...
An alternative to invoking the system()
call to execute an external program to perform a required operation is to implement the functionality directly in the program using existing library calls. This compliant solution calls the POSIX
function to remove a file without invoking the unlink
()system()
function [IEEE Std 1003.1:2013]:
Code Block | ||||
---|---|---|---|---|
| ||||
#include <pwd.h> #include <unistd.h> #include <string.h> void func(void) { const char *file_format = "%s/.config"; size_t len; char *file; struct passwd *pwd; /* Get /etc/passwd entry for current user */ pwd = getpwuid(getuid()); if (pwd == NULL) { /* Handle error */ } /* Build full path name home dir from pw entry */ len = strlen(pwd->pw_dir) + strlen(file_format) + 1; pathname = (char *)malloc(len); if (NULL == file) { /* Handle error */ } int r = snprintf(pathname, len, file_format, pwd->pw_dir); if (r < 0 || r >= len) { /* Handle error */ } if (unlink(pathname) != 0) { /* Handle error */ } free(pathname); } |
...
CERT C Secure Coding Standard | ENV03-C. Sanitize the environment when invoking external programs. |
SEI CERT C++ Coding Standard | ENV02-CPP. Do not call system() if you do not need a command processor |
CERT Oracle Secure Coding Standard for Java | IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method |
ISO/IEC TR 24772:2013 | Unquoted Search Path or Element [XZQ] |
ISO/IEC TS 17961:2013 | Calling system [syscall] |
MITRE CWE | CWE-78, Improper Neutralization of Special Elements Used in an OS Command (aka "OS Command Injection") CWE-88, Argument Injection or Modification |
...