Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

rhel 6
shell weakness #4

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

libIDL-0.8.13/util.c

Context:

The highlighted line of code below is the trigger point of this particular Red Hat Enterprise Linux 6 shell weakness.

 #else
	tmpfilename = filename;
#endif

	cmd = g_strdup_printf (fmt, cwd, cpp_args ? cpp_args : "",
			       tmpfilename, cpperrs);
#endif

       /* Many versions of cpp do evil translating internal
        * strings, producing bogus output, so clobber LC_ALL */
	putenv ("LC_ALL=C");

#ifdef HAVE_POPEN
#if defined (G_OS_WIN32) && !defined (_MSC_VER)
	if (!(parse_flags & IDLF_SHOW_CPP_ERRORS)) {
		int save_stderr = dup (2);
		int null = open ("NUL:", O_WRONLY);
		dup2 (null, 2);
		input = popen (cmd, "r");
		close (2);
		close (null);
		dup2 (save_stderr, 2);
		close (save_stderr);
	} else
		input = popen (cmd, "r");
#else
	input = popen (cmd, "r");
#endif
#else
#error Must have popen
#endif
	g_free (cmd);

	if (input == NULL || ferror (input)) {
#if !defined (HAVE_CPP_PIPE_STDIN) && defined (HAVE_SYMLINK)
		g_free (tmpfilename);
#endif
		return IDL_ERROR;
	}

	IDL_parse_setup(parse_flags, max_msg_level);

	__IDL_in = input;
	__IDL_msgcb = msg_cb;
	__IDL_root_ns = IDL_ns_new ();
	__IDL_lex_init ();

	__IDL_real_filename = filename;
#ifndef HAVE_CPP_PIPE_STDIN
	__IDL_tmp_filename = tmpfilename; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.