fedora 23
shell weakness #26

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

oiio-Release-1.5.24/src/socket.imageio/socketinput.cpp

Context:

The highlighted line of code below is the trigger point of this particular Fedora 23 shell weakness.

     // If there is a nonzero "nowait" request in the configuration, just
    // return immediately.
    if (config.get_int_attribute ("nowait", 0)) {
        return false;
    }

    if (! (accept_connection (name) && get_spec_from_client (newspec))) {
        return false;
    }
    // Also send information about endianess etc.

    m_spec = newspec;

    return true;
}



bool
SocketInput::read_native_scanline (int y, int z, void *data)
{    
    try {
        boost::asio::read (socket, buffer (reinterpret_cast<char *> (data),
                m_spec.scanline_bytes ()));
    } catch (boost::system::system_error &err) {
        error ("Error while reading: %s", err.what ());
        return false;
    } catch (...) {
        error ("Error while reading: unknown exception");
        return false;
    }

    return true;
}



bool
SocketInput::read_native_tile (int x, int y, int z, void *data)
{
    try {
        boost::asio::read (socket, buffer (reinterpret_cast<char *> (data),
                m_spec.tile_bytes ()));
    } catch (boost::system::system_error &err) {
        error ("Error while reading: %s", err.what ());
        return false;
    } catch (...) {
        error ("Error while reading: unknown exception");
        return false;
    } 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.