sqc 0.4.13

Software Code Quality - CERT C compliance checker
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

/*
 * Rule: POS50-C
 * Source: testcases
 * Status: FAIL - stat()+fopen() TOCTOU race condition
 */

#include <stdio.h>
#include <sys/stat.h>

/* access() then open() — classic TOCTOU */
void toctou_access_open(const char *path) {
    struct stat st;
    if (stat(path, &st) == 0) {
        FILE *f = fopen(path, "r");
        if (f) fclose(f);
    }
}