fedora 23
shell weakness #14

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

oiio-Release-1.5.24/src/libutil/filesystem.cpp

Context:

The highlighted line of code below is the trigger point of this particular Fedora 23 shell weakness.

 unsigned long long
Filesystem::remove_all (string_view path, std::string &err)
{
#if BOOST_FILESYSTEM_VERSION >= 3
    boost::system::error_code ec;
    unsigned long long n = boost::filesystem::remove_all (path.str(), ec);
    if (!ec)
        err.clear();
    else
        err = ec.message();
    return n;
#else
    unsigned long long n = boost::filesystem::remove_all (path.str());
    err.clear();
    return n;
#endif
}



std::string
Filesystem::temp_directory_path()
{
#if BOOST_FILESYSTEM_VERSION >= 3
    boost::system::error_code ec;
    boost::filesystem::path p = boost::filesystem::temp_directory_path (ec);
    return ec ? std::string() : p.string();
#else
    const char *tmpdir = getenv("TMPDIR");
    if (! tmpdir)
        tmpdir = getenv("TMP");
    if (! tmpdir)
        tmpdir = "/var/tmp";
    if (exists (tmpdir))
        return tmpdir;
    // punt and hope for the best
    return ".";
#endif
}



std::string
Filesystem::unique_path (string_view model)
{
#if BOOST_FILESYSTEM_VERSION >= 3
    boost::system::error_code ec;
    boost::filesystem::path p = boost::filesystem::unique_path (model.str(), ec);
    return ec ? std::string() : p.string();
#elif _MSC_VER 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.