...
Making assumptions about the size of an environmental variable can result in a buffer overflow.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV01-C | High | Likely | Medium | P18 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| LANG.MEM.BO | Buffer overrun | ||||||
| Compass/ROSE |
Can detect violations of the rule by using the same method as STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator | ||||||||
| Klocwork |
| ABV.ANY_SIZE_ARRAY ABV.GENERAL ABV.ITERATOR ABV.MEMBER ABV.STACK ABV.TAINTED ABV.UNKNOWN_SIZE ABV.UNICODE.BOUND_MAP ABV.UNICODE.FAILED_MAP ABV.UNICODE.NNTS_MAP ABV.UNICODE.SELF_MAP |
| Parasoft C/C++test |
|
|
| SECURITY-07, SECURITY-12, BD-PB-OVERFWR |
| Polyspace Bug Finder | R2016a | Destination buffer overflow in string manipulation | Function writes to buffer at offset greater than buffer size Argument is from an unsecure source and may be NULL or not NULL-terminated Dangerous functions cause possible buffer overflow in destination buffer |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| MITRE CWE | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-123, Write-what-where Condition CWE-125, Out-of-bounds Read |
Bibliography
| [IEEE Std 1003.1:2013] | Chapter 8, "Environment Variables" |
| [Viega 2003] | Section 3.6, "Using Environment Variables Securely" |
...
...