Missing error check on read() susceptible to file descriptor exhaustion

c.resource_availability.random_fd_exhaustion

Severity

low

Resource

Resource Availability

Language

C / C++

Description

Call to 'read()' without error checking is susceptible to file descriptor exhaustion. Consider using the 'getrandom()' function.

Rationale

Call to 'read()' without error checking is susceptible to file descriptor exhaustion. Consider using the 'getrandom()' function.

The following code illustrates a vulnerable pattern detected by this rule:

    int fd;
    char buf[16];

    // VULNERABLE: Missing error check on read() susceptible to file descriptor exhaustion
    fd = open("/dev/urandom", 0);
    memset(buf, 0, sizeof(buf));
    read(fd, buf, sizeof(buf));

    return 0;
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-774
https://lwn.net/Articles/606141/
CERTC-FIO42-C