Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 31 Jan 2021 05:58:39 +0700
From:      Eugene Grosbein <eugen@grosbein.net>
To:        Jilles Tjoelker <jilles@stack.nl>
Cc:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   Re: git: 3708b615c354 - stable/12 - sh: Allow more scripts without #!
Message-ID:  <ea6efed0-1aad-8d0a-f068-efe0ff4ddc2d@grosbein.net>
In-Reply-To: <20210130222616.GA4539@stack.nl>
References:  <202101301511.10UFBjcd033018@gitrepo.freebsd.org> <5cee1fe4-8aa8-0ad7-55ab-125bfbcb7c7f@grosbein.net> <20210130222616.GA4539@stack.nl>
index | next in thread | previous in thread | raw e-mail 

31.01.2021 5:26, Jilles Tjoelker wrote:

>>> +static bool
>>> +isbinary(const char *data, size_t len)
>>> +{
>>> +	const char *nul, *p;
>>> +	bool hasletter;
>>> +
>>> +	nul = memchr(data, '\0', len);
>>> +	if (nul == NULL)
>>> +		return false;
>>> +	/*
>>> +	 * POSIX says we shall allow execution if the initial part intended
>>> +	 * to be parsed by the shell consists of characters and does not
>>> +	 * contain the NUL character. This allows concatenating a shell
>>> +	 * script (ending with exec or exit) and a binary payload.
>>> +	 *
>>> +	 * In order to reject common binary files such as PNG images, check
>>> +	 * that there is a lowercase letter or expansion before the last
>>> +	 * newline before the NUL character, in addition to the check for
>>> +	 * the newline character suggested by POSIX.
>>> +	 */
>>> +	hasletter = false;
>>> +	for (p = data; *p != '\0'; p++) {
>>> +		if ((*p >= 'a' && *p <= 'z') || *p == '$' || *p == '`')
>>> +			hasletter = true;
>>> +		if (hasletter && *p == '\n')
>>> +			return false;
>>> +	}
>>> +	return true;
>>> +}
> 
>> Before last newline or before first newline?
> 
> Before the last newline, according to both comment and code.

Sorry, I don't get it. The "for" loop starts from the beginning, and returns false (NOT binary, text file)
after lowercase letter and first newline, not last.
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ea6efed0-1aad-8d0a-f068-efe0ff4ddc2d>