The {{rename()}} function has the following prototype:
{code}
int rename(const char *old, const char *new);
{code}
If the file pointed to by {{new}} exists prior to a call to {{rename()}}, the behavior is implementation-defined. Therefore, care must be taken when using {{rename()}}.

h2. Non-Compliant Code Example

In the following non-compliant code, a file is renamed to another file using {{rename()}}.
{code:bgColor=#ffcccc
/* program code */
const char *old = "oldfile.ext";
const char *new = "newfile.ext";
if (rename(old, new) != 0) {
  /* Handle rename failure */
}
/* program code */
{null}
However, if {{newfile.ext}} already existed, the result is undefined.

h2. Compliant Solution

This compliant solution first checks for the existence of the new file before the call to {{rename()}}.  Note that this code contains an unavoidable race condition between the call to {{fopen()}} and the call to {{rename()}}.
{code:bgColor=#ccccff
/* program code */
const char *old = "oldfile.ext";
const char *new = "newfile.ext";
FILE *file = fopen(new, "r");

if (file != NULL) {
  fclose(file);
  if (rename(old, new) != 0) {
    /* Handle remove failure */
  }
}
else {
  /* handle error condition */
}
/* program code */
{null}

h2. Risk Assessment

Using {{rename()}} without caution leads to undefined behavior, possibly resulting in a file being unexpectedly overwritten.
|| Rule || Severity || Likelihood || Remediation Cost || Priority || Level ||
| FIO10-A | *2* (medium) | *2* (probable) | *2* (medium) | {color:#cc9900}{*}P8{*}{color} | {color:#cc9900}{*}L2{*}{color} |

h3. Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the [CERT website|https://www.kb.cert.org/vulnotes/bymetric?searchview&query=FIELD+KEYWORDS+contains+FIO10-A].

h2. References

\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.9.4.2, "The {{rename}} function"