{"componentChunkName":"component---src-templates-post-template-js","path":"/clang-envp-en","result":{"data":{"markdownRemark":{"id":"1c3901c2-190c-5380-b114-8a17007dc228","html":"
\n

This page has been machine-translated from the original page.

\n
\n

About the third argument *envp[] of the C main function

\n

This time, I will summarize the third argument that can be used when defining the main function in C.

\n

The other day, while looking at the decompiled output from a certain CTF, I came across a main function that takes three arguments, like int main(int argc, char *argv[], char *envp[]).

\n

This third environment-variable argument, *envp[], is defined as follows in the C standard, and it seems to store pointers to the environment variables in the execution environment.

\n
\n

In a hosted environment, the main function takes a third argument, char *envp[].

\n

This argument points to a null-terminated array of pointers to char. Each pointer to char points to a string that provides information about the environment in which the program is executed.

\n
\n

The main function you usually see in C takes the following two arguments.

\n
#include <stdio.h>\n\nint main(int argc, char *argv[]) {\n    printf(\"%d\\n\", argc);\n    while(*argv)\n    {\n        printf(\"%s\\n\", *argv++);\n    }\n    return 0;\n}
\n

These are, respectively, the following arguments.

\n\n

If you actually compile this source code into an executable named test.o and run it, you get the following output.

\n
$ ./test.o arg1 arg2 arg2\n4\n./test.o\narg1\narg2\narg2
\n

Now, take a look at the following main function, which takes a third argument, *envp[].

\n
#include <stdio.h>\n\nint main(int argc, char *argv[], char *envp[]) {\n    while(*envp)\n    {\n        printf(\"%s\\n\", *envp++);\n    }\n    return 0;\n}
\n

When you run this code, every environment variable is printed one per line.

\n
$ ./test.o \nSHELL=/bin/bash\nSESSION_MANAGER=local/parrot:@/tmp/.ICE-unix/1393,unix/parrot:/tmp/.ICE-unix/1393\n{{ omitted }}\nPATH=/home/parrot/.local/bin:/snap/bin\nDBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus\nUID=1000\nQT_SCALE_FACTOR=1\n_=./test.o\nOLDPWD=/home/parrot
\n

This is equivalent to the output you get by running the env command.

\n

By the way, if you ignore all environment variables with env -i, explicitly set an environment variable named Test=Test at execution time, and then run it, only Test=Test is printed.

\n
$ env -i Test=Test ./test.o \nTest=Test
\n

From this, you can see that the third argument *envp[] is an argument for retrieving the environment variables of the environment in which the program is executed.

\n

*envp[] in secure coding

\n

While looking into the third argument *envp[], I found an interesting article.

\n
\n

If the environment is modified in some way, the environment’s memory area may be reallocated, and as a result envp may end up pointing to the wrong location.

\n

Reference: ENV31-C. Do not reference an environment pointer following an operation that may invalidate it

\n
\n

As the JPCERT/CC article above explains, if the environment variables are modified in some way after the program starts, the memory area used by *envp[] to refer to the environment variables is reallocated.

\n

In other words, if you change the environment in some way and then use the pointer from the third argument *envp[], it may cause problems.

\n

Based on the above, when using environment variables inside a program, it seems recommended to use extern char **environ; on Linux, or _CRTIMP extern char **_environ; on Windows, if those are defined.

\n

Summary

\n

This was the first time I had learned about this feature, so I went back and reread Even Cats Can Understand C Programming, which is personally my favorite introductory C book. However, the section on main function arguments only discussed argc and *argv[], and did not mention the third argument *envp[] at all.

\n

Maybe it is a slightly niche feature that does not show up at the beginner-book level.

\n

Update (July 7, 2021)

\n

In fact, J.5 Common extensions, which defines the third environment-variable argument *envp[], is not strictly part of the C language specification itself, but is defined as an extension, so it does not seem to be portable across all implementations.

\n

There are still parts I do not fully understand, but it seems my understanding that this was part of “the C language specification” was incorrect.

","fields":{"slug":"/clang-envp-en","tagSlugs":["/tag/c-en/","/tag/english/"]},"frontmatter":{"date":"2021-10-01","description":"This article explains the third argument that can be used when defining the `main` function in C.","tags":["C (en)","English"],"title":"Using the third argument *envp[] of the main function to read environment variables","socialImage":{"publicURL":"/static/dc4d8b7f8795f3c3d3489d9957d155f2/no-image.png"}}}},"pageContext":{"slug":"/clang-envp-en"}},"staticQueryHashes":["251939775","401334301","825871152"]}