Page 1 of 1
Questioning the wisdom of GetEnvironmentValue()
Posted: 2007-10-14T15:28:55-07:00
by mi
Why does the function exist? Why not simply call getenv() -- an API, which has existed since forever?
If the call needs to be wrapped, why bother returning a malloc-ed copy of the string (which will then need to be free-ed) -- the value can't change once the process is running (except by the process itself)...
So, what's the purpose? Thanks!
Re: Questioning the wisdom of GetEnvironmentValue()
Posted: 2007-10-14T15:59:09-07:00
by magick
Secure programming principles require that we don't rely on the value returned by getenv(). ImageMagick is an API. The calling program could, for example, change an environment variable between the time we get the value and when it is accessed. To be safe we immediately save the value to a local string variable.
Re: Questioning the wisdom of GetEnvironmentValue()
Posted: 2007-10-14T20:23:33-07:00
by mi
magick wrote:Secure programming principles require that we don't rely on the value returned by getenv().
Mmm, you must be referring to a principle, I'm unfamiliar with... Could you elaborate? Why is it insecure to rely on the value returned by getenv()?
Re: Questioning the wisdom of GetEnvironmentValue()
Posted: 2007-10-14T20:33:46-07:00
by magick
See
https://www.securecoding.cert.org/confl ... ment+(ENV) . Select ENV00-A. Do not store the pointer to the string returned by getenv(). In summary it says: make a copy of the referenced string returned by getenv() so that this copy may be safely referenced at a later time.