alpine 3.8
shell weakness #17

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

icinga2/src/icinga2-2.8.4/lib/base/utility.cpp

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.8 shell weakness.

 		if (s[i] == '%') {
			if (i + 2 > s.GetLength() - 1)
				BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid escape sequence."));

			char ch = HexDecode(s[i + 1]) * 16 + HexDecode(s[i + 2]);
			result << ch;

			i += 2;
		} else
			result << s[i];
	}

	return result.str();
}

#ifndef _WIN32
static String UnameHelper(char type)
{
	/* Unfortunately the uname() system call doesn't support some of the
	* query types we're interested in - so we're using popen() instead. */

	char cmd[] = "uname -X 2>&1";
	cmd[7] = type;

	FILE *fp = popen(cmd, "r");

	if (!fp)
		return "Unknown";

	char line[1024];
	std::ostringstream msgbuf;

	while (fgets(line, sizeof(line), fp) != NULL)
		msgbuf << line;

	pclose(fp);

	String result = msgbuf.str();

	return result.Trim();
}
#endif /* _WIN32 */
static bool ReleaseHelper(String *platformName, String *platformVersion)
{
#ifdef _WIN32
	if (platformName)
		*platformName = "Windows";

	if (platformVersion) {
		*platformVersion = "Vista"; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.