...
| Code Block | ||
|---|---|---|
| ||
if (tmpfile_s(&fp)) {
/* Handle Error */
}
|
The TR24731-1 tmpfile_s() function should not be used with implementations that create temporary files in shared directory such as /tmp or C: because the function does not allow the user to specify a directory in which the temporary file should be created (see FIO15-A. Do not create temporary files in shared directories).
Risk Assessment
Failure to create unique, unpredictable temporary file names can make it possible for an attacker to access or modify privileged files.
...