Some implomentations implementations provide a nonportable environment pointer that is valid when main() is called but may be invalidated by operations that modify the environment.
The C Standard, J.5.1 2 [ISO/IEC 9899:20112024], states:
In a hosted environment, the main function receives a third argument, char *envp[], that points to a null-terminated array of pointers to char, each of which points to a string that provides information about the environment for this execution of the program (5.1.2.3.2).
Consequently, under a hosted environment supporting this common extension, it is possible to access the environment through a modified form of main():
...
An environment pointer may also become invalidated by subsequent calls to getenv(). (see See ENV34-C. Do not store pointers returned by certain functions for more information.).
Noncompliant Code Example (POSIX)
After a call to the POSIX setenv() function or to another function that modifies the environment, the envp pointer may no longer reference the current environment. The Portable Operating System Interface (POSIX®), Base Specifications, Issue 7 [IEEE Std 1003.1:2013], states:
Unanticipated results may occur if
setenv()changes the external variableenviron. In particular, if the optionalenvpargument tomain()is present, it is not changed, and thus may point to an obsolete copy of the environment (as may any other copy ofenviron).
...
Because envp may no longer point to the current environment, this program has undefined unanticipated behavior.
Compliant Solution (POSIX)
...
According to the Visual C++ reference [MSDN],
The environment block passed to
mainandwmainis a "frozen" copy of the current environment. If you subsequently change the environment via a call to_putenvor_wputenv, the current environment (as returned bygetenv/_wgetenvand the_environ/_wenvironvariable) will change, but the block pointed to byenvpwill not change.
...
Because envp no longer points to the current environment, this program has undefined unanticipated behavior.
Compliant Solution (Windows)
...
Using the envp environment pointer after the environment has been modified can result in undefined behavior.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV31-C | Low | Probable | Medium | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| Supported | |||||||
| Compass/ROSE |
| Cppcheck Premium | 24.9.0 | premium-cert-env31-c | Fully implemented | ||||||
| Helix QAC |
| DF4991, DF4992, DF4993 | |||||||
| LDRA tool suite |
| 118 S | Fully Implemented | ||||||
| Parasoft C/C++test |
| CERT_C-ENV31-a | Do not rely on an environment pointer following an operation that may invalidate it | ||||||
| CERT C: Rule ENV31-C | Checks for environment pointer invalidated by previous operation (rule fully covered) |
Related Vulnerabilities
Search for vulnerabilities resulting , from the violation of this _putenv_s, rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CERT C |
| VOID ENV31-CPP. Do not rely on an environment pointer following an operation that may invalidate it | Prior to 2018-01-12: CERT: Unspecified Relationship |
Bibliography
| [IEEE Std 1003.1:2013] | XSH, System Interfaces, setenv |
| [ISO/IEC 9899: |
| 2024] | J.5. |
| 2, "Environment Arguments" | |
| [MSDN] | getenv, _wgetenv,_putenv_s, _wputenv_s |
...
...