Do not modify the value returned by the {{getenv()}} function. Create a copy and make your changes locally, so that they are not overwritten. According to C99 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]: |
The
getenvfunction returns a pointer to a string associated with the matched list member. The string pointed to shall not be modified by the program, but may be overwritten by a subsequent call to thegetenvfunction. If the specified name cannot be found, a null pointer is returned.
This non-compliant code example modifies the string returned by getenv().
char *env = getenv("TEST_ENV");
env[0] = 'a';
|
This is a compliant code solution. If it is necessary to modify the value of the string returned by the function getenv(), then the programmer should make a local copy of that string value, and then modify the local copy of that string.
const char *env;
char *copy_of_env;
if ((env = getenv("TEST_ENV")) != NULL) {
copy_of_env = (char *)malloc(strlen(env) + 1);
if (copy_of_env != NULL) {
strcpy(copy_of_env, env);
}
else {
/* Error handling */
}
copy_of_env[0] = 'a';
}
|
The modified string may be overwritten by a subsequent call to the getenv function.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
ENV30-C |
1 (low) |
1 (unlikely) |
3 (low) |
P3 |
L3 |
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.4.5, "The {{getenv}} function"
\[[Open Group 04|AA. C References#Open Group 04]\] [getenv|http://www.opengroup.org/onlinepubs/000095399/functions/getenv.html] |
ENV04-A. Do not call system() if you do not need a command processor 11. Environment (ENV)