alpine 3.9
shell weakness #30
Weakness Breakdown
Definition:
A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.
Warning code(s):
This causes a new program to execute and is difficult to use safely.
File Name:
cabextract/src/cabextract-1.9/mspack/cabd.c
Context:
The highlighted line of code below is the trigger point of this particular Alpine 3.9 shell weakness.
}
/***************************************
* CABD_SEARCH, CABD_FIND
***************************************
* cabd_search opens a file, finds its extent, allocates a search buffer,
* then reads through the whole file looking for possible cabinet headers.
* if it finds any, it tries to read them as real cabinets. returns a linked
* list of results
*
* cabd_find is the inner loop of cabd_search, to make it easier to
* break out of the loop and be sure that all resources are freed
*/
static struct mscabd_cabinet *cabd_search(struct mscab_decompressor *base,
const char *filename)
{
struct mscab_decompressor_p *self = (struct mscab_decompressor_p *) base;
struct mscabd_cabinet_p *cab = NULL;
struct mspack_system *sys;
unsigned char *search_buf;
struct mspack_file *fh;
off_t filelen, firstlen = 0;
if (!base) return NULL;
sys = self->system;
/* allocate a search buffer */
search_buf = (unsigned char *) sys->alloc(sys, (size_t) self->param[MSCABD_PARAM_SEARCHBUF]);
if (!search_buf) {
self->error = MSPACK_ERR_NOMEMORY;
return NULL;
}
/* open file and get its full file length */
if ((fh = sys->open(sys, filename, MSPACK_SYS_OPEN_READ))) {
if (!(self->error = mspack_sys_filelen(sys, fh, &filelen))) {
self->error = cabd_find(self, search_buf, fh, filename,
filelen, &firstlen, &cab);
}
/* truncated / extraneous data warning: */
if (firstlen && (firstlen != filelen) &&
(!cab || (cab->base.base_offset == 0)))
{
if (firstlen < filelen) {
sys->message(fh, "WARNING; possible %" LD
" extra bytes at end of file.",
filelen - firstlen);
}
else { 
