The {{rename()}} function has the following prototype: {code} int rename(const char *old, const char *new); {code} If the file pointed to by {{new}} exists prior to a call to {{rename()}}, the behavior is implementation-defined. Therefore, care must be taken when using {{rename()}}. h2. Non-Compliant Code Example In the following non-compliant code, a file is renamed to another file using {{rename()}}. {code:bgColor=#ffcccc /* program code */ const char *old = "oldfile.ext"; const char *new = "newfile.ext"; if (rename(old, new) != 0) { /* Handle rename failure */ } /* program code */ {null} However, if {{newfile.ext}} already existed, the result is undefined. h2. Compliant Solution This compliant solution first checks for the existence of the new file before the call to {{rename()}}. Note that this code contains an unavoidable race condition between the call to {{fopen()}} and the call to {{rename()}}. {code:bgColor=#ccccff /* program code */ const char *old = "oldfile.ext"; const char *new = "newfile.ext"; FILE *file = fopen(new, "r"); if (file != NULL) { fclose(file); if (rename(old, new) != 0) { /* Handle remove failure */ } } else { /* handle error condition */ } /* program code */ {null} h2. Risk Assessment Using {{rename()}} without caution leads to undefined behavior, possibly resulting in a file being unexpectedly overwritten. || Rule || Severity || Likelihood || Remediation Cost || Priority || Level || | FIO10-A | *2* (medium) | *2* (probable) | *2* (medium) | {color:#cc9900}{*}P8{*}{color} | {color:#cc9900}{*}L2{*}{color} | h3. Related Vulnerabilities Search for vulnerabilities resulting from the violation of this rule on the [CERT website|https://www.kb.cert.org/vulnotes/bymetric?searchview&query=FIELD+KEYWORDS+contains+FIO10-A]. h2. References \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.9.4.2, "The {{rename}} function" |