...
Code Block | ||
---|---|---|
| ||
int func(char const *var) { static char *oldenv; char const *env_format = "TEST=%s"; size_t const len = strlen(var) + strlen(env_format); char *env = (char *) malloc(len); if (env == NULL) { return -1; } int rc = snprintf(env, len, env_format, var); if (rc < 0 || (size_t)rc >= len) { /* Handle Error */ } if (putenv(env) != 0) { free(env); return -1; } if (oldenv != NULL) free(oldenv); // avoid memory leak oldenv = env; return 0; } |
Wiki Markup |
---|
The POSIX.1-2008 {{setenv()}} function is preferred over this function \[[AustinOpen Group 0804|AA. C References#AustinReferences#Open Group 0804]\]. |
Compliant Solution (setenv()
)
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
Wiki Markup |
---|
\[[Austin Group 08|AA. C References#Austin Group 08]\] \[[Open Group 04|AA. C References#Open Group 04]\] The [{{putenv() function}}|http://www.opengroup.org/onlinepubs/009695399/functions/putenv.html], [{{setenv()}}|http://www.opengroup.org/onlinepubs/009695399/functions/setenv.html] \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.2.4, "Storage durations of objects," and Section 7.20.3, "Memory management functions" \[[Dowd 06|AA. C References#Dowd 06]\] Chapter 10, "UNIX Processes" (Confusing putenv() and setenv()) [DCL30-C. Declare objects with appropriate storage durations] |
...