Test case 1517

Type: source code
State: bad
Author: Robert C. Seacord
Status: candidate
Language: C++
Submission Date: 22 May 2006
Operating System: cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Description

Because of the test for file existence in lines 33 and 35 and the file open on line 36 both use file names. This code contains a TOCTOU - Time of check, Time of use - vulnerability. The code can be exploited by the creation of a symbolic link with the name of the file.
From "Secure Coding in C and C++" by Robert C. Seacord.
Page 258, Figure 7-5

Flaws

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

Have any comments on this test case? Please, send us an email.