Hi John,
You've hit the daily double, triggering two unrelated loopholes together with a single line of code to crack open a security breach! You might want to go buy a lottery ticket while you've got the magic touch...
The initial loophole was the result of an oversight in the
B64ENC parameter design, where the
flag parameter is used to determine whether the
indata parameter is a filespec or a memory buffer, assuming that a size of 0 must indicate that its a file (since why would anyone want to encode an empty string?)
The second loophole was A-Shell's filespec conversion-to-native function was failing to clear the output in the case of an empty input spec. It returns an error code, but since that scenario is so rare, calling routines often just proceed directly to using the translated filespec (assuming any errors could then be dealt with). But in this case, B64ENC was using the global last-translated-filespec variable for the translated filename, (a useful shortcut for file-related error handling). So the end result was that instead of encoding your empty string, it was encoding the last processed filespec probably your RUN file, or maybe an SBX). (It's a good thing you found this before the Russians did!
)
Anyway, I believe it's all patched up in 1764.1 ...
ash-7.0.1764.1-el7-upd.tzash-7.0.1764.1-el7-x86_64-upd.tz ash70notes.txt
