View Source

Do not modify the value returned by the {{getenv()}} function. Create a copy and make your changes locally, so that they are not overwritten.  According to C99 \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\]:

The getenv function returns a pointer to a string associated with the matched list member. The string pointed to shall not be modified by the program, but may be overwritten by a subsequent call to the getenv function. If the specified name cannot be found, a null pointer is returned.

Non-Compliant Code Example

This non-compliant code example modifies the string returned by getenv().

char *env = getenv("TEST_ENV");
env[0] = 'a';

Compliant Solution (local copy)

For the case where the intent of the non-compliant code example is to use the modified value of the environment variable locally and not modify the environment, this compliant solution makes a local copy of that string value, and then modifies the local copy.

char const *env;
char *copy_of_env;

env = getenv("TEST_ENV");
if (env != NULL) {
   copy_of_env = (char *)malloc(strlen(env) + 1);

   if (copy_of_env != NULL) {
      strcpy(copy_of_env, env);
   }
   else {
      /* Error handling */
   }

   copy_of_env[0] = 'a';
}

Compliant Solution (modifying the environment in POSIX)

For the case where the intent of the non-compliant code example is to modify the environment, this compliant solution will perform that action using the POSIX putenv() function.

char const *env;
char *copy_of_env;

env = getenv("TEST_ENV");
if (env != NULL) {
   copy_of_env = (char *)malloc(sizeof("TEST_ENV=") + strlen(env));

   if (copy_of_env != NULL) {
      strcpy(copy_of_env, "TEST_ENV=");
      strcat(copy_of_env, env);
      copy_of_env[sizeof("TEST_ENV=") - 1] = 'a';
      if (putenv(copy_of_env) != 0) {
        /* handle error */
      }
   }
   else {
      /* Error handling */
   }
}

Risk Assessment

The modified string may be overwritten by a subsequent call to the getenv() function. Depending on the implementation, modifying the string returned by getenv() may or may not modify the environment.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
ENV30-C	low	unlikely	low	P3	L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.4.5, "The {{getenv}} function"
\[[Open Group 04|AA. C References#Open Group 04]\] [getenv|http://www.opengroup.org/onlinepubs/000095399/functions/getenv.html]

ENV04-A. Do not call system() if you do not need a command processor 10. Environment (ENV)