Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

fedora 23
shell weakness #2

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

3Depict-0.0.18/src/common/basics.cpp

Context:

The highlighted line of code below is the trigger point of this particular Fedora 23 shell weakness.

 
#ifdef DEBUG
bool isValidXML(const char *filename)
{
	//Debug check to ensure we have written a valid xml file
	std::string command;
	unsigned int result;
	
//Windows doesn't really have  a /dev/null device, rather it has a reserved file name "NUL" or "nul"
//http://technet.microsoft.com/en-gb/library/cc961816.aspx
#if defined(WIN32) || defined(WIN64)
	command = std::string("xmllint --version > NUL 2> NUL");
#else
	command = std::string("xmllint --version >/dev/null 2>/dev/null");
#endif
	result=system(command.c_str());
	if(!result)
	{
	//Windows' shell handles escapes differently, workaround
	#if defined(WIN32) || defined(WIN64)
		command = std::string("xmllint --noout \"") + filename + string("\"");
	#else
		command = std::string("xmllint --noout \'") + filename + string("\'");
	#endif
		result=system(command.c_str());
		return result ==0;
	}

	//Debug check ineffective
	WARN(!result,"xmllint not installed in system PATH, cannot perform debug check")
	return true;
}
#endif 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.