...
POSIX provides the strdup() function, which can make a copy of the environment variable string [IEEE Std 1003.1:2013]. The strdup() function is also included in Extensions to the C Library—Part II [ISO/IEC TR 24731-2:2010].
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
void func(void) {
char *tmpvar;
char *tempvar;
const char *temp = getenv("TMP");
if (temp != NULL) {
tmpvar = strdup(temp);
if (tmpvar == NULL) {
/* Handle error */
}
} else {
/* Handle error */
}
temp = getenv("TEMP");
if (temp != NULL) {
tempvar = strdup(temp);
if (tempvar == NULL) {
/* Handle error */
}
} else {
/* Handle error */
}
if (strcmp(tmpvar, tempvar) == 0) {
printf("TMP and TEMP are the same.\n");
} else {
printf("TMP and TEMP are NOT the same.\n");
}
free(tmpvar);
tmpvar = NULL;
free(tempvar);
tempvar = NULL;
}
|
...
Tool | Version | Checker | Description |
|---|---|---|---|
|
|
|
Related Guidelines
| C Secure Coding Standard | ENV00-C. Do not store objects that can be overwritten by multiple calls to getenv() and similar functions |
| ISO/IEC TR 24731-2 | 5.3.1.1, "The strdup Function" |
| ISO/IEC TS 17961:2013 | Using an object overwritten by getenv, localeconv, setlocale, and strerror [libuse] |
Bibliography
| [IEEE Std 1003.1:2013] | Chapter 8, "Environment Variables" XSH, System Interfaces, strdup |
| [ISO/IEC 9899:2011] | Subclause 7.22.4, "Communication with the Environment" Subclause 7.22.4.6, "The getenv Function"Subclause K.3.6.2.1, "The getenv_s Function" |
| [MSDN] | _dupenv_s(), _wdupenv_s() |
| [Viega 2003] | Section 3.6, "Using Environment Variables Securely" |
...