SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 96

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 97

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated cwe info

...

Wiki Markup
\[[Austin Group 08|AA. References#Austin Group 08]\] Vol. 2, System Interfaces, {{confstr()}}
\[[CA-1995-14|http://www.cert.org/advisories/CA-1995-14.html]\] "Telnetd Environment Vulnerability"
\[[Dowd 06|AA. References#Dowd 06]\] Chapter 10, "UNIX II: Processes"
\[[ISO/IEC 9899:1999|AA. References#ISO/IEC 9899-1999]\] Section 7.20.4, "Communication with the environment"
\[[ISO/IEC PDTR 24772|AA. References#ISO/IEC PDTR 24772]\] "XYS Executing or Loading Untrusted Code"
\[[MITRE 07|AA. References#MITRE 07]\] [CWE ID -426|http://cwe.mitre.org/data/definitions/426.html], "Untrusted Search Path," [CWE ID -88|http://cwe.mitre.org/data/definitions/88.html], "Argument Injection or Modification," and [CWE ID -78|http://cwe.mitre.org/data/definitions/78.html], "Failure to Sanitize Data into an OS Command (aka 'OS Command Injection')," [CWE-807|http://cwe.mitre.org/data/definitions/807.html], "Reliance on Untrusted Inputs in a Security Decision"
\[[Open Group 04|AA. References#Open Group 04]\] Chapter 8, "Environment Variables", and [{{confstr()}}|http://www.opengroup.org/onlinepubs/009695399/functions/confstr.html]
\[[Viega 03|AA. References#Viega 03]\] Section 1.1, "Sanitizing the Environment"
\[[Wheeler 03|AA. References#Wheeler 03]\] [Section 5.2, "Environment Variables"|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/environment-variables.html]

...