...
The getenv() function searches an environment list, provided by the host environment, for a string that matches the string pointed to by name. The set of environment names and the method for altering the environment list are implementation-defined.
Non-
...
Compliant Code Example
...
| Wiki Markup |
|---|
The contents of {{argv\[0\]}} can be manipulated by an attacker to cause a buffer overflow in the following program: |
| Code Block |
|---|
int main(int argc, char *argv[]) {
...
char prog_name[128];
strcpy(prog_name, argv[0]);
...
}
|
Non-compliant Code Example 2
Reading environment variables into fixed length arrays can also result in a buffer overflow.
| Code Block |
|---|
char buff[256];
strcpy(buff, (char *)getenv("EDITOR"));
|
Compliant Solution
...
| Wiki Markup |
|---|
The {{strlen()}} function should be used to determine the length of the strings referenced by {{argv\[0\]}} through {{argv\[argc-1\]}} so that adequate memory can be dynamically allocated: |
| Code Block |
|---|
int main(int argc, char *argv[]) {
...
char * prog_name = (char *)malloc(strlen(argv[0])+1);
if (prog_name != NULL) {
strcpy(prog_name, argv[1]);
}
else {
/* Couldn't get the memory - recover */
}
...
}
|
Non-Compliant Code Example
Reading environment variables into fixed length arrays can also result in a buffer overflow.
| Code Block |
|---|
char buff[256];
strcpy(buff, (char *)getenv("EDITOR"));
|
Compliant Solution
...
The strlen() function should be used to determine the length of environmental variables so that adequate memory can be dynamically allocated:
...