "%i %i %i", &file_w, &file_h, &file_o) != 3) { return -1; }
if (fsetpos(file, &offset) != 0) { return -1; }
*width = file_w;
*height = file_h;
*data_offset = file_o;
return 0;
}
|
Compliant Solution
In this compliant solution, the opener() function returns a value of type errno_t providing a clear indication that this returns a values that might be found in errno.
| Code Block | ||
|---|---|---|
| ||
errno_t opener(FILE* file, int *width, int *height, int *data_offset) {
int file_w;
int file_h;
int file_o;
int rc;
fpos_t offset;
if (file == NULL) { return EINVAL; }
rc = fgetpos(file, &offset);
if (rc != 0) { return (errno_t)rc; }
if (fscanf(file, "%i %i %i", &file_w, &file_h, &file_o) != 3) { return EIO; }
rc = fsetpos(file, &offset);
if (rc != 0) { return -1; }
*width = file_w;
*height = file_h;
*data_offset = file_o;
return 0;
}
|
Risk Assessment
The misuse of fsetpos() could move a file stream read to a undesired location in the file. If this location held input from user the user would then gain control of the variables being read from the file.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL08-A | 1 (low) | 1 (low) | 2 (medium) | P2 | L3 |
References
| Wiki Markup |
|---|
\[[ISO/IEC TR 24731-2006|AA. C References#ISO/IEC TR 24731-2006]\] \[[ISO/IEC 9899-1999:TC2|AA. C References#ISO/IEC 9899-1999TC2]\] Section 6.7.5.3, "Function declarators (including prototypes)" |