Potential time of check time of use vulnerability (tmpnam/tempnam)
Description
There exists a possible race condition in between the time that `tempnam` or `tmpnam` returns a pathname, and the time that the program opens it, another program might create that pathname using `open`, or create it as a symbolic link. Consider using the `mkstemp` function instead, but be aware it also contains possible risks. Ensure the process has called the `umask` function with restricted permissions prior to calling `mkstemp` and validate the permissions prior to using the file descriptor.
Examples
Insecure Code
c
char *filename = tempnam(NULL, NULL);Secure Code
c
int fd = mkstemp(template); if (fd == -1) { /* handle error */ }Remediation
Use `mkstemp` instead of `tempnam` or `tmpnam`, and ensure the process has called the `umask` function with restricted permissions prior to calling `mkstemp`.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0620 |
| Category | InsecureConfig |
| Severity | MEDIUM |
| CWE | CWE-377 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | tempnam, tmpnam, mkstemp, race condition |
| OWASP | A5:2017-Broken Access Control, A01:2021-Broken Access Control |