CodeQL documentation

File opened with O_CREAT flag but without mode argument

ID: cpp/open-call-with-mode-argument
Kind: problem
Security severity: 7.8
Severity: error
Precision: high
Tags:
   - security
   - external/cwe/cwe-732
Query suites:
   - cpp-code-scanning.qls
   - cpp-security-extended.qls
   - cpp-security-and-quality.qls

Click to see the query in the CodeQL repository

When opening a file with the O_CREAT or O_TMPFILE flag, the mode must be supplied. If the mode argument is omitted, some arbitrary bytes from the stack will be used as the file mode. This leaks some bits from the stack into the permissions of the file.

Recommendation

The mode must be supplied when O_CREAT or O_TMPFILE is specified.

Example

The first example opens a file with the O_CREAT flag without supplying the mode argument. In this case arbitrary bytes from the stack will be used as mode argument. The second example correctly supplies the mode argument and creates a file that is user readable and writable.

int open_file_bad() {
	// BAD - this uses arbitrary bytes from the stack as mode argument
        return open(FILE, O_CREAT)
}

int open_file_good() {
	// GOOD - the mode argument is supplied
        return open(FILE, O_CREAT, S_IRUSR | S_IWUSR)
}
  • © GitHub, Inc.
  • Terms
  • Privacy