...
It is also possible to search the environment for multiple entries of a variable. On POSIX systems, the environ variable can be used for this purpose. Any duplicate values are an indication of an attack; take appropriate action.
Compliant Solution (POSIX)
In this compliant solution, the environ array is manually searched for duplicate key entries.
| Code Block | ||
|---|---|---|
| ||
extern char ** environ;
int main(void) {
if(multiple_vars_with_same_name()) {
system_error("Someone may be tampering.\n");
return 1;
}
/* ... */
return 0;
}
int multiple_vars_with_same_name() {
size_t i;
size_t j;
size_t k;
size_t l;
size_t len_i;
size_t len_j;
for(i = 0; environ[i] != NULL; i++) {
for(j = i; environ[j] != NULL; j++) {
if(i != j) {
k = 0;
l = 0;
len_i = strlen(environ[i]);
len_j = strlen(environ[j]);
while(k < len_i && l < len_j) {
if(environ[i][k] != environ[j][l])
break;
if(environ[i][k] == '=')
return 1;
k++;
l++;
}
}
}
}
return 0;
}
|
Risk Assessment
An adversary could create multiple environment variables with the same name. If the program checks one copy but uses another, security checks may be circumvented.
...