Page History

...

Compliant Solution (POSIX)

Wiki MarkupIf the programmer's intent is to not remove an existing destination file, the POSIX {{access()}} function can be used to check for the existence of a file \ [[Open Group 2004|AA. Bibliography#Open Group 04]\]. This compliant solution renames the source file only if the destination file does not exist.

Code Block

bgColor	#ccccff
lang	c

const char *src_file = /* ... */;
const char *dest_file = /* ... */;

if (access(dest_file, F_OK) != 0) {
  if (rename(src_file, dest_file) != 0) {
    /* Handle error condition */
  }
} 
else {
  /* Handle file-exists condition */
}

...

Compliant Solution (Windows)

Wiki MarkupOn Windows, the [{{rename()}}|http://msdn.microsoft.com/en-us/library/zw5t957f(VS.80).aspx] function fails if \[ [MSDN|AA. Bibliography#MSDN]\]

File or directory specified by newname already exists or could not be created (invalid path).

...

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
FIO10-C	medium	probable	medium	P8	L2

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

ISO/IEC 9899:1999 Section 7.9.4.2, "The rename function"

Bibliography

Wiki Markup\[[MSDN|AA. Bibliography#MSDN] \] [{{rename()}}|http://msdn.microsoft.com/en-us/library/zw5t957f(VS.80).aspx] \[[Open Group 2004|AA. Bibliography#Open Group 04]\] [{{access()}}|http://www.opengroup.org/onlinepubs/009695399/functions/access.html]
[Open Group 2004] access()

...

09. Input Output (FIO)

Space shortcuts

Page tree

Versions Compared

Old Version 62

New Version 63

Key

Compliant Solution (POSIX)

Compliant Solution (Windows)

Related Vulnerabilities

Bibliography