...
The fopen_s() function defined in ISO/IEC TR24731-2006 is designed to improve the security of the fopen() function. However, like fopen(), fopen_s() provides no mechanism to determine if an existing file has been opened for writing or a new file has been created. The code below contains the same TOCTOU race condition as in
...
- Seacord 05 Chapter 7, File I/O
- ISO/IEC 9899-1999 Sections 7.19.3, Files
- ISO/IEC 9899-1999 Sections 7.19.4, Operations on Files
- ISO/IEC TR 24731-2006 Section 6.5.2.1, The fopen_s function
- Open Group 04