The C standard specifies specific strings to use for the mode
for the function fopen()
. An implementation may define extra strings that define additional modes, but only the modes in the following table (adapted from the C99 standard) are fully portable and C99 compliant:
|
Result |
---|---|
r |
open text file for reading |
w |
truncate to zero length or create text file for writing |
a |
append; open or create text file for writing at end-of-file |
rb |
open binary file for reading |
wb |
truncate to zero length or create binary file for writing |
ab |
append; open or create binary file for writing at end-of-file |
r+ |
open text file for update (reading and writing) |
w+ |
truncate to zero length or create text file for update |
a+ |
append; open or create text file for update, writing at end-of-file |
r+b or rb+ |
open binary file for update (reading and writing) |
w+b or wb+ |
truncate to zero length or create binary file for update |
a+b or ab+ |
append; open or create binary file for update, writing at end-of-file |
Risk Assessment
Using a non-standard mode will lead to undefined behavior, likely causing the call to fopen()
to fail.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
FIO11-A |
1 (low) |
2 (probable) |
3 (low) |
P6 |
L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[ISO/IEC 9899-1999]] Section 7.9.15.3, "The fopen
function"