用C污点字符串 [英] Tainted string in C

问题描述

我在我的文件操作功能运行Coverity的工具，并得到以下错误。

I'm running Coverity tool in my file operation function and getting the following error.

正如你可以看到下面，我有问题通过该变量在错误消息中显示的行号之前使用的snprintf（）。我想这串的一些消毒必须做作为的snprintf（）的一部分。但仍显示警告。

As you can see below, I'm using an snprintf() before passing this variable in question to the line number shown in the error message. I guess that some sanitization of the string has to be done as a part of that snprintf(). But still the warning is shown.

Error:TAINTED_STRING (TAINTED string "fn" was passed to a tainted string sink content.) [coverity]

char fn[100]; int id = 0;
char* id_str = getenv("ID");
if (id_str) {
    id = atoi(id_str);
}
memset(fn, '\0', sizeof(fn));
snprintf(fn, 100, LOG_FILE, id);
if(fn[100-1] != '\0') {
     fn[100-1] = '\0';
}
log_fp = fopen (fn, "a");

任何帮助将是非常美联社preciated。

Any help would be highly appreciated.

推荐答案

请尝试以下操作：

char* id_str = getenv("ID");
if (id_str) {
   id_str = strdup(id_str);
   id = atoi(id_str);
   free( id_str );
}

传递给fopen的 FN 字符串由环境变量污染。使用的strdup可以充当消毒

The fn string passed to fopen is tainted by an environment variable. Using strdup may act as "sanitizing".

这篇关于用C污点字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！