SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 4

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This non-compliant code invokes the C99 system() function without first sanitizing the environment. The C99 system() function passes a string to the command processer in the host environment to be executed. {quote

Code Block
bgColor#FFcccc

system(argv[1]);

Compliant Solution (POSIX)

Wiki Markup
Sanitize the environment by setting required variables to safe values and removing extraneous environment variables.  Set {{IFS}} to its default of " \t\n" (the first character is a space character). Set the {{PATH}} environment variable to {{_PATH_STDPATH}} defined in {{paths.h}}.  Preserve the {{TZ}} environment variable (if present) which denotes the time zone (see the Open Group Base Specifications Issue 6 specifies for the  format for this variable \[[Open Group 04|AA. C References#Open Group 04]\]).

Wiki Markup
One way to clear the environment is to use the {{clearenv()}} function. The function {{clearenv()}} has an odd history; it was supposed to be defined in POSIX.1, but never made it into the standard. However, it is defined in POSIX.9 (the Fortran 77 bindings to POSIX), so there is a quasi-official status for it \[[Wheeler 03|AA. C References#Wheeler 03]\].

Wiki Markup
The other technique is to directly manipulate the environment through the {{environ}} variable.  According to the Open Group Base Specifications Issue 6 \[[Open Group 04|AA. C References#Open Group 04]\]:

The value of an environment variable is a string of characters. For a C-language program, an array of strings called the environment shall be made available when a process begins. The array is pointed to by the external variable environ, which is defined as:

extern char **environ;

These strings have the form name=value; names shall not contain the character '='.

Note that C99 standard states that "The set of environment names and the method for altering the environment list are implementation-defined."

Risk Assessment

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ENV03-A

2 (high)

2 (probable)

2 (medium)

P8

L2

References

Wiki Markup
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.4, "Communication with the environment"

Wiki Markup
\[[Open Group 04|AA. C References#Open Group 04]\] Chapter 8, "Environment Variables"

Wiki Markup
\[[Wheeler 03|AA. C References#Wheeler 03]\] [Section 5.2, "Environment Variables"|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/environment-variables.html]

Wiki Markup
\[[Viega 03|AA. C References#Viega 03]\] Section 1.1, "Sanitizing the Environment"