SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 67

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 68

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Compliant Solution (POSIX)

POSIX provides the strdup() function, which can make a copy of the environment variable string [Open Group 2004IEEE Std 1003.1:2013]. The strdup() function is also included in Extensions to the C Library—Part II [ISO/IEC TR 24731-2:2010].

...

CERT C++ Secure Coding StandardENV00-CPP. Do not store the pointer to the string returned by getenv()
ISO/IEC TR 24731-2 
ISO/IEC TS 17961Using an object overwritten by getenv, localeconv, setlocale, and strerror [libuse]

Bibliography

[IEEE Std 1003.1:2013]Chapter 8, "Environment Variables"
XSH, System Interfaces, strdup
[ISO/IEC 9899:2011]Subclause 7.22.4, "Communication with the Environment"
Subclause 7.22.4.6, "The getenv Function"
Subclause K.3.6.2.1, "The getenv_s Function"
[MSDN]_dupenv_s() and _wdupenv_s()[Open Group 2004]Chapter 8, "Environment Variables"
strdup
[Viega 2003]Section 3.6, "Using Environment Variables Securely"

...