...
The whitelisting approach to data sanitization is to define a list of acceptable characters and remove any character that is not acceptable. The list of valid input values is typically a predictable, well-defined set of manageable size. This examplecompliant solution, based on the tcp_wrappers package written by Wietse Venema, shows the whitelisting approach:
...
An attacker, in this case, can gain unauthenticated access to a system by setting the USER environment variable to a string, which is interpreted as an additional command-line option by the login program. This kind of attack is called argument injection.
Compliant Solution
The following This compliant solution inserts the "--" (double dash) argument before the call to getenv("USER") in the call to execl():
...
Risk Assessment
Failure to sanitize data passed to a complex subsystem can lead to an injection attack, data integrity issues, and a loss of sensitive data.
...
Related Vulnerabilities
Search for for vulnerabilities resulting from the violation of this rule on the CERT website.
...