severity 482538 important thanks Raise to "important" due to CERT recommendation of safe use of getenv() https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=1703960
"The getenv function returns a pointer to a string associated with the matched list member. The string pointed to shall not be modified by the program but may be overwritten by a subsequent call to the getenv function (...) Storing the pointer for later use can result in a dangling pointer or a pointer to incorrect data. This string should be referenced immediately and discarded; if later use is anticipated, the string should be copied so the copy can be safely referenced as needed." -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
