SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 41

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 42

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

An attacker, in this case, can gain unauthenticated access to a system by setting the USER environment variable to a string, which is interpreted as an additional command line option by the login program. This is referred to as an argument injection attack.

Compliant Solution

The following compliant solution inserts the "--" argument before the call to getenv("USER") in the call to execl():

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[MITRE 07|AA. C References#MITRE 07]\] [CWE ID 88|http://cwe.mitre.org/data/definitions/88.html], "Argument Injection or Modification"; [CWE ID 78|http://cwe.mitre.org/data/definitions/78.html], "Failure to Sanitize Data into an OS Command (aka 'OS Command Injection')"
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.4.6, "The system function"
\[[Viega 03|AA. C References#Viega 03]\]
\[[VU#881872|AA. C References#VU881872]\]

...