ID: cpp/open-call-with-mode-argument Kind: problem Security severity: 7.8 Severity: error Precision: high Tags: - security - external/cwe/cwe-732 Query suites: - cpp-code-scanning.qls - cpp-security-extended.qls - cpp-security-and-quality.qls
Click to see the query in the CodeQL repository
When opening a file with the O_CREAT or O_TMPFILE flag, the mode must be supplied. If the mode argument is omitted, some arbitrary bytes from the stack will be used as the file mode. This leaks some bits from the stack into the permissions of the file.
Recommendation¶
The mode must be supplied when O_CREAT or O_TMPFILE is specified.
Example¶
The first example opens a file with the O_CREAT flag without supplying the mode argument. In this case arbitrary bytes from the stack will be used as mode argument. The second example correctly supplies the mode argument and creates a file that is user readable and writable.
int open_file_bad() { // BAD - this uses arbitrary bytes from the stack as mode argument return open(FILE, O_CREAT) } int open_file_good() { // GOOD - the mode argument is supplied return open(FILE, O_CREAT, S_IRUSR | S_IWUSR) }