You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 40 Next »

According to C99, Section 7.19.3 p6:

The address of the FILE object used to control a stream may be significant; a copy of a FILE object need not serve in place of the original.

Consequently, do not use a copy of a FILE object in any input/output operations.

Noncompliant Code Example

This noncompliant code example can fail because a copy of stdout is being used in the call to fputs().

int main(void) {
  FILE my_stdout = *(stdout);
  if (fputs("Hello, World!\n", &my_stdout) == EOF) {
    /* Handle error */
  }
  return 0;
}

For example, this noncompliant example fails with an "access violation" when compiled under Microsoft Visual Studio 2005 and run under Windows.

Compliant Solution

In this compliant solution, a copy of the pointer to the FILE object is used in the call to fputs().

int main(void) {
  FILE *my_stdout = stdout;
  if (fputs("Hello, World!\n", my_stdout) == EOF) {
    /* Handle error */
  }
  return 0;
}

Risk Assessment

Using a copy of a FILE object in place of the original may result in a crash, which can be used in a denial-of-service attack.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO38-C

low

probable

medium

P4

L3

Automated Detection

Compass/ROSE can detect simple violations of this rule.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C++ Secure Coding Standard as FIO38-CPP. Do not use a copy of a FILE object for input and output.

Bibliography

[ISO/IEC 9899:1999] Section 7.19.3, "Files"


FIO37-C. Do not assume that fgets() returns a nonempty string when successful      09. Input Output (FIO)      

  • No labels