SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 65

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 66

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The C Standard says getenv() has the following behavior Standard [ISO/IEC 9899:2011] states that getenv() has the following behavior:

The getenv function returns a pointer to a string associated with the matched list member. The string pointed to shall not be modified by the program but may be overwritten by a subsequent call to the getenv function.

...

C11 Annex K provides the getenv_s()function for getting a value from the current environment [ISO/IEC 9899:2011].   However, note that according to the standard, getenv_s() can still have data races with other threads of execution which that modify the environment list.

...

Windows also provides the _dupenv_s() and wdupenv_s() functions for getting a value from the current environment [MSDN]. The _dupenv_s() function searches the list of environment variables for a specified name. If the name is found, a buffer is allocated; the variable's value is copied into the buffer, and the buffer's address and number of elements are returned. By allocating the buffer itself, _dupenv_s() and _wdupenv_s() provide a more convenient alternative to getenv_s() and _wgetenv_s().

It is the The calling program 's responsibility to free is responsible for freeing any allocated buffers returned by these functions.

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

ENV00-C

lowLow

probableProbable

mediumMedium

P4

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

Tool

Version

Checker

Description

Compass/ROSE

 

 

 

Related Guidelines

CERT C++ Secure Coding StandardENV00-CPP. Do not store the pointer to the string returned by getenv()
ISO/IEC TR 24731-2 
ISO/IEC TS 17961 (Draft)Using an object overwritten by getenv, localeconv, setlocale, and strerror [libuse]

Bibliography

Section K.3.6.2.1, "The getenv_s function
[ISO/IEC 9899:2011]Section Subclause 7.22.4, "Communication with the Environment"
Section Subclause 7.22.4.6, "The getenv Function"
Subclause K.3.6.2.1, "The getenv_s Function"
[MSDN]_dupenv_s() and _wdupenv_s()
[Open Group 2004]Chapter 8, "Environment Variables"
strdup
[Viega 2003]Section 3.6, "Using Environment Variables Securely"[ISO/IEC 9899:2011]"

 

...