fedora 23
shell weakness #8

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

oiio-Release-1.5.24/src/include/OpenImageIO/optparser.h

Context:

The highlighted line of code below is the trigger point of this particular Fedora 23 shell weakness.

     bool ok = true;
    size_t len = optstring.length();
    size_t pos = 0;
    while (pos < len) {
        std::string opt;
        bool inquote = false;
        while (pos < len) {
            unsigned char c = optstring[pos];
            if (c == '\"') {
                // Hit a double quote -- toggle "inquote" and add the quote
                inquote = !inquote;
                opt += c;
                ++pos;
            } else if (c == ',' && !inquote) {
                // Hit a comma and not inside a quote -- we have an option
                ++pos;  // skip the comma
                break;  // done with option
            } else {
                // Anything else: add to the option
                opt += c;
                ++pos;
            }
        }
        // At this point, opt holds an option
        ok &= optparse1 (system, opt);
    }
    return ok;
}


}
OIIO_NAMESPACE_EXIT

#endif // OPENIMAGEIO_OPTPARSER_H 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.