From cc7274ca25855538ff3ce05e79472d464cd08d91 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Sat, 5 Feb 2022 21:42:10 +0300
Subject: [PATCH] install_bin: prevent bad executable interpretation as a shell
 script

---
 install_bin.sh | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/install_bin.sh b/install_bin.sh
index 65d1ed0..e553098 100755
--- a/install_bin.sh
+++ b/install_bin.sh
@@ -7,10 +7,15 @@ BINDIR="$EXEDIR/$BINS"
 
 check_dir()
 {
-	local exe=$BINDIR/$1/ip2net
+	local dir="$BINDIR/$1"
+	local exe="$dir/ip2net"
+	local out
 	if [ -f "$exe" ]; then
 		if [ -x "$exe" ]; then
-			echo 0.0.0.0 | "$exe" 1>/dev/null 2>/dev/null
+			# ash and dash try to execute invalid executables as a script. they interpret binary garbage with possible negative consequences
+			# find do not use shell exec
+			out=$(echo 0.0.0.0 | find "$dir" -maxdepth 1 -name ip2net -exec {} \; 2>/dev/null)
+			[ -n "$out" ]
 		else
 			echo "$exe is not executable. set proper chmod."
 			return 1