...
| Code Block |
|---|
|
extern char **environ;
/* ... */
int main(int argc, char const *argv[]) {
size_t i;
setenv("MY_NEW_VAR", "new_value", 1);
if (environ != NULL) {
for (i = 0; environ[i] != NULL; i++) {
puts(environ[i]);
}
}
return 0;
}
|
Compliant Solution (Windows)
Use _environ in place of envp when defined.
| Code Block |
|---|
|
_CRTIMP extern char **_environ;
/* ... */
int main(int argc, char const *argv[]) {
size_t i;
_putenv_s("MY_NEW_VAR", "new_value", 1);
if (_environ != NULL) {
for (i = 0; _environ[i] != NULL; i++) {
puts(_environ[i]);
}
}
return 0;
}
|
Compliant Solution
Note: if you have a great deal of unsafe envp code, you can save time in your remediation by aliasing. Change:
| Code Block |
|---|
main(int argc, char *argv[], char *envp[])
|
To:
| Code Block |
|---|
|
#ifdef _POSIX_ | __USE_POSIX
extern char **environ;
#define envp environ
#else
_CRTIMP extern char **_environ;
#define envp _environ
#endif
/* ... */
main(int argc, char *argv[])
|
...
| Wiki Markup |
|---|
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section J.5.1, "Environment Arguments"
\[[MSDN|AA. C References#MSDN]\] [getenv, _wgetenv|http://msdn.microsoft.com/en-us/library/tehxacec.aspx], [_environ, _wenviron|http://msdn.microsoft.com/en-us/library/stxk41x1.aspx], [_putenv_s, _wputenv_s|http://msdn.microsoft.com/en-us/library/eyw7eyfw.aspx]
\[[Open Group 04|AA. C References#Open Group 04]\] [{{setenv()}}|http://www.opengroup.org/onlinepubs/009695399/functions/setenv.html] |
...
