Stack Overflow
Stack Overflow

Questions tagged [tocttou]

The time-of-check to time-of-use (TOCTTOU) problem is a class of race conditions where someone else can invalidate a condition after it was checked but before code that depends on the condition could execute.

6 questions
7
votes
2 answers

Can argv be changed at runtime (not by the app itself)

I wonder can input parameters of main() be changed at runtime. In other words, should we protect the app from possible TOCTTOU attack when handling data in argv? Currently, I don't know any way to change data that was passed in argv, but I'm not…
Андрій Немченко
  • 417
  • 6
  • 19
4
votes
1 answer

How do I detect if sqlite3 created a database file?

I'm writing a program that uses a sqlite3 database file to store its data. If I open a database file with sqlite3_open_v2(filename, &db, SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE, NULL) the database file is created if it does not exist. How can I…
fuz
  • 88,405
  • 25
  • 200
  • 352
2
votes
1 answer

Safe programming. How to avoid TOCTOU vulnerability when checking a file and then writing in it

I have the following code vuln.c. This appends the desired input to a non link file. #include #include #include #include #include int process_filename(char *filename) { struct stat…
Santiago Gil
  • 1,292
  • 7
  • 21
  • 52
1
vote
1 answer

How to handle TOCTOU problem between access() and unlink()?

A static-analysis tool (Coverity) flags the unlink() statement in the following code as having a time-of-check/time-of-use (TOCTOU) problem between the access() and unlink(): #include #include #include #include…
StoneThrow
  • 5,314
  • 4
  • 44
  • 86
0
votes
2 answers

TOCTTOU - Using access before handling file

I have this function that copies files to a mirror directory and then deletes the old one. It works well however, in Coverity, my code shows up as a TOCTTOU warning. void function(){ const char *original_key = "path/to/file/filename"; const…
JezT
  • 57
  • 8
0
votes
1 answer

How to prevent ToCToU issue when using Ansible's file module?

My work environment: Ubuntu 14.04 Ansible 2.6.3 Ansible Playbook 2.6.3 Python 2.7.6 I'm writing an Ansible playbook which contains a task that creates a symbolic link that points to a directory somewhere else. The task uses the file module (I…
yaobin
  • 2,436
  • 5
  • 33
  • 54