...
Wiki Markup |
---|
However, this code suffers from a _Time of Check, Time of Use_ (or _TOCTOU_) vulnerability (see \[[Seacord 0505a|AA. C References#Seacord 05]\] Section 7.2). On a shared multitasking system there is a window of opportunity between the first call of {{fopen()}} and the second call for a malicious attacker to, for example, create a link with the given file name to an existing file so that the existing file is overwritten by the second call of {{fopen()}} and the subsequent writing to the file. |
...
Wiki Markup |
---|
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.19.3, "Files," and Section 7.19.4, "Operations on Files" \[[ISO/IEC TR 24731-1:2007|AA. C References#SO/IEC TR 24731-1-2007]\] Section 6.5.2.1, "The {{fopen_s}} function" \[[Loosemore 07|AA. C References#Loosemore 07]\] [Section 12.3, "Opening Streams"|http://www.gnu.org/software/libc/manual/html_node/Opening-Streams.html] \[[Open Group 04|AA. C References#Open Group 04]\] \[[Seacord 0505a|AA. C References#Seacord 05]\] Chapter 7, "File I/O" |
...