alpine 3.9
shell weakness #20


Weakness Breakdown


A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.9 shell weakness.

   /* huffman code lengths */

  /* huffman decoding tables */
  unsigned short LITERAL_table [MSZIP_LITERAL_TABLESIZE];

  /* 32kb history window */
  unsigned char window[MSZIP_FRAME_SIZE];

/* allocates MS-ZIP decompression stream for decoding the given stream.
 * - uses system->alloc() to allocate memory
 * - returns NULL if not enough memory
 * - input_buffer_size is how many bytes to use as an input bitstream buffer
 * - if repair_mode is non-zero, errors in decompression will be skipped
 *   and 'holes' left will be filled with zero bytes. This allows at least
 *   a partial recovery of erroneous data.
extern struct mszipd_stream *mszipd_init(struct mspack_system *system,
                                        struct mspack_file *input,
                                        struct mspack_file *output,
                                        int input_buffer_size,
                                        int repair_mode);

/* decompresses, or decompresses more of, an MS-ZIP stream.
 * - out_bytes of data will be decompressed and the function will return
 *   with an MSPACK_ERR_OK return code.
 * - decompressing will stop as soon as out_bytes is reached. if the true
 *   amount of bytes decoded spills over that amount, they will be kept for
 *   a later invocation of mszipd_decompress().
 * - the output bytes will be passed to the system->write() function given in
 *   mszipd_init(), using the output file handle given in mszipd_init(). More
 *   than one call may be made to system->write()
 * - MS-ZIP will read input bytes as necessary using the system->read()
 *   function given in mszipd_init(), using the input file handle given in
 *   mszipd_init(). This will continue until system->read() returns 0 bytes,
 *   or an error.
extern int mszipd_decompress(struct mszipd_stream *zip, off_t out_bytes);

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.