git: 3708b615c354 - stable/12 - sh: Allow more scripts without #!
Eugene Grosbein
eugen at grosbein.net
Sat Jan 30 16:10:33 UTC 2021
30.01.2021 22:11, Jilles Tjoelker wrote:
[skip]
> +static bool
> +isbinary(const char *data, size_t len)
> +{
> + const char *nul, *p;
> + bool hasletter;
> +
> + nul = memchr(data, '\0', len);
> + if (nul == NULL)
> + return false;
> + /*
> + * POSIX says we shall allow execution if the initial part intended
> + * to be parsed by the shell consists of characters and does not
> + * contain the NUL character. This allows concatenating a shell
> + * script (ending with exec or exit) and a binary payload.
> + *
> + * In order to reject common binary files such as PNG images, check
> + * that there is a lowercase letter or expansion before the last
> + * newline before the NUL character, in addition to the check for
> + * the newline character suggested by POSIX.
> + */
> + hasletter = false;
> + for (p = data; *p != '\0'; p++) {
> + if ((*p >= 'a' && *p <= 'z') || *p == '$' || *p == '`')
> + hasletter = true;
> + if (hasletter && *p == '\n')
> + return false;
> + }
> + return true;
> +}
Before last newline or before first newline?
More information about the dev-commits-src-all
mailing list