SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 46

changes.mady.by.user Alex Volkovitsky

Saved on

compared with

New Version 47

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
In a hosted environment, the main function receives a third argument, {{char \*envp\[\]}}, that points to a null-terminated array of pointers to {{char}}, each of which points to a string that provides information about the environment for this execution of the program.

So Consequently, under a hosted environments it is possible to access the environment through a modified form of main():

...

Wiki Markup
Microsoft notes the following about {{getenv()}}: \[[MSDN|AA. C References#MSDN]\]

The getenv function searches the list of environment variables for varname. getenv is not case sensitive in the Windows operating system. getenv and _putenv use the copy of the environment pointed to by the global variable _environ to access the environment. getenv operates only on the data structures accessible to the runtime library and not on the environment "segment" created for the process by the operating system. Consequently, programs that use the envp argument to main or wmain may retrieve invalid information.

Wiki Markup
The Visual C++ reference notes the following about {{envp}}: \[[MSDN|AA. C References#MSDN]\]

The environment block passed to main and wmain is a "frozen" copy of the current environment. If you subsequently change the environment via a call to putenv or _wputenv, the current environment (as returned by getenv/_wgetenv and the _environ/ _wenviron variable) will change, but the block pointed to by envp will not change.

When compiled with GCC version 3.4.6 and run on a 32-bit Intel GNU/Linux test machine, the following code:

...

It is evident from these results that the environment has been relocated as a result of the call to setenv().

Non-Compliant Code Example (POSIX)

After a call to the POSIX setenv() function, or other function that modifies the environment, the envp pointer may no longer reference the environment.

...

Note: if you have a great deal of unsafe envp code, you can save time in your remediation by aliasing. Change:

Code Block
int main(int argc, char *argv[], char *envp[]) {
  /* ... */
}

To:

Code Block
bgColor#ccccff
#if  defined (_POSIX_) || defined (__USE_POSIX)
  extern char **environ;
  #define envp environ
#else
  _CRTIMP extern char **_environ;
  #define envp _environ
#endif

/* ... */
int main(int argc, char *argv[]) {
  /* ... */
}

Risk Assessment

Using the envp environment pointer after the environment has been modified may result in undefined behavior.

...