...
Do not modify the value returned by the getenv() function. Create a copy and make your changes locally, using setenv() to update the environment when necessary. This allows the implementation to properly allocate and manage memory.
Non-Compliant Code Example
This non-compliant code example showing that modification of the string value returned by the function getenv(). Characters in env should not be changed directly.
| Code Block | ||
|---|---|---|
| ||
int foo()
{
char *env;
env = getenv("TEST_ENV");
env[0] = 'a';
/*Do some more things*/
return 0;
}
|
Compliant Code Solution
This is a compliant code solution. If it is necessary to modify the value of the string returned by the function getenv(), then the programmer should make a local copy of that string value, and then modify the local copy of that string. If it is necessary to propagate the changes back to the environment, use setenv().
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV30-C | 2 (Mediummedium) | 3 (probable) | 2 (Mediummedium) | P12 | L1 |
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.4.5, "The {{getenv}} function"
\[[Open Group 04|AA. C References#Open Group 04]\] [getenv|http://www.opengroup.org/onlinepubs/000095399/functions/getenv.html] |