Page History

...

void f() {
  char path[PATH_MAX]; /* requires PATH_MAX to be defined */
  strcpy(path, getenv("PATH"));
  /* useUse path */
}

Even if your platform assumes that $PATH is defined, defines PATH_MAX, and enforces that paths not have more than PATH_MAX characters, the $PATH environment variable still is not required to have less than PATH_MAX chars. And if it has more than PATH_MAX chars, a buffer overflow will result. Also, if $PATH is not defined, then strcpy() will attempt to dereference a null pointer.

...

void f() {
  char *path = NULL;
  /* avoidAvoid assuming $PATH is defined or has limited length */
  const char *temp = getenv("PATH");
  if (temp != NULL) {
    path = (char*) malloc(strlen(temp) + 1);
    if (path == NULL) {
      /* Handle error condition */
    } else {
      strcpy(path, temp);
    }
    /* useUse path */
  }
}

Risk Assessment

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

...

...

...

...

...

Bibliography

  environment variables securely"

...