CWE Rule 377
Description
Rule Description
Creating and using insecure temporary files can leave application and system data vulnerable to attack.
Polyspace Implementation
The rule checker checks for Use of non-secure temporary file.
Examples
This issue occurs when you use temporary file routines that are not secure.
If an attacker guesses the file name generated by a standard temporary file routine, the attacker can:
Cause a race condition when you generate the file name.
Precreate a file of the same name, filled with malicious content. If your program reads the file, the attacker’s file can inject the malicious code.
Create a symbolic link to a file storing sensitive data. When your program writes to the temporary file, the sensitive data is deleted.
To create temporary files, use a more secure
standard temporary file routine, such as mkstemp
from
POSIX.1-2001.
Also, when creating temporary files with routines that allow
flags, such as mkostemp
, use the exclusion flag O_EXCL
to
avoid race conditions.
#define _BSD_SOURCE
#define _XOPEN_SOURCE
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
int test_temp()
{
char tpl[] = "abcXXXXXX";
char suff_tpl[] = "abcXXXXXXsuff";
char *filename = NULL;
int fd;
filename = tempnam("/var/tmp", "foo_");
if (filename != NULL)
{
printf("generated tmp name (%s) in (%s:%s:%s)\n",
filename, getenv("TMPDIR") ? getenv("TMPDIR") : "$TMPDIR",
"/var/tmp", P_tmpdir);
fd = open(filename, O_CREAT, S_IRWXU|S_IRUSR); //Noncompliant
if (fd != -1)
{
close(fd);
unlink(filename);
return 1;
}
}
return 0;
}
In this example, Bug Finder flags open
because
it tries to use an unsecure temporary file. The file is opened without
exclusive privileges. An attacker can access the file causing various risks.
O_EXCL
FlagOne possible correction is to add the O_EXCL
flag
when you open the temporary file.
#define _BSD_SOURCE
#define _XOPEN_SOURCE
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
int test_temp()
{
char tpl[] = "abcXXXXXX";
char suff_tpl[] = "abcXXXXXXsuff";
char *filename = NULL;
int fd;
filename = tempnam("/var/tmp", "foo_");
if (filename != NULL)
{
printf("generated tmp name (%s) in (%s:%s:%s)\n",
filename, getenv("TMPDIR") ? getenv("TMPDIR") : "$TMPDIR",
"/var/tmp", P_tmpdir);
fd = open(filename, O_CREAT|O_EXCL, S_IRWXU|S_IRUSR);
if (fd != -1)
{
close(fd);
unlink(filename);
return 1;
}
}
return 0;
}
Check Information
Category: Others |
Version History
Introduced in R2024a
See Also
External Websites
MATLAB Command
You clicked a link that corresponds to this MATLAB command:
Run the command by entering it in the MATLAB Command Window. Web browsers do not support MATLAB commands.
Sélectionner un site web
Choisissez un site web pour accéder au contenu traduit dans votre langue (lorsqu'il est disponible) et voir les événements et les offres locales. D’après votre position, nous vous recommandons de sélectionner la région suivante : .
Vous pouvez également sélectionner un site web dans la liste suivante :
Comment optimiser les performances du site
Pour optimiser les performances du site, sélectionnez la région Chine (en chinois ou en anglais). Les sites de MathWorks pour les autres pays ne sont pas optimisés pour les visites provenant de votre région.
Amériques
- América Latina (Español)
- Canada (English)
- United States (English)
Europe
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)