...
Subclause 7.22.4.6 of the C Standard [ISO/IEC 9899:2011] defines getenv as follows:
...
Similarly, subclause 7.11.1.1 [ISO/IEC 9899:2011] defines setlocale and localeconv as follows:
...
Finally, subclause 7.24.6.2 [ISO/IEC 9899:2011] , states:
The
strerrorfunction returns a pointer to the string, the contents of which are locale specific. The array pointed to shall not be modified by the program, but may be overwritten by a subsequent call to thestrerrorfunction.
...
Risk Assessment
Depending on the implementation, modifying the object pointed to by the return value of these functions causes undefined behavior. Even if the modification succeeds, the modified object can be overwritten by a subsequent call to the getenv(), setlocale(), localeconv(), or strerror() functions.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV30-C | lowLow | probableProbable | mediumMedium | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
Can detect violations of this rule. In particular, it ensures that the result of |
...
| CERT C++ Secure Coding Standard | ENV30-CPP. Do not modify the string returned by getenv() |
| ISO/IEC TS 17961 (Draft) | Modifying the string returned by getenv, localeconv, setlocale, and strerror [libmod] |
Bibliography
| [ISO/IEC 9899:2011] | Subclause 7.11.1.1, "The setlocale Function"Subclause 7.22.4.6, "The getenv Function"Subclause 7.24.6.2, "The strerror Function" |
| [Open Group 2004] | getenvsetlocale |
...