SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Robert C. Seacord

Saved on

compared with

New Version 3

changes.mady.by.user Admin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Information determined prior to program startup from the hosted environment is supplied to the program. This information includes command line arguments and environmental variables.

Wiki Markup
Command line arguments are passed as arguments to {{main()}}. In the following definition for {{main()}} the array members {{argv\[0\]}} through {{argv\[argc-1\]}} inclusive contain pointers to strings.

Code Block
int main(int argc, char *argv[]) { /* ... */ }

Wiki Markup
If the value of {{argc}} is greater than zero, the string pointed to by {{argv\[0\]}} represents the program name. If the value of argc is greater than one, the strings pointed to by {{argv\[1\]}} through {{argv\[argc-1\]}} represent the program parameters.

The getenv() function searches an environment list, provided by the host environment, for a string that matches the string pointed to by name. The set of environment names and the method for altering the environment list are implementation-defined.

Non-compliant Code Example 1

Wiki Markup
The contents of {{argv\[0\]}} can be manipulated by an attacker to cause a buffer overflow in the following program:

Code Block
int main(int argc, char *argv[]) {
  ...
  char prog_name[128];
  strcpy(prog_name, argv[0]);
  ...
}

Non-compliant Code Example 2

Reading environment variables into fixed length arrays can also result in a buffer overflow.

Code Block
char buff[256];
strcpy(buff, (char *)getenv("EDITOR"));

Compliant Solution 1

Wiki Markup
The {{strlen()}} function should be used to determine the length of the strings referenced by {{argv\[0\]}} through {{argv\[argc-1\]}} so that adequate memory can be dynamically allocated:

Code Block
int main(int argc, char *argv[]) {
  ...
  char * prog_name = (char *)malloc(strlen(argv[0])+1);
  if (prog_name != NULL) {
    strcpy(prog_name, argv[1]);
  }
  else {
    /* Couldn't get the memory - recover */
  }
  ...
}

Compliant Solution 2

The strlen() function should be used to determine the length of environmental variables so that adequate memory can be dynamically allocated:

Code Block
char *editor;
  char *buff;

  editor = (char *)getenv("EDITOR");
  if (editor) {
    buff = (char *)malloc(strlen(editor)+1);
    strcpy(buff, editor);
  }

References