fedora 23
shell weakness #16

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

oiio-Release-1.5.24/src/libutil/filesystem.cpp

Context:

The highlighted line of code below is the trigger point of this particular Fedora 23 shell weakness.

 std::string
Filesystem::unique_path (string_view model)
{
#if BOOST_FILESYSTEM_VERSION >= 3
    boost::system::error_code ec;
    boost::filesystem::path p = boost::filesystem::unique_path (model.str(), ec);
    return ec ? std::string() : p.string();
#elif _MSC_VER
    char buf[TMP_MAX];
    char *result = tmpnam (buf);
    return result ? std::string(result) : std::string();
#else
    char buf[L_tmpnam];
    char *result = tmpnam (buf);
    return result ? std::string(result) : std::string();
#endif
}



std::string
Filesystem::current_path()
{
#if BOOST_FILESYSTEM_VERSION >= 3
    boost::system::error_code ec;
    boost::filesystem::path p = boost::filesystem::current_path (ec);
    return ec ? std::string() : p.string();
#else
    // Fallback if we don't have recent Boost
    char path[FILENAME_MAX];
#ifdef _WIN32
    bool ok = _getcwd (path, sizeof(path));
#else
    bool ok = getcwd (path, sizeof(path));
#endif
    return ok ? std::string(path) : std::string();
#endif
}



FILE*
Filesystem::fopen (string_view path, string_view mode)
{
#ifdef _WIN32
    // on Windows fopen does not accept UTF-8 paths, so we convert to wide char
    std::wstring wpath = Strutil::utf8_to_utf16 (path);
    std::wstring wmode = Strutil::utf8_to_utf16 (mode);

    return ::_wfopen (wpath.c_str(), wmode.c_str()); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.