Page History

...

#include <stdio.h>

void open_some_file(const char *file) {
  FILE *f = fopen(file, "r");
  if (NULL != f) {
    /* File exists, handle error */
  } else {
    if (fclose(f) == EOF) {
      /* Handle error */
    }
    f = fopen(file, "w");
    if (NULL == f) {
      /* Handle error */
    }
 
    /* Write to file */
    if (fclose(f) == EOF) {
      /* Handle error */
    }
  }
}

...

#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>

void open_some_file(const char *file) {
  int fd = open(file, O_CREAT | O_EXCL | O_WRONLY);
  if (-1 != fd) {
    FILE *f = fdopen(fd, "w");
    if (NULL != f) {
      /* Write to file */

      if (fclose(f) == EOF) {
        /* Handle error */
      }
    } else {
      if (close(fd) == -1) {
        /* Handle error */
      }
    }
  }
}

Exceptions

...

FIO45-C-EX2: Accessing a file name or path name multiple times is permitted if the file referenced resides in a secure directory. (For more information, see FIO15-C. Ensure that file operations are performed in a secure directory.)

...

Tool	Version	Checker	Description
CodeSonar	Include Page CodeSonar_V CodeSonar_V	IO.RACE	File system race condition
Coverity	Include Page Coverity_V Coverity_V	TOCTOU	Implemented
Helix QAC	Include Page Helix QAC_V Helix QAC_V	DF4851, DF4852, DF4853
Klocwork	Include Page Klocwork_V Klocwork_V	SV.TOCTOU.FILE_ACCESS
LDRA tool suite	Include Page LDRA_V LDRA_V	75 D	Partially implemented
Parasoft C/C++test	Include Page Parasoft_V Parasoft_V	CERT_C-FIO45-a	Avoid race conditions while accessing files
Polyspace Bug Finder	Include Page Polyspace Bug Finder_V Polyspace Bug Finder_V	CERT C: Rule FIO45-C	Checks for file access between time of check and use (rule fully partially covered)

Related Vulnerabilities

...