fedora 25
shell weakness #18

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

inventor/apps/samples/widgets/MyTextureEd.c++

Context:

The highlighted line of code below is the trigger point of this particular Fedora 25 shell weakness.

 #define IMAGE_NUM   5
#define IMAGE_TOTAL (IMAGE_NUM*IMAGE_NUM)
#define IMAGE_SPACE 2
#define GLX_SIZE    (IMAGE_NUM * IMAGE_SIZE + (IMAGE_NUM + 1) * IMAGE_SPACE)

// ??? doing a GL_LINE_LOOP seems to be missing the top right
// ??? pixel due to subpixel == TRUE in openGL.
#define RECT(x1, y1, x2, y2) \
	glBegin(GL_LINE_STRIP); \
	glVertex2s(x2, y2); glVertex2s(x1, y2); \
	glVertex2s(x1, y1); glVertex2s(x2, y1); \
	glVertex2s(x2, y2+1); \
	glEnd();

struct TextureNameStruct {
    char    *name;
    char    *fullName;
    int	    zsize;
    char    *iconImage;
};

struct PaletteStruct {
    char    *name;
    SbBool  user;
    SbBool  system;
};


/*
 * static vars
 */


static char *customTextureDir = ".textures";
static char *defaultDir = IVTEXTURESDIR;
static char *editorTitle = "Texture Editor";
static char *noFileNameStr = "<empty>";

#define hourglass_width 32
#define hourglass_height 32
#define hourglass_x_hot 16
#define hourglass_y_hot 16
static char hourglass_bits[] = {
   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
   0x00, 0xfe, 0xff, 0x00, 0x00, 0x04, 0x40, 0x00, 0x00, 0x04, 0x40, 0x00,
   0x00, 0x04, 0x40, 0x00, 0x00, 0xe8, 0x2e, 0x00, 0x00, 0xd0, 0x17, 0x00,
   0x00, 0xa0, 0x0b, 0x00, 0x00, 0x40, 0x05, 0x00, 0x00, 0x40, 0x05, 0x00,
   0x00, 0x40, 0x04, 0x00, 0x00, 0x40, 0x04, 0x00, 0x00, 0x40, 0x04, 0x00,
   0x00, 0x20, 0x09, 0x00, 0x00, 0x10, 0x11, 0x00, 0x00, 0x88, 0x23, 0x00, 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.