summaryrefslogtreecommitdiffstats
path: root/src/xplist.c
AgeCommit message (Collapse)AuthorFilesLines
2018-07-25xplist: Fix typo in error messageGravatar Bastien Nocera1-1/+1
2017-04-02xplist: Plug another memory leakGravatar Nikias Bassen1-0/+3
Credit to OSS-Fuzz
2017-03-29xplist: Prevent memory leak(s) when parsing failsGravatar Nikias Bassen1-2/+2
Credit to OSS-Fuzz
2017-03-29xplist: Make XML parsing non-recursive to prevent stack overflow on ↵Gravatar Nikias Bassen1-79/+103
deep-structured plists Credit to OSS-Fuzz
2017-02-15xplist: Improve writing of large PLIST_DATA nodes by growing buffer in advanceGravatar Nikias Bassen1-0/+1
Instead of letting the buffer grow by just the amount of bytes currently transformed to base64 - which is basically line by line - we now calculate the size of the output blob in advance and grow the buffer accordingly. This will reduce the amount of reallocs to just one, which is especially important for large data blobs. While this is a general improvement for all platforms, it is on platforms like Windows where realloc() can be REALLY slow; converting a 20mb blob to XML can easily take up to a minute (due to the several hundred thousand calls to realloc()). With this commit, it will be fast again.
2017-02-09xplist: Fix OOB heap buffer read with empty data nodesGravatar Nikias Bassen1-2/+4
Credit to OSS-Fuzz
2017-02-09xplist: Prevent assert when parsing CF$UID dict with invalid value nodeGravatar Nikias Bassen1-0/+5
Credit to OSS-Fuzz
2017-02-08xplist: Use proper variable size for integer from string parsingGravatar Nikias Bassen1-2/+2
2017-02-07xplist: Prevent some more strncmp related OOB readsGravatar Nikias Bassen1-4/+4
2017-02-07xplist: Really fix OOB read when parsing DOCTYPEGravatar Nikias Bassen1-1/+1
2017-02-07xplist: unescape_entities(): Make sure text part buffer is null terminated ↵Gravatar Nikias Bassen1-0/+1
after strncpy
2017-02-07xplist: Fix OOB read when parsing DOCTYPEGravatar Nikias Bassen1-1/+1
2017-02-07xplist: Also fix OOB read in find_char() and find_str() functionsGravatar Nikias Bassen1-0/+8
2017-02-07xplist: Prevent OOB read in two more casesGravatar Nikias Bassen1-0/+10
2017-02-07xplist: Fix OOB read when parsing double quotesGravatar Nikias Bassen1-0/+4
2017-02-07xplist: Fix OOB read when parsing node text contentGravatar Nikias Bassen1-1/+1
2017-02-07xplist: Catch some more error conditionsGravatar Nikias Bassen1-34/+37
2017-02-06xplist: Prevent memory leaks when parsing failsGravatar Nikias Bassen1-37/+20
2017-01-03xplist: Refine XML parsing error messagesGravatar Nikias Bassen1-15/+18
2017-01-02xplist: Error out when invalid tags inside text nodes are encounteredGravatar Nikias Bassen1-2/+12
2017-01-02xplist: Make sure to error out when encountering empty/incomplete entitiesGravatar Nikias Bassen1-1/+5
2017-01-02xplist: Make sure to not parse for entities in empty stringsGravatar Nikias Bassen1-1/+1
2017-01-02xplist: Allow empty keys in dictionariesGravatar Nikias Bassen1-2/+2
2017-01-02xplist: Allow whitespace after name in closing tagGravatar Nikias Bassen1-2/+7
'</key >' is a perfectly valid closing tag and so is '</key >' (note the newline). This commit will make the parser skip any encountered whitespace before checking for the closing '>'.
2017-01-01xplist: Fix numerical character entity conversionGravatar Nikias Bassen1-2/+6
2016-12-21xplist: Fix UaF in code checking for closing tagGravatar Nikias Bassen1-2/+2
2016-12-21xplist: Make sure to correctly parse for closing tags of structured nodesGravatar Nikias Bassen1-7/+45
2016-12-21xplist: Make sure to stop parsing on entity errorsGravatar Nikias Bassen1-7/+11
2016-12-14xplist: Remove usage of strlen() wherever possibleGravatar Nikias Bassen1-45/+66
2016-12-14xplist: Improve text content parsing, reducing memory usage and unneeded copyingGravatar Nikias Bassen1-113/+318
2016-12-14Properly check for the availability of strptime() and make sure to use itGravatar Nikias Bassen1-1/+5
2016-11-28xplist: Fix parsing of adjacent nodes without whitespace between themGravatar Nikias Bassen1-2/+1
The context position counter was increased after encountering a closing node, e.g. '</dict>' or after a closing '</key>' node. When a node followed it directly without any whitespace inbetween, e.g. </dict><key>, parsing would fail since the parser would look at 'key>' instead of '<key>' for the next node to be parsed.
