...
A simpler solution is to not reopen the file. In this code example, the file is opened once for both writing and reading. Once writing is complete, the fseek() function resets the file pointer to the beginning of the file, and its contents are read back. (See void FIO07-C. Prefer fseek() to rewind().)
Because the file is not reopened, the possibility of an attacker tampering with the file between the writes and subsequent reads is eliminated.
...
Related Guidelines
| CERT C++ Secure Coding Standard | FIO05-CPP. Identify files using multiple file attributes |
| ISO/IEC TR 24772:2013 | Path Traversal [EWR] |
| MITRE CWE | CWE-37, Path issue—Slash absolute path CWE-38, Path Issue—Backslash absolute path CWE-39, Path Issue—Drive letter or Windows volume CWE-62, UNIX hard link CWE-64, Windows shortcut following (.LNK) CWE-65, Windows hard link |
...
| [Drepper 2006] | Section 2.2.1 "Identification when Opening" |
| [IEEE Std 1003.1:2013] | System Interfaces: openSystem Interfaces: fstat |
| [Seacord 2013] | Chapter 8, "File I/O" |
...