70b95ceeab
Security: CVE-2009-1515
39 lines
1.4 KiB
Plaintext
39 lines
1.4 KiB
Plaintext
#------------------------------------------------------------------------------
|
|
# Cafe Babes unite!
|
|
#
|
|
# Since Java bytecode and Mach-O fat-files have the same magic number, the test
|
|
# must be performed in the same "magic" sequence to get both right. The long
|
|
# at offset 4 in a mach-O fat file tells the number of architectures; the short at
|
|
# offset 4 in a Java bytecode file is the JVM minor version and the
|
|
# short at offset 6 is the JVM major version. Since there are only
|
|
# only 18 labeled Mach-O architectures at current, and the first released
|
|
# Java class format was version 43.0, we can safely choose any number
|
|
# between 18 and 39 to test the number of architectures against
|
|
# (and use as a hack). Let's not use 18, because the Mach-O people
|
|
# might add another one or two as time goes by...
|
|
#
|
|
0 belong 0xcafebabe
|
|
!:mime application/x-java-applet
|
|
>4 belong >30 compiled Java class data,
|
|
>>6 beshort x version %d.
|
|
>>4 beshort x \b%d
|
|
# Which is which?
|
|
#>>4 belong 0x032d (Java 1.0)
|
|
#>>4 belong 0x032d (Java 1.1)
|
|
>>4 belong 0x002e (Java 1.2)
|
|
>>4 belong 0x002f (Java 1.3)
|
|
>>4 belong 0x0030 (Java 1.4)
|
|
>>4 belong 0x0031 (Java 1.5)
|
|
>>4 belong 0x0032 (Java 1.6)
|
|
|
|
|
|
0 belong 0xcafebabe
|
|
>4 belong 1 Mach-O fat file with 1 architecture
|
|
>4 belong >1
|
|
>>4 belong <20 Mach-O fat file with %ld architectures
|
|
|
|
0 belong 0xcafed00d JAR compressed with pack200,
|
|
>>5 byte x version %d.
|
|
>>4 byte x \b%d
|
|
!:mime application/x-java-pack200
|