SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #1516

Back to the previous page... Back to the previous page

Test Case IDCandidate1516
Bad / Good / MixedBadBad test case
AuthorRobert C. Seacord
Test suite: 9  
Added byRomain Gaucher
Type of test caseSource Code
Input string
Expected Output
Submission date2006-05-22
DescriptionCode with TOCTOU - Time of check, Time of use - culnerability involving stat(). The TOCTOU check occurs with the call of stat() on line 41 and the use is the call of fopen() on line 49. An attacker can simply exploit this vulnerabilty using a symlink: erase the file and make a symbolic link to this name and the attacker_file.From \'Secure Coding in C and C \' by Robert C. Seacord.Page 225, Figure 7-4

There are no comments
Have any comments on this test case? Please, .

File Contains:
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition on line(s): 0