...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Automated Detection
Compass/ROSE could detect violations of this rule by noting attempts to modify any variable that holds the result of getenv()
. A stronger approach would be to report if the result of getenv()
is assigned to a (non-const) char*
.
References
Wiki Markup |
---|
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.4.5, "The {{getenv}} function" \[[Open Group 04|AA. C References#Open Group 04]\] [getenv|http://www.opengroup.org/onlinepubs/000095399/functions/getenv.html] |
...