plist: Improve plist_dict_get_item() to safely iterate key/value pairs

Use explicit key/value stepping, zero-initialize hash lookup key, and perform length-checked comparisons on NUL-terminated key strings.
author: Nikias Bassen 2026-01-23 16:20:55 +0100
committer: Nikias Bassen 2026-01-23 16:20:55 +0100
commit: d0e6ef114aef98c410e59e30cc203489ddf3ba52 (patch)
tree: e57f45829095954df8b39d8baa7cbbef4dc42f46
parent: 1d628bc5b051ba941389a13aa94983d5d273618b (diff)
download: libplist-d0e6ef114aef98c410e59e30cc203489ddf3ba52.tar.gz
libplist-d0e6ef114aef98c410e59e30cc203489ddf3ba52.tar.bz2
1 files changed, 32 insertions, 24 deletions
diff --git a/src/plist.c b/src/plist.c
index 781f795..a9199ee 100644
--- a/src/plist.c
+++ b/src/plist.c
@@ -900,31 +900,39 @@ plist_t plist_dict_item_get_key(plist_t node)
 plist_t plist_dict_get_item(plist_t node, const char* key)
 {
    plist_t ret = NULL;
+    if (!PLIST_IS_DICT(node) || !key) {
-    if (node && PLIST_DICT == plist_get_node_type(node))
+        PLIST_ERR("invalid argument passed to %s (node=%p, key=%p)\n", __func__, node, key);
-    {
+        return NULL;
-        plist_data_t data = plist_get_data(node);
+    }
-        hashtable_t *ht = (hashtable_t*)data->hashtable;
+    plist_data_t data = plist_get_data(node);
-        if (ht) {
+    assert(data);
-            struct plist_data_s sdata;
+    if (!data) {
-            sdata.strval = (char*)key;
+        PLIST_ERR("%s: invalid node\n", __func__);
-            sdata.length = strlen(key);
+        return NULL;
-            ret = (plist_t)hash_table_lookup(ht, &sdata);
+    }
-        } else {
+    size_t keylen = strlen(key);
-            plist_t current = NULL;
+    hashtable_t *ht = (hashtable_t*)data->hashtable;
-            for (current = (plist_t)node_first_child((node_t)node);
+    if (ht) {
-                current;
+        struct plist_data_s sdata = { 0 };
-                current = (plist_t)node_next_sibling(node_next_sibling((node_t)current)))
+        sdata.strval = (char*)key;
-            {
+        sdata.length = keylen;
-                data = plist_get_data(current);
+        return (plist_t)hash_table_lookup(ht, &sdata);
-                assert( PLIST_KEY == plist_get_node_type(current) );
+    } else {
+        plist_t k = NULL;
-                if (data && !strcmp(key, data->strval))
+        for (k = (plist_t)node_first_child((node_t)node); k; ) {
-                {
+            plist_t v = (plist_t)node_next_sibling(k);
-                    ret = (plist_t)node_next_sibling((node_t)current);
+            if (!v) break;
-                    break;
+            data = plist_get_data(k);
-                }
+            assert(PLIST_IS_KEY(k));
+            if (!PLIST_IS_KEY(k) || !data || !data->strval) {
+                PLIST_ERR("invalid key node at %p\n", k);
+                break;
+            }
+            if (data->length == keylen && !memcmp(key, data->strval, keylen+1)) {
+                ret = v;
+                break;
            }
+            k = node_next_sibling(v);
        }
    }
    return ret;
author	Nikias Bassen	2026-01-23 16:20:55 +0100
committer	Nikias Bassen	2026-01-23 16:20:55 +0100
commit	d0e6ef114aef98c410e59e30cc203489ddf3ba52 (patch)
tree	e57f45829095954df8b39d8baa7cbbef4dc42f46
parent	1d628bc5b051ba941389a13aa94983d5d273618b (diff)
download	libplist-d0e6ef114aef98c410e59e30cc203489ddf3ba52.tar.gz libplist-d0e6ef114aef98c410e59e30cc203489ddf3ba52.tar.bz2

diff --git a/src/plist.c b/src/plist.c index 781f795..a9199ee 100644 --- a/src/plist.c +++ b/src/plist.c
@@ -900,31 +900,39 @@ plist_t plist_dict_item_get_key(plist_t node)
900	plist_t plist_dict_get_item(plist_t node, const char* key)	900	plist_t plist_dict_get_item(plist_t node, const char* key)
901	{	901	{
902	plist_t ret = NULL;	902	plist_t ret = NULL;
903		903	if (!PLIST_IS_DICT(node) \|\| !key) {
904	if (node && PLIST_DICT == plist_get_node_type(node))	904	PLIST_ERR("invalid argument passed to %s (node=%p, key=%p)\n", __func__, node, key);
905	{	905	return NULL;
906	plist_data_t data = plist_get_data(node);	906	}
907	hashtable_t ht = (hashtable_t)data->hashtable;	907	plist_data_t data = plist_get_data(node);
908	if (ht) {	908	assert(data);
909	struct plist_data_s sdata;	909	if (!data) {
910	sdata.strval = (char*)key;	910	PLIST_ERR("%s: invalid node\n", __func__);
911	sdata.length = strlen(key);	911	return NULL;
912	ret = (plist_t)hash_table_lookup(ht, &sdata);	912	}
913	} else {	913	size_t keylen = strlen(key);
914	plist_t current = NULL;	914	hashtable_t ht = (hashtable_t)data->hashtable;
915	for (current = (plist_t)node_first_child((node_t)node);	915	if (ht) {
916	current;	916	struct plist_data_s sdata = { 0 };
917	current = (plist_t)node_next_sibling(node_next_sibling((node_t)current)))	917	sdata.strval = (char*)key;
918	{	918	sdata.length = keylen;
919	data = plist_get_data(current);	919	return (plist_t)hash_table_lookup(ht, &sdata);
920	assert( PLIST_KEY == plist_get_node_type(current) );	920	} else {
921		921	plist_t k = NULL;
922	if (data && !strcmp(key, data->strval))	922	for (k = (plist_t)node_first_child((node_t)node); k; ) {
923	{	923	plist_t v = (plist_t)node_next_sibling(k);
924	ret = (plist_t)node_next_sibling((node_t)current);	924	if (!v) break;
925	break;	925	data = plist_get_data(k);
926	}	926	assert(PLIST_IS_KEY(k));
		927	if (!PLIST_IS_KEY(k) \|\| !data \|\| !data->strval) {
		928	PLIST_ERR("invalid key node at %p\n", k);
		929	break;
		930	}
		931	if (data->length == keylen && !memcmp(key, data->strval, keylen+1)) {
		932	ret = v;
		933	break;
927	}	934	}
		935	k = node_next_sibling(v);
928	}	936	}
929	}	937	}
930	return ret;	938	return ret;