SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 49

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 50

changes.mady.by.user Alex Volkovitsky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ENV30-C

low

probable

medium

P4

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Automated Detection

Compass/ROSE could detect violations of this rule by noting attempts to modify any variable that holds the result of getenv(). A stronger approach would be to report if the result of getenv() is assigned to a (non-const) char*.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.4.5, "The {{getenv}} function"
\[[Open Group 04|AA. C References#Open Group 04]\] [getenv|http://www.opengroup.org/onlinepubs/000095399/functions/getenv.html]

...