SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 15

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 16

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
char *tmpvar;
char *tempvar;
char *temp;

if ( (temp = getenv("TMP")) != NULL) {
  tmpvar= malloc(strlen(temp)+1);
  if (tmpvar != NULL) {
    strcpy(tmpvar, temp);
  }
  else {
    /* handle error condition */
  }
}
else {
  return -1;
}

if ( (temp = getenv("TEMP")) != NULL) {
  tempvar= malloc(strlen(temp)+1);
  if (tempvar != NULL) {
    strcpy(tempvar, temp);
  }
  else {
    /* handle error condition */
  }
}
else {
  return -1;
}

if (strcmp(tmpvar, tempvar) == 0) {
  puts("TMP and TEMP are the same.\n");
}
else {
  puts("TMP and TEMP are NOT the same.\n");    
}

Risk Assessment

Storing the pointer to the string returned by getenv() can result in overwritten environmental data.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ENV00-A

1 (low)

1 (low)

2 (medium)

P2

L3

...