Questioning the wisdom of GetEnvironmentValue()

mi · Post by mi » 2007-10-14T15:28:55-07:00

Why does the function exist? Why not simply call getenv() -- an API, which has existed since forever?

If the call needs to be wrapped, why bother returning a malloc-ed copy of the string (which will then need to be free-ed) -- the value can't change once the process is running (except by the process itself)...

So, what's the purpose? Thanks!

Post by **magick** » 2007-10-14T15:59:09-07:00

Secure programming principles require that we don't rely on the value returned by getenv(). ImageMagick is an API. The calling program could, for example, change an environment variable between the time we get the value and when it is accessed. To be safe we immediately save the value to a local string variable.

mi · Post by mi » 2007-10-14T20:23:33-07:00

magick wrote:Secure programming principles require that we don't rely on the value returned by getenv().

Mmm, you must be referring to a principle, I'm unfamiliar with... Could you elaborate? Why is it insecure to rely on the value returned by getenv()?

Post by **magick** » 2007-10-14T20:33:46-07:00

See https://www.securecoding.cert.org/confl ... ment+(ENV) . Select ENV00-A. Do not store the pointer to the string returned by getenv(). In summary it says: make a copy of the referenced string returned by getenv() so that this copy may be safely referenced at a later time.

Legacy ImageMagick Discussions Archive

Questioning the wisdom of GetEnvironmentValue()

Questioning the wisdom of GetEnvironmentValue()

Re: Questioning the wisdom of GetEnvironmentValue()

Re: Questioning the wisdom of GetEnvironmentValue()

Re: Questioning the wisdom of GetEnvironmentValue()