SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 1

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 2

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The normal means by which you obtain the value of an environment variable is by calling getenv( ) with the name of the environment variable whose value is to be retrieved. The problem with getenv( ) is that it simply returns a pointer into the environment, rather than returning a copy of the environment variable's value getenv() function searches an environment list, provided by the host environment, for a string that matches a specified name. Do not rely on the pointer to the string returned by getenv() following a subsequent invocation.

Wiki Markup
According to C99 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]:

The getenv function returns a pointer to a string associated with the matched list member. The string pointed to shall not be modified by the program, but may be overwritten by a subsequent call to the getenv function.

This allows an implementation, for example, to copy the environmental variable to an internal static buffer and return a pointer to that buffer.

If you do not immediately make a copy of the value returned by getenv(), but instead store the pointer somewhere for later use, you could end up with a dangling pointer or a different value altogether, if the environment is modified between the time that you called getenv( ) and the time you use the pointer it returns.

Non-Compliant Coding Example

Code Block
bgColor#FFcccc
Compliant Solution
 Code Block
bgColor#ccccff
There is a race condition here even after you call getenv() and before you copy. Be careful to only manipulate the process environment from a single thread at a time.
Risk Assessment
 Rule 
 Severity 
 Likelihood 
 Remediation Cost 
 Priority 
 Level 
 ENV03-A 
 2 (high) 
 2 (probable) 
 2 (medium) 
 P8 
 L2 
Examples of vulnerabilities resulting from the violation of this recommendation can be found on the CERT website.
References
 Wiki Markup
\[[Dowd 06|AA. C References#Dowd 06]\] Chapter 10, "UNIX II: Processes"
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.4, "Communication with the environment" 
\[[Open Group 04|AA. C References#Open Group 04]\] Chapter 8, "Environment Variables"
\[[Viega 03|AA. C References#Viega 03]\] Section 3.6, "Using Environment Variables Securely"
\[[Wheeler 03|AA. C References#Wheeler 03]\] [Section 5.2, "Environment Variables"|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/environment-variables.html]