alpine 3.9
shell weakness #21


Weakness Breakdown


A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.9 shell weakness.


  /* return success */
  return 0;

/* inflate() calls this whenever the window should be flushed. As
 * MSZIP only expands to the size of the window, the implementation used
 * simply keeps track of the amount of data flushed, and if more than 32k
 * is flushed, an error is raised.
static int mszipd_flush_window(struct mszipd_stream *zip,
                               unsigned int data_flushed)
  zip->bytes_output += data_flushed;
  if (zip->bytes_output > MSZIP_FRAME_SIZE) {
    D(("overflow: %u bytes flushed, total is now %u",
       data_flushed, zip->bytes_output))
    return 1;
  return 0;

struct mszipd_stream *mszipd_init(struct mspack_system *system,
                                  struct mspack_file *input,
                                  struct mspack_file *output,
                                  int input_buffer_size,
                                  int repair_mode)
  struct mszipd_stream *zip;

  if (!system) return NULL;

  /* round up input buffer size to multiple of two */
  input_buffer_size = (input_buffer_size + 1) & -2;
  if (input_buffer_size < 2) return NULL;

  /* allocate decompression state */
  if (!(zip = (struct mszipd_stream *) system->alloc(system, sizeof(struct mszipd_stream)))) {
    return NULL;

  /* allocate input buffer */
  zip->inbuf  = (unsigned char *) system->alloc(system, (size_t) input_buffer_size);
  if (!zip->inbuf) {
    return NULL;

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.