...
| Wiki Markup |
|---|
In this non-compliant codingcode example, a pointer to a buffer of automatic storage duration is used as an argument to {{putenv()}} \[[Dowd 06|AA. C References#Dowd 06]\]. The {{TEST}} environment variable may take on an unintended value if it is accessed once {{func()}} has returned and the stack frame containing {{env}} has been recycled. |
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
POS34-C | high | unlikely | medium | P6 | L2 |
Automated Detection
The tool Compass Rose /ROSE is able to detect violations of this rule.
...
| Wiki Markup |
|---|
\[[Open Group 04|AA. C References#Open Group 04]\] [{{putenv()}}|http://www.opengroup.org/onlinepubs/009695399/functions/putenv.html], [{{setenv()}}|http://www.opengroup.org/onlinepubs/009695399/functions/setenv.html]
\[[ISO/IEC 9899-:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.2.4, "Storage durations of objects," and Section 7.20.3, "Memory management functions"
\[[Dowd 06|AA. C References#Dowd 06]\] Chapter 10, "UNIX Processes" (Confusing putenv() and setenv()) |
...