Resolve vulnerability: Potential time of check time of use vulnerability (chmod)
AI GENERATED PATCH
The suggested code changes were generated by GitLab Duo Vulnerability Resolution, an AI feature. Use this feature with caution. Before you apply the code changes, carefully review and test them, to ensure that they solve the vulnerability, don't harm the functional behavior of your application or introduce new vulnerabilities.
The large language model that generated the suggested code changes was only provided with the affected lines of code, and the vulnerability in that code. It is not aware of any functionality outside of this context.
Please see our documentation for more information about this feature. We'd love to hear your feedback so we can improve on this feature as we work to bring it to general availability.
Description:
Usage of the chmod function call hints at a potential Time Of Check Time Of Use (TOCTOU)
vulnerability. An attacker may be able to modify the file being specified by the chmod
function prior to the chmod function being called. Since chmod will resolve symbolic links,
an attacker may be able to exploit this fact to have files outside of their control modified.
It is recommended that the fchmod function be used instead since this function takes
a file descriptor instead of a file. Ensure the opened file descriptor is pointing to
the correct file or directory prior to executing fchmod or any other file based operations.
For more information please see: https://wiki.sei.cmu.edu/confluence/display/c/FIO01-C.+Be+careful+using+functions+that+use+file+names+for+identification
- Severity: critical
- Confidence: unknown
- Location: src/mem.c:38
Identifiers:
- A5:2017 - Broken Access Control
- A01:2021 - Broken Access Control
- Flawfinder - chmod
- flawfinder.chmod-1
- CWE-362