...
| Code Block | ||||
|---|---|---|---|---|
| ||||
FILE *file;
char *file_name;
/* Initialize file_name */
file = fopen(file_name, "w+");
if (file == NULL) {
/* Handle error condition */
}
if (unlink(file_name) != 0) {
/* Handle error condition */
}
/* Continue performing I/O operations on file */
fclose(file);
|
Note that there is a race window between the fopen() call and the unlink() call, which could be exploited. This exploitation can be mitigated if the operations occur in a secure directory; see FIO45-C. Avoid TOCTOU race conditions while accessing files for more information.
Risk Assessment
Calling remove() on an open file has different implications for different implementations and may cause abnormal termination if the removed file is written to or read from, or it may result in unintended information disclosure from files not deleted as intended.
...