Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 30 Jan 2021 23:26:16 +0100
From:      Jilles Tjoelker <jilles@stack.nl>
To:        Eugene Grosbein <eugen@grosbein.net>
Cc:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   Re: git: 3708b615c354 - stable/12 - sh: Allow more scripts without #!
Message-ID:  <20210130222616.GA4539@stack.nl>
In-Reply-To: <5cee1fe4-8aa8-0ad7-55ab-125bfbcb7c7f@grosbein.net>
References:  <202101301511.10UFBjcd033018@gitrepo.freebsd.org> <5cee1fe4-8aa8-0ad7-55ab-125bfbcb7c7f@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Sat, Jan 30, 2021 at 11:10:09PM +0700, Eugene Grosbein wrote:
> 30.01.2021 22:11, Jilles Tjoelker wrote:

> [skip]

> > +static bool
> > +isbinary(const char *data, size_t len)
> > +{
> > +	const char *nul, *p;
> > +	bool hasletter;
> > +
> > +	nul = memchr(data, '\0', len);
> > +	if (nul == NULL)
> > +		return false;
> > +	/*
> > +	 * POSIX says we shall allow execution if the initial part intended
> > +	 * to be parsed by the shell consists of characters and does not
> > +	 * contain the NUL character. This allows concatenating a shell
> > +	 * script (ending with exec or exit) and a binary payload.
> > +	 *
> > +	 * In order to reject common binary files such as PNG images, check
> > +	 * that there is a lowercase letter or expansion before the last
> > +	 * newline before the NUL character, in addition to the check for
> > +	 * the newline character suggested by POSIX.
> > +	 */
> > +	hasletter = false;
> > +	for (p = data; *p != '\0'; p++) {
> > +		if ((*p >= 'a' && *p <= 'z') || *p == '$' || *p == '`')
> > +			hasletter = true;
> > +		if (hasletter && *p == '\n')
> > +			return false;
> > +	}
> > +	return true;
> > +}

> Before last newline or before first newline?

Before the last newline, according to both comment and code. It is
acceptable to have an empty line, a line containing only '{', etc.
before the line containing the lowercase letter or expansion.

I could add another test case for this, if that would clarify things
(just like I did for the "actually portable executable" hacks).

-- 
Jilles Tjoelker

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210130222616.GA4539>