SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 82

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 83

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This noncompliant code example modifies the string returned by getenv() by replacing all double quote (") characters with underscores.:

Code Block
bgColor#ffcccc
langc
void trstr(char *str, char orig, char rep) {
  while (*str != '\0') {
    if (*str == orig) {
      *str = rep;
    }
    str++;
  }
}

/* ... */

char *env = getenv("TEST_ENV");
if (env == NULL) {
  /* Handle error */
}

trstr(env,'"', '_');


/* ... */

...

If the intent of the noncompliant code example is to use the modified value of the environment variable locally and not modify the environment, this compliant solution makes a local copy of that string value and then modifies it.:

Code Block
bgColor#ccccFF
langc
const char *env;
char *copy_of_env;

env = getenv("TEST_ENV");
if (env == NULL) {
  /* Handle error */
}

copy_of_env = (char *)malloc(strlen(env) + 1);
if (copy_of_env == NULL) {
  /* Handle error */
}

strcpy(copy_of_env, env);
trstr(copy_of_env,'\"', '_');

...

If the intent is to modify the environment, this compliant solution saves the altered string back into the environment by using the POSIX setenv() and strdup() functions.:

Code Block
bgColor#ccccFF
langc
const char *env;
char *copy_of_env;

env = getenv("TEST_ENV");
if (env == NULL) {
  /* Handle error */
}

copy_of_env = strdup(env);
if (copy_of_env == NULL) {
  /* Handle error */
}

trstr(copy_of_env,'\"', '_');

if (setenv("TEST_ENV", copy_of_env, 1) != 0) {
  /* Handle error */
}

...

In this noncompliant example, the object returned from the C standard library function localeconv() is modified.:

Code Block
bgColor#ffcccc
langc
void f2(void) {
  struct lconv *conv = localeconv();
 
  if ('\0' == conv->decimal_point[0]) {
    conv->decimal_point = ".";  /* violation */
  }
 
  if ('\0' == conv->thousands_sep[0]) {
    conv->thousands_sep = ",";  /* violation */
  }
 
  /* ... */
}

...

This compliant solution makes a local copy of the object and then modifies it.:

Code Block
bgColor#ccccFF
langc
void f2(void) {
  struct lconv *conv = localeconv();
  if (conv == NULL) {
     /* Handle error */
  }
  
  copy_of_conv = (char *)malloc(sizeof(lconv) + 1);
  if (copy_of_conv == NULL) {
    /* Handle error */
  }
 
  memcpy(copy_of_conv, conv, sizeof(lconv));
 
  if ('\0' == copy_of_conv->decimal_point[0]) {
    copy_of_conv->decimal_point = ".";  
  }
 
  if ('\0' == copy_of_conv->thousands_sep[0]) {
    copy_of_conv->thousands_sep = ","; 
  }
 
  /* ... */
}

...

Tool

Version

Checker

Description

Compass/ROSE

  

Can detect violations of this rule. In particular, it ensures that the result of getenv() is stored in a const variable.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...