...
| Code Block | ||||
|---|---|---|---|---|
| ||||
char *token;
const char *path = getenv("PATH");
/* PATH is something like "/usr/bin:/bin:/usr/sbin:/sbin" */
char *copy = (char *)malloc(strlen(path) + 1);
if (copy == NULL) {
/* handleHandle error */
}
strcpy(copy, path);
token = strtok(copy, ":");
puts(token);
while (token = strtok(0, ":")) {
puts(token);
}
free(copy);
copy = NULL;
printf("PATH: %s\n", path);
/* PATH is still "/usr/bin:/bin:/usr/sbin:/sbin" */
|
Another possibility is to provide your own implementation of strtok() that does not modify the initial arguments.
Risk Assessment
The Linux Programmer's Manual (man) page on strtok(3) [Linux 2008] states:
...
The improper use of strtok() is likely to result in truncated data, producing unexpected results later in program execution.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR06-C |
Medium |
Likely |
Medium | P12 | L1 |
Automated Detection
Tool | Version | Checker | Description |
|---|
| CodeSonar |
|
|
|
602 S
Fully implemented.
Fortify SCA
V. 5.0
Can detect violations of this rule with CERT C Rule Pack.
Compass/ROSE
| (customization) | Users who wish to avoid using strtok() entirely can add a custom check for all uses of strtok(). | ||||||||
| Compass/ROSE | |||||||||
| Helix QAC |
| C5007 | |||||||
| LDRA tool suite |
| 602 S | Enhanced Enforcement |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
...
ISO/IEC 9899:2011 Section 7.24.5.8, "The strtok function"
...
...
| Addition of data structure sentinel |
...
Bibliography
...