...
| Code Block |
|---|
char *editor;
char *buff;
editor = (char *)getenv("EDITOR");
if (editor) {
buff = (char *)malloc(strlen(editor)+1);
strcpy(buff, editor);
}
|
Priority: P18 Level: L1
Failure to properly allocated sufficient space when copying null-termianted byte strings can result in buffer overflows and the execution of arbitrary code with the permissions of the vulnerable process by an attacker.
Component | Value |
|---|---|
Severity | 3 (medium) |
Likelihood | 3 (probable) |
Remediation cost | 2 (medium) |
References
- ISO/IEC 9899-1999 Sections 7.1.1 Definitions of terms, Section 7.21 String handling <string.h>, 5.1.2.2.1 Program startupISO/IEC 9899-1999 , 7.20.4.5 The getenv function
- Seacord 05 Chapter 2 Strings