alpine 3.6
shell weakness #44

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

gawk/src/gawk-4.1.4/vms/redirect.h

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

 
#ifdef STDC_HEADERS
/* This is for getopt.c and alloca.c (compiled with HAVE_CONFIG_H defined),
   to prevent diagnostics about various implicitly declared functions.  */
#include <stdlib.h>
#include <string.h>
#endif
#ifndef VMS_POSIX
/* This if for random.c. */
#define gettimeofday	vms_gettimeofday
#ifndef __TIMEVAL
#define __TIMEVAL 1
struct timeval	{ long tv_sec, tv_usec; };
#endif
extern int   gettimeofday(struct timeval *,void *);
#endif

#else	/* awk.h, not POSIX */

/* some macros to redirect to code in vms/vms_misc.c */
#ifndef bcopy
#define bcopy		vms_bcopy
#endif
#define open		vms_open
#define popen		vms_popen
#define pclose		vms_pclose
#ifndef HAVE_SNPRINTF
#define snprintf gawk_snprintf	/* avoid %CC-I-INTRINSICDECL diagnostic */
#define vsnprintf gawk_vsnprintf
#endif
/* supply missing or suppressed (due to defines in config.h) declarations */
extern int snprintf(char *,size_t,const char *,...);
extern int vsnprintf(char *restrict,size_t,const char *,va_list);
extern int setenv(const char *,const char *,int);
extern int unsetenv(const char *);
#define strerror	vms_strerror
#define strdup		vms_strdup
#define unlink		vms_unlink
#if defined(VAXC) || (defined(__GNUC__) && !defined(__alpha))
#define fstat(fd,sb)	VMS_fstat(fd,sb)
#endif
extern void  exit(int);
extern int   open(const char *,int,...);
extern char *strerror(int);
extern char *strdup(const char *str);
extern int   vms_devopen(const char *,int);
# ifndef NO_TTY_FWRITE
#define fwrite		tty_fwrite
#define fclose		tty_fclose
extern size_t fwrite(const void *,size_t,size_t,FILE *); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.