National Institute of Standards and Technology
Package illustrating a test case

Test case 1516

Description

Code with TOCTOU - Time of check, Time of use - culnerability involving stat(). The TOCTOU check occurs with the call of stat() on line 41 and the use is the call of fopen() on line 49. An attacker can simply exploit this vulnerabilty using a symlink: erase the file and make a symbolic link to this name and the attacker_file.From \'Secure Coding in C and C \' by Robert C. Seacord.Page 225, Figure 7-4

Flaws

Test Suites

Have any comments on this test case? Please, send us an email.