alpine 3.8
shell weakness #31

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

expect/src/expect5.45.4/exp_command.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.8 shell weakness.

      * command name is at index.
     */

    argv = (char**) ckalloc ((objc+1)*sizeof(char*));

    for (k=i+1,j=1;k<objc;k++,j++) {
	argv[j] = ckalloc (1+strlen(Tcl_GetString (objv[k])));
	strcpy (argv[j],Tcl_GetString (objv[k]));
    }
    argv[j] = NULL;

    /* command, handle '-' */
    command = Tcl_GetString (objv[i]);
    argv[0] = ckalloc (2+strlen(command));
    if (dash_name) {
	argv [0][0] = '-';
	strcpy (argv[0]+1,command);
    } else {
	strcpy (argv[0],command);
    }

    signal(SIGINT, SIG_DFL);
    signal(SIGQUIT, SIG_DFL);

    (void) execvp(command,argv);

    for (k=0;k<objc;k++) {
	ckfree (argv[k]);
    }
    ckfree ((char*)argv);

    exp_error(interp,"execvp(%s): %s\r\n",
	    Tcl_GetString(objv[0]),
	    Tcl_PosixError(interp));
    return(TCL_ERROR);
}

/*ARGSUSED*/
int
Exp_InterpreterObjCmd(
    ClientData clientData,
    Tcl_Interp *interp,
    int objc,
    Tcl_Obj *CONST objv[])		/* Argument objects. */
{
    Tcl_Obj *eofObj = 0;
    int i;
    int index;
    int rc;
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.