summaryrefslogtreecommitdiffstats
path: root/tools/plistutil.c
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2017-01-18 15:44:51 +0100
committerGravatar Nikias Bassen2017-01-18 15:44:51 +0100
commit7391a506352c009fe044dead7baad9e22dd279ee (patch)
treef6240301d10d69300a68228c529c3bc6413aa101 /tools/plistutil.c
parent7a28a14cf6ed547dfd2e52a4db17f47242bfdef9 (diff)
downloadlibplist-7391a506352c009fe044dead7baad9e22dd279ee.tar.gz
libplist-7391a506352c009fe044dead7baad9e22dd279ee.tar.bz2
plistutil: Prevent OOB heap buffer read by checking input size
As pointed out in #87 plistutil would do a memcmp with a heap buffer without checking the size. If the size is less than 8 it would read beyond the bounds of this heap buffer. This commit prevents that.
Diffstat (limited to 'tools/plistutil.c')
-rw-r--r--tools/plistutil.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/tools/plistutil.c b/tools/plistutil.c
index 6451604..e943e76 100644
--- a/tools/plistutil.c
+++ b/tools/plistutil.c
@@ -129,6 +129,12 @@ int main(int argc, char *argv[])
129 } 129 }
130 130
131 stat(options->in_file, &filestats); 131 stat(options->in_file, &filestats);
132
133 if (filestats.st_size < 8) {
134 printf("ERROR: Input file is too small to contain valid plist data.\n");
135 return -1;
136 }
137
132 plist_entire = (char *) malloc(sizeof(char) * (filestats.st_size + 1)); 138 plist_entire = (char *) malloc(sizeof(char) * (filestats.st_size + 1));
133 read_size = fread(plist_entire, sizeof(char), filestats.st_size, iplist); 139 read_size = fread(plist_entire, sizeof(char), filestats.st_size, iplist);
134 fclose(iplist); 140 fclose(iplist);