...
Non-Compliant Code Example
The POSIX fopen() is defined as a variadic function. Using the POSIX function open() to create a file but failing to provide the access permissions argument results in an unexpected value being used. This omission has been known to lead to vulnerabilities (for instance, CVE-2006-1174).
| Code Block | ||
|---|---|---|
| ||
/* ... */
int fd = open(file_name, O_CREAT | O_WRONLY); /* access permissions are missing */
if (fd == -1){
/* Handle Error */
}
/* ... */
|