/usr/share/sanitizer/testcases/sanitizer.boundary.t is in sanitizer 1.76-3.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 | #!/bin/sh
[ "$1" = "-h" ] && cat <<tac
This example tests the following features of the sanitizer:
- This tests handling of RFC822 comments within Boundary strings,
where the sanitizer doesn't actually chose between possible
boundary strings until message processing has begun.
- Test various other naughty boundary-string exploits.
- Test handling of broken "name=file with unquoted spaces.ext" stuff.
- Test the Transfer-Encoding fixer-upper code.
tac
$ANOMY/bin/sanitizer -nofprot $SAN_CONF \
'feat_testing = 1' \
'feat_log_inline = 1' \
'feat_log_stderr = 1' \
'file_list_2_policy = accept' \
'file_list_2 = (?i)\.txt$' \
'file_list_7 = 0' \
"header_rev = 0" <<EOF 2>test.log >test.out
From bre Fri Jan 30 03:37:34 1998
Date: Wed, 13 Dec 2000 17:13:26 +0800
From: Admin <foo@bar.com>
Subject: Yet another MIME test
To: Admin <baz@bar.com>
MIME-Version: 1.0
Con(FOO)tent-Type: MULT(comment)I(c2)PA(c3)RT/ALTERNATIVE; boundary=Boundary_(THIS_DOESNT_GET_DROPPED)
Content-Transfer-Encoding: quoted-printable
--Boundary_(THIS_DOESNT_GET_DROPPED)
Content-type: text/plain; format=flowed; charset=us-ascii
Content-disposition: attachment;
name=evil file.exe
Part one
--Boundary_(THIS_DOESNT_GET_DROPPED)
Content-type: text/plain; charset=us-ascii
Part two
--Boundary_(THIS_DOESNT_GET_DROPPED)--
EOF
echo "*** Exit code was $? ***" >>test.out
$ANOMY/bin/sanitizer -nofprot $SAN_CONF \
'feat_log_inline = 1' \
'file_list_2_policy = accept' \
'file_list_2 = (?i)\.txt$' \
'file_list_7 = 0' \
'feat_testing = 1' "header_rev = 0" <<EOF 2>>test.log >>test.out
From bre Fri Jan 30 03:37:34 1998
Date: Wed, 13 Dec 2000 17:13:26 +0800
From: Admin <foo@bar.com>
Subject: Yet another MIME test
To: Admin <baz@bar.com>
MIME-Version: 1.0
Content-Type: MULTIPART/ALTERNATIVE; boundary=Boundary(THIS_GETS_DROPPED)
Content-Transfer-Encoding: 8bit
--Boundary
Content-type: text/plain; format=flowed; charset=us-ascii
Content-disposition: attachment; name=evil file.exe
Part one
--Boundary
Content-type: text/plain; charset=us-ascii
Part two
--Boundary--
EOF
echo "*** Exit code was $? ***" >>test.out
$ANOMY/bin/sanitizer -nofprot $SAN_CONF \
'feat_log_inline = 1' \
'file_list_2_policy = accept' \
'file_list_2 = (?i)\.txt$' \
'file_list_7 = 0' \
'feat_testing = 1' "header_rev = 0" <<EOF 2>>test.log >>test.out
From bre Fri Jan 30 03:37:34 1998
Date: Wed, 13 Dec 2000 17:13:26 +0800
From: Admin <foo@bar.com>
Subject: Yet another MIME test
To: Admin <baz@bar.com>
MIME-Version: 1.0
Content-Type: MULTIPART/ALTERNATIVE;
Content-Transfer-Encoding: 8bit
--------------------------------------------
This is crap
--------------------------------------------
--NotABoundary
--ReallyAFakeBoundary
--Boundary
Content-type: text/plain; format=flowed; charset=us-ascii
Content-disposition: attachment; name="evil.exe"
Part one
--Boundary
Content-type: text/plain; charset=us-ascii
Part two
--Boundary--
EOF
echo "*** Exit code was $? ***" >>test.out
|