...
| Code Block | ||||
|---|---|---|---|---|
| ||||
void f() {
char path[PATH_MAX]; /* requiresRequires PATH_MAX to be defined */
strcpy(path, getenv("PATH"));
/* Use path */
}
|
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV01-C | highHigh | likelyLikely | mediumMedium | P18 | L1 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
|
| Can detect violations of the rule by using the same method as STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| CERT C++ Secure Coding Standard | ENV01-CPP. Do not make assumptions about the size of an environment variable |
| MITRE CWE | CWE-119, Failure to constrain operations within the bounds of an allocated memory buffer |
...