alpine 3.7
shell weakness #34

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

gvfs/src/gvfs-1.34.1/daemon/gvfsbackendftp.h

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.7 shell weakness.

 #define G_VFS_IS_BACKEND_FTP_CLASS(k)  (G_TYPE_CHECK_CLASS_TYPE ((k), G_VFS_TYPE_BACKEND_FTP))
#define G_VFS_BACKEND_FTP_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), G_VFS_TYPE_BACKEND_FTP, GVfsBackendFtpClass))

typedef struct _GVfsBackendFtp        GVfsBackendFtp;
typedef struct _GVfsBackendFtpClass   GVfsBackendFtpClass;

struct _GVfsBackendFtp
{
  GVfsBackend           backend;

  GSocketConnectable *  addr;
  GSocketClient *       connection_factory;
  char *                user;
  gboolean              has_initial_user;
  char *                password;	        /* password or NULL for anonymous */
  char *                host_display_name;

  /* ftps support */
  gboolean              use_tls;
  GSocketConnectable *  server_identity;        /* Server identity used for verification */
  GTlsCertificate *     certificate;            /* Initial server certificate */
  GTlsCertificateFlags  certificate_errors;     /* Errors received during TLS handshake */
  GMountSource *        mount_source;           /* Only used during do_mount */

  GVfsFtpSystem         system;                 /* the system from the SYST response */
  int                   features;               /* GVfsFtpFeatures that are supported */
  int                   workarounds;            /* GVfsFtpWorkarounds in use - int because it's atomic */
  int                   method;                 /* preferred GVfsFtpMethod - int because it's atomic */

  /* directory cache */
  const GVfsFtpDirFuncs *dir_funcs;             /* functions used in directory cache */
  GVfsFtpDirCache *     dir_cache;              /* directory cache */

  /* connection collection - accessed from gvfsftptask.c */
  GMutex                mutex;                  /* mutex protecting the following variables */
  GCond                 cond;                   /* cond used to signal tasks waiting on the mutex */
  GQueue *              queue;                  /* queue containing the connections */
  guint                	connections;            /* current number of connections */
  guint                 busy_connections;       /* current number of connections being used for reads/writes */
  guint                	max_connections;        /* upper server limit for number of connections - dynamically generated */
};

struct _GVfsBackendFtpClass
{
  GVfsBackendClass parent_class;
};

GType g_vfs_backend_ftp_get_type (void) G_GNUC_CONST;

gboolean        g_vfs_backend_ftp_has_feature           (GVfsBackendFtp *       ftp, 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.