The rename()
function has the following prototype:
int rename(char const *old, char const *new);
If the file pointed to by new
exists prior to a call to rename()
, the behavior is implementation-defined. Therefore, care must be taken when using rename()
.
Non-Compliant Code Example
In the following non-compliant code, a file is renamed to another file using rename()
.
However, if newfile.ext
already existed, the result is undefined.
Compliant Solution
This compliant solution first checks for the existence of the new file before the call to rename()
. Note that this code contains an unavoidable race condition between the call to fopen()
and the call to rename()
.
Risk Assessment
Using rename()
without caution leads to undefined behavior, possibly resulting in a file being unexpectedly overwritten.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
FIO10-A |
2 (medium) |
3 (likely) |
2 (medium) |
P12 |
L1 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[ISO/IEC 9899-1999:TC2]] Section 7.9.4.2, "The rename
function"