| Wiki Markup |
|---|
The C99 tandard function {{fopen()}} is typically used to open an existing file or create a new one \[[ISO/IEC 9899-:1999|AA. C References#ISO/IEC 9899-1999]\]. However, {{fopen()}} does not indicate if an existing file has been opened for writing or a new file has been created. This may lead to a program overwriting or accessing an unintended file. |
...
| Wiki Markup |
|---|
However, this code suffers from a _Time of Check, Time of Use_ (or _TOCTOU_) vulnerability (see \[[Seacord 05|AA. C References#Seacord 05]\] Section 7.2). On a shared multitasking system there is a window of opportunity between the first call of {{fopen()}} and the second call for a malicious attacker to, for example, create a link with the given file filenamename to an existing file so that the existing file is overwritten by the second call of {{fopen()}} and the subsequent writing to the file. |
...
The fopen_s() function defined in ISO/IEC TR 24731-1-:2007 is designed to improve the security of the fopen() function. However, like fopen(), fopen_s() provides no mechanism to determine if an existing file has been opened for writing or a new file has been created. The code below contains the same TOCTOU race condition as the first non-compliant code example using fopen().
...
| Wiki Markup |
|---|
\[[ISO/IEC 9899-:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.19.3, "Files," and Section 7.19.4, "Operations on Files" \[[ISO/IEC TR 24731-1-:2007|AA. C References#SO/IEC TR 24731-1-2007]\] Section 6.5.2.1, "The fopen_s function" \[[Open Group 04|AA. C References#Open Group 04]\] \[[Seacord 05|AA. C References#Seacord 05]\] Chapter 7, "File I/O" |
...