Skip to content
This repository has been archived by the owner on Jul 4, 2023. It is now read-only.

CID 47546: Time of check time of use (CWE-367) #29

Open
mmaraya opened this issue Mar 2, 2016 · 0 comments
Open

CID 47546: Time of check time of use (CWE-367) #29

mmaraya opened this issue Mar 2, 2016 · 0 comments
Assignees
@mmaraya
Labels
bug security

Comments

@mmaraya
Copy link
Owner

mmaraya commented Mar 2, 2016

ftp/ftp.c#L784

fs_check_call: Calling function access to perform check on local

ftp/ftp.c#L876

toctou: Calling function fopen that uses local after a check function. This can cause a time-of-check, time-of-use race condition

An attacker could change the filename's file association or other attributes between the check and use.
In recvrequest: A check occurs on a file's attributes before the file is used in a privileged operation, but things may have changed (CWE-367)
@mmaraya mmaraya self-assigned this Mar 2, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mmaraya mmaraya

Labels
bug security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mmaraya