fedora 24
shell weakness #26

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

oiio-Release-1.6.16/src/include/OpenImageIO/optparser.h

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 shell weakness.

 
/// Parse a string of the form "name=value" and then call
/// system.attribute (name, value), with appropriate type conversions.
template<class C>
inline bool
optparse1 (C &system, const std::string &opt)
{
    std::string::size_type eq_pos = opt.find_first_of ("=");
    if (eq_pos == std::string::npos) {
        // malformed option
        return false;
    }
    std::string name (opt, 0, eq_pos);
    // trim the name
    while (name.size() && name[0] == ' ')
        name.erase (0);
    while (name.size() && name[name.size()-1] == ' ')
        name.erase (name.size()-1);
    std::string value (opt, eq_pos+1, std::string::npos);
    if (name.empty())
        return false;
    char v = value.size() ? value[0] : ' ';
    if ((v >= '0' && v <= '9') || v == '+' || v == '-') {  // numeric
        if (strchr (value.c_str(), '.'))  // float
            return system.attribute (name.c_str(), (float)atof(value.c_str()));
        else  // int
            return system.attribute (name.c_str(), (int)atoi(value.c_str()));
    }
    // otherwise treat it as a string

    // trim surrounding double quotes
    if (value.size() >= 2 &&
            value[0] == '\"' && value[value.size()-1] == '\"')
        value = std::string (value, 1, value.size()-2);

    return system.attribute (name.c_str(), value.c_str());
}



/// Parse a string with comma-separated name=value directives, calling
/// system.attribute(name,value) for each one, with appropriate type
/// conversions.  Examples:
///    optparser(texturesystem, "verbose=1");
///    optparser(texturesystem, "max_memory_MB=32.0");
///    optparser(texturesystem, "a=1,b=2,c=3.14,d=\"a string\"");
template<class C>
inline bool
optparser (C &system, const std::string &optstring)
{ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.