Kingdom: Code Quality
Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.
Undefined Behavior: File Pointer Dereference
Abstract
The application uses an assignment that dereferences a system FILE object.
Explanation
Depending on the specific C compiler in use, the address of a system FILE object might be significant to the use of the FILE object as a stream. Using a copy of the FILE object without the associated address can lead to undefined behavior resulting in potential system information leakage, a system crash, or the ability for a malicious actor to read or edit files at their discretion.
Example 1: The following code shows a system FILE object that is dereferenced and copied by value.
Because
Example 1: The following code shows a system FILE object that is dereferenced and copied by value.
FILE *sysfile = fopen(test.file, "w+");
FILE insecureFile = *sysfile;
Because
sysfile is dereferenced in the assignment of insecureFile, use of insecureFile can result in a wide variety of problems.References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 706
[2] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2012 Rule 22.5
desc.structural.cpp.undefined_behavior_file_pointer_dereference