SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 15

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 16

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider (sch jbop) (X_X)@==(Q_Q)@

...

Code Block
bgColor#FFCCCC
char *path = getenv("PATH"); 
/* PATH is something like "/usr/bin: / bin:/usr/sbin:/sbin" */
char *token; 
 
token = strtok(path, ":"); 
puts(token); 
 
while (token = strtok(0, ":")) { 
  puts(token); 
} 
 
printf("PATH: %s\n", path); 
/* PATH is now just "/usr/bin" */

...

Code Block
bgColor#ccccff
char *path = getenv("PATH"); 
/* PATH is something like "/usr/bin: / bin:/usr/sbin:/sbin" */

char *copy = malloc(strlen(path) + 1);
strcpy(copy, path);
char *token; 
 
token = strtok(copy, ":"); 
puts(token); 
 
while (token = strtok(0, ":")) { 
  puts(token); 
} 
 
printf("PATH: %s\n", path); 
/* PATH is still "/usr/bin: / bin:/usr/sbin:/sbin" */

Another possibility is to provide your own implementation of strtok() which does not modify the initial arguments.

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

STR06-A. Don't assume that strtok() leaves its string argument unchanged

1 (low)

2 (probable)

3 (low)

P6

L2

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[ISO/IEC 9899-1999:TC2|AA. C References#ISO/IEC 9899-1999TC2]\] Section 7.21.5.8, "The strtok function"
\[Unix Man page\] strtok(3)