fedora 23
shell weakness #19


Weakness Breakdown


A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:



The highlighted line of code below is the trigger point of this particular Fedora 23 shell weakness.

     return true;

SocketInput::accept_connection(const std::string &name)
    std::map<std::string, std::string> rest_args;
    std::string baseurl;
    rest_args["port"] = socket_pvt::default_port;
    rest_args["host"] = socket_pvt::default_host;

    if (! Strutil::get_rest_arguments (name, baseurl, rest_args)) {
        error ("Invalid 'open ()' argument: %s", name.c_str ());
        return false;

    int port = atoi (rest_args["port"].c_str ());

    try {
        acceptor = boost::shared_ptr <ip::tcp::acceptor>
            (new ip::tcp::acceptor (io, ip::tcp::endpoint (ip::tcp::v4(), port)));
        acceptor->accept (socket);
    } catch (boost::system::system_error &err) {
        error ("Error while accepting: %s", err.what ());
        return false;
    } catch (...) {
        error ("Error while accepting: unknown exception");
        return false;

    return true;

SocketInput::get_spec_from_client (ImageSpec &spec)
    try {
        int spec_length;
        boost::asio::read (socket, buffer (reinterpret_cast<char *> (&spec_length),
                sizeof (boost::uint32_t)));

        char *spec_xml = new char[spec_length + 1];
        boost::asio::read (socket, buffer (spec_xml, spec_length));

        spec.from_xml (spec_xml); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.