Do not make any assumptions about the size of environment variables, as an adversary might have full control over the environment. If the environment variable needs to be stored, then the length of the associated string should be calcuated, and the storage dynamically allocated (see STR31-C. Guarantee that storage for strings has sufficient space for character data and the NULL terminator).
...
Noncompliant Code Example
This non-compliant noncompliant code example copies the string returned by getenv()
into a fixed size buffer.
...
However, the string copied from temp
may exceed the size of copy
, leading to a buffer overflow.
Compliant Solution
In the following compliant solution, the strlen()
function is used to calculate the size of the string, and the required space is dynamically allocated.
Code Block | ||
---|---|---|
| ||
char *copy = NULL; char *temp = getenv("TEST_ENV"); if (temp != NULL) { copy = (char *)malloc(strlen(temp) + 1); if (copy != NULL) { strcpy(copy, temp); } else { /* handle error condition */ } } |
Risk Assessment
Making assumptions about the size of an environmental variable can result in a buffer overflow.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
ENV01-A C | high | likely | medium | P18 | L1 |
Automated Detection
Compass/ROSE can detect violations of the rule by using the same method as STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
Wiki Markup |
---|
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.4, "Communication with the environment" \[[Open Group 04|AA. C References#Open Group 04]\] Chapter 8, "Environment Variables" \[[Viega 03|AA. C References#Viega 03]\] Section 3.6, "Using Environment Variables Securely" |
...
ENV00-C. Do not store the pointer to the string returned by getenv() 10. Environment (ENV) ENV02-A. Beware of multiple environment variables with the same effective name