fedora 23
shell weakness #21

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

oiio-Release-1.5.24/src/socket.imageio/socketoutput.cpp

Context:

The highlighted line of code below is the trigger point of this particular Fedora 23 shell weakness.

                     OpenMode mode)
{
    if (! (connect_to_server (name) && send_spec_to_server (newspec))) {
        return false;
    }

    m_next_scanline = 0;
    m_spec = newspec;
    if (m_spec.format == TypeDesc::UNKNOWN)
        m_spec.set_format (TypeDesc::UINT8);  // Default to 8 bit channels

    return true;
}



bool
SocketOutput::write_scanline (int y, int z, TypeDesc format,
                              const void *data, stride_t xstride)
{
    data = to_native_scanline (format, data, xstride, m_scratch);

    try {
        socket_pvt::socket_write (socket, format, data, m_spec.scanline_bytes ());
    } catch (boost::system::system_error &err) {
        error ("Error while writing: %s", err.what ());
        return false;
    } catch (...) {
        error ("Error while writing: unknown exception");
        return false;
    }

    ++m_next_scanline;

    return true;
}



bool
SocketOutput::write_tile (int x, int y, int z,
                          TypeDesc format, const void *data,
                          stride_t xstride, stride_t ystride, stride_t zstride)
{
    data = to_native_tile (format, data, xstride, ystride, zstride, m_scratch);

    try {
        socket_pvt::socket_write (socket, format, data, m_spec.tile_bytes ());
    } catch (boost::system::system_error &err) {
        error ("Error while writing: %s", err.what ()); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.