The address of the FILE object used to control a stream may be significant; a copy of a FILE object need not serve in place of the original. Do not use a copy of a FILE object in any input/output operations.
Non-Compliant Code Example
This non-compliant code example can fail because a copy of stdout is being used in the call to fputs().
| Code Block | ||
|---|---|---|
| ||
#include <stdio.h>
int main(void) {
FILE my_stdout = *(stdout);
fputs("Hello, World!\n", &my_stdout);
return 0;
}
|
Platform Specific Details
This non-compliant example does fails with an "access violation" when compiled under Microsoft Visual Studio 2005 and run on an IA-32 platform.
Compliant Solution
In this compliant solution, a copy of the pointer to the FILE object is used in the call to fputs().
| Code Block | ||
|---|---|---|
| ||
#include <stdio.h>
int main(void) {
FILE *my_stdout = stdout;
fputs("Hello, World!\n", my_stdout);
return 0;
}
|
Risk Assessment
Using a copy of a FILE object in place of the original is likely to result in a crash which can be used in a denial-of-service attack.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FI038 FIO38-C | 1 (low) | 2 (probable) | 2 (medium) | P4 | L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.19.3, "Files" |