Page History

According to C99 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]:

The getenv

...

function returns a pointer to a

...

string associated with the matched list
member. The string pointed to shall not be modified by the program, but may be
overwritten by a subsequent call to the getenv function. If the specified

...

name cannot
be found

...

, a null pointer is returned.

Do not modify the value returned by the getenv() function. Create a copy and make your changes locally, using setenv() to update the environment when necessary. This allows the implementation to properly allocate and manage memoryso that they are not overwritten.

Non-Compliant Code Example

This non-compliant code example showing that modification of modifies the string value returned found by the function getenv(). Characters in env should not be changed directly.

int foo()
 {
    char *env;
    env = getenv("TEST_ENV");
    env[0] = 'a';

    /*Do some more things*/

    return 0;
}

...

This is a compliant code solution. If it is necessary to modify the value of the string returned by the function getenv(), then the programmer should make a local copy of that string value, and then modify the local copy of that string. If it is necessary to propagate the changes back to the environment, use setenv().

int foo()
{
    char *env;
    char *copy_of_env;

    env = getenv("TEST_ENV");
    copy_of_env = malloc( strlen(env) + 1 );
    /* Error handling */
    strcpy(copy_of_env, env);

    copy_of_env[0] = 'a';

    /*Do some more things*/

    return 0;
}

Risk Assessment

The system will not be able to properly keep track of the size of environment variables, leading to memory management exploitsmodified string may be overwritten by a subsequent call to the getenv function.

References

\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.4.5, "The {{getenv}} function"
\[[Open Group 04|AA. C References#Open Group 04]\] [getenv|http://www.opengroup.org/onlinepubs/000095399/functions/getenv.html]