Page History

...

This non-compliant code example copies into a buffer of fixed size.

//todo

Compliant Solution (Windows)

Microsoft Visual Studio 2005 provides provides the getenv_s() and _wgetenv_s() functions for getting a value from the current environmentThis can result in a buffer overflow.

char *tmpvartemp;
char *tempvarbuff[16];
size_t requiredSize;

getenv_s(&requiredSize, NULL, 0, "TMP");
tmpvar= malloc(requiredSize * sizeof(char));
if (!tmpvar) {
   /* handle error condition */
}
getenv_s(&requiredSize, tmpvar, requiredSize, "TMP" );

getenv_s(&requiredSize, NULL, 0, "TEMP");
tempvar= malloc(requiredSize * sizeof(char));
if (!tempvar) {
   /* handle error condition */
}
getenv_s(&requiredSize, tempvar, requiredSize, "TEMP" );

if (strcmp(tmpvar, tempvar) == 0) {
  puts("TMP and TEMP are the same.\n");
}
else {
  puts("TMP and TEMP are NOT the same.\n");
}

Compliant Solution (Windows)

Microsoft Visual Studio 2005 provides provides the {{\_dupenv_s()}} and {{\_wdupenv_s()}} functions for getting a value from the current environment.  \[[Microsoft Visual Studio 2005/.NET Framework 2.0 help pages|http://msdn2.microsoft.com/en-us/library/ms175774(VS.80).aspx]\].

The _dupenv_s() function searches the list of environment variables for a specified name. If the name is found, a buffer is allocated, the variable's value is copied into the buffer, and the buffer's address and number of elements are returned. By allocating the buffer itself, _dupenv_s() provides a more convenient alternative to getenv_s(), _wgetenv_s().

It is the calling program's responsibility to free the memory by calling free().

char *tmpvar;
char *tempvar;
size_t len;

errno_t err = _dupenv_s(&tmpvar, &len, "TMP");
if (err) return -1;
errno_t err = _dupenv_s(&tempvar, &len, "TEMP");
if (err) {
  free(tmpvar);
  return -1;
}

if (strcmp(tmpvar, tempvar) == 0) {
  puts("TMP and TEMP are the same.\n");
}
else {
  puts("TMP and TEMP are NOT the same.\n");
}
free(tmpvar);
free(tempvar);

Compliant Solution (POSIX)

The following compliant solution depends on the POSIX strdup() function to make a copy of the environment variable string.

temp = getenv("TEST_ENV");

if(temp != NULL)
  strcpy(buff, temp);

Compliant Solution

Use strlen to calculate size and dynamically allocate space.

char *tmpvar = strdup(getenv("TMP"))temp;
char *tempvar = strdup(getenv("TEMP"));
if (!tmpvar) return -1;
if (!tempvar) return -1;

if (strcmp(tmpvar, tempvar) == 0) {
  puts("TMP and TEMP are the same.\n");
}
else {
  puts("TMP and TEMP are NOT the same.\n");
}

If an environmental variable does not exist, the call to {{getenv()}} returns a null pointer.  In these cases, the call to {{strdup()}} should also return a null pointer, but it is important to verify this as this behavior is not guaranteed by POSIX \[[Open Group 04|AA. C References#Open Group 04]\]

Compliant Solution

This compliant solution is fully portable.

char *tmpvar;
char *tempvar;
char *temp;

if ( (copy;

if ((temp = getenv("TMPTEST_ENV")) != NULL) {
  tmpvarcopy = malloc(strlen(temp) +1);
  if (tmpvar != NULL) {
    strcpy(tmpvar, temp);
  }
  else {
    /* handle error condition */
  }
}
else {
  return -1;
}

if ( (temp = getenv("TEMP")) != NULL) {
  tempvar= malloc(strlen(temp)+1);
  if (tempvar 1);

  if (copy != NULL) {
    strcpy(tempvarcopy, temp);
  }
  else {
    /* handle error condition */
  }
}
else {
  return -1;
}

if (strcmp(tmpvar, tempvar) == 0) {
  puts("TMP and TEMP are the same.\n");
}
else {
  puts("TMP and TEMP are NOT the same.\n");
}

Risk Assessment

...

References

\[[ISO/IEC 9899-1999:TC2|AA. C References#ISO/IEC 9899-19991999TC2]\] Section 7.20.4, "Communication with the environment"
\[[Open Group 04|AA. C References#Open Group 04]\] Chapter 8, "Environment Variables", [strdup|http://www.opengroup.org/onlinepubs/009695399/functions/strdup.html]
\[[Viega 03|AA. C References#Viega 03]\] Section 3.6, "Using Environment Variables Securely"

...