alpine 3.6
shell weakness #45


Weakness Breakdown


A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.6 shell weakness.

 #define vsnprintf gawk_vsnprintf
/* supply missing or suppressed (due to defines in config.h) declarations */
extern int snprintf(char *,size_t,const char *,...);
extern int vsnprintf(char *restrict,size_t,const char *,va_list);
extern int setenv(const char *,const char *,int);
extern int unsetenv(const char *);
#define strerror	vms_strerror
#define strdup		vms_strdup
#define unlink		vms_unlink
#if defined(VAXC) || (defined(__GNUC__) && !defined(__alpha))
#define fstat(fd,sb)	VMS_fstat(fd,sb)
extern void  exit(int);
extern int   open(const char *,int,...);
extern char *strerror(int);
extern char *strdup(const char *str);
extern int   vms_devopen(const char *,int);
# ifndef NO_TTY_FWRITE
#define fwrite		tty_fwrite
#define fclose		tty_fclose
extern size_t fwrite(const void *,size_t,size_t,FILE *);
extern int    fclose(FILE *);
# endif
extern FILE *popen(const char *,const char *);
extern int   pclose(FILE *);
extern void vms_arg_fixup(int *,char ***);
/* some things not in STDC_HEADERS */
extern size_t gnu_strftime(char *,size_t,const char *,const struct tm *);
extern int unlink(const char *);
extern int getopt(int,char **,char *);
extern int isatty(int);
#ifndef fileno
extern int fileno(FILE *);
extern int close(int);
extern int dup(int);
extern int dup2(int, int);
extern int read(int, void *, int);
extern int getpgrp(void);
extern void tzset(void);

#endif	/* not VMS_POSIX and not IN_CONFIG_H */


The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.