alpine 3.6
shell weakness #37

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

gawk/src/gawk-4.1.4/pc/popen.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

   sprintf(quoted, "\"%s\"", cmd);

  return quoted;
}
#endif

#else  /* !__MINGW32__ */
#define os_system(cmd) system(cmd)
#endif


FILE *
os_popen(const char *command, const char *mode )
{
    FILE *current;
    char *name;
    int cur;
    char curmode[4];

    if (*mode != 'r' && *mode != 'w')
      return NULL;
    strncpy(curmode, mode, 3); curmode[3] = '\0';

#if defined(__MINGW32__)
    current = popen(command, mode);
    cur = fileno(current);
    strcpy(pipes[cur].pmode, curmode);
    return(current);
#endif

    /*
    ** get a name to use.
    */
    if((name = tempnam(".","pip"))==NULL)
        return NULL;
    /*
    ** If we're reading, just call system to get a file filled with
    ** output.
    */
    if (*curmode == 'r') {
        FILE *fp;
        if ((cur = dup(fileno(stdout))) == -1)
	    return NULL;
	*curmode = 'w';
        if ((current = freopen(name, curmode, stdout)) == NULL)
	    return NULL;
        os_system(command);
        if (dup2(cur, fileno(stdout)) == -1)
	    return NULL;
	close(cur); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.