TOCTTOU - Using access before handling file

Question

I have this function that copies files to a mirror directory and then deletes the old one. It works well however, in Coverity, my code shows up as a TOCTTOU warning.

void function(){
    const char *original_key = "path/to/file/filename";
    const char *mirror_key = "path/to/another/file/filename";

    if((access(original_key, F_OK) == 0) && (access(mirror_key, F_OK) == 0)){
        copy_file("/bin/cp %s %s", original_key, mirror_key); /*copy function in another cpp file*/
        unlink(original_key);
    }
}

/* in another cpp file */
int copy_file(const char*command, ...){
    int rc = -1;
    va_list args;
    char *buffer = NULL;
    va_start(args, command);
    vasprintf(&buffer, command, args);
    va_end(args);
    if (buffer)
    {
        char *wrd;
        char *ptr = buffer;
        std::vector<const char *> list;
        while ((wrd = strsep(&ptr, " ")) != NULL)
        {
            if (strlen(wrd))
            {
                list.push_back(wrd);
            }
        }
        if (list.size() > 0)
        {
            char *argv[list.size() + 1];
            for (size_t idx = 0; idx < list.size(); idx++)
            {
                argv[idx] = (char *)list[idx];
            }
            argv[list.size()] = NULL;
            rc = system_spawn_args(argv);
        }
        free(buffer);
    }
    return(rc);
}

Is there a way to prevent TOCTTOU in this situation?

note: move did not work - Cross Device Error.

Thanks

There is a lot of code missing. So, very difficult to judge. I guess that in reality "original_key" and "mirror_key" have a different content. Also, "access" checks the file and not the path. And, how do you copy? How do you open the mirror file?. I think, this essetial information is missing. BTW. I have encountered only very very few false positives from Coverity. Compared to QAC or SonarCube or Lint, it is really reliable (my personal experience . . .) — A M, Aug 20 '19 at 08:01
This is very much application dependent. How much of a problem is it if the original file is not deleted? — user1937198, Aug 20 '19 at 08:06
@Armin Montigny - added the missing pieces based on your question. I hope this helps — JezT, Aug 20 '19 at 09:49
@JezT is it a problem if the file is lost in transit? If so you could open the file, delete it, and then copy the contents to a new location? — user1937198, Aug 20 '19 at 17:23

score 1 · Answer 1 · answered Aug 20 '19 at 13:15

The problem is maybe a typical Unix / Linux bug using the function access. The exact details, even with an example, are described here. There are also recomendations on how to mitigate the risk.

Since it is described very well in the linked Wikepedia article, I will not repeat it here.

And, because there is no C++ code in your example, you may want to rewrite the code in C++. Also your "copy-function" using a system call, seems to be overly complex.

Please consider to refactor it. Therefor I would also recomend to you to read an article about copying a file here on stackoverflow.

If your code is non productive and for home use only, then you can also ignore this message.

score 0 · Accepted Answer · answered Aug 23 '19 at 10:08

0

Since my main function was basically to move one file to another. I just used rename() this did the job and also did not warn me as a TOCTTOU in Coverity

answered Aug 23 '19 at 10:08

JezT

57
8

TOCTTOU - Using access before handling file

2 Answers2