2016-11-13xplist: Don't parse XML reserved characters in CDATA blocksGravatar Nikias Bassen1-0/+1
2016-11-13xplist: Support converting numerical character entitiesGravatar Nikias Bassen1-3/+51
2016-11-13xplist: Don't escape " and ' characters in node_to_xmlGravatar Nikias Bassen1-10/+0
2016-11-13xplist: Properly parse CDATA blocks in get_text_content()Gravatar Nikias Bassen1-7/+23
2016-10-31xplist: Prevent UaF when parsing structured nodes failstime64Gravatar Filippo Bigarella1-0/+5
In case parsing inside `node_from_xml` called from line 842 fails, `data` gets freed by the call to `plist_free` at line 899, since `subnode` is actually created by making it point to `data` at line 684. This commit prevents this situation by bailing out whenever parsing in a deeper level of structured nodes fails.
2016-10-31xplist: Prevent heap buffer overflow when parsing empty tagsGravatar Filippo Bigarella1-1/+3
If `ctx->pos - p - 1` is greater than `taglen`, we end up writing outside the buffer pointed to by `tag`. This commit fixes it by checking the bounds of the heap buffer before writing.
2016-10-31xplist: Prevent NULL pointer dereference when parsing <real> nodesGravatar Filippo Bigarella1-0/+8
2016-10-22Remove libxml2 dependency in favor of custom XML parsingGravatar Nikias Bassen1-350/+652
2016-09-19Use time64 implementation by Michael G Schwern to extend allowed date/time rangeGravatar Nikias Bassen1-11/+17
The main benefit of this is to allow date/time values outside of the 32bit time_t range which is very important on 32bit platforms. But there are also some other issues that will be fixed with this, for example on macOS, mktime() will not work for dates < 1902 despite time_t being 64bit. In the same run this commit will also use a reentrant version of gmtime64_r that should help in multithreaded scenarios. Original code taken from: https://github.com/evalEmpire/y2038
2016-09-19Change internal storage of PLIST_DATE values from struct timeval to doubleGravatar Nikias Bassen1-4/+3
This removes the timeval union member from the plist_data_t structure. Since struct timeval is 2x64bit on 64bit platforms this member unnecessarily grew the union size to 16 bytes while a size of 8 bytes is sufficient. Also, on 32bit platforms struct timeval is only 2x32bit of size, limiting the range of possible time values. In addition the binary property list format also stores PLIST_DATE nodes as double.
2016-06-29xplist: Plug memory leak when converting PLIST_UID nodes to XMLGravatar Nikias Bassen1-0/+1
In node_to_xml nodes of type PLIST_UID are temporarily converted to a PLIST_DICT for an appropriate XML output. Therefore a PLIST_KEY and a PLIST_UINT node is created and inserted into the PLIST_DICT node. Upon completion, the child nodes of the PLIST_DICT node are detached from the original node and freed, however the data of the child nodes - the key string and the uint value - are not. This commit fixes it.
2016-04-20Move libxml cleanup code to a plist_cleanup methodGravatar Frederik Carlier1-17/+0
2015-11-13xplist: Get rid of setlocale() and use custom function to print floating ↵Gravatar Nikias Bassen1-14/+32
point values
2015-01-23xplist: Plug memory leak by cleaning up libxml2's parser after useGravatar Martin Szulecki1-0/+16
This is actually considered bad practice. However, it appears this memory leak is otherwise not possible to fix due to a design flaw in how libxml2 handles the lifecycle of it's XML parser. We'll let the community test this in production now and decide. In our tests this change had no drawbacks except fixing the last known memory leak in libplist.
2015-01-23Update and correct some copyright header commentsGravatar Martin Szulecki1-1/+3
2015-01-23xplist: Fix limited but possible XXE security vulnerability with XML plistsGravatar Martin Szulecki1-4/+16
By using a specifically crafted XML file an attacker could use plistutil to issue a GET request to an arbitrary URL or disclose a local file. The crafted XML file would be using a custom DTD with an external entity reference pointing to the file. Practical abuse is limited but let's still fix it nevertheless. Related to CVE-2013-0339 for libxml2 and CWE-827. Reported by Loïc Bénis from calypt.com. Thanks!
2014-10-03Avoid exporting non-public symbolsGravatar Nikias Bassen1-2/+2
2014-08-25Fixed memory leaks in new_xml_plist() and parse_real_node().Gravatar Aaron Burghardt1-3/+0