National Institute of Standards and Technology
Package illustrating a test case

Test case 1516


Code with TOCTOU - Time of check, Time of use - culnerability involving stat(). The TOCTOU check occurs with the call of stat() on line 41 and the use is the call of fopen() on line 49. An attacker can simply exploit this vulnerabilty using a symlink: erase the file and make a symbolic link to this name and the attacker_file.From \'Secure Coding in C and C \' by Robert C. Seacord.Page 225, Figure 7-4


Test Suites

Have any comments on this test case? Please, send us an email.