You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create the following useles but valid script in a directory containing an equal sign (=), e.g.
c:\temp\=PSTest\Test.ps1
Enum State {
Unknown =1
New =2
}
Start the Script. You'll get:
The given assembly name or codebase was invalid. (Exception from HRESULT: 0x80131047)
…
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [], FileLoadException
+ FullyQualifiedErrorId : System.IO.FileLoadException
Expected behavior
It's obvious: No valid character in the path of a PowerShell Script is allowed to affect the Script execution.
Actual behavior
PowerShell stops working with an exception because characters in the path of a PowerShell script can affect the PowerShell runtime.
I guess that a hacker is able to control powershell just by using special characters in the path of a script because PowerShell probably tries to interpret those characters.
Environment data
>$PSVersionTable
Name Value
---------
PSVersion 5.1.16299.98
PSEdition Desktop
PSCompatibleVersions {1.0,2.0,3.0,4.0...}
BuildVersion 10.0.16299.98
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
The text was updated successfully, but these errors were encountered:
schittli
changed the title
Simple but annoying bug: PowerShell stops working if there is a = in the path
Simple but annoying bug: PowerShell stops working if there is a = in the path of the Script
Feb 1, 2018
This does not reproduce in 6.0.1. I believe starting with 6.0.0 (#5292) the assembly name for PowerShell generated dynamic Classes and Enums changed which resolved this issue. To be clear, in 5.1 the dynamic class assembly names were generated based on the filename. Creating an Enum from a file with an illegal assembly name character is likely the cause of the issue you see.
This repository is for PowerShell Core 6.0.0 and newer. To file bug reports for Windows PowerShell 5.1 please use UserVoice
Steps to reproduce
c:\temp\=PSTest\Test.ps1
Expected behavior
It's obvious: No valid character in the path of a PowerShell Script is allowed to affect the Script execution.
Actual behavior
PowerShell stops working with an exception because characters in the path of a PowerShell script can affect the PowerShell runtime.
I guess that a hacker is able to control powershell just by using special characters in the path of a script because PowerShell probably tries to interpret those characters.
Environment data
The text was updated successfully, but these errors were encountered: