alpine 3.6
shell weakness #36

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

gawk/src/gawk-4.1.4/pc/popen.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

 	}
      retval = -1;
    }
  CloseHandle (ph);
  return retval;
}

char *
quote_cmd(const char *cmd)
{
  char *quoted;

  /* The command will be invoked via cmd.exe, whose behavior wrt
     quoted commands is to remove the first and the last quote
     characters, and leave the rest (including any quote characters
     inside the outer pair) intact.  */
  quoted = malloc(strlen (cmd) + 2 + 1);
  sprintf(quoted, "\"%s\"", cmd);

  return quoted;
}
#endif

#else  /* !__MINGW32__ */
#define os_system(cmd) system(cmd)
#endif


FILE *
os_popen(const char *command, const char *mode )
{
    FILE *current;
    char *name;
    int cur;
    char curmode[4];

    if (*mode != 'r' && *mode != 'w')
      return NULL;
    strncpy(curmode, mode, 3); curmode[3] = '\0';

#if defined(__MINGW32__)
    current = popen(command, mode);
    cur = fileno(current);
    strcpy(pipes[cur].pmode, curmode);
    return(current);
#endif

    /*
    ** get a name to use.
    */ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.