alpine 3.8
shell weakness #8

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

feh/src/feh-2.26/src/imlib.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.8 shell weakness.

 		_exit(1);
	}
	else {
		waitpid(pid, &status, 0);

		if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
			im_weprintf(w,
					"lossless %s: Got exitcode %d from jpegtran."
					" Commandline was: "
					"jpegtran -copy all %s %s -outfile %s %s",
					op_name, status >> 8, op_op, op_value, file_str, file_str);
			free(file_str);
			return;
		}
	}
	if ((pid = fork()) < 0) {
		im_weprintf(w, "lossless %s: fork failed while updating EXIF tags:", op_name);
	}
	else if (pid == 0) {

		/* discard normal output */
		devnull = open("/dev/null", O_WRONLY);
		dup2(devnull, 1);

		execlp("jpegexiforient", "jpegexiforient", "-1", file_str, NULL);
		weprintf("lossless %s: Failed to exec jpegexiforient:", op_name);
		_exit(1);
	}
	else {
		waitpid(pid, &status, 0);

		if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
			im_weprintf(w,
					"lossless %s: Failed to update EXIF orientation tag:"
					" jpegexiforient returned %d",
					op_name, status >> 8);
		}
	}
	free(file_str);
}

void feh_draw_actions(winwidget w)
{
	static Imlib_Font fn = NULL;
	int tw = 0, th = 0;
	int th_offset = 0;
	int max_tw = 0;
	int line_th = 0;
	Imlib_Image im = NULL;
	int i = 0; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.