...
| Code Block | ||||
|---|---|---|---|---|
| ||||
char *token;
const char *path = getenv("PATH");
/* PATH is something like "/usr/bin:/bin:/usr/sbin:/sbin" */
char *copy = (char *)malloc(strlen(path) + 1);
if (copy == NULL) {
/* handleHandle error */
}
strcpy(copy, path);
token = strtok(copy, ":");
puts(token);
while (token = strtok(0, ":")) {
puts(token);
}
free(copy);
copy = NULL;
printf("PATH: %s\n", path);
/* PATH is still "/usr/bin:/bin:/usr/sbin:/sbin" */
|
Another possibility is to provide your own implementation of strtok() that does not modify the initial arguments.
Risk Assessment
The Linux Programmer's Manual (man) page on strtok(3) [Linux 2008] states:
...
The improper use of strtok() is likely to result in truncated data, producing unexpected results later in program execution.
Recommendation | Severity | Likelihood | Detectable |
|---|
Repairable | Priority | Level |
|---|---|---|
STR06-C |
Medium | Likely |
No |
No |
P6 |
L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| (customization) | Users who wish to avoid using strtok() entirely can add a custom check for all uses of strtok(). | ||||||
| Compass/ROSE | |||||||||
| Helix QAC |
| C5007 | |||||||
| LDRA tool suite |
| 602 S |
Fully implemented.
Fortify SCA
V. 5.0
Can detect violations of this rule with CERT C Rule Pack.
Compass/ROSE
Enhanced Enforcement | |||||||||
| Polyspace Bug Finder |
| Checks for string passed to strok() without copying. |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
...
...
...
...
| Addition of data structure sentinel |
...
Bibliography
...