DOCUMENT:Q129479  29-JUL-2001  [visualc]
TITLE   :PRB: _searchenv() Does Not Check the Buffer Size
PRODUCT :Microsoft C Compiler
PROD/VER:2.1 4.0 5.0
OPER/SYS:
KEYWORDS:kbCRT kbVC kbVC210 kbVC400 kbVC500 kbVC600

======================================================================
-------------------------------------------------------------------------------
The information in this article applies to:

 - The C Run-Time (CRT), included with:
    - Microsoft Visual C++, 32-bit Editions, versions 2.1, 4.0, 5.0, 6.0, on platform(s):
       - the hardware: Intel x86 
-------------------------------------------------------------------------------

SYMPTOMS
========

If _searchenv() is called with a pathname buffer (third parameter) that has a
length shorter than the length of the fully qualified path name returned, the
function will overwrite the buffer.

CAUSE
=====

As the documentation states, "You must ensure that there is sufficient space for
the constructed path." A number of CRT routines, including _searchenv(), do not
take a size parameter and cannot check to see if the buffer passed is big enough
to hold the data. It is up to the programmer to make sure the buffer is large
enough for the data.

RESOLUTION
==========

To avoid potential access violations that occur because of the overwrite, do one
of the following:

 - Before calling _searchenv(), check to see that the sum of the length of the
   filename and the length of any directory in the environment variable to be
   used (for example, the PATH) does not exceed _MAX_PATH. If it does, give an
   error message to the user.

   -or-

 - Increase the length of buffer (pathname) passed to _searchenv() so that it is
   at least as big as the sum of the length of the filename and the length of
   the longest directory in the environment variable to be used.

STATUS
======

This behavior is by design.

Additional query words:

======================================================================
Keywords          : kbCRT kbVC kbVC210 kbVC400 kbVC500 kbVC600 
Technology        : kbVCsearch kbAudDeveloper kbCRT
Version           : 2.1 4.0 5.0
Issue type        : kbprb

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.  MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.  SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 2001.