Untrusted Input from getenv or curl_getenv
Description
The return value of getenv or curl_getenv should be treated as untrusted input as it could be modified by an attacker, potentially leading to buffer overflows, malicious file usage, or unauthorized file access.
Examples
Insecure Code
c
char *path = getenv("PATH");
system(path);Secure Code
c
char *path = getenv("PATH");
if (path != NULL && strlen(path) < 1024) {
// validate and sanitize path
system(path);
}Remediation
Validate and sanitize the return value of getenv or curl_getenv before using it in security decisions.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0566 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-807 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | injection, untrusted input |
| OWASP | A1:2017-Injection, A03:2021-Injection |