A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.
This causes a new program to execute and is difficult to use safely.
The highlighted line of code below is the trigger point of this particular Alpine 3.9 shell weakness.
/* huffman code lengths */ unsigned char LITERAL_len[MSZIP_LITERAL_MAXSYMBOLS]; unsigned char DISTANCE_len[MSZIP_DISTANCE_MAXSYMBOLS]; /* huffman decoding tables */ unsigned short LITERAL_table [MSZIP_LITERAL_TABLESIZE]; unsigned short DISTANCE_table[MSZIP_DISTANCE_TABLESIZE]; /* 32kb history window */ unsigned char window[MSZIP_FRAME_SIZE]; }; /* allocates MS-ZIP decompression stream for decoding the given stream. * * - uses system->alloc() to allocate memory * * - returns NULL if not enough memory * * - input_buffer_size is how many bytes to use as an input bitstream buffer * * - if repair_mode is non-zero, errors in decompression will be skipped * and 'holes' left will be filled with zero bytes. This allows at least * a partial recovery of erroneous data. */ extern struct mszipd_stream *mszipd_init(struct mspack_system *system, struct mspack_file *input, struct mspack_file *output, int input_buffer_size, int repair_mode); /* decompresses, or decompresses more of, an MS-ZIP stream. * * - out_bytes of data will be decompressed and the function will return * with an MSPACK_ERR_OK return code. * * - decompressing will stop as soon as out_bytes is reached. if the true * amount of bytes decoded spills over that amount, they will be kept for * a later invocation of mszipd_decompress(). * * - the output bytes will be passed to the system->write() function given in * mszipd_init(), using the output file handle given in mszipd_init(). More * than one call may be made to system->write() * * - MS-ZIP will read input bytes as necessary using the system->read() * function given in mszipd_init(), using the input file handle given in * mszipd_init(). This will continue until system->read() returns 0 bytes, * or an error. */ extern int mszipd_decompress(struct mszipd_stream *zip, off_t out_bytes);