git: 3708b615c354 - stable/12 - sh: Allow more scripts without #!
Eugene Grosbein
eugen at grosbein.net
Sat Jan 30 22:59:08 UTC 2021
31.01.2021 5:26, Jilles Tjoelker wrote:
>>> +static bool
>>> +isbinary(const char *data, size_t len)
>>> +{
>>> + const char *nul, *p;
>>> + bool hasletter;
>>> +
>>> + nul = memchr(data, '\0', len);
>>> + if (nul == NULL)
>>> + return false;
>>> + /*
>>> + * POSIX says we shall allow execution if the initial part intended
>>> + * to be parsed by the shell consists of characters and does not
>>> + * contain the NUL character. This allows concatenating a shell
>>> + * script (ending with exec or exit) and a binary payload.
>>> + *
>>> + * In order to reject common binary files such as PNG images, check
>>> + * that there is a lowercase letter or expansion before the last
>>> + * newline before the NUL character, in addition to the check for
>>> + * the newline character suggested by POSIX.
>>> + */
>>> + hasletter = false;
>>> + for (p = data; *p != '\0'; p++) {
>>> + if ((*p >= 'a' && *p <= 'z') || *p == '$' || *p == '`')
>>> + hasletter = true;
>>> + if (hasletter && *p == '\n')
>>> + return false;
>>> + }
>>> + return true;
>>> +}
>
>> Before last newline or before first newline?
>
> Before the last newline, according to both comment and code.
Sorry, I don't get it. The "for" loop starts from the beginning, and returns false (NOT binary, text file)
after lowercase letter and first newline, not last.
More information about the dev-commits-src-branches
mailing list