...
| Wiki Markup |
|---|
However, this code suffers from a _Time of Check, Time of Use_ (or _TOCTOU_) vulnerability (see \[[Seacord 05|AA. C++ References#Seacord 05]\] Section 7.2). On a shared multitasking system there is a window of opportunity between the first call of {{fopen()}} and the second call for a malicious attacker to, for example, create a link with the given filename to an existing file, so that the existing file is overwritten by the second call of {{fopen()}} and the subsequent writing to the file. |
Non-Compliant Code Example
...
2
The {{fopen_s()}} function defined in \[\] is designed to improve the security of the {{fopen()}} function. However, like {{fopen()}}, {{in ISO/IEC TR 24731-2006 is designed to improve the security of the fopen() function. However, like fopen(), fopen_s()}} provides no mechanism to determine if an existing file has been opened for writing or a new file has been created. The code below contains the same TOCTOU race condition as in Non-Compliant Code Example 1.
| Code Block | ||
|---|---|---|
| ||
...
FILE *fptr;
errno_t res = fopen_s(&fptr,"foo.txt", "r");
if (res != 0) { /* file does not exist */
res = fopen_s(&fptr,"foo.txt", "w");
...
fclose(fptr);
} else {
fclose(fptr);
}
...
|
...