SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 112

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 113

changes.mady.by.user Alex Volkovitsky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
However, this code suffers from a _Time of Check, Time of Use_ (or _TOCTOU_) vulnerability (see \[[Seacord 0505a|AA. C References#Seacord 05]\] Section 7.2).  On a shared multitasking system there is a window of opportunity between the first call of {{fopen()}} and the second call for a malicious attacker to, for example, create a link with the given file name to an existing file so that the existing file is overwritten by the second call of {{fopen()}} and the subsequent writing to the file.

...

Wiki Markup
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.19.3, "Files," and Section 7.19.4, "Operations on Files"
\[[ISO/IEC TR 24731-1:2007|AA. C References#SO/IEC TR 24731-1-2007]\] Section 6.5.2.1, "The {{fopen_s}} function"
\[[Loosemore 07|AA. C References#Loosemore 07]\] [Section 12.3, "Opening Streams"|http://www.gnu.org/software/libc/manual/html_node/Opening-Streams.html]
\[[Open Group 04|AA. C References#Open Group 04]\]
\[[Seacord 0505a|AA. C References#Seacord 05]\] Chapter 7, "File I/O"

...