fedora 25
shell weakness #35

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

inventor/lib/database/include/Inventor/fields/SoSFLong.h

Context:

The highlighted line of code below is the trigger point of this particular Fedora 25 shell weakness.

  |
 |   Author(s)		: Paul S. Strauss
 |
 ______________  S I L I C O N   G R A P H I C S   I N C .  ____________
 _______________________________________________________________________
 */

#ifndef  _SO_SF_LONG_
#define  _SO_SF_LONG_

#ifndef IV_STRICT
#include <Inventor/fields/SoSFInt32.h>
typedef SoSFInt32 SoSFLong;

#else
 
Error.  SoSFLong invalid with -DIV_STRICT.   See <Inventor/fields/SoSFLong.h>
------
Inventor now provides So*Int32 types in place of So*Long types to simplify
porting to other architectures and operating systems.  

You should use SoSFInt32 in place of SoSFLong and also change longs in your
code to the appropriate sized typedef from <inttypes.h>.   The perl script  
/usr/sbin/longToInt32  can assist you making this transition.  Note that not 
all longs should be changed as some are determined by other system include 
files.
_____________________________________________________________________________

#endif /* IV_STRICT */

#endif /* _SO_SF_LONG_ */ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.