...
| Code Block | ||
|---|---|---|
| ||
int func(char const *var) {
static char *oldenv;
char const *env_format = "TEST=%s";
size_t const len = strlen(var) + strlen(env_format);
char *env = (char *) malloc(len);
if (env == NULL) {
return -1;
}
int rc = snprintf(env, len, env_format, var);
if (rc < 0 || (size_t)rc >= len) {
/* Handle Error */
}
if (putenv(env) != 0) {
free(env);
return -1;
}
if (oldenv != NULL)
free(oldenv); // avoid memory leak
oldenv = env;
return 0;
}
|
| Wiki Markup |
|---|
The POSIX.1-2008 {{setenv()}} function is preferred over this function \[[AustinOpen Group 0804|AA. C References#AustinReferences#Open Group 0804]\]. |
Compliant Solution (setenv())
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[Austin Group 08|AA. C References#Austin Group 08]\] \[[Open Group 04|AA. C References#Open Group 04]\] The [{{putenv() function}}|http://www.opengroup.org/onlinepubs/009695399/functions/putenv.html], [{{setenv()}}|http://www.opengroup.org/onlinepubs/009695399/functions/setenv.html] \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.2.4, "Storage durations of objects," and Section 7.20.3, "Memory management functions" \[[Dowd 06|AA. C References#Dowd 06]\] Chapter 10, "UNIX Processes" (Confusing putenv() and setenv()) [DCL30-C. Declare objects with appropriate storage durations] |
...