fedora 24
shell weakness #19

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

GREYCstoration-2.8/src/CImg.h

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 shell weakness.

                               "Path of 'medcon' : \"%s\"\n"
                              "Path of temporary filename : \"%s\"",
                              pixel_type(),filename,cimg::medcon_path(),filetmp);
      } else cimg::fclose(file);
      load_analyze(command);
      std::remove(command);
      std::sprintf(command,"m000-%s.img",body);
      std::remove(command);
      return *this;
    }

    //! Load an image using ImageMagick's convert.
    static CImg<T> get_load_imagemagick(const char *const filename) {
      return CImg<T>().load_imagemagick(filename);
    }

    CImg<T>& load_imagemagick(const char *const filename) {
      char command[1024], filetmp[512];
      std::FILE *file = 0;
      do {
        std::sprintf(filetmp,"%s%s%s.ppm",cimg::temporary_path(),cimg_OS==2?"\\":"/",cimg::filenamerand());
        if ((file=std::fopen(filetmp,"rb"))!=0) std::fclose(file);
      } while (file);
      std::sprintf(command,"%s \"%s\" %s",cimg::imagemagick_path(),filename,filetmp);
      cimg::system(command,cimg::imagemagick_path());
      if (!(file = std::fopen(filetmp,"rb"))) {
        cimg::fclose(cimg::fopen(filename,"r"));
        throw CImgIOException("CImg<%s>::load_imagemagick() : Failed to open image '%s'.\n\n"
                              "Path of 'ImageMagick's convert' : \"%s\"\n"
                              "Path of temporary filename : \"%s\"",
                              pixel_type(),filename,cimg::imagemagick_path(),filetmp);
      } else cimg::fclose(file);
      load_pnm(filetmp);
      std::remove(filetmp);
      return *this;
    }

    //! Load an image using GraphicsMagick's convert.
    static CImg<T> get_load_graphicsmagick(const char *const filename) {
      return CImg<T>().load_graphicsmagick(filename);
    }

    CImg<T>& load_graphicsmagick(const char *const filename) {
      char command[1024], filetmp[512];
      std::FILE *file = 0;
      do {
        std::sprintf(filetmp,"%s%s%s.ppm",cimg::temporary_path(),cimg_OS==2?"\\":"/",cimg::filenamerand());
        if ((file=std::fopen(filetmp,"rb"))!=0) std::fclose(file);
      } while (file);
      std::sprintf(command,"%s convert \"%s\" %s",cimg::graphicsmagick_path(),filename,filetmp); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.