alpine 3.7
shell weakness #20

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

libdvbpsi/src/libdvbpsi-1.3.1/misc/test_dr.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.7 shell weakness.

     BOZO_check_integer(i_ca_system_id, 16)
    BOZO_CLEAN();
  BOZO_end_integer(i_ca_system_id, 16)

  /* check i_ca_pid */
  s_decoded.i_private_length = 0;
  BOZO_init_integer(i_ca_system_id, 0);
  BOZO_init_integer(i_ca_pid, 0);
  BOZO_begin_integer(i_ca_pid, 13)
    BOZO_DOJOB(CA);
    BOZO_check_integer(i_ca_pid, 13)
    BOZO_CLEAN();
  BOZO_end_integer(i_ca_pid, 13)


  BOZO_END(conditional access);

  return i_err;
}

/* system clock */
static int main_system_clock_(void)
{
  BOZO_VARS(system_clock);
  BOZO_START(system clock);

  
  /* check b_external_clock_ref */
  BOZO_init_boolean(b_external_clock_ref, 0);
  BOZO_init_integer(i_clock_accuracy_integer, 0);
  BOZO_init_integer(i_clock_accuracy_exponent, 0);
  BOZO_begin_boolean(b_external_clock_ref)
    BOZO_DOJOB(SystemClock);
    BOZO_check_boolean(b_external_clock_ref)
    BOZO_CLEAN();
  BOZO_end_boolean(b_external_clock_ref)

  /* check i_clock_accuracy_integer */
  BOZO_init_boolean(b_external_clock_ref, 0);
  BOZO_init_integer(i_clock_accuracy_integer, 0);
  BOZO_init_integer(i_clock_accuracy_exponent, 0);
  BOZO_begin_integer(i_clock_accuracy_integer, 6)
    BOZO_DOJOB(SystemClock);
    BOZO_check_integer(i_clock_accuracy_integer, 6)
    BOZO_CLEAN();
  BOZO_end_integer(i_clock_accuracy_integer, 6)

  /* check i_clock_accuracy_exponent */
  BOZO_init_boolean(b_external_clock_ref, 0);
  BOZO_init_integer(i_clock_accuracy_integer, 0); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.