alpine 3.6
shell weakness #30

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

fcgi/src/fcgi-2.4.0/libfcgi/fcgi_stdio.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

  *
 *----------------------------------------------------------------------
 */
int FCGI_fileno(FCGI_FILE *fp)
{
    if(fp->stdio_stream)
        return fileno(fp->stdio_stream);
    else
        return -1;
}

FCGI_FILE *FCGI_fdopen(int fd, const char *mode)
{
    FILE * file = fdopen(fd, mode);
    FCGI_FILE * fcgi_file = FCGI_OpenFromFILE(file);

    if (file && !fcgi_file)
        fclose(file);

    return fcgi_file;
}

FCGI_FILE *FCGI_popen(const char *cmd, const char *type)
{
    FILE * file = popen(cmd, type);
    FCGI_FILE * fcgi_file = FCGI_OpenFromFILE(file);

    if (file && !fcgi_file)
        pclose(file);

    return fcgi_file;
}

int FCGI_pclose(FCGI_FILE *fp)
{
    int n = EOF;
    if (fp->stdio_stream) {
        n = pclose(fp->stdio_stream);
        fp->stdio_stream = NULL;
    } else if(fp->fcgx_stream) {
        /*
         * The caller is deeply confused; don't free the storage.
         */
        return EOF;
    }
    if((fp != FCGI_stdin) && (fp != FCGI_stdout) && (fp != FCGI_stderr)) {
        free(fp);
    }
    return n;
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.