Some environments provide environment pointers that are valid when main() is called , but may be invalided by operations that modify the environment.
Section JSubclauseJ.5.1 of the C Standard [ISO/IEC 9899:2011] states:
In a hosted environment, the main function receives a third argument,
char *envp[], that points to a null-terminated array of pointers tochar, each of which points to a string that provides information about the environment for this execution of the program.
Consequently, under a hosted environment, it is possible to access the environment through a modified form of main():
...
After a call to the POSIX setenv() function , or to another function that modifies the environment, the envp pointer may no longer reference the environment. POSIX states that [Open Group 2004] states that
unanticipated results may occur if
setenv()changes the external variableenviron. In particular, if the optionalenvpargument tomain()is present, it is not changed, and as a result may point to an obsolete copy of the environment (as may any other copy ofenviron).
...
After a call to the Windows _putenv_s() function , or other to another function that modifies the environment, the envp pointer may no longer reference the environment.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV31-C | lowLow | probableProbable | mediumMedium | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
|
|
| |||||||
| PRQA QA-C |
| 0601 (E) | Fully implemented |
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| CERT C++ Secure Coding Standard | ENV31-CPP. Do not rely on an environment pointer following an operation that may invalidate it |
Bibliography
| [ISO/IEC 9899:2011] | Subclause J.5.1, "Environment Arguments" |
| [MSDN] | getenv, _wgetenv_environ, _wenviron_putenv_s, _wputenv_s |
| [Open Group 2004] | setenv() |
...