Description
Because of the test for file existence in lines 33 and 35 and the file open on line 36 both use file names. This code contains a TOCTOU - Time of check, Time of use - vulnerability. The code can be exploited by the creation of a symbolic link with the name of the file.
From "Secure Coding in C and C++" by Robert C. Seacord.
Page 258, Figure 7-5
Flaws
Have any comments on this test case? Please, send us an email.