Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 31 Jan 2021 05:58:39 +0700
From:      Eugene Grosbein <eugen@grosbein.net>
To:        Jilles Tjoelker <jilles@stack.nl>
Cc:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   Re: git: 3708b615c354 - stable/12 - sh: Allow more scripts without #!
Message-ID:  <ea6efed0-1aad-8d0a-f068-efe0ff4ddc2d@grosbein.net>
In-Reply-To: <20210130222616.GA4539@stack.nl>
References:  <202101301511.10UFBjcd033018@gitrepo.freebsd.org> <5cee1fe4-8aa8-0ad7-55ab-125bfbcb7c7f@grosbein.net> <20210130222616.GA4539@stack.nl>
next in thread | previous in thread | raw e-mail | index | archive | help 
31.01.2021 5:26, Jilles Tjoelker wrote:

>>> +static bool
>>> +isbinary(const char *data, size_t len)
>>> +{
>>> +	const char *nul, *p;
>>> +	bool hasletter;
>>> +
>>> +	nul = memchr(data, '\0', len);
>>> +	if (nul == NULL)
>>> +		return false;
>>> +	/*
>>> +	 * POSIX says we shall allow execution if the initial part intended
>>> +	 * to be parsed by the shell consists of characters and does not
>>> +	 * contain the NUL character. This allows concatenating a shell
>>> +	 * script (ending with exec or exit) and a binary payload.
>>> +	 *
>>> +	 * In order to reject common binary files such as PNG images, check
>>> +	 * that there is a lowercase letter or expansion before the last
>>> +	 * newline before the NUL character, in addition to the check for
>>> +	 * the newline character suggested by POSIX.
>>> +	 */
>>> +	hasletter = false;
>>> +	for (p = data; *p != '\0'; p++) {
>>> +		if ((*p >= 'a' && *p <= 'z') || *p == '$' || *p == '`')
>>> +			hasletter = true;
>>> +		if (hasletter && *p == '\n')
>>> +			return false;
>>> +	}
>>> +	return true;
>>> +}
> 
>> Before last newline or before first newline?
> 
> Before the last newline, according to both comment and code.

Sorry, I don't get it. The "for" loop starts from the beginning, and returns false (NOT binary, text file)
after lowercase letter and first newline, not last.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ea6efed0-1aad-8d0a-f068-efe0ff4ddc2d>