SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 85

changes.mady.by.user Joseph C. Sible

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If not properly performed, checking for the existence of symbolic links can lead to race conditions.

This rule is a specific instance of rule FIO45-C. Avoid TOCTOU race conditions while accessing files.

...

This compliant solution eliminates the race condition by using O_NOFOLLOW to cause open() to fail if passed a symbolic link, avoiding the TOCTOU by not having a separate "check" and "use":

Code Block
bgColor#ccccff
langlanguagecppc
char *filename = /* file name */;
char *userbuf = /* user data */;
unsigned int userlen = /* length of userbuf string */;

int fd = open(filename, O_RDWR|O_NOFOLLOW);
if (fd == -1) {
  /* Handle error */
}
if (write(fd, userbuf, userlen) < userlen) {
  /* Handle error */
}

...

TOCTOU race condition vulnerabilities can be exploited to gain elevated privileges.

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

POS35-C

High

highLikely

likelyNo

mediumNo

P18P9

L1L2

CERT_C-POS35-aUsage of functions prone to race is not allowed

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
user_definedSoundly supported
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-POS35
Compass/ROSE



Can detect some violations of this rule. In particular, it ensures that calls to open() that are preceded by a call to lstat() are also followed by a call to fstat().

Coverity
Include Page
Coverity_V
Coverity_V

TOCTOU

Implemented
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF4886, DF4887, DF4888


Klocwork
Include Page
Klocwork_V
Klocwork_V

SV.TOCTOU.FILE_ACCESS
CERT.STR.ASSIGN.CONST_TO_NONCONST


Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-POS35-b

Avoid race conditions while checking for the existence of a symbolic link

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule POS35-C

Checks for file access between time of check and use (TOCTOU) (rule fully covered)

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

[Dowd 2006]Chapter 9, "UNIX 1: Privileges and Files"
[ISO/IEC 9899:20112024]Section 7.2123, "Input/output <stdio.h>"
[Open Group 2004]lstat()
fstat()
open()
[Seacord 2013]Chapter 8, "File I/O"

...