Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

fedora 24
shell weakness #3

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

IQmol-145ca0510991bb8145d6bdcbb1644aad10aaf086/src/Configurator/NmrConfigurator.C

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 shell weakness.

 
   QCPGraph* graph(m_plot->addGraph());
   graph->setData(x, y);
   graph->setPen(m_pen);
   graph->setAntialiased(true);
   graph->setSelectedPen(m_selectPen);

   m_plot->yAxis->setRange(-0.00, 1.05*maxIntensity);
   m_plot->yAxis->setLabel("Relative Intensity");
   m_plot->yAxis->setTickLabels(false);
}


void Nmr::on_isotopeCombo_currentIndexChanged(QString const& text)
{
   QString isotope(currentIsotope(text));

   Data::NmrReferenceLibrary& library(Data::NmrReferenceLibrary::instance());
   QList<Data::NmrReference const*> refs(library.filter(isotope));

   QStringList systems;
   QList<Data::NmrReference const*>::iterator iter;
   for (iter = refs.begin(); iter != refs.end(); ++iter) {
       QString system((*iter)->system());
       if (!systems.contains(system)) systems.append(system);
   }

   QComboBox* combo(m_ui->systemCombo);
   combo->clear();
   combo->addItems(systems);

   loadShifts(currentReference(), isotope);

   QPair<double, double> range(standardRange(isotope));
   m_plot->xAxis->setRange(range.first, range.second);

   updatePlot();
}


void Nmr::on_systemCombo_currentIndexChanged(QString const& text)
{
   QString isotope(currentIsotope());

   Data::NmrReferenceLibrary& library(Data::NmrReferenceLibrary::instance());
   QString method(m_data.method());
   QList<Data::NmrReference const*> refs(library.filter(isotope, text, method));

   QStringList methods;
   QList<Data::NmrReference const*>::iterator iter; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.