SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 57

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 58

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added Rose checker algorithm

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Automated Detection

Compass/ROSE could catch violations of this rule by simply looking in a program's main() function. If that function uses setenv() or putenv(), and then refers to envp, it violates this rule.

References

Wiki Markup
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section J.5.1, "Environment Arguments"
\[[MSDN|AA. C References#MSDN]\] [{{getenv, _wgetenv}}|http://msdn.microsoft.com/en-us/library/tehxacec.aspx], [{{_environ, _wenviron}}|http://msdn.microsoft.com/en-us/library/stxk41x1.aspx], [{{_putenv_s, _wputenv_s}}|http://msdn.microsoft.com/en-us/library/eyw7eyfw.aspx]
\[[Open Group 04|AA. C References#Open Group 04]\] [{{setenv()}}|http://www.opengroup.org/onlinepubs/009695399/functions/setenv.html]

...