SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 70

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft C/C++test 10.4

The getenv() function searches an environment list for a string that matches a specified name and returns a pointer to a string associated with the matched list member.

Section Subclause 7.22.4.6 of the C standard Standard [ISO/IEC 9899:2011] states that:

The set of environment names and the method for altering the environment list are implementation-defined.

Depending on the implementation, multiple environment variables with the same name may be allowed and can cause unexpected results if a program cannot consistently choose the same value. The GNU glibc library addresses this issue in getenv() and setenv() by always using the first variable it encounters and ignoring the rest. However, it is unwise to rely on this behavior.

One common difference between implementations is whether or not environment variables are case sensitive. While Although UNIX-like implementations are generally case sensitive, environment variables are "not case sensitive in Windows 98/Me and Windows NT/2000/XP" [MSDN].

...

Noncompliant Code Example

The following This noncompliant code example behaves differently when compiled and run on Linux and Microsoft Windows platforms.:

Code Block
bgColor#ffcccc
langc
if (putenv("TEST_ENV=foo") != 0) {
  /* Handle error */
}
if (putenv("Test_ENV=bar") != 0) {
  /* Handle error */
}

const char *temp = getenv("TEST_ENV");

if (temp == NULL) {
  /* Handle error */
}

printf("%s\n", temp);

...

Portable code should use environment variables that differ by more than capitalization.:

Code Block
bgColor#ccccff
langc
if (putenv("TEST_ENV=foo") != 0) {
  /* Handle error */
}
if (putenv("OTHER_ENV=bar") != 0) {
  /* Handle error */
}

const char *temp = getenv("TEST_ENV");

if (temp == NULL) {
  /* Handle error */
}

printf("%s\n", temp);

...

An attacker can create multiple environment variables with the same name (for example, by using the POSIX execve() function). If the program checks one copy but uses another, security checks may be circumvented.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

ENV02-C

low

Low

unlikely

Unlikely

medium

Medium

P2

L3

Automated Detection

Tool

Version

Checker

Description

Compass/ROSE

 

 




Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-ENV02-a

Usage of system properties (environment variables) should be restricted
 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++

...

Coding Standard

...

VOID ENV00

...

-CPP. Beware of multiple environment variables with the same effective name
ISO/IEC

...

ISO/IEC TR 24772 "XYS Executing or loading untrusted code"

...

TR 24772:2013Executing or Loading Untrusted Code [XYS]
MITRE CWECWE-462,

...

Duplicate key in associative list (Alist)

...


...

CWE-807,

...

Reliance on untrusted inputs in a security decision

...

Bibliography

[ISO/IEC 9899:2011]Section 7.22.4, "Communication with the Environment"
[MSDN]getenv()


...

Image Modified Image Modified Image Modified