The {{rename()}} function has the following prototype:
{code}
int rename(const char *old, const char *new);
{code}
If the file pointed to by {{new}} exists prior to a call to {{rename()}}, the behavior is implementation-defined. Therefore, care must be taken when using {{rename()}}.
h2. Non-Compliant Code Example
In the following non-compliant code, a file is renamed to another file using {{rename()}}.
{code:bgColor=#ffcccc
/* program code */
const char *old = "oldfile.ext";
const char *new = "newfile.ext";
if (rename(old, new) != 0) {
/* Handle rename failure */
}
/* program code */
{null}
However, if {{newfile.ext}} already existed, the result is undefined.
h2. Compliant Solution
This compliant solution first checks for the existence of the new file before the call to {{rename()}}. Note that this code contains an unavoidable race condition between the call to {{fopen()}} and the call to {{rename()}}.
{code:bgColor=#ccccff
/* program code */
const char *old = "oldfile.ext";
const char *new = "newfile.ext";
FILE *file = fopen(new, "r");
if (file != NULL) {
fclose(file);
if (rename(old, new) != 0) {
/* Handle remove failure */
}
}
else {
/* handle error condition */
}
/* program code */
{null}
h2. Risk Assessment
Using {{rename()}} without caution leads to undefined behavior, possibly resulting in a file being unexpectedly overwritten.
|| RuleRecommendation || Severity || Likelihood || Remediation Cost || Priority || Level ||
| FIO10-A | *2* (medium) | *2* (probable) | *2* (medium) | {color:#cc9900}{*}P8{*}{color} | {color:#cc9900}{*}L2{*}{color} |
h3. Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the [CERT website|https://www.kb.cert.org/vulnotes/bymetric?searchview&query=FIELD+KEYWORDS+contains+FIO10-A].
h2. References
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.9.4.2, "The {{rename}} function" |