SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 38

changes.mady.by.user Alex Volkovitsky

Saved on

compared with

New Version 39

changes.mady.by.user Alex Volkovitsky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
However, modifying the environment by using the {{setenv()}} or {{putenv()}} functions, or by any other means, may cause the environment memory to be reallocated, with the result that {{envp}} now references an incorrect location. For example, POSIX.1-2008 says the following \[[AustinOpen Group 0804|AA. C References#AustinReferences#Open Group 0804]\]

Unanticipated results may occur if setenv() changes the external variable environ.  In particular, if the optional envp argument to main() is present, it is not changed, and thus may point to an obsolete copy of the environment (as may any other copy of environ).

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[Austin Group 08|AA. C References#Austin Group 08]\] vol. 2, System Interfaces, {{setenv()}}
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section J.5.1, "Environment Arguments"
\[[Open Group 04|AA. C References#Open Group 04]\] [{{setenv()}}|http://www.opengroup.org/onlinepubs/009695399/functions/setenv.html]

...

ENV30-C. Do not modify the string returned by getenv()      10. Environment (ENV)       ENV32-C. No atexit handler should terminate in any way other than by returning