maskit opened a new issue, #10346:
URL: https://github.com/apache/trafficserver/issues/10346
certifier.cc
```
417 /// If directory doesn't exist, create one
CID 1518591 (#1 of 1): Time of check time of use (TOCTOU)
1. fs_check_call: Calling function stat to perform check on path.c_str().
2. Condition stat(path.c_str(), &st) == -1, taking true branch.
418 if (stat(path.c_str(), &st) == -1) {
CID 1518608: Unchecked return value from library
(CHECKED_RETURN) [[select
issue](https://scan6.scan.coverity.com/defectInstanceId=34751238&fileInstanceId=163647704&mergedDefectId=1518608)]
3. toctou: Calling function mkdir that uses path.c_str() after a check
function. This can cause a time-of-check, time-of-use race condition.
419 mkdir(path.c_str(), 0755);
420 } else {
421 /// Try open the file if directory exists
422 fp = fopen(cert_filename.c_str(), "rt");
423 }
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
