...
| Code Block | ||
|---|---|---|
| ||
char *temp;
char *copy;
if ((temp = getenv("TEST_ENV")) != NULL) {
copy= malloc(strlen(temp) + 1);
if (copy != NULL)
strcpy(copy, temp);
else
/* handle error condition */
copy[0] = 'a';
setenv("TEST_ENV", copy, 1);
}
else {
return -1;
}
|
In
...
addition,
...
you
...
could
...
search
...
through
...
environ
...
to
...
see
...
if
...
there
...
are
...
multiple
...
entries
...
for
...
a
...
variable.
...
Upon
...
finding
...
something,
...
simply
...
abort()
...
.
...
It
...
is
...
very
...
unlikely
...
that
...
there
...
would
...
be
...
a
...
need
...
for
...
more
...
than
...
one
...
variable
...
of
...
the
...
same
...
name.
...
Risk Assessment
An adversary could create several environment variables with the same name. If the program checks against one copy, but actually uses another, this could be a clear problem.
...