The getenv() function searches an environment list for a string that matches a specified name and returns a pointer to a string associated with the matched list member.
Section Subclause 7.22.4.6 of the C Standard [ISO/IEC 9899:2011] states:
...
An attacker can create multiple environment variables with the same name (for example, by using the POSIX execve() function). If the program checks one copy but uses another, security checks may be circumvented.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV02-C | lowLow | unlikelyUnlikely | mediumMedium | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
|
|
|
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| CERT C++ Secure Coding Standard | ENV02-CPP. Beware of multiple environment variables with the same effective name |
| ISO/IEC TR 24772:2013 | Executing or Loading Untrusted Code [XYS] |
| MITRE CWE | CWE-462, Duplicate key in associative list (Alist) CWE-807, Reliance on untrusted inputs in a security decision |
Bibliography
| [ISO/IEC 9899:2011] | Section 7.22.4, "Communication with the Environment" |
| [MSDN] | getenv() |
...