...
| Code Block | ||
|---|---|---|
| ||
int func(char *var) {
char env[1024];
if (snprintf(env, sizeof(env),"ENV=%s", var) < 0) {
/* Handle Error */
}
return putenv(env);
return 0;
}
|
Compliant Solution
To make this example compliant env should not be declared as an automatic variable.
| Code Block | ||
|---|---|---|
| ||
int func(char *var) {
static char env[1024];
if (snprintf(env, sizeof(env),"ENV=%s", var) < 0) {
/* Handle Error */
}
return putenv(env);
return 0;
}
|
Risk Assessment
Using an automatic variable as an argument to putenv() may cause that variable to take on an unintended value. Depending on how and when that variable is used, this can cause unexpected program behavior, or possibly allow an attacker to run arbitrary code.
...