...
If the TMP environmental variable returns does not exist, the call to getenv() returns NULL. In these cases, the call to strdup() should also return NULL, but it is important to verify this as this behavior is not guaranteed by POSIX OpenGroup 05
Compliant Solution
This compliant solution is fully portable.
| Code Block | ||
|---|---|---|
| ||
if ( (tmpvar = getenv("HI")) != NULL) {
hivar = malloc(strlen(tmpvar)+1);
if (hivar != NULL) {
strcpy(hivar, tmpvar);
printf("HI = %s.\n", hivar);
}
else {
/* handle error condition */
}
}
else {
puts("HI not defined.\n");
}
|
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV03 ENV00-A | 2 1 (highlow) 2 | 1 (probablelow) | 2 (medium) | P8 | L2 |
Examples of vulnerabilities resulting from the violation of this recommendation can be found on the CERT website.
...