SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 51

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 52

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider v2.4 (sch jbop) (X_X)@==(Q_Q)@

...

Wiki Markup
One common difference between implementations is whether or not environment variables are case sensitive.  While UNIX-like implementations are generally case sensitive, environment variables are "not case sensitive in Windows 98/Me and Windows NT/2000/XP" \[[MSDN|AA. C References#MSDN]\].

Duplicate Environment Variable Detection (POSIX)

The following code defines a function that uses the POSIX environ array to manually search for duplicate key entries. Any duplicate environment variables are considered an attack, so the program immediately terminates if a duplicate is detected.

Code Block
bgColor#ccccff
extern char **environ;

int main(void) {
  if (multiple_vars_with_same_name()) {
    printf("Someone may be tampering.\n");
    return 1;
  }

  /* ... */

  return 0;
}

int multiple_vars_with_same_name(void) {
  size_t i;
  size_t j;
  size_t k;
  size_t l;
  size_t len_i;
  size_t len_j;

  for(i = 0; environ[i] != NULL; i++) {
    for(j = i; environ[j] != NULL; j++) {
      if (i != j) {
        k = 0;
        l = 0;

        len_i = strlen(environ[i]);
        len_j = strlen(environ[j]);

        while (k < len_i && l < len_j) {
          if (environ[i][k] != environ[j][l])
            break;

          if (environ[i][k] == '=')
            return 1;

          k++;
          l++;
        }
      }
    }
  }
  return 0;
}

...

Noncompliant Code Example

The following non-compliant noncompliant code behaves differently when compiled and run on Linux and Microsoft Windows platforms.

...

Whereas, on an IA-32 Windows XP machine with Microsoft Visual C++ 2008 Express, it prints:

Code Block
bar

Compliant Solution

Portable code should use environment variables that differ by more than capitalization.

Code Block
bgColor#ccccff
char *temp;

if (putenv("TEST_ENV=foo") != 0) {
  /* Handle Error */
}
if (putenv("OTHER_ENV=bar") != 0) {
  /* Handle Error */
}

temp = getenv("TEST_ENV");

if (temp == NULL) {
  /* Handle Error */
}

printf("%s\n", temp);

Risk Assessment

An adversary can create multiple environment variables with the same name by using the POSIX execve() function, for example. If the program checks one copy but uses another, security checks may be circumvented.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

ENV02-A C

low

unlikely

medium

P2

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.4, "Communication with the environment"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "XYS Executing or Loading Untrusted Code"
\[[MSDN|AA. C References#MSDN]\] [{{getenv()}}|http://msdn.microsoft.com/en-us/library/tehxacec(VS.71).aspx]

...

      10. Environment (ENV)       ENV03-A. Sanitize the environment when invoking external programs Image Added