A call to the fopen()
or freopen()
function must be matched with a call to fclose()
before the lifetime of the last pointer object that stores the return value of the call has ended.
The behavior of a program is undefined when it uses the value of a pointer to a FILE
object after the associated file is closed (see undefined behavior 148.) Programs that close the standard streams (especially stdout
but also stderr
and stdin
) must be careful not to use the stream objects in subsequent function calls, particularly those that implicitly operate on such objects (such as printf()
, perror()
, and getc()
).
Noncompliant Code Example
This code example is noncompliant because the resource allocated by the call to fopen()
is not closed before function open_secure_data_file()
returns.
#include <stdio.h> int open_secure_data_file(void) { const char *filename = "secure.dat"; FILE *f = fopen(filename, "r"); if (f == NULL) { return -1; } /* ... */ return 0; }
Compliant Solution
In this compliant solution, file_name
is closed before launching the editor:
#include <stdio.h> int open_secure_data_file(void) { const char *filename = "secure.dat"; FILE *f = fopen(filename, "r"); if (f == NULL) { return -1; } /* ... */ if (fclose(f) == 0) { return -1; } return 0; }
Noncompliant Code Example (POSIX)
This code example is noncompliant because the resource allocated by the call to fopen()
is not closed before function open_secure_data_file()
returns.
#include <stdio.h> int open_secure_data_file(void) { const char *filename = "secure.dat"; int fd = open( filename, O_WRONLY | O_CREAT, S_IRUSR ); if (fd == -1){ return -1 } /* ... */ return 0; }
Compliant Solution (POSIX)
In this compliant solution, file_name
is closed before launching the editor:
#include <stdio.h> int open_secure_data_file(void) { const char *filename = "secure.dat"; int fd = open( filename, O_WRONLY | O_CREAT, S_IRUSR ); if (fd == -1){ return -1 } /* ... */ if (close(f) == 0) { return -1; } return 0; }
Risk Assessment
Failing to properly close files may allow an attacker to exhaust system resources and increases the risk that data written into in-memory file buffers will not be flushed in the event of abnormal program termination. .
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
FIO42-C | Medium | Unlikely | Medium | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description |
---|---|---|---|
5.0 | Can detect violations of this rule with CERT C Rule Pack | ||
2024.1 | RH.LEAK | ||
9.7.1 | 49 D | Fully implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard | FIO42-CPP. Ensure files are properly closed when they are no longer needed |
CERT Oracle Secure Coding Standard for Java | FIO04-J. Release resources when they are no longer needed |
ISO/IEC TS 17961 | Failing to close files or free dynamic memory when they are no longer needed [fileclose] |
MITRE CWE | CWE-404, Improper resource shutdown or release |
Bibliography
[IEEE Std 1003.1:2013] | XSH, System Interfaces, open |