...
This code contains a TOCTOU race condition between the call to lstat() and the subsequent call to open() because both functions operate on a file name that can be manipulated asynchronously to the execution of the program (see FIO01-AC. Be careful using functions that use file names for identification).
Compliant Solution
This compliant solution eliminates the race condition by
...