...
After the loop ends, path is modified as follows: "/usr/bin\0/bin\0/usr/sbin\0/sbin\0". This is an issue because the local path variable becomes /usr/bin and because the environment variable PATH has been unintentionally changed, which can have unintended consequences. (See guideline rule ENV30-C. Do not modify the object referenced by the return value of certain functions.)
...
In this compliant solution, the string being tokenized is copied into a temporary buffer which is not referenced after the call to strtok():
...
Risk Assessment
| Wiki Markup |
|---|
ToThe quote the Linux Programmer's Manual (man) page on {{strtok(3)}} \[[Linux 2008|AA. Bibliography#Linux 08]\]: states |
Never use this function. This function modifies its first argument. The identity of the delimiting character is lost. This function cannot be used on constant strings.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: STR06-CPP. Do not assume that strtok() leaves the parse string unchanged
...
Wiki Markup strtok function"
MITRE CWE: CWE-464, "Addition of Data Structure Sentinel"
Bibliography
| Wiki Markup |
|---|
}} function" \[[Linux 2008|AA. Bibliography#Linux 08]\] [strtok(3)|http://www.kernel.org/doc/man-pages/online/pages/man3/strtok.3.html] \[[MITRE 2007|AA. Bibliography#MITRE 07]\] [CWE ID 464|http://cwe.mitre.org/data/definitions/464.html], "Addition of Data Structure Sentinel" |
...
07. Characters and Strings (STR) STR07-C. Use TR 24731 for remediation of existing string manipulation code