Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Avoided assuming argv[0] is non-null.

...

Wiki Markup
The {{strlen()}} function can be used to determine the length of the strings referenced by {{argv\[0\]}} through {{argv\[argc-1\]}} so that adequate memory can be dynamically allocated:. Note that care must be taken to avoid assuming that {{argv\[0\]}} is non-null.

Code Block
bgColor#ccccff

int main(int argc, char *argv[]) {
  /* ... Be prepared for argv[0] to be null */
  const char* const name = argv[0] ? argv[0] : "";
  char *prog_name = (char *)malloc(strlen(argv[0]name) + 1);
  if (prog_name != NULL) {
    strcpy(prog_name, argv[0]name);
  }
  else {
    /* Couldn'tFailed getto theallocate memory - recover */
  }
  /* ... */
}

...

Compliant Solution (argv) (strcpy_s())

Wiki Markup
The {{strcpy_s()}} function provides additional safeguards, including accepting the size of the destination buffer as an additional argument (see [STR07-C. Use TR 24731 for remediation of existing string manipulation code
).

Code Block
bgColor#ccccff
int main(int argc, char *argv[]) {
  /* ... */
  char * prog_name;
  size_t prog_size;

  prog_size = strlen(argv[0])+1;
  prog_name = (char *)malloc(prog_size);

  if (prog_name != NULL) {
    if (strcpy_s(prog_name, prog_size, argv[0])) {
      /* Handle strcpy_s() error */
    }
  }
  else {

    /* Couldn't get the memory - recover */
  }
  /* ... */
}

The strcpy_s() function can be used to copy data to or from dynamically allocated memory or a statically allocated array. If insufficient space is available strcpy_s() returns an error.

Compliant Solution (argv) (memcpy())

|STR07-C. Use TR 24731 for remediation of existing string manipulation code]). Note that care must be taken to avoid assuming that {{argv\[0\]}} is non-null.

Code Block
bgColor#ccccff

int main(int argc, char *argv[]) {
  /* Be prepared for argv[0] to be null */
  const char* const name = argv[0] ? argv[0] : "";

  char * prog_name;
  size_t prog_size;

  prog_size = strlen(name) + 1;
  prog_name = (char *)malloc(prog_size);

  if (prog_name != NULL) {
    if (strcpy_s(prog_name, prog_size, name)) {
      /* Handle strcpy_s() error */
    }
  }
  else {

    /* Failed to allocate memory - recover */
  }
  /* ... */
}

The strcpy_s() function can be used to copy data to or from dynamically allocated memory or a statically allocated array. If insufficient space is available strcpy_s() returns an error.

Compliant Solution (argv) (memcpy())

Wiki Markup
The C standard {{memcpy()}} function provide a similar capability to {{strcpy_s()}}, but is universally available. Note that care must be taken to avoid assuming that {{argv\[0\]}} is non-null. Note also that {{memcpy}} must not be called with a null pointer even when the second (size) argument is zero
The C standard memcpy() function provide a similar capability to strcpy_s(), but is universally available
.

Code Block
bgColor#ccccff

int main(int argc, char *argv[]) {
  /* ... */
  /* Be prepared for argv[0] to be null */
  const char* const name = argv[0] ? argv[0] : "";

  char *prog_name;
  size_t prog_size;

  prog_size = strlen(argv[0]name) + 1;
  prog_name = (char *)malloc(prog_size);

  if (prog_name != NULL) {
    memcpy(prog_name, argv[0]name, prog_size);
  }
  else {
    /* Couldn'tFailed getto theallocate memory - recover */
  }
  /* ... */
}

...

Compliant Solution (argv)

Wiki Markup
If an argument is not going to be modified or concatenated, there is no reason to make a copy of the string. Not copying a string is the best way to prevent a buffer overflow, and is
the best way to prevent a buffer overflow, and is also the most efficient solution
 also the most efficient solution.  Note that care must be taken to avoid assuming that {{argv\[0\]}} is non-null.

Code Block
bgColor#ccccff
int main(int argc, char *argv[]) {
  /* ... Be prepared for argv[0] to be null */
  const char *prognameprog_name = argv[0] ? argv[0] : "";
  size_t prog_size;
  /* ... */
}

...

Code Block
bgColor#ccccff
/* ... */
char *buff;
char *editor = getenv("EDITOR");
if (editor == NULL) {
  /* EDITOR environment variable not set */
} else {
  size_t len = strlen(editor)+1;
  buff = (char *)malloc(len);
  if (buff == NULL) {
    /* Handle malloc() Errorerror */
  }
  memcpy(buff, editor, len);
}
/* ... */

...