National Institute of Standards and Technology
Package illustrating a test case

Test case 154479

Description

This test takes an integer and filename as input (int filename), and checks that the file exists, and is in the current directory. However there is a time of check,time of use vulnerability after the file is checked but before it is opened allowing the file to be deleted before opening causing a null pointer dereference.
Metadata
- Base program: Apache Lenya
- Source Taint: FILE_CONTENTS
- Data Type: SIMPLE
- Data Flow: BASIC
- Control Flow: CALLBACK

Flaws

Test Suites

Have any comments on this test case? Please, send us an email.