The address of the FILE
object used to control a stream may be significant; a copy of a FILE
object need not serve in place of the original. Consequently, do not use a copy of a FILE
object in any input/output operations.
Non-Compliant Code Example
This non-compliant code example can fail because a copy of stdout
is being used in the call to fputs()
.
int main(void) { FILE my_stdout = *(stdout); if (fputs("Hello, World!\n", &my_stdout) == EOF) { /* Handle Error */ } return 0; }
For example, this non-compliant example fails with an "access violation" when compiled under Microsoft Visual Studio 2005 and run under Windows.
Compliant Solution
In this compliant solution, a copy of the pointer to the FILE
object is used in the call to fputs()
.
int main(void) { FILE *my_stdout = stdout; if (fputs("Hello, World!\n", my_stdout) == EOF) { /* Handle Error */ } return 0; }
Risk Assessment
Using a copy of a FILE
object in place of the original may result in a crash, which can be used in a denial-of-service attack.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
FIO38-C |
low |
probable |
medium |
P4 |
L3 |
Automated Detection
Compass/ROSE can detect simple violations of this rule.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[ISO/IEC 9899:1999]] Section 7.19.3, "Files"
FIO37-C. Don't assume character data has been read 09. Input Output (FIO)