...
Non-Compliant Code Example 1
| Wiki Markup |
|---|
The {{fopen_s()}} function defined |
fopen() function. However, like fopen(), in \[\] is designed to improve the security of the {{fopen()}} function. However, like {{fopen()}}, {{fopen_s()}} provides no mechanism to determine if an existing file has been opened for writing or a new file has been created. The code below contains the same TOCTOU race condition as in |
Non-Compliant Code Example 1. |
| Code Block | ||
|---|---|---|
| ||
...
FILE *fptr;
errno_t res = fopen_s(&fptr,"foo.txt", "r");
if (res != 0) { /* file does not exist */
res = fopen_s(&fptr,"foo.txt", "w");
...
fclose(fptr);
} else {
fclose(fptr);
}
...
|
...