SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 58

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 59

changes.mady.by.user Alex Volkovitsky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ENV31-C

low

probable

medium

P4

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Automated Detection

Compass/ROSE could catch violations of this rule by simply looking in a program's main() function. If that function uses setenv() or putenv(), and then refers to envp, it violates this rule.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section J.5.1, "Environment Arguments"
\[[MSDN|AA. C References#MSDN]\] [{{getenv, _wgetenv}}|http://msdn.microsoft.com/en-us/library/tehxacec.aspx], [{{_environ, _wenviron}}|http://msdn.microsoft.com/en-us/library/stxk41x1.aspx], [{{_putenv_s, _wputenv_s}}|http://msdn.microsoft.com/en-us/library/eyw7eyfw.aspx]
\[[Open Group 04|AA. C References#Open Group 04]\] [{{setenv()}}|http://www.opengroup.org/onlinepubs/009695399/functions/setenv.html]

...