File opened with O_CREAT flag but without mode argument¶
ID: cpp/open-call-with-mode-argumentKind: problemSecurity severity: 7.8Severity: errorPrecision: highTags: - security - external/cwe/cwe-732Query suites: - cpp-code-scanning.qls - cpp-security-extended.qls - cpp-security-and-quality.qls
Click to see the query in the CodeQL repository
When opening a file with theO_CREAT orO_TMPFILE flag, themode must be supplied. If themode argument is omitted, some arbitrary bytes from the stack will be used as the file mode. This leaks some bits from the stack into the permissions of the file.
Recommendation¶
Themode must be supplied whenO_CREAT orO_TMPFILE is specified.
Example¶
The first example opens a file with theO_CREAT flag without supplying themode argument. In this case arbitrary bytes from the stack will be used asmode argument. The second example correctly supplies themode argument and creates a file that is user readable and writable.
intopen_file_bad(){// BAD - this uses arbitrary bytes from the stack as mode argumentreturnopen(FILE,O_CREAT)}intopen_file_good(){// GOOD - the mode argument is suppliedreturnopen(FILE,O_CREAT,S_IRUSR|S_IWUSR)}