centos 6
shell weakness #14

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

gst-plugins-good-0.10.23/ext/dv/gstsmptetimecode.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 shell weakness.

       frame_number /= 60;
      time_code->minutes = frame_number % 60;
      frame_number /= 60;
      time_code->hours = frame_number;
      break;
  }

  return TRUE;
}

/**
 * gst_smpte_time_code_is_valid:
 * @system: SMPTE Time Code system
 * @time_code: pointer to time code structure
 *
 * Checks that the time code represents a valid time code.
 *
 * Returns: TRUE if the time code is valid
 */
gboolean
gst_smpte_time_code_is_valid (GstSMPTETimeCodeSystem system,
    GstSMPTETimeCode * time_code)
{
  g_return_val_if_fail (time_code != NULL, FALSE);
  g_return_val_if_fail (GST_SMPTE_TIME_CODE_SYSTEM_IS_VALID (system), FALSE);

  if (time_code->hours < 0 || time_code->hours >= 24)
    return FALSE;
  if (time_code->minutes < 0 || time_code->minutes >= 60)
    return FALSE;
  if (time_code->seconds < 0 || time_code->seconds >= 60)
    return FALSE;
  if (time_code->frames < 0)
    return FALSE;

  switch (system) {
    case GST_SMPTE_TIME_CODE_SYSTEM_30:
      if (time_code->frames >= 30)
        return FALSE;
      if (time_code->frames >= 2 || time_code->seconds > 0)
        return TRUE;
      if (time_code->minutes % 10 != 0)
        return FALSE;
      break;
    case GST_SMPTE_TIME_CODE_SYSTEM_25:
      if (time_code->frames >= 25)
        return FALSE;
      break;
    case GST_SMPTE_TIME_CODE_SYSTEM_24:
      if (time_code->frames >= 24) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.