alpine 3.9
shell weakness #11

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

cabextract/src/cabextract-1.9/mspack/lzx.h

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 shell weakness.

  *                           reset, in multiples of LZX frames (32678
 *                           bytes), e.g. a value of 2 indicates the input
 *                           stream resets after every 65536 output bytes.
 *                           A value of 0 indicates that the bitstream never
 *                           resets, such as in CAB LZX streams.
 * @param input_buffer_size  the number of bytes to use as an input
 *                           bitstream buffer.
 * @param output_length      the length in bytes of the entirely
 *                           decompressed output stream, if known in
 *                           advance. It is used to correctly perform the
 *                           Intel E8 transformation, which must stop 6
 *                           bytes before the very end of the
 *                           decompressed stream. It is not otherwise used
 *                           or adhered to. If the full decompressed
 *                           length is known in advance, set it here.
 *                           If it is NOT known, use the value 0, and call
 *                           lzxd_set_output_length() once it is
 *                           known. If never set, 4 of the final 6 bytes
 *                           of the output stream may be incorrect.
 * @param is_delta           should be zero for all regular LZX data,
 *                           non-zero for LZX DELTA encoded data.
 * @return a pointer to an initialised lzxd_stream structure, or NULL if
 * there was not enough memory or parameters to the function were wrong.
 */
extern struct lzxd_stream *lzxd_init(struct mspack_system *system,
                                     struct mspack_file *input,
                                     struct mspack_file *output,
                                     int window_bits,
                                     int reset_interval,
                                     int input_buffer_size,
                                     off_t output_length,
                                     char is_delta);

/* see description of output_length in lzxd_init() */
extern void lzxd_set_output_length(struct lzxd_stream *lzx,
                                   off_t output_length);

/**
 * Reads LZX DELTA reference data into the window and allows
 * lzxd_decompress() to reference it.
 *
 * Call this before the first call to lzxd_decompress().

 * @param lzx    the LZX stream to apply this reference data to
 * @param system an mspack_system implementation to use with the
 *               input param. Only read() will be called.
 * @param input  an input file handle to read reference data using
 *               system->read().
 * @param length the length of the reference data. Cannot be longer
 *               than the LZX window size. 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.