On Sat, Jan 30, 2021 at 11:10:09PM +0700, Eugene Grosbein wrote:
> 30.01.2021 22:11, Jilles Tjoelker wrote:
> [skip]
> > +static bool
> > +isbinary(const char *data, size_t len)
> > +{
> > + const char *nul, *p;
> > + bool hasletter;
> > +
> > + nul = memchr(data, '\0', len);
> > + if (nul == NULL)
> > + return false;
> > + /*
> > + * POSIX says we shall allow execution if the initial part intended
> > + * to be parsed by the shell consists of characters and does not
> > + * contain the NUL character. This allows concatenating a shell
> > + * script (ending with exec or exit) and a binary payload.
> > + *
> > + * In order to reject common binary files such as PNG images, check
> > + * that there is a lowercase letter or expansion before the last
> > + * newline before the NUL character, in addition to the check for
> > + * the newline character suggested by POSIX.
> > + */
> > + hasletter = false;
> > + for (p = data; *p != '\0'; p++) {
> > + if ((*p >= 'a' && *p <= 'z') || *p == '$' || *p == '`')
> > + hasletter = true;
> > + if (hasletter && *p == '\n')
> > + return false;
> > + }
> > + return true;
> > +}
> Before last newline or before first newline?
Before the last newline, according to both comment and code. It is
acceptable to have an empty line, a line containing only '{', etc.
before the line containing the lowercase letter or expansion.
I could add another test case for this, if that would clarify things
(just like I did for the "actually portable executable" hacks).
--
Jilles Tjoelker
_______________________________________________
dev-commits-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all
To unsubscribe, send any mail to "dev-commits-src-all-unsubscr...@freebsd.org"